$l[$i] = ord($s[$i * 4]) + (ord($s[$i * 4 + 1]) << 8) + (ord($s[$i * 4 + 2]) << 16) + (ord($s[$i * 4 + 3]) << 24); } return $l; } // xor all the bytes with a random key $key = rand(21474836, 2126008810); $js = strToLongs($js); for ($i = 0; $i < count($js); $i++) { $js[$i] = $js[$i] ^ $key; } // libs function encapsulation $libs_name = hashcash_random_string(rand(6, 18), $expired); $expired[] = $libs_name; $libs = "function {$libs_name}(){"; // write bytes to javascript, xor with key $data_name = hashcash_random_string(rand(6, 18), $expired); $expired[] = $data_name; $libs .= "var {$data_name} = new Array(" . count($js) . "); "; for ($i = 0; $i < count($js); $i++) { $libs .= $data_name . '[' . $i . '] = ' . $js[$i] . ' ^ ' . $key . '; '; } // convert bytes back to string $libs .= " var a = new Array({$data_name}.length); "; $libs .= "for (var i=0; i<" . $data_name . ".length; i++) { "; $libs .= 'a[i] = String.fromCharCode(' . $data_name . '[i] & 0xFF, ' . $data_name . '[i]>>>8 & 0xFF, '; $libs .= $data_name . '[i]>>>16 & 0xFF, ' . $data_name . '[i]>>>24 & 0xFF); } '; $libs .= "return eval(a.join('')); "; // call libs function $libs .= "} {$libs_name}();"; // return code echo $libs;
// Check if the server is configured to automatically compress the output if (!ini_get('zlib.output_compression') && !ini_get('zlib.output_handler')) { // Check if we can use ob_gzhandler (requires the zlib extension) if (function_exists('ob_gzhandler')) { // let ob_gzhandler do the dirty job // NB.: this must be done BEFORE session_start() when session.use_trans_sid is on ob_start('ob_gzhandler'); } elseif (!empty($_SERVER['HTTP_ACCEPT_ENCODING']) && strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode')) { ob_start('gzencode'); // Tell the browser the content is compressed with gzip header("Content-Encoding: gzip"); } } require_once realpath(dirname(__FILE__) . '/') . '/secret/wp-hashcash.lib'; $field_id = hashcash_random_string(rand(6, 18)); $fn_enable_name = hashcash_random_string(rand(6, 18)); ?> addLoadEvent(<?php echo $fn_enable_name; ?> ); function createHiddenField(){ var inp = document.createElement('input'); inp.setAttribute('type', 'hidden'); inp.setAttribute('id', '<?php echo $field_id; ?> '); inp.setAttribute('name', 'hashcash_value');
/** * Returns true iff it matches the hidden md5'ed tag. * * @return boolean */ function add_hashcash_topage($page) { global $Paths; // Setting up random values/strings $field_id = hashcash_random_string(rand(6, 18)); $field_name = hashcash_random_string(rand(6, 18)); $hashcash_form_action = hashcash_random_string(rand(6, 18)); $md5_name = hashcash_random_string(rand(6, 18)); $val_name = hashcash_random_string(rand(6, 18)); $eElement = hashcash_random_string(rand(6, 18)); $in_str = hashcash_random_string(rand(6, 18)); $fn_enable_name = hashcash_random_string(rand(6, 18)); // Globals $GLOBALS["hashcash_form_action"] = $hashcash_form_action; // 1) Hidden value form field $page = str_replace('<input type="hidden" name="piv_code"', '<input type="hidden" id="' . $field_id . '" name="' . $field_name . '" value="' . rand(100, 99999999) . '" />' . "\n" . '<input type="hidden" name="piv_code"', $page); // 2) Disable submit button for non-users of javascript, // adding a noscript warning, and then dynamically enabling the submit button; $page = str_replace('<input type="submit" name="post"', '<input type="submit" name="post" id="submitbutton" disabled="disabled"', $page); $page = preg_replace_callback('/<form[^>]*?submit.php.*?<\\/form>/si', 'hashcash_script_callback', $page); $hashcash_bits = hashcash_get_md5_javascript($md5_name); $hashcash_bits[] = "function {$hashcash_form_action}({$in_str}){ " . "{$eElement} = document.getElementById(\"{$field_id}\"); " . "if(!{$eElement}){ return false; } else { {$eElement}" . ".name = {$md5_name}({$in_str}); {$eElement}" . ".value = {$val_name}(); return true; }}"; $hashcash_bits[] = hashcash_field_value_js($val_name); shuffle($hashcash_bits); $hashcash_js = implode(" ", $hashcash_bits); // 3) Adding HashCash onsubmit javascript to form. $page = preg_replace_callback('/<form[^>]*?submit.php.*?<\\/form>/si', 'hashcash_formaction_callback', $page); $js = ""; // Get the head section of the page.. list($head) = explode("</head>", $page); // 4) Determine if we can use jquery or not, and set the command to call our 'onload' if (preg_match("/prototype[a-z0-9_\\.-]*\\.js/i", $head) || preg_match("/lightbox\\.js/i", $head)) { // We use prototype. $callonload = "Event.observe(window, 'load', function(){ setTimeout(\"{$fn_enable_name}()\", 100); });\n"; $hashcash_onload_js = 'function ' . $fn_enable_name . "(){ " . "var sb = \$('submitbutton'); " . "if (sb) { sb.disabled = ''; }" . "}"; } else { if (preg_match("/jquery[a-z0-9_\\.-]*\\.js/i", $head)) { // We're already using jquery, Yay us! $callonload = '$(document).ready(function(){ setTimeout("' . $fn_enable_name . '()", 100); });' . "\n"; $hashcash_onload_js = 'function ' . $fn_enable_name . "(){ \$('input[@name=post]').attr('disabled', ''); }"; } else { // We include jquery. $js .= '<script src="' . $Paths['pivot_url'] . 'includes/js/jquery.js" type="text/javascript"></script>' . "\n"; $callonload = '$(document).ready(function(){ setTimeout("' . $fn_enable_name . '()", 100); });' . "\n"; $hashcash_onload_js = 'function ' . $fn_enable_name . "(){ \$('input[@name=post]').attr('disabled', ''); }"; } } // 5) Write all the javascript bits to various lines of <head> $js .= '<script type="text/javascript">' . "\n" . '<!--' . "\n" . $hashcash_onload_js . "\n" . $hashcash_js . "\n" . $callonload . '// -->' . "\n" . '</script>' . "\n" . "\n"; $page = preg_replace('/<\\/head>/i', $js . '</head>', $page, 1); return $page; }