May 8th, 2012 by Idris
- Host
- <?php
- $PREAUTH_KEY=”b1e40a2aa6bebcf3fb1c9c7ba4a97201b1e40a2aa6bebcf3fb1c9c7ba4a97201″;
- $WEB_MAIL_PREAUTH_URL=”https://www.eepis-its.edu/preauth”;
- $user = $_GET[”user”];
- $domain=$_GET[”domain”];
- $email = “{$user}@{$domain}”;
- if(empty($PREAUTH_KEY)) {
- die(”Need preauth key for domain “.$domain);
- }
- $timestamp=time()*1000;
- $halo=number_format($timestamp,0,”,”);
- $preauthToken=hash_hmac(”sha1″,$email.”|name|0|”.$halo,$PREAUTH_KEY);
- $preauthURL = $WEB_MAIL_PREAUTH_URL.”?account=”.$email.”&by=name×tamp=”.$halo.”&expires=0&preauth=”.$preauthToken;
- header(”Location: $preauthURL”);
- ?>
- Target
- if(isset($_GET[’username’]) && isset($_GET[’account’]) && isset($_GET[’timestamp’]) && isset($_GET[’preauth’])){
- $username=$_GET[’username’];
- $account=$_GET[’account’];
- $tsq=$_GET[’timestamp’];
- $preauth=$_GET[’preauth’];
- $PREAUTH_KEY=”b1e40a2aa6bebcf3fb1c9c7ba4a97201b1e40a2aa6bebcf3fb1c9c7ba4a97201″;
- $timestamp=time()*1000;
- if(($timestamp-$tsq)<300){
- $preauthToken=hash_hmac(”sha1″,$account.”|name|0|”.$tsq,$PREAUTH_KEY);
- if( $preauth == $preauthToken)
- $IsValidUser=TRUE;
- }
- }
- No Comments »
- Posted in Info umum