HEX
Server: Apache/2.4.59 (Debian)
System: Linux skycube.cz 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) x86_64
User: ilya (534)
PHP: 7.3.31-1~deb10u7
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /var/www/ilya/data/www/kamforum.ru/retail/
Upload Files
File: /var/www/ilya/data/www/kamforum.ru/retail/chatauth.php
<?php

/*
+--------------------------------------------------------------------------
|   Invision Power Board v2.1.5
|   ========================================
|   by Matthew Mecham
|   (c) 2001 - 2005 Invision Power Services
|   http://www.invisionpower.com
|   ========================================
|   Web: http://www.invisionboard.com
|   Time: Tue, 18 Oct 2005 19:30:11 GMT
|   Release: 95f5a3c9ea538e4ebb097b9464fc22d2
|   Email: matt@invisionpower.com
|   Licence Info: http://www.invisionboard.com/?license
+---------------------------------------------------------------------------
|
|   > IPB CHAT 2004 INTEGRATION
|   > Script written by Matt Mecham
|   > Date started: 20th April 2004
|   > Interesting fact: Radiohead rock
|   > Which Radiohead track features the words "In a city of the future"?
+--------------------------------------------------------------------------
*/

/**
* Parachat auth file.
*
* Set-up and load module to run
*
* @package	InvisionPowerBoard
* @author   Matt Mecham
* @version	2.1
*/

/**
* Script type
*
*/
define( 'IPB_THIS_SCRIPT', 'public' );
define( 'IPB_LOAD_SQL'   , 'queries' );

require_once( '../init.php' );

//===========================================================================
// MAIN PROGRAM
//===========================================================================

$INFO = array();

//--------------------------------
// Load our classes
//--------------------------------

require_once ROOT_PATH   . "sources/ipsclass.php";
require_once KERNEL_PATH . "class_converge.php";
require_once ROOT_PATH   . "conf_global.php";

# Initiate super-class
$ipsclass       = new ipsclass();
$ipsclass->vars = $INFO;

//--------------------------------
// The clocks a' tickin'
//--------------------------------
		
$Debug = new Debug;
$Debug->startTimer();

//--------------------------------
// Load the DB driver and such
//--------------------------------

$ipsclass->init_db_connection();

//--------------------------------
//  Set up our vars
//--------------------------------

$ipsclass->parse_incoming();

//--------------------------------
//  Set converge
//--------------------------------

$ipsclass->converge = new class_converge( $ipsclass->DB );

//--------------------------------
// Start off the cache array
//--------------------------------

$ipsclass->cache_array = array_merge( array(), array('rss_calendar', 'rss_export','components','banfilters', 'settings', 'group_cache', 'systemvars', 'skin_id_cache', 'forum_cache', 'moderators', 'stats', 'languages') );


//===========================================================================
// Get cache...
//===========================================================================

$ipsclass->init_load_cache( $ipsclass->cache_array );

//--------------------------------
//  Initialize the FUNC
//--------------------------------

$ipsclass->initiate_ipsclass();

//===========================================================================
// AUTHORIZE...
//===========================================================================

$reply_success = 'Result=Success';
$reply_nouser  = 'Result=UserNotFound';
$reply_nopass  = 'Result=WrongPassword';
$reply_error   = 'Result=Error';

$in_user       = $ipsclass->parse_clean_value(urldecode(trim($_GET['user'])));
$in_pass       = $ipsclass->parse_clean_value(urldecode(trim($_GET['pass'])));
$in_cookie     = $ipsclass->parse_clean_value(urldecode(trim($_GET['cookie'])));
$access_groups = $ipsclass->vars['chat04_access_groups'];
$in_md5_pass   = "";
$nametmp       = "";
$in_userid     = 0;
$query         = 0;

if ( preg_match( "/^md5pass\((.+?)\)(.+?)$/", $in_pass, $match ) )
{
	$in_md5_pass = $match[1];
	$in_userid   = intval($match[2]);
}
	
//----------------------------------------------
// Did we pass a user ID?
//----------------------------------------------

if ( $in_userid )
{
	$query   = "m.id=".$in_userid;
	$in_user = 1;
}
else
{
	$in_user = str_replace( '-', '_', $in_user );
	$timeoff = time() - 3600;
	$query   = "m.members_display_name LIKE '".addslashes($in_user)."' AND last_activity > $timeoff";
}

//----------------------------------------------
// Continue..
//----------------------------------------------

if ( $in_user and ! $in_pass )
{
	show_message( $reply_nopass );
	//## EXIT ##
}

if ( $in_user and $in_pass )
{
	//------------------------------------------
	// Attempt to get member...
	//------------------------------------------
	
	$ipsclass->DB->query("SELECT m.mgroup, m.name, m.id, c.*  FROM ibf_members m
								LEFT JOIN ibf_members_converge c ON (m.id=c.converge_id)
								WHERE $query");
	
	$member = $ipsclass->DB->fetch_row();
	
	if ( ! $member['id'] )
	{
		//--------------------------------------
		// Guest...
		//--------------------------------------
		
		test_for_guest();
	}
	
	//------------------------------------------
	// Test for MD5 (future proof)
	//------------------------------------------
	
	if ( ! $in_md5_pass )
	{
		$in_md5_pass = md5( md5( $member['converge_pass_salt'] ) . md5($in_pass) );
	}
	
	//------------------------------------------
	// PASSWORD?
	//------------------------------------------
	
	if ( $in_md5_pass == $member['converge_pass_hash'] )
	{
		//--------------------------------------
		// Check for access
		//--------------------------------------
		
		if ( ! preg_match( "/(^|,)".$member['mgroup']."(,|$)/", $access_groups ) )
		{
			show_message( $reply_error );
			//## EXIT ##
		}
		else
		{
			show_message( $reply_success );
			//## EXIT ##
		}
	}
	else
	{
		show_message( $reply_nopass );
		//## EXIT ##
	}
}
else
{
	//------------------------------------------
	// Guest...
	//------------------------------------------
	
	test_for_guest();
}

//===========================================================================
// YES TO GUEST OR NO TO PASS GO
//===========================================================================

function test_for_guest()
{
	global $reply_nouser, $reply_error;
	
	if ( preg_match( "/(^|,)".$ipsclass->vars['guest_group']."(,|$)/", $access_groups ) )
	{
		show_message( $reply_nouser );
		//## EXIT ##
	}
	else
	{
		show_message( $reply_error );
		//## EXIT ##
	}
}

//===========================================================================
// SHOW MESSAGE
//===========================================================================

function show_message($msg="Result=Error")
{
	@flush();
	echo $msg;
	exit;
}




?>
@ Telegram