Annotation of botnow/register.php, Revision 1.1
1.1 ! bountyht 1: <?php
! 2:
! 3: $hashirc = isset($_REQUEST['hashirc']) ? $_REQUEST['hashirc'] : NULL;
! 4: $hashbnc = isset($_REQUEST['hashbnc']) ? $_REQUEST['hashbnc'] : NULL;
! 5: $hashshell = isset($_REQUEST['hashshell']) ? $_REQUEST['hashshell'] : NULL;
! 6: $hashsmtp = isset($_REQUEST['hashsmtp']) ? $_REQUEST['hashsmtp'] : NULL;
! 7: $lines = file('botnow.conf');
! 8:
! 9: foreach ($lines as $i => $line) {
! 10: if (preg_match('/^\#/', $line, $matches)) {
! 11: } elseif (preg_match('/^\s*$/', $line, $matches)) {
! 12: } elseif (preg_match('/^([^=\s]+)\s*=\s*(.*)$/', $line, $matches)) {
! 13: $key = $matches[1];
! 14: $val = $matches[2];
! 15: $conf{$key} = $val;
! 16: }
! 17: }
! 18:
! 19: $wordslist = file('words');
! 20: $wordslen = sizeof($wordslist);
! 21: for ($n = 0; $n < 5; $n++) {
! 22: $i = rand(0, $wordslen-1);
! 23: $words[] = substr($wordslist[$i],0,-1); // remove newline
! 24: }
! 25: $passphrase = implode(" ", $words);
! 26: $passphrase = ucwords($passphrase);
! 27: $fpr{"passphrase"} = $passphrase;
! 28: $fpr{"remoteaddr"} = $_SERVER['REMOTE_ADDR'];
! 29: $fpr{"httpxforwarded"} = $_SERVER['HTTP_X_FORWARDED_FOR'];
! 30: $fpr{"time"} = date("Y-m-d H:i:s");
! 31: if (isset($hashirc)) {
! 32: $fpr{"hashirc"} = $hashirc;
! 33: } elseif (isset($hashbnc)) {
! 34: $fpr{"hashbnc"} = $hashbnc;
! 35: } elseif (isset($hashshell)) {
! 36: $fpr{"hashshell"} = $hashshell;
! 37: } elseif (isset($hashsmtp)) {
! 38: $fpr{"hashsmtp"} = $hashsmtp;
! 39: }
! 40:
! 41: foreach (getallheaders() as $key => $value) {
! 42: if ($key == "User-Agent") {
! 43: $key = "useragent";
! 44: } elseif ($key == "Upgrade-Insecure-Requests") {
! 45: $key = "upgradeinsecure";
! 46: } elseif ($key == "Host") {
! 47: $key = "host";
! 48: } elseif ($key == "Dnt") {
! 49: $key = "dnt";
! 50: } elseif ($key == "Connection") {
! 51: $key = "connection";
! 52: } elseif ($key == "Cache-Control") {
! 53: $key = "cachecontrol";
! 54: } elseif ($key == "Accept-Language") {
! 55: $key = "acceptlanguage";
! 56: } elseif ($key == "Accept-Encoding") {
! 57: $key = "acceptencoding";
! 58: } elseif ($key == "Accept") {
! 59: $key = "accept";
! 60: } elseif ($key == "Cookie") {
! 61: $key = "cookie";
! 62: }
! 63: $fpr{$key} = $value;
! 64: }
! 65:
! 66: setcookie("ircnow[hashirc]", $hashirc, time()+86400*30, '/', 'ircnow.org', true);
! 67: setcookie("ircnow[hashbnc]", $hashbnc, time()+86400*30, '/', 'ircnow.org', true);
! 68: setcookie("ircnow[hashshell]", $hashshell, time()+86400*30, '/', 'ircnow.org', true);
! 69: setcookie("ircnow[hashsmtp]", $hashsmtp, time()+86400*30, '/', 'ircnow.org', true);
! 70:
! 71: class wwwdb extends SQLite3 {
! 72: function __construct() {
! 73: $this->open('/botnow/botnow.db');
! 74: }
! 75: }
! 76: $wwwdb = new wwwdb();
! 77: if(!$wwwdb) {
! 78: echo $wwwdb->lastErrorMsg();
! 79: } else {
! 80: foreach ($fpr as $key => $value) {
! 81: $keys[] = $key;
! 82: $values[] = $value;
! 83: }
! 84: $keystr = '"'.implode('","', $keys).'"';
! 85: $valstr = '"'.implode('","', $values).'"';
! 86: $sql =<<<EOF
! 87: INSERT INTO www ($keystr)
! 88: VALUES ($valstr);
! 89: EOF;
! 90: if (!$wwwdb->exec($sql)) {
! 91: echo $db->lastErrorMsg();
! 92: }
! 93: $clients = array("AdiIRC", "Adium", "AndroIRC", "Atomic", "Colloquy", "Hexchat", "HydraIRC", "IRCForAndroid", "IRCCloud", "IceChat", "ircEX", "irssi", "Igloo", "KVIrc", "KiwiIRC", "Limechat", "Mibbit", "mIRC", "nettalk", "Pidgin", "qwebirc", "Quassel", "RevolutionIRC", "SimpleIRC", "Smuxi", "Textual", "Thunderbird", "TurboIRC", "Weechat", "Yaaic", "XChat");
! 94: $sql =<<<EOF
! 95: SELECT * from irc where hashid = "$hashirc";
! 96: EOF;
! 97: $ret = $wwwdb->query($sql);
! 98: while($row = $ret->fetchArray(SQLITE3_ASSOC)) {
! 99: echo "Don't worry I got called";
! 100: $ircid = $row['id'];
! 101: $ctcpversion = $row['ctcpversion'];
! 102: $hostmask = $row['hostmask'];
! 103: foreach ($clients as $i => $value) {
! 104: if (preg_match("/$value/i", $ctcpversion, $matches)) {
! 105: $client = $value;
! 106: }
! 107: }
! 108: if (!isset($client)) {
! 109: if (preg_match('/!~?uid\d+/i', $hostmask, $matches)) {
! 110: $client = "IRCCloud";
! 111: } elseif(preg_match('/!~?quassel/i', $hostmask, $matches)) {
! 112: $client = "Quassel";
! 113: } elseif(preg_match('/!~?IceChat/i', $hostmask, $matches)) {
! 114: $client = "IceChat";
! 115: } elseif(preg_match('/Purple\s+IRC/i', $ctcpversion, $matches)) {
! 116: $client = "Pidgin";
! 117: } elseif(preg_match('/X-Chat/i', $ctcpversion, $matches)) {
! 118: $client = "XChat";
! 119: } elseif(preg_match('/Kiwi\s+IRC/i', $ctcpversion, $matches)) {
! 120: $client = "KiwiIRC";
! 121: } elseif(preg_match('/Android\s+IRC/i', $ctcpversion, $matches)) {
! 122: $client = "AndroIRC";
! 123: } elseif(preg_match('/IRC\s+for\s+Android/i', $ctcpversion, $matches)) {
! 124: $client = "IRCForAndroid";
! 125: } elseif(preg_match('/Revolution\s+IRC/i', $ctcpversion, $matches)) {
! 126: $client = "RevolutionIRC";
! 127: } elseif(preg_match('/Yet\s+another\s+Android\s+IRC\s+client/i', $ctcpversion, $matches)) {
! 128: $client = "Yaaic";
! 129: } else {
! 130: $client = "Bouncer";
! 131: }
! 132: }
! 133:
! 134: }
! 135: $sql =<<<EOF
! 136: SELECT * from bnc where ircid = "$ircid";
! 137: EOF;
! 138: $ret = $wwwdb->query($sql);
! 139: while($row = $ret->fetchArray(SQLITE3_ASSOC)) {
! 140: $username = $row['username'];
! 141: }
! 142: $wwwdb->close();
! 143: }
! 144: function myURLEncode($string) {
! 145: $replace = array('%20', '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%23', '%5B', '%5D');
! 146: $search = array(' ', '!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "#", "[", "]");
! 147: return str_replace($search, $replace, $string);
! 148: }
! 149: $hostname = $conf{"hostname"};
! 150: ?>
! 151:
! 152: <!DOCTYPE html>
! 153: <html lang="en">
! 154: <head>
! 155: <meta charset="utf-8">
! 156: <meta name="viewport" content="width=device-width, initial-scale=1">
! 157: <meta name="robots" content="index, follow"/>
! 158: <title>IRCNow -- Verify Account</title>
! 159: <style>
! 160: body {
! 161: width: 80%;
! 162: margin: 5rem auto;
! 163: text-align: center;
! 164: font-family: "Tahoma", "Verdana", "Arial";
! 165: }
! 166: </style>
! 167: <script>
! 168: console.log(Intl.DateTimeFormat().resolvedOptions().timeZone);
! 169: var offset = new Date().getTimezoneOffset();
! 170: console.log(offset);
! 171: console.log(new Date().toString());
! 172: console.log(window.screen.width);
! 173: console.log(window.screen.height);
! 174: //console.log(screen.availWidth);
! 175: //console.log(screen.availHeight);
! 176: console.log(screen.colorDepth);
! 177: </script>
! 178: </head>
! 179:
! 180: <body>
! 181: <p>Please email <a href="mailto:<?php echo $conf{"mailfrom"}."?subject=".myURLEncode("IRCNow Verify: $passphrase")."&body=".myURLEncode("IRCNow Verify: $passphrase") ?>"><?php echo $conf{"mailfrom"} ?></a> with the following passphrase:</p>
! 182:
! 183: <p>IRCNow Verify: <?php echo $passphrase ?></p>
! 184:
! 185: <p><a href="https://wiki.ircnow.org/index.php?n=Bouncer.<?php echo $client ?>">Click here for <?php echo $client ?> connection instructions.</a></p>
! 186:
! 187: <p>To change your password, login to <a href="<?php echo "https://bnc.$hostname/" ?>"><?php echo "https://bnc.$hostname/" ?></a>, fill in the password field, then click on the "Save and Return" button.</p>
! 188:
! 189: <p>Or, you can change the password from your IRC client. Once you have logged in, type:</p>
! 190:
! 191: <code>/msg *controlpanel set password <?php echo $username ?> newpassword</code>
! 192:
! 193: </body>
! 194: </html>
CVSweb