/**
* Помощник для отладки
*
* @version 1.0
* @author Ibragimov "MpaK" Renat <*****@*****.**>
* @copyright Copyright (c) 2009-2010, BESTWEB ltd. www.BESTWEB.ru
*/
function TextDump(&$Var, $Level = 0)
{
$out = '';
if (is_array($Var)) {
$Type = "Array[" . count($Var) . "]";
} else {
if (is_object($Var)) {
$Type = "Object";
} else {
$Type = "";
}
}
if ($Type) {
$out .= "{$Type}\n";
for (Reset($Var), $Level++; list($k, $v) = each($Var);) {
if (is_array($v) && $k === "GLOBALS") {
continue;
}
for ($i = 0; $i < $Level * 3; $i++) {
$out .= " ";
}
$out .= "<b>" . HtmlSpecialChars($k) . "</b> => " . TextDump($v, $Level);
}
} else {
$out .= '"' . HtmlSpecialChars($Var) . '"' . "\n";
}
return $out;
}
/**
* @author Melvil (https://github.com/Melvil)
**/
function dumpVar(&$Var, $Level = 0, $Var_s = null, $level_limit = 5)
{
$is_ob_ar = false;
$Type = gettype($Var);
if (is_array($Var))
{
$is_ob_ar = true;
$Type = 'Array[' . count($Var) . ']';
}
if (is_object($Var)) $is_ob_ar = true;
if ($Level == 0)
{
if ($Var_s) echo NL . '<br>' . NL . '<b><span style="color:#ff0000">' . $Var_s . ' = {</span></b>';
if ($is_ob_ar && count($Var)) echo '<pre>' . NL;
else echo NL . '<tt>';
$Level_zero = 0;
}
if ($is_ob_ar)
{
if ($Type == 'object') echo '<span style="color:#05a209">object of</span> <span style="color:#A03000">' . get_class($Var) . '</span>';
else echo '<span style="color:#05a209">' . $Type . '</span>';
if ($Level > $level_limit)
{
if ($level_limit > 1) echo '<b>...</b> LEVEL > 5<br>' . NL;
else echo NL;
return;
}
echo NL;
if ($Level == 0 || !is_object($Var))
for (Reset($Var), $Level++; list($k, $v)=each($Var);)
{
for ($i = 0; $i < $Level*3; $i++) echo ' ';
echo '<b>'.HtmlSpecialChars($k).'</b> => ';
// if (is_object($v) || ($k === 'GLOBALS' && is_array($v))) { echo "\n"; continue; }
if ($k === 'GLOBALS' && is_array($v)) { echo NL; continue; }
dumpVar($v, $Level, null, $level_limit);
}
}
else
{
$iss = is_string($Var);
if ($iss && strlen($Var)>400)
echo '('.$Type.') <span style="color:#35BBFA">strlen = '.strlen($Var).'</span>' . NL;
else {
echo '(' . $Type . ') ' . ($iss ? '"' : '') . '<span style="color:#0000FF">';
if ($Type == 'boolean') echo ($Var ? 'true' : 'false');
else echo HtmlSpecialChars($Var);
echo '</span>' . ($iss ? '"' : '') . NL;
}
}
if (isset($Level_zero))
{
if ($is_ob_ar && count($Var)) echo '</pre>'; else echo '</tt>';
if ($Var_s) echo '<b><span style="color:#ff0000">}</span></b><br>' . NL;
}
return true;
}
function OutputDebug($message)
{
$message .= "\n";
if ($this->html_debug) {
$message = str_replace("\n", "<br />\n", HtmlSpecialChars($message));
}
echo $message;
flush();
}
function Output($message)
{
global $html;
if ($html) {
echo nl2br(HtmlSpecialChars($message));
} else {
echo $message, "\n";
}
}
public function GoogleUser()
{
$client = new \Google_Client();
$client->setApplicationName(\SKT_GOOGLEOAUTH2_SETAPPLICATIONNAME);
// Visit https://code.google.com/apis/console?api=plus to generate your
// oauth2_client_id, oauth2_client_secret, and to register your oauth2_redirect_uri.
$client->setClientId(\SKT_GOOGLEOAUTH2_SETCLIENTID);
$client->setClientSecret(\SKT_GOOGLEOAUTH2_SETCLIENTSECRET);
$client->setRedirectUri(\SKT_GOOGLEOAUTH2_SETREDIRECTURI);
$client->setDeveloperKey(\SKT_GOOGLEOAUTH2_SETDEVELOPERKEY);
$oauth2 = new \Google_Oauth2Service($client);
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['token'] = $client->getAccessToken();
$redirect = \SITE_SERVER;
\CmsDev\Header\refresh::refreshNow(\filter_var($redirect, FILTER_SANITIZE_URL));
return;
}
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
if (isset($_REQUEST['logout']) or \THIS_URL_REAL === 'UserLogout') {
unset($_SESSION['token']);
$client->revokeToken();
}
if ($client->getAccessToken()) {
$user = $oauth2->userinfo->get();
// These fields are currently filtered through the PHP sanitize filters.
// See http://www.php.net/manual/en/filter.filters.sanitize.php
$this->family_name = filter_var($user['family_name'], \FILTER_SANITIZE_STRING);
$this->name = filter_var($user['name'], \FILTER_SANITIZE_STRING);
$this->locale = filter_var($user['locale'], \FILTER_SANITIZE_STRING);
$this->gender = filter_var($user['gender'], \FILTER_SANITIZE_STRING);
$this->email = filter_var($user['email'], \FILTER_SANITIZE_EMAIL);
$this->link = filter_var($user['link'], \FILTER_SANITIZE_URL);
$this->given_name = filter_var($user['given_name'], \FILTER_SANITIZE_STRING);
$this->id = filter_var($user['id'], \FILTER_SANITIZE_STRING);
$this->verified_email = filter_var($user['verified_email'], \FILTER_SANITIZE_STRING);
if (isset($user['picture']) && $user['picture'] != '') {
$this->picture = filter_var($user['picture'], \FILTER_VALIDATE_URL);
} else {
$this->picture = \SKT_ACCESS_AVATAR;
}
$this->ClientAuth = 'Google';
$_SESSION['token'] = $client->getAccessToken();
$this->createAuthUrl = $client->createAuthUrl();
$this->Info = array('family_name' => HtmlSpecialChars($this->family_name), 'name' => HtmlSpecialChars($this->name), 'locale' => $this->locale, 'gender' => $this->gender, 'email' => $this->email, 'link' => $this->link, 'given_name' => HtmlSpecialChars($this->given_name), 'id' => $this->id, 'verified_email' => $this->verified_email, 'picture' => $this->picture, 'ClientAuth' => $this->ClientAuth, 'createAuthUrl' => $this->createAuthUrl);
\CmsDev\Security\UserRegister::checkAction($this->Info);
return true;
} else {
$this->createAuthUrl = $client->createAuthUrl();
new \CmsDev\Url\refer();
return false;
}
}
function db_write($sql)
{
$result = mysql_query($sql);
if (!$result) {
echo "<hr /><pre>";
echo "ERROR: " . HtmlSpecialChars(mysql_error()) . "\n";
echo "SQL : " . HtmlSpecialChars($sql) . "\n";
echo "STACK: " . HtmlSpecialChars(db_trace()) . "\n";
echo "</pre><hr />\n";
}
return $result;
}
function test_table($show){
$uid = $GLOBALS['pageuids']++;
$num = count($show);
echo "<div id=\"tests-{$uid}-1\"><a href=\"#\" onclick=\"show('$uid'); return false;\" style=\"font-size: 12px;\">Show $num tests</a></div>\n";
echo "<div id=\"tests-{$uid}-2\" style=\"display: none;\"><a href=\"#\" onclick=\"hide('$uid'); return false;\" style=\"font-size: 12px\">Hide tests</a><br />\n";
echo "<table border=1>\n";
echo "<tr><th>ID</th><th>Address</th><th>Expected</th></tr>\n";
foreach ($show as $id){
$test = $GLOBALS['tests'][$id];
$address = $test['address'];
$address = wordwrap($address, 50, "{FORCEBREAK}", true);
$address = HtmlSpecialChars($address);
$address = str_replace(array("\r","\n"," ","\0"), array("&#13;","&#10;"," ","&#0;"), $address);
$address = str_replace('{FORCEBREAK}', "\n ", $address);
echo "<tr>";
echo "<td>$test[id]</td>";
echo "<td><small>".HtmlSpecialChars($address)."</small></td>";
if ($test['valid']){
if ($test['warning']){
echo "<td>Pass w/ Warning</td>";
}else{
echo "<td>Pass</td>";
}
}else{
echo "<td>Fail</td>";
}
echo "</td></tr>\n";
}
echo "</table>\n";
echo "</div>\n";
}
"><?php
echo HtmlSpecialChars($endpoint['docs_url']);
?>
</a> </li>
<?php
}
?>
<?php
foreach ($endpoint['example_urls'] as $example_url) {
?>
<li> Example: <a href="<?php
echo HtmlSpecialChars($example_url);
?>
"><?php
echo HtmlSpecialChars($example_url);
?>
</a> </li>
<?php
}
?>
<?php
foreach ($endpoint['notes'] as $note) {
?>
<li><?php
echo format_html($note);
?>
</li>
<?php
}
ob_start();
//testing show the raw email
//echo "Message: \n".$msg."\n";
//includes
require 'resources/pop3/mime_parser.php';
require 'resources/pop3/rfc822_addresses.php';
if (file_exists($_SERVER["PROJECT_ROOT"] . "/app/emails/email_translation.php")) {
require_once $_SERVER["PROJECT_ROOT"] . "/app/emails/email_translation.php";
}
//parse the email message
$mime = new mime_parser_class();
$mime->decode_bodies = 1;
$parameters = array('Data' => $msg);
$success = $mime->Decode($parameters, $decoded);
if (!$success) {
echo "MIME message decoding error: " . HtmlSpecialChars($mime->error) . "\n";
} else {
//get the headers
//print_r($decoded[0]);
$headers = json_decode($decoded[0]["Headers"]["x-headers:"], true);
$subject = $decoded[0]["Headers"]["subject:"];
$from = $decoded[0]["Headers"]["from:"];
$reply_to = $decoded[0]["Headers"]["reply-to:"];
$to = $decoded[0]["Headers"]["to:"];
$date = $decoded[0]["Headers"]["date:"];
//get the body
$body = '';
//$parts_array["Parts"][0]["Headers"]["content-type:"];
//get the body
$body = '';
$content_type = $decoded[0]['Headers']['content-type:'];
function testFetch($url)
{
$http = new http_class();
owa_coreAPI::debug('hello owa_http testfetch method');
/* Connection timeout */
$http->timeout = 0;
/* Data transfer timeout */
$http->data_timeout = 0;
/* Output debugging information about the progress of the connection */
$http->debug = 1;
$http->user_agent = owa_coreAPI::getSetting('base', 'owa_user_agent');
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->exclude_address = "";
$http->prefer_curl = 0;
$arguments = array();
$error = $http->GetRequestArguments($url, $arguments);
$error = $http->Open($arguments);
//for(;;)
// {
$error = $http->ReadReplyBody($body, 50000);
if ($error != "" || strlen($body) == 0) {
owa_coreAPI::debug(HtmlSpecialChars($body));
}
// }
}
function cff_autolink_do($text, $link_color, $sub, $limit, $tagfill, $auto_title, $span_tag, $force_prefix = null)
{
$text_l = StrToLower($text);
$cursor = 0;
$loop = 1;
$buffer = '';
while ($cursor < strlen($text) && $loop) {
$ok = 1;
$matched = preg_match($sub, $text_l, $m, PREG_OFFSET_CAPTURE, $cursor);
if (!$matched) {
$loop = 0;
$ok = 0;
} else {
$pos = $m[0][1];
$sub_len = strlen($m[0][0]);
$pre_hit = substr($text, $cursor, $pos - $cursor);
$hit = substr($text, $pos, $sub_len);
$pre = substr($text, 0, $pos);
$post = substr($text, $pos + $sub_len);
$fail_text = $pre_hit . $hit;
$fail_len = strlen($fail_text);
#
# substring found - first check to see if we're inside a link tag already...
#
$bits = preg_split("!</a>!i", $pre);
$last_bit = array_pop($bits);
if (preg_match("!<a\\s!i", $last_bit)) {
#echo "fail 1 at $cursor<br />\n";
$ok = 0;
$cursor += $fail_len;
$buffer .= $fail_text;
}
}
#
# looks like a nice spot to autolink from - check the pre
# to see if there was whitespace before this match
#
if ($ok) {
if ($pre) {
if (!preg_match('![\\s\\(\\[\\{>]$!s', $pre)) {
#echo "fail 2 at $cursor ($pre)<br />\n";
$ok = 0;
$cursor += $fail_len;
$buffer .= $fail_text;
}
}
}
#
# we want to autolink here - find the extent of the url
#
if ($ok) {
if (preg_match('/^([a-z0-9\\-\\.\\/\\-_%~!?=,:;&+*#@\\(\\)\\$]+)/i', $post, $matches)) {
$url = $hit . $matches[1];
$cursor += strlen($url) + strlen($pre_hit);
$buffer .= $pre_hit;
$url = html_entity_decode($url);
#
# remove trailing punctuation from url
#
while (preg_match('|[.,!;:?]$|', $url)) {
$url = substr($url, 0, strlen($url) - 1);
$cursor--;
}
foreach (array('()', '[]', '{}') as $pair) {
$o = substr($pair, 0, 1);
$c = substr($pair, 1, 1);
if (preg_match("!^(\\{$c}|^)[^\\{$o}]+\\{$c}\$!", $url)) {
$url = substr($url, 0, strlen($url) - 1);
$cursor--;
}
}
#
# nice-i-fy url here
#
$link_url = $url;
$display_url = $url;
if ($force_prefix) {
$link_url = $force_prefix . $link_url;
}
if ($GLOBALS['autolink_options']['strip_protocols']) {
if (preg_match('!^(http|https)://!i', $display_url, $m)) {
$display_url = substr($display_url, strlen($m[1]) + 3);
}
}
$display_url = cff_autolink_label($display_url, $limit);
#
# add the url
#
if ($display_url != $link_url && !preg_match('@title=@msi', $tagfill) && $auto_title) {
$display_quoted = preg_quote($display_url, '!');
if (!preg_match("!^(http|https)://{$display_quoted}\$!i", $link_url)) {
$tagfill .= ' title="' . $link_url . '"';
}
}
$link_url_enc = HtmlSpecialChars($link_url);
$display_url_enc = HtmlSpecialChars($display_url);
if (substr($link_url_enc, 0, 4) !== "http") {
$link_url_enc = 'http://' . $link_url_enc;
}
$buffer .= "<a href=\"{$link_url_enc}\">{$display_url_enc}</a>";
} else {
#echo "fail 3 at $cursor<br />\n";
$ok = 0;
$cursor += $fail_len;
$buffer .= $fail_text;
}
}
}
#
# add everything from the cursor to the end onto the buffer.
#
$buffer .= substr($text, $cursor);
return $buffer;
}
?>
<HTML>
<HEAD>
<TITLE>mnoGoSearch: <? echo HtmlSpecialChars(StripSlashes($query_orig)); ?></TITLE>
</HEAD>
<body BGCOLOR="#FFFFFF" LINK="#0050A0" VLINK="#0050A0" ALINK="#0050A0">
<center>
<FORM METHOD=GET ACTION="<? echo $self; ?>">
<table bgcolor=#eeeee0 border=0 width=100%>
<tr><td>
<BR>
<INPUT TYPE="hidden" NAME="ps" VALUE="10">
Search for: <INPUT TYPE="text" NAME="q" SIZE=50 VALUE="<? echo HtmlSpecialChars(StripSlashes($query_orig)); ?>">
<INPUT TYPE="submit" VALUE="Search!"><BR>
Results per page:
<SELECT NAME="ps">
<OPTION VALUE="10" <? if ($ps==10) echo 'SELECTED';?>>10
<OPTION VALUE="20" <? if ($ps==20) echo 'SELECTED';?>>20
<OPTION VALUE="50" <? if ($ps==50) echo 'SELECTED';?>>50
</SELECT>
Match:
<SELECT NAME="m">
<OPTION VALUE="all" <? if ($m=='all') echo 'SELECTED';?>>All
<OPTION VALUE="any" <? if ($m=='any') echo 'SELECTED';?>>Any
<OPTION VALUE="bool" <? if ($m=='bool') echo 'SELECTED';?>>Boolean
</SELECT>
/**
* close server connection and delete marked messages
*
* @return bool
* @author Elias Müller
**/
public function close()
{
if (($error = $this->server->Close()) == "") {
return true;
} else {
Error::addError("Fehler beim Trennen der Verbindung zum Mail-Server: " . HtmlSpecialChars($error), true);
return false;
}
}
function FormatCompleteValue($result)
{
return HtmlSpecialChars($result[0]);
}
for ($header_value = 0; $header_value < count($headers[$header_name]); $header_value++) {
echo $header_name . ": " . $headers[$header_name][$header_value], "\r\n";
}
} else {
echo $header_name . ": " . $headers[$header_name], "\r\n";
}
}
echo "</PRE>\n";
flush();
echo "<H2><LI>Response body:</LI</H2>\n<PRE>\n";
for (;;) {
$error = $http->ReadReplyBody($body, 1000);
if ($error != "" || strlen($body) == 0) {
break;
}
echo HtmlSpecialChars($body);
}
echo "</PRE>\n";
flush();
}
}
$http->Close();
}
if (strlen($error)) {
echo "<CENTER><H2>Error: ", $error, "</H2><CENTER>\n";
}
?>
</UL>
<HR>
</BODY>
</HTML>
<option value="w"<?php
if ($mode === 'w') {
echo ' selected';
}
?>
>Word</option>
<option value="l"<?php
if ($mode === 'l') {
echo ' selected';
}
?>
>Line</option>
</select></div>
<?php
if (isset($_POST['compare'])) {
$diff = new diff_class();
$difference = new stdClass();
$difference->mode = $mode;
$difference->patch = true;
$after_patch = new stdClass();
if ($diff->FormatDiffAsHtml($before, $after, $difference) && $diff->Patch($before, $difference->difference, $after_patch)) {
echo '<div>Difference</div><div class="frameResults">', $difference->html, '</div>';
echo '<div>Patch</div><div class="frameResults">', $after === $after_patch->after ? 'OK: The patched text matches the text after.' : 'There is a BUG: The patched text (<b>' . HtmlSpecialChars($after_patch->after) . '</b>) does not match the text after (<b>' . HtmlSpecialChars($after) . '</b>).', '</div>';
} else {
echo '<div>Error: ', HtmlSpecialChars($diff->error), '</div>';
}
}
?>
</form>
</body>
</html>
$DOM->AddChild('Head', $Script);
#-------------------------------------------------------------------------------
$Script = new Tag('SCRIPT', array('type' => 'text/javascript', 'src' => 'SRC:{Js/TicketFunctions.js}'));
#-------------------------------------------------------------------------------
$DOM->AddChild('Head', $Script);
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$DOM->AddAttribs('Body', array('onload' => "window.document.getElementById('Message').focus();"));
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$Comp = Comp_Load('Formats/Edesk/Number', $TicketID);
if (Is_Error($Comp)) {
return ERROR | @Trigger_Error(500);
}
#-------------------------------------------------------------------------------
$DOM->AddText('Title', HtmlSpecialChars(SPrintF('#%s | %s', $Comp, $Ticket['Theme'])));
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$Comp = Comp_Load('Form/Input', array('name' => 'TicketID', 'type' => 'hidden', 'value' => $Ticket['ID']));
if (Is_Error($Comp)) {
return ERROR | @Trigger_Error(500);
}
#-------------------------------------------------------------------------------
$Form = new Tag('FORM', array('name' => 'TicketReadForm', 'onsubmit' => 'return false;', 'OnKeyPress' => 'ctrlEnterEvent(event,true) && TicketAddMessage();'), $Comp);
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$MaxMessageID = DB_Select('EdesksMessagesOwners', 'MAX(`ID`) AS `MaxMessageID`', array('UNIQ', 'Where' => SPrintF('`EdeskID` = %u', $Ticket['ID'])));
#-------------------------------------------------------------------------------
switch (ValueOf($MaxMessageID)) {
case 'error':
return ERROR | @Trigger_Error(500);
echo "<PRE>", HtmlSpecialChars($body[$line]), "</PRE>\n";
}
echo "<PRE>---Message body ends above---</PRE>\n";
if (($error = $pop3->DeleteMessage(1)) == "") {
echo "<PRE>Marked message 1 for deletion.</PRE>\n";
if (($error = $pop3->ResetDeletedMessages()) == "") {
echo "<PRE>Resetted the list of messages to be deleted.</PRE>\n";
}
}
}
}
if ($error == "" && ($error = $pop3->Close()) == "") {
echo "<PRE>Disconnected from the POP3 server "" . $pop3->hostname . "".</PRE>\n";
}
} else {
$error = $result;
}
} else {
$error = $result;
}
}
}
}
if ($error != "") {
echo "<H2>Error: ", HtmlSpecialChars($error), "</H2>";
}
?>
</BODY>
</HTML>
function dumper($foo)
{
echo "<pre style=\"text-align: left;\">";
echo HtmlSpecialChars(var_export($foo, 1));
echo "</pre>\n";
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>EMoji HTML Test</title>
<link href="emoji.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table border="1">
<tr>
<th>Unified</th>
<th>Name</th>
<th>Unified Text</th>
<th>HTML</th>
</tr>
<?php
foreach (array(0x2600, 0x1f493, 0x1f502) as $unified) {
$bytes = "Hello " . emoji_utf8_bytes($unified) . " World";
echo "<tr>\n";
echo "<td>" . sprintf('U+%04X', $unified) . "</td>\n";
echo "<td>" . HtmlSpecialChars(emoji_get_name($unified)) . "</td>\n";
echo "<td>{$bytes}</td>\n";
echo "<td>" . emoji_unified_to_html($bytes) . "</td>\n";
echo "</tr>\n";
}
?>
</table>
</body>
</html>
case 5:
$timeo = 300;
break;
case 10:
$timeo = 600;
break;
default:
$timeo = 120;
break;
}
$time = $now + 600;
mysql_query("LOCK TABLES offers WRITE");
while (mysql_fetch_array(mysql_query("SELECT * FROM offers WHERE time=" . $time . ""))) {
$time++;
}
$comment = HtmlSpecialChars($comment);
mysql_query("INSERT INTO offers (`time`,`type`,`size_left`,`size_right`,`timeout`,`comment`, `blood`, `kulak`, `zone_width`, `zone_height`) VALUES (" . $time . ",1,1,1," . $timeo . ",'" . $comment . "'," . $blood . "," . $kulak . ",6,3)");
mysql_query("UNLOCK TABLES");
mysql_query("INSERT INTO participants (`time`,`id`,`side`,`base`,`hp`,`x`,`y`) VALUES (" . $time . "," . $stat['id'] . ",0," . $levels['base'] . "," . $stat['hp_now'] . ",1,1)");
}
echo "<script>parent.main.location=\"battle.php?tmp=\"+Math.random();\"\"</script>";
} elseif ($page == "take_it" && $offer) {
$shmot = mysql_fetch_array(mysql_query("select * from slots where id=" . $stat['id'] . ""));
$user_offer = mysql_fetch_array(mysql_query("SELECT offers.time FROM offers, participants WHERE offers.time>" . $now . " AND offers.done=0 AND participants.time=offers.time AND participants.id=" . $stat['id'] . ""));
if ($user_offer) {
$offer_str = "Для начала с одной заявкой разберись...";
} else {
$participants = mysql_query("SELECT * FROM participants WHERE participants.time=" . $offer . "");
switch (mysql_num_rows($participants)) {
case 1:
if ($stat['hp_now'] < ($stat['vitality'] * 5 + $stat['hp']) / 3) {
$message_file = 'pop3://' . $user . ':' . $password . '@localhost/' . $message . '?debug=' . $debug . '&html_debug=' . $html_debug . '&realm=' . $realm . '&workstation=' . $workstation . '&apop=' . $apop . '&authentication_mechanism=' . $authentication_mechanism;
/*
* Access Gmail POP account
*/
/*
$message_file='pop3://'.$user.':'.$password.'@pop.gmail.com:995/1?tls=1&debug=1&html_debug=1';
*/
$mime = new mime_parser_class();
/*
* Set to 0 for not decoding the message bodies
*/
$mime->decode_bodies = 1;
$parameters = array('File' => $message_file);
$success = $mime->Decode($parameters, $decoded);
if (!$success) {
echo '<h2>MIME message decoding error: ' . HtmlSpecialChars($mime->error) . "</h2>\n";
} else {
echo '<h2>MIME message decoding successful</h2>' . "\n";
echo '<h2>Message structure</h2>' . "\n";
echo '<pre>';
print_r($decoded[0]);
echo '</pre>';
if ($mime->Analyze($decoded[0], $results)) {
echo '<h2>Message analysis</h2>' . "\n";
echo '<pre>';
print_r($results);
echo '</pre>';
} else {
echo 'MIME message analyse error: ' . $mime->error . "\n";
}
}
function decode_num_entity($orig_type, $d)
{
if ($d < 0) {
$d = 32;
}
# treat control characters as spaces
#
# don't mess with high characters - what to replace them with is
# character-set independant, so we leave them as entities. besides,
# you can't use them to pass 'javascript:' etc (at present)
#
if ($d > 127) {
if ($orig_type == '%') {
return '%' . dechex($d);
}
if ($orig_type == '&') {
return "&#{$d};";
}
}
#
# we want to convert this escape sequence into a real character.
# we call HtmlSpecialChars() incase it's one of [<>"&]
#
return HtmlSpecialChars(chr($d));
}
$verify = array();
if ($form->WasSubmitted('doit')) {
if (($error_message = $form->Validate($verify)) == '') {
$doit = 1;
} else {
$doit = 0;
$error_message = HtmlEntities($error_message);
}
} else {
$error_message = '';
$doit = 0;
}
if (!$doit) {
$form->ConnectFormToInput('dependent', 'ONLOAD', 'Focus', array());
}
$onload = HtmlSpecialChars($form->PageLoad());
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test for Manuel Lemos' PHP form class for dependent validation</title>
<style type="text/css"><!--
.invalid { border-color: #ff0000; background-color: #ffcccc; }
// --></style>
</head>
<body onload="<?php
echo $onload;
?>
" bgcolor="#cccccc">
<center><h1>Test for Manuel Lemos' PHP form class for dependent validation</h1></center>
<hr />
function Output()
{
if (strlen($this->authorization_error) || strlen($this->access_token_error) || strlen($this->access_token)) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OAuth client result</title>
</head>
<body>
<h1>OAuth client result</h1>
<?php
if (strlen($this->authorization_error)) {
?>
<p>It was not possible to authorize the application.<?php
if ($this->debug) {
?>
<br>Authorization error: <?php
echo HtmlSpecialChars($this->authorization_error);
}
?>
</p>
<?php
} elseif (strlen($this->access_token_error)) {
?>
<p>It was not possible to use the application access token.
<?php
if ($this->debug) {
?>
<br>Error: <?php
echo HtmlSpecialChars($this->access_token_error);
}
?>
</p>
<?php
} elseif (strlen($this->access_token)) {
?>
<p>The application authorization was obtained successfully.
<?php
if ($this->debug) {
?>
<br>Access token: <?php
echo HtmlSpecialChars($this->access_token);
if (isset($this->access_token_secret)) {
?>
<br>Access token secret: <?php
echo HtmlSpecialChars($this->access_token_secret);
}
}
?>
</p>
<?php
if (strlen($this->access_token_expiry)) {
?>
<p>Access token expiry: <?php
echo $this->access_token_expiry;
?>
UTC</p>
<?php
}
}
?>
</body>
</html>
<?php
}
}
$message .= "<b>Новый пароль</b>: {$newpass}<br/><br/><br/><br/>";
$message .= "<b style='color:green'>С уважением. администрация WWW.MEYDAN.AZ.</b>";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=windows-1251' . "\r\n";
$headers .= 'From: WWW.MEYDAN.AZ <*****@*****.**>' . "\r\n";
if (mail($db["email"], $subject, $message, $headers)) {
$mess .= "<b style='color:#ff0000'>Внимание! Письмо с паролем будет отправлено на почту указанный в анкете в течении 5 минут.</b><br/>";
} else {
$mess .= "<b style='color:#ff0000'>Внимание! Не удалось отправить пароль на e-mail, указанный в анкете!</b><br/>";
}
$mess .= 'Новый пароль сохранен.';
}
}
if ($_POST['dochmail']) {
$old_mail = HtmlSpecialChars(addslashes(strtolower(trim($_POST['old_mail']))));
$new_mail = HtmlSpecialChars(addslashes(strtolower(trim($_POST['new_mail']))));
$ok = true;
if (trim($new_mail) == '') {
$ok = false;
$mess = 'Задан пустой почтовый адрес.';
}
if (!preg_match('#^[a-z0-9.!\\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\\s]+\\.+[a-z]{2,6}))$#si', $new_mail)) {
$ok = false;
$mess = "Ошибка. Неверно введен почтовый адрес.";
}
if ($old_mail != $db["email"]) {
$ok = false;
$mess = "Ошибка. Старый почтовый адрес указан неверно.";
}
if ($ok) {
$date = date("d.m.Y H:i");
function _db_query($sql, $cluster, $shard)
{
$cluster_key = _db_cluster_key($cluster, $shard);
if (!$GLOBALS['db_conns'][$cluster_key]) {
_db_connect($cluster, $shard);
}
$trace = _db_callstack();
$use_sql = _db_comment_query($sql, $trace);
$start = microtime_ms();
$result = @mysql_query($use_sql, $GLOBALS['db_conns'][$cluster_key]);
$end = microtime_ms();
$GLOBALS['timings']['db_queries_count']++;
$GLOBALS['timings']['db_queries_time'] += $end - $start;
log_notice('db', "DB-{$cluster_key}: {$sql} ({$trace})", $end - $start);
#
# profiling?
#
$profile = null;
if ($GLOBALS['cfg']['db_profiling']) {
$profile = array();
$p_result = @mysql_query("SHOW PROFILE ALL", $GLOBALS['db_conns'][$cluster_key]);
while ($p_row = mysql_fetch_array($p_result, MYSQL_ASSOC)) {
$profile[] = $p_row;
}
}
#
# build result
#
if (!$result) {
$error_msg = mysql_error($GLOBALS['db_conns'][$cluster_key]);
$error_code = mysql_errno($GLOBALS['db_conns'][$cluster_key]);
log_error("DB-{$cluster_key}: {$error_code} " . HtmlSpecialChars($error_msg));
$ret = array('ok' => 0, 'error' => $error_msg, 'error_code' => $error_code, 'sql' => $sql, 'cluster' => $cluster, 'shard' => $shard);
} else {
$ret = array('ok' => 1, 'result' => $result, 'sql' => $sql, 'cluster' => $cluster, 'shard' => $shard);
}
if ($profile) {
$ret['profile'] = $profile;
}
return $ret;
}
function ClassPageHead(&$form)
{
return '<script type="text/javascript" src="' . HtmlSpecialChars($this->javascript_path) . 'animation.js"></script>' . "\n";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Yahoo OAuth client results</title>
</head>
<body>
<?php
echo '<h1>', HtmlSpecialChars($user->query->results->profile->nickname), ' you have logged in successfully with Yahoo!</h1>';
echo '<pre>', HtmlSpecialChars(print_r($user, 1)), '</pre>';
?>
</body>
</html>
<?php
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OAuth client error</title>
</head>
<body>
<h1>OAuth client error</h1>
<p>Error: <?php
echo HtmlSpecialChars($client->error);
?>
</p>
</body>
</html>
<?php
}
function testAuthenticationSQLi($urlToCheck, $urlOfSite, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for Broken Authentication using SQL Injection...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting Broken Authentication SQLi test function on {$urlToCheck}");
$postUrl = $urlToCheck;
$postUrlPath = parse_url($postUrl, PHP_URL_PATH);
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($postUrl, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId);
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
//Array containing all form objects found
$arrayOfForms = array();
//Array containing all input fields
$arrayOfInputFields = array();
$log->lwrite("Searching {$postUrl} for forms");
$formNum = 1;
//Must use an integer to identify form as forms could have same names and ids
foreach ($html->find('form') as $form) {
isset($form->attr['id']) ? $formId = htmlspecialchars($form->attr['id']) : ($formId = '');
isset($form->attr['name']) ? $formName = htmlspecialchars($form->attr['name']) : ($formName = '');
isset($form->attr['method']) ? $formMethod = htmlspecialchars($form->attr['method']) : ($formMethod = 'get');
isset($form->attr['action']) ? $formAction = htmlspecialchars($form->attr['action']) : ($formAction = '');
$formMethod = strtolower($formMethod);
//If the action of the form is empty, set the action equal to everything
//after the URL that the user entered
if (empty($formAction)) {
$strLengthUrl = strlen($urlToCheck);
$strLengthSite = strlen($urlOfSite);
$firstIndexOfSlash = strpos($urlToCheck, '/', $strLengthSite - 1);
$formAction = substr($urlToCheck, $firstIndexOfSlash + 1, $strLengthUrl);
}
$log->lwrite("Found form on {$postUrl}: {$formId} {$formName} {$formMethod} {$formAction} {$formNum}");
$newForm = new Form($formId, $formName, $formMethod, $formAction, $formNum);
array_push($arrayOfForms, $newForm);
foreach ($form->find('input') as $input) {
isset($input->attr['id']) ? $inputId = htmlspecialchars($input->attr['id']) : ($inputId = '');
isset($input->attr['name']) ? $inputName = htmlspecialchars($input->attr['name']) : ($inputName = '');
isset($input->attr['value']) ? $inputValue = htmlspecialchars($input->attr['value']) : ($inputValue = '');
isset($input->attr['type']) ? $inputType = htmlspecialchars($input->attr['type']) : ($inputType = '');
$log->lwrite("Found input field on {$postUrl}: {$inputId} {$inputName} {$formId} {$formName} {$inputValue} {$inputType} {$formNum}");
$inputField = new InputField($inputId, $inputName, $formId, $formName, $inputValue, $inputType, $formNum);
array_push($arrayOfInputFields, $inputField);
}
$formNum++;
}
//At this stage, we should have captured all forms and their input fields into the appropriate arrays
//Begin testing each of the forms
//Defintion of all payloads used and warnings to examine for
//Payloads can be added to this
$arrayOfPayloads = array("1'or'1'='1", "1'or'1'='1';#");
//Check if the URL passed into this function displays the same webpage at different intervals
//If it does then attempt to login and if this URL displays a different page, the vulnerability is present
//e.g. a login page would always look different when you are and are not logged in
$log->lwrite("Checking if {$urlToCheck} displays the same page at different intervals");
$responseBodies = array();
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
for ($a = 0; $a < 3; $a++) {
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
if ($error == "") {
$number = $a + 1;
$log->lwrite("Sending HTTP request number {$number} to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
array_push($responseBodies, $body);
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: a= {$a} ", $error, "</H2>\n";
}
}
$pageChanges = true;
$bodyOfUrl = "";
if ($responseBodies[0] == $responseBodies[1] && $responseBodies[1] == $responseBodies[2]) {
$bodyOfUrl = $responseBodies[0];
$pageChanges = false;
}
$log->lwrite('Beginning testing of forms');
for ($i = 0; $i < sizeof($arrayOfForms); $i++) {
$currentForm = $arrayOfForms[$i];
$currentFormId = $currentForm->getId();
$currentFormName = $currentForm->getName();
$currentFormMethod = $currentForm->getMethod();
$currentFormAction = $currentForm->getAction();
$currentFormNum = $currentForm->getFormNum();
$arrayOfCurrentFormsInputs = array();
$log->lwrite("Beginning testing of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
for ($j = 0; $j < sizeof($arrayOfInputFields); $j++) {
$currentInput = $arrayOfInputFields[$j];
$currentInputIdOfForm = $currentInput->getIdOfForm();
$currentInputNameOfForm = $currentInput->getNameOfForm();
$currentInputFormNum = $currentInput->getFormNum();
if ($currentFormNum == $currentInputFormNum) {
array_push($arrayOfCurrentFormsInputs, $currentInput);
}
}
$log->lwrite("Beginning testing input fields of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
foreach ($arrayOfPayloads as $currentPayload) {
echo '<br>Size of current form inputs = ' . sizeof($arrayOfCurrentFormsInputs) . '<br>';
$arrayOfValues = array();
//Array of PostOrGetObject objects
for ($k = 0; $k < sizeof($arrayOfCurrentFormsInputs); $k++) {
$currentFormInput = $arrayOfCurrentFormsInputs[$k];
$currentFormInputName = $currentFormInput->getName();
$currentFormInputType = $currentFormInput->getType();
$currentFormInputValue = $currentFormInput->getValue();
if ($currentFormInputType != 'reset') {
$log->lwrite("Using payload: {$currentPayload}, to all input fields of form w/ action: {$currentFormAction}");
//Add current input and other inputs to array of post values and set their values
if ($currentFormInputType == 'text' || $currentFormInputType == 'password') {
$postObject = new PostOrGetObject($currentFormInputName, $currentPayload);
array_push($arrayOfValues, $postObject);
} else {
if ($currentFormInputType == 'checkbox' || $currentFormInputType == 'submit') {
$postObject = new PostOrGetObject($currentFormInputName, $currentFormInputValue);
array_push($arrayOfValues, $postObject);
} else {
if ($currentFormInputType == 'radio') {
$postObject = new PostOrGetObject($currentFormInputName, $currentFormInputValue);
//Check if a radio button in the radio group has already been added
$found = false;
for ($n = 0; $n < sizeof($arrayOfValues); $n++) {
if ($arrayOfValues[$n]->getName() == $postObject->getName()) {
$found = true;
break;
}
}
if (!$found) {
array_push($arrayOfValues, $postObject);
}
}
}
}
}
}
if ($currentFormMethod == 'get') {
//Build query string and submit it at end of URL
if ($urlOfSite[strlen($urlOfSite) - 1] == '/') {
$actionUrl = $urlOfSite . $currentFormAction;
} else {
$actionUrl = $urlOfSite . '/' . $currentFormAction;
}
$totalTestStr = '';
//Make a string to show the user how the vulnerability was tested for i.e. the data submitted to exploit the vulnerability
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
$actionUrl .= '?';
$actionUrl .= $totalTestStr;
$error = $http->GetRequestArguments($actionUrl, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$actionUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$actionUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$http->Close();
$vulnerabilityFound = checkIfVulnerabilityFound($urlToCheck, $pageChanges, $bodyOfUrl, $log, $currentPayload, $http);
if ($vulnerabilityFound) {
$totalTestStr = '';
//Make a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
//The echo's below are for testing the function on its own i.e. requesting this script with your browser
echo 'Broken Authentication Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>';
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
echo 'Error: Successfully Logged In with SQL injection';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'basqli' AND method = '{$currentFormMethod}' AND url = '" . addslashes($actionUrl) . "' AND attack_str = '" . addslashes($totalTestStr) . "'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'basqli', $currentFormMethod, addslashes($actionUrl), addslashes($totalTestStr));
}
}
break;
}
}
}
}
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
}
} else {
if ($currentFormMethod == 'post') {
//Build query string and submit it at end of URL
if ($urlOfSite[strlen($urlOfSite) - 1] == '/') {
$actionUrl = $urlOfSite . $currentFormAction;
} else {
$actionUrl = $urlOfSite . '/' . $currentFormAction;
}
$error = $http->GetRequestArguments($actionUrl, $arguments);
$arguments["RequestMethod"] = "POST";
$arguments["PostValues"] = array();
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$tempArray = array($currentPostValueName => $currentPostValueValue);
$arguments["PostValues"] = array_merge($arguments["PostValues"], $tempArray);
}
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$actionUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$actionUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$http->Close();
$vulnerabilityFound = checkIfVulnerabilityFound($urlToCheck, $pageChanges, $bodyOfUrl, $log, $currentPayload, $http);
if ($vulnerabilityFound) {
$totalTestStr = '';
//Compile a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
//The echo's below are for testing the function on its own i.e. requesting this script with your browser
echo 'Broken Authentication Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>';
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
echo 'Error: Successfully Logged In with SQL injection';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'basqli' AND method = '{$currentFormMethod}' AND url = '" . addslashes($actionUrl) . "' AND attack_str = '" . addslashes($totalTestStr) . "'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'basqli', $currentFormMethod, addslashes($actionUrl), addslashes($totalTestStr));
}
}
break;
}
}
}
}
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
}
}
}
}
}
}
