function encrypt($value) { $key = "kish38bapi84bagi80nacho76deepu94"; $crypt = fnEncrypt($value, $key); $crypt = fnEncrypt($crypt, $key); return sha1($crypt); }
mysql_query($str, $plink); } //取年度加密key $strYearABC = "SELECT abcd FROM o_year WHERE year='{$hohsnY}' limit 1 "; $qqYabc = mysql_query($strYearABC, $plink); $f_Yabc = @mysql_fetch_array($qqYabc); //卡號加密處理 $f6no = substr($card_no, 0, 6); $c5no = substr($card_no, 6, 5); $lsno = substr($card_no, 11, 5); $str = "insert into o_cdno "; //寫入 $str .= "(aa,sr,f6no,c5no,lsno,year_abc)"; $str .= "values(0,'{$aa}',AES_ENCRYPT('{$f6no}','{$key_str_ch}'),AES_ENCRYPT('{$c5no}','{$key_str_ch}'),AES_ENCRYPT('{$lsno}','{$key_str_ch}'),'{$f_Yabc['abcd']}')"; $result = mysql_query($str, $plink); $Obgm_exdt = fnEncrypt($exp, $ap_KEY, $ap_IV); $str_bgm = "insert into o_bgm (aa,sr,exdt,bgm,us_id,cd_name,bh_dt) values (0,'{$aa}','{$Obgm_exdt}','','','','')"; mysql_query($str_bgm, $plink); //記錄送來的銀行代碼限制 if ($bank_only) { //先將,點濾除, 確定是否全為數字 $bank_allnub = chNumber(str_replace(',', '', $bank_only)); if ($bank_allnub) { //非全數字, 以銀行名稱處理 $str = "insert into o_bank_only (sr,bank)values('{$aa}','{$bank_only}')"; mysql_query($str, $plink); //比對卡號是否吻合該發卡行 $card6no = substr($card_no, 0, 6); //取出前六碼 $str = "SELECT bank FROM any_cardno where cardno='{$card6no}' limit 1 "; $q = mysql_query($str, $plink);
//uploading file content if ($_FILES["userfile"]["error"] > 0) { echo "Error: " . $_FILES["userfile"]["error"] . "<br>"; } else { //Store these things in table $fn1 = $_FILES["userfile"]["tmp_name"]; //Use the tmp_name always to get file content $type = $_FILES["userfile"]["type"]; $size = $_FILES["userfile"]["size"]; $file = file_get_contents($fn1); $len = strlen($file); $datakey = md5($file); $username = $un; $password2 = $pw; $file = fnEncrypt($file, $datakey); $file = fnEncrypt($file, $password2); $filename = $_FILES["userfile"]["name"]; //add key to escrow system $con = mysql_connect("localhost", "root", "") or die('could not open database'); mysql_select_db("key_escrow", $con) or die('could not connect with database'); $sql = "insert into keys_db values(\"{$username}\",\"{$datakey}\",\"{$new_id}\",\"{$len}\")"; mysql_query($sql, $con) or die(mysql_error()); mysql_close($con); //store file $con = mysql_connect("localhost", "root", "") or die('could not open database'); mysql_select_db("cloud", $con) or die('could not connect with database'); for ($i = 0; $i < 20; $i++) { $sql = "insert into cloudpart" . $i . " values(\"{$file}\",\"{$type}\",\"{$size}\",\"{$username}\",\"{$password2}\",\"{$filename}\",\"{$new_id}\")"; mysql_query($sql, $con) or die('couldnot execute the order'); } mysql_close($con);
function DBSavePost($post_id, $pinned, $boardName, $title, $content, $user_id, $added_tags, $deleted_tags) { $date = getTime(); global $db; $stmt = $db->stmt_init(); if ($stmt->prepare('CALL Check_Post_Owner(?,?)')) { $stmt->bind_param('ii', $post_id, $user_id); $stmt->execute(); $stmt->bind_result($result); $stmt->fetch(); $stmt->close(); if ($result == 0 || $post_id == -1) { $db->next_result(); $stmt = $db->stmt_init(); //htmlspecialchars($title, ENT_HTML401, 'UTF-8', false) if ($stmt->prepare('CALL Save_Post(?,?,?,?,?,?,?,?)')) { $stmt->bind_param('isiissii', $post_id, $boardName, $user_id, $pinned, $title, $content, $date, $date); $stmt->execute(); $post_id_out = NULL; $stmt->bind_result($post_id_out); $stmt->fetch(); $stmt->close(); if ($added_tags != null) { for ($t = 0; $t < sizeof($added_tags); $t++) { DBSavePostTag($post_id_out, $added_tags[$t], "Save"); } } if ($deleted_tags != null) { for ($t = 0; $t < sizeof($deleted_tags); $t++) { DBSavePostTag($post_id_out, $deleted_tags[$t], "Delete"); } } if ($post_id_out > 0) { $encoded_post_id = str_replace("/", "SLASH", fnEncrypt("p" . $post_id_out)); $user_dir = "../tmp/" . $user_id . "/"; $target_dir = "../upload/" . $encoded_post_id . "/"; $files = directory_to_array($user_dir); // if there are more than 0 files in the ../tmp/[UserID] directory if (sizeof($files) > 0) { // if ../upload/[UserID] direcoty does not exists, create the directory if (!(file_exists($target_dir) && is_dir($target_dir))) { @mkdir($target_dir, 0777, true); } else { //delete all files } $index = 0; while ($file = $files[$index++]) { $filesize = filesize($file); $filealias = end(explode("/", $file)); $fileextension = end(explode(".", $filealias)); $filename = substr($filealias, 14); $fileDirectory = $target_dir . $filename; $fileAddress = publicUrl . "/upload/" . $encoded_post_id . "/" . $filename; //DB Save //$result = DBSaveUploadFile($fileextension, $post_id_out, -1, $filesize, $fileDirectory, $fileAddress); //Check Image is in the DOM $doc = new DOMDocument(); @$doc->loadHTML(mb_convert_encoding($content, 'HTML-ENTITIES', 'UTF-8')); $tags = $doc->getElementsByTagName('img'); foreach ($tags as $tag) { $source = $tag->getAttribute('src'); if ($source == $user_dir . $filealias) { $tag->removeAttribute('src'); $tag->setAttribute('src', $fileDirectory); } } $newContent = @$doc->saveHTML('body'); $newContent = str_replace('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">', '', $newContent); $db->next_result(); $stmt = $db->stmt_init(); //htmlspecialchars($title, ENT_HTML401, 'UTF-8', false) if ($stmt->prepare('CALL Save_Post(?,?,?,?,?,?,?,?)')) { $stmt->bind_param('isiissii', $post_id, $boardName, $user_id, $pinned, $title, $newContent, $date, $date); $stmt->execute(); $post_id_out = NULL; $stmt->bind_result($post_id_out); $stmt->fetch(); $stmt->close(); } //Move file from /tmp/ to /upload/ rename($file, $user_dir . $filename); copy($user_dir . $filename, $target_dir . $filename); unlink($user_dir . $filename); } } } return $post_id_out; } } } return -1; }
return $strTemp; } ###################################################################################################### # Function Name: string fnKeyED($strString,$strKey) # Created By: Clarion Tech. # Created On: # Purpose: To encrypt/decrypt the key. This function is not called directly. # The fnEncrypt() and fnDecrypt() functions call this function internally # Parameters: string $strString: The encryption/decryption string # string $strKey: The encryption/decryption key # ON SUCCESS: Returns the encrypted/decrypted key # ON FAILURE: Returns empty string ###################################################################################################### function fnKeyED($strString, $strEncryptKey) { $strEncryptKey = md5($strEncryptKey); $intCtr = 0; $strTemp = ""; for ($i = 0; $i < strlen($strString); $i++) { if ($intCtr == strlen($strEncryptKey)) { $intCtr = 0; } $strTemp .= substr($strString, $i, 1) ^ substr($strEncryptKey, $intCtr, 1); $intCtr++; } return $strTemp; } echo fnEncrypt("naveed", "key"); echo "<br>"; echo fnEncrypt("CjRUZlN3AT0AP1Iy", "key");
function DBDeleteComment($cId, $user_id, $files) { //echo json_encode_unescaped($files); global $db; $stmt = $db->stmt_init(); if ($stmt->prepare('CALL Check_Comment_Owner(?,?)')) { $stmt->bind_param('ii', $cId, $user_id); $stmt->execute(); $stmt->bind_result($result); $stmt->fetch(); $stmt->close(); if ($result == 0 || $_SESSION['UserLevel'] == admin_level) { if ($files != null) { foreach ($files as $filename) { $encoded_comment_id = str_replace("/", "SLASH", fnEncrypt("c" . $cId)); $target_dir = "../upload/" . $encoded_comment_id . "/" . $filename; if (file_exists($target_dir)) { unlink($target_dir); } } @rmdir("../upload/" . $encoded_comment_id . "/"); } $db->next_result(); $stmt = $db->stmt_init(); if ($stmt->prepare('CALL Delete_Comment(?)')) { $stmt->bind_param('i', $cId); $stmt->execute(); $stmt->close(); } } } }
<?php include 'inc/auth.php'; include 'inc/api.php'; include 'inc/aes.php'; ini_set('display_errors', '1'); if ($auth) { header("location: wallet.php"); } else { if (Login($_POST['addr'], $_POST['key'])) { $_SESSION['addr'] = $_POST['addr']; $key = $_POST['key']; // new encryption key $key = fnEncrypt($key, "39ebb8b644e3de68e4801eaf9ba"); $_SESSION['key'] = $key; header("location: wallet.php"); } else { header("location: index.php?error=login"); } }
$cook = $_COOKIE["gauth"]; echo "gauth cookie: " . $cook; echo "<br />"; // echo "gauth cookie after base64decode: ".base64_decode($_COOKIE["gauth"]); // echo "<br />"; //$cook = base64_decode($_COOKIE["gauth"]); $cook = fnDecrypt($cook, $key); echo $cook; echo "<hr />"; echo "is it an array" . (is_array($cook) ? "true" : "false"); echo "<hr />"; $cook = json_decode($cook); var_dump($cook); echo "<hr />"; echo "is it an array" . (is_array($cook) ? "true" : "false"); echo "<hr />"; $msg = "my little secret"; $new_value = fnEncrypt($msg, $key); echo $new_value; echo "<br />"; echo fnDecrypt($new_value, $key); echo "<br />"; /* * Outputs: * * $ php crypt.php * ?8@??DX<;]I:"??0???@FԦc??m?ܠ??B'?ȫĵ?7}?????cJC?7??? * vi4XRU7Y93ogVMXuunUtmlYIqxlUHpLFa44Nuah8RJc= * my little secret * */
function SendForgotPasswordEmail($email) { $to = $email; $subject = 'Forgot Password'; $message = "To reset your password, please click the link below: \r\n"; $message = $message . '<' . publicUrl . '/backend/get.php?t=10&c=' . urlencode(fnEncrypt($email . "~" . getTime())) . "> \r\n\r\n"; $message = $message . "UWKSA Web Team"; $headers = 'From: web@uwksa.ca'; mail($to, $subject, $message, $headers); }
$UNIC = $devID + $rnd_server; $UNIC = $UNIC + $pid_server; $crcDevpayload = md5($UNIC); if (trim($developerPayload) == $crcDevpayload) { // all thing is ok // buy prosses should end // make dl link and send password if (trim($purchaseState) == BILLING_RESPONSE_RESULT_OK) { $qr = "SELECT `path`,`password` FROM `product` where `pid`='{$pid_server}' and `productID`='{$productId}'"; $res = FetchSqltoArray($qr); if ($res) { $qr = "DELETE FROM `buyProsses` WHERE `buyProsses`.`bid` = '{$bid_server}' AND `buyProsses`.`pid` = '{$pid_server}' LIMIT 1"; insert($qr); $qr = "INSERT INTO `buyed` (`bid` ,`pid`,`orderID`)VALUES ('" . $bid_server . "', '" . $pid_server . "', '" . $orderID . "');"; insert($qr); $returnVal = $res[0]['path'] . "aminOmid" . $res[0]['password']; $returnVal = fnEncrypt($returnVal, "1234567890abcdef", $devID); echo $returnVal; } } else { die("PAYMENT NOT ACCEPTED"); } } else { die("PayLoad ID not accepted"); } } else { die(" this buyer not accepted"); } } else { echo "false"; }
$f6no = substr($card_no, 0, 6); $c5no = substr($card_no, 6, 5); $lsno = substr($card_no, 11, 5); $str = "insert into o_cdno "; //寫入 $str .= "(aa,sr,f6no,c5no,lsno,year_abc)"; $str .= "values(0,'{$aa}',AES_ENCRYPT('{$f6no}','{$key_str_ch}'),AES_ENCRYPT('{$c5no}','{$key_str_ch}'),AES_ENCRYPT('{$lsno}','{$key_str_ch}'),'{$f_Yabc['abcd']}')"; $result = mysql_query($str, $plink); if (!$result) { $title = "Credit建立單號o_cdno-SQL執行失敗"; $msg = "SQL執行失敗! " . mysql_error() . "<hr size=1>" . $str . "<br>"; $msg .= "<hr size=1>於 pay-web 執行的 from_ssl.php 執行時間 " . number_format(microtime(true) - $t1, 3) . " 秒<br>" . date("Y/m/d H:i:s"); @exec_mail(2, $title, $msg, $filename); } $Obgm_exdt = fnEncrypt($expiry_date, $ap_KEY, $ap_IV); $us_id = fnEncrypt($Your_ID, $ap_KEY, $ap_IV); $str_bgm = "insert into o_bgm (aa,sr,exdt,bgm,us_id,cd_name,bh_dt) values (0,'{$aa}','{$Obgm_exdt}','','{$us_id}','{$Card_Member_Name}','{$bh_dt}')"; $result = mysql_query($str_bgm, $plink); if (!$result) { $title = "Credit建立單號o_bgm-SQL執行失敗"; $msg = "SQL執行失敗! " . mysql_error() . "<hr size=1>" . $str_bgm . "<br>"; $msg .= "<hr size=1>於 pay-web 執行的 from_ssl.php 執行時間 " . number_format(microtime(true) - $t1, 3) . " 秒<br>" . date("Y/m/d H:i:s"); @exec_mail(2, $title, $msg, $filename); } //記錄送來的銀行代碼限制 if ($bank_only) { //先將,點濾除, 確定是否全為數字 $bank_allnub = chNumber(str_replace(',', '', $bank_only)); //非全數字, 以銀行名稱處理 if ($bank_allnub) { $str = "insert into o_bank_only (sr,bank) values ('{$aa}','{$bank_only}')";
} if ($sps != '3' && $sps != '4') { //不是3大特店/4小特店的才送給 neil //=====幕後送去新增user $sValue = "account={$user}"; $sValue .= "&password={$user}"; $sValue .= "&merchantName=" . urlencode($corpname); //公司名 $sValue .= "&merhcantID={$client}"; //商代 $sValue .= "&level=1"; //0一般,1最高權限 $sValue .= "&mail=" . urlencode($email); $sValue .= "&ubn={$corpid}"; //統編 $sValue = fnEncrypt($sValue, $ap_KEY, $ap_IV); $sValue = 'id=' . $sValue; $ccc = my_curl_id($CreateURE, $sValue); parse_str($ccc); //rtncode=1&rtnmsg=新增此特店的最高Admin帳號,成功&userno=1000026&acccount=allpay-3&merchantid=3&merchantname=股份有限公司&level=1 if ($rtncode == '1') { $ccTXT = '(幕後新增user成功)'; } else { echo $ccc . '<br>'; echo '(幕後新增user失敗)<br>'; echo '請重新來過'; exit; } } //============更新資料 } else {
// 與 tiger 作刷卡機的授權通道用 //========================== set_time_limit(0); include 'allpay_com.php'; include 'allpay_fn.php'; $ssl_Url = 'https://credit.allpay.com.tw/g_ssl.php?'; /* //=====產出壓碼 $dt='client=513605&card_no=4147630019599505&exp_date=1903&amount=1&od_sob=Tiger_TEST'; $dt = data_cryptNew($TripleDES_key,$TripleDES_iv,$dt,$mode='encrypt'); echo $dt; exit; */ //https://credit.allpay.com.tw/form_ssl_card.php?17915d2138a597f2e4385813e878cc8f44ca54784853c04f6bba01774d8ddd28b50af5e6733627cfb5d01e6a18be9d562d587b60aeccd5ee92f5721b43fa53c990a51b55d5830cbf3e00595c49f30d84" list($l, $r) = each($_GET); //先取得 TripleDES 傳來的值, 反解 , client=513605&card_no=4563121236364545&exp_date=1312&amount=1&od_sob=Tiger_TEST" $dt = $l; $dt = data_cryptNew($TripleDES_key, $TripleDES_iv, $dt, $mode = 'decrypt'); //=======反解 parse_str($dt); //*[商店代號]*[卡號]*[卡片到期日]*[背3碼]*[金額]*[分期期數]*[國旅0/1]*[國旅城市代碼]*[起程日期]*[迄程日期]*[自訂單號]*[驗證檢核code]*[限制交易的銀行或卡片前6碼]* $out_dt = "*{$client}*{$card_no}*{$exp_date}*aaa*{$amount}******{$od_sob}*123502147**"; $out_dt = urlencode($out_dt); $out_dt = fnEncrypt($out_dt, $bk_KEY, $bk_IV); //========送 授權 $get_dt = $ssl_Url . 'a=ni&client=' . $client . '&dt=' . $out_dt; $getCode = file($get_dt); $get_Code = $getCode[0]; echo $get_Code . '##'; //====宏然接收後面得加## , 很重要
$sssip = $_SERVER["REMOTE_ADDR"]; if ($sssip != '211.23.128.211' && $sssip != '175.99.72.120' && !matchCIDR($sssip, "60.199.179.0/24")) { //這是對 ecbank ip 作放行的動作, 不比對 if (!$webip_bk || !$ipcheck_bk) { echo 'error_無設定主機IP,無法取得驗證碼! ' . "目前抓到的主機IP: {$sssip}"; exit; } $v = substr_count($webip_bk, $sssip); if (!$v) { echo 'error_非法主機IP,無法取得驗證碼! ' . "目前抓到的主機IP: {$sssip}"; exit; } } } $od_sob = time() . '***' . $od_sob; $od_sob = fnEncrypt($od_sob, $chma, $ap_IV); //壓碼 $od_sob = str_replace('+', '_', $od_sob); $od_sob = str_replace('=', 'X12x38x', $od_sob); //因為=會切斷get資料 //$od_sob = urlencode($od_sob); echo $od_sob; exit; //====================================================================== //下面是不運作的備註 echo '<br>'; $od_sob = str_replace(' ', '+', $od_sob); $od_sob = fnDecrypt($od_sob, $chma, $ap_IV); //解碼 echo $od_sob; exit;
function SendConfirmationEmail($email) { $to = $email; $subject = 'Welcome to UWKSA Website!'; $message = "Welcome to UWKSA.CA! Please click the link below to complete the sign-up: \r\n"; $message = $message . '<' . publicUrl . '/backend/get.php?t=7&c=' . urlencode(fnEncrypt($email)) . ">"; $message = $message . "\r\n\r\n We promise you that all of your personal information will be kept strictly confidential. However, please be advised that UWKSA has the right to permanently block/delete your account (without warning) should we observe any inappropriate behaviours such as spamming, trolling and poor manners. In addition, we do reserve the right to reveal your identity in public if required under extreme circumstances. \r\n \r\n"; $message = $message . "UWKSA Web Team"; $headers = 'From: web@uwksa.ca'; mail($to, $subject, $message, $headers); }
//=============取年度加密key $strYearABC = "SELECT abcd FROM o_year WHERE year='{$hohsnY}' limit 1 "; $qqYabc = mysql_query($strYearABC, $plink); $f_Yabc = @mysql_fetch_array($qqYabc); //=========== $f6no = substr($card_no, 0, 6); $c5no = substr($card_no, 6, 5); $lsno = substr($card_no, 11, 5); $str = "insert into o_cdno "; //寫入 $str .= "(aa,sr,f6no,c5no,lsno,year_abc)"; $str .= "values(0,'{$aa}',AES_ENCRYPT('{$f6no}','{$key_str_ch}'),AES_ENCRYPT('{$c5no}','{$key_str_ch}'),AES_ENCRYPT('{$lsno}','{$key_str_ch}'),'{$f_Yabc['abcd']}')"; $result = mysql_query($str, $plink); //=========== $Obgm_exdt = fnEncrypt($expiry_date, $ap_KEY, $ap_IV); $Obgm_bgm = fnEncrypt($bgm, $ap_KEY, $ap_IV); $str_bgm = "insert into o_bgm (aa,sr,exdt,bgm) values (0,'{$aa}','{$Obgm_exdt}','{$Obgm_bgm}')"; mysql_query($str_bgm, $plink); //========================記錄送來的銀行代碼限制 if ($bank_only) { //============先將,點濾除, 確定是否全為數字 $bank_allnub = chNumber(str_replace(',', '', $bank_only)); if ($bank_allnub) { //非全數字, 以銀行名稱處理 $str = "insert into o_bank_only (sr,bank)values('{$aa}','{$bank_only}')"; mysql_query($str, $plink); //=======比對卡號是否吻合該發卡行 $card6no = substr($card_no, 0, 6); //取出前六碼 $str = "SELECT bank FROM any_cardno where cardno='{$card6no}' limit 1 "; $q = mysql_query($str, $plink);
// $index = 0; // while ($file = $files[$index++]) { // $filesize = filesize($file); // $filealias = end(explode("/", $file)); // $filename = substr($filealias, 14); // rename ($file, $user_dir.$filename); // copy ($user_dir.$filename, $target_dir.$filename); // unlink($user_dir.$filename); // } // } // } $post_id_out = 217; $user_id = 52; if ($post_id_out > 0) { echo "hi"; $encoded_post_id = fnEncrypt("p" . $post_id_out); $user_dir = "../tmp/" . $user_id . "/"; $target_dir = "../upload/" . $encoded_post_id . "/"; $files = directory_to_array($user_dir); echo "hi"; // if there are more than 0 files in the ../tmp/[UserID] directory if (sizeof($files) > 0) { echo "hi"; // if ../upload/[UserID] direcoty does not exists, create the directory if (!(file_exists($target_dir) && is_dir($target_dir))) { @mkdir($target_dir, 0777, true); } else { //delete all files } $index = 0; while ($file = $files[$index++]) {