function get_ip_location($ip)
{
global $lang_functions;
global $Cache;
if (!($ret = $Cache->get_value('location_list'))) {
$ret = array();
$res = sql_query("SELECT * FROM locations") or sqlerr(__FILE__, __LINE__);
while ($row = mysql_fetch_array($res)) {
$ret[] = $row;
}
$Cache->cache_value('location_list', $ret, 152800);
}
$location = array(convertip($ip), "");
foreach ($ret as $arr) {
if (in_ip_range(false, $ip, $arr["start_ip"], $arr["end_ip"])) {
$location = array($arr["name"], $lang_functions['text_user_ip'] . ": " . $ip . ($arr["location_main"] != "" ? " " . $lang_functions['text_location_main'] . ": " . $arr["location_main"] : "") . ($arr["location_sub"] != "" ? " " . $lang_functions['text_location_sub'] . ": " . $arr["location_sub"] : "") . " " . $lang_functions['text_ip_range'] . ": " . $arr["start_ip"] . " ~ " . $arr["end_ip"]);
break;
}
}
return $location;
}
\t\tlocation.href = redirect_url;
//\t\tjQuery('<form action="/test/index.php" method="POST">' + '<input type="hidden" name="user" value="' + ed_un + '">' + + '<input type="hidden" name="passw" value="' + ed_pw + '">' + '</form>').submit();
\t});
EOD;
echo $js;
} else {
// perhaps domain reverse lookup failed so we'll check IP address ranges too
$passed = FALSE;
$sql = "select * from eyedock_autologin where beginIP != ''";
$query_result = mysql_query($sql) or die(mysql_error());
if ($query_result) {
while ($row = mysql_fetch_assoc($query_result)) {
if (trim($row['endIP']) != '') {
$passed = in_ip_range($row['beginIP'], $row['endIP']);
} else {
$passed = in_ip_range($row['beginIP']);
}
}
}
if ($passed) {
// remote host is in allowed domains so we deliver payload JS
$js = <<<EOD
// hello 2
// when page is loaded set login
jQuery(document).ready(function(){
\t\tvar ed_un = 'SpecialCmnMilEdu';
\t\tvar ed_pw = 'wP8n#xc0xre';
\t\tjQuery("#username").val(ed_un);
\t\tjQuery("#password").val(ed_pw);
\t\tjQuery("form:first").submit();
\t});
function sendemail()
{
function in_ip_range($ip_one, $ip_two = false)
{
if ($ip_two === false) {
if ($ip_one == $_SERVER['REMOTE_ADDR']) {
$ip = true;
} else {
$ip = false;
}
} else {
if (ip2long($ip_one) <= ip2long($_SERVER['REMOTE_ADDR']) && ip2long($ip_two) >= ip2long($_SERVER['REMOTE_ADDR'])) {
$ip = true;
} else {
$ip = false;
}
}
return $ip;
}
$app = JFactory::getApplication();
$jinput = $app->input;
$model = $this->getModel();
// check if website uses CloudFlare and set IP
if (in_ip_range('204.93.240.0', '204.93.240.255') || in_ip_range('204.93.177.0', '204.93.177.255') || in_ip_range('199.27.128.0', '199.27.135.255') || in_ip_range('173.245.48.0', '173.245.63.255') || in_ip_range('103.22.200.0', '103.22.203.255') || in_ip_range('141.101.64.0', '141.101.127.255') || in_ip_range('108.162.192.0', '108.162.255.255') || in_ip_range('190.93.240.0', '190.93.255.255')) {
$site_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} else {
$site_ip = $_SERVER['REMOTE_ADDR'];
}
// get the parameters
$params = JComponentHelper::getParams('com_alfcontact');
$redirect_option = $params->get('redirect_option', 1);
$redirect_url = $params->get('custom_header', '');
$verbose = $params->get('verbose', 1);
$html = $params->get('mailformat', 1);
$site = $params->get('fromsite', 0);
$sitename = $app->get('fromname');
$siteaddress = $app->get('mailfrom');
if ($html) {
$sep = "<BR>";
$line = "<HR>";
} else {
$sep = PHP_EOL;
$line = PHP_EOL . '-------------------------------------------------------------------------------' . PHP_EOL;
}
//Variable ophalen die verstuurd zijn via URL
$name = $jinput->getString('name', '', 'post');
$email = $jinput->getString('email', '', 'post');
$emailto_id = $jinput->getInt('emailto_id', 99);
$subject = $jinput->getString('subject', '', 'post');
$message = $jinput->getString('message', '', 'post');
$copy = $jinput->getBool('copy', 0);
$extravalues = $jinput->getString('extravalues', '', 'post');
//Store form data in the session
$app->setUserState('com_alfcontact.name', $name);
$app->setUserState('com_alfcontact.email', $email);
$app->setUserState('com_alfcontact.emailto_id', $emailto_id);
$app->setUserState('com_alfcontact.subject', $subject);
$app->setUserState('com_alfcontact.message', $message);
$app->setUserState('com_alfcontact.copy', $copy);
//check the security measures
if (!$model->CheckCaptcha()) {
JError::raiseWarning("0", JText::_('COM_ALFCONTACT_WRONG_CAPTCHA'));
$this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false));
return false;
}
// field validation - we trim the input to prevent whitespace-only values
if (!trim($name)) {
JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_NAME'));
$this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false));
return false;
}
if (!preg_match('/^[a-zA-Z0-9._-]+(\\+[a-zA-Z0-9._-]+)*@([a-zA-Z0-9.-]+\\.)+[a-zA-Z0-9.-]{2,4}$/', $email)) {
JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_EMAIL'));
$this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false));
return false;
}
if (!trim($subject)) {
JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_SUBJECT'));
$this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false));
return false;
}
if (!trim($message)) {
JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_MESSAGE'));
$this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false));
return false;
}
//get email address coresponding to ID number
if ($emailto_id == '99') {
$emailto = $siteaddress;
} else {
$db = JFactory::getDBO();
$query = "SELECT * FROM #__alfcontact WHERE id =" . (int) $emailto_id;
$db->setQuery($query);
$rows = $db->loadObjectList();
$emailto = $rows[0]->email;
$bcc = $rows[0]->bcc;
$prefix = $rows[0]->prefix;
$optfields = $rows[0]->extra;
//Adding prefix to subject
$subject = $prefix . ' ' . $subject;
}
//Split multiple email addresses into an array
$recipients = explode("\n", $emailto);
//Split multiple bcc addresses into an array
$bccs = explode("\n", $bcc);
// Add information from the extra fields if applicable
$fields_array = explode("\r\n", $optfields);
$values_array = explode('#', $extravalues);
unset($values_array[0]);
$extra_array = array_combine($fields_array, $values_array);
if (count($extra_array) > 0) {
$extramsg = '';
foreach ($extra_array as $key => $value) {
$extramsg = $extramsg . $key . ' ' . $value . $line;
}
$message = $extramsg . $sep . $message;
}
// send copy if requested
if ($copy) {
$copySubject = JText::_('COM_ALFCONTACT_COPYOFMESSAGE') . ' ' . $sitename;
$mail = JFactory::getMailer();
$mail->addRecipient($email);
$mail->setSender($siteaddress, $sitename);
$mail->setSubject($copySubject);
$mail->setBody($message);
if ($html) {
$mail->IsHTML(True);
//$mail->setBody(nl2br($message));
}
$sent = $mail->Send();
}
//Add an infomation banner to the top of the contacts message.
if ($verbose) {
$header = JText::_('COM_ALFCONTACT_DETAILS_HEADER') . $sep;
$header = $header . $line;
$header = $header . JText::_('COM_ALFCONTACT_DETAILS_NAME') . " " . $name . $sep;
$header = $header . JText::_('COM_ALFCONTACT_DETAILS_EMAIL') . " " . $email . $sep;
$header = $header . JText::_('COM_ALFCONTACT_DETAILS_IP') . " " . $site_ip . $sep;
$header = $header . JText::_('COM_ALFCONTACT_DETAILS_BROWSER') . " " . $_SERVER['HTTP_USER_AGENT'] . $sep;
$header = $header . $line;
$message = $header . $message;
}
//send mail
$mail = JFactory::getMailer();
foreach ($recipients as $value) {
$mail->addRecipient($value);
}
foreach ($bccs as $value) {
$mail->addBCC($value);
}
if ($site) {
$mail->setSender($siteaddress, $name);
} else {
$mail->setSender($email, $name);
}
$mail->setSubject($subject);
$mail->setBody($message);
$mail->addReplyTo($email, $name);
if ($html) {
$mail->IsHTML(True);
//$mail->setBody($message);
//$mail->setBody(nl2br($message));
}
$sent = $mail->Send();
//Clear session variables
$app->setUserState('com_alfcontact.name', null);
$app->setUserState('com_alfcontact.email', null);
$app->setUserState('com_alfcontact.emailto_id', null);
$app->setUserState('com_alfcontact.subject', null);
$app->setUserState('com_alfcontact.message', null);
$app->setUserState('com_alfcontact.copy', null);
//redirect
switch ($redirect_option) {
case 2:
$this->setRedirect(JURI::current());
break;
case 3:
$this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=response'));
break;
case 4:
$this->setRedirect($redirect_url);
break;
default:
$this->setRedirect(JRoute::_(JURI::root()));
break;
}
}
function check_passwd($area, $password)
{
if (!isset($_SESSION["settings"]["passwd_list.txt"])) {
echo "Fehler: Passwortdatei ist nicht gesetzt. Bitte überprüfen Sie die Konfiguration";
return false;
}
$filename = "../" . $_SESSION["settings"]["passwd_list.txt"];
if (!file_exists($filename)) {
echo "Fehler: Die angegebene Passwortdatei '{$filename}' existiert nicht. Bitte überprüfen Sie die Konfiguration";
return false;
}
$maxRows = 100;
$fp = fopen("{$filename}", "r");
$counter = 0;
while (($row = fgetcsv($fp, 999, ";")) && $counter < $maxRows) {
if (sizeof($row) >= 2) {
$entry_area = trim($row[0]);
$entry_unblocking_mode = trim($row[1]);
$entry_pwd = trim($row[2]);
//Grober Check ob überhaupt Daten in den Spalten stehen
if (strlen($entry_area) > 2 and strlen($entry_unblocking_mode) > 2 and strlen($entry_pwd) > 2) {
//Prüfen ob es (k)ein Kommentar ist
if ($entry_area[0] != "#") {
//Prüfe ob passende Zeile gefunden wurde
if ($entry_area == $area) {
if (strtolower($entry_unblocking_mode) == "ipv4") {
$iprange = trim($row[2]);
if (in_ip_range($iprange)) {
//Übereinstimmung gefunden
return true;
}
} else {
if ($password !== false) {
if (strtolower($entry_unblocking_mode) == "plain") {
if ($entry_pwd == $password) {
return true;
}
} else {
//Prüfen ob der Hashwert gebildet werden kann
if (!($password_hash = hash($entry_unblocking_mode, $password))) {
echo "Hashalgorithmus '{$entry_unblocking_mode}' wird nicht unterstützt";
}
//Passwort Übereinstimmung prüfen
if ($password_hash == $entry_pwd) {
return true;
}
}
}
}
}
}
}
}
}
return false;
}
