Initial

new/captcha.php

@@ -0,0 +1,172 @@
+<?php
+//
+//  A simple PHP CAPTCHA script
+//
+//  Copyright 2011 by Cory LaViska for A Beautiful Site, LLC
+//
+//  See readme.md for usage, demo, and licensing info
+//
+function simple_php_captcha($config = array()) {
+
+    // Check for GD library
+    if( !function_exists('gd_info') ) {
+        throw new Exception('Required GD library is missing');
+    }
+
+    $bg_path = dirname(__FILE__) . '/backgrounds/';
+    $font_path = dirname(__FILE__) . '/fonts/';
+
+    // Default values
+    $captcha_config = array(
+        'code' => '',
+        'min_length' => 5,
+        'max_length' => 5,
+        'backgrounds' => array(
+            $bg_path . '45-degree-fabric.png',
+            $bg_path . 'cloth-alike.png',
+            $bg_path . 'grey-sandbag.png',
+            $bg_path . 'kinda-jean.png',
+            $bg_path . 'polyester-lite.png',
+            $bg_path . 'stitched-wool.png',
+            $bg_path . 'white-carbon.png',
+            $bg_path . 'white-wave.png'
+        ),
+        'fonts' => array(
+            $font_path . 'times_new_yorker.ttf'
+        ),
+        'characters' => 'ABCDEFGHJKLMNPRSTUVWXYZabcdefghjkmnprstuvwxyz23456789',
+        'min_font_size' => 28,
+        'max_font_size' => 28,
+        'color' => '#666',
+        'angle_min' => 0,
+        'angle_max' => 10,
+        'shadow' => true,
+        'shadow_color' => '#fff',
+        'shadow_offset_x' => -1,
+        'shadow_offset_y' => 1
+    );
+
+    // Overwrite defaults with custom config values
+    if( is_array($config) ) {
+        foreach( $config as $key => $value ) $captcha_config[$key] = $value;
+    }
+
+    // Restrict certain values
+    if( $captcha_config['min_length'] < 1 ) $captcha_config['min_length'] = 1;
+    if( $captcha_config['angle_min'] < 0 ) $captcha_config['angle_min'] = 0;
+    if( $captcha_config['angle_max'] > 10 ) $captcha_config['angle_max'] = 10;
+    if( $captcha_config['angle_max'] < $captcha_config['angle_min'] ) $captcha_config['angle_max'] = $captcha_config['angle_min'];
+    if( $captcha_config['min_font_size'] < 10 ) $captcha_config['min_font_size'] = 10;
+    if( $captcha_config['max_font_size'] < $captcha_config['min_font_size'] ) $captcha_config['max_font_size'] = $captcha_config['min_font_size'];
+
+    // Generate CAPTCHA code if not set by user
+    if( empty($captcha_config['code']) ) {
+        $captcha_config['code'] = '';
+        $length = mt_rand($captcha_config['min_length'], $captcha_config['max_length']);
+        while( strlen($captcha_config['code']) < $length ) {
+            $captcha_config['code'] .= substr($captcha_config['characters'], mt_rand() % (strlen($captcha_config['characters'])), 1);
+        }
+    }
+
+    // Generate HTML for image src
+    if ( strpos($_SERVER['SCRIPT_FILENAME'], $_SERVER['DOCUMENT_ROOT']) ) {
+        $image_src = substr(__FILE__, strlen( realpath($_SERVER['DOCUMENT_ROOT']) )) . '?_CAPTCHA&amp;t=' . urlencode(microtime());
+        $image_src = '/' . ltrim(preg_replace('/\\\\/', '/', $image_src), '/');
+    } else {
+        $_SERVER['WEB_ROOT'] = str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['SCRIPT_FILENAME']);
+        $image_src = substr(__FILE__, strlen( realpath($_SERVER['WEB_ROOT']) )) . '?_CAPTCHA&amp;t=' . urlencode(microtime());
+        $image_src = '/' . ltrim(preg_replace('/\\\\/', '/', $image_src), '/');
+    }
+
+    $_SESSION['_CAPTCHA']['config'] = serialize($captcha_config);
+
+    return array(
+        'code' => $captcha_config['code'],
+        'image_src' => $image_src
+    );
+
+}
+
+
+if( !function_exists('hex2rgb') ) {
+    function hex2rgb($hex_str, $return_string = false, $separator = ',') {
+        $hex_str = preg_replace("/[^0-9A-Fa-f]/", '', $hex_str); // Gets a proper hex string
+        $rgb_array = array();
+        if( strlen($hex_str) == 6 ) {
+            $color_val = hexdec($hex_str);
+            $rgb_array['r'] = 0xFF & ($color_val >> 0x10);
+            $rgb_array['g'] = 0xFF & ($color_val >> 0x8);
+            $rgb_array['b'] = 0xFF & $color_val;
+        } elseif( strlen($hex_str) == 3 ) {
+            $rgb_array['r'] = hexdec(str_repeat(substr($hex_str, 0, 1), 2));
+            $rgb_array['g'] = hexdec(str_repeat(substr($hex_str, 1, 1), 2));
+            $rgb_array['b'] = hexdec(str_repeat(substr($hex_str, 2, 1), 2));
+        } else {
+            return false;
+        }
+        return $return_string ? implode($separator, $rgb_array) : $rgb_array;
+    }
+}
+
+// Draw the image
+if( isset($_GET['_CAPTCHA']) ) {
+
+    session_start();
+
+    $captcha_config = unserialize($_SESSION['_CAPTCHA']['config']);
+    if( !$captcha_config ) exit();
+
+    unset($_SESSION['_CAPTCHA']);
+
+    // Pick random background, get info, and start captcha
+    $background = $captcha_config['backgrounds'][mt_rand(0, count($captcha_config['backgrounds']) -1)];
+    list($bg_width, $bg_height, $bg_type, $bg_attr) = getimagesize($background);
+
+    $captcha = imagecreatefrompng($background);
+
+    $color = hex2rgb($captcha_config['color']);
+    $color = imagecolorallocate($captcha, $color['r'], $color['g'], $color['b']);
+
+    // Determine text angle
+    $angle = mt_rand( $captcha_config['angle_min'], $captcha_config['angle_max'] ) * (mt_rand(0, 1) == 1 ? -1 : 1);
+
+    // Select font randomly
+    $font = $captcha_config['fonts'][mt_rand(0, count($captcha_config['fonts']) - 1)];
+
+    // Verify font file exists
+    if( !file_exists($font) ) throw new Exception('Font file not found: ' . $font);
+
+    //Set the font size.
+    $font_size = mt_rand($captcha_config['min_font_size'], $captcha_config['max_font_size']);
+    $text_box_size = imagettfbbox($font_size, $angle, $font, $captcha_config['code']);
+
+    // Determine text position
+    $box_width = abs($text_box_size[6] - $text_box_size[2]);
+    $box_height = abs($text_box_size[5] - $text_box_size[1]);
+    $text_pos_x_min = 0;
+    $text_pos_x_max = ($bg_width) - ($box_width);
+    $text_pos_x = mt_rand($text_pos_x_min, $text_pos_x_max);
+    $text_pos_y_min = $box_height;
+    $text_pos_y_max = ($bg_height) - ($box_height / 2);
+    if ($text_pos_y_min > $text_pos_y_max) {
+        $temp_text_pos_y = $text_pos_y_min;
+        $text_pos_y_min = $text_pos_y_max;
+        $text_pos_y_max = $temp_text_pos_y;
+    }
+    $text_pos_y = mt_rand($text_pos_y_min, $text_pos_y_max);
+
+    // Draw shadow
+    if( $captcha_config['shadow'] ){
+        $shadow_color = hex2rgb($captcha_config['shadow_color']);
+        $shadow_color = imagecolorallocate($captcha, $shadow_color['r'], $shadow_color['g'], $shadow_color['b']);
+        imagettftext($captcha, $font_size, $angle, $text_pos_x + $captcha_config['shadow_offset_x'], $text_pos_y + $captcha_config['shadow_offset_y'], $shadow_color, $font, $captcha_config['code']);
+    }
+
+    // Draw text
+    imagettftext($captcha, $font_size, $angle, $text_pos_x, $text_pos_y, $color, $font, $captcha_config['code']);
+
+    // Output image
+    header("Content-type: image/png");
+    imagepng($captcha);
+
+}

new/db.php

@@ -0,0 +1,17 @@
+<?php
+$servername = "localhost";
+$username = "chiptune";
+$password = "pass";
+$base = "chiptune";
+
+// Create connection
+$con = mysqli_connect($servername, $username, $password, $base);
+
+// Check connection
+if (!$con) {
+    die("Connection failed: " . mysqli_connect_error());
+}
+//echo "Connected successfully";
+
+$test =  mysqli_query($con, 'show tables;');
+?>

new/gd.php

@@ -0,0 +1,13 @@
+<?php
+//phpinfo();
+// Create a blank image and add some text
+$im = imagecreatetruecolor(120, 20);
+$text_color = imagecolorallocate($im, 233, 14, 91);
+imagestring($im, 1, 5, 5,  "A Simple Text String", $text_color);
+
+// Output the image
+imagegd($im);
+
+// Free up memory
+imagedestroy($im);
+?>

new/index.php

@@ -0,0 +1,44 @@
+<style>
+
+html,
+body {
+  height: 98%;
+}
+.wrapper {
+  display: table;
+  height: 100%;
+}
+.content {
+  display: table-row;
+  height: 100%;
+}
+</style>
+<head>
+<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
+</head>
+<div class='wrapper'>
+<div class='content'>
+<script
+  src="https://code.jquery.com/jquery-3.2.1.min.js"
+  integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4="
+  crossorigin="anonymous"></script>
+<?php
+session_start();
+
+$LOG_LEVEL = 0;
+# you can use logging via PHP function lg(<severity>, <message>)
+# where severity may be 1 - Error, 0 -Info.
+# or you can use https://url?message=<your message>&severity=<severity> with every page redirect. 
+include('logging.php');
+include('db.php');
+include('user_login.php');
+include('user_register.php');
+include('library.php');
+
+
+?>
+</div>
+  <div class='footer'>
+    <?php include('upload.php');?>
+  </div>
+</div>

new/info.php

@@ -0,0 +1,3 @@
+<?php
+phpinfo();
+?>

new/library.php

@@ -0,0 +1,94 @@
+
+<?php
+//$query = "SELECT modules.name as mod_name, modules.date, users.name as user_name FROM `modules` LEFT JOIN users ON modules.uploaded_by = users.id";
+$query = "SELECT 
+m.name as mod_name, 
+m.date, 
+m.conv_path, 
+u.name as user_name 
+FROM modules m LEFT JOIN users u ON m.uploaded_by = u.id";
+$raw = mysqli_query($con, $query); 
+?>
+<style>
+table.scroll {
+    width: 100%; /* Optional */
+    /* border-collapse: collapse; */
+    border-spacing: 0;
+    border: 2px solid black;
+}
+
+table.scroll tbody,
+table.scroll thead { display: block; }
+
+thead tr th { 
+    height: 30px;
+    line-height: 30px;
+    /* text-align: left; */
+}
+
+table.scroll tbody {
+    height: 400px;
+    line-height: 30px;
+    overflow-y: auto;
+    overflow-x: hidden;
+}
+
+tr td {
+    min-width: 150px;
+    padding: 10px;
+    border-bottom: 1px solid grey;
+}
+
+tbody { border-top: 2px solid black; }
+
+tbody td, thead th {
+    /* width: 20%; */ /* Optional */
+    border-right: 1px solid black;
+    /* white-space: nowrap; */
+}
+
+tbody td:last-child, thead th:last-child {
+    border-right: none;
+}
+
+#title_user, #title_date {
+    font-size: 0.8em;
+    line-height: 10px;
+}
+</style>
+<table class="scroll">
+    <thead>
+        <tr>
+            <th>Title</th>
+        </tr>
+    </thead>
+    <tbody>
+<?php
+while($modules = mysqli_fetch_assoc($raw))
+{
+    echo('<tr>');
+    echo("<td>".$modules['mod_name']."<br><span id='title_user'>".$modules['user_name']."</span> <span id=title_date>".$modules['date']."</span></td>");
+    echo('</tr>');
+}
+?>
+    </tbody>
+</table>
+<script>
+// Change the selector if needed
+var $table = $('table.scroll'),
+    $bodyCells = $table.find('tbody tr:first').children(),
+    colWidth;
+
+// Adjust the width of thead cells when window resizes
+$(window).resize(function() {
+    // Get the tbody columns width array
+    colWidth = $bodyCells.map(function() {
+        return $(this).width();
+    }).get();
+    
+    // Set the width of thead columns
+    $table.find('thead tr').children().each(function(i, v) {
+        $(v).width(colWidth[i] + 18);
+    });    
+}).resize(); // Trigger resize handler
+</script>

new/logging.php

@@ -0,0 +1,23 @@
+<div class="log" <?php 
+if($LOG_LEVEL == 0){
+    echo "style='display:none'";
+}else{
+    echo "style='position:absolute;right: 100px;'";
+    }?>>
+    <b>Log console</b>
+</div>
+<?php
+function lg($level, $message){
+    switch ($level) {
+        case 0:
+            echo "<script>$('.log').append('<pre>INFO: $message</pre>');</script>";
+            break;
+        case 1:
+            echo "<script>$('.log').append('<pre>ERROR: $message</pre>');</script>";
+            break;
+    }
+}
+if (isset($_GET['message'])&&isset($_GET['severity'])){
+  lg($_GET['severity'], $_GET['message']);
+}
+?>

new/settings.php

@@ -0,0 +1,3 @@
+<?php
+$CFG_app_url = 'hexound.ru/new/';
+?>

new/upload.php

@@ -0,0 +1,61 @@
+Share your modules with us! 
+<form action="" method="post" enctype="multipart/form-data">
+    <input type="file" name="module" id="module">
+    <input type="submit" value="Send" name="submit">
+</form>
+<?php
+include('settings.php');
+if ($_SERVER['REQUEST_METHOD']=='POST' && $_POST['submit'] == "Send") { 
+    $target_dir = "modules/";
+    $hash = md5_file($_FILES["module"]["tmp_name"]);
+    $real_name = basename($_FILES["module"]["name"]);
+    $target_file = $target_dir . $hash . "." . explode(".", $real_name)[sizeof(explode(".", $real_name))-1];
+    $uploadOk = 1;
+    $mime_type = pathinfo($target_file,PATHINFO_EXTENSION);
+    // Check if image file is a actual image or fake image
+    if(isset($_POST["submit"])) {
+        $check = mime_content_type($_FILES["module"]["tmp_name"]);
+        if($check == 'audio/x-mod') {
+            $uploadOk = 1;
+        } else {
+            $uploadOk = 0;
+            $message = "Module ".basename($real_name)." was not uploaded Not a module.";
+        }
+        // Check if file already exists
+if (file_exists($target_file)) {
+    $hash = md5_file($_FILES["module"]["tmp_name"]);
+    $query = "SELECT COUNT(`id`) as count FROM `modules` WHERE `hash` = '$hash';";
+    $raw = mysqli_query($con, $query);
+    $mod_id = mysqli_fetch_assoc($raw);
+    if ($mod_id['count'] > 0) {
+        $uploadOk = 0;
+        $message = "Module ".basename($real_name)." was not uploaded. File exist.";
+    }
+}
+// Check file size
+if ($_FILES["module"]["size"] > 5000000) {
+    $uploadOk = 0;
+    $message = "Module ".basename($real_name)." was not uploaded. Too large.";
+}
+// Check if $uploadOk is set to 0 by an error
+if ($uploadOk == 0) {
+// if everything is ok, try to upload file
+    header("Location: https://".$CFG_app_url."?message=".$message."&severity=1");  
+} else {
+    if (move_uploaded_file($_FILES["module"]["tmp_name"], $target_file)) {
+        $user_id = $_SESSION['user_id'];
+        if ($user_id){
+            $query = "INSERT INTO modules (`name`, `uploaded_by`, `hash`) VALUES ('$real_name', '$user_id', '$hash');";
+        }else{
+            $query = "INSERT INTO modules (`name`, `uploaded_by`, `hash`) VALUES ('$real_name', '0', '$hash');";
+        }
+        $raw = mysqli_query($con, $query);
+        header("Location: https://".$CFG_app_url."?message=Module ".$real_name." was uploaded.&severity=0");  
+      
+    } else {
+        header("Location: https://".$CFG_app_url."?message=Something went wrong.&severity=1");  
+    }
+}
+    }
+}
+?>

new/user_login.php

@@ -0,0 +1,133 @@
+<?php
+
+# works for POST http method only.
+if ($_SERVER['REQUEST_METHOD']=='POST') { 
+# works for button LOGIN only
+  if ($_POST['submit'] == 'Login'){
+# calculate hash for provided password with default settings
+    $hash = password_hash($_POST['pass'], PASSWORD_DEFAULT);
+# filter SQL injection
+    $name = mysqli_real_escape_string($con, $_POST['login']); 
+    $query = "SELECT hash FROM users WHERE name='$name';";
+    $raw = mysqli_query($con, $query); 
+# password_verify returns true if provided pass hash related with saved pass hash
+    if (password_verify($_POST['pass'], mysqli_fetch_assoc($raw)['hash'])){
+      $hash = md5($hash);
+      $query = "SELECT id FROM users WHERE name='$name';";
+      $raw = mysqli_query($con, $query); 
+      $user_id = mysqli_fetch_assoc($raw)['id'];
+# write temporarily info about logged in users. if user has fuck_cookie that we have in this table we consider this user as authentic and logged in.
+      $query = "INSERT INTO auth_tmp (hash, name_id, valid) VALUES ('$hash', '$user_id', NOW() + INTERVAL 30 DAY);";
+      $raw = mysqli_query($con, $query);
+# fuck_cookie is md5 from provided pass hash, this shows user correct auth within 1 month
+      setcookie('fuck_cookie', $hash, time() + 60 * 60 * 24 * 30);
+      $_SESSION['user_name'] = $name;
+      $_SESSION['user_id'] = $user_id;
+      header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?message=Authorization successful&severity=0");  
+    }else{
+      header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?message=Authorization error&severity=1");  
+    }
+  }elseif ($_POST['submit'] == 'gtfo'){
+    if (isset($_COOKIE['fuck_cookie'])){
+      $fuck_cookie = $_COOKIE['fuck_cookie'];
+      $query = "DELETE FROM auth_tmp WHERE hash='$fuck_cookie';";
+      $raw = mysqli_query($con, $query); 
+      setcookie('fuck_cookie', '', time() - 3600);
+      session_destroy();
+    }
+    header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?message=Bye bye.&severity=0");  
+  }
+}
+# works for http GET request only
+if ($_SERVER['REQUEST_METHOD']=='GET') {
+# if user has fuck_cookie we send him user bar with his info (name, etc...)
+  if (isset($_COOKIE['fuck_cookie'])){
+    $fuck_cookie = $_COOKIE['fuck_cookie'];
+    lg(0, 'fuck_cookie - '.$_COOKIE['fuck_cookie']);
+    $query = "SELECT name FROM users WHERE id = (SELECT name_id FROM (SELECT * FROM auth_tmp WHERE hash = '$fuck_cookie') AS T1 WHERE IF (CURDATE() < valid, 1, 0) = 1);";
+    $raw = mysqli_fetch_assoc(mysqli_query($con, $query));
+
+    if (strlen($raw['name']) > 0) {
+      lg(0, "Name - ".$raw['name']);
+      lg(0, "Authorized by user fuck_cookie.");
+    } else {
+      lg(1, "Wrong cookie");
+      setcookie('fuck_cookie', '', time() - 3600);
+    }
+  ?>
+<div id="user_ui">
+<?php
+echo $raw['name'].'<br>';
+?>
+  <form method="post" action="">					
+    <input type="submit" name="submit" value="gtfo">
+  </form>
+</div>
+<?php
+# in other way we send him form for login or register
+  } else {
+    include("captcha.php");
+    $_SESSION['captcha'] = simple_php_captcha();
+    $_SESSION['captcha']['code'] = strtolower($_SESSION['captcha']['code']);
+    lg(0, $_SESSION['captcha']['code']);
+  ?>
+<div id="user_ui">
+<button id=user_ui_button onclick="show()">swap</button>
+
+  <div id=register_form style='display:none'>
+    <form method="post" action="">
+        <div class="form_description">
+            <h2>Register</h2>
+        </div>						
+            <label class="description" for="login">Login </label>
+            <div>
+                <input id="login" name="login" type="text" maxlength="255" value=""> 
+            </div> 
+            <label class="description" for="pass">Password </label>
+            <div>
+                <input id="pass" name="pass" class="element text medium" type="password" maxlength="255" value=""> 
+            </div> 
+            <img src="<?php echo $_SESSION['captcha']['image_src']; ?>" alt="CAPTCHA code"><br>
+            <div>
+                <input id="captcha" name="captcha" type="text" maxlength="15" value=""> 
+            </div> 
+            <input id="tea-submit" type="submit" name="submit" value="Register">
+    </form>
+  </div>
+  <div id=login_form style='display:block'>
+    <form method="post" action="">
+        <div class="form_description">
+            <h2>Login</h2>
+        </div>						
+            <label class="description" for="login">Login </label>
+            <div>
+                <input id="login" name="login" type="text" maxlength="255" value=""> 
+            </div> 
+            <label class="description" for="pass">Password </label>
+            <div>
+                <input id="pass" name="pass" class="element text medium" type="password" maxlength="255" value=""> 
+            </div> 
+            <input id="tea-submit" type="submit" name="submit" value="Login">
+    </form>
+  </div>
+</div>
+  <?php
+  }
+}
+
+?>
+
+<script>
+  var user_ui = 0
+  function show() {
+    if (user_ui == 1){
+      document.getElementById("register_form").style.display = "none";
+      document.getElementById("login_form").style.display = "block";
+      window.user_ui = 0;
+    }else{
+      document.getElementById("register_form").style.display = "block";
+      document.getElementById("login_form").style.display = "none";
+      window.user_ui = 1;
+    }
+  }
+</script>

new/user_register.php

@@ -0,0 +1,33 @@
+<?php
+# works for POST http method only.
+if ($_SERVER['REQUEST_METHOD']=='POST') { 
+# check captcha
+  
+
+# works for button REGISTER only
+  if ($_POST['submit'] == 'Register'){
+    if (strtolower($_SESSION['captcha']['code']) == strtolower($_POST['captcha'])) {
+# calculate hash for provided password with default settings
+        $hash = password_hash($_POST['pass'], PASSWORD_DEFAULT);
+        $name = strtolower(mysqli_real_escape_string($con, $_POST['login'])); 
+# constuct SQL query
+        $query = "SELECT id FROM users WHERE name='$name';";
+# fetch mysql result to assoc PHP array 
+        $raw = mysqli_fetch_assoc(mysqli_query($con, $query));
+# if there isn't this name yet let us register, skip in other way
+        if (strlen($raw['id']) == NULL){
+# write new user into db
+            $query = "INSERT INTO users (name, hash) VALUES ('$name', '$hash');";
+            $raw = mysqli_query($con, $query);
+# forward user back with message
+            header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?message=Registration successful&severity=0");
+        } else {
+            header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?message=registration error&severity=1");  
+        }
+    }else {
+    header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?message=Wrong captcha.&severity=1");  
+    }
+  } 
+}
+
+  ?>