janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing crashes, adding threadsafety and changing welcome.,php

Browse Source
This commit is contained in:
jakani24
2024-03-12 13:14:40 +01:00
parent e264f4c22a
commit b219fbab8e
33 changed files with 1384 additions and 680 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
src/server/cyberhex-code/system/secure_zone/php/welcome.php
View File

@@ -11,6 +11,14 @@ if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
$machine_id = isset($_GET["machine_id"]) ? $_GET["machine_id"] : "";
$path = isset($_GET["path"]) ? $_GET["path"] : "";
$hash = isset($_GET["hash"]) ? $_GET["hash"] : "";
$action = isset($_GET["action"]) ? $_GET["action"] : "";
$filter_query = "&hash=$hash&path=$path&machine_id=$machine_id&action=$action";
?>
<!DOCTYPE html>
<html lang="en">
@@ -31,89 +39,161 @@ $email = $_SESSION["email"];
</div>
<div class="card-body">
<h4>Current Threads</h4>
<?php
include "../../../config.php";
if(isset($_GET["delete"])){
$entryid=htmlspecialchars($_GET["delete"]);
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "DELETE FROM vir_notify WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $entryid);
// Execute the statement
$stmt->execute();
$stmt->close();
$conn->close();
}
// Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT count(*) AS vir_count FROM vir_notify";
$stmt = $conn->prepare($sql);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$num_of_entrys=$row["vir_count"];
$stmt->close();
$conn->close();
//now list of all the entrys => machineid, file, hash, action taken
// Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$last_id=-1;
//create the table header
echo('<table class="table">');
echo('<thead>');
echo('<tr>');
echo('<th>Entryid</th><th>Machineid</th><th>File</th><th>Hash</th><th>Action Taken</th><th>Delete</th>');
echo('</tr>');
echo('</thead>');
echo('<tbody>');
while($num_of_entrys!=0){
$sql = "SELECT * FROM vir_notify where id > $last_id";
$stmt = $conn->prepare($sql);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$last_id=$row["id"];
$machineid=$row["machine_id"];
$hash=$row["hash"];
$file=$row["path"];
$action=$row["action"];
echo('<tr>');
echo('<td>'.$last_id.'</td>');
echo('<td>'.$machineid.'</td>');
echo('<td>'.$file.'</td>');
echo('<td>'.$hash.'</td>');
echo('<td>'.$action.'</td>');
echo('<td><a href="welcome.php?delete='.$last_id.'">delete</a></td>');
echo('</tr>');
$stmt->close();
$num_of_entrys--;
}
echo('</tbody>');
echo('</table>');
$conn->close();
?>
<!-- table with all log entrys => delete button -->
<?php
//include db pw
include "../../../config.php";
//delete entry if requested and if user has rights to do that
if(isset($_GET["delete"])){
if($perms[3]!=="1"){
echo '<div class="alert alert-danger" role="alert">
You are not allowed to delete log entries. (insufficient permissions)
</div>';
}else{
$id=htmlspecialchars($_GET["delete"]);
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "DELETE FROM vir_notify WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $id);
// Execute the statement
$stmt->execute();
$stmt->close();
$conn->close();
echo '<div class="alert alert-success" role="alert">
Log entry deleted.
</div>';
}
}
if(isset($_GET["delete_all"])){
if($perms[3]!=="1"){
echo '<div class="alert alert-danger" role="alert">
You are not allowed to delete log entries. (insufficient permissions)
</div>';
}else{
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "DELETE FROM vir_notify";
$stmt = $conn->prepare($sql);
// Execute the statement
$stmt->execute();
$stmt->close();
$conn->close();
echo '<div class="alert alert-success" role="alert">
Log deleted.
</div>';
}
}
// Define page size and current page
$page_size = 50;
$current_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$offset = ($current_page - 1) * $page_size;
// Get total number of log entries based on filters
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT count(*) AS log_count FROM vir_notify WHERE path LIKE ? AND hash LIKE ? AND machine_id LIKE ? AND action LIKE ?";
$stmt = $conn->prepare($sql);
$path = "%" . $path . "%";
$hash = "%" . $hash . "%";
$machine_id = "%" . $machine_id . "%";
$action = "%" . $action . "%";
$stmt->bind_param("ssss", $path, $hash, $machine_id, $action);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$total_entries = $row["log_count"];
// Calculate total pages
$total_pages = ceil($total_entries / $page_size);
// Query log entries for the current page with filters
$sql = "SELECT * FROM vir_notify WHERE path LIKE ? AND hash LIKE ? AND machine_id LIKE ? AND action LIKE ? ORDER BY id DESC LIMIT ?, ?";
$stmt = $conn->prepare($sql);
$path = "%" . $path . "%";
$hash = "%" . $hash . "%";
$machine_id = "%" . $machine_id . "%";
$action = "%" . $action . "%";
$stmt->bind_param("ssssii", $path, $hash, $machine_id, $action, $offset, $page_size);
$stmt->execute();
$result = $stmt->get_result();
// Display log entries
echo '<table class="table" style="overflow-x:auto">';
echo '<thead>';
echo '<tr>';
echo '<th>Entry id</th><th>Machine id</th><th>File</th><th>Hash</th><th>Action taken</th><th>Delete entry</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
// Display filter options
echo '<tr>';
echo '<form action="welcome.php" method="get">';
echo '<input type="hidden" name="filter_submit" value="true">';
echo '<td><button type="submit" class="btn btn-primary btn-block">Filter</button></td>';
echo '<td><input type="text" class="form-control" name="machine_id" placeholder="' . str_replace("%","",$machine_id) . '"></td>';
echo '<td><input type="text" class="form-control" name="path" placeholder="' . str_replace("%","",$path) . '"></td>';
echo '<td><input type="text" class="form-control" name="hash" placeholder="' . str_replace("%","",$hash) . '"></td>';
//echo '<td><input type="text" class="form-control" name="time" placeholder="' . str_replace("%","",$machine_location) . '"></td>';
echo '<td><input type="text" class="form-control" name="action" placeholder="' . str_replace("%","",$action) . '"></td>';
echo '<td><button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#delete_all">Delete log</button></td>';
echo '</form>';
echo '</tr>';
while($row = $result->fetch_assoc()) {
echo '<tr>';
echo '<td>' . $row["id"] . '</td>';
echo '<td>' . $row["machine_id"] . '</td>';
echo '<td>' . $row["path"] . '</td>';
echo '<td>' . $row["hash"] . '</td>';
//echo '<td>' . $row["machine_location"] . '</td>';
echo '<td>' . $row["action"] . '</td>';
echo '<td><a href="welcome.php?delete=' . $row["id"] . $filter_query . '&page=' . $current_page . '">delete</a></td>';
echo '</tr>';
}
echo '</tbody>';
echo '</table>';
$conn->close();
// Display pagination links with filter query
echo '<nav aria-label="Page navigation">';
echo '<ul class="pagination justify-content-center">';
for ($i = 1; $i <= $total_pages; $i++) {
echo '<li class="page-item ' . ($i == $current_page ? 'active' : '') . '"><a class="page-link" href="welcome.php?page=' . $i . $filter_query . '">' . $i . '</a></li>';
}
echo '</ul>';
echo '</nav>';
?>
</div>
</div>
</div>
</div>
</div>
<div class="modal fade" id="delete_all" tabindex="-1" aria-labelledby="delete_all_label" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="delete_all_label">WARNING</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
Warning! You are about to delete the entyre System0 log.<br>This cannot be undone.<br>We highly recommend exporting the entyre log, before deleting it.<br>
You will not be able to undo this step. Important security evidence will be lost, if you press the "delete" button!
</div>
<div class="modal-footer">
<button style="width:70%" type="button" class="btn btn-primary" data-bs-dismiss="modal">Cancel</button>
<a style="width:25%" class="btn btn-danger" href="welcome.php?delete_all">Delete log</a>
</div>
</div>
</div>
</body>
</html>