Change api key)

This commit is contained in:
Knah Tsaeb 2018-02-13 11:35:01 +01:00
parent 415c1e4407
commit a787e3c648

View file

@ -32,7 +32,7 @@ $GLOBALS['config']['activeComplete'] = false;
// Remove image older than 12 hours // Remove image older than 12 hours
$GLOBALS['config']['expireCache'] = 12; $GLOBALS['config']['expireCache'] = 12;
// Disable exec command and use cron task // Disable exec command and use cron task
$GLOBALS['config']['disableExec'] = true; $GLOBALS['config']['disableExec'] = false;
// Enable log for success, suspect, error // Enable log for success, suspect, error
$GLOBALS['config']['log'] = true; $GLOBALS['config']['log'] = true;
if (file_exists('cache/config/options.php')) { if (file_exists('cache/config/options.php')) {
@ -276,7 +276,13 @@ function install() {
$serverKey = substr(sha1(uniqid(rand(), true).'_'.mt_rand().$salt), 0, 12); $serverKey = substr(sha1(uniqid(rand(), true).'_'.mt_rand().$salt), 0, 12);
$encryptServerKey = sha1($serverKey.$salt); $encryptServerKey = sha1($serverKey.$salt);
if (!is_file('cache/config/genConf.php')) { if (!is_file('cache/config/genConf.php')) {
file_put_contents('cache/config/genConf.php', "<?php\n\$GLOBALS['config']['serverKey'] = '$encryptServerKey';\n\$GLOBALS['config']['salt'] = '$salt';\n\$GLOBALS['config']['pwd'] = 'install';\n?>"); file_put_contents('cache/config/genConf.php', "
<?php
\$GLOBALS['config']['serverKey'] = '$encryptServerKey';
\$GLOBALS['config']['salt'] = '$salt';
\$GLOBALS['config']['pwd'] = 'install';
\$GLOBALS['config']['apikey'] = '$serverKey';
?>");
} }
if (!is_file('cache/config/serverOptions.php')) { if (!is_file('cache/config/serverOptions.php')) {
touch('cache/config/serverOptions.php'); touch('cache/config/serverOptions.php');
@ -293,6 +299,7 @@ function install() {
$GLOBALS['config']['serverKey'] = $encryptServerKey; $GLOBALS['config']['serverKey'] = $encryptServerKey;
$GLOBALS['config']['salt'] = $salt; $GLOBALS['config']['salt'] = $salt;
$GLOBALS['config']['pwd'] = 'install'; $GLOBALS['config']['pwd'] = 'install';
$GLOBALS['config']['apikey'] = $serverKey;
return $serverKey; return $serverKey;
} }
@ -388,11 +395,13 @@ function savePass($passOne, $passTwo, $token) {
$confServerKey = $GLOBALS['config']['serverKey']; $confServerKey = $GLOBALS['config']['serverKey'];
$confSalt = $GLOBALS['config']['salt']; $confSalt = $GLOBALS['config']['salt'];
$confPwd = $GLOBALS['config']['pwd']; $confPwd = $GLOBALS['config']['pwd'];
$apikey = $GLOBALS['config']['apikey'];
$confFile = ' $confFile = '
<?php <?php
$GLOBALS[\'config\'][\'serverKey\'] = \''.$confServerKey.'\'; $GLOBALS[\'config\'][\'serverKey\'] = \''.$confServerKey.'\';
$GLOBALS[\'config\'][\'salt\'] = \''.$confSalt.'\'; $GLOBALS[\'config\'][\'salt\'] = \''.$confSalt.'\';
$GLOBALS[\'config\'][\'pwd\'] = \''.$confPwd.'\'; $GLOBALS[\'config\'][\'pwd\'] = \''.$confPwd.'\';
$GLOBALS[\'config\'][\'apikey\'] = \''.$apikey.'\';
?>'; ?>';
file_put_contents('cache/config/genConf.php', $confFile); file_put_contents('cache/config/genConf.php', $confFile);
} }
@ -517,6 +526,19 @@ function makeImgThumb($url, $ext, $hashUrl, $width, $path, $renderType) {
} }
} }
function checkHmac($receiveHmac, $url){
if($receiveHmac === makeHmac($url, $GLOBALS['config']['apikey'])){
return true;
}
else {
return false;
}
}
function makeHmac($url){
return hash_hmac('sha1',$url, $GLOBALS['config']['apikey']);
}
/* /*
$image = file_get_contents('http://www.url.com/image.jpg'); $image = file_get_contents('http://www.url.com/image.jpg');
file_put_contents('/images/image.jpg', $image); //save the image on your server file_put_contents('/images/image.jpg', $image); //save the image on your server
@ -538,6 +560,7 @@ if (!empty($ui['request']) && $ui['p'] !== 'install' && $ui['p'] !== 'login' &&
if (empty($ui['url'])) { if (empty($ui['url'])) {
die('You see in this world there\'s two kinds of people, my friend. Those with loaded guns, and those who dig. You dig.'); die('You see in this world there\'s two kinds of people, my friend. Those with loaded guns, and those who dig. You dig.');
} }
$ui['sendUrl'] = $ui['url'];
$ui['url'] = trim(rawurldecode($ui['url'])); $ui['url'] = trim(rawurldecode($ui['url']));
$ui['url'] = rtrim($ui['url'], '/'); $ui['url'] = rtrim($ui['url'], '/');
$hashUrl = sha1($GLOBALS['config']['salt'].$ui['url']); $hashUrl = sha1($GLOBALS['config']['salt'].$ui['url']);
@ -551,7 +574,12 @@ if (!empty($ui['request']) && $ui['p'] !== 'install' && $ui['p'] !== 'login' &&
} }
if (testExistImg($file) === true && (int)$ui['fr'] !== 1) { if (testExistImg($file) === true && (int)$ui['fr'] !== 1) {
if ($ui['request'] === 'api') { if ($ui['request'] === 'api') {
printThumbShot($file, $ui['t']); if (checkHmac($ui['hm'], $ui['sendUrl'])){
printThumbShot($file, $ui['t']);
} else {
ban();
die('I take a chips and give it to Godzilla. I give high kick in Chuck Norris face and I go to ... Humm .... Ehh .... Arg ....... KAMOULOX ! Well done Jean Pierre.');
}
} }
if ($ui['request'] === 'form') { if ($ui['request'] === 'form') {
$success = array( $success = array(
@ -562,10 +590,10 @@ if (!empty($ui['request']) && $ui['p'] !== 'install' && $ui['p'] !== 'login' &&
} }
} else { } else {
if ($ui['request'] === 'api') { if ($ui['request'] === 'api') {
if (empty($ui['key']) || empty($ui['url'])) { if (empty($ui['hm']) || empty($ui['hm'])) {
die('Are you Ken ?'); die('Are you Ken ?');
} }
if (sha1($ui['key'].$GLOBALS['config']['salt']) !== $GLOBALS['config']['serverKey']) { if (!checkHmac($ui['hm'], $ui['sendUrl'])) {
ban(); ban();
die('I take a chips and give it to Godzilla. I give high kick in Chuck Norris face and I go to ... Humm .... Ehh .... Arg ....... KAMOULOX ! Well done Jean Pierre.'); die('I take a chips and give it to Godzilla. I give high kick in Chuck Norris face and I go to ... Humm .... Ehh .... Arg ....... KAMOULOX ! Well done Jean Pierre.');
} }
@ -644,4 +672,4 @@ if (!empty($ui['request']) && $ui['p'] !== 'install' && $ui['p'] !== 'login' &&
require getPage($ui['p']); require getPage($ui['p']);
?> ?>
</body> </body>
</html> </html>