|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
dezend please |
|
Posted: Tue Oct 12, 2010 9:17 pm |
|
|
klih |
Regular user |
|
|
Joined: Oct 12, 2010 |
Posts: 11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Oct 13, 2010 3:49 am |
|
|
tsabitah |
Valuable expert |
|
|
Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
|
|
|
|
|
|
CLASS.link-protect.php
Code: | <?php
if (!class_exists('ubam_dpdemon_link_protect')) {
class ubam_dpdemon_link_protect
{
var $master;
function ubam_dpdemon_link_protect($masterclass)
{
$this->master = $masterclass;
}
function exec_protect_url()
{
$mlpBase = $this->master;
$saved_secure_dir = trim($mlpBase->options['ubam_dpdemon_download_directory'], '/');
define('BASE_DIR', ABSPATH . "wp-content/$saved_secure_dir/");
$allowed_ext = array('zip' => 'application/zip', 'pdf' => 'application/pdf', 'doc' => 'application/msword', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'exe' => 'application/octet-stream', 'gif' => 'image/gif', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mov' => 'video/quicktime', 'avi' => 'video/x-msvideo');
if (!ini_get('safe mode')) {
set_time_limit(0);
}
if (!isset($_GET['seclnk']) || empty($_GET['seclnk'])) {
die("Please specify file name for download.");
}
$seclnk_array = explode('_L-N-KP_', $_GET['seclnk']);
if (count($seclnk_array) < 4) {
die("Invalid URL. Missing security information.");
}
$sugin_secrypt = new ubam_dpdemon_Secrypt(false);
if (true) {
$valid_referrer = true;
if ($sugin_secrypt->Decrypt($this->pct_decode($seclnk_array[3]), $mlpBase->options['ubam_dpdemon_gen_key'], $mlpBase->options['ubam_dpdemon_gen_secret'])) {
$hotlink = (int)$sugin_secrypt->Data;
$hotlink = ($hotlink == 0 ? 0 : 1);
} else {
$sugin_secrypt->ShowErrors();
exit;
}
if (isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0 && substr($_SERVER['HTTP_REFERER'], 0, strlen(get_bloginfo('home'))) != get_bloginfo('home')) {
$valid_referrer = false;
}
if ($hotlink > 0 && $valid_referrer) {
if (!(isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0)) {
$valid_referrer = false;
}
}
if (!$valid_referrer) {
die("Internal server error. Please contact system administrator.");
}
}
if ($sugin_secrypt->Decrypt($this->pct_decode($seclnk_array[0]), $mlpBase->options['ubam_dpdemon_gen_key'], $mlpBase->options['ubam_dpdemon_gen_secret'])) {
$secure_resource = $sugin_secrypt->Data;
} else {
$sugin_secrypt->ShowErrors();
exit;
}
if ($seclnk_array[1] < time()) {
die("This link is no longer valid.");
}
$string_to_sign = $mlpBase->options['ubam_dpdemon_gen_key'] . "GET\n\n\n" . $seclnk_array[1] . "\n" . $mlpBase->options['ubam_dpdemon_gen_secret'];
$auth_signature = $this->pct_encode(md5($string_to_sign));
if ($auth_signature != $seclnk_array[2]) {
die("Invalid security information in URL.");
}
if (strpos($secure_resource, '://') !== false) {
$parsedUrl = parse_url($secure_resource);
$thepath = $parsedUrl['path'];
$thehost = $parsedUrl['host'];
if (strpos(preg_replace('/^http:\/\/www\./i', 'http://', get_option('siteurl')), 'http://' . preg_replace('/^www\./i', '', $thehost)) === false) {
header('Location: ' . $secure_resource);
exit;
} else {
$fname = substr($thepath, strrpos($thepath, '/') + 1);
$theWPdir = parse_url(get_option('siteurl'));
if (!empty($theWPdir['path'])) {
$file_path = substr(ABSPATH, 0, strrpos(strtolower(ABSPATH), strtolower($theWPdir['path']))) . $thepath;
} else {
$file_path = ABSPATH . $thepath;
}
}
} else {
$fname = basename($secure_resource);
$file_path = '';
if (strpos($secure_resource, '/') !== false) {
$subdir = substr($secure_resource, 0, strrpos(strtolower($secure_resource), $fname));
$subdir = substr($subdir, 0, 1) == '/' ? substr($subdir, 1) : $subdir;
} else {
$subdir = '';
}
$this->find_file(BASE_DIR . $subdir, $fname, $file_path);
}
if (!(file_exists($file_path) && is_file($file_path))) {
die("File does not exist. Make sure you specified correct file name.<br />File Path: $file_path");
}
$fsize = filesize($file_path);
$fext = strtolower(substr(strrchr($fname, "."), 1));
if (!array_key_exists($fext, $allowed_ext) || $allowed_ext[$fext] == '') {
$mtype = '';
if (function_exists('mime_content_type')) {
$mtype = mime_content_type($file_path);
} elseif (function_exists('finfo_file')) {
$finfo = finfo_open(FILEINFO_MIME);
$mtype = finfo_file($finfo, $file_path);
finfo_close($finfo);
}
if ($mtype == '') {
$mtype = "application/force-download";
}
} else {
$mtype = $allowed_ext[$fext];
}
if (!isset($_GET['fc']) || empty($_GET['fc'])) {
$asfname = $fname;
} else {
$asfname = str_replace(array('"', "'", '\\', '/'), '', $_GET['fc']);
if ($asfname === '')
$asfname = 'NoName';
}
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
readfile($file_path);
if (!LOG_DOWNLOADS)
die();
$f = @fopen(LOG_FILE, 'a+');
if ($f) {
@fputs($f, date("m.d.Y g:ia") . " " . $_SERVER['REMOTE_ADDR'] . " " . $fname . "\n");
@fclose($f);
}
}
function find_file($dirname, $fname, &$file_path)
{
$dir = opendir($dirname);
while ($file = readdir($dir)) {
if (empty($file_path) && $file != '.' && $file != '..') {
if (is_dir($dirname . '/' . $file)) {
$this->sec_url_find_file($dirname . '/' . $file, $fname, $file_path);
} else {
$fullname = rtrim($dirname, '/') . '/' . $fname;
if (file_exists($fullname)) {
$file_path = $fullname;
return;
}
}
}
}
}
function pct_decode($text_to_decode)
{
$out_text = preg_replace("/_BF_R_/", "%", $text_to_decode);
return base64_decode(rawurldecode($out_text));
}
function pct_encode($text_to_encode)
{
$out_text = rawurlencode(base64_encode($text_to_encode));
return preg_replace("/%/", "_BF_R_", $out_text);
}
}
}
require_once dirname(__FILE__) . '/Secrypt.class.inc.php';
?> |
|
|
|
|
|
|
|
|
|
Posted: Wed Oct 13, 2010 3:53 am |
|
|
tsabitah |
Valuable expert |
|
|
Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
|
|
|
|
|
|
dp-demon-inc.php
Code: | <?php
if (!class_exists('ubam_dpdemon')) {
class ubam_dpdemon
{
var $optionsName = 'ubam_dpdemon_options';
var $localizationDomain = "ubam_dpdemon";
var $thispluginurl = '';
var $thispluginpath = '';
var $options = array();
function ubam_dpdemon()
{
$locale = get_locale();
$mo = dirname(__FILE__) . "/languages/" . $this->localizationDomain . "-" . $locale . ".mo";
load_textdomain($this->localizationDomain, $mo);
$this->thispluginurl = WP_PLUGIN_URL . '/' . dirname(plugin_basename(__FILE__)) . '/';
$this->thispluginpath = WP_PLUGIN_PATH . '/' . dirname(plugin_basename(__FILE__)) . '/';
$this->getOptions();
if (empty($this->options['ubam_dpdemon_default_email']))
$this->options['ubam_dpdemon_default_email'] = "Dear {CUSTOMER NAME},\n\nThank you for purchasing {PRODUCT NAME}.\n\nBelow is the URL to your download page. You have\napproximately {X} hours to download your purchase, after\nwhich the download page will be expired.\n\nDownload for {PRODUCT NAME} ({PRODUCT CODE})\n{DOWNLOAD PAGE}\n\nIf the URL above is not clickable, just copy and paste the\nURL into your browser.\n\nShould you need any assistance, simply reply to this email.\n\n\nYour Name\nYour Company";
add_action("admin_menu", array(&$this, "admin_menu_link"));
add_action("init", array(&$this, "ubam_dpdemon_notify"));
add_filter('the_content', array(&$this, "ubam_dpdemon_button_html"));
}
function getOptions()
{
if (!$theOptions = get_option($this->optionsName)) {
$theOptions = array('default' => 'options');
update_option($this->optionsName, $theOptions);
}
$this->options = $theOptions;
}
function ubam_dpdemon_notify()
{
global $wpdb;
global $ubam_aff_mgr_var;
if ($_GET['dpd-pp-notify'] || strpos($_SERVER['REQUEST_URI'], '/dpd-pp-notify/') !== false) {
require_once dirname(__FILE__) . '/' . 'dp-demon-notify.php';
$notify = new ubam_dpdemon_notify(&$this);
$notify->do_pp_ipn();
exit;
}
if ($_GET['dpdid']) {
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$return = new ubam_dpdemon_page(&$this);
$return ->show_pitch_page();
exit;
}
if ($_GET['dpd-pp-thankyou'] || strpos($_SERVER['REQUEST_URI'], '/dpd-pp-thankyou/') !== false) {
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$return = new ubam_dpdemon_page(&$this);
$return ->pp_thankyou();
exit;
}
if ($_GET['dpd-cb-thankyou']) {
require_once dirname(__FILE__) . '/' . 'dp-demon-notify.php';
$return = new ubam_dpdemon_notify(&$this);
$return ->cb_thankyou();
exit;
}
if ($_GET['dpd-download']) {
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$download = new ubam_dpdemon_page(&$this);
$download->pp_download();
exit;
}
if (eregi('/lnk-pr0t', $_SERVER['REQUEST_URI']) && !empty($_GET['seclnk'])) {
require_once dirname(__FILE__) . '/' . 'includes/CLASS.link-protect.php';
$url_handler = new ubam_dpdemon_link_protect(&$this);
$url_handler->exec_protect_url();
exit;
}
}
function send_to_pitch_page($dpdid = '')
{
if ($_GET['dpdid'] || !empty($dpdid)) {
if (empty($dpdid))
$dpdid = $_GET['dpdid'];
require_once dirname(__FILE__) . '/' . 'dp-demon-page.php';
$return = new ubam_dpdemon_page(&$this);
$return ->show_pitch_page($dpdid);
exit;
}
}
function saveAdminOptions()
{
return update_option($this->optionsName, $this->options);
}
function admin_menu_link()
{
add_options_page(DPDEMON_OPTION_PAGE_TITLE, DPDEMON_MENU_TITLE, 'manage_options', 'dp-demon-inc.php', array(&$this, 'admin_options_page'));
add_filter('plugin_action_links_' . plugin_basename(__FILE__), array(&$this, 'filter_plugin_actions'), 10, 2);
}
function filter_plugin_actions($links, $file)
{
$settings_link = '<a href="options-general.php?page=' . basename(__FILE__) . '">' . __('Settings') . '</a>';
array_unshift($links, $settings_link);
return $links;
}
function create_sales_link_html($product_id, $pid = 0)
{
return $this->create_purchase_button_html($product_id, $pid = 0, $type = 'link');
}
function create_custom_purchase_button_html($product_id, $image_array)
{
return $this->create_purchase_button_html($product_id, $pid = 0, $type = 'button', $image_array);
}
function create_purchase_button_html($product_id, $pid = 0, $type = 'button', $image_array = '')
{
global $wpdb;
global $ubam_aff_mgr_var;
$filter_value = ($pid > 0 ? $pid : "'$product_id'");
$filter_column = ($pid > 0 ? 'id' : 'product_id');
$product = $wpdb->get_row("SELECT * from {$wpdb->prefix}ubam_mktg_launchpad_items WHERE $filter_column = $filter_value");
if ($product) {
if (is_array($image_array)) {
$img_width = (empty($image_array['width']) ? '' : ' width="' . $image_array['width'] . '"');
$img_height = (empty($image_array['height']) ? '' : ' height="' . $image_array['height'] . '"');
}
switch ($product->pmt_processor) {
case 'PAYPAL':
if (!$paypal_sandbox == 0) {
$paypal_url = "www.sandbox.paypal.com/cgi-bin/webscr";
$paypal_ipn_url = "www.sandbox.paypal.com";
} else {
$paypal_url = "www.paypal.com/cgi-bin/webscr";
$paypal_ipn_url = "www.paypal.com";
}
if ($get_shipping_address == 1) {
$no_shipping = 2;
}
if ($get_shipping_address == 0) {
$no_shipping = 1;
}
if ($get_shipping_address == 2) {
$no_shipping = 0;
}
$buy_now_image = '"https://www.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif"';
if (is_array($image_array)) {
if (!empty($image_array['image']))
$buy_now_image = '"' . $image_array['image'] . '"' . $img_width . $img_height;
}
$return_url = rtrim(get_option('siteurl'), '/') . "/dpd-pp-thankyou/{$product->product_id}";
$notify_url = rtrim(get_option('siteurl'), '/') . "/dpd-pp-notify/{$product->product_id}";
$button_html = '<form name="form1" action="https://' . $paypal_url . '" method="post">';
$button_html .= '<input type="image" src=' . $buy_now_image . ' border="0" name="submit" alt="Make payments with PayPal - it\'s fast, free and secure!">';
$button_html .= '<input type="hidden" name="cmd" value="_xclick">';
$button_html .= '<input type="hidden" name="business" value="' . $this->options['ubam_dpdemon_pp_email'] . '">';
$button_html .= '<input type="hidden" name="item_name" value="' . $product->product_name . '">';
$button_html .= '<input type="hidden" name="item_number" value="' . $product->product_nbr . '">';
$button_html .= '<input type="hidden" name="amount" value="' . $product->price . '">';
$button_html .= '<input type="hidden" name="no_shipping" value="' . $no_shipping . '">';
$button_html .= '<input type="hidden" name="return" value="' . $return_url . '">';
$button_html .= '<input type="hidden" name="notify_url" value="' . $notify_url . '">';
$button_html .= '<input type="hidden" name="no_note" value="1">';
$button_html .= '<input type="hidden" name="currency_code" value="' . $product->currency . '">';
$button_html .= '<input type="hidden" name="rm" value="2">';
$button_html .= '</form>';
break;
case 'CLICKBANK':
$processor = 'cb';
$buy_now_image = '"' . $this->thispluginurl . 'cb-buy-NOW.gif"';
if (is_array($image_array)) {
if (!empty($image_array['image']))
$buy_now_image = '"' . $image_array['image'] . '"' . $img_width . $img_height;
}
$button_html = '<form id="eppForm" action="http://' . $product->product_nbr . '.' . $this->options['ubam_dpdemon_cb_vendid'] . '.pay.clickbank.net" method="get" target="_top">';
$button_html .= '<input type="image" src=' . $buy_now_image . ' border="0" name="submit" alt="Make payments with ClickBank - it\'s fast, free and secure!">';
$button_html .= '</form>';
break;
case 'E-JUNKIE':
$processor = 'ej';
$buy_now_image = '"http://www.e-junkie.com/ej/x-click-butcc.gif"';
if (is_array($image_array)) {
if (!empty($image_array['image']))
$buy_now_image = '"' . $image_array['image'] . '"' . $img_width . $img_height;
}
$link = 'https://www.e-junkie.com/ecom/gb.php?i=' . $product->product_nbr . '&c=single&cl=' . $this->options['ubam_dpdemon_ej_clientid'] . $ma_custom;
$button_html = '<a href="' . $link . '" target="ejejcsingle">';
$button_html .= '<img src=' . $buy_now_image . ' border="0" alt="Buy Now"/></a>';
break;
case 'AFFILIATE':
$button_html = get_option('siteurl') . '/?dpdid=' . $product->product_id;
break;
}
$copy_html = $button_html;
} else {
$button_html = false;
}
return array('html' => $button_html, 'copy_html' => $copy_html, 'pmt_processor' => $product->pmt_processor, 'product_id' => $product->product_id, 'pitch_page' => (empty($product->pitch_page_url) ? false : true));
}
function ubam_dpdemon_button_html($text)
{
$dpd_button_tag_pattern = '/(\[dpd-button(.*?)\](.*?)\[\/dpd-button\])/is';
$dpd_link_tag_pattern = '/\[dpd-button\](.*?)\[\/dpd-button\]/is';
preg_match_all($dpd_button_tag_pattern, $text, $dpd_button_matches);
if (is_array($dpd_button_matches)) {
foreach ($dpd_button_matches[1] as $bkey => $bvalue) {
$product_id = $dpd_button_matches[3][$bkey];
if (empty($dpd_button_matches[2][$bkey])) {
$image_array = '';
} else {
$image_array = $this->parse_attributes($dpd_button_matches[2][$bkey]);
if (count($image_array) == 0)
$image_array = '';
}
if (is_array($image_array)) {
$button_html = $this->create_custom_purchase_button_html($product_id, $image_array);
} else {
$button_html = $this->create_purchase_button_html($product_id);
}
if ($button_html === false)
$button_html = array('html' => '');
$text = str_replace($bvalue, $button_html['html'], $text);
}
}
preg_match_all($dpd_link_tag_pattern, $text, $dpd_link_matches);
if (is_array($dpd_link_matches)) {
foreach ($dpd_link_matches[1] as $key => $product_id) {
$link_html = $this->create_purchase_button_html($product_id);
if ($link_html === false)
$link_html = array('html' => '');
$text = str_replace($dpd_link_matches[0][$key], $link_html['html'], $text);
}
}
return $text;
}
function parse_attributes($attrib_string)
{
$regex = '@([^\s=]+)\s*=\s*(\'[^<\']*\'|"[^<"]*"|\S*)@';
preg_match_all($regex, $attrib_string, $matches);
$attr = array();
for ($i = 0; $i < count($matches[0]); $i++) {
if (!empty($matches[0][$i]) && !empty($matches[1][$i])) {
if (preg_match("/^'(.*)'$/", $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} elseif (preg_match('/^"(.*)"$/', $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} else {
$value = $matches[2][$i];
}
$key = strtolower($matches[1][$i]);
$attr[$key] = $value;
}
}
return $attr;
}
function admin_options_page()
{
global $wpdb;
if ($_POST['action'] == 'edit') {
$editmode = true;
$eproduct = $wpdb->get_row("SELECT * from {$wpdb->prefix}ubam_mktg_launchpad_items WHERE id={$_POST['pid']}");
?><div class="wrap">
<h2><?php
echo DPDEMON_OPTION_PAGE_TITLE;
?></h2> <?php
require_once(DPDEMON_TEMPLATE_DIR . "product-entry-form.htm");
} elseif ($_POST['action'] == 'Edit Default Email') {
$default_email = $this->options['ubam_dpdemon_default_email'];
require_once(DPDEMON_TEMPLATE_DIR . "edit-default-email.htm");
} elseif ($_POST['action'] == 'button') {
$button = $this->create_purchase_button_html('', $_POST['pid']);
if ($button['pitch_page']) {
$pitch_page = get_option('siteurl') . "/?dpdid={$button['product_id']}";
}
if ($button['pmt_processor'] == 'CLICKBANK') {
$cb_hoplink_target = get_option('siteurl') . "/";
$append_to_hoplink = "?dpdid={$button['product_id']}";
$append_to_tracking_hoplink = "&dpdid={$button['product_id']}";
$cb_thank_you = get_option('siteurl') . "/?dpd-cb-thankyou={$button['product_id']}";
}
if ($button['pmt_processor'] == 'E-JUNKIE') {
$ej_ipn_url = rtrim(get_option('siteurl'), '/') . "/dpd-ej-notify/{$button['product_id']}";
}
require_once(DPDEMON_TEMPLATE_DIR . "button-display.htm");
} else {
if ($_POST['action'] == 'delete') {
$wpdb->show_errors();
$wpdb->query("DELETE FROM {$wpdb->prefix}ubam_mktg_launchpad_items WHERE id={$_POST['pid']}");
$wpdb->hide_errors();
echo '<div class="updated"><p>Success! Product has been deleted from the database.</p></div>';
}
if ($_POST['ubam_dpdemon_edit_default_email']) {
$this->options['ubam_dpdemon_default_email'] = $_POST['ubam_dpdemon_default_email'];
$this->saveAdminOptions();
echo '<div class="updated"><p>Success! Your changes were sucessfully saved.</p></div>';
}
if ($_POST['ubam_dpdemon_acct_save']) {
if (!wp_verify_nonce($_POST['_wpnonce'], 'ubam_dpdemon-update-options'))
die('Whoops! There was a problem with the data you posted. Please go back and try again.');
$this->options['ubam_dpdemon_pp_email'] = $_POST['ubam_dpdemon_pp_email'];
$this->options['ubam_dpdemon_pp_authcd'] = $_POST['ubam_dpdemon_pp_authcd'];
$this->options['ubam_dpdemon_cb_vendid'] = $_POST['ubam_dpdemon_cb_vendid'];
$this->options['ubam_dpdemon_cb_authcd'] = $_POST['ubam_dpdemon_cb_authcd'];
$this->options['ubam_dpdemon_ej_clientid'] = $_POST['ubam_dpdemon_ej_clientid'];
$this->options['ubam_dpdemon_support_name'] = $_POST['ubam_dpdemon_support_name'];
$this->options['ubam_dpdemon_support_email'] = $_POST['ubam_dpdemon_support_email'];
$this->options['ubam_dpdemon_expire_hours'] = $_POST['ubam_dpdemon_expire_hours'];
$this->options['ubam_dpdemon_gen_key'] = $_POST['ubam_dpdemon_gen_key'];
$this->options['ubam_dpdemon_gen_secret'] = $_POST['ubam_dpdemon_gen_secret'];
$this->options['ubam_dpdemon_expire_seconds'] = $_POST['ubam_dpdemon_expire_seconds'];
$this->options['ubam_dpdemon_download_directory'] = $_POST['ubam_dpdemon_download_directory'];
$this->saveAdminOptions();
echo '<div class="updated"><p>Success! Your changes were sucessfully saved.</p></div>';
}
if ($_POST['ubam_dpdemon_add_product']) {
$insert_query = "REPLACE INTO {$wpdb->prefix}ubam_mktg_launchpad_items " . " (product_id, pmt_processor, product_nbr, " . " ma_commission_scheme_id, " . " product_name, product_description, price, currency, " . " pitch_page_url, thank_you_page_url, download_page_url, download_link_url, " . " thankyou_email_subject, thankyou_email_body) " . "VALUES ('{$_POST['ubam_dpdemon_product_id']}', '{$_POST['ubam_dpdemon_pmt_processor']}', '{$_POST['ubam_dpdemon_product_nbr']}', " . " " . (empty($_POST['ubam_dpdemon_commission_scheme_id']) ? 'NULL' : $_POST['ubam_dpdemon_commission_scheme_id']) . ", " . " '{$_POST['ubam_dpdemon_product_name']}', '{$_POST['ubam_dpdemon_product_desc']}', " . (empty($_POST['ubam_dpdemon_price']) ? '0.00' : $_POST['ubam_dpdemon_price']) . ", '{$_POST['ubam_dpdemon_currency']}', " . " '{$_POST['ubam_dpdemon_pitch_page']}', '{$_POST['ubam_dpdemon_thanku_page']}', '{$_POST['ubam_dpdemon_dl_page']}', '{$_POST['ubam_dpdemon_dl_link']}', " . " '{$_POST['ubam_dpdemon_email_subject']}', '{$_POST['ubam_dpdemon_email_body']}') ";
$wpdb->query($insert_query);
echo '<div class="updated"><p>Success! Product has been added to the database.</p></div>';
}
if ($_POST['ubam_dpdemon_update_product']) {
if (!wp_verify_nonce($_POST['_wpnonce'], 'ubam_dpdemon-edit-product'))
die('Whoops! There was a problem with the data you posted. Please go back and try again.');
$update_query = "UPDATE {$wpdb->prefix}ubam_mktg_launchpad_items " . " SET product_id = '{$_POST['ubam_dpdemon_product_id']}' " . " , pmt_processor = '{$_POST['ubam_dpdemon_pmt_processor']}' " . " , product_nbr = '{$_POST['ubam_dpdemon_product_nbr']}' " . " , product_name = '{$_POST['ubam_dpdemon_product_name']}' " . " , product_description = '{$_POST['ubam_dpdemon_product_desc']}' " . " , ma_commission_scheme_id = " . (empty($_POST['ubam_dpdemon_commission_scheme_id']) ? 'NULL' : $_POST['ubam_dpdemon_commission_scheme_id']) . " " . " , price = " . (empty($_POST['ubam_dpdemon_price']) ? '0.00' : $_POST['ubam_dpdemon_price']) . " " . " , currency = '{$_POST['ubam_dpdemon_currency']}' " . " , pitch_page_url = '{$_POST['ubam_dpdemon_pitch_page']}' " . " , thank_you_page_url = '{$_POST['ubam_dpdemon_thanku_page']}' " . " , download_page_url = '{$_POST['ubam_dpdemon_dl_page']}' " . " , download_link_url = '{$_POST['ubam_dpdemon_dl_link']}' " . " , thankyou_email_subject = '{$_POST['ubam_dpdemon_email_subject']}' " . " , thankyou_email_body = '{$_POST['ubam_dpdemon_email_body']}' " . " WHERE id = {$_POST['id']} ";
$wpdb->query($update_query);
echo '<div class="updated"><p>Success! Product has been successfully changed.</p></div>';
}
$productlist = $wpdb->get_results("SELECT * from {$wpdb->prefix}ubam_mktg_launchpad_items ORDER BY product_id", ARRAY_A);
if (!is_array($productlist))
$productlist = array();
$admin_link_prefix = 'options-general.php?page=';
include_once(DPDEMON_TEMPLATE_DIR . "options-page.htm");
}
}
function stripslashes_deep($value)
{
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
}
}
?> |
|
|
|
|
|
|
|
|
|
Posted: Wed Oct 13, 2010 3:56 am |
|
|
tsabitah |
Valuable expert |
|
|
Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
|
|
|
|
|
|
dp-demon-link-protect.php
Code: | <?php
if (!class_exists('ubam_dpdemon_url_protector')) {
class ubam_dpdemon_url_protector
{
var $master;
function ubam_dpdemon_url_protector($masterclass)
{
$this->master = $masterclass;
}
function secureUrl($text)
{
$mlpBase = $this->master;
$SEC_GEN_KEY = $mlpBase->options['ubam_dpdemon_gen_key'];
$SEC_GEN_SECRET = $mlpBase->options['ubam_dpdemon_gen_secret'];
$expires = time() + $mlpBase->options['ubam_dpdemon_expire_seconds'];
$text = $this->create_link($text, $SEC_GEN_KEY, $SEC_GEN_SECRET, $expires);
return $text;
}
function create_link($text, $SEC_GEN_KEY, $SEC_GEN_SECRET, $expires)
{
$mlpBase = $this->master;
$tag_pattern = '/(SECURE(.*?):(.*))/i';
if (preg_match($tag_pattern, $text, $matches)) {
require_once dirname(__FILE__) . '/includes/Secrypt.class.inc.php';
$attr_array = $this->parse_attributes($matches[2]);
$link_expires = $expires;
if ($attr_array['seconds'] && is_numeric($attr_array['seconds'])) {
if ($attr_array['seconds'] > 0) {
$link_expires = time() + $attr_array['seconds'];
} elseif ($attr_array['seconds'] == 0) {
$link_expires = time() + (3650 * 24 * 60 * 60);
}
}
if (($attr_array['hotlink']) && is_numeric($attr_array['hotlink'])) {
$hotlink = $attr_array['hotlink'] <= 0 ? 0 : 1;
}
$secure_resource = trim($matches[3]);
$sug_string_to_sign = "{$SEC_GEN_KEY}GET\n\n\n$link_expires\n$SEC_GEN_SECRET";
$sug_signature = urlencode($this->pct_encode(md5($sug_string_to_sign)));
$sugout_secrypt = new ubam_dpdemon_Secrypt(false);
$secure_link = urlencode($this->pct_encode($sugout_secrypt->Encrypt($secure_resource, $SEC_GEN_KEY, $SEC_GEN_SECRET)));
$secure_hotlink = urlencode($this->pct_encode($sugout_secrypt->Encrypt($hotlink == 0 ? "000" : "111", $SEC_GEN_KEY, $SEC_GEN_SECRET)));
$sug_authentication_params = "_L-N-KP_$link_expires";
$sug_authentication_params .= "_L-N-KP_$sug_signature";
$sug_authentication_params .= "_L-N-KP_$secure_hotlink";
$secure_destination = rtrim(get_option('siteurl'), '/') . '/lnk-pr0t?seclnk=' . $secure_link . "$sug_authentication_params";
$text = $secure_destination;
}
return $text;
}
function parse_attributes($attrib_string)
{
$regex = '@([^\s=]+)\s*=\s*(\'[^<\']*\'|"[^<"]*"|\S*)@';
preg_match_all($regex, $attrib_string, $matches);
$attr = array();
for ($i = 0; $i < count($matches[0]); $i++) {
if (!empty($matches[0][$i]) && !empty($matches[1][$i])) {
if (preg_match("/^'(.*)'$/", $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} elseif (preg_match('/^"(.*)"$/', $matches[2][$i], $vmatch)) {
$value = $vmatch[1];
} else {
$value = $matches[2][$i];
}
$key = strtolower($matches[1][$i]);
$attr[$key] = $value;
}
}
return $attr;
}
function pct_encode($text_to_encode)
{
$out_text = rawurlencode(base64_encode($text_to_encode));
return preg_replace("/%/", "_BF_R_", $out_text);
}
}
}
?> |
|
|
|
|
|
|
|
|
|
Posted: Wed Oct 13, 2010 11:14 pm |
|
|
klih |
Regular user |
|
|
Joined: Oct 12, 2010 |
Posts: 11 |
|
|
|
|
|
|
|
@tsabitah
Amazing. Thanks a ton. Now I can see if there is anything fishy in my WP plugin. |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|