Version 2.2

增加登录界面与登录校验
2015-10-29 00:57:57 +08:00
parent d811fbbe67
commit 795980ca02
15 changed files with 2728 additions and 841 deletions
--- a/README.md
+++ b/README.md
@@ -1,27 +1,30 @@
 # XSS数据接收平台（无SQL版）
 ## 使用说明
-无需数据库，无需其他组件支持，可直接在php虚拟空间使用，使用步骤：
+本平台设计理念，基本无需配置即可使用，故设计为无需数据库，无需其他组件支持，可直接在php虚拟空间使用，使用步骤：

 * 上传所有文件至空间根目录
 * 修改config.php，指定数据存放目录，数据是否启用AES加密及加密密码
 ```php
+define('PASS', '2a05218c7aa0a6dbd370985d984627b8');
 define('DATA_PATH', 'data');
 define('ENABLE_ENCRYPT', true);
 define('ENCRYPT_PASS', "bluelotus");
 ```
+可用php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='你的密码';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;"生成密码hash
 * 赋予`DATA_PATH`目录写权限
 * 当有请求访问/index.php?a=xxx&b=xxxx，所有携带数据包括get，post，cookie，httpheaders，客户端信息都会记录
-* 可访问admin.php查看记录的数据
+* 可访问login.php登录查看记录的数据

 ## 目前支持功能
 * 自动判断携带数据是否base64编码，可自动解码
 * 记录所有可记录的数据，并可根据ip判断位置，根据useragent判断操作系统与浏览器
 * 新消息提醒，仿QQ邮箱新消息提醒框，可实时获得数据
 * 支持简单的查找功能
+* 除了style允许unsafe-inline外启用CSP
+* 挑战应答式的登录校验，session绑定ip与useragent

 ## TODO
 * keepsession
-* 认证
 * 完全启用CSP
 * 我的js
 * js模板
--- a/admin.php
+++ b/admin.php
@@ -8,6 +8,7 @@ require("auth.php");
 <head>
 <meta charset="utf-8" />
    
+	<title>控制面板</title>
 	<link rel="stylesheet" href="static/css/bootstrap.min.css" type="text/css" />
    <link rel="stylesheet" href="static/css/Site.css" type="text/css" />
 	<link rel="stylesheet" href="static/css/notification.css" type="text/css" />
--- a/auth.php
+++ b/auth.php
@@ -2,9 +2,23 @@
 if(!defined('IN_XSS_PLATFORM')) {
 	exit('Access Denied');
 }
-header("Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none' ");
-header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none' ");
-header("X-WebKit-CSP: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none' ");
+ini_set("session.cookie_httponly", 1); 
+session_start();
+
+if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSION['user_IP']) &&$_SESSION['user_IP']!="" &&$_SESSION['user_IP']=== $_SERVER['REMOTE_ADDR'] &&isset($_SESSION['user_agent']) &&$_SESSION['user_agent']!="" &&$_SESSION['user_agent']=== $_SERVER['HTTP_USER_AGENT'] ))
+{
+	$_SESSION['isLogin']=false;
+	$_SESSION['user_IP']="";
+	$_SESSION['user_agent']="";
+	session_unset();
+	session_destroy();
+	header("Location: login.php");
+	exit();
+}
+
+header("Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
+header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
+header("X-WebKit-CSP: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");


 ?>
--- a/config.php
+++ b/config.php
@@ -3,7 +3,7 @@ if(!defined('IN_XSS_PLATFORM')) {
 	exit('Access Denied');
 }

-define('PASS', 'bluelotus');
+define('PASS', '2a05218c7aa0a6dbd370985d984627b8');//bluelotus
 define('DATA_PATH', 'data');
 define('ENABLE_ENCRYPT', true);
 define('ENCRYPT_PASS', "bluelotus");
--- a/data/forbiddenIPList.dat
+++ b/data/forbiddenIPList.dat
--- a/keepsession.php
+++ b/keepsession.php
@@ -1,9 +1,6 @@
 <?php
 define("IN_XSS_PLATFORM",true);

-if(!defined('IN_XSS_PLATFORM')) {
-	exit('Access Denied');
-}
 require_once("config.php");
 require_once("functions.php");
 require_once("dio.php");
--- a/login.php
+++ b/login.php
@@ -0,0 +1,141 @@
+<?php
+define("IN_XSS_PLATFORM",true);
+//CSP开启
+header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
+header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
+header("X-WebKit-CSP: default-src 'self'; object-src 'none'; frame-src 'none'");
+
+ini_set("session.cookie_httponly", 1); 
+session_start();
+require_once("config.php");
+require_once("functions.php");
+
+
+if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true)
+{
+	header("Location: admin.php");
+	exit();
+}
+
+$forbiddenIPList=loadForbiddenIPList();
+$ip=$_SERVER['REMOTE_ADDR'];
+if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<3)
+{
+	if(isset($_POST['password']) && $_POST['password']!='' )
+	{
+		if(checkPassword($_POST['password']))
+		{
+			$_SESSION['isLogin']=true;
+			$_SESSION['user_IP']=$ip;
+			$_SESSION['user_agent']=$_SERVER['HTTP_USER_AGENT'];
+			if(isset($forbiddenIPList[$ip]))
+			{
+				unset($forbiddenIPList[$ip]);
+				saveForbiddenIPList($forbiddenIPList);
+			}
+			header("Location: admin.php");
+			exit();
+		}
+		else
+		{
+			if(isset($forbiddenIPList[$ip]))
+				$forbiddenIPList[$ip]++;
+			else
+				$forbiddenIPList[$ip]=1;
+			saveForbiddenIPList($forbiddenIPList);
+		}
+	}
+	
+}
+
+function loadForbiddenIPList()
+{
+	$logfile = DATA_PATH . '/forbiddenIPList.dat';
+	!file_exists( $logfile ) && @touch( $logfile );
+	$str = file_get_contents( $logfile );
+	$str =decrypt($str,ENCRYPT_PASS);
+	if($str!='')
+	{
+		$result=json_decode($str,true);
+		if($result!=null)
+			return $result;
+		else
+			return array();
+	}
+	else
+		return array();
+}
+
+function saveForbiddenIPList($forbiddenIPList)
+{
+	$logfile = DATA_PATH . '/forbiddenIPList.dat';
+	!file_exists( $logfile ) && @touch( $logfile );
+	@file_put_contents($logfile, encrypt(json_encode($forbiddenIPList),ENCRYPT_PASS));
+}
+
+/*
+生成密码
+php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;"
+*/
+function checkPassword($p)
+{
+	if(isset($_SESSION['firesunCheck'])&&isset($_POST['firesunCheck'])&&$_SESSION['firesunCheck']!=""&&$_POST['firesunCheck']===$_SESSION['firesunCheck'])
+	{
+		$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
+		$key=PASS;
+		$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
+		$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
+		$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
+		return $key===$p;
+		
+	}	
+	return false;
+}
+
+function generate_password( $length = 32 ) {
+	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";  
+	$password = "";  
+	for ( $i = 0; $i < $length; $i++ )
+		$password .= $chars[ mt_rand(0, strlen($chars) - 1) ];
+	return $password;  
+} 
+
+
+?>
+
+<html>
+    <head>
+        <meta charset="utf-8" />
+		<title>登录</title>
+		<link rel="stylesheet" href='static/css/font-awesome.css' type="text/css" >
+		<link rel="stylesheet" href="static/css/login.css" type="text/css" />
+		
+        <script type="text/javascript" src="static/js/jquery.min.js" ></script>
+        <script type="text/javascript" src="static/js/login.js" ></script>
+    </head>
+    
+    <body>
+        <div id="loginform">
+			<div id="logo"></div>
+            <div id="mainlogin">
+                <h1>
+                    登录控制面板
+                </h1>
+                <form action="" method="post">
+                    <input type="password" placeholder="password" id="password" name="password" required="required">
+					<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php $firesunCheck=generate_password(32); $_SESSION['firesunCheck']=$firesunCheck;echo json_encode($_SESSION['firesunCheck']);?> />
+                    <button type="submit" id="submit">
+                        <i class="fa fa-arrow-right">
+                        </i>
+                    </button>
+                </form>
+                <div id="note">
+                    <a href="#">
+                        忘记密码?
+                    </a>
+                </div>
+            </div>
+        </div>
+    </body>
+
+</html>
--- a/static/css/font-awesome.css
+++ b/static/css/font-awesome.css
--- a/static/css/login.css
+++ b/static/css/login.css
@@ -0,0 +1,174 @@
+* {
+	margin: 0px;
+	padding: 0px;
+}
+
+body {
+	background: #222526;
+	position: relative;
+	font-family: 'Microsoft YaHei',verdana;
+}
+
+#loginform {
+	position: relative;
+	width: 300px;
+	left: 50%;
+	margin-left: -150px;
+	top: 45%;
+	height: 190px;
+	margin-top: -190px;
+}
+
+input {
+	display: block;
+	margin: 21px auto 15px;
+	border-radius: 5px;
+	background: #333333;
+	width: 85%;
+	padding: 12px 20px 12px 10px;
+	border: none;
+	color: #929999;
+	box-shadow: inset 0px 1px 5px #272727;
+	font-size: 0.8em;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+input:focus {
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+	box-shadow: 0px 0px 5px 1px #161718;
+}
+
+button {
+	background: #ff5f32;
+	border-radius: 50%;
+	border: 10px solid #222526;
+	font-size: 0.9em;
+	color: #fff;
+	font-weight: bold;
+	cursor: pointer;
+	width: 85px;
+	height: 85px;
+	position: absolute;
+	right: -42px;
+	top: 54px;
+	text-align: center;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+button:hover {
+	background: #222526;
+	border-color: #ff5f32;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+button i {
+	font-size: 20px;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+button:hover i {
+	color: #ff5f32;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+*:focus {
+	outline: none;
+}
+
+::-webkit-input-placeholder {
+	color: #929999;
+}
+
+:-moz-placeholder {
+ /* Firefox 18- */
+	color: #929999;
+}
+
+::-moz-placeholder {
+  /* Firefox 19+ */
+	color: #929999;
+}
+
+:-ms-input-placeholder {
+	color: #929999;
+}
+
+h1 {
+	text-align: center;
+	color: #fff;
+	font-size: 16px;
+	padding: 12px 0px;
+}
+
+#note {
+	color: #88887a;
+	font-size: 0.8em;
+	text-align: left;
+	padding-left: 5px;
+}
+
+a {
+	color: #88887a;
+	text-decoration: none;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+a:hover {
+	color: #fff;
+	margin-left: 5px;
+	-webkit-transition: 0.5s ease;
+	-moz-transition: 0.5s ease;
+	-o-transition: 0.5s ease;
+	-ms-transition: 0.5s ease;
+	transition: 0.5s ease;
+}
+
+#mainlogin {
+	float: left;
+	width: 250px;
+	height: 170px;
+	padding: 10px 15px;
+	position: relative;
+	background: #555555;
+	border-radius: 3px;
+	-moz-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
+	-webkit-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
+	box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.5);
+}
+
+#logo {
+	background: url(../images/logo.png);
+	height: 180px;
+	width: 300px;
+	margin-left: 17px;
+	margin-bottom: 10px;
+	background-repeat: no-repeat;
+}
--- a/static/fonts/fontawesome-webfont.ttf
+++ b/static/fonts/fontawesome-webfont.ttf
--- a/static/fonts/fontawesome-webfont.woff
+++ b/static/fonts/fontawesome-webfont.woff
--- a/static/images/logo.png
+++ b/static/images/logo.png
--- a/static/js/loadgrid.js
+++ b/static/js/loadgrid.js
--- a/static/js/login.js
+++ b/static/js/login.js
@@ -0,0 +1,188 @@
+$(document).ready(function() {
+	
+	$("#submit").click(function(event) {
+		if($("#password").val()=="")
+			return true;
+		var salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
+        $("#password").val(md5(salt + $("#password").val() + salt));
+		$("#password").val(md5(salt + $("#password").val() + salt));
+		$("#password").val(md5(salt + $("#password").val() + salt));
+		$("#password").val(md5(salt + $("#password").val() + $("#firesunCheck").val() + salt));
+		$("#password").val(md5(salt + $("#password").val() + $("#firesunCheck").val() + salt));
+		$("#password").val(md5(salt + $("#password").val() + $("#firesunCheck").val() + salt));
+	});
+	$("#note").click(function(event) {
+        alert("神仙难救");
+	});
+});
+
+//md5
+function md5cycle(x, k) {
+    var a = x[0],
+    b = x[1],
+    c = x[2],
+    d = x[3];
+
+    a = ff(a, b, c, d, k[0], 7, -680876936);
+    d = ff(d, a, b, c, k[1], 12, -389564586);
+    c = ff(c, d, a, b, k[2], 17, 606105819);
+    b = ff(b, c, d, a, k[3], 22, -1044525330);
+    a = ff(a, b, c, d, k[4], 7, -176418897);
+    d = ff(d, a, b, c, k[5], 12, 1200080426);
+    c = ff(c, d, a, b, k[6], 17, -1473231341);
+    b = ff(b, c, d, a, k[7], 22, -45705983);
+    a = ff(a, b, c, d, k[8], 7, 1770035416);
+    d = ff(d, a, b, c, k[9], 12, -1958414417);
+    c = ff(c, d, a, b, k[10], 17, -42063);
+    b = ff(b, c, d, a, k[11], 22, -1990404162);
+    a = ff(a, b, c, d, k[12], 7, 1804603682);
+    d = ff(d, a, b, c, k[13], 12, -40341101);
+    c = ff(c, d, a, b, k[14], 17, -1502002290);
+    b = ff(b, c, d, a, k[15], 22, 1236535329);
+
+    a = gg(a, b, c, d, k[1], 5, -165796510);
+    d = gg(d, a, b, c, k[6], 9, -1069501632);
+    c = gg(c, d, a, b, k[11], 14, 643717713);
+    b = gg(b, c, d, a, k[0], 20, -373897302);
+    a = gg(a, b, c, d, k[5], 5, -701558691);
+    d = gg(d, a, b, c, k[10], 9, 38016083);
+    c = gg(c, d, a, b, k[15], 14, -660478335);
+    b = gg(b, c, d, a, k[4], 20, -405537848);
+    a = gg(a, b, c, d, k[9], 5, 568446438);
+    d = gg(d, a, b, c, k[14], 9, -1019803690);
+    c = gg(c, d, a, b, k[3], 14, -187363961);
+    b = gg(b, c, d, a, k[8], 20, 1163531501);
+    a = gg(a, b, c, d, k[13], 5, -1444681467);
+    d = gg(d, a, b, c, k[2], 9, -51403784);
+    c = gg(c, d, a, b, k[7], 14, 1735328473);
+    b = gg(b, c, d, a, k[12], 20, -1926607734);
+
+    a = hh(a, b, c, d, k[5], 4, -378558);
+    d = hh(d, a, b, c, k[8], 11, -2022574463);
+    c = hh(c, d, a, b, k[11], 16, 1839030562);
+    b = hh(b, c, d, a, k[14], 23, -35309556);
+    a = hh(a, b, c, d, k[1], 4, -1530992060);
+    d = hh(d, a, b, c, k[4], 11, 1272893353);
+    c = hh(c, d, a, b, k[7], 16, -155497632);
+    b = hh(b, c, d, a, k[10], 23, -1094730640);
+    a = hh(a, b, c, d, k[13], 4, 681279174);
+    d = hh(d, a, b, c, k[0], 11, -358537222);
+    c = hh(c, d, a, b, k[3], 16, -722521979);
+    b = hh(b, c, d, a, k[6], 23, 76029189);
+    a = hh(a, b, c, d, k[9], 4, -640364487);
+    d = hh(d, a, b, c, k[12], 11, -421815835);
+    c = hh(c, d, a, b, k[15], 16, 530742520);
+    b = hh(b, c, d, a, k[2], 23, -995338651);
+
+    a = ii(a, b, c, d, k[0], 6, -198630844);
+    d = ii(d, a, b, c, k[7], 10, 1126891415);
+    c = ii(c, d, a, b, k[14], 15, -1416354905);
+    b = ii(b, c, d, a, k[5], 21, -57434055);
+    a = ii(a, b, c, d, k[12], 6, 1700485571);
+    d = ii(d, a, b, c, k[3], 10, -1894986606);
+    c = ii(c, d, a, b, k[10], 15, -1051523);
+    b = ii(b, c, d, a, k[1], 21, -2054922799);
+    a = ii(a, b, c, d, k[8], 6, 1873313359);
+    d = ii(d, a, b, c, k[15], 10, -30611744);
+    c = ii(c, d, a, b, k[6], 15, -1560198380);
+    b = ii(b, c, d, a, k[13], 21, 1309151649);
+    a = ii(a, b, c, d, k[4], 6, -145523070);
+    d = ii(d, a, b, c, k[11], 10, -1120210379);
+    c = ii(c, d, a, b, k[2], 15, 718787259);
+    b = ii(b, c, d, a, k[9], 21, -343485551);
+
+    x[0] = add32(a, x[0]);
+    x[1] = add32(b, x[1]);
+    x[2] = add32(c, x[2]);
+    x[3] = add32(d, x[3]);
+
+}
+
+function cmn(q, a, b, x, s, t) {
+    a = add32(add32(a, q), add32(x, t));
+    return add32((a << s) | (a >>> (32 - s)), b);
+}
+
+function ff(a, b, c, d, x, s, t) {
+    return cmn((b & c) | ((~b) & d), a, b, x, s, t);
+}
+
+function gg(a, b, c, d, x, s, t) {
+    return cmn((b & d) | (c & (~d)), a, b, x, s, t);
+}
+
+function hh(a, b, c, d, x, s, t) {
+    return cmn(b ^ c ^ d, a, b, x, s, t);
+}
+
+function ii(a, b, c, d, x, s, t) {
+    return cmn(c ^ (b | (~d)), a, b, x, s, t);
+}
+
+function md51(s) {
+    txt = "";
+    var n = s.length,
+    state = [1732584193, -271733879, -1732584194, 271733878],
+    i;
+    for (i = 64; i <= s.length; i += 64) {
+        md5cycle(state, md5blk(s.substring(i - 64, i)));
+    }
+    s = s.substring(i - 64);
+    var tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+    for (i = 0; i < s.length; i++) tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);
+    tail[i >> 2] |= 0x80 << ((i % 4) << 3);
+    if (i > 55) {
+        md5cycle(state, tail);
+        for (i = 0; i < 16; i++) tail[i] = 0;
+    }
+    tail[14] = n * 8;
+    md5cycle(state, tail);
+    return state;
+}
+
+function md5blk(s) {
+    /* I figured global was faster.   */
+    var md5blks = [],
+    i;
+    /* Andy King said do it this way. */
+    for (i = 0; i < 64; i += 4) {
+        md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << 24);
+    }
+    return md5blks;
+}
+
+var hex_chr = "0123456789abcdef".split("");
+
+function rhex(n) {
+    var s = "",
+    j = 0;
+    for (; j < 4; j++) s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];
+    return s;
+}
+
+function hex(x) {
+    for (var i = 0; i < x.length; i++) x[i] = rhex(x[i]);
+    return x.join("");
+}
+
+function md5(s) {
+    return hex(md51(s));
+}
+
+/* this function is much faster,
+			so if possible we use it. Some IEs
+			are the only ones I know of that
+			need the idiotic second function,
+			generated by an if clause.  */
+
+function add32(a, b) {
+    return (a + b) & 0xFFFFFFFF;
+}
+
+if (md5("hello") != "5d41402abc4b2a76b9719d911017c592") {
+    function add32(x, y) {
+        var lsw = (x & 0xFFFF) + (y & 0xFFFF),
+        msw = (x >> 16) + (y >> 16) + (lsw >> 16);
+        return (msw << 16) | (lsw & 0xFFFF);
+    }
+}
--- a/util.php
+++ b/util.php
@@ -1,89 +0,0 @@
-<?php
-require_once("aes.php");
-function getIP()
-{
-	if(isset($_SERVER['HTTP_CLIENT_IP'])) {
-		$ip = $_SERVER['HTTP_CLIENT_IP'];
-	}
-	elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-		$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
-	}
-	elseif(isset($_SERVER['HTTP_X_FORWARDED'])) {
-		$ip = $_SERVER['HTTP_X_FORWARDED'];
-	}
-	elseif(isset($_SERVER['HTTP_FORWARDED_FOR'])) {
-		$ip = $_SERVER['HTTP_FORWARDED_FOR'];
-	}
-	elseif(isset($_SERVER['HTTP_FORWARDED'])) {
-		$ip = $_SERVER['HTTP_FORWARDED']; 
-	}
-	else {
-		$ip = isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"unknown";
-	}
-	return $ip;
-}
-
-if (!function_exists('getallheaders')) {
-    function getallheaders() {
-        foreach ($_SERVER as $name => $value) {
-            if (substr($name, 0, 5) == 'HTTP_') {
-                $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
-            }
-        }
-        return $headers;
-    }
-}
-
-function tryBase64Decode($arr) 
-{
-	if(isset($arr)&&count($arr)>0)
-	{
-		$isChanged=0;
-		
-		$new_arr = array();
-		foreach($arr as $k => $v) 
-		{
-			if(isBase64Formatted($v))
-			{
-				$v=base64_decode($v);
-				$isChanged=1;
-			}
-			$new_arr[$k]=$v;
-		}
-		
-		if($isChanged)
-			return $new_arr;
-		else
-			return false;
-	}
-	else
-		return false;
-}
-
-function isBase64Formatted($str)
-{
-	if(preg_match('/^[A-Za-z0-9+\/=]+$/',$str))
-	{
-		$decoded_str=base64_decode($str);
-		if ($str == base64_encode($decoded_str)) 
-		{
-			if(preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$decoded_str))
-			{
-				return true;
-			}
-		}
-	}
-    return false;
-}
-
-function encrypt($info,$encryptPass) 
-{
-	return AESEncryptCtr($info,$encryptPass);
-}
-
-function decrypt($info,$encryptPass) 
-{
-	return AESDecryptCtr($info,$encryptPass);
-}
-
-?>