- 论坛徽章:
- 0
|
程序 比较大 ,发在最后 ,这里面 怎么 我怎么找不到给 $admin 负值的 语句呀 ??
大家 看看是 怎么绘事,谢谢
#!/usr/bin/perl
chop($date = &ctime(time));
if ($ARGV[0] eq ''){
&Get_Post;
print "Content-type: text/html\n\n";
}
##############################[ CGI ]########################
###
### Generated By: CCBILL Installer v5.06
### On: Wednesday, January 31, 2001 - 03:14 PM
### Installer ID: a151
###
### Updated with IP check (alert)
#############################################################
### FILE PERMISSIONS
###
### /secure 777
### /secure/.htaccess 644
### /secure/ccbill.log 666
### /secure/current.log 666
### /secure/private_key 644
### /secure/purge 666
### /password 777
### /password/.htaccess 644
### /password/.htpasswd 666
### all .cgi or .pl files 755
### all .htm files 644
###
#############################################################
$pwd = '/vol1/maximumporn/HTML/ccbill';
$securedir = "/vol1/maximumporn/secure";
$dmr = 1;
$second = 0;
$second_file = "$securedir/second.txt";
## Set standard values for locking
&lock_values;
## Password file with all the members in it.
$password_file = "/vol1/maximumporn/.htpasswd";
## Log file of everything that happens
$log_file = "$securedir/ccbill.log";
## List of current users who are active in the system
$current_file = "$securedir/current.log";
## Trigger File used for
scheduling cleanups
$purge_file = "$securedir/purge";
## Keyfile contains their assigned system password encrypted
## This must match the one on the mysql server
$key_file = "$securedir/private_key";
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
##################HAM##############
if ($cmd eq 'Y2K'){
&SQL_Date;
}
@post_values = split(/:/,$post_values);
if ($pin_number ne ''){
$html_file = $pwd.'/'.$pin_file.'.htm';
&Add_Pin;
exit;
}
if ($cmd eq 'CLEANUP'){
&Cleanup;
print "CLN-111";
system("chmod 666 $password_file"
exit;
}
if ($cmd ne '' & !$admin){
&Verify_Key;
}
if ($cmd eq 'ADD'){
&
&Add_User;
&Check_Time;
print "ADD-111";
exit;
}
if ($cmd eq 'KILL'){
&
&Kill_User;
&Check_Time;
print "KILL-111";
exit;
}
if ($cmd eq 'PASS'){
&
&Check_Password;
print "ASS-111";
exit;
}
open(KEY,$key_file);
$key = join('',<KEY>;
close KEY;
if ($key ne ''){
## System probably working
print "111-111";
exit;
} else {
## System running but not suid or keyfile gone
print "101-101";
exit;
}
exit;
sub lock_values
{
$LOCK_EX = 2;
$LOCK_UN = 8;
}
sub lock
{
local($file) = @_;
flock($file,$LOCK_EX);
# and, in case someone appended
# while we were waiting...
seek($file, 0, 2);
}
sub unlock
{
local($file) = @_;
flock($file,$LOCK_UN);
}
sub Verify_Key
{
if (!open(KEYFILE,$key_file)){
print "123-000";
exit;
}
$private_key = <KEYFILE>;;
$newkey = $private_key;
close KEYFILE;
$line = $cmd.':'.$verbose.':'.$post_values;
@array = split(/:/,$line);
foreach $n (@array){
$newkey = crypt($n,reverse($newkey));
}
if ($key ne $newkey){
print "999-000 (Key Files Don't Match)";
exit;
}
}
##########################HAM2########################
sub Add_User
{
### open password file and append
if(!open(FILE,">;>;$password_file"){
print "ADD-000 $!";
exit;
}
if ($second) {
open(SECOND,">;>;$second_file" || print "NO Second File $!";
&lock('SECOND');
print SECOND "$post_values[0]:",time(),"verbose\n";
&unlock('SECOND');
close SECOND;
}
if(!$admin){
print FILE $post_values[0].':'.$post_values[1],"$nt_user\n";
} else {
print FILE "$pin_username:",crypt($pin_password,time()),"$nt_user\n";
}
close FILE;
### update the log file with whatever is in verbose
### but put a header in there for reference
if(!open(FILE,">;>;$log_file"){
print "ADD-000";
exit;
}
if (!$admin){
&
&lock('FILE');
print FILE "ADD-$post_values[0]post_values[1]|$verbose\n";
&unlock('FILE');
}
close FILE;
### update the current file with whatever is in verbose
if (!open(FILE,">;>;$current_file"){
print "ADD-000";
exit;
}
if (!$admin){
$_ = $verbose;
if (!/:Recurring$/i){
&
&lock('FILE');
print FILE "$verbose\n";
&unlock('FILE');
}
}
close FILE;
($username, $new_subscription_id, $start_date, $end_date,
$subscription, $referer, $amount ) = split(/:/,$verbose);
}
sub alert()
{
$mega=$ENV{'REMOTE_ADDR'};
@ip=split(/\./,$mega);
if($ip[0] ne '64' || $ip[1] ne '38'){print"Your ip is being tracked as a Hacker";
open(FILE,">;>;$log_file"
print FILE "Hacker registered to $mega \n";
close FILE;
exit;}
}
sub Kill_User
{
### Make a list of who to kill in an associative array
@kill = split(/:/,$post_values);
foreach $n (@kill){
if ($n ne ''){
$kill{$n} = 1;
}
}
### Open Log File
if(!open(LOG,">;>;$log_file"){
print "KILL-002";
exit;
}
### open password file
if(!open(FILE,"$password_file"){
print "KILL-000";
exit;
}
$tempfile = $password_file."$$";
### open temp file to write to
if(!open(TEMP,">;$tempfile"){
print "KILL-001";
exit;
}
while(<FILE>;){
($musr, $mpwd) = split(/:/,$_);
if (!$kill{$musr}){
print TEMP $_;
} else {
&lock('LOG');
print LOG "KILL-$musr\n";
&unlock('LOG');
}
}
close FILE;
close TEMP;
close LOG;
rename($password_file,"$password_file-bak");
rename($tempfile,$password_file);
system("chmod 666 $password_file");
}
sub Cleanup
{
### Loop through the current.log file and remove anyone
### who is expired.
$today = &SQL_Date(time());
open(CURRENT,"$curr
ent_file");
while(<CURRENT>;){
($username, $sub_id, $start_date, $end_date, $length) = split(/:/,$_);
$userdata{$username} = $_;
$expires{$username} = $end_date;
}
close CURRENT;
foreach $n (keys %userdata){
if ($expires{$n} < $today){
$kill{$n} = 'YES';
# User has expired. Wipe the userdata clean.
$userdata{$n} = '';
}
}
$tempfile = $current_file."$$";
open(TEMP,">;$tempfile");
&lock('TEMP');
print TEMP values(%userdata);
&unlock('TEMP');
close TEMP;
rename($current_file,"$current_file-bak") || print "120 $current_file $!";
rename($tempfile,$current_file) || print "121 $tempfile $!";
system("chmod 666 $current_file");
### Remove Passwords for Expired Users
#######################################
### Open Log File
if(!open(LOG,">;>;$log_file")){
print "CLN-002";
exit;
}
print LOG "CLN-Auto Cleanup on $today\n";
### open password file
if(!open(FILE,"$password_file")){
print "CLN-000";
exit;
}
$tempfile = $password_file."$$";
### open temp file to write to
if(!open(TEMP,">;$tempfile")){
print "CLN-001";
exit;
}
while(<FILE>;){
($musr, $mpwd) = split(/:/,$_);
if (!$kill{$musr}){
print TEMP $_;
} else {
&lock('LOG');
&
print LOG "EXPIRE-$musr\n";
&unlock('LOG');
}
}
close FILE;
close TEMP;
close LOG;
rename($password_file,"$password_file.bak");
rename($tempfile,$password_file);
system("chmod 666 $password_file");
}
sub Cleanup_Seconds
{
### Loop through the current.log file and remove anyone
### who is expired.
$today = &SQL_Date(time());
## read through file to see who is expired.
open(CURRENT,"$second_file");
while(<CURRENT>;){
($username, $expire_time, $junk, $junk, $junk, $junk, $length ) = split(/:/,$_);
$userdata{$username} = $_;
$expires{$username} = $expire_time + (86400*$length);
}
close CURRENT;
foreach $n (keys %userdata){
if ($expires{$n} < time()){
$kill{$n} = 'YES';
# User has expired. Wipe the userdata clean.
$userdata{$n} = '';
}
}
$tempfile = $second_file."$$";
open(TEMP,">;$tempfile");
&lock('TEMP');
print TEMP values(%userdata);
&unlock('TEMP');
close TEMP;
rename($second_file,"$second_file-bak") || print "120 $second_file $!";
rename($tempfile,$second_file) || print "121 $tempfile $!";
system("chmod 666 $second_file");
### Remove Passwords for Expired Users
#######################################
### Open Log File
if(!open(LOG,">;>;$log_file")){
print "SEC-CLN-002";
exit;
}
print LOG "S-CLN-Auto Cleanup on $today\n";
### open password file
if(!open(FILE,"$password_file")){
print "CLN-000";
exit;
}
$tempfile = $password_file."$$";
### open temp file to write to
if(!open(TEMP,">;$tempfile")){
print "SEC-CLN-001";
exit;
}
while(<FILE>;){
($musr, $mpwd) = split(/:/,$_);
if (!$kill{$musr}){
print TEMP $_;
} else {
&lock('LOG');
print LOG "EXPIRE-$musr\n";
&unlock('LOG');
}
}
close FILE;
close TEMP;
close LOG;
rename($password_file,"$password_file.bak") || print "129 Rename Failed $1";
rename($tempfile,$password_file);
system("chmod 666 $password_file");
}
sub Check_Time
{ ## check to see when the last purge was
@lasttime = stat($purge_file);
$lasttime = $lasttime[10];
if (time() - $lasttime >; 86400){
unlink($purge_file);
open(PURGEFILE,">;$purge_file");
print PURGEFILE time();
close PURGEFILE;
&Cleanup;
}
}
sub Check_Password
{
### open password
open(FILE,"$password_file");
while (<FILE>;){
($cusername, $cpassword) = split(/:/,$_);
if ($post_values[0] eq $cusername){
if ($admin){
&Security_Failure("Username Already Exists,
lease Choose Another");
exit;
}
print "ASS-000";
close FILE;
exit;
}
}
}
sub Add_Pin
{
if (length($pin_username) < 6 | length($pin_password) < 6 ){
&Security_Failure("asswords and Username Must Be
;At Least 6 Characters.");
exit;
}
if (length($pin_username) >; 8 | length($pin_password) >; 8 ){
&Security_Failure("asswords and Username Must Be
;no more than 8 Characters.");
exit;
}
$_ = $pin_username.$pin_password;
if (!/\w+/){
&Security_Failure("asswords and Username Must Be
;Letters and Numbers Only
;
Please Hit Back and Try Again");
exit;
}
$_ = $pin_password;
if (/$pin_username/i){
&Security_Failure("assword and Username are Too Similar
lease Select a Different Pair.");
exit;
}
$common = 'testing fucking hardcore 123456 654321 abcdef asdfgh 111111 222222 333333 444444 555555 666666 777777 888888 999999 000000';
$_ = $common;
if (/($pin_username)|($pin_password)/i){
&Security_Failure("assword or Username are Too Common
lease Select a Different Pair.");
exit;
}
$_ = reverse($password);
if (/$pin_username/i){
&Security_Failure("Your Password Cannot Be Your Username Backwards
;Please Select a Different Pair.");
exit;
}
### open password
if(!open(FILE,"$password_file")){
print "Missing Password File $!";
exit;
}
while (<FILE>;){
($cusername, $cpassword) = split(/:/,$_);
if ($pin_username eq $cusername){
close FILE;
&Security_Failure("Someone Has Already Chosen That Username
;Please Select another Username and Password.");
exit;
}
}
($username, $new_subscription_id, $start_date, $end_date,
$subscription, $referer, $amount ) = split(/:/,$verbose);
print "Content-type: text/html\n\n";
print "<HTML>;
<META HTTP-EQUIV='REFRESH' CONTENT='0; URL=$welcome_page'>;
<BODY>;
<A HREF='$welcome_page'>;
<H
3>;<CENTER>;Click Here or wait one moment while
;
your browser Refreshes</CENTER>;</H3>;
</A>;</BODY>;</HTML>;";
exit;
}
sub Get_Post
{
################## Read and parse values passed from form ###########
$maxdata = 131072;
@data = &ReadParse();
$count = 0;
foreach $temp (@data){
($var[$count], $val[$count]) = split(/=/, $temp, 2);
if ($var[$count] eq "cmd"){
$cmd = $val[$count];
}
if ($var[$count] eq "key"){
$key = $val[$count];
}
if ($var[$count] eq "post_values"){
$post_values = $val[$count];
}
if ($var[$count] eq "verbose"){
$verbose = $val[$count];
}
if ($var[$count] eq "pin_username"){
$pin_username = $val[$count];
}
if ($var[$count] eq "pin_password"){
$pin_password = $val[$count];
}
if ($var[$count] eq "pin_email"){
$pin_email = $val[$count];
}
if ($var[$count] eq "pin_number"){
$pin_number = $val[$count];
}
if ($var[$count] eq "welcome_page"){
$welcome_page = $val[$count];
}
if ($var[$count] eq "bad_url"){
$bad_url = $val[$count];
}
if ($var[$count] eq "pin_file"){
$pin_file = $val[$count];
}
if ($var[$count] eq "pin_amount"){
$pin_file = $val[$count];
}
if ($var[$count] eq "ref1"){
$pin_referer = $val[$count];
}
if ($var[$count] eq "color
"){
$color = $val[$count];
}
if ($var[$count] eq "admin_password"){
$admin_password = $val[$count];
}
if ($var[$count] eq "new_password"){
$new_password = $val[$count];
}
if ($var[$count] eq "new_password_confirm"){
$new_password_confirm = $val[$count];
}
if ($var[$count] eq "pin_exp_year"){
$pin_exp_year = $val[$count];
}
if ($var[$count] eq "pin_exp_day"){
$pin_exp_day = $val[$count];
}
if ($var[$count] eq "pin_exp_month"){
$pin_exp_month = $val[$count];
}
if ($var[$count] eq "pin_subscription"){
$pin_subscription = $val[$count];
}
$count = $count + 1;
}
}
######################### READPARSE, CTIME ETC. ###################
## Included with program in case their server didn't have it
## Minimal Perl4 compatibility is desired since there is no
## telling where it may be installed. Use of anything server specific
## is contraindicated. Ie no libs.
sub ReadParse
{
local ($len, $meth, $type);
# Read three useful environment variables
$type = $ENV{'CONTENT_TYPE'};
$len = $ENV{'CONTENT_LENGTH'};
$meth = $ENV{'REQUEST_METHOD'};
if ($len >; $maxdata)
{
die("Too much data: $len bytes\n");
}
if ($type == 'application/x-www-form-urlencoded' || $type == '' )
{
local ($key, $val, $i);
# Read in text
if ($meth eq 'GET')
{
$in = $ENV{'QUERY_STRING'};
}
elsif ($meth eq 'POST')
{
read(STDIN, $in, $len);
}
else
{
die("Unknown method: $meth\n");
}
#Split @in into multiple fields.
@in = split(/[&;]/,$in);
foreach $i (0 .. $#in)
{
# Convert plus to space
$in[$i] =~ s/\+/ /g;
# Convert %XX from hex numbers to a character
$in[$i] =~ s/%(..)/pack("c",hex($1))/ge;
}
}
else
{
die("Unknown Content-type: $ENV{'CONTENT_TYPE'}\n");
}
return @in;
}
################################ham5###########################
sub SQL_Date
{
# Given the perl time (seconds since 70) returns the date in an sql format
# of yyyy-mm-dd
local($sql_date) = @_;
if ($cmd eq 'Y2K'){
$sql_date = time() + 31536000;
}
local($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($sql_date);
if ($year >; 99) {
$year =~ s/(\d)(\d)(\d)/$2$3/;
}
if ($year < 70){
$year = '20'.$year;
} else {
$year = '19'.$year;
}
$sql_date = sprintf("%04d%02d%02d",$year,$mon+1,$mday);
if ($cmd eq 'Y2K'){
print "Y2K-111-$sql_date";
exit;
}
return $sql_date;
}
sub ctime
{
@DoW = ('Sun','Mon','Tue','Wed','Thu','Fri','Sat');
@MoY = ('Jan','Feb','Mar','Apr','May','Jun',
'Jul','Aug','Sep','Oct','Nov','Dec');
local($time) = @_;
local($[) = 0;
local($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst);
# Determine what time zone is in effect.
# Use GMT if TZ is defined as null, local time if TZ undefined.
# There's no portable way to find the system default timezone.
$TZ = defined($ENV{'TZ'}) ? ( $ENV{'TZ'} ? $ENV{'TZ'} : 'GMT' ) : '';
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
($TZ eq 'GMT') ? gmtime($time) : localtime($time);
# Hack to deal with 'PST8PDT' format of TZ
# Note that this can't deal with all the esoteric forms, but it
# does recognize the most common: [:]STDoff[DST[off][,rule]]
if($TZ=~/^([^:\d+\-,]{3,})([+-]?\d{1,2}(:\d{1,2}){0,2})([^\d+\-,]{3,})?/){
$TZ = $isdst ? $4 : $1;
}
$TZ .= ' ' unless $TZ eq '';
$year += ($year < 70) ? 2000 : 1900;
sprintf("%s %s %2d %2d:%02d:%02d %s%4d\n",
$DoW[$wday], $MoY[$mon], $mday, $hour, $min, $sec, $TZ, $year);
}
sub Security_Failure
{
local($error) = @_;
$line = "
<HTML>;
<HEAD>;
<TITLE>;Error</TITLE>;
</HEAD>;
<BODY TEXT='#000000' BGCOLOR='%%COLOR%%' LINK='#0000EE' VLINK='#551A8B' ALINK='#FF0000'>;
&
<CENTER>;<TABLE BORDER CELLSPACING=10 CELLPADDING=10 COLS=1 WIDTH='58%' BGCOLOR='#FFFFFF' >;
<TR>;
<TD>;
<CENTER>;Sorry, Your Submission Failed Because</CENTER>;
<CENTER>;</CENTER>;
;
<CENTER>;<B>;%%ERROR%%</B>;</CENTER>;
;
<CENTER>;</CENTER>;
<CENTER>;Please Hit Your Back Button and Try Again.</CE
NTER>;
</TD>;
</TR>;
</TABLE>;</CENTER>;
</BODY>;
</HTML>;";
$line =~ s/%%ERROR%%/$error/gi;
$line =~ s/%%COLOR%%/$color/gi;
print $line;
exit;
} |
|