Пример #1
0
    // safe exit
}
if (isset($_GET['type']) && $_GET['type'] == "retrieve") {
    if (!isset($_GET['name'])) {
        die("404/Missing filename");
    }
    //if (!isset($_GET['uid']) || !is_number($_GET['uid'])) die("404/Invalid User ID");
    if (!preg_match("/\\?ak=(.+)/", $_SERVER['REQUEST_URI'], $ak)) {
        die("403/Invalid ak");
    }
    // These AKs are static, and should only be used for testing purposes
    $AcceptedAKs = array("053704");
    $ak = urldecode($ak[1]);
    if (!in_array($ak, $AcceptedAKs)) {
        // static ak failed, try to look off the request uri
        $s = XORDecrypt($ak);
        $x = explode("|", $s);
        $akname = $x[1];
        $oldtime = $x[0];
        $curtime = time();
        if ($curtime - $oldtime > 300) {
            die("403/old ak");
        }
        // <<<<<<<<<<<<,
        if ($akname != $_GET['name']) {
            die("403/ak tamper");
        }
    }
    $name = $_GET['name'];
    if (!file_exists("raw/{$name}")) {
        die("404/Invalid file");
Пример #2
0
    header("Location: StanfordAssassins.html{$tag}");
    exit;
}
if (isset($_GET['r'])) {
    $encrypt = $_GET['r'];
    $fail = false;
} else {
    $fail = 'empty';
}
// decrypt
if ($fail === false) {
    //header('Content-Type: text/plain; charset=utf-8');
    $HASH_SALT = "OH NO! The fight's out,I'ma 'bout to punch yo...lights out,Get the F**K back, guard ya grill,There's somethin' wrong, we can't stay still,I've been drankin' and bustin' two,and I been thankin' of bustin' you,Upside ya motherfuckin' forehead";
    $XOR_KEY = "Causin' confusion, Disturbin Tha Peace,It's not an illusion, we runnin the streets,So bye-bye to all you groupies and golddiggers,Is there a bumper on your ass? NO N***A!,I'm doin' a hundred on the highway,So if you do the speed limit, get the F**K outta my way,I'm D.U.I., hardly ever caught sober,and you about to get ran the F**K over";
    //echo 'Reply: ' . $encrypt . "\n";
    $messageSign = XORDecrypt($encrypt, $XOR_KEY);
    //echo 'MessageSign: ' . $messageSign . "\n";
    $sign = substr($messageSign, 0, 32);
    //echo 'Sign: ' . $sign . "\n";
    $message = substr($messageSign, 32);
    //echo 'Message: ' . $message . "\n";
    //echo 'M =?= S: ' . ((md5($message . $HASH_SALT) == $sign)?'True':'False') . "\n";
    if (md5($message . $HASH_SALT) != $sign) {
        $fail = 'bad sign';
    }
}
// check format
if ($fail === false) {
    $part = explode('|', $message);
    if (count($part) != 4) {
        $fail = 'bad count: ' . $message;