$l[$i] = ord($s[$i * 4]) + (ord($s[$i * 4 + 1]) << 8) + (ord($s[$i * 4 + 2]) << 16) + (ord($s[$i * 4 + 3]) << 24);
}
return $l;
}
// xor all the bytes with a random key
$key = rand(21474836, 2126008810);
$js = strToLongs($js);
for ($i = 0; $i < count($js); $i++) {
$js[$i] = $js[$i] ^ $key;
}
// libs function encapsulation
$libs_name = hashcash_random_string(rand(6, 18), $expired);
$expired[] = $libs_name;
$libs = "function {$libs_name}(){";
// write bytes to javascript, xor with key
$data_name = hashcash_random_string(rand(6, 18), $expired);
$expired[] = $data_name;
$libs .= "var {$data_name} = new Array(" . count($js) . "); ";
for ($i = 0; $i < count($js); $i++) {
$libs .= $data_name . '[' . $i . '] = ' . $js[$i] . ' ^ ' . $key . '; ';
}
// convert bytes back to string
$libs .= " var a = new Array({$data_name}.length); ";
$libs .= "for (var i=0; i<" . $data_name . ".length; i++) { ";
$libs .= 'a[i] = String.fromCharCode(' . $data_name . '[i] & 0xFF, ' . $data_name . '[i]>>>8 & 0xFF, ';
$libs .= $data_name . '[i]>>>16 & 0xFF, ' . $data_name . '[i]>>>24 & 0xFF); } ';
$libs .= "return eval(a.join('')); ";
// call libs function
$libs .= "} {$libs_name}();";
// return code
echo $libs;
// Check if the server is configured to automatically compress the output
if (!ini_get('zlib.output_compression') && !ini_get('zlib.output_handler')) {
// Check if we can use ob_gzhandler (requires the zlib extension)
if (function_exists('ob_gzhandler')) {
// let ob_gzhandler do the dirty job
// NB.: this must be done BEFORE session_start() when session.use_trans_sid is on
ob_start('ob_gzhandler');
} elseif (!empty($_SERVER['HTTP_ACCEPT_ENCODING']) && strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode')) {
ob_start('gzencode');
// Tell the browser the content is compressed with gzip
header("Content-Encoding: gzip");
}
}
require_once realpath(dirname(__FILE__) . '/') . '/secret/wp-hashcash.lib';
$field_id = hashcash_random_string(rand(6, 18));
$fn_enable_name = hashcash_random_string(rand(6, 18));
?>
addLoadEvent(<?php
echo $fn_enable_name;
?>
);
function createHiddenField(){
var inp = document.createElement('input');
inp.setAttribute('type', 'hidden');
inp.setAttribute('id', '<?php
echo $field_id;
?>
');
inp.setAttribute('name', 'hashcash_value');
/**
* Returns true iff it matches the hidden md5'ed tag.
*
* @return boolean
*/
function add_hashcash_topage($page)
{
global $Paths;
// Setting up random values/strings
$field_id = hashcash_random_string(rand(6, 18));
$field_name = hashcash_random_string(rand(6, 18));
$hashcash_form_action = hashcash_random_string(rand(6, 18));
$md5_name = hashcash_random_string(rand(6, 18));
$val_name = hashcash_random_string(rand(6, 18));
$eElement = hashcash_random_string(rand(6, 18));
$in_str = hashcash_random_string(rand(6, 18));
$fn_enable_name = hashcash_random_string(rand(6, 18));
// Globals
$GLOBALS["hashcash_form_action"] = $hashcash_form_action;
// 1) Hidden value form field
$page = str_replace('<input type="hidden" name="piv_code"', '<input type="hidden" id="' . $field_id . '" name="' . $field_name . '" value="' . rand(100, 99999999) . '" />' . "\n" . '<input type="hidden" name="piv_code"', $page);
// 2) Disable submit button for non-users of javascript,
// adding a noscript warning, and then dynamically enabling the submit button;
$page = str_replace('<input type="submit" name="post"', '<input type="submit" name="post" id="submitbutton" disabled="disabled"', $page);
$page = preg_replace_callback('/<form[^>]*?submit.php.*?<\\/form>/si', 'hashcash_script_callback', $page);
$hashcash_bits = hashcash_get_md5_javascript($md5_name);
$hashcash_bits[] = "function {$hashcash_form_action}({$in_str}){ " . "{$eElement} = document.getElementById(\"{$field_id}\"); " . "if(!{$eElement}){ return false; } else { {$eElement}" . ".name = {$md5_name}({$in_str}); {$eElement}" . ".value = {$val_name}(); return true; }}";
$hashcash_bits[] = hashcash_field_value_js($val_name);
shuffle($hashcash_bits);
$hashcash_js = implode(" ", $hashcash_bits);
// 3) Adding HashCash onsubmit javascript to form.
$page = preg_replace_callback('/<form[^>]*?submit.php.*?<\\/form>/si', 'hashcash_formaction_callback', $page);
$js = "";
// Get the head section of the page..
list($head) = explode("</head>", $page);
// 4) Determine if we can use jquery or not, and set the command to call our 'onload'
if (preg_match("/prototype[a-z0-9_\\.-]*\\.js/i", $head) || preg_match("/lightbox\\.js/i", $head)) {
// We use prototype.
$callonload = "Event.observe(window, 'load', function(){ setTimeout(\"{$fn_enable_name}()\", 100); });\n";
$hashcash_onload_js = 'function ' . $fn_enable_name . "(){ " . "var sb = \$('submitbutton'); " . "if (sb) { sb.disabled = ''; }" . "}";
} else {
if (preg_match("/jquery[a-z0-9_\\.-]*\\.js/i", $head)) {
// We're already using jquery, Yay us!
$callonload = '$(document).ready(function(){ setTimeout("' . $fn_enable_name . '()", 100); });' . "\n";
$hashcash_onload_js = 'function ' . $fn_enable_name . "(){ \$('input[@name=post]').attr('disabled', ''); }";
} else {
// We include jquery.
$js .= '<script src="' . $Paths['pivot_url'] . 'includes/js/jquery.js" type="text/javascript"></script>' . "\n";
$callonload = '$(document).ready(function(){ setTimeout("' . $fn_enable_name . '()", 100); });' . "\n";
$hashcash_onload_js = 'function ' . $fn_enable_name . "(){ \$('input[@name=post]').attr('disabled', ''); }";
}
}
// 5) Write all the javascript bits to various lines of <head>
$js .= '<script type="text/javascript">' . "\n" . '<!--' . "\n" . $hashcash_onload_js . "\n" . $hashcash_js . "\n" . $callonload . '// -->' . "\n" . '</script>' . "\n" . "\n";
$page = preg_replace('/<\\/head>/i', $js . '</head>', $page, 1);
return $page;
}
