diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2024-03-07 17:12:17 +0100 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2024-03-07 17:12:17 +0100 |
commit | 2292ad2ec16c22eead9426bf4d70755864b80fb3 (patch) | |
tree | 60cf02b5ae9bc52233c79ac4e11d198347458198 /prog | |
parent | dn02b.fix (diff) | |
download | r-2292ad2ec16c22eead9426bf4d70755864b80fb3.tar r-2292ad2ec16c22eead9426bf4d70755864b80fb3.tar.gz r-2292ad2ec16c22eead9426bf4d70755864b80fb3.tar.bz2 r-2292ad2ec16c22eead9426bf4d70755864b80fb3.tar.lz r-2292ad2ec16c22eead9426bf4d70755864b80fb3.tar.xz r-2292ad2ec16c22eead9426bf4d70755864b80fb3.tar.zst r-2292ad2ec16c22eead9426bf4d70755864b80fb3.zip |
Diffstat (limited to 'prog')
-rwxr-xr-x | prog/baozveza/dsp | bin | 0 -> 24216 bytes | |||
-rw-r--r-- | prog/baozveza/dsp.c | 106 | ||||
-rwxr-xr-x | prog/baozveza/vis | bin | 0 -> 40432 bytes | |||
-rw-r--r-- | prog/baozveza/vis.c | 165 | ||||
-rw-r--r-- | prog/studisfri/makefile | 10 | ||||
-rwxr-xr-x | prog/studisfri/screenshot.sh | 13 | ||||
-rw-r--r-- | prog/studisfri/script.js | 1 | ||||
-rw-r--r-- | prog/studisfri/studis_account.php | 332 | ||||
-rw-r--r-- | prog/studisfri/studisfri | 29 | ||||
m--------- | prog/ž/QR-Code-generator | 0 |
10 files changed, 271 insertions, 385 deletions
diff --git a/prog/baozveza/dsp b/prog/baozveza/dsp Binary files differnew file mode 100755 index 0000000..1ecf469 --- /dev/null +++ b/prog/baozveza/dsp diff --git a/prog/baozveza/dsp.c b/prog/baozveza/dsp.c new file mode 100644 index 0000000..9b406e1 --- /dev/null +++ b/prog/baozveza/dsp.c @@ -0,0 +1,106 @@ +#include <math.h> +#include <complex.h> +#include <stdbool.h> +#include <stdint.h> +#include <string.h> +void fft (double complex * out, const double complex * in, int n, bool inverse, int skip) { // use skip=1 for initial calling. internal parameter for recursion. + if (n == 1) { + out[0] = in[0]; + return; + } + double complex omega = cpow(M_E, -2*M_PI*I/n); // nth root of unity (omega^(n-1)=1) + if (inverse) + omega = conj(omega); + // fprintf(stderr, "omega je %lf+%lfi, n je %d\n", creal(omega), cimag(omega), n); + fft(out, in, n/2, inverse, skip*2); + fft(out+n/2, in+skip, n/2, inverse, skip*2); + for (int i = 0; i < n/2; i++) { + double complex sod = out[i]; + double complex lih = out[n/2+i]; + out[i] = (sod + cpow(omega, i)*lih)/(skip == 1 && inverse ? n : 1); + out[n/2+i] = (sod - cpow(omega, i)*lih)/(skip == 1 && inverse ? n : 1); + } +} +double complex qam (int stopnja /* koren orderja */ , int simbol) { + double x = simbol%stopnja-(stopnja-1.0)/2.0; + double y = simbol/stopnja-(stopnja-1.0)/2.0; + return y*I+x; +} +int qam_symbols (int stopnja) { // how many possible symbols does this qam configuration let you use + return stopnja*stopnja; +} +int ofdm_columns (int vzorcev, int skip /* 1 za 0 razmika */) { + return 1+((vzorcev-1)/skip); +} +void ofdm (double complex * out /* space for vzorcev values */, int vzorcev /* must be power of 2 */, int skip, int stopnja, uint64_t simbol) { + memset(out, 0, sizeof out[0] * vzorcev); + for (int i = 0; i < ofdm_columns(vzorcev, skip); i++) { + out[i*skip] = qam(stopnja, simbol % qam_symbols(stopnja)); + simbol /= qam_symbols(stopnja); + } +} // returns frequency domain, run ifft to get complex time domain, which then has to be moduliran +void moduliraj (double * out, double complex * in, int insize, int faktor) { + for (int i = 0; i < insize*faktor; i++) + out[i] = in[i%insize]*sin(M_PI*2*i/(insize*faktor))+in[i%insize]*cos(M_PI*2*i/(insize*faktor)); +} +#ifdef MODEMTEST +#include <stdio.h> +#include <error.h> +#include <stdlib.h> +#include <unistd.h> +int main (int argc, char ** argv) { + if (argc != 5) + error(1, 0, "%s log_2(vzorcev) ofdm_skip stopnja faktor_modulacije", argv[0]); + int vzorcev = 1 << atoi(argv[1]); + int skip = atoi(argv[2]); + int stopnja = atoi(argv[3]); + int faktor = atoi(argv[4]); + int simbolov = pow(qam_symbols(stopnja), ofdm_columns(vzorcev, skip)); + fprintf(stderr, "s temi nastavitvami je stoplcev %d, vsak nosi %d simbolov, skupaj je torej na voljo %d simbolov\n", ofdm_columns(vzorcev, skip), qam_symbols(stopnja), simbolov); + while (true) + for (int simbol = 0; simbol < simbolov; simbol++) { + double complex frequency[vzorcev]; + double complex time[vzorcev]; + double modulirano[vzorcev*faktor]; + ofdm(frequency, vzorcev, skip, stopnja, simbol); + fft(time, frequency, vzorcev, true, 1); + moduliraj(modulirano, time, vzorcev, faktor); + write(STDOUT_FILENO, modulirano, sizeof modulirano); + } +} +#endif +#ifdef FFTTEST +#include <stdio.h> +int main () { + printf("fft test.\n"); + double complex sinusoid[128]; + for (int i = 0; i < 128; i++) { + sinusoid[i] = cpow(M_E, 2*M_PI*I/8*i); + for (int j = 0; j < 16+creal(sinusoid[i])*16; j++) printf("#"); + printf("\n"); + } + double complex freq[128]; + printf("fft:\n"); + fft(freq, sinusoid, 128, false, 1); + for (int i = 0; i < 128; i++) { + for (int j = 0; j < 16+creal(freq[i]); j++) printf("#"); + printf("\n"); + } + printf("ifft:\n"); + fft(sinusoid, freq, 128, true, 1); + for (int i = 0; i < 128; i++) { + for (int j = 0; j < 16+creal(sinusoid[i])*16; j++) printf("#"); + printf("\n"); + } + double complex testdata[] = {1, 2, 3, 4}; + double complex output[4]; + fft(output, testdata, 4, false, 1); + fft(testdata, output, 4, true, 1); + printf("fftd:\n"); + for (int i = 0; i < 4; i++) + printf("%lf+%lfi\n", creal(output[i]), cimag(output[i])); + printf("ifftd:\n"); + for (int i = 0; i < 4; i++) + printf("%lf+%lfi\n", creal(testdata[i]), cimag(testdata[i])); +} +#endif diff --git a/prog/baozveza/vis b/prog/baozveza/vis Binary files differnew file mode 100755 index 0000000..9679415 --- /dev/null +++ b/prog/baozveza/vis diff --git a/prog/baozveza/vis.c b/prog/baozveza/vis.c new file mode 100644 index 0000000..02a4e99 --- /dev/null +++ b/prog/baozveza/vis.c @@ -0,0 +1,165 @@ +#include <X11/Xlib.h> +#include <X11/keysym.h> +#include <X11/Xutil.h> +#include <assert.h> +#include <unistd.h> +#include <poll.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include "dsp.c" +#include <error.h> +#include <stdlib.h> +#include <errno.h> +enum whattodraw { + whattodraw_abs, + whattodraw_re, + whattodraw_im +}; +int main (int argc, char ** argv) { + if (argc != 3) + error(1, 0, "argv[1] must be set. fft length will then be 2**argv[1]\nargv[2] must be set. peak value will then be argv[2] -- use a floating point."); + double peak = strtod(argv[2], NULL); + Display *dpy = XOpenDisplay(NULL); + assert(dpy); + int blackColor = BlackPixel(dpy, DefaultScreen(dpy)); + int width = 200; + int height = 400; + Window w = XCreateSimpleWindow(dpy, DefaultRootWindow(dpy), 0, 0, width, height, 0, blackColor, blackColor); + // We want to get MapNotify events + XSelectInput(dpy, w, StructureNotifyMask | KeyPressMask | ExposureMask | VisibilityChangeMask); + // "Map" the window (that is, make it appear on the screen) + XMapWindow(dpy, w); + // Create a "Graphics Context" + GC gc = XCreateGC(dpy, w, 0, NULL); + // Tell the GC we draw using the white color + XSetForeground(dpy, gc, 0xff0000); + // Wait for the MapNotify event + struct pollfd pollfd[2] = { + { + .fd = XConnectionNumber(dpy), + .events = POLLIN | POLLHUP + }, + { + .fd = STDIN_FILENO, + .events = POLLIN + } + }; + int flags = fcntl(XConnectionNumber(dpy), F_GETFL, 0); + assert(flags != -1); + flags |= O_NONBLOCK; + assert(fcntl(XConnectionNumber(dpy), F_SETFL, flags) == 0); + bool flush = false; + int spectrumheight = 100; + void draw_ui () { + XSetForeground(dpy, gc, 0xff0000); + XDrawLine(dpy, w, gc, 0, spectrumheight+1, width, spectrumheight+1); + } + int capturesize = 1 << atoi(argv[1]); + unsigned received_bytes = 0; + double samples[capturesize]; + enum whattodraw whattodraw = whattodraw_abs; + unsigned block = 0; + while (XPending(dpy) || poll(pollfd, 2, -1) > 0) { + if (pollfd[0].revents & POLLIN || XPending(dpy)) { + while (XPending(dpy)) { + XEvent e; + XNextEvent(dpy, &e); + switch (e.type) { + case ConfigureNotify: + width = e.xconfigure.width; + height = e.xconfigure.height; + break; + case MapNotify: + case Expose: + case VisibilityChangeMask: + draw_ui(); + flush = true; + break; + case DestroyNotify: + goto end; + case KeyPress: + switch (XLookupKeysym(&e.xkey, 0)) { + case XK_Up: + spectrumheight--; + break; + case XK_Down: + spectrumheight++; + break; + case XK_a: + case XK_A: + whattodraw = whattodraw_abs; + break; + case XK_r: + case XK_R: + whattodraw = whattodraw_re; + break; + case XK_i: + case XK_I: + whattodraw = whattodraw_im; + break; + } + draw_ui(); + flush = true; + break; + case MappingNotify: + XRefreshKeyboardMapping(&e.xmapping); + break; + } + } + } + if (pollfd[1].revents & POLLIN) { + int rr = read(STDIN_FILENO, ((void *) samples)+received_bytes, sizeof samples-received_bytes); + if (rr == 0) { // EOF + pollfd[1].events = 0; + continue; + } + if (rr < 0) + error(1, errno, "stdin read"); + received_bytes += rr; + if (received_bytes == capturesize*sizeof(samples[0])) { + double complex complex_samples[capturesize]; + for (int i = 0; i < capturesize; i++) + complex_samples[i] = samples[i]; + double complex spectrum[capturesize]; + fft(spectrum, complex_samples, capturesize, false, 1); + XSetForeground(dpy, gc, blackColor); + XFillRectangle(dpy, w, gc, 0, 0, width, spectrumheight+1); + XSetForeground(dpy, gc, 0x00ff00); + for (int i = 0; i < capturesize; i++) { + double frequency; + switch (whattodraw) { + case whattodraw_abs: + frequency = cabs(spectrum[i]); + break; + case whattodraw_re: + frequency = creal(spectrum[i]); + break; + case whattodraw_im: + frequency = cimag(spectrum[i]); + break; + } + if (frequency > peak) + frequency = peak; + XSetForeground(dpy, gc, 0x00ff00); + XDrawLine(dpy, w, gc, i, spectrumheight, i, spectrumheight-(frequency/peak)*spectrumheight); + XSetForeground(dpy, gc, (frequency/peak)*0x00ff00+(frequency/peak)*0x0000ff); + XDrawPoint(dpy, w, gc, i, spectrumheight+2+block%(height-spectrumheight-2)); + } + int scanner = spectrumheight+2+block%(height-spectrumheight-2); + XSetForeground(dpy, gc, 0xabcdef); + XFillRectangle(dpy, w, gc, 0, scanner+1, capturesize, 3); + flush = true; + received_bytes = 0; + block++; + } + } + if (flush) { + XFlush(dpy); + flush = false; + } + } + end: + XCloseDisplay(dpy); +} + diff --git a/prog/studisfri/makefile b/prog/studisfri/makefile deleted file mode 100644 index d264405..0000000 --- a/prog/studisfri/makefile +++ /dev/null @@ -1,10 +0,0 @@ -default: fetchsrc - -fetchsrc: - sftp s@b <<<"get /etc/nginx/sites/studisfri" - sftp s@b <<<"get studisfri/studis_account.php" - sftp s@b <<<"get studisfri/script.js" - sftp s@b <<<"get studisfri/screenshot.sh" - - -.PHONY: default fetchsrc diff --git a/prog/studisfri/screenshot.sh b/prog/studisfri/screenshot.sh deleted file mode 100755 index 5fdc8a1..0000000 --- a/prog/studisfri/screenshot.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -xe -umask 0077 -p=`rev <<<$0 | cut -d/ -f1 | rev` -t=`mktemp -p "" -d $p.XXX` -librewolf --headless --profile $t --no-remote --new-instance --screenshot $t/screenshot.png $1 -mount | grep "on /proc type proc" | grep hidepid=invisible || echo POZOR! leakal bom ime datoteke v procfs! POPRAVI!!! -h=`sha256sum $t/screenshot.png | cut -d\ -f1` -[ -f ../www/studisfri/$h.png ] && echo datoteka_že_obstaja -mv $t/screenshot.png ../www/studisfri/$h.png -chmod o+r ../www/studisfri/$h.png -echo zgoščena_vrednost $h -rm -r $t diff --git a/prog/studisfri/script.js b/prog/studisfri/script.js deleted file mode 100644 index db25d21..0000000 --- a/prog/studisfri/script.js +++ /dev/null @@ -1 +0,0 @@ -console.log("studisfri hijacker loaded - NOOP"); diff --git a/prog/studisfri/studis_account.php b/prog/studisfri/studis_account.php deleted file mode 100644 index 372001b..0000000 --- a/prog/studisfri/studis_account.php +++ /dev/null @@ -1,332 +0,0 @@ -<?php -function get_un ($resp) { - $x = new DOMDocument(); - @$x->loadHTML($resp); - foreach (explode(" ", trim($x->getElementsByTagName("address")[0]->nodeValue)) as $niz) - if (strpos($niz, "@") !== false) - $un = trim($niz); - return $un; -} -function studis_get ($cookie) { - $string = ""; - $resp = @file_get_contents("https://studisfri.uni-lj.si/StudentProfil/KontaktniPodatki", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]])); - if (strpos($resp, "/Account/Logout") === false) - return false; - $un = get_un($resp); - $string .= $resp; - $resp = @file_get_contents("https://studisfri.uni-lj.si/DashboardStudent", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]])); - if (strpos($resp, "/Account/Logout") === false) - return false; - $string .= $resp; - $resp = @file_get_contents("https://studisfri.uni-lj.si/Student/ElektronskiIndeksStudent", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]])); - if (strpos($resp, "/Account/Logout") === false) - return false; - $string .= $resp; - if (strpos($un, "@") !== false) { - global $db; - $stmt = $db->prepare("update users set cookies=:cookies where username=:username"); - $stmt->bindParam(":username", $un, PDO::PARAM_STR); - $stmt->bindParam(":cookies", $cookie, PDO::PARAM_STR); - $stmt->execute(); - $stmt->closeCursor(); - $cookies = []; - foreach ($http_response_header as $h) { - if (strtolower(explode(": ", $h)[0]) == "set-cookie") { - $cookie = explode("; ", explode(": ", $h)[1])[0]; - $cookies[] = $cookie; - add_infinite_cookie($cookie); - } else - if (strtolower(explode(": ", $h)[0]) != "location") - header($h); - } - if (sizeof($cookies)) { - $stmt = $db->prepare("update users set cookies=:cookies where username=:username"); - $stmt->bindParam(":username", $un, PDO::PARAM_STR); - $cookies = implode("; ", $cookies); - $stmt->bindParam(":cookies", $cookies, PDO::PARAM_STR); - $stmt->execute(); - $stmt->closeCursor(); - } - } - return ["hash" => hash("sha256", $string, true), "username" => $un]; -} -function add_infinite_cookie ($cookie) { - header("Set-Cookie: $cookie; Path=/; Expires=Fri, 31 Dec 9999 23:59:59 GMT; Secure; HttpOnly", false); -} -function make_login_page ($resp) { - $replace = <<<HEREDOC - <details style=margin:1cm> - <summary> - ▶ Pokaži polje za nalaganje obstoječe seje na - strežnik (za napredne uporabnike) - </summary> - - <div class="form-group"> - <label for=Session> - Sejni piškotek <code>.ASPXAUTH</code> prilepite v spodnje polje obliki, kot bi bil poslan v <code>Cookie:</code> headerju. Primer: <code>.ASPXAUTH=713851603</code> - </label> - <div class="col-sm-offset-2 col-sm-8"> - <div class="input-group"> - <div class="input-group-addon"> - <i class="fa fa-fw fa-unlock-alt"></i> - </div> - <input autocomplete="off" class="form-control" id="Session" name="Session" placeholder="Sejni piškotki" type="text" /> - </div> - <p>Uporabniško ime in geslo morate prav tako vnesti. Posebej bodite pazljivi, da je geslo pravnilno vnešeno, saj strežnik njegove pravilnosti ne bo preverjal.</p> - </div> - - </details> - <div class="modal-footer"> -HEREDOC; - echo str_replace('<div class="modal-footer">', $replace, str_replace("studisfri.uni-lj.si", $_SERVER["HTTP_HOST"], $resp)); -} -function waste_login ($tekst) { - if (!empty($_REQUEST["potrdilo"])) { - $resp = file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["follow_location" => 0, "method" => "POST", "header" => "Content-Type: application/x-www-form-urlencoded\r\nCookie: {$_SERVER["HTTP_COOKIE"]}", "content" => "__RequestVerificationToken=" . urlencode($_POST["rvt"]) . "&Username=" . urlencode($_POST["username"]) . "&Password=" . urlencode($_POST["password"])]])); - # file_put_contents("/tmp/resp.html", $resp); - # file_put_contents("/tmp/http_response_header.txt", implode("\r\n", $http_response_header)); - if (strpos($http_response_header[0], "302") !== false) { - http_response_code(303); - $cookies = []; - foreach ($http_response_header as $h) { - if (strtolower(explode(": ", $h)[0]) == "set-cookie") { - $cookie = explode("; ", explode(": ", $h)[1])[0]; - $cookies[] = $cookie; - add_infinite_cookie($cookie); - } else - if (strtolower(explode(": ", $h)[0]) != "location") - header($h); - } - global $db; - $stmt = $db->prepare("insert into users (username, cookies, password, last) values (:username, :cookies, :password, CURRENT_TIMESTAMP) on conflict(username) do update set username=:username, cookies=:cookies, password=:password, last=CURRENT_TIMESTAMP"); - $stmt->bindParam(":username", $_POST["username"], PDO::PARAM_STR); - $cookies = implode("; ", $cookies); - $stmt->bindParam(":cookies", $cookies, PDO::PARAM_STR); - $password = password_hash($_POST["password"], PASSWORD_DEFAULT); - $stmt->bindParam(":password", $password, PDO::PARAM_STR); - $stmt->execute(); - header("Location: /"); - } else { - echo make_login_page($resp); - } - } else { - echo $tekst . ' Če nadaljujete s prijavo z uporabniškim imenom in geslom, bo porabljena ena vaša prijava brez kvalificiranega potrdila.<form method=post><input type=hidden name=username value="' . htmlspecialchars($_POST["Username"]) . '" /><input type=hidden name=password value="' . htmlspecialchars($_POST["Password"]) . '" /><input type=hidden name=rvt value=' . htmlspecialchars($_POST["__RequestVerificationToken"]) . ' /><input type=submit name=potrdilo value="Nadaljuj s prijavo v STUDIS >>>" /></form>Če se vam večkrat zaporedoma kaže to sporočilo, ohranjanje sej na strežniku mogoče ne deluje. Prosim, da mi v tem primeru pošljete pismo na naslov <a href=mailto:anton@sijanec.eu>anton@šijanec.eu</a> in do popravila sistema uporabljate <a href=https://studisfri.uni-lj.si>uradni portal STUDIS</a>.'; - } -} -umask(0077); -if (!empty($_REQUEST["src"])) { - die(file_get_contents($_SERVER["SCRIPT_FILENAME"])); -} -$db = new PDO("sqlite:studis.sqlite3", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); -$did = false; -if (!$db || !empty($_REQUEST["dberror"])) { - http_response_code(503); - echo "Strežnik ne more odpreti podatkovne zbirke. Prosim, kontaktirajte me na naslov <a href=mailto:anton@sijanec.eu>anton@šijanec.eu</a>. Med nedelovanjem moje storitve lahko uporabljate uradni portal na spletni strani <a href=https://studisfri.uni-lj.si>studisfri.uni-lj.si</a>, vendar boste koristili preostale prijave."; - $did = true; -} -$db->query("create table if not exists users (username TEXT PRIMARY KEY UNIQUE NOT NULL CHECK(length(username) > 0), cookies TEXT UNIQUE NOT NULL, password TEXT NOT NULL, last default CURRENT_TIMESTAMP, mail INTEGER, hash TEXT CHECK(length(hash) == 32)) -"); -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "script") !== false) { - echo "/*"; - var_dump(studis_get($_SERVER["HTTP_COOKIE"])); - echo "*/"; - die(file_get_contents("script.js")); -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "odjava") !== false) { - if ($_SERVER["REQUEST_METHOD"] == "POST") { - $stmt = $db->prepare("update users set mail=0 where hash=:hash"); - $stmt->bindParam(":hash", $_REQUEST["hash"], PDO::PARAM_LOB); - $stmt->execute(); - echo "Zahteva po odjavi uspešno prejeta."; - } else { - echo "S klikom na gumb Odjava se odjavite od pridobivanja sporočil na ta elektronski naslov. Ponovno se lahko prijavite na sporočila samo v <a href=nastavitve>nastavitvah</a> med tem, ko ste prijavljeni. Ta odjava deluje tudi takrat, ko niste prijavljeni, vendar je povezava za odjavo delujoča le od zadnje vzpostavljene seje.<form method=post><input type=submit name=odjava value='Odjavi se od prejemanja elektronskih sporočil' /></form>"; - } - $did = true; -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "nastavitve") !== false) { - $r = studis_get($_SERVER["HTTP_COOKIE"]); - if ($r) { - if ($_SERVER["REQUEST_METHOD"] == "POST") { - if (password_verify($_SERVER["HTTP_COOKIE"], $_POST["csrf"])) { - $value = 0; - if (@$_POST["mail"] == "prosim") - $value = 1; - $stmt = $db->prepare("update users set mail=$value, hash=:hash where username=:username"); - $stmt->bindParam(":username", $r["username"], PDO::PARAM_STR); - $stmt->bindParam(":hash", $r["hash"], PDO::PARAM_LOB); - $stmt->execute(); - } else { - echo "Zgodil se je CSRF napad ali pa napaka na strežniku. Ne spreminjam nobenih nastavitev. Kontaktirate lahko administratorja na naslov <a href=mailto:anton@sijanec.eu>anton@šijanec.eu</a>."; - } - } - $csrf = password_hash($_SERVER["HTTP_COOKIE"], PASSWORD_DEFAULT); - $stmt = $db->prepare("select mail from users where username=:username"); - $stmt->bindParam(":username", $r["username"], PDO::PARAM_STR); - $stmt->execute(); - echo "<h1>dodatne nastavitve posredniškega strežnika studisfri</h1><form method=POST><input type=hidden name=csrf value=$csrf><input type=checkbox id=mail name=mail value=prosim " . ($stmt->fetchColumn(0) ? "checked" : "") . " /><label for=mail>pošlji obvestilo na moj elektronski naslov ({$r["username"]}), ko se spremeni kaj na Studisu (preverjanje štirikrat dnevno) oziroma če prijava v STUDIS ne uspe</label><br><input type=submit name=submit value=shrani /></form><a href=/>Nazaj na glavno stran <<<</a>"; - } else { - http_response_code(303); - header("Location: /Account/Login"); - } - $did = true; -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "logout") !== false) { - http_response_code(303); - setcookie(".ASPXAUTH", "pls expire my digga", 1, "/", null, true, true); - header("Location: /"); - // echo "Odjava uspešna. Morebitno sejo ohranjam na strežniku. Preusmerjam na prijavno stran v petih sekundah. <meta http-equiv=refresh content=5;/ />"; - $did = true; -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "cookies") !== false) { - if (strpos($_REQUEST["cookies"], "\n") !== false || strpos($_REQUEST["location"], "\n") !== false) - die("hacker reported to the fbi"); - header("Location: " . $_REQUEST["location"]); - foreach (explode("; ", $_REQUEST["cookies"]) as $c) - add_infinite_cookie($c); -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "cron") !== false) { - $ret = $db->query("select username, cookies, mail, hash from users"); - header("Content-Type: text/plain"); - foreach ($ret as $row) { - $g = studis_get($row[1]); - if ($g === false) { - echo "neuspelo\t" . $row[0]; - if ($row[2]) { - $uehash = urlencode($row[3]); - mail($row[0], "Neuspela prijava v portal STUDIS", "Spoštovani,\r\n\r\nobveščam vas, da se posredniški strežnik STUDISa v vaš profil ni uspel prijaviti. Lahko gre le za začasno napako (izpad omrežne povezave), ali pa je potekla vaša seja na strežniku. Poštna obvestila lahko izklopite brez prijave na povezavi https://studisfri.4a.si/Account/odjava?hash=$uehash ali pa s pismom administratorju na naslov anton@sijanec.eu.\r\n\r\nLep pozdrav\r\nPHP\r\n", "From: studisfri@4a.si\r\nReply-To: anton@sijanec.eu"); - echo "\tmail"; - } - echo PHP_EOL; - } else { - $stmt = $db->prepare("update users set last=CURRENT_TIMESTAMP, hash=:hash where username=:username"); - $stmt->bindParam(":username", $row[0], PDO::PARAM_STR); - $stmt->bindParam(":hash", $g["hash"], PDO::PARAM_LOB); - $stmt->execute(); - $uc = urlencode($row[1]); - $izhod = `timeout 10s ./screenshot.sh 'https://studisfri.4a.si/Account/cookies?cookies=$uc&location=/' 2>&1`; - $h = ""; - foreach (explode("\n", $izhod) as $v) { - $x = explode(" ", $v); - if ($x[0] == "zgoščena_vrednost") - $h = " Posnetek zaslona vaše nadzorne plošče na portalu STUDIS si lahko ogledate na https://s.4a.si/studisfri/{$x[1]}.png"; - } - echo "uspelo\t" . $g["username"]; - if ($row[2] && $g["hash"] != $row[3] && strpos($izhod, "datoteka_že_obstaja") === false) { - $uehash = urlencode($g["hash"]); - mail($row[0], "Sprememba na portalu STUDIS", "Spoštovani,\r\n\r\nobveščam vas, da se je na vašem STUDIS portalu {$row[0]} pojavila sprememba. Portal STUDIS je dostopen na povezavi https://studisfri.4a.si/. Ta obvestila lahko izklopite brez prijave na naslovu https://studisfri.4a.si/Account/odjava?hash=$uehash ali pa s pismom administratorju na naslov anton@sijanec.eu.$h\r\n\r\nLep pozdrav\r\nPHP\r\n\r\n\r\n---------\r\nDiagnostične informacije sledijo:\r\nPrejšnja zgoščena vrednost STUDIS: " . bin2hex($row[3]) . "\r\nTrenutna zgoščena vrednost STUDIS: " . bin2hex($g["hash"]) . "\r\n\r\nIzhod programa screenshot.sh:\r\n$izhod", "From: studisfri@4a.si\r\nReply-To: anton@sijanec.eu"); - echo "\tmail"; - } - echo PHP_EOL; - } - } - die(); -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "setculture") !== false) { - @file_get_contents("https://studisfri.uni-lj.si/Account/SetCulture?culture={$_GET['culture']}", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$_SERVER["HTTP_COOKIE"]}"]])); - http_response_code(303); - header("Location: {$_GET["ReturnUrl"]}"); -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "registercertificate") !== false) { - http_response_code(404); - echo "Kvalificiranega digitalnega potrdila ne morete registrirati preko tega posredniškega strežnika. Za registracijo potrdila uporabite uradno spletno stran na naslovu <a href=https://studisfri.uni-lj.si/Account/RegisterCertificate>studisfri.uni-lj.si</a>."; - $did = true; -} -if (strpos(strtolower($_SERVER["DOCUMENT_URI"]), "login") !== false) { - $resp = file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$_SERVER["HTTP_COOKIE"]}"]])); - file_put_contents("/tmp/resp.html", $resp); - if (strpos($resp, "/Account/Logout") !== false) { - http_response_code(303); - header("Location: /"); - } else { - if ($_SERVER["REQUEST_METHOD"] != "POST") { - foreach ($http_response_header as $h) { - if (strtolower(explode(": ", $h)[0]) == "set-cookie") { - $cookie = explode("; ", explode(": ", $h)[1])[0]; - $cookies[] = $cookie; - add_infinite_cookie($cookie); - } else { - header($h); - } - } - echo make_login_page($resp); - } else { - $stmt = $db->prepare("select cookies, password from users where username=:username"); - $stmt->bindParam(":username", $_POST["Username"], PDO::PARAM_STR); - // $stmt->debugDumpParams(); - $stmt->execute(); - $row = $stmt->fetch(); - if (!empty($_POST["Session"])) { - $resp = @file_get_contents("https://studisfri.uni-lj.si/StudentProfil/KontaktniPodatki", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$_POST["Session"]}"]])); - if (strpos($resp, "/Account/Logout") !== false) { - $un = get_un($resp); - if ($un == $_POST["Username"]) { - $stmt = $db->prepare("insert into users (username, cookies, password, last) values (:username, :cookies, :password, CURRENT_TIMESTAMP) ON CONFLICT(username) DO UPDATE SET username=:username, cookies=:cookies, password=:password"); - $stmt->bindParam(":username", $_POST["Username"]); - $stmt->bindParam(":cookies", $_POST["Session"]); - $pwhash = password_hash($_POST["Password"], PASSWORD_DEFAULT); - $stmt->bindParam(":password", $pwhash); - $stmt->execute(); - http_response_code(303); - foreach (explode("; ", $_POST["Session"]) as $cookie) { - add_infinite_cookie($cookie); - } - header("Location: /"); - } else { - echo "Uporabniško ime podane seje ($un) se ne ujema z vašim podanim uporabniškim imenom v prijavnem obrazcu ({$_POST["Username"]}). <a href=/>Nazaj na prijavno stran <<<</a>"; - } - } else { - waste_login("Poslani sejni piškotki vas ne prijavijo v STUDIS."); - } - } else { - if ($row == false || $row["cookies"] == false) { - waste_login("Strežnik nima shranjene vaše seje."); - } else { - $resp = @file_get_contents("https://studisfri.uni-lj.si/Account/Login", false, stream_context_create(["ssl" => ["verify_peer" => false, "verify_peer_name" => false], "http" => ["method" => "GET", "header" => "Cookie: {$row["cookies"]}"]])); - if (strpos($resp, "/Account/Logout") !== false) { - if (password_verify($_POST["Password"], $row["password"])) { - http_response_code(303); - foreach (explode("; ", $row["cookies"]) as $cookie) { - add_infinite_cookie($cookie); - } - header("Location: /"); - } else { - waste_login("Napačno geslo. <b>Na strežniku obstaja aktivna seja.</b> Če ste menjali svoje ID UL geslo, se lahko prijavite s starim, kar bo nadaljevalo vašo obstoječo sejo, če se pa starega gesla ne spomnite, pa lahko nadaljujete s prijavo z novim geslom in s tem porabite eno prijavo (v kolikor je geslo pravilno)."); - } - } else { - waste_login("Seja, shranjena na strežniku, je potekla."); - } - } - } - } - } - $did = true; -} -if (!$did) { - echo "Program ni naredil ničesar. Če vidite to sporočilo, se je zgodila napaka. Prosim, kontaktirajte me na naslov <a href=mailto:anton@sijanec.eu>anton@šijanec.eu</a>. <a href=/>Nazaj na glavno stran</a>"; -} -?> -<meta name=viewport content='width=device-width, initial-scale=1.0'> -<br><br><br> -<hr> -<details><summary>Prikaži diagnostične informacije</summary> -<pre> -<?php htmlspecialchars(var_export($_SERVER) . var_export($_REQUEST)); ?> -</pre> -Trenutno upravljam s sejami naslednjih uporabnikov: -<style> -table, tr, th, td { - border: 1px solid red; -} -</style> -<table> -<tr> -<th>uporabniško ime</th> -<th>čas zadnje uspešne osvežitve seje v UTC</th> -<th>želi elektronsko pošto</th> -</tr> -<?php -$ret = $db->query("select username, last, mail from users"); -foreach ($ret as $row) { - echo "<tr><td>" . htmlspecialchars($row["username"]) . "</td><td>{$row['last']}</td><td>" . ($row["mail"] ? "da" : "ne") . "</td>"; -} -?> diff --git a/prog/studisfri/studisfri b/prog/studisfri/studisfri deleted file mode 100644 index 7834c7d..0000000 --- a/prog/studisfri/studisfri +++ /dev/null @@ -1,29 +0,0 @@ -server { - include listen_http_internal; - server_name ~studisfri; - return 301 https://$host$request_uri; - port_in_redirect off; - server_name_in_redirect off; -} -server { - include listen_https_internal; - server_name ~studisfri; - location /Account/ { - default_type text/html; - add_header content-security-policy "script-src 'none'"; - include fastcgi.conf; - fastcgi_param SCRIPT_FILENAME /home/s/studisfri/studis_account.php; - # fastcgi_param SCRIPT_NAME /home/s/www/studis_account.php; - fastcgi_pass unix:/run/php-s.sock; - } - location / { - sub_filter_once off; - sub_filter studisfri.uni-lj.si $http_host; - sub_filter 'dropdown-menu-right">' "dropdown-menu-right\"><li><a href=/Account/nastavitve>dodatne nastavitve neuradnega posrednika</a>"; - sub_filter </title> '</title><script src=/Account/script.js></script>'; - proxy_pass https://studisfri.uni-lj.si; - proxy_set_header Host studisfri.uni-lj.si; - proxy_set_header Accept-Encoding ""; - proxy_ssl_server_name on; - } -} diff --git a/prog/ž/QR-Code-generator b/prog/ž/QR-Code-generator -Subproject 49a66a2b8bb8f8852fd2e1deb00b8672f576013 +Subproject 22fac31bdf81da68730c177c0e931c93234d2a3 |