diff --git a/src/server/cyberhex-code/api/php/notifications/sendmessage.php b/src/server/cyberhex-code/api/php/notifications/sendmessage.php
index 3159067..045f996 100644
--- a/src/server/cyberhex-code/api/php/notifications/sendmessage.php
+++ b/src/server/cyberhex-code/api/php/notifications/sendmessage.php
@@ -1,6 +1,5 @@
/dev/null &');
function send($message){
$message=urlencode($message);
@@ -37,6 +36,45 @@ function send($message){
$stmt -> close();
}
}
+
+function send_to_user($message,$username){
+ $message=urlencode($message);
+ include "../../../config.php";
+ $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
+ if ($conn->connect_error) {
+ $success=0;
+ die("Connection failed: " . $conn->connect_error);
+ }
+ //get apikey of telegram bot
+ $sql = "SELECT * FROM settings WHERE name = 'telegram_bot'";
+ $stmt = $conn->prepare($sql);
+ // Execute the statement
+ $stmt->execute();
+ // Get the result
+ $telegram_bot="";
+ $result = $stmt->get_result();
+ if ($result->num_rows > 0) {
+ $row = $result->fetch_assoc();
+ $telegram_bot = $row['value'];
+ $stmt->close();
+ //now send a message to every user which has a telegram id
+ $sql = "SELECT telegram_id FROM users where username = ?";
+ $stmt = $conn->prepare($sql);
+ $stmt->bind_param("s", $username);
+ // Execute the statement
+ $stmt->execute();
+ // Get the result
+ $telegram_id="";
+ $result = $stmt->get_result();
+ while($row = $result->fetch_assoc()) {
+ $telegram_id=$row["telegram_id"];
+ exec("curl \"https://api.telegram.org/$telegram_bot/sendMessage?chat_id=$telegram_id&text=$message\" > /dev/null &");
+ }
+ $stmt -> close();
+ }
+}
+
+
if(isset($_GET["send"]))
send($_GET["send"]);
?>
\ No newline at end of file
diff --git a/src/server/cyberhex-code/api/php/virus/notify_virus.php b/src/server/cyberhex-code/api/php/virus/notify_virus.php
index 6c39071..6c3baca 100644
--- a/src/server/cyberhex-code/api/php/virus/notify_virus.php
+++ b/src/server/cyberhex-code/api/php/virus/notify_virus.php
@@ -1,6 +1,5 @@
apikey
-//put auth code here afterwards
include "../accessctrl/check_apikey.php";
if(check_apikey()!==true){
die("no_auth");
@@ -40,6 +39,7 @@ else{
$stmt->close();
$conn->close();
+ //send the message to every user that has set his telegram key in the settings
send("[VIRUS WARNING!]\nhash: $hash\npath: $path\nmachine_id: $machine_id\nmachine_location: $location\naction: $action\n");
}
?>
\ No newline at end of file
diff --git a/src/server/cyberhex-code/install/create_db.php b/src/server/cyberhex-code/install/create_db.php
index 8006abf..4523046 100644
--- a/src/server/cyberhex-code/install/create_db.php
+++ b/src/server/cyberhex-code/install/create_db.php
@@ -68,6 +68,7 @@
user_hex_id VARCHAR(255),
credential_id VARBINARY(64),
allow_pw_login INT,
+ send_login_message INT,
public_key TEXT,
counter INT
)";
diff --git a/src/server/cyberhex-code/system/insecure_zone/php/login.php b/src/server/cyberhex-code/system/insecure_zone/php/login.php
index fc70e54..675762f 100644
--- a/src/server/cyberhex-code/system/insecure_zone/php/login.php
+++ b/src/server/cyberhex-code/system/insecure_zone/php/login.php
@@ -3,6 +3,7 @@ session_start();
if(isset($_SESSION["login"])){
header("LOCATION:/system/secure_zone/php/index.php");
}
+include "/api/php/notifications/sendmessage.php"; //to send user notification on login
?>
@@ -302,7 +303,11 @@ async function checkRegistration() {
$_SESSION["email"]=$row["email"];
$_SESSION["telegram_id"]=$row["telegram_id"];
$_SESSION["allow_pw_login"]=$row["allow_pw_login"];
-
+ $_SESSION["send_login_message"]=$row["send_login_message"];
+ if($_SESSION["send_login_message"]=="1"){
+ $ip = $_SERVER['HTTP_CLIENT_IP'];
+ send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username);
+ }
echo '';
exit();
} else {
diff --git a/src/server/cyberhex-code/system/insecure_zone/php/login_backend.php b/src/server/cyberhex-code/system/insecure_zone/php/login_backend.php
index 3f3be95..3906325 100644
--- a/src/server/cyberhex-code/system/insecure_zone/php/login_backend.php
+++ b/src/server/cyberhex-code/system/insecure_zone/php/login_backend.php
@@ -175,6 +175,11 @@ try {
$_SESSION["email"]=$row["email"];
$_SESSION["telegram_id"]=$row["telegram_id"];
$_SESSION["allow_pw_login"]=$row["allow_pw_login"];
+ $_SESSION["send_login_message"]=$row["send_login_message"];
+ if($_SESSION["send_login_message"]=="1"){
+ $ip = $_SERVER['HTTP_CLIENT_IP'];
+ send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username);
+ }
$return = new stdClass();
$return->success = true;
diff --git a/src/server/cyberhex-code/system/secure_zone/php/passwd.php b/src/server/cyberhex-code/system/secure_zone/php/passwd.php
index 2acd639..bb13e85 100644
--- a/src/server/cyberhex-code/system/secure_zone/php/passwd.php
+++ b/src/server/cyberhex-code/system/secure_zone/php/passwd.php
@@ -318,7 +318,6 @@ $email = $_SESSION["email"];
';
}
- // Close the connection
}
?>
diff --git a/src/server/cyberhex-code/system/secure_zone/php/profile.php b/src/server/cyberhex-code/system/secure_zone/php/profile.php
index b44cbf0..2c83d39 100644
--- a/src/server/cyberhex-code/system/secure_zone/php/profile.php
+++ b/src/server/cyberhex-code/system/secure_zone/php/profile.php
@@ -22,6 +22,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username_new=htmlspecialchars($_POST["username"]);
$telegram_id=htmlspecialchars($_POST["telegram_id"]);
$pw_login=isset($_POST["pw_login"]);
+ $send_login_message=isset($_POST["send_login_message"]);
// Create connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
@@ -31,8 +32,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
die("Connection failed: " . $conn->connect_error);
}
$user_hex_id=bin2hex($username_new);
- $stmt = $conn->prepare("UPDATE users set email = ?, username = ?, telegram_id = ?, allow_pw_login = ?, user_hex_id = ? where username = ?");
- $stmt->bind_param("sssiss", $email, $username_new,$telegram_id, $pw_login,$user_hex_id , $username);
+ $stmt = $conn->prepare("UPDATE users set email = ?, username = ?, telegram_id = ?, allow_pw_login = ?, user_hex_id = ?, send_login_message = ? where username = ?");
+ $stmt->bind_param("sssiss", $email, $username_new,$telegram_id, $pw_login,$user_hex_id, $send_login_message , $username);
$email=htmlspecialchars($_POST["email"]);
$username_new=htmlspecialchars($_POST["username"]);
@@ -45,6 +46,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$_SESSION["email"]=$email;
$_SESSION["telegram_id"]=$telegram_id;
$_SESSION["allow_pw_login"]=$pw_login;
+ $_SESSION["send_login_message"]=$send_login_message;
}
?>
@@ -95,6 +97,17 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+
+ ");
+ }else{
+ echo("");
+ }
+ ?>
+
+
+