master
cn.yimian.xyz 4 years ago
parent 8f28f34d27
commit 15f52a26a6
  1. 84
      checkin.html
  2. 78
      checkin.php
  3. 5
      checkout.php
  4. 11
      functions.php
  5. 1
      index.html
  6. 47
      index.php
  7. 48
      setFip.php
  8. 86
      who.php

@ -1,84 +0,0 @@
<html>
<head>
<title>Ushio Auth</title>
<script src="https://cdn.jsdelivr.net/npm/fp3@3.0.3/dist/fp.min.js"></script>
<script>
/* func define */
var cookie={set:function(e,r,a){if(a==undefined)var a=3e3;var t=new Date;t.setTime(t.getTime()+a*24*60*60*1e3);document.cookie=e+"="+escape(r)+";expires="+t.toGMTString()+";path=/"},get:function(e){var r,a=new RegExp("(^| )"+e+"=([^;]*)(;|$)");if(r=document.cookie.match(a)){return unescape(r[2])}else{return null}},del:function(e){var r=new Date;r.setTime(r.getTime()-1);var a,t=new RegExp("(^| )"+e+"=([^;]*)(;|$)");if(a=document.cookie.match(t)){var n=unescape(a[2])}else{var n=null}if(n!=null){document.cookie=e+"="+n+";expires="+r.toGMTString()}}}
function getQueryString(name) {
let reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i");
let r = window.location.search.substr(1).match(reg);
if (r != null) {
return decodeURIComponent(r[2]);
};
return null;
}
function randomStr(length) {
var result = '', chars = '0123456789abcdefghijklmnopqrstuvwxyz';
for (var i = length; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)];
return result;
}
/* get Ip */
var ip = '';
function getIp(){
return new Promise((resolve, reject)=>{
var ajax = new XMLHttpRequest();
ajax.onreadystatechange = function(){
if(ajax.readyState == 4 && ajax.status == 200){
var data = JSON.parse(ajax.responseText);
ip = data.ip;
resolve(ip);
}
}
ajax.open('get','https://log.yimian.xyz/iis.php');
ajax.send(null);
});
}
/* get father page mask */
var mask = getQueryString('mask');
/* break cookie rule */
document.cookie = 'cross-site-cookie2=noneCookie; SameSite=None; Secure';
var isCrossDomain = true;
cookie.set('_icd', '15');
if(cookie.get('_icd') == '15'){
isCrossDomain = false;
}
var token = '';
console.log(cookie.get('_token'))
/* get local token */
if(cookie.get('_token')){
token = cookie.get('_token');
}else{
if(!isCrossDomain){
token = randomStr(64);
cookie.set('_token', token);
}
}
/* web request */
;(async function(){
var ajax = new XMLHttpRequest();
var fp_v = await fp;
var ip = await getIp();
if(token){
ajax.open('get','checkin.php?fp='+fp_v+'&token='+token+'&mask='+mask+'&ip='+ip);
if(fp_v && mask && token) ajax.send(null);
}else{
ajax.open('get','checkin.php?fp='+fp_v+'&ip='+ip+'&mask='+mask);
if(fp_v && mask && ip) ajax.send(null);
}
})()
</script>
</head>
<body></body>
</html>

@ -1,62 +1,48 @@
<?php
include './functions.php';
$redis = new redis();
$redis->connect('redis',6379);
$fp = $_REQUEST['fp'];
$mask = $_REQUEST['mask'];
$token = $_REQUEST['token'];
$ip = $_REQUEST['ip'];
if(!isset($fp)) die();
if(!isset($mask)) die();
$hash = $_REQUEST['token'];
$from = $_REQUEST['from'];
if(!isset($hash)) die();
if(!isset($from)) die();
$id = md5($fp.$mask);
if(isset($token) && isset($ip)){
$fip = md5($fp.$ip);
$redis->set('auth/fip/'.$fip, $token);
$redis->expire('auth/fip/'.$fip, 3600*72);
if(strlen($hash) != 64){
echo "<script>alert('Illegal Hash!!');window.location.href='https://login.yimian.xyz/'</script>";
die();
}
if(isset($ip) && !isset($token)){
$fip = md5($fp.$ip);
if($redis->exists('auth/fip/'.$fip)){
$token = $redis->get('auth/fip/'.$fip);
}else{
die();
}
}
if(!$redis->exists('auth/token/'.$token)){
$redis->set('session/redirect/'.$id, $token);
if(!$redis->exists('session/dialog/'.$token)){
$redis->hSet('session/dialog/'.$token, "group", "anonymous");
}
echo $token;
die();
$token = $_COOKIE['_token'];
if(!isset($token)){
$token = hash('sha256', time().$from.$hash);
setcookie("_token", $token, time()+60*60*24*30*6);
}
$cnn = db__connect();
$hash = $redis->get('auth/token/'.$token);
if(!db__rowNum($cnn, "account", "hash", $hash)){
$redis->set('session/redirect/'.$id, $token);
$redis->del('auth/token/'.$token);
if(!$redis->exists('session/dialog/'.$token)){
$redis->hSet('session/dialog/'.$token, "group", "anonymous");
}
if(db__rowNum($cnn, "token", "token", $token)){
db__pushData($cnn, "token", array(
"hash"=>$hash,
"updated_at"=>date("Y-m-d H:i:s", time()),
"state"=>'1'
), array(
"token"=>$token
));
}else{
$redis->set('session/redirect/'.$id, $token);
if(!$redis->exists('session/dialog/'.$hash)){
$data = db__getData($cnn, "account", "hash", $hash);
foreach($data[0] as $key=>$val){
$redis->hSet('session/dialog/'.$hash, $key, $val);
}
}
db__pushData($cnn, "token", array(
"hash"=>$hash,
"token"=>$token,
"created_at"=>date("Y-m-d H:i:s", time()),
"state"=>'1'
));
}
echo $token;
echo '<html><head><script>block_aplayer = true;</script><script src="https://cdn.yimian.xyz/ushio-js/ushio-head.min.js"></script>';
echo '<script src="https://cdn.yimian.xyz/ushio-js/ushio-footer.min.js"></script>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Ushio Auth - set token</title><meta name=viewport content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no"><meta name="keywords" content="iotcat,呓喵酱,yimian"><link rel="shortcut icon" href="https://cdn.yimian.xyz/img/head/head3r.ico"><style type="text/css">.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}#loader-wrapper{position:fixed;top:0;left:0;width:100%;height:100%;z-index:999999}#loader{display:block;position:relative;left:50%;top:50%;width:150px;height:150px;margin:-75px 0 0 -75px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 2s linear infinite;-ms-animation:spin 2s linear infinite;-moz-animation:spin 2s linear infinite;-o-animation:spin 2s linear infinite;animation:spin 2s linear infinite;z-index:1001}#loader:before{content:"";position:absolute;top:5px;left:5px;right:5px;bottom:5px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 3s linear infinite;-moz-animation:spin 3s linear infinite;-o-animation:spin 3s linear infinite;-ms-animation:spin 3s linear infinite;animation:spin 3s linear infinite}#loader:after{content:"";position:absolute;top:15px;left:15px;right:15px;bottom:15px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-moz-animation:spin 1.5s linear infinite;-o-animation:spin 1.5s linear infinite;-ms-animation:spin 1.5s linear infinite;-webkit-animation:spin 1.5s linear infinite;animation:spin 1.5s linear infinite}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}#loader-wrapper .loader-section{position:fixed;top:0;width:51%;height:100%;background:#1abc9c;z-index:1000;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}#loader-wrapper .loader-section.section-left{left:0}#loader-wrapper .loader-section.section-right{right:0}#loader-wrapper .load_title{font-family:"Open Sans";color:#FFF;font-size:19px;width:100%;text-align:center;z-index:9999999999999;position:absolute;top:60%;opacity:1;line-height:30px}#loader-wrapper .load_title span{font-weight:normal;font-style:italic;font-size:13px;color:#FFF;opacity:.5}</style></head><body><div id="loader-wrapper" ><div id="loader"></div><div class="loader-section section-left"></div><div class="loader-section section-right"></div><div class="load_title">正在检测您的设备安全( • ̀ω•́ )✧<br><span id="ino">Anti-DDOS..</span></div></div><script>function newUrl(url){if(url.indexOf("?")==-1){if(url.indexOf("#")==-1){return url+"?t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"?t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}else{if(url.indexOf("#")==-1){return url+"&t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"&t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}};setTimeout(function(res){document.getElementById("info").innerHTML="Network Checking..";setTimeout(function(res){document.getElementById("info").innerHTML="Decide Best Strategy..";setTimeout(function(res){document.getElementById("info").innerHTML="Connecting..";setTimeout(function(res){document.getElementById("info").innerHTML="Loading.."},600)},800)},800)},800);</script>';
echo "<script>session.onload(()=>{window.location.href='$from'});</script></body></html>";

@ -7,12 +7,11 @@ $cnn = db__connect();
if(isset($_COOKIE['_token']) && db__rowNum($cnn, "token", "token", $_COOKIE['_token'])){
db__pushData($cnn, "token", array(
"state"=>'0'
"state"=>'0',
"updated_at"=>date("Y-m-d H:i:s", time())
), array(
"token"=>$_COOKIE['_token']
));
}
setcookie("_token", "", time()-3600);
echo '<script>window.location.href="https://login.yimian.xyz/"</script>';

@ -3,6 +3,11 @@ include '/mnt/config/dbKeys/auth.php';
include '/mnt/config/php/config.php';
/**database connection**/
$redis = new redis();
$redis->connect('redis',6379);
//connect to database
function db__connect($servername="",$username="",$password="",$dbname="")
{
@ -37,7 +42,7 @@ function db__connect($servername="",$username="",$password="",$dbname="")
}
//get table row number::(data_cnnct var,table name) ::(row number)
function db__rowNum($conn,$table,$clmnName="",$value="",$clmnName2="",$value2="")
function db__rowNum($conn,$table,$clmnName="",$value="",$clmnName2="",$value2="",$clmnName3="",$value3="",$clmnName4="",$value4="")
{
$table=db__antisql($table);
@ -49,7 +54,9 @@ function db__rowNum($conn,$table,$clmnName="",$value="",$clmnName2="",$value2=""
if($clmnName=="") $sql = "SELECT COUNT(*) FROM $table";
elseif($clmnName2=="") $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value'";
else $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2'";
elseif($clmnName3=="") $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2'";
elseif($clmnName4=="") $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2' AND $clmnName3='$value3'";
else $sql = "SELECT COUNT(*) FROM $table where $clmnName='$value' AND $clmnName2='$value2' AND $clmnName3='$value3' AND $clmnName4='$value4'";
$row_count = $conn->query($sql);
list($row_num) = $row_count->fetch_row();

@ -1 +0,0 @@
<script>window.location.href="https://ushio.cool/"</script>

@ -1,27 +1,44 @@
<?php
include './functions.php';
$redis = new redis();
$redis->connect('redis',6379);
$from = $_REQUEST['from'];
if (isset($_COOKIE["_token"])){
$redis->del('auth/token/'.$_COOKIE['_token']);
/* deal from */
if(!isset($from)){
$from = 'https://ushio.cool/';
}else{
try{
$from = base64_decode($from);
}catch(Exception $e){}
}
$token = $_REQUEST['token'];
$from = $_REQUEST['from'];
if(!isset($token)) die();
if(!isset($from)) die();
if(strlen($token) < 60 || !$redis->exists('auth/token/'.$token)){
echo "<script>alert('Illegal Token!!');window.location.href='https://login.yimian.xyz/'</script>";
die();
}
setcookie("_token", $token, time()+60*60*24*30*6);
/* deal with none local token */
if (!isset($_COOKIE["_token"])){
$token = hash('sha256', $from.time());
setcookie("_token", $token, time()+6*30*24*3600);
}else{
$token = $_COOKIE['_token'];
}
/* set tmp seed */
$seed = hash('sha256', time().$from);
$redis->set('auth/seed/'.$seed, $token);
$redis->expire('auth/seed/'.$seed, 30);
echo '<html><head><script src="https://cdn.yimian.xyz/ushio-js/ushio-head.min.js"></script>';
echo '<html><head><script>block_aplayer = true;</script><script src="https://cdn.yimian.xyz/ushio-js/ushio-head.min.js"></script>';
echo '<script src="https://cdn.yimian.xyz/ushio-js/ushio-footer.min.js"></script>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Ushio Auth</title><meta name=viewport content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no"><meta name="keywords" content="iotcat,呓喵酱,yimian"><link rel="shortcut icon" href="https://cdn.yimian.xyz/img/head/head3r.ico"><style type="text/css">.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}#loader-wrapper{position:fixed;top:0;left:0;width:100%;height:100%;z-index:999999}#loader{display:block;position:relative;left:50%;top:50%;width:150px;height:150px;margin:-75px 0 0 -75px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 2s linear infinite;-ms-animation:spin 2s linear infinite;-moz-animation:spin 2s linear infinite;-o-animation:spin 2s linear infinite;animation:spin 2s linear infinite;z-index:1001}#loader:before{content:"";position:absolute;top:5px;left:5px;right:5px;bottom:5px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-webkit-animation:spin 3s linear infinite;-moz-animation:spin 3s linear infinite;-o-animation:spin 3s linear infinite;-ms-animation:spin 3s linear infinite;animation:spin 3s linear infinite}#loader:after{content:"";position:absolute;top:15px;left:15px;right:15px;bottom:15px;border-radius:50%;border:3px solid transparent;border-top-color:#FFF;-moz-animation:spin 1.5s linear infinite;-o-animation:spin 1.5s linear infinite;-ms-animation:spin 1.5s linear infinite;-webkit-animation:spin 1.5s linear infinite;animation:spin 1.5s linear infinite}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes spin{0%{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg)}}#loader-wrapper .loader-section{position:fixed;top:0;width:51%;height:100%;background:#1abc9c;z-index:1000;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}#loader-wrapper .loader-section.section-left{left:0}#loader-wrapper .loader-section.section-right{right:0}#loader-wrapper .load_title{font-family:"Open Sans";color:#FFF;font-size:19px;width:100%;text-align:center;z-index:9999999999999;position:absolute;top:60%;opacity:1;line-height:30px}#loader-wrapper .load_title span{font-weight:normal;font-style:italic;font-size:13px;color:#FFF;opacity:.5}</style></head><body><div id="loader-wrapper" ><div id="loader"></div><div class="loader-section section-left"></div><div class="loader-section section-right"></div><div class="load_title">正在检测您的设备安全( • ̀ω•́ )✧<br><span id="ino">Anti-DDOS..</span></div></div><script>function newUrl(url){if(url.indexOf("?")==-1){if(url.indexOf("#")==-1){return url+"?t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"?t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}else{if(url.indexOf("#")==-1){return url+"&t="+(new Date).valueOf()}else{return url.slice(0,url.indexOf("#"))+"&t="+(new Date).valueOf()+url.slice(url.indexOf("#"))}}};setTimeout(function(res){document.getElementById("info").innerHTML="Network Checking..";setTimeout(function(res){document.getElementById("info").innerHTML="Decide Best Strategy..";setTimeout(function(res){document.getElementById("info").innerHTML="Connecting..";setTimeout(function(res){document.getElementById("info").innerHTML="Loading.."},600)},800)},800)},800);</script>';
echo "<script>session.onload(()=>{window.location.href='$from'});</script></body></html>";
echo "<script>session.onload(()=>{
$.get('/setFip.php?seed=$seed&fp='+page.fp+'&ip='+page.ip, (res)=>{
if(res.code == 200){
window.location.href='$from';
return;
}else if(res.code == 500){
cookie.del('_token');
}
window.location.reload();
});
});</script></body></html>";

@ -0,0 +1,48 @@
<?php
include './functions.php';
$seed = $_REQUEST['seed'];
$ip = $_REQUEST['ip'];
$fp = $_REQUEST['fp'];
if(!isset($seed) || strlen($seed)!=64 || !isset($ip) || strlen($ip)<8 || strlen($ip)>16 || !isset($fp) || strlen($fp)!=6) {
header('status: 505 Illegal Params');
die();
};
header("Content-Type: application/json;charset=utf-8");
$fip = md5($fp.$ip);
// bad seed
if(!$redis->exists('auth/seed/'.$seed)){
echo json_encode(array(
"code"=>400,
"message"=>"Bad Seed!"
));
die();
}
$token = $redis->get('auth/seed/'.$seed);
//bad token
if(strlen($token)!=64){
echo json_encode(array(
"code"=>500,
"message"=>"Bad token!"
));
die();
}
//good
$redis->set('auth/fip/'.$fip, $token);
$redis->expire('auth/fip/'.$fip, 60);
echo json_encode(array(
"code"=>200
));

@ -0,0 +1,86 @@
<?php
header('Access-Control-Allow-Origin:*');
include './functions.php';
$mask = $_REQUEST['mask'];
$ip = $_REQUEST['ip'];
$fp = $_REQUEST['fp'];
if(!isset($mask) || strlen($mask)!=64 || !isset($ip) || strlen($ip)<8 || strlen($ip)>16 || !isset($fp) || strlen($fp)!=6) {
header('status: 505 Illegal Params');
die();
};
/* special php program */
set_time_limit(0);
ob_end_clean();
header("Connection: close");
header("HTTP/1.1 200 OK");
header("Content-Type: application/json;charset=utf-8");
header('Access-Control-Allow-Origin:*');
ob_start();
$cnn = db__connect();
if(db__rowNum($cnn, "mask", "mask", $mask)){
$token = db__getData($cnn, "mask", "mask", $mask)[0]['token'];
echo json_encode(array(
"code"=> 200
));
}else{
$fip = md5($fp.$ip);
if($redis->exists('auth/fip/'.$fip)){
$token = $redis->get('auth/fip/'.$fip);
db__pushData($cnn, "mask", array(
"mask"=>$mask,
"token"=>$token,
"created_at"=>date("Y-m-d H:i:s", time())
), array(
"mask"=>$mask
));
echo json_encode(array(
"code"=> 200
));
}else{
echo json_encode(array(
"code"=> 404
));
}
die();
}
/* close connection */
ob_end_flush();
flush();
if (function_exists("fastcgi_finish_request")) {
fastcgi_finish_request();
}
sleep(2);
ignore_user_abort(true);
set_time_limit(0);
if(db__rowNum($cnn, "fip", "token", $token, "mask", $mask, "fp", $fp, "ip", $ip)){
db__pushData($cnn, "fip", array(
"updated_at"=>date("Y-m-d H:i:s", time())
), array(
"token"=>$token,
"mask"=>$mask,
"fp"=>$fp,
"ip"=>$ip
));
}else{
db__pushData($cnn, "fip", array(
"token"=>$token,
"mask"=>$mask,
"fp"=>$fp,
"ip"=>$ip,
"created_at"=>date("Y-m-d H:i:s", time())
));
}
die();
Loading…
Cancel
Save