janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94dd7d57649534d39a59e7ea5f4835bd675d1a8b
ma/src/server/cyberhex-code/system/secure_zone/php/database_settings.php
jakani24 9415ba95e5 added yara downloader in installer
2024-04-04 19:14:38 +02:00

303 lines
12 KiB
PHP
Raw Blame History

<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
if($perms[6]!=="1"){
header("location:/system/insecure_zone/php/no_access.php");
$block=1;
exit();
}else{
$block=0;
}
//for the get_perms_str() function
include "perms_functions.php";
include "../../../config.php";
//create connection to db
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Database Settings</title>
</head>
<body>
<script>
async function update_db(){
var loader=document.getElementById("loader");
var finish=document.getElementById("finish");
var button=document.getElementById("update_btn");
loader.style.display="block";
finish.style.display="none";
button.style.display="none";
await fetch('/api/php/database/compile_database.php');
loader.style.display="none";
button.style.display="block";
finish.style.display="block";
}
async function update_percentage() {
var percentageElement = document.getElementById("percentage");
// Display loading indicator
percentageElement.innerHTML = "Loading...";
// Make an AJAX request to the PHP script
await fetch('/api/php/database/get_update_status.php')
.then(response => response.json())
.then(data => {
// Update the percentage on the webpage
percentageElement.innerHTML = "Status: " + data.toFixed(2) + "%";
})
.catch(error => {
// Display error message if request fails
percentageElement.innerHTML = "Error: " + error.message;
});
}
// Call update_percentage every 5 seconds
setInterval(update_percentage, 5000);
//update an entry
function update_textfield(db,id,name,itemid){
var element = document.getElementById(id);
var value = element.value;
fetch('database_settings.php?update='+name+'&value='+value+'&id='+itemid+'&db='+db);
}
//delete an entry
async function delete_item(db,id){
await fetch('database_settings.php?delete='+id+'&db='+db);
location.reload();
}
//add an entry
async function add_item(db,element_id1,field1,element_id2,field2){ //we have two valus, two dbs and so on, becuase we have the signature and the description
var element1 = document.getElementById(element_id1);
var value1 = element1.value;
var element2 = document.getElementById(element_id2);
var value2 = element2.value;
await fetch('database_settings.php?add='+db+'&value1='+value1+'&field1='+field1+'&value2='+value2+'&field2='+field2);
location.reload();
}
</script>
<?php
//we store all the functions like update,safe,load etc in this file, because else "database_settings.php" will get way to big
include "database_settings_functions.php";
if(isset($_GET["update"])){
safe_settings($_GET["db"]);
}
if(isset($_GET["delete"])){
delete_item($_GET["db"],$_GET["delete"]);
}
if(isset($_GET["add"])){
add_item($_GET["add"],$_GET["value1"],$_GET["field1"],$_GET["value2"],$_GET["field2"]);
}
?>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-12">
<div class="card">
<div class="card-header">
<h4>Database Settings</h4>
</div>
<div class="card-body">
<ul class="nav nav-tabs">
<li class="nav-item">
<a class="nav-link" href="database_settings.php?show=update" id="update_tab">Database update</a>
</li>
<li class="nav-item">
<a class="nav-link" href="database_settings.php?show=excluded" id="excluded_tab">Excluded signatures</a>
</li>
<li class="nav-item">
<a class="nav-link" href="database_settings.php?show=included" id="included_tab">Included Signatures</a>
</li>
<li class="nav-item">
<a class="nav-link" href="database_settings.php?show=yara" id="yara_tab">Yara Rules</a>
</li>
</ul>
<div id="update" style="display:none">
<h4>Database Update</h4>
<button id="update_btn" class="btn btn-dark" onclick="update_db();">Update / regenerate Database (!this can take very long ~1h)</button>
<div style="display:none" id="loader">
<br>
<div class="alert alert-success" role="alert">
Database update is running, please do not close this tab and do not navigate away!
<div id="percentage"></div>
</div>
<div class="spinner-border" role="status">
<span class="visually-hidden">Loading...</span>
</div>
</div>
<div class="alert alert-success" role="alert" style="display:none" id="finish">
Database update finished!
</div>
</div>
<div id="excluded" style="display:none">
<h4>Excluded signatures</h4>
<!-- Table with user defined, excluded hashes -->
<?php
//load entrys from excluded db
$sql = "SELECT * FROM sig_ex";
$stmt = $conn->prepare($sql);
$stmt->execute();
$result = $stmt->get_result();
// Display log entries
echo '<table class="table" style="overflow-x:auto">';
echo '<thead>';
echo '<tr>';
echo '<th>#</th><th>Signature</th><th>Description</th><th>Add / Delete</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
echo('<tr>');
echo('<th scope="row">000</th>');
echo('<td><input type="text" id="sig_ex" class="form-control" name="name"></td>');
echo('<td><input type="text" id="sig_ex_desc" class="form-control" name="name"></td>');
echo('<td><button type="button" class="btn btn-primary" onclick="add_item(\'sig_ex\',\'sig_ex\',\'signature\',\'sig_ex_desc\',\'description\');">Add</button></td>');
echo('</tr>');
while($row = $result->fetch_assoc()) {
echo '<tr>';
echo("<th scope=\"row\">".$row["id"]."</th>");
echo("<td><input type=\"text\" id=\"sig_ex".$row["id"]."\" class=\"form-control\" name=\"name\" value=\"".$row["signature"]."\" oninput=\"update_textfield('sig_ex','sig_ex".$row["id"]."','sig','".$row["id"]."');\"></td>");
echo("<td><input type=\"text\" id=\"sig_ex_desc".$row["id"]."\" class=\"form-control\" name=\"name\" value=\"".$row["description"]."\" oninput=\"update_textfield('sig_ex','sig_ex_desc".$row["id"]."','sig_desc','".$row["id"]."');\"></td>");
echo("<td><button type=\"button\" class=\"btn btn-danger\" onclick=\"delete_item('sig_ex',".$row["id"].");\">Delete</button></td>");
echo '</tr>';
}
echo '</tbody>';
echo '</table>';
?>
</div>
<div id="included" style="display:none">
<h4>Included signatures</h4>
<!-- Table with user defined, included hashes -->
<?php
//load entrys from excluded db
$sql = "SELECT * FROM sig_in";
$stmt = $conn->prepare($sql);
$stmt->execute();
$result = $stmt->get_result();
// Display log entries
echo '<table class="table" style="overflow-x:auto">';
echo '<thead>';
echo '<tr>';
echo '<th>#</th><th>Signature</th><th>Description</th><th>Add / Delete</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
echo('<tr>');
echo('<th scope="row">000</th>');
echo('<td><input type="text" id="sig_in" class="form-control" name="name"></td>');
echo('<td><input type="text" id="sig_in_desc" class="form-control" name="name"></td>');
echo('<td><button type="button" class="btn btn-primary" onclick="add_item(\'sig_in\',\'sig_in\',\'signature\',\'sig_in_desc\',\'description\');">Add</button></td>');
echo('</tr>');
while($row = $result->fetch_assoc()) {
echo '<tr>';
echo("<th scope=\"row\">".$row["id"]."</th>");
echo("<td><input type=\"text\" id=\"sig_in".$row["id"]."\" class=\"form-control\" name=\"name\" value=\"".$row["signature"]."\" oninput=\"update_textfield('sig_in','sig_in".$row["id"]."','sig','".$row["id"]."');\"></td>");
echo("<td><input type=\"text\" id=\"sig_in_desc".$row["id"]."\" class=\"form-control\" name=\"name\" value=\"".$row["description"]."\" oninput=\"update_textfield('sig_in','sig_in_desc".$row["id"]."','sig_desc','".$row["id"]."');\"></td>");
echo("<td><button type=\"button\" class=\"btn btn-danger\" onclick=\"delete_item('sig_in',".$row["id"].");\">Delete</button></td>");
echo '</tr>';
}
echo '</tbody>';
echo '</table>';
?>
</div>
<div id="yara" style="display:none">
<h4>Yara Rules (for deepscans)</h4>
<?php
//list the yara rules that we have
$page_size = 50;
$current_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$yara_files=list_yara_files("/var/www/html/database_srv/");
$total_entries=count($yara_files);
// Calculate total pages
$total_pages = ceil($total_entries / $page_size);
// Display log entries
echo '<table class="table" style="overflow-x:auto">';
echo '<thead>';
echo '<tr>';
echo '<th>Entry id</th><th>Name</th><th>Download Rule</th>';
echo '</tr>';
echo '</thead>';
echo '<tbody>';
$start=($current_page - 1) * $page_size;
$stop=$start+$page_size;
$i=0;
foreach($yara_files as $yara_file){
if($i>=$start && $i<=$stop){
//list out the file
echo '<tr>';
echo '<td>' . $i . '</td>';
echo '<td>' . basename($yara_file) . '</td>';
echo '<td><a href="'.str_replace("/var/www/html","",$yara_file).'" download>Download</a></td>';
//echo '<td><a href="view_log.php?delete_yar='.$yara_file.'&page=' . $current_page . '">delete</a></td>'; //NEED TO BE DONE
echo '</tr>';
}
$i++;
}
echo '</tbody>';
echo '</table>';
// Display pagination links with filter query
echo '<nav aria-label="Page navigation">';
echo '<ul class="pagination justify-content-center">';
for ($i = 1; $i <= $total_pages; $i++) {
echo '<li class="page-item ' . ($i == $current_page ? 'active' : '') . '"><a class="page-link" href="database_settings.php?show=yara&page='.$i.'">' . $i . '</a></li>';
}
echo '</ul>';
echo '</nav>';
?>
</div>
</div>
</div>
</div>
</div>
</div>
<?php
$conn->close();
?>
<script>
//decide which div should be shown:
// Get the URL parameters
const queryString = window.location.search;
const urlParams = new URLSearchParams(queryString);
// Get the value of the "show" parameter
const show_div = document.getElementById(urlParams.get('show'));
const nav_tab = document.getElementById(urlParams.get('show')+"_tab");
show_div.style.display="block";
nav_tab.setAttribute('class', 'nav-link active');
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink