# # If code is old: # &result=error # # When 'getAccessCode()' function is called by another script, # Returns an up to date valid access code, for insertion into the game page HTML # # # ---------- History --------- # # v 2.2 : added cookie test, to protect against client-side code grabbing # v 2.1 : introduced 'encryptionKey' variable at top of script, for easy changing of key # v 2.0 : included ip detection to protect against scripted embedding # v 1.0 : original version # ####################################################################################### ## ------------------------- User definable variables ------------------------------- // -- This keyword should be a short password style word, and should be unique to your web site. $securityKeyword = "m0nk3ym4g1c"; // -- This encryption key should be a random sequence of characters, // -- and should be unique to your web site. $encryptionKey = "Agh£34tj9^0coJ*sFw3r8&F]uJ2q!JFkjIOp:FbnKOeE{FbeWPs>E,hF~EuL)jfI\eF8uFij"; // -- time threshold in seconds before codes become invalid: $timeThreshold = 60 * 60 * 3; // (3 hours) ## ------------------------ end of user definable variables ----------------------------- $securityCode = getAccessCode(); // This function returns an up-to-date access code. // And sets a cookie containing the code function getAccessCode () { global $securityKeyword; $codeString = $securityKeyword.'-'.time().'-'.$_SERVER['REMOTE_ADDR']; $cookieString = $codeString.'-!'; $eCodeString = safeHexEncode(encryptString($codeString)); $eCookieString = safeHexEncode(encryptString($cookieString)); setcookie("rdscc",$eCookieString,time()+3600,"/",".robotduck.com"); return($eCodeString); } // This section checks whether any given access code is valid. // The access code should be supplied as a parameter named 'code' if (@$_REQUEST['code']) { $encryptedCode = $_REQUEST['code']; $encryptedCoookie = $_REQUEST['rdscc']; $codeString = decryptString( safeHexDecode( $encryptedCode )); $cookieString = decryptString( safeHexDecode( $encryptedCoookie )); // decrypted string must contain the secret key, in order to be valid if (strpos($codeString,$securityKeyword) !== FALSE) { $cookieArray = explode("-",$cookieString); $cookieIP = $cookieArray[2]; $codeArray = explode("-",$codeString); $codeWord = $codeArray[0]; $codeTime = $codeArray[1]; $codeIP = $codeArray[2]; if ($cookieIP == $codeIP) { // time elapsed is calculated $timeElapsed = (time() - $codeTime); if ( $timeElapsed < $timeThreshold ) { // time is ok if ($codeIP == $_SERVER['REMOTE_ADDR']) { // ip is ok print md5($encryptedCode .$securityKeyword); exit; } else { print "error (bad ip)"; exit; } } else { print "error (code expired)"; exit; } } else { print "error (rdscc failed)"; } } else { print "error (malformed code)"; exit; } } // This section allows a simple test mechanism, whereby an up to date code is generated // and a link is displayed allowing the code to be tested. if (@$_REQUEST['test'] == "1") { print "access code: "; $accessCode = getAccessCode(); print '' . $accessCode . ''; } // Encryption / Encoding Handlers function encryptString ($inputText) { $key = array(); global $encryptionKey; for($i=0; $i 1) { for ($n=1; $n<=$shiftAmt; $n++) { $inputText = $inputText.(substr($inputText,0,1)); $inputText = substr($inputText,1,strlen($inputText)-1); } } $tResult = ''; $keyPos = 0; for ($n=1; $n<=strlen($inputText); $n++) { $inCode = ord(substr($inputText,$n-1,1)); $outCode = (($inCode + $key[$keyPos]) % 255)+1; $outChar = chr($outCode); $keyPos = (($keyPos+1) % count($key)); $tResult .= $outChar; } $inputText = $tResult; } return ($tResult); } function decryptString ($inputText) { $key = array(); global $encryptionKey; for($i=0; $i 1) { for ($n=1; $n<=$shiftAmt; $n++) { $tResult = substr($tResult,strlen($tResult)-1,1).$tResult; $tResult = substr($tResult,0,strlen($tResult)-1); } } $inputText = $tResult; } return ($tResult); } function safeHexDecode ($inputText) { $outputText = ""; for ($n=1; $n<=(strlen($inputText)/2); $n++) { $hexString = substr($inputText,($n-1)*2,2); $outputText .= chr(hexdec($hexString)); } return $outputText; } function safeHexEncode ($inputText) { $outputText = ""; for ($n=1; $n<=(strlen($inputText)); $n++) { $thisChar = substr($inputText,($n-1),1); $hexString = dechex(ord($thisChar)); if (strlen($hexString)<2) { $hexString = "0".$hexString; } $outputText .= $hexString; } return $outputText; } ?>