function valid() { $echoStr = $_GET["echostr"]; if (checkSignature()) { echo $echoStr; exit; } }
/** * valid */ function valid() { if (checkSignature()) { if (isset($_GET["echostr"])) { $echoStr = $_GET["echostr"]; echo $echoStr; } return true; } else { return false; } }
<?php /** * index.php * @authors Pines Wong (pineswong@163.com) * @date 2015-08-06 22:10:51 * @version $Id$ */ // 引入函数 require './checkSignature.php'; // 获取数据 $signature = $_GET['signature']; $timestamp = $_GET['timestamp']; $nonce = $_GET['nonce']; $echostr = $_GET['echostr']; // 验证Token if (checkSignature($signature, $timestamp, $nonce)) { echo $echostr; }
//验证微信公众平台签名 function checkSignature() { $signature = $_GET['signature']; $nonce = $_GET['nonce']; $timestamp = $_GET['timestamp']; $tmpArr = array($nonce, $timestamp, TOKEN); sort($tmpArr); $tmpStr = implode($tmpArr); $tmpStr = sha1($tmpStr); if ($tmpStr == $signature) { return true; } return false; } if (false == checkSignature()) { exit(0); } //接入时验证接口 $echostr = $_GET['echostr']; if ($echostr) { echo $echostr; exit(0); } //获取POST数据 function getPostData() { $data = $GLOBALS['HTTP_RAW_POST_DATA']; return $data; } $PostData = getPostData();
function pay_uniteller_result($order, $param = array(), $callback_success = null) { $config = $this->config->uniteller ? $this->config->uniteller : new data(); if ($param) { $config->set($param); } $card = $this->view->basket()->pay_card($order); if (@(!$card)) { return false; } function checkSignature($Order_ID, $Status, $Signature, $password) { return $Signature == strtoupper(md5($Order_ID . $Status . $password)); } if (checkSignature($param["Order_ID"], $param["Status"], $param["Signature"], $config->password) && ($param['Status'] == 'authorized' || $param['Status'] == 'paid')) { if ($callback_success !== null) { $callback_success($card); } } exit; }
/** * * Notificatnion handler for configuration change * @param string $tab * @param string $subtab * @return string */ function signatureChange($tab = NULL, $subtab = NULL) { list($diff, $needs) = checkSignature(0); reconfigurePage($diff, $needs, 0); return $tab; }
define("APPID", "wxf178cc450765a73a"); define("APPSECRET", "d4624c36b6795d1d99dcf0547af5443d"); ini_set("display_errors", "Off"); header("Content-Type:text/html;charset=utf-8"); error_reporting(E_ERROR | E_WARNING | E_PARSE); date_default_timezone_get('Asia/Chongqing'); spl_autoload_register(function ($class) { if ($class) { $file = str_replace('\\', '/', $class); $file .= '.php'; if (file_exists($file)) { include $file; } } }); if (!empty($_GET['echostr']) && checkSignature()) { echo $_GET['echostr']; exit; } response(); function response() { $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; if (!empty($postStr)) { $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); //消息类型 $type = (string) $postObj->MsgType; error_log(json_encode($postObj), 3, "log.log"); /* * 若为语音消息,调用语音消息处理方法 */
$str = substr($utilityStream, $s, $e - $s) . ';'; eval($str); } } } $buttonlist = zp_apply_filter('admin_utilities_buttons', $buttonlist); foreach ($buttonlist as $key => $button) { if (zp_loggedin($button['rights'])) { if (!array_key_exists('category', $button)) { $buttonlist[$key]['category'] = gettext('Misc'); } } else { unset($buttonlist[$key]); } } list($diff, $needs, $found, $present) = checkSignature(0); if (zp_loggedin(ADMIN_RIGHTS) && $present && (zpFunctions::hasPrimaryScripts() || empty($needs))) { // button to restore setup files if needed if (empty($needs)) { ?> <div class="warningbox"> <h2><?php echo gettext('Your Setup scripts are not protected.'); ?> </h2> <?php if (zpFunctions::hasPrimaryScripts()) { echo gettext('The Setup environment is not totally secure, you should protect the scripts to thwart hackers. Use the <strong>Setup » protect scripts</strong> button in the <em>Admin</em> section of the <em>Utility functions</em>. '); } ?> </div>
} break; } } else { if (SYMLINK && @symlink(SERVERPATH . '/' . $target, $folder . $target)) { $msg[] = sprintf(gettext('<code>%s</code> Link created.'), $target) . "<br />\n"; } else { $msg[] = sprintf(gettext('<code>%s</code> Link creation failed.'), $target) . "<br />\n"; $success = false; } } } } if ($success) { array_unshift($msg, '<h2>' . sprintf(gettext('Successful clone to %s'), $folder) . '</h2>' . "\n"); list($diff, $needs) = checkSignature(false); if (empty($needs)) { if (WEBPATH) { $rootpath = str_replace(WEBPATH, '/', SERVERPATH); $urlpath = str_replace(WEBPATH, '/', FULLWEBPATH); } else { $rootpath = SERVERPATH . '/'; $urlpath = FULLWEBPATH . '/'; } if (substr($folder, 0, strlen($rootpath)) == $rootpath) { $msg[] = '<p><span class="buttons"><a href="' . $urlpath . $newinstall . ZENFOLDER . '/setup/index.php?autorun">' . gettext('setup the new install') . '</a></span><br class="clearall" /></p>' . "\n"; } } else { $reinstall = '<p>' . sprintf(gettext('Before running setup for <code>%1$s</code> please reinstall the following setup files from the %2$s [%3$s] to this installation:'), $newinstall, ZENPHOTO_VERSION, ZENPHOTO_RELEASE) . "\n" . '<ul>' . "\n"; if (!empty($needs)) { foreach ($needs as $script) {
<?php //error_log('token验证:'.print_R($GLOBALS,true),3,dirname(__FILE__).'/pay.log'); require_once 'LogUtil.php'; include 'globleconfig.php'; $logFile = dirname(__FILE__) . '/pay.log'; $token = localToken(); LogUtil::logs(time() . " index.php =====> " . $token, $logFile); $echostr = $_GET["echostr"]; $signature = $_GET["signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; LogUtil::logs(time() . " index.php =====> " . $echostr, $logFile); if (!empty($_GET) && checkSignature($signature, $timestamp, $nonce)) { if ($echostr) { echo $echostr; exit; } } $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; if (!empty($postStr)) { dopost($postStr); } else { echo ""; } function dopost($postXml) { $postArray = xml2array($postXml); $postData = $postArray['xml']; error_log('token验证:' . print_R($postData, true), 3, dirname(__FILE__) . '/pay.log'); switch ($postData['MsgType']) {
<?php require_once dirname(__FILE__) . '/admin-globals.php'; require_once dirname(__FILE__) . '/reconfigure.php'; list($diff, $needs) = checkSignature(isset($_GET['xsrfToken']) && $_GET['xsrfToken'] == getXSRFToken('setup')); if (empty($needs)) { header('Location: setup/index.php'); } else { header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Content-Type: text/html; charset=utf-8'); ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?> /admin.css" type="text/css" /> <?php reconfigureCS(); ?> </head> <body> <div id="main"> <div id="content"> <div class="tabbox"> <p> <?php if (zpFunctions::hasPrimaryScripts()) { chdir(dirname(__FILE__) . '/setup/');
global $confUniteller; $password = $confUniteller['PASSWORD']; // проверка подлинности подписи и данных return $Signature == strtoupper(md5($Order_ID . $Status . $password)); } /* * Ну а дальше все по доке, колбасим данные для нашей транзакции */ // Пришел callback с параметрами Order_ID, Status, Signature if (count($_POST) && isset($_POST["Order_ID"]) && isset($_POST["Status"]) && isset($_POST["Signature"])) { //debug log writer if ($confUniteller['DEBUG_MODE']) { file_put_contents("postdata.log", print_r($_POST, true), FILE_APPEND); } // проверка подписи if (checkSignature($_POST["Order_ID"], $_POST["Status"], $_POST["Signature"])) { // подпись сошлась $raw_order = $_POST['Order_ID']; $order = explode('|', $raw_order); if (sizeof($order) == 4) { $hash = $raw_order; $summ = $order[2]; $customerid = $order[1]; $paysys = 'UNITELLER'; $note = 'order:' . $_POST["Order_ID"] . ' status:' . $_POST["Status"] . ' sig:' . $_POST["Signature"]; //регистрируем новую транзакцию op_TransactionAdd($hash, $summ, $customerid, $paysys, $note); //вызываем обработчики необработанных транзакций op_ProcessHandlers(); //все, господа хорошие - транзакция заколбашена die('TRANSACTION:DONE');
@chmod($folder . $target, FILE_MOD); break; } } else { if (SYMLINK && @symlink(SERVERPATH . '/' . $target, $folder . $target)) { $msg[] = sprintf(gettext('<code>%s</code> Link created.'), $target) . "<br />\n"; } else { $msg[] = sprintf(gettext('<code>%s</code> Link creation failed.'), $target) . "<br />\n"; $success = false; } } } } if ($success) { array_unshift($msg, '<h2>' . sprintf(gettext('Successful clone to %s'), $folder) . '</h2>' . "\n"); list($diff, $needs) = checkSignature(4); if (empty($needs)) { $rslt = query_single_row('SELECT * FROM ' . prefix('plugin_storage') . ' WHERE `type`="clone" AND `aux`=' . db_quote(rtrim($folder, '/'))); if (empty($rslt)) { query('INSERT INTO ' . prefix('plugin_storage') . '(`type`,`aux`,`data`) VALUES("clone",' . db_quote(rtrim($folder, '/')) . ',' . db_quote(trim($newinstall, '/')) . ')'); } $cloneid = bin2hex(rtrim($newinstall, '/')); $_SESSION['clone'][$cloneid] = array('link' => $newinstall, 'UTF8_image_URI' => UTF8_IMAGE_URI, 'mod_rewrite' => MOD_REWRITE, 'hash' => HASH_SEED, 'strong_hash' => getOption('strong_hash')); $_SESSION['admin'][$cloneid] = serialize($_zp_current_admin_obj); $msg[] = '<p><span class="buttons"><a href="' . $newinstall . ZENFOLDER . '/setup/index.php?autorun" target=_newtab">' . gettext('setup the new install') . '</a></span><br class="clearall" /></p>' . "\n"; } else { $reinstall = '<p>' . sprintf(gettext('Before running setup for <code>%1$s</code> please reinstall the following setup files from the %2$s to this installation:'), $newinstall, ZENPHOTO_VERSION) . "\n" . '<ul>' . "\n"; if (!empty($needs)) { foreach ($needs as $script) { $reinstall .= '<li>' . ZENFOLDER . '/setup/' . $script . '</li>' . "\n"; }
function site_upgrade_button($buttons) { global $_zp_conf_vars, $_site_filelist; $state = @$_zp_conf_vars['site_upgrade_state']; $hash = ''; foreach ($_site_filelist as $name => $source) { if (file_exists(SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/site_upgrade/' . $name)) { $hash .= md5(file_get_contents(SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/site_upgrade/' . $name)); } } if ($hash !== getOption('site_upgrade_hash')) { $buttons[] = array('XSRFTag' => 'site_upgrade_refresh', 'category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Restore site_upgrade files'), 'formname' => 'refreshHTML', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/admin.php', 'icon' => 'images/refresh.png', 'title' => gettext('Restores the files in the "plugins/site_upgrade" folder to their default state. Note: this will overwrite any custom edits you may have made.'), 'alt' => '', 'hidden' => '<input type="hidden" name="refreshHTML" value="1" />', 'rights' => ADMIN_RIGHTS); } switch ($state) { case 'closed': $buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => 2, 'button_text' => gettext('Site » test mode'), 'formname' => 'site_upgrade', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock_open.png', 'title' => gettext('Make the site available for viewing administrators only.'), 'onclick' => "\$('#site_upgrade_form').dirtyForms('setClean');this.form.submit();", 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="closed_for_test" />', 'rights' => ADMIN_RIGHTS); break; case 'closed_for_test': $buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => 2, 'button_text' => gettext('Site » open'), 'formname' => 'site_upgrade', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock.png', 'title' => gettext('Make site available for viewing.'), 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="open" />', 'rights' => ADMIN_RIGHTS); list($diff, $needs) = checkSignature(0); if (zpFunctions::hasPrimaryScripts() && empty($needs)) { ?> <script type="text/javascript"> window.addEventListener('load', function () { $('#site_upgrade').submit(function () { return confirm('<?php echo gettext('Your setup scripts are not protected!'); ?> '); }) }, false); </script> <?php } break; default: $buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Site » close'), 'formname' => 'site_upgrade.php', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock.png', 'title' => gettext('Make site unavailable for viewing by redirecting to the "closed.html" page.'), 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="closed" />', 'rights' => ADMIN_RIGHTS); break; } return $buttons; }
<?php function checkSignature() { $signature = $_GET["signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $token = 'jhy'; $tmpArr = array($token, $timestamp, $nonce); sort($tmpArr, SORT_STRING); $tmpStr = implode($tmpArr); $tmpStr = sha1($tmpStr); if ($tmpStr == $signature) { return true; } else { return false; } } if (true == checkSignature()) { echo $_GET["echostr"]; }
$nonce = $_GET['nonce']; $tmpArr = array(TOKEN, $timestamp, $nonce); sort($tmpArr, SORT_STRING); $tmpStr = implode($tmpArr); $tmpStr = sha1($tmpStr); global $f; fwrite($f, print_r($_GET, 1)); fwrite($f, "\n"); fwrite($f, $tmpStr . "\n" . $signature . "\n"); if ($tmpStr == $signature) { return true; } else { return false; } } if (checkSignature()) { if ($_GET['echostr']) { echo $_GET['echostr']; exit; } } else { $ip = getIp(); interfaceLog(ERROR, EC_OTHER, "malicious:" . $ip); exit(0); } interfaceLog(INFO, EC_OK, "response info"); function getWeChatObject() { return new WeChatCallBackTest(); } function exitErrorInput()
/** * link to setup * * @author Stephen Billard (sbillard) * * @package admin */ define('OFFSET_PATH', 1); require_once dirname(__FILE__) . '/admin-globals.php'; require_once dirname(__FILE__) . '/reconfigure.php'; if (isset($_GET['xsrfToken']) && $_GET['xsrfToken'] == getXSRFToken('setup')) { $must = 5; } else { $must = 0; } list($diff, $needs, $found) = checkSignature($must); if (empty($needs)) { header('Location: setup/index.php'); } else { header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Content-Type: text/html; charset=utf-8'); ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?> /admin.css" type="text/css" /> <?php
<?php require_once "system-db.php"; require_once 'despatchreportlib.php'; start_db(); require_once 'signature.php'; checkSignature(); require_once "system-header.php"; addSignatureForm(); ?> <script> $(document).ready( function() { $('.sigPad').signaturePad(); } ); function sign(pk) { $("#signatureid").val(pk); $(".sigPad").fadeIn(); } </script> <table width='100%'> <tr valign=top> <?php if (!isUserInRole("ADMIN")) { ?> <td style='border: 1px solid #CCCCCC; padding: 10px'> <h4>Awaiting Signature</h4> <table width='400px' class='grid view'> <thead>