Location: PHPKode > projects > AnoBBS 3DES encrypted forum and communication repository > anobbs-3des-encrypted-forum-and-communication-repository/progs/bbs_uauth.php
<?PHP
## Unauth core for AnoBBs v. 1.0 mlk ##

#################
## Main switch ##
#################
switch($c) {
	## Case for returning encrypted login form. This is pure obfuscation, the decryption key is also transmitted
	## Returns login form with key-fragment for login in hidden field, which are decrypted with the key on return
	case "bsx":
		if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		if($retcontx == "") {
			$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		}
		if(file_exists($prog_dir."/loginform.html")) {
			$retftempl = file_get_contents($prog_dir."/loginform.html");
			$bsxkey = md5(uniqid("Uh??"));
			//$bsxsesskey = md5(uniqid("Duffelcoat"));
			$bsxsesskey = "2a4dc331eb69a3448276a0e930d0c9db";
			$retftempl = str_replace("^SESSKEY^", $bsxsesskey, $retftempl);
			$retftempl = str_replace("^SESSIP^", $servIp, $retftempl);
			$retftempl = str_replace("^SESSAGENT^", $servAgent, $retftempl);
			$retftempl = str_replace("\n", "", $retftempl);
			$retftempl = rawurlencode($retftempl);
			$bsxcrypt = TripleDES($bsxkey,$retftempl,1,0,$iv);
			$bsxhex = printHex($bsxcrypt);
			$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<loginform>".$bsxhex."</loginform>\n<loginformkey>".$bsxkey."</loginformkey>\n</root>";
			} else {
			$bsxreturn = "No template file for login form, sorry";
			$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>".$bsxreturn."</autherr>\n</root>";
		}
		} else {
		$bsxreturn = "No such BBS, sorry";
		$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>".$bsxreturn."</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontxc;
	break;
	
	case "blx":
	## Auth ##
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		$cpc = $_GET['cpc'];
		$crc = $_GET['crcstr'];
		$cpkey = $_GET['cpk'];
		if(trim($cpc) != "") {
			$suKey = trim(ret_xmlfield("acforumkey", $retcontx));
			## Create binary from hex ##
			$res1 = hexToString($cpc);
			## Triple-DES decryption ##
			//$cpcreturn = "PHP Decrypt: ".trim(TripleDES($suKey,$res1,0,0,$iv))." Javascript original: ".$crc;
			$cpcreturn = "PHP Key: ".$suKey."\nJS Key: ".$cpkey."\nPHP Decrypt: ".trim(TripleDES($suKey,$res1,0,0,$iv))."\nJavascript original: ".$crc;
			} else {
			$cpcreturn = "No CPC found";
		}
		} else {
		$cpcreturn = "No BBS file found";
	}
	$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>".$cpcreturn."</autherr>\n</root>";
	header("Content-type: application/xml");
	echo $retcontxc;
	break;
	
	case "bbsa":
	## Auth ##
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are so fucked</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontx;
	break;
	
	case "dctest":
	$gypt = $_POST['gy'];
	if(file_exists($bbsfiledir."/".$dcodesearch."/test.xml")) {
		$retcontxs = file_get_contents($bbsfiledir."/".$dcodesearch."/test.xml");
		$doxml = str_replace("^RCT^", $gypt, $retcontxs);
		header("Content-type: application/xml");
		echo $doxml;
	}
	//header("Content-type: text/html");
	//echo "Yeah, all right: $gypt";
	break;
	
	case "ttt":
	$xtid = strip_tags($_GET['ft']);
	$gtxstrng = $xtid."_".strip_tags($dcodesearch).".xml";
	//$fxmsg = $_POST['xtm'];
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
			$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
			$cUser = chkUser($xuser, $retcontx);
			if($cUser[0] == 1) {
				if(file_exists($root_dir."/js/tripleDes.js")) {
					if(file_exists($root_dir."/js/md5.js")) {
						if(file_exists($prog_dir."/save.html")) {
							$retjsx1 = "\n".file_get_contents($root_dir."/js/tripleDes.js")."\n";
							$retjsx2 = "\n".file_get_contents($root_dir."/js/md5.js")."\n";
							$retjsx3 = "\n".file_get_contents($root_dir."/js/anochat_system.js")."\n";
							$retjsx4 = "\n".file_get_contents($root_dir."/js/anobbs_vars.js")."\n";
							$retjsx5 = "\n".file_get_contents($root_dir."/js/anobbs_save.js")."\n";
							$varxmlstr = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
							$varxmlstr = str_replace("\n", "\\\n", $varxmlstr);
							$savetime = date("Y-m-d", time());
							$varptitle = "AnoBBS node: ".$dcodesearch." Topic: ".$xtid." Saved: ".$savetime;
							$retjxvar = "var cxmlstring = '".$varxmlstr."';";
							$bodyvar = "writeAuthscreen();";
							$headscripts = $retjsx1.$retjsx2.$retjsx3.$retjsx4.$retjsx5.$retjxvar;
							$rethtmltpl = file_get_contents($prog_dir."/save.html");
							$rethtmltpl = str_replace("^PTITLE^", $varptitle, $rethtmltpl);
							$rethtmltpl = str_replace("^PSCRIPTS^", $headscripts, $rethtmltpl);
							$rethtmltpl = str_replace("^PSTYLES^", "", $rethtmltpl);
							$rethtmltpl = str_replace("^PAGEBODY^", $bodyvar, $rethtmltpl);
							$retcontxc = $rethtmltpl;
							
							header("Content-type: text/html");
							header("Content-disposition: inline; filename=\"".$savetime."-ABBST-".$dcodesearch."-".$xtid.".html\"");
							} else {
							$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Template not found - cancelling package</autherr>\n</root>";
							header("Content-type: application/xml");
						}
						} else {
						$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Scripts not complete - cancelling package</autherr>\n</root>";
						header("Content-type: application/xml");
					}
					} else {
					$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Scripts not complete - cancelling package</autherr>\n</root>";
					header("Content-type: application/xml");
				}
				} else {
				$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You do not have permission to do this</autherr>\n</root>";
				header("Content-type: application/xml");
			}
			} else {
			$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Topic file not found</autherr>\n</root>";
			header("Content-type: application/xml");
		}
		} else {
		$retcontxc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Forum file not found</autherr>\n</root>";
		header("Content-type: application/xml");
	}
	echo $retcontxc;
	break;
	
	case "ttts":
	$retjsx1 = file_get_contents($root_dir."/ntestf.xml");
	header("Content-type: application/xml");
	echo $retjsx1;
	break;
	
	## Post topic reply ##
	case "ptr":
	$fxsubject = isHex($_POST['xts']);
	$fxmsg = isHex($_POST['xtm']);
	## Topic id
	$fxtpc = xisNum($_GET['xtpc']);
	## Reply id
	$fxtpcr = xisNum($_GET['xtr']);
	$gtxstrng = $fxtpc."_".strip_tags($dcodesearch).".xml";
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
			$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
			$cUser = chkUser($xuser, $retcontx);
			if($cUser[0] == 1) {
				if(trim(ret_xmlfield("actopicstatus", $retcontpix)) == "open") {
					$rplyid = trim(ret_xmlfield("actopicreplies", $retcontpix));
					$rplyid = $rplyid+1;
					$retcontpix =  put_xmlfield("actopicreplies", $retcontpix, $rplyid);
					$retcontpix =  put_xmlfield("actopiclastpost", $retcontpix, time());
					$retcontpix =  put_xmlfield("actopiclastpostauthor", $retcontpix, $xuser);
					$retcontx = updForumonreply($xuser, $fxtpc, $retcontx);
					if($fxmsg == "none") {
						$trgstr = "\n\t\t\t<actopicreplytexts>none</actopicreplytexts>\n\t\t\t";
						} else {
						$trga = chunk_split($fxmsg, 2000, ",");
						$trgb = explode(",", $trga);
						$trgstr = "\n";
						for($y=0;$y<sizeof($trgb);$y++) {
							if(trim($trgb[$y]) != "") {
								$trgstr .= "\t\t\t\t<actopicreplytexts>".$trgb[$y]."</actopicreplytexts>\n";
							}
						}
						$trgstr .= "\t\t\t";
					}
					
					$xmssnip = retTopicreply($rplyid, $fxtpcr, $fxsubject, $trgstr, $xuser);
					$retcontpix = doReply($xmssnip, $retcontpix);
					updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontx);
					updateBBS($bbsfiledir."/".$dcodesearch."/".$gtxstrng, $retcontpix);
					## Return merge of files for ajax return
					$retcontpix = retFUlist($retcontx, $retcontpix);
					} else {
					$retcontpix = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>The thread is closed</autherr>\n</root>";
				}
				} else {
				$retcontpix = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this. You have no auth</autherr>\n</root>";
			}
			} else {
			$retcontpix = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this. No such topic: $fxtpc</autherr>\n</root>";
		}
		} else {
		$retcontpix = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this. no forum file</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontpix;
	break;
	
	## Post topic ##
	case "pt":
	$fxsubject = $_POST['xts'];
	$fxmsg = $_POST['xtm'];
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		$cUser = chkUser($xuser, $retcontx);
		if($cUser[0] == 1) {
			$ntopicid = retTopicid($dcodesearch);
			$tcml = retnfTopic($ntopicid+1, $fxsubject, $xuser, $dcodesearch, "n");
			$retcontx =  newTopic($retcontx, $tcml);
			$retcontx = updUser($xuser, $retcontx, "new");
			if($fxmsg == "none") {
				$trgstr = "\n\t\t\t<actopicmessages>none</actopicmessages>\n\t\t";
				} else {
				$trga = chunk_split($fxmsg, 2000, ",");
				$trgb = explode(",", $trga);
				$trgstr = "\n";
				for($y=0;$y<sizeof($trgb);$y++) {
					if(trim($trgb[$y]) != "") {
						$trgstr .= "\t\t\t<actopicmessages>".$trgb[$y]."</actopicmessages>\n";
					}
				}
				$trgstr .= "\t\t";
			}
			retntTopic($ntopicid+1, $fxsubject, $trgstr, $xuser, $dcodesearch, "n");
			updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontx);
			## Comment for return of forum topic list start
			$gtxstrng = ($ntopicid+1)."_".strip_tags($dcodesearch).".xml";
			if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
				$retcontpix = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
				$retcontpix = retFUlist($retcontx, $retcontpix);
				$retcontx = $retcontpix;
			}
			## Comment for return of forum topic list end
			$retcontx =  put_xmlfield("acforumtstamp", $retcontx, time());
			} else {
			$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
		}
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontx;
	break;
	
	## View topic ##
	case "vt":
	$xtid = strip_tags($_GET['ft']);
	$gtxstrng = $xtid."_".strip_tags($dcodesearch).".xml";
	//$fxmsg = $_POST['xtm'];
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontfx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
			$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
			} else {
			$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
		}
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
	}
	## Return merge of forum and topic files for ajax return
	$retcontx = retFUlist($retcontfx, $retcontx);
	header("Content-type: application/xml");
	echo $retcontx;
	break;
	
	case "st":
	$xtid = strip_tags($_GET['tx']);
	$gtxstrng = $xtid."_".strip_tags($dcodesearch).".xml";
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		if(file_exists($bbsfiledir."/".$dcodesearch."/".$gtxstrng)) {
			$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$gtxstrng);
			if(file_exists($root_dir."/js/tripleDes.js")) {
				if(file_exists($root_dir."/js/md5.js")) {
					$strhtml1 = "<html>\n<head>\n<title>BBS-node: ".$dcodesearch." TopicID: ".$xtid."</title>\n";
					$retjsxstr1 = "<SCRIPT language=\"JavaScript\">\n";
					$retjsxstr2 = "\n</SCRIPT>\n";
					$retjsx1 = file_get_contents($root_dir."/js/tripleDes.js");
					$retjsx2 = file_get_contents($root_dir."/js/md5.js");
					$strhtml2 = "</head>\n<body class=\"cbody\">\n";
					$strhtml3 = "</body>\n</html>";
					header("Content-type: text/html");
					header("Content-Disposition: inline; filename=".$xtid."_".$dcodesearch.".html");
					//header("Content-type: application/x-unknown");
					//header("Content-Disposition: attachment; filename=".$xtid."_".$dcodesearch.".html");
					echo $strhtml1.$retjsxstr1.$retjsx1.$retjsx2.$retjsxstr2.$strhtml2.$strhtml3;
					} else {
					$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Scripts not complete - cancelling package</autherr>\n</root>";
					header("Content-type: application/xml");
					echo $retcontx;
				}
				} else {
				$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>Scripts not complete - cancelling package</autherr>\n</root>";
				header("Content-type: application/xml");
				echo $retcontx;
			}
			} else {
			$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this. No such topic exists.</autherr>\n</root>";
			header("Content-type: application/xml");
			echo $retcontx;
		}
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this. No such forum exists.</autherr>\n</root>";
		header("Content-type: application/xml");
		echo $retcontx;
	}
	
	break;
	
	## BBS 'login' #
	case "bl":
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		$cUser = chkUser($xuser, $retcontx);
		if($cUser[0] == 0) {
			if($cUser[1] == 1) {
				$retcontx =  retnUser($xuser, "admin", $cUser[1], $retcontx);
				if(ret_xmlfield("acforumadmin", $retcontx) == "^ACFORUMADMIN^") {
					$retcontx =  put_xmlfield("acforumadmin", $retcontx, $xuser);
				}
				} else {
				$retcontx =  retnUser($xuser, "user", $cUser[1], $retcontx);
			}
			} else {
			$retcontx = updUser($xuser, $retcontx, "");
		}
		//$numlogins = ret_xmlfield("acforumvisitors", $retcontx);
		//$retcontx =  put_xmlfield("acforumvisitors", $retcontx, $numlogins+1);
		updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontx);
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontx;
	
	break;
	
	case "fu":
	$fxname = $_POST['xfn'];
	$fxdesc = $_POST['xfd'];
	$fxgname = $_POST['xgn'];
	$fxgdesc = $_POST['xgd'];
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		## "Auth" performed
		/*if(ret_xmlfield("acforumadmin", $retcontx) == "^ACFORUMADMIN^") {
			$retcontx =  put_xmlfield("acforumadmin", $retcontx, $xuser);
			$retcontx =  retnUser($xuser, "admin", $retcontx);
		}*/
		if(trim(ret_xmlfield("acforumadmin", $retcontx)) == $xuser) {
			$retcontx =  put_xmlfield("acforumname", $retcontx, $fxname);
			if($fxdesc != "none") {
				$retcontx =  put_xmlfield("acforumdescription", $retcontx, $fxdesc);
				} else {
				$retcontx =  put_xmlfield("acforumdescription", $retcontx, "^ACFORUMDESC^");
			}
			if($fxgname != "none") {
				$retcontx =  put_xmlfield("acforumgroupname", $retcontx, $fxgname);
					} else {
				$retcontx =  put_xmlfield("acforumgroupname", $retcontx, "^ACFORUMGROUPNAME^");
			}
			if($fxgdesc != "none") {
				$retcontx =  put_xmlfield("acforumgroupdescription", $retcontx, $fxgdesc);
				} else {
				$retcontx =  put_xmlfield("acforumgroupdescription", $retcontx, "^ACFORUMGROUPDESC^");
			}
			/*if(ret_xmlfield("acforumvisitors", $retcontx) == "^ACFORUMVISITORS^") {
				$retcontx =  put_xmlfield("acforumvisitors", $retcontx, $xuser);
				} else {
				$retcontx =  put_xmlfield("acforumvisitors", $retcontx, $xuser);
			}*/
			$retcontx = updUser($xuser, $retcontx, "");
			updateBBS($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml", $retcontx);
			$retcontx =  put_xmlfield("acforumtstamp", $retcontx, time());
			} else {
			$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
		}
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontx;
	break;
	
	## View file (view forum)
	case "vf":
	if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		$retcontx =  put_xmlfield("acforumtstamp", $retcontx, time());
		} else {
		$retcontx = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<root>\n\t<autherr>You are not permitted to do this</autherr>\n</root>";
	}
	header("Content-type: application/xml");
	echo $retcontx;
	break;
	
	## Default: search for chat, or create new chat
	default:
	/*if(file_exists($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml")) {
		$retcontx = file_get_contents($bbsfiledir."/".$dcodesearch."/".$dcodesearch.".xml");
		header("Content-type: application/xml");
		echo $retcontx;
	}
	$docontent = qUerycode($dcodesearch, $crstate);
	echo "var retlayer = getElement(\"esca\");";
	echo "retlayer.innerHTML = \"".$djsret."<br>".rawurlencode($docontent[0]).$inskinstr."\";";
	echo "var chcontrol = getElement(\"searchstate\");";
	if($docontent[1] == "1") {
		echo "chcontrol.value = \"docreatechat\";";
		} else {
		echo "chcontrol.value = \"\";";
	}
	echo "dunescape();";*/
}
?>
Return current item: AnoBBS 3DES encrypted forum and communication repository