diff --git a/aes.php b/aes.php index 3d2bdfa..e6c81a7 100644 --- a/aes.php +++ b/aes.php @@ -22,8 +22,7 @@ if (!defined('IN_XSS_PLATFORM')) { * generated from the cipher key by KeyExpansion() * @return ciphertext as byte-array (16 bytes) */ -function Cipher($input, $w) // main Cipher function [§5.1] -{ +function Cipher($input, $w) {// main Cipher function [§5.1] $Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES) $Nr = count($w) / $Nb - 1; // no of rounds: 10/12/14 for 128/192/256-bit keys @@ -53,8 +52,7 @@ function Cipher($input, $w) // main Cipher function [§5.1] } -function AddRoundKey($state, $w, $rnd, $Nb) // xor Round Key into state S [§5.1.4] -{ +function AddRoundKey($state, $w, $rnd, $Nb) {// xor Round Key into state S [§5.1.4] for ($r = 0; $r < 4; $r++) { for ($c = 0; $c < $Nb; $c++) $state[$r][$c] ^= $w[$rnd * 4 + $c][$r]; @@ -62,8 +60,7 @@ function AddRoundKey($state, $w, $rnd, $Nb) // xor Round Key into state S [§5.1 return $state; } -function SubBytes($s, $Nb) // apply SBox to state S [§5.1.1] -{ +function SubBytes($s, $Nb) {// apply SBox to state S [§5.1.1] global $Sbox; // PHP needs explicit declaration to access global variables! for ($r = 0; $r < 4; $r++) { for ($c = 0; $c < $Nb; $c++) @@ -72,8 +69,7 @@ function SubBytes($s, $Nb) // apply SBox to state S [§5.1.1] return $s; } -function ShiftRows($s, $Nb) // shift row r of state S left by r bytes [§5.1.2] -{ +function ShiftRows($s, $Nb) {// shift row r of state S left by r bytes [§5.1.2] $t = array( 4 ); @@ -86,8 +82,7 @@ function ShiftRows($s, $Nb) // shift row r of state S left by r bytes [§5.1.2] return $s; // see fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf } -function MixColumns($s, $Nb) // combine bytes of each col of state S [§5.1.3] -{ +function MixColumns($s, $Nb) {// combine bytes of each col of state S [§5.1.3] for ($c = 0; $c < 4; $c++) { $a = array( 4 @@ -115,8 +110,7 @@ function MixColumns($s, $Nb) // combine bytes of each col of state S [§5.1.3] * @param key cipher key byte-array (16 bytes) * @return key schedule as 2D byte-array (Nr+1 x Nb bytes) */ -function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2] -{ +function KeyExpansion($key) {// generate Key Schedule from Cipher Key [§5.2] global $Rcon; // PHP needs explicit declaration to access global variables! $Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES) $Nk = count($key) / 4; // key length (in words): 4/6/8 for 128/192/256-bit keys @@ -152,16 +146,14 @@ function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2] return $w; } -function SubWord($w) // apply SBox to 4-byte word w -{ +function SubWord($w) {// apply SBox to 4-byte word w global $Sbox; // PHP needs explicit declaration to access global variables! for ($i = 0; $i < 4; $i++) $w[$i] = $Sbox[$w[$i]]; return $w; } -function RotWord($w) // rotate 4-byte word w left by one byte -{ +function RotWord($w) {// rotate 4-byte word w left by one byte $w[4] = $w[0]; for ($i = 0; $i < 4; $i++) $w[$i] = $w[$i + 1]; @@ -213,8 +205,7 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00), * @param nBits number of bits to be used in the key (128, 192, or 256) * @return encrypted text */ -function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128) -{ +function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128) { $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES if (!($nBits == 128 || $nBits == 192 || $nBits == 256)) return ''; // standard allows 128/192/256 bit keys @@ -287,8 +278,7 @@ function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128) * @param nBits number of bits to be used in the key (128, 192, or 256) * @return decrypted text */ -function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128) -{ +function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128) { $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES if (!($nBits == 128 || $nBits == 192 || $nBits == 256)) return ''; // standard allows 128/192/256 bit keys @@ -354,8 +344,7 @@ function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128) * @param b number of bits to shift a to the right (0..31) * @return a right-shifted and zero-filled by b bits */ -function urs($a, $b) -{ +function urs($a, $b) { $a &= 0xffffffff; $b &= 0x1f; // (bounds check) if ($a & 0x80000000 && $b > 0) { // if left-most bit set diff --git a/api.php b/api.php index 3275858..55f80c3 100644 --- a/api.php +++ b/api.php @@ -185,8 +185,7 @@ else if (isset($_GET['my_js_cmd'])) { echo json_encode(false); -function xss_record_id_list() -{ +function xss_record_id_list() { $files = glob(DATA_PATH . '/*.php'); $list = array(); foreach ($files as $file) { @@ -197,8 +196,7 @@ function xss_record_id_list() return $list; } -function xss_record_detail_list() -{ +function xss_record_detail_list() { $list = array(); $files = glob(DATA_PATH . '/*.php'); arsort($files); @@ -226,8 +224,7 @@ function xss_record_detail_list() } //获取js的名字与描述列表 -function js_name_and_desc_list($path) -{ +function js_name_and_desc_list($path) { $list = array(); $files = glob($path . '/*.js'); arsort($files); @@ -258,6 +255,5 @@ function js_name_and_desc_list($path) $list[] = $item; } - return $list; } \ No newline at end of file diff --git a/change_encrypt_pass.php b/change_encrypt_pass.php index ec64e1c..6bc6943 100644 --- a/change_encrypt_pass.php +++ b/change_encrypt_pass.php @@ -29,22 +29,20 @@ if ($argv[1] === "update") else change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]); -function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) -{ +function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) { //如果从旧版本升级,就统一先切换为RC4,密码bluelotus modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4"); modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4"); } -function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) -{ + +function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); modify_js_desc(MY_JS_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); modify_js_desc(JS_TEMPLATE_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); } -function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) -{ +function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { $logfile = DATA_PATH . '/forbiddenIPList.dat'; $str = @file_get_contents($logfile); @@ -60,8 +58,7 @@ function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_enc echo "修改封禁ip失败,可能是没有权限,chmod 777!\n"; } -function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) -{ +function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { $files = glob(DATA_PATH . '/*.php'); foreach ($files as $file) { @@ -85,8 +82,8 @@ function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_ } } } -function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) -{ + +function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { $files = glob($path . '/*.js'); foreach ($files as $file) { //由于可能有中文名,故使用正则来提取文件名 @@ -109,8 +106,7 @@ function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encr } } -function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) -{ +function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) { if ($encrypt_enable) { if ($encrypt_type === "AES") { require_once("aes.php"); @@ -125,8 +121,7 @@ function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) return $info; } -function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) -{ +function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) { if ($encrypt_enable) { if ($encrypt_type === "AES") { require_once("aes.php"); diff --git a/dio.php b/dio.php index 4d8423b..850ae53 100644 --- a/dio.php +++ b/dio.php @@ -6,8 +6,7 @@ require_once("load.php"); require_once("functions.php"); //对记录的读写操作,无数据库,采用读写文件的方式,文件名即请求时的时间戳,同时也是记录的id -function save_xss_record($info, $filename) -{ +function save_xss_record($info, $filename) { $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; !file_exists($logFile) && @touch($logFile); @@ -19,8 +18,7 @@ function save_xss_record($info, $filename) return true; } -function load_xss_record($filename) -{ +function load_xss_record($filename) { if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; if (!file_exists($logFile)) @@ -64,8 +62,7 @@ function load_xss_record($filename) return false; } -function delete_xss_record($filename) -{ +function delete_xss_record($filename) { if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; return unlink($logFile); @@ -73,8 +70,7 @@ function delete_xss_record($filename) return false; } -function clear_xss_record() -{ +function clear_xss_record() { $files = glob(DATA_PATH . '/*.php'); foreach ($files as $file) { @@ -83,8 +79,7 @@ function clear_xss_record() return true; } -function load_js_content($path, $filename) -{ +function load_js_content($path, $filename) { if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; if (!file_exists($file)) @@ -98,8 +93,7 @@ function load_js_content($path, $filename) return false; } -function delete_js($path, $filename) -{ +function delete_js($path, $filename) { if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; unlink($file); @@ -110,8 +104,7 @@ function delete_js($path, $filename) } -function clear_js($path) -{ +function clear_js($path) { $files = glob($path . '/*.desc'); foreach ($files as $file) { unlink($file); @@ -124,8 +117,7 @@ function clear_js($path) return true; } -function save_js_content($path, $content, $filename) -{ +function save_js_content($path, $content, $filename) { $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; !file_exists($file) && @touch($file); @@ -135,8 +127,7 @@ function save_js_content($path, $content, $filename) return true; } -function save_js_desc($path, $desc, $filename) -{ +function save_js_desc($path, $desc, $filename) { $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; !file_exists($file) && @touch($file); diff --git a/functions.php b/functions.php index bd258bf..3c2b541 100644 --- a/functions.php +++ b/functions.php @@ -7,8 +7,7 @@ require_once("load.php"); //nginx无getallheaders函数 if (!function_exists('getallheaders')) { - function getallheaders() - { + function getallheaders() { foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; @@ -19,8 +18,7 @@ if (!function_exists('getallheaders')) { } //判断该记录是否 -function isKeepSession($info) -{ +function isKeepSession($info) { $keepsession = false; foreach ($info['get_data'] as $k => $v) { @@ -47,15 +45,13 @@ function isKeepSession($info) } //xss过滤 -function stripStr($str) -{ +function stripStr($str) { if (get_magic_quotes_gpc()) $str = stripslashes($str); return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8')); } -function stripArr($arr) -{ +function stripArr($arr) { $new_arr = array(); foreach ($arr as $k => $v) { $new_arr[stripStr($k)] = stripStr($v); @@ -64,8 +60,7 @@ function stripArr($arr) } //尝试base64解码 -function tryBase64Decode($arr) -{ +function tryBase64Decode($arr) { if (isset($arr) && count($arr) > 0) { $isChanged = 0; @@ -88,8 +83,7 @@ function tryBase64Decode($arr) } //判断string是否为base64编码(判断方法:解码后为可见字符串) -function isBase64Formatted($str) -{ +function isBase64Formatted($str) { if (preg_match('/^[A-Za-z0-9+\/=]+$/', $str)) if ($str == base64_encode(base64_decode($str))) if (preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', base64_decode($str))) @@ -97,8 +91,7 @@ function isBase64Formatted($str) return false; } -function encrypt($info) -{ +function encrypt($info) { if (ENCRYPT_ENABLE) { if (ENCRYPT_TYPE === "AES") { require_once("aes.php"); @@ -113,8 +106,7 @@ function encrypt($info) return $info; } -function decrypt($info) -{ +function decrypt($info) { if (ENCRYPT_ENABLE) { if (ENCRYPT_TYPE === "AES") { require_once("aes.php"); @@ -130,8 +122,7 @@ function decrypt($info) } //基于Discuz X3.1 function_misc.php -function convertip($ip, $ipdatafile) -{ +function convertip($ip, $ipdatafile) { $ipaddr = '未知'; if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) { $iparray = explode('.', $ip); diff --git a/install.php b/install.php index 415aa36..692c0ef 100644 --- a/install.php +++ b/install.php @@ -7,6 +7,7 @@ if ( file_exists('config.php') ) { display_header(); @unlink($_SERVER['SCRIPT_FILENAME']); + @unlink('config-sample.php'); die( '

已安装

请勿重复安装!

登录

' ); } @@ -195,7 +196,7 @@ CONFIG; } -function display_header( ) { +function display_header() { ?> @@ -395,15 +396,14 @@ function display_setup_form( $error = null ) { } // end display_setup_form() //xss过滤 -function stripStr($str){ +function stripStr($str) { if(get_magic_quotes_gpc()) $str=stripslashes($str); return htmlspecialchars($str,ENT_QUOTES,'UTF-8'); } //js描述重加密 -function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type,$new_encrypt_enable,$new_encrypt_pass, $new_encrypt_type) -{ +function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type,$new_encrypt_enable,$new_encrypt_pass, $new_encrypt_type) { $files = glob($path . '/*.js'); foreach ($files as $file){ //由于可能有中文名,故使用正则来提取文件名 @@ -425,8 +425,7 @@ function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt } //加密 -function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) -{ +function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) { if($encrypt_enable) { if($encrypt_type==="AES") { require_once("aes.php"); @@ -444,8 +443,7 @@ function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) } //解密 -function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) -{ +function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) { if($encrypt_enable) { if($encrypt_type==="AES") { require_once("aes.php"); diff --git a/login.php b/login.php index 637638d..553da0f 100644 --- a/login.php +++ b/login.php @@ -48,8 +48,7 @@ if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) { } else $is_pass_wrong = true; -function loadForbiddenIPList() -{ +function loadForbiddenIPList() { $logfile = DATA_PATH . '/forbiddenIPList.dat'; !file_exists($logfile) && @touch($logfile); $str = @file_get_contents($logfile); @@ -69,8 +68,7 @@ function loadForbiddenIPList() return array(); } -function saveForbiddenIPList($forbiddenIPList) -{ +function saveForbiddenIPList($forbiddenIPList) { $logfile = DATA_PATH . '/forbiddenIPList.dat'; !file_exists($logfile) && @touch($logfile); $str = json_encode($forbiddenIPList); @@ -82,8 +80,7 @@ function saveForbiddenIPList($forbiddenIPList) 生成密码 php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;" */ -function checkPassword($p) -{ +function checkPassword($p) { if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != "" && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) { //改了这个盐记得改login.js里的,两个要一致 $salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl"; @@ -97,8 +94,7 @@ function checkPassword($p) } //生成挑战应答的随机值 -function generate_password($length = 32) -{ +function generate_password($length = 32) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $password = ""; for ($i = 0; $i < $length; $i++) diff --git a/mail.php b/mail.php index 48f6463..b8a6119 100644 --- a/mail.php +++ b/mail.php @@ -6,8 +6,7 @@ if (!defined('IN_XSS_PLATFORM')) { require_once("PHPMailer/PHPMailerAutoload.php"); require_once("load.php"); -function send_mail($xss_record_json) -{ +function send_mail($xss_record_json) { $subject = "GET:" . count($xss_record_json['get_data']) . "个 POST:" . count($xss_record_json['post_data']) . "个 Cookie:" . count($xss_record_json['cookie_data']) . "个"; $body = json_encode($xss_record_json, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); diff --git a/rc4.php b/rc4.php index c8869bc..f290c4b 100644 --- a/rc4.php +++ b/rc4.php @@ -30,8 +30,7 @@ if (!defined('IN_XSS_PLATFORM')) { * @return the result of the RC4 as a binary string * @author Michael Cutler */ -function rc4($data_str, $key_str) -{ +function rc4($data_str, $key_str) { // convert input string(s) to array(s) $key = array(); $data = array();