daily pastebin goal
1%
SHARE
TWEET

Untitled

MERRON May 12th, 2013 48 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. include("globals.php");
  3. include("admin.php");
  4.  
  5. function doAction($action){
  6. global $uid, $name, $locale, $key;
  7. //parse action agruments if needed
  8. if(strlen($action)>1){
  9.     if(!strpos($action,'@')) die('bad action arguments');
  10.     $delim_pos = strpos($action,'@');
  11.     $arg = substr($action,$delim_pos+1);
  12.     $action = substr($action,$delim_pos-1,1);
  13. }
  14. switch($action){
  15. case 0:
  16.     //logout
  17.         header("Set-cookie: S3SS1D=");
  18.         header("Location: ./");
  19.         break;  
  20.     break;
  21. case 1:
  22.     //admin delete user
  23.     admin::deleteUser();
  24.     break;
  25. case 2:
  26.     //admin create user
  27.     admin::createUser();
  28.     break;
  29. case 3:
  30.     //change locale
  31.     $locale = isset($_COOKIE['locale'])?$_COOKIE['locale']:'en';    
  32.     $sess = mcrypt_encrypt(MCRYPT_BLOWFISH, md5($key), "$role:$uid:$name:$locale", MCRYPT_MODE_CBC, 1234567890);    
  33.     header("Set-cookie: S3SS1D=".urlencode(base64_encode($sess)));
  34.     break;
  35. case 4:
  36.     //get username
  37.     return $name;
  38.     break;
  39. case 5:
  40.     //get uid
  41.     return $uid;
  42.     break;
  43. default:
  44.     die('bad action');
  45.     break;
  46. }
  47. }
  48.  
  49. if(!isset($_COOKIE['S3SS1D'])){ die('auth failed!'); }
  50. $sess = mcrypt_decrypt(MCRYPT_BLOWFISH, md5($key), base64_decode($_COOKIE['S3SS1D']), MCRYPT_MODE_CBC, 1234567890);
  51. $sess_data = explode(':',$sess);
  52. if(count($sess_data)==4){
  53. $role    = trim($sess_data[0]);
  54. $uid    = trim($sess_data[1]);
  55. $name    = trim($sess_data[2]);
  56. $locale = trim($sess_data[3]);
  57.  
  58. $action = substr($_GET['do'],6); ///'action' have 6 bytes of length
  59.  
  60. $r=$db->query("select role".intval($action)." from users where id=$uid");
  61. if($row=$r->fetchArray()){
  62.     if((int)$row[0]!==1){
  63.         echo 'permission denied';
  64.     }else{
  65.         $ret = doAction($action);
  66.         echo $ret;
  67.     }
  68. }
  69. }else{
  70.         die('auth failed.');
  71. }
  72.  
  73. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top