<?php
include 'inc/auth.php';
include 'inc/api.php';
include 'inc/aes.php';
if (!$auth) {
header("location: index.php");
}
$key = fnDecrypt($_SESSION['key'], "39ebb8b644e3de68e4801eaf9ba");
?>
<!DOCTYPE html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Wallet</title>
<link rel="stylesheet" href="css/960.css" type="text/css" media="screen" charset="utf-8" />
<link rel="stylesheet" href="css/template.css" type="text/css" media="screen" charset="utf-8" />
<link rel="stylesheet" href="css/colour.css" type="text/css" media="screen" charset="utf-8" />
<!--[if IE]><![if gte IE 6]><![endif]-->
<script src="js/glow/1.7.7/core/core.js" type="text/javascript"></script>
<script src="js/glow/1.7.7/widgets/widgets.js" type="text/javascript"></script>
<link href="js/glow/1.7.7/widgets/widgets.css" type="text/css" rel="stylesheet" />
<script type="text/javascript">
glow.ready(function(){
new glow.widgets.Sortable(
'#content .grid_5, #content .grid_6',
{
draggableOptions : {
handle : 'h2'
}
}
);
$chma_flag = 1;
if (!$chma) {
$chma_str = 'error_查無檢核碼!';
$chma_flag = 0;
}
if ($chma_flag && (!$ch_code || !$od_sob)) {
$chma_str = 'error_必要參數不足!';
$chma_flag = 0;
}
//解出驗證檢核
if ($chma_flag) {
$ch_code = str_replace('X12x38x', '=', $ch_code);
//因為=會切斷get資料
$ch_code = str_replace('_', '+', $ch_code);
$ch_code = str_replace(' ', '+', $ch_code);
$ch_code = fnDecrypt($ch_code, $chma, $ap_IV);
//解碼
$ch_codeRT = explode("***", $ch_code);
$ch_time = time() - $ch_codeRT[0];
if ($ch_time > 20) {
//20秒內有效
$chma_str = 'error_驗證檢核碼已經逾時!';
$chma_flag = 0;
}
}
if ($chma_flag && $ch_codeRT[1] != $od_sob) {
$chma_str = 'error_驗證檢核內容比對失敗!';
$chma_flag = 0;
}
if (!$chma_flag) {
@setlog($set_type, $client, $chma_str, $uip, $t1);
}
}
$od_sob = time() . '***' . $od_sob;
$od_sob = fnEncrypt($od_sob, $chma, $ap_IV);
//壓碼
$od_sob = str_replace('+', '_', $od_sob);
$od_sob = str_replace('=', 'X12x38x', $od_sob);
//因為=會切斷get資料
//$od_sob = urlencode($od_sob);
echo $od_sob;
exit;
//======================================================================
//下面是不運作的備註
echo '<br>';
$od_sob = str_replace(' ', '+', $od_sob);
$od_sob = fnDecrypt($od_sob, $chma, $ap_IV);
//解碼
echo $od_sob;
exit;
//============取值得範例
function GetCode_curl($url, $post)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
//curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
return $result;
} else {
if ($_GET['t'] == 4) {
echo CheckEmailAddress($_GET['EmailAddress']);
} else {
if ($_GET['t'] == 5) {
echo GetLatestFeed(json_decode($_GET['FeedBoard'], true));
//BY: added json_decode
} else {
if ($_GET['t'] == 6) {
for ($i = 0; $i < sizeof($addedTags); $i++) {
echo $addedTags[$i] . " ";
}
echo DBSavePost(-1, $_GET['pinned'], $_GET['bName'], $_GET['title'], $_GET['content'], $_GET['UserID'], $_GET['addedTags'], $_GET['deletedTags']);
} else {
if ($_GET['t'] == 7) {
echo EnableUser(fnDecrypt($_GET['c']));
} else {
if ($_GET['t'] == 8) {
if ($_GET['c'] == "signup") {
FacebookSignUp($_GET['url']);
} else {
if ($_GET['c'] == "login") {
FacebookLogin($_GET['url']);
}
}
} else {
if ($_GET['t'] == 9) {
echo FacebookUrl($_GET['c'], $_GET['url']);
// c = "login" or "signup"
} else {
if ($_GET['t'] == 'special') {
function authPxp($headersArray)
{
$_SESSION["_SESION"] = new CTSesion();
$_SESSION["_tipo_aute"] = 'REST';
$mensaje = '';
//listar usuario con Pxp-User del header
$objParam = new CTParametro('', null, null, '../../sis_seguridad/control/Usuario/listarUsuario');
$objParam->addParametro('usuario', $headersArray['Pxp-User']);
include_once dirname(__FILE__) . '/../../../sis_seguridad/modelo/MODUsuario.php';
$objFunSeguridad = new MODUsuario($objParam);
$res = $objFunSeguridad->listarUsuarioSeguridad($objParam);
if ($res->datos['contrasena'] == '') {
$mensaje = "El Usuario no esta registrado en el sistema";
}
//obtener la contrasena del usuario en md5
$md5Pass = $res->datos['contrasena'];
//creamos array de request
$reqArray = array();
if (!extension_loaded('mcrypt')) {
if ($mensaje == '') {
$mensaje = 'El modulo mcrypt no esta instalado en el servidor. No es posible utilizar REST en este momento';
}
}
if ($headersArray['Pxp-User'] == $headersArray['Php-Auth-User']) {
$auxArray = explode('$$', fnDecrypt($headersArray['Php-Auth-Pw'], $md5Pass));
$headers = false;
} else {
//desencriptar usuario y contrasena
$auxArray = explode('$$', fnDecrypt($headersArray['Php-Auth-User'], $md5Pass));
$headers = true;
}
if (count($auxArray) == 2 && ($auxArray[1] == $headersArray['Pxp-User'] || $auxArray[1] == $md5Pass)) {
$reqArray['usuario'] = $headersArray['Pxp-User'];
$reqArray['contrasena'] = $md5Pass;
$reqArray['_tipo'] = 'restAuten';
//autentificar usuario en sistema
//arma $JSON
$JSON = json_encode($reqArray);
$objParam = new CTParametro($JSON, null, null, '../../sis_seguridad/control/Auten/verificarCredenciales');
include_once dirname(__FILE__) . '/../../../sis_seguridad/control/ACTAuten.php';
//Instancia la clase dinamica para ejecutar la accion requerida
eval('$cad = new ACTAuten($objParam);');
eval('$cad->verificarCredenciales();');
} else {
if ($mensaje == '') {
$mensaje = "Contrasena invalida para el usuario : " . $headersArray['Pxp-User'];
}
}
if ($mensaje != '') {
$men = new Mensaje();
$men->setMensaje('ERROR', 'pxp/lib/rest/index.php Linea: 131', $mensaje, 'Codigo de error: AUTEN', 'control', '', '', 'OTRO', '');
//rac 21092011
$men->imprimirRespuesta($men->generarJson(), '401');
exit;
}
}
function UpdatePassword($token)
{
$tokens = split("~", fnDecrypt($token));
$email = $tokens[0];
$timestamp = $tokens[1];
$currentTime = getTime();
echo $currentTime . " " . $timestamp . " " . ($currentTime - $timestamp);
if ($currentTime - $timestamp > 86400) {
$result['ResultCode'] = 1;
$result['ResultMessage'] = "This link is expired.";
$_SESSION['ForgotPasswordToken'] = 0;
header('Location: ../forgot.php?q=expired');
} else {
$_SESSION['ForgotPasswordToken'] = 1;
$_SESSION['ForgottenEmail'] = $email;
header('Location: ../forgot.php');
}
}
exit;
}
}
//取出原單號卡號
$str_cdno = "select AES_DECRYPT(f6no,'{$key_str_ch}') as f6no,AES_DECRYPT(c5no,'{$key_str_ch}') as c5no,AES_DECRYPT(lsno,'{$key_str_ch}') as lsno from o_cdno where sr='{$pay_sr}' limit 1 ";
$res_cdno = mysql_query($str_cdno);
$N_cdno = @mysql_fetch_array($res_cdno);
$cardno = $N_cdno[f6no] . $N_cdno[c5no] . $N_cdno[lsno];
//取出原單號exdt & bgm
$str_bgm = "select * from o_bgm where sr='{$pay_sr}' limit 1 ";
$res_bgm = mysql_query($str_bgm);
$Nbgm = @mysql_fetch_array($res_bgm);
$Nbgm[exdt] = str_replace(' ', '+', $Nbgm[exdt]);
$Nbgm[bgm] = str_replace(' ', '+', $Nbgm[bgm]);
$expiry_date = fnDecrypt($Nbgm[exdt], $ap_KEY, $ap_IV);
$bgm = fnDecrypt($Nbgm[bgm], $ap_KEY, $ap_IV);
if (!$bgm || !$expiry_date || !$cardno) {
echo 'error_查無該交易的歷史資料!';
exit;
}
//===========幕後送出授權
//新格式不管位數,以*分隔 "https://credit.allpay.com.tw/g_ssl.php?*$client*[卡號]*[卡片到期日]*[背3碼]*[金額]*[分期期數]*[國旅0/1]*[國旅城市代碼]*[起程日期]*[迄程日期]*[訂單號碼]*Zaq12wSxcde34Rfv";
$postA = $do_url . "/g_ssl.php?";
$post = "*" . $client . '*' . $cardno . '*';
//1, 2 [商店代號, 卡號]
$post .= $expiry_date . '*';
//3 [卡號到期日] 4 數字 例: 200712 ==> 0712
$post .= $bgm . '*';
//4 [背3碼] 3 數字 卡片的背面末3碼
$post .= $amount . '*';
//5 [金額] 7 數字 不足靠右左補0, 以200為例:0000200
/**
* 由 dotNET 發動的 MID 審核結果狀態更新。
*
* @param string $sr <p> (Table[o_close].Column[sr])
* @param string $authsr <p> (Table[o_close].Column[authsr]
* @param string $act <p> (3: 審核完成)
* @param string $dt <p> fnEncrypt(sr=XXXX&authsr=XXXX&act=XXXX)
*/
set_time_limit(0);
include 'g_common.inc';
$databaseLink = mylink();
$szReturnMessage = '1|OK';
try {
$szEncryptData = $dt;
$szOriginalData = fnDecrypt($dt, $ap_KEY, $ap_IV);
parse_str($szOriginalData);
$szMid = $mid;
$szTid = $tid;
$szSid = $sid;
$szActionType = $act;
$szBank = $bank;
$isSuccess = !$succ ? false : true;
$dtmTransDate = $hohsn;
// 增加記錄
$arRecord = array("Title" => "dotNet 介面 銀行通知追縱 LOG (1) g_mid_dotNet_Feedback", "EncryptData" => $szEncryptData, "OriginalData" => $szOriginalData, "Result" => "Step 1 :更新審核完成前");
@write_log("g_mid_dotNet_Feedback", "Bank: " . $szBank, $arRecord);
if (!$szMid || !$szActionType || !$szBank) {
$szReturnMessage = '0|Arguments are not enough';
} else {
$szSQL = "SELECT * FROM mid_{$szBank} WHERE Status IN ('2', '3') AND MID = '{$szMid}' ";
<?php
include 'allpay_com.php';
include 'allpay_fn.php';
$CookieTOO_Sys = 'allpay.com.tw';
//==========================================================
if ($_GET['d'] == 'c') {
setcookie("gw_allpay_t", '', "0", "/", $CookieTOO_Sys);
echo 'Cookie已清除';
exit;
}
//==========================================================
//$sValue = "Field=EWpS7g178XZos9C63HeHg9nk1hohAmtslhyhWUzVddNGMfdwHzPZcSR7v8w65JHFguoilkqJYotb/SAgp4RNXA==";
//$sValue.= "&Data=+0BJXQ3pD9fvKQEm+/kgGTV2OXI+ZZCCGlWSCHbGSX+qjcSdEBndlH+aJxzo5LAAUMOnA/UPluAqL69cDG/STE7U/8Znv1ZhALA7xLXtfaoLyAlhQ/gT0I1+BAmHBcQ9X97eORX07YBkXW+DkMSOddDO7oYhjJ6yGJCqNpPTmi+X1szbJ99LYWmRBn1UNwbQUwY/uVYfwIKvJOxJrcuhjw==";
//setcookie("gw_allpay_t",$sValue,"0","/",$CookieTOO_Sys);
//echo $_COOKIE['gw_allpay_t']."<br>\n";
//echo '<br>';
parse_str($_COOKIE['gw_allpay_p']);
//$aaa = '1ZiNtaMLJC9ofyQLn+VoSD2lKieIhrxkJdZLzLiYfWSw/ALDN/yK7v384x5n4BtciqbqJQAKVp0G6/HB6T+kDMlJnpuu4L2lvCiBz6HJKFbcZlVBJp7AsT7VOoSkDbqH';
$Field = str_replace(' ', '+', $Field);
$Data = str_replace(' ', '+', $Data);
echo $Field . "<br>\n";
echo fnDecrypt($Field, $ck_KEY, $ck_IV) . "<br>\n";
echo '<br>';
echo $Data . "<br>\n";
echo UrlDecode(fnDecrypt($Data, $ck_KEY, $ck_IV)) . "<br>\n";
?>
<a href="000_allpay_cookie.php?d=c">清除cookie</a>
$cook = $_COOKIE["gauth"]; echo "gauth cookie: " . $cook; echo "<br />"; // echo "gauth cookie after base64decode: ".base64_decode($_COOKIE["gauth"]); // echo "<br />"; //$cook = base64_decode($_COOKIE["gauth"]); $cook = fnDecrypt($cook, $key); echo $cook; echo "<hr />"; echo "is it an array" . (is_array($cook) ? "true" : "false"); echo "<hr />"; $cook = json_decode($cook); var_dump($cook); echo "<hr />"; echo "is it an array" . (is_array($cook) ? "true" : "false"); echo "<hr />"; $msg = "my little secret"; $new_value = fnEncrypt($msg, $key); echo $new_value; echo "<br />"; echo fnDecrypt($new_value, $key); echo "<br />"; /* * Outputs: * * $ php crypt.php * ?8@??DX<;]I:"??0???@FԦc??m?ܠ??B'?ȫĵ?7}?????cJC?7??? * vi4XRU7Y93ogVMXuunUtmlYIqxlUHpLFa44Nuah8RJc= * my little secret * */
<!DOCTYPE html>
<head>
<?php
include 'inc/auth.php';
include 'inc/api.php';
include 'inc/aes.php';
if (!$auth) {
header("location: index.php");
}
$key = fnDecrypt($_SESSION['key'], "39ebb8b644e3de68e4801eaf9baf4bf24a1ffd25bb02dc0082b25d80f2676d29");
?>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>transactions</title>
<link rel="stylesheet" href="css/960.css" type="text/css" media="screen" charset="utf-8" />
<link rel="stylesheet" href="css/fluid.css" type="text/css" media="screen" charset="utf-8" />
<link rel="stylesheet" href="css/template.css" type="text/css" media="screen" charset="utf-8" />
<link rel="stylesheet" href="css/colour.css" type="text/css" media="screen" charset="utf-8" />
</head>
<body>
<h1 id="head">Wallet</h1>
<ul id="navigation">
<li><a href="wallet.php">Wallet</a></li>
<li><span class="active">Transactions</span></li>
<li><a href="logout.php">Logout</a></li>
</ul>
<div id="content" class="container_16 clearfix">
<div class="grid_16">
mysql_select_db("cloud", $con) or die('could not connect with database');
$id = $_POST['file'];
$sql = "select * from cloudpart0 where trans_id = \"{$id}\" ";
$result = mysql_query($sql, $con);
$results = mysql_fetch_array($result);
$content = $results['encfilecontent'];
$username = $_SESSION['password'];
$name = $results['filename'];
$type = $results['type'];
$size = $results['size'];
$con = mysql_connect("localhost", "root", "") or die('could not open database');
mysql_select_db("key_escrow", $con) or die('could not connect with database');
$sql = "select * from keys_db where trans_id = \"{$id}\" ";
$result = mysql_query($sql, $con);
$results = mysql_fetch_array($result);
$datakey = $results['datakey'];
$len = $results['len'];
$file = fnDecrypt($content, $username);
$file = fnDecrypt($file, $datakey);
$file = substr($file, 0, $len + 1);
$later = microtime();
$res = $later - $earlier;
$my_file = 'retrievetimes.txt';
$handle = fopen($my_file, 'a') or die('Cannot open file: ' . $my_file);
$data = "\nTime taken " . $res . " seconds,filesize " . $size . " KB";
fwrite($handle, $data);
fclose($handle);
header("Content-length: " . $size . "");
header("Content-type: " . $type . "");
header('Content-Disposition: attachment; filename="' . $name . '"');
echo $file;