"that's a curious choice, to represent IPs as a long; why would you do that."
"oh, it's a standard PHP function? ok, sure, gives you a unique representation for IP suitable for indexing arrays or whatever, but why a long and not the hex translation"
"oh no it's from C"
"oh no it's from AIX"
https://www.php.net/manual/en/function.ip2long.php
then following the link there to http://ps-2.kev009.com/wisclibrary/aix52/usr/share/man/info/en_US/a_doc_lib/libs/commtrf2/inet_addr.htm
and then...yeah.
it's a 32-bit value
that errors on quad-255
because that overflows the long.
y'all.
FFFFFFFF is 8 hexits.
PHP -has- a hex int type.
c'mon.
`//TODO: remove`
O sit right back and you'll hear a tale
a tale of a fateful trip
that started from this tropic shore
aboard a tiny ship
`function auth_encrypt`
oh dear.
`2015_enc.key`
........y'ever found something mysterious in the back of the fridge in an opaque container that nobody remembers the provenance of?
`PHPGangsta_GoogleAuthenticator`
oh hello.
https://github.com/PHPGangsta/GoogleAuthenticator
"Copyright (c) 2012-2016"
........well then.
`//OLD auth` and then more than 100 commented-out lines of dead code.
IIRC, one of the layers of the archaeological site that was claimed to be the site of the legendary Troy was identified by a layer of ash, indicating that the city'd been burned to the ground.
`//local rpc can do anything`
that's a -very- generous definition of 'local' there, buddy, given that 10/24 is one of the blocks, but it kinda becomes farcical with 204.152.204.0/24 also being valid.
.....this file has has two identical functions defining arrays of acronym to name mappings, that differ only by the function name.
what on -earth-
` * @copyright 2012`
it's nice when there's an artifact giving you a date.
`// The description of the INI format`
.....my gods it's full of regex
.......followed up by something with the kind of sparsity and opacity that you see from long-time haskell devs or whateverthefuck lol
single-character variable names, wow.
`$pwd = null; // FIXME`
huh, load-bearing NOP.
`return '0deadbeef';`
not "0xdeadbeef" - just zero-deadbeef.
-fascinating-; I wonder what ritual purpose this artifact could have had.
`$hmac_secret =`
well that's a choice.
wait, the IP bans depend on the user-agent of the browser....?
...........what in the hellllllllllllllllllllllllllllllllllllllllllllll
`function trans_similar_to_ascii`
most of us have settled on UTF-8 these days, actually
a function to discern whether the RPC was happening over an internal* network - if so, raw TCP on 80; if not, "ssl://" on 443
* with, in this case, a 10/16 definition of 'internal'
` const HMAC_SECRET`
ok sure, why not.
`// xor key, 128 bytes as hex, must be longer than the encrypted data`
..........
ok so I read that, kinda stared off into the distance for a couple minutes, got up, went to the bathroom, got a drink, came back, reopened the file, and that was still there, so odds are I'm -not- hallucinating this.
......this file contains some the contents of the -other- files earlier that had the dual copies of acronym to name matching, with some other shit.
It's a good thing I'm not seriously trying to figure out program flow because -what the fuck-
Looked at one way, this had an almost Zen koan kind of beauty to it. But looked at an other, much more reasonable way, no, it's just wrong. Nothing deep. Move along.
Fi 🏳️⚧️
jamon
Pseudo Nym