API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 30th, 2016
75
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.99 KB | None | 0 0
raw download clone embed print report
  1. public function webbugExecutionWebsite($urlid) {
  2. $db = $this->openDatabaseDefault();
  3. if(!empty($_SERVER['REMOTE_ADDR'])) {
  4. $ip = $_SERVER['REMOTE_ADDR'];
  5. $host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
  6. $reqpath = $_SERVER['REQUEST_URI'];
  7. $projectID = substr($reqpath,16);
  8. $projectID = ltrim($projectID,'0');
  9. $projectID = intval(strval($projectID));
  10. $sql = "SELECT PRJ_ProjectName FROM gaig_users.projects WHERE PRJ_ProjectId=$projectID;";
  11. $projectNameResult = $db->query($sql);
  12. $project = $projectNameResult->fetch_assoc();
  13. $projectName = $project['PRJ_ProjectName'];
  14. $browseragent = $_SERVER['HTTP_USER_AGENT'];
  15. $date = date("Y-m-d");
  16. $time = date("H:i:s");
  17. $sql = "SELECT USR_Username FROM gaig_users.users WHERE USR_UniqueURLId='$urlid';";
  18. $userNameResult = $db->query($sql);
  19. $user = $userNameResult->fetch_assoc();
  20. $username = $user['USR_Username'];
  21. $sql = "INSERT INTO gaig_users.website_tracking (WBS_Id,WBS_Ip,WBS_Host,
  22. WBS_BrowserAgent,WBS_ReqPath,WBS_Username,WBS_ProjectName,WBS_AccessDate,WBS_AccessTime) VALUES
  23. (null,'$ip','$host','$browseragent','$reqpath','$username','$projectName','$date',
  24. '$time');";
  25. $result = $db->query($sql);
  26. }
  27. $db->close();
  28. }
  29.  
  30. public function webbugExecutionEmail($urlid) {
  31. $db = $this->openDatabaseDefault();
  32. if(!empty($_SERVER['REMOTE_ADDR'])) {
  33. $ip = $_SERVER['REMOTE_ADDR'];
  34. $host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
  35. $reqpath = $_SERVER['REQUEST_URI'];
  36. $projectID = substr($reqpath,29);
  37. $projectID = ltrim($projectID,'0');
  38. $projectID = rtrim($projectID,'.');
  39. $projectID = intval(strval($projectID));
  40. $sql = "SELECT PRJ_ProjectName FROM gaig_users.projects WHERE PRJ_ProjectId=$projectID;";
  41. $projectNameResult = $db->query($sql);
  42. $project = $projectNameResult->fetch_assoc();
  43. $projectName = $project['PRJ_ProjectName'];
  44. $sql = "SELECT USR_Username FROM gaig_users.users WHERE USR_UniqueURLId='$urlid';";
  45. $userNameResult = $db->query($sql);
  46. $user = $userNameResult->fetch_assoc();
  47. $username = $user['USR_Username'];
  48. $date = date("Y-m-d");
  49. $time = date("H:i:s");
  50. $sql = "INSERT INTO gaig_users.email_tracking (EML_Id,EML_Ip,EML_Host,EML_Username,EML_ProjectName,
  51. EML_AccessDate,EML_AccessTime) VALUES (null,'$ip','$host','$username','$projectName','$date','$time');";
  52. $result = $db->query($sql);
  53. }
  54. $db->close();
  55. }
  56.  
  57. public function openDatabaseDefault() {
  58. $db = new mysqli(getenv('DB_HOST'), getenv('DB_USERNAME'), getenv('DB_PASSWORD'), getenv('DB_DATABASE'));
  59. date_default_timezone_set('America/New_York');
  60. if (mysqli_connect_errno()) {
  61. echo 'Error: Could not connect to the database.';
  62. echo "Errno: " . $db->connect_errno . "n";
  63. echo "Error: " . $db->connect_error . "n";
  64. exit;
  65. }
  66. return $db;
  67. }
  68.  
  69. private function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
  70. $str = '';
  71. $max = mb_strlen($keyspace, '8bit') - 1;
  72. for ($i = 0; $i < $length; ++$i) {
  73. $str .= $keyspace[random_int(0, $max)];
  74. }
  75. return $str;
  76. }
  77.  
  78. public function sendEmail(Request $request) {
  79. $fromEmail = $request['fromEmail'];
  80. $fromPass = $request['fromPass'];
  81. $host = $request['hostName'];
  82. $port = $request['port'];
  83. putenv("MAIL_HOST=$host");
  84. putenv("MAIL_PORT=$port");
  85. putenv("MAIL_USERNAME=$fromEmail");
  86. putenv("MAIL_PASSWORD=$fromPass");
  87. $subject = $request['subject'];
  88. $projectName = $request['projectName'];
  89. $projectId = substr($projectName,strpos($projectName,'_'));
  90. $projectName = substr($projectName,0,strpos($projectName,'_')-1);
  91. $companyName = $request['companyName'];
  92. $emailTemplate = 'emails.' . $request['emailTemplate'];
  93. $emailTemplateType = substr($request['emailTemplate'],0,3);
  94. $emailTemplateTarget = substr($request['emailTemplate'],3,1);
  95. //$fromEmail = 'gaigemailtest@gmail.com';
  96. //$subject = 'URGENT: Corporate Account Breach - Read Immediately';
  97. $db = $this->openDatabaseDefault();
  98. $sql = "SELECT * FROM gaig_users.users;";
  99. if(!$result = $db->query($sql)) {
  100. $this->databaseErrorLogging($sql,$db);
  101. exit;
  102. }
  103. if($result->num_rows === 0) {
  104. echo "Sorry. There are no users in this database.";
  105. exit;
  106. }
  107. while($user = $result->fetch_assoc()) {
  108. if($emailTemplateType != substr($user['USR_ProjectMostRecent'],-5,3) || $emailTemplateTarget != substr($user['USR_ProjectMostRecent'],-2,1)) {
  109. $urlID = null;
  110. if(!is_null($user['USR_UniqueURLId'])) {
  111. $urlID = $user['USR_UniqueURLId'];
  112. }
  113. while(is_null($urlID)) {
  114. $urlID = $this->random_str(15);
  115. $sql = "SELECT * FROM gaig_users.users WHERE USR_UniqueURLId=$urlID;";
  116. $tempResult = $db->query($sql);
  117. //if($tempResult->num_rows === 0) {
  118. // break;
  119. //}
  120. //$urlID = null;
  121. }
  122. $username = $user['USR_Username'];
  123. $toEmail = $user['USR_Email'];
  124. $lastName = $user['USR_LastName'];
  125. $firstName = $user['USR_FirstName'];
  126. //$projectName = 'bscG6_9_16';
  127. /*
  128. * NAMING FORMAT:
  129. * 1. bsc/adv : First three letters defines whether its basic or advanced scam
  130. * 2. G/T : This letter defines whether it's a generic scam or a targeted scam
  131. * 3. Project Start Date
  132. */
  133. $headers = array('from' => $fromEmail, 'to' => $toEmail, 'subject' => $subject, 'lastName' => $lastName,
  134. 'urlID' => $urlID, 'username' => $username, 'projectName' => $projectName, 'companyName' => $companyName,
  135. 'firstName' => $firstName, 'projectId' => $projectId);
  136. Mail::send(['html' => $emailTemplate],$headers, function($m) use ($fromEmail, $toEmail, $subject) {
  137. $m->from($fromEmail);
  138. $m->to($toEmail)->subject($subject);
  139. });
  140. if(!is_null($user['USR_UniqueURLId'])) {
  141. $project_mostRecent = $user['USR_ProjectMostRecent'];
  142. $project_previous = $user['USR_ProjectPrevious'];
  143. $sql = "UPDATE gaig_users.users SET USR_ProjectMostRecent='$projectName-$emailTemplate', USR_ProjectPrevious='$project_mostRecent', USR_ProjectLast='$project_previous' WHERE USR_Username='$username';";
  144. $updateResult = $db->query($sql);
  145. }
  146. else {
  147. $sql = "UPDATE gaig_users.users SET USR_UniqueURLId='$urlID', USR_ProjectMostRecent='$projectName-$emailTemplate' WHERE USR_Username='$username';";
  148. $updateResult = $db->query($sql);
  149. }
  150. echo "Mail sent to " . $toEmail;
  151. echo "Unique URL ID generated: " . $urlID . "<br />";
  152. } else {
  153. echo "Mail not sent to " . $user['USR_Username'] . "@gaig.com";
  154. echo "User's last project was " . $user['USR_ProjectMostRecent'] . "<br />";
  155. }
  156. }
  157. $db->close();
  158. }
  159.  
  160. public function viewAllTemplates() {
  161. $userId = Session::get('authUserId');
  162. if($userId) {
  163. $files = [];
  164. $fileNames = [];
  165. $filePrefaces = [];
  166. $fileTypes = [];
  167. $filesInFolder = File::files('../resources/views/emails');
  168. foreach($filesInFolder as $path) {
  169. $files[] = pathinfo($path);
  170. }
  171. $templateSize = sizeof($files);
  172. for($i = 0; $i < $templateSize; $i++) {
  173. $fileNames[$i] = $files[$i]['filename'];
  174. $fileNames[$i] = substr($fileNames[$i],0,-6);
  175. $filePrefaces[$i] = substr($fileNames[$i],0,3);
  176. $fileTypes[$i] = substr($fileNames[$i],3,1);
  177. if($fileTypes[$i] == 'T') {
  178. $fileTypes[$i] = 'tar';
  179. } else if($fileTypes[$i] == 'G') {
  180. $fileTypes[$i] = 'gen';
  181. } else {
  182. $fileTypes[$i] = 'edu';
  183. }
  184. }
  185. $varToPass = array('templateSize'=>$templateSize,'fileNames'=>$fileNames,'filePrefaces'=>$filePrefaces,'fileTypes'=>$fileTypes);
  186. return view('displays.showAllTemplates')->with($varToPass);
  187. } else {
  188. Session::put('loginRedirect',$_SERVER['REQUEST_URI']);
  189. return view('auth.loginTest');
  190. }
  191. }
  192.  
  193. public function viewAllProjects() {
  194. $userId = Session::get('authUserId');
  195. if($userId) {
  196. $db = $this->openDatabaseDefault();
  197. $sql = "SELECT PRJ_ProjectId, PRJ_ProjectName, PRJ_ProjectStatus FROM gaig_users.projects;";
  198. if(!$projects = $db->query($sql)) {
  199. $this->databaseErrorLogging($sql,$db);
  200. exit;
  201. }
  202. if($projects->num_rows === 0) {
  203. echo "Sorry. There are no users in this database.";
  204. exit;
  205. }
  206. $project = $projects->fetch_all();
  207. $data = array();
  208. $projectSize = sizeof($project);
  209. for($i = 0; $i < $projectSize; $i++) {
  210. $data[$i] = array('PRJ_ProjectId'=>$project[$i][0],'PRJ_ProjectName'=>$project[$i][1],'PRJ_ProjectStatus'=>$project[$i][2]);
  211. }
  212. $varToPass = array('projectSize'=>$projectSize,'data'=>$data);
  213. $db->close();
  214. return view('displays.showAllProjects')->with($varToPass);
  215. } else {
  216. Session::put('loginRedirect',$_SERVER['REQUEST_URI']);
  217. return view('auth.loginTest');
  218. }
  219. }
  220.  
  221. public function createNewProject(Request $request) {
  222. $projectName = $request->input('projectNameText');
  223. $projectAssignee = $request->input('projectAssigneeText');
  224. $date = date("Y-m-d");
  225. $db = $this->openDatabaseDefault();
  226. $sql = "INSERT INTO gaig_users.projects (PRJ_ProjectId,PRJ_ProjectName,PRJ_ProjectAssignee,PRJ_ProjectStart,
  227. PRJ_ProjectLastActive,PRJ_ProjectStatus,PRJ_ProjectTotalUsers,PRJ_EmailViews,PRJ_WebsiteViews,
  228. PRJ_ProjectTotalReports) VALUES (null,'$projectName','$projectAssignee','$date','$date','Inactive',0,0,0,0);";
  229. if(!$projects = $db->query($sql)) {
  230. $this->databaseErrorLogging($sql,$db);
  231. exit;
  232. }
  233. $db->close();
  234. }
  235. public function createNewTemplate(Request $request) {
  236. $path = '../resources/views/emails/';
  237. $templateName = $request->input('templateName');
  238. $path = $path . $templateName . '.blade.php';
  239. $templateContent = $request->input('templateContent');
  240. File::put($path,$templateContent);
  241. File::delete('../resources/views/emails/.blade.php');
  242. }
  243.  
  244. public function htmlReturner($id) {
  245. $path = '../resources/views/emails/' . $id . '.blade.php';
  246. $contents = '';
  247. try {
  248. $contents = File::get($path);
  249. }
  250. catch (FileNotFoundException $fnfe) {
  251. $contents = "Preview Unavailable";
  252. }
  253. return $contents;
  254. }
  255.  
  256. public function updateDefaultEmailSettings(Request $request) {
  257. $username = $request['usernameText'];
  258. $company = $request['companyText'];
  259. $host = $request['mailServerText'];
  260. $port = $request['mailPortText'];
  261. $userId = Session::get('authUserId');
  262. if($userId) {
  263. $db = $this->openDatabaseDefault();
  264. $checkExists = "SELECT DFT_UserId FROM gaig_users.default_emailsettings WHERE DFT_UserId='$userId';";
  265. if(!$checkExistsResult = $db->query($checkExists)) {
  266. $this->databaseErrorLogging($checkExists,$db);
  267. exit;
  268. }
  269. if($checkExistsResult->num_rows === 0) {
  270. $insert = "INSERT INTO gaig_users.default_emailsettings (DFT_UserId, DFT_MailServer, DFT_MailPort,
  271. DFT_Username, DFT_CompanyName) VALUES ('$userId','$host','$port','$username',
  272. '$company');";
  273. $insertResult = $db->query($insert);
  274. exit;
  275. } else {
  276. $update = "UPDATE gaig_users.default_emailsettings SET DFT_MailServer='$host', DFT_MailPort='$port',
  277. DFT_Username='$username', DFT_CompanyName='$company';";
  278. $updateResult = $db->query($update);
  279. }
  280. $db->close();
  281. } else {
  282. return view('auth.loginTest');
  283. }
  284. }
  285.  
  286. public function postLogin(Request $request) {
  287. $username = $request['usernameText'];
  288. $password = $request['passwordText'];
  289. $db = $this->openDatabaseDefault();
  290. $selectHash = "SELECT USR_Password,USR_UserId FROM gaig_users.users WHERE USR_Username='$username';";
  291. if(!$hashResults = $db->query($selectHash)) {
  292. $this->databaseErrorLogging($selectHash,$db);
  293. exit;
  294. }
  295. if($hashResults->num_rows === 0) {
  296. $varToPass = array('errors'=>array("We failed to find the username provided. Check your spelling and try
  297. again. If this problem continues, contact your manager."));
  298. return view('auth.loginTest')->with($varToPass);
  299. }
  300. $hashResult = $hashResults->fetch_assoc();
  301. $db->close();
  302. if(password_verify($password,$hashResult['USR_Password'])) {
  303. Session::put('authUser',$username);
  304. Session::put('authUserId',$hashResult['USR_UserId']);
  305. } else {
  306. $varToPass = array('errors'=>array('The password provided does not match our records.'));
  307. return view('auth.loginTest')->with($varToPass);
  308. }
  309. $redirectPage = Session::get('loginRedirect');
  310. if($redirectPage) {
  311. return redirect()->to($redirectPage);
  312. } else {
  313. return view('errors.500');
  314. }
  315. }
  316. public function postRegister(Request $request) {
  317. $username = $request['usernameText'];
  318. $password = $request['passwordText'];
  319. $firstName = $request['firstNameText'];
  320. $lastName = $request['lastNameText'];
  321. $password = password_hash($password,PASSWORD_DEFAULT);
  322. $db = $this->openDatabaseDefault();
  323. $insertUser = "INSERT INTO gaig_users.users (USR_UserId,USR_Username,USR_FirstName,USR_LastName,
  324. USR_UniqueURLId,USR_Password,USR_ProjectMostRecent,USR_ProjectPrevious,USR_ProjectLast) VALUES
  325. (null,'$username','$firstName','$lastName',null,'$password',null,null,null);";
  326. $insertResult = $db->query($insertUser);
  327. $selectUserId = "SELECT USR_UserId FROM gaig_users.users WHERE USR_Username='$username';";
  328. $selectResults = $db->query($selectUserId);
  329. $selectResult = $selectResults->fetch_assoc();
  330. $db->close();
  331. Session::put('authUser',$username);
  332. Session::put('authUserId',$selectResult['USR_UserId']);
  333. }
  334. public function logout() {
  335. Session::forget('authUser');
  336. Session::forget('authUserId');
  337. Session::forget('loginRedirect');
  338. return redirect()->to('http://localhost:8888');
  339. }
  340. public function isUserAuth() {
  341. $return = array('authCheck'=>Session::get('authUserId'));
  342. return $return;
  343. }
  344.  
  345. public function postWebsiteJson() {
  346. $userId = Session::get('authUserId');
  347. if($userId) {
  348. $websiteData = array();
  349. $websiteSelect = "SELECT WBS_Ip,WBS_Host,WBS_ReqPath,WBS_Username,WBS_ProjectName,WBS_AccessDate,
  350. WBS_AccessTime FROM gaig_users.website_tracking;";
  351. $db = $this->openDatabaseDefault();
  352. if(!$websiteResults = $db->query($websiteSelect)) {
  353. $this->databaseErrorLogging($websiteSelect,$db);
  354. exit;
  355. }
  356. if($websiteResults->num_rows === 0) {
  357. //echo "Sorry. There are no users in this database.";
  358. //exit;
  359. }
  360. $websiteResult = $websiteResults->fetch_all();
  361. for($i = 0; $i < sizeof($websiteResult); $i++) {
  362. $websiteData[$i] = array('WBS_Ip'=>$websiteResult[$i][0],'WBS_Host'=>$websiteResult[$i][1],
  363. 'WBS_ReqPath'=>$websiteResult[$i][2],'WBS_Username'=>$websiteResult[$i][3],
  364. 'WBS_ProjectName'=>$websiteResult[$i][4],'WBS_AccessDate'=>$websiteResult[$i][5],
  365. 'WBS_AccessTime'=>$websiteResult[$i][6]);
  366. }
  367. $db->close();
  368. return $websiteData;
  369. }
  370. }
  371. public function postEmailJson() {
  372. $userId = Session::get('authUserId');
  373. if($userId) {
  374. $emailData = array();
  375. $emailSelect = "SELECT EML_Ip,EML_Host,EML_Username,EML_ProjectName,EML_AccessDate,
  376. EML_AccessTime FROM gaig_users.email_tracking;";
  377. $db = $this->openDatabaseDefault();
  378. if(!$emailResults = $db->query($emailSelect)) {
  379. $this->databaseErrorLogging($emailSelect,$db);
  380. exit;
  381. }
  382. if($emailResults->num_rows === 0) {
  383. //echo "Sorry. There are no users in this database.";
  384. //exit;
  385. }
  386. $emailResult = $emailResults->fetch_all();
  387. for($i = 0; $i < sizeof($emailResult); $i++) {
  388. $emailData[$i] = array('EML_Ip'=>$emailResult[$i][0],'EML_Host'=>$emailResult[$i][1],
  389. 'EML_Username'=>$emailResult[$i][2],'EML_ProjectName'=>$emailResult[$i][3],
  390. 'EML_AccessDate'=>$emailResult[$i][4],'EML_AccessTime'=>$emailResult[$i][5]);
  391. }
  392. $db->close();
  393. return $emailData;
  394. }
  395. }
  396. public function postReportsJson() {
  397. $userId = Session::get('authUserId');
  398. if($userId) {
  399. $reportData = array();
  400. $reportsSelect = "SELECT RPT_EmailSubject,RPT_UserEmail,RPT_OriginalFrom,RPT_ReportDate FROM gaig_users.reports;";
  401. $db = $this->openDatabaseDefault();
  402. if(!$reportsResults = $db->query($reportsSelect)) {
  403. $this->databaseErrorLogging($reportsSelect,$db);
  404. exit;
  405. }
  406. if($reportsResults->num_rows === 0) {
  407. //echo "Sorry. There are no users in this database.";
  408. //exit;
  409. }
  410. $reportsResult = $reportsResults->fetch_all();
  411. for($i = 0; $i < sizeof($reportsResult); $i++) {
  412. $reportData[$i] = array('RPT_EmailSubject'=>$reportsResult[$i][0],'RPT_UserEmail'=>$reportsResult[$i][1],
  413. 'RPT_OriginalFrom'=>$reportsResult[$i][2],'RPT_ReportDate'=>$reportsResult[$i][3]);
  414. }
  415. $db->close();
  416. return $reportData;
  417. }
  418. }
  419.  
  420. public function databaseErrorLogging($sql,$db) {
  421. echo "Sorry, the website is experiencing technical difficulties.";
  422. echo "Error: Our query failed to execute and here is why: n";
  423. echo "Hash Select Query: " . $sql . "n";
  424. echo "Errno: " . $db->errno . "n";
  425. echo "Error: " . $db->error . "n";
  426. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!