论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2003-08-12 07:41 |只看该作者 |倒序浏览

程序比较大，发在最后，这里面怎么我怎么找不到给 $admin 负值的语句呀？？
大家看看是怎么绘事，谢谢

#!/usr/bin/perl

chop($date = &ctime(time));

if ($ARGV[0] eq ''){
&Get_Post;
print "Content-type: text/html\n\n";
}

##############################[ CGI ]########################
###
### Generated By: CCBILL Installer v5.06
### On: Wednesday, January 31, 2001 - 03:14 PM
### Installer ID: a151
###
### Updated with IP check (alert)
#############################################################
### FILE PERMISSIONS
###
### /secure 777
### /secure/.htaccess 644
### /secure/ccbill.log 666
### /secure/current.log 666
### /secure/private_key 644
### /secure/purge 666
### /password 777
### /password/.htaccess 644
### /password/.htpasswd 666
### all .cgi or .pl files 755
### all .htm files 644
###
#############################################################

$pwd = '/vol1/maximumporn/HTML/ccbill';
$securedir = "/vol1/maximumporn/secure";

$dmr = 1;
$second = 0;

$second_file = "$securedir/second.txt";

## Set standard values for locking
&lock_values;

## Password file with all the members in it.
$password_file = "/vol1/maximumporn/.htpasswd";

## Log file of everything that happens
$log_file = "$securedir/ccbill.log";

## List of current users who are active in the system
$current_file = "$securedir/current.log";

## Trigger File used for
scheduling cleanups
$purge_file = "$securedir/purge";

## Keyfile contains their assigned system password encrypted
## This must match the one on the mysql server
$key_file = "$securedir/private_key";

$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';

##################HAM##############

if ($cmd eq 'Y2K'){
&SQL_Date;
}

@post_values = split(/:/,$post_values);

if ($pin_number ne ''){
$html_file = $pwd.'/'.$pin_file.'.htm';
&Add_Pin;
exit;
}

if ($cmd eq 'CLEANUP'){
&Cleanup;
print "CLN-111";
system("chmod 666 $password_file";
exit;
}

if ($cmd ne '' & !$admin){
&Verify_Key;
}

if ($cmd eq 'ADD'){
&
&Add_User;
&Check_Time;
print "ADD-111";
exit;
}

if ($cmd eq 'KILL'){
&
&Kill_User;
&Check_Time;
print "KILL-111";
exit;
}
if ($cmd eq 'PASS'){
&
&Check_Password;
print "ASS-111";
exit;
}

open(KEY,$key_file);
$key = join('',<KEY>;
close KEY;

if ($key ne ''){
## System probably working
print "111-111";
exit;
} else {
## System running but not suid or keyfile gone
print "101-101";
exit;
}

exit;

sub lock_values
{
$LOCK_EX = 2;
$LOCK_UN = 8;
}

sub lock
{
local($file) = @_;
flock($file,$LOCK_EX);
# and, in case someone appended
# while we were waiting...
seek($file, 0, 2);
}

sub unlock
{
local($file) = @_;
flock($file,$LOCK_UN);
}

sub Verify_Key
{

if (!open(KEYFILE,$key_file)){
print "123-000";
exit;
}

$private_key = <KEYFILE>;;
$newkey = $private_key;
close KEYFILE;

$line = $cmd.':'.$verbose.':'.$post_values;
@array = split(/:/,$line);

foreach $n (@array){
$newkey = crypt($n,reverse($newkey));
}

if ($key ne $newkey){
print "999-000 (Key Files Don't Match)";
exit;
}
}

##########################HAM2########################

sub Add_User
{

### open password file and append
if(!open(FILE,">;>;$password_file"){
print "ADD-000 $!";
exit;
}

if ($second) {
open(SECOND,">;>;$second_file" || print "NO Second File $!";
&lock('SECOND');
print SECOND "$post_values[0]:",time(),"verbose\n";
&unlock('SECOND');
close SECOND;
}

if(!$admin){
print FILE $post_values[0].':'.$post_values[1],"$nt_user\n";
} else {
print FILE "$pin_username:",crypt($pin_password,time()),"$nt_user\n";
}
close FILE;

### update the log file with whatever is in verbose
### but put a header in there for reference

if(!open(FILE,">;>;$log_file"){
print "ADD-000";
exit;
}

if (!$admin){
&
&lock('FILE');
print FILE "ADD-$post_values[0]post_values[1]|$verbose\n";
&unlock('FILE');
}

close FILE;

### update the current file with whatever is in verbose

if (!open(FILE,">;>;$current_file"){
print "ADD-000";
exit;
}

if (!$admin){
$_ = $verbose;
if (!/:Recurring$/i){
&
&lock('FILE');
print FILE "$verbose\n";
&unlock('FILE');
}
}

close FILE;

($username, $new_subscription_id, $start_date, $end_date,
$subscription, $referer, $amount ) = split(/:/,$verbose);

}
sub alert()
{
$mega=$ENV{'REMOTE_ADDR'};
@ip=split(/\./,$mega);

if($ip[0] ne '64' || $ip[1] ne '38'){print"Your ip is being tracked as a Hacker";
open(FILE,">;>;$log_file";
print FILE "Hacker registered to $mega \n";
close FILE;
exit;}

}
sub Kill_User
{

### Make a list of who to kill in an associative array
@kill = split(/:/,$post_values);
foreach $n (@kill){
if ($n ne ''){
$kill{$n} = 1;
}
}

### Open Log File
if(!open(LOG,">;>;$log_file"){
print "KILL-002";
exit;
}

### open password file
if(!open(FILE,"$password_file"){
print "KILL-000";
exit;
}

$tempfile = $password_file."$$";
### open temp file to write to
if(!open(TEMP,">;$tempfile"){
print "KILL-001";
exit;
}

while(<FILE>;){
($musr, $mpwd) = split(/:/,$_);
if (!$kill{$musr}){
print TEMP $_;
} else {
&lock('LOG');
print LOG "KILL-$musr\n";
&unlock('LOG');
}
}

close FILE;
close TEMP;
close LOG;

rename($password_file,"$password_file-bak");
rename($tempfile,$password_file);
system("chmod 666 $password_file");

}

sub Cleanup
{
### Loop through the current.log file and remove anyone
### who is expired.

$today = &SQL_Date(time());

open(CURRENT,"$curr
ent_file");
while(<CURRENT>;){
($username, $sub_id, $start_date, $end_date, $length) = split(/:/,$_);
$userdata{$username} = $_;
$expires{$username} = $end_date;
}
close CURRENT;

foreach $n (keys %userdata){

if ($expires{$n} < $today){
$kill{$n} = 'YES';
# User has expired. Wipe the userdata clean.
$userdata{$n} = '';
}
}

$tempfile = $current_file."$$";
open(TEMP,">;$tempfile");
&lock('TEMP');
print TEMP values(%userdata);
&unlock('TEMP');
close TEMP;

rename($current_file,"$current_file-bak") || print "120 $current_file $!";
rename($tempfile,$current_file) || print "121 $tempfile $!";
system("chmod 666 $current_file");

### Remove Passwords for Expired Users
#######################################

### Open Log File
if(!open(LOG,">;>;$log_file")){
print "CLN-002";
exit;
}

print LOG "CLN-Auto Cleanup on $today\n";

### open password file
if(!open(FILE,"$password_file")){
print "CLN-000";
exit;
}

$tempfile = $password_file."$$";
### open temp file to write to
if(!open(TEMP,">;$tempfile")){
print "CLN-001";
exit;
}

while(<FILE>;){
($musr, $mpwd) = split(/:/,$_);
if (!$kill{$musr}){
print TEMP $_;
} else {
&lock('LOG');
&
print LOG "EXPIRE-$musr\n";
&unlock('LOG');
}
}

close FILE;
close TEMP;
close LOG;

rename($password_file,"$password_file.bak");
rename($tempfile,$password_file);
system("chmod 666 $password_file");
}

sub Cleanup_Seconds
{
### Loop through the current.log file and remove anyone
### who is expired.

$today = &SQL_Date(time());

## read through file to see who is expired.
open(CURRENT,"$second_file");
while(<CURRENT>;){
($username, $expire_time, $junk, $junk, $junk, $junk, $length ) = split(/:/,$_);
$userdata{$username} = $_;
$expires{$username} = $expire_time + (86400*$length);
}
close CURRENT;

foreach $n (keys %userdata){

if ($expires{$n} < time()){
$kill{$n} = 'YES';
# User has expired. Wipe the userdata clean.
$userdata{$n} = '';
}
}

$tempfile = $second_file."$$";
open(TEMP,">;$tempfile");
&lock('TEMP');
print TEMP values(%userdata);
&unlock('TEMP');
close TEMP;

rename($second_file,"$second_file-bak") || print "120 $second_file $!";
rename($tempfile,$second_file) || print "121 $tempfile $!";
system("chmod 666 $second_file");

### Remove Passwords for Expired Users
#######################################

### Open Log File
if(!open(LOG,">;>;$log_file")){
print "SEC-CLN-002";
exit;
}

print LOG "S-CLN-Auto Cleanup on $today\n";

### open password file
if(!open(FILE,"$password_file")){
print "CLN-000";
exit;
}

$tempfile = $password_file."$$";
### open temp file to write to
if(!open(TEMP,">;$tempfile")){
print "SEC-CLN-001";
exit;
}

while(<FILE>;){
($musr, $mpwd) = split(/:/,$_);
if (!$kill{$musr}){
print TEMP $_;
} else {
&lock('LOG');
print LOG "EXPIRE-$musr\n";
&unlock('LOG');
}
}

close FILE;
close TEMP;
close LOG;

rename($password_file,"$password_file.bak") || print "129 Rename Failed $1";
rename($tempfile,$password_file);
system("chmod 666 $password_file");
}

sub Check_Time
{ ## check to see when the last purge was

@lasttime = stat($purge_file);
$lasttime = $lasttime[10];

if (time() - $lasttime >; 86400){

unlink($purge_file);
open(PURGEFILE,">;$purge_file");

print PURGEFILE time();
close PURGEFILE;

&Cleanup;
}
}

sub Check_Password
{

### open password
open(FILE,"$password_file");

while (<FILE>;){
($cusername, $cpassword) = split(/:/,$_);
if ($post_values[0] eq $cusername){
if ($admin){
&Security_Failure("Username Already Exists,
lease Choose Another");
exit;
}
print "ASS-000";
close FILE;
exit;
}
}

}

sub Add_Pin
{

if (length($pin_username) < 6 | length($pin_password) < 6 ){
&Security_Failure("asswords and Username Must Be
;At Least 6 Characters.");
exit;
}

if (length($pin_username) >; 8 | length($pin_password) >; 8 ){
&Security_Failure("asswords and Username Must Be
;no more than 8 Characters.");
exit;
}

$_ = $pin_username.$pin_password;
if (!/\w+/){

&Security_Failure("asswords and Username Must Be
;Letters and Numbers Only
;
Please Hit Back and Try Again");
exit;
}

$_ = $pin_password;
if (/$pin_username/i){
&Security_Failure("assword and Username are Too Similar
lease Select a Different Pair.");
exit;
}

$common = 'testing fucking hardcore 123456 654321 abcdef asdfgh 111111 222222 333333 444444 555555 666666 777777 888888 999999 000000';

$_ = $common;
if (/($pin_username)|($pin_password)/i){
&Security_Failure("assword or Username are Too Common
lease Select a Different Pair.");
exit;
}

$_ = reverse($password);
if (/$pin_username/i){
&Security_Failure("Your Password Cannot Be Your Username Backwards
;Please Select a Different Pair.");
exit;
}

### open password
if(!open(FILE,"$password_file")){
print "Missing Password File $!";
exit;
}

while (<FILE>;){
($cusername, $cpassword) = split(/:/,$_);
if ($pin_username eq $cusername){
close FILE;
&Security_Failure("Someone Has Already Chosen That Username
;Please Select another Username and Password.");
exit;
}
}

($username, $new_subscription_id, $start_date, $end_date,
$subscription, $referer, $amount ) = split(/:/,$verbose);

print "Content-type: text/html\n\n";

print "<HTML>;
<META HTTP-EQUIV='REFRESH' CONTENT='0; URL=$welcome_page'>;
<BODY>;
<A HREF='$welcome_page'>;
<H
3>;<CENTER>;Click Here or wait one moment while
;
your browser Refreshes</CENTER>;</H3>;
</A>;</BODY>;</HTML>;";
exit;

}

sub Get_Post
{

################## Read and parse values passed from form ###########
$maxdata = 131072;
@data = &ReadParse();

$count = 0;
foreach $temp (@data){
($var[$count], $val[$count]) = split(/=/, $temp, 2);

if ($var[$count] eq "cmd"){
$cmd = $val[$count];
}

if ($var[$count] eq "key"){
$key = $val[$count];
}

if ($var[$count] eq "post_values"){
$post_values = $val[$count];
}

if ($var[$count] eq "verbose"){
$verbose = $val[$count];
}

if ($var[$count] eq "pin_username"){
$pin_username = $val[$count];
}

if ($var[$count] eq "pin_password"){
$pin_password = $val[$count];
}

if ($var[$count] eq "pin_email"){
$pin_email = $val[$count];
}

if ($var[$count] eq "pin_number"){
$pin_number = $val[$count];
}

if ($var[$count] eq "welcome_page"){
$welcome_page = $val[$count];
}

if ($var[$count] eq "bad_url"){
$bad_url = $val[$count];
}

if ($var[$count] eq "pin_file"){
$pin_file = $val[$count];
}

if ($var[$count] eq "pin_amount"){
$pin_file = $val[$count];
}

if ($var[$count] eq "ref1"){
$pin_referer = $val[$count];
}

if ($var[$count] eq "color
"){
$color = $val[$count];
}

if ($var[$count] eq "admin_password"){
$admin_password = $val[$count];
}

if ($var[$count] eq "new_password"){
$new_password = $val[$count];
}

if ($var[$count] eq "new_password_confirm"){
$new_password_confirm = $val[$count];
}

if ($var[$count] eq "pin_exp_year"){
$pin_exp_year = $val[$count];
}

if ($var[$count] eq "pin_exp_day"){
$pin_exp_day = $val[$count];
}

if ($var[$count] eq "pin_exp_month"){
$pin_exp_month = $val[$count];
}

if ($var[$count] eq "pin_subscription"){
$pin_subscription = $val[$count];
}

$count = $count + 1;
}

}

######################### READPARSE, CTIME ETC. ###################
## Included with program in case their server didn't have it
## Minimal Perl4 compatibility is desired since there is no
## telling where it may be installed. Use of anything server specific
## is contraindicated. Ie no libs.

sub ReadParse
{
local ($len, $meth, $type);

# Read three useful environment variables
$type = $ENV{'CONTENT_TYPE'};
$len = $ENV{'CONTENT_LENGTH'};
$meth = $ENV{'REQUEST_METHOD'};

if ($len >; $maxdata)
{
die("Too much data: $len bytes\n");
}

if ($type == 'application/x-www-form-urlencoded' || $type == '' )
{
local ($key, $val, $i);

# Read in text
if ($meth eq 'GET')
{
$in = $ENV{'QUERY_STRING'};
}
elsif ($meth eq 'POST')
{
read(STDIN, $in, $len);
}
else
{
die("Unknown method: $meth\n");
}

#Split @in into multiple fields.
@in = split(/[&;]/,$in);

foreach $i (0 .. $#in)
{
# Convert plus to space
$in[$i] =~ s/\+/ /g;

# Convert %XX from hex numbers to a character
$in[$i] =~ s/%(..)/pack("c",hex($1))/ge;
}
}
else
{
die("Unknown Content-type: $ENV{'CONTENT_TYPE'}\n");
}

return @in;
}
################################ham5###########################
sub SQL_Date
{
# Given the perl time (seconds since 70) returns the date in an sql format
# of yyyy-mm-dd

local($sql_date) = @_;

if ($cmd eq 'Y2K'){
$sql_date = time() + 31536000;
}

local($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($sql_date);

if ($year >; 99) {
$year =~ s/(\d)(\d)(\d)/$2$3/;
}

if ($year < 70){
$year = '20'.$year;
} else {
$year = '19'.$year;
}

$sql_date = sprintf("%04d%02d%02d",$year,$mon+1,$mday);

if ($cmd eq 'Y2K'){
print "Y2K-111-$sql_date";
exit;
}

return $sql_date;
}

sub ctime
{

@DoW = ('Sun','Mon','Tue','Wed','Thu','Fri','Sat');
@MoY = ('Jan','Feb','Mar','Apr','May','Jun',
'Jul','Aug','Sep','Oct','Nov','Dec');

local($time) = @_;
local($[) = 0;
local($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst);

# Determine what time zone is in effect.
# Use GMT if TZ is defined as null, local time if TZ undefined.
# There's no portable way to find the system default timezone.

$TZ = defined($ENV{'TZ'}) ? ( $ENV{'TZ'} ? $ENV{'TZ'} : 'GMT' ) : '';
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
($TZ eq 'GMT') ? gmtime($time) : localtime($time);

# Hack to deal with 'PST8PDT' format of TZ
# Note that this can't deal with all the esoteric forms, but it
# does recognize the most common: [:]STDoff[DST[off][,rule]]

if($TZ=~/^([^:\d+\-,]{3,})([+-]?\d{1,2}(:\d{1,2}){0,2})([^\d+\-,]{3,})?/){
$TZ = $isdst ? $4 : $1;
}
$TZ .= ' ' unless $TZ eq '';

$year += ($year < 70) ? 2000 : 1900;
sprintf("%s %s %2d %2d:%02d:%02d %s%4d\n",
$DoW[$wday], $MoY[$mon], $mday, $hour, $min, $sec, $TZ, $year);
}

sub Security_Failure
{

local($error) = @_;

$line = "
<HTML>;
<HEAD>;
<TITLE>;Error</TITLE>;
</HEAD>;
<BODY TEXT='#000000' BGCOLOR='%%COLOR%%' LINK='#0000EE' VLINK='#551A8B' ALINK='#FF0000'>;
&
<CENTER>;<TABLE BORDER CELLSPACING=10 CELLPADDING=10 COLS=1 WIDTH='58%' BGCOLOR='#FFFFFF' >;
<TR>;
<TD>;
<CENTER>;Sorry, Your Submission Failed Because</CENTER>;
<CENTER>;</CENTER>;

;
<CENTER>;<B>;%%ERROR%%</B>;</CENTER>;

;
<CENTER>;</CENTER>;
<CENTER>;Please Hit Your Back Button and Try Again.</CE
NTER>;
</TD>;
</TR>;
</TABLE>;</CENTER>;
</BODY>;
</HTML>;";

$line =~ s/%%ERROR%%/$error/gi;
$line =~ s/%%COLOR%%/$color/gi;
print $line;
exit;
}