janis/website-template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Janis Steiner
2024-06-26 16:50:09 +02:00
committed by GitHub
commit ec96efb55b
45 changed files with 6387 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

231
server/app-code/system/secure_zone/php/add_user.php Normal file
View File

@@ -0,0 +1,231 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
if($perms[0]!=="1"){
header("location:/system/insecure_zone/php/no_access.php");
$block=1;
exit();
}else{
$block=0;
}
//for the get_perms_str() function
include "perms_functions.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Change Password</title>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>Add a user</h4>
</div>
<div class="card-body">
<form action="add_user.php?add=true" method="post">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<label for="perms_table">User permissions:</label>
<table class="table" id="perms_table" name="perms_table">
<thead>
<tr>
<th>#</th>
<th>Description</th>
<th>Allow/Deny</th>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">1</th>
<td>Add user <a data-bs-target="#warning" data-bs-toggle="modal" href="#warning">(Warning!)</a></td>
<td><input type="checkbox" name="add_user"></td>
</tr>
<tr>
<th scope="row">2</th>
<td>Delete/list/manage user <a data-bs-target="#warning2" data-bs-toggle="modal" href="#warning2">(Warning!)</a></td>
<td><input type="checkbox" name="delete_user"></td>
</tr>
<tr>
<th scope="row">3</th>
<td>View log</td>
<td><input type="checkbox" name="view_log"></td>
</tr>
<tr>
<th scope="row">4</th>
<td>Delete log</td>
<td><input type="checkbox" name="delete_log"></td>
</tr>
<tr>
<th scope="row">5</th>
<td>Server Settings</td>
<td><input type="checkbox" name="server_settings"></td>
</tr>
<tr>
<th scope="row">6</th>
<td>Client settings</td>
<td><input type="checkbox" name="client_settings"></td>
</tr>
<tr>
<th scope="row">7</th>
<td>Database settings</td>
<td><input type="checkbox" name="database_settings"></td>
</tr>
<tr>
<th scope="row">8</th>
<td>Add clients</td>
<td><input type="checkbox" name="add_clients"></td>
</tr>
<tr>
<th scope="row">9</th>
<td>Delete/list clients</td>
<td><input type="checkbox" name="delete_clients"></td>
</tr>
<tr>
<th scope="row">10</th>
<td>View Incidents</td>
<td><input type="checkbox" name="view_incidents"></td>
</tr>
<tr>
<th scope="row">11</th>
<td>Manage Incidents</td>
<td><input type="checkbox" name="manage_incidents"></td>
</tr>
</tbody>
</table>
<button type="submit" class="btn btn-primary btn-block">Add user</button>
</form>
<br>
<!-- php code to add user-->
<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST" and $block==0) {
//include db pw
include "../../../config.php";
// Retrieve user input
$password = $_POST["password"];
$email=$_POST["email"];
$username=$_POST["username"];
$hash=password_hash($password, PASSWORD_BCRYPT);
// Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$stmt->close();
$conn->close();
// Check if the user exists and verify the password
if ($result->num_rows > 0) {
echo '<div class="alert alert-danger" role="alert">
User already exists!
</div>';
}else{
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("INSERT INTO users (email, username, password,perms,allow_pw_login,send_login_message,use_2fa) VALUES (?, ?, ?, ?,1,0,0)");
$stmt->bind_param("ssss", $email, $username, $hash, $permissions);
$email=htmlspecialchars($_POST["email"]);
$username=htmlspecialchars($_POST["username"]);
$password=$_POST["password"];
$permissions=get_perm_str();
$hash=password_hash($password, PASSWORD_BCRYPT);
$stmt->execute();
$stmt->close();
$conn->close();
echo '<div class="alert alert-success" role="alert">
User added successfully!
</div>';
}
}elseif($block==1){
echo '<div class="alert alert-danger" role="alert">
You do not have permission to add a user!
</div>';
}
?>
</div>
</div>
</div>
<div class="modal fade" id="warning" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="false">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel">User add permission warning</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
A user with the permission "add_user" can add new users with all permissions.<br>
Including permissions which the user, who creates the new user does not have.<br>
This can be used for privilege escalation!<br>
Please only allow a few trusted users this permission!
</div>
</div>
</div>
</div>
<div class="modal fade" id="warning2" tabindex="-1" aria-labelledby="warning2_label" aria-hidden="false">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="warning2_label">User manage permission warning</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
A user with the permission "manage_user" can change all permissions of all users.<br>
Including permissions which the user, who has this permission does not have.<br>
This can be used for privilege escalation!<br>
Please only allow a few trusted users this permission!
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

137
server/app-code/system/secure_zone/php/index.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = htmlspecialchars($_SESSION['username']);
$perms = $_SESSION["perms"];
if(isset($_GET["page"])){
$page=htmlspecialchars($_GET["page"]);
}else{
$page="welcome.php"; //this is actually the Dashboard
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Cyberhex (<?php echo(str_replace("_"," ",explode(".",$page))[0]); ?>)</title>
</head>
<body>
<!-- navbar -->
<nav class="navbar navbar-light bg-light">
<div class="container-fluid">
<span class="navbar-text">
Cyberhex (<?php echo(str_replace("_"," ",explode(".",$page))[0]); ?>)
</span>
<span class="navbar-text text-center">
<?php echo($username); ?>
</span>
<span class="navbar-text text-right">
<a href="/logout.php">Logout</a>
</span>
</div>
</nav>
<div class="container-fluid">
<div class="row">
<!-- sidebar -->
<div class="col-2">
<p>Home</p>
<ul>
<?php
if(1)//every user can access this page
echo('<li><a href="index.php?page=welcome.php">Dashboard</a></li>');
?>
</ul>
<p>User</p>
<ul>
<?php
if(1)//every user can access this page
echo('<li><a href="index.php?page=profile.php">Profile</a></li>');
if(1)//every user can access this page
echo('<li><a href="index.php?page=passwd.php">Change Password</a></li>');
if($perms[0]=="1")
echo('<li><a href="index.php?page=add_user.php">Add User</a></li>');
if($perms[1]=="1")
echo('<li><a href="index.php?page=user_list.php">User List</a></li>');
?>
</ul>
<?php
if($perms[2]=="1")
echo("<p>Log</p>");
?>
<ul>
<?php
if($perms[2]=="1")
echo('<li><a href="index.php?page=view_log.php">View Log</a></li>');
if($perms[2]=="1")
echo('<li><a href="index.php?page=export_log.php">Export Log</a></li>');
if($perms[2]=="1")
echo('<li><a href="index.php?page=log_backups.php">Log Backups</a></li>');
if($perms[2]=="1")
echo('<li><a href="index.php?page=view_server_log.php">Server Log</a></li>');
?>
</ul>
<?php
if($perms[4]=="1" or $perms[5]=="1" or $perms[6]=="1")
echo("<p>Cyberhex settings</p>");
?>
<ul>
<?php
if($perms[4]=="1")
echo('<li><a href="index.php?page=server_settings.php">Server Settings</a></li>');
if($perms[5]=="1")
echo('<li><a href="index.php?page=client_settings.php?show=general">Client Settings</a></li>');
if($perms[6]=="1")
echo('<li><a href="index.php?page=database_settings.php?show=update">Database Settings</a></li>');
?>
</ul>
<?php
if($perms[7]=="1" or $perms[8]=="1")
echo("<p>Clients</p>");
?>
<ul>
<?php
if($perms[7]=="1")
echo('<li><a href="index.php?page=add_client.php">Add Client</a></li>');
if($perms[8]=="1")
echo('<li><a href="index.php?page=client_list.php">Client List</a></li>');
?>
</ul>
<?php
if($perms[9]=="1" or $perms[10]=="1")
echo("<p>Incidents</p>");
?>
<ul>
<?php
if($perms[9]=="1" or $perms[10]=="1")
echo('<li><a href="index.php?page=incident_list.php">View Incidents</a></li>');
if($perms[10]=="1")
echo('<li><a href="index.php?page=add_incident.php">Add Incident</a></li>');
?>
</ul>
</div>
<!-- main part, with iframe -->
<div class="col-10" >
<!-- iframe -->
<iframe src="<?php echo(str_replace(["://","http"],"",$page)); ?>" width="100%" height="1000px" frameborder="0" style="overflow:hidden"></iframe>
</div>
</div>
</div>
</body>
</html>

272
server/app-code/system/secure_zone/php/manage_user.php Normal file
View File

@@ -0,0 +1,272 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
if($perms[0]!=="1"){
header("location:/system/insecure_zone/php/no_access.php");
$block=1;
exit();
}else{
$block=0;
}
//for the get_perms_str() function
include "perms_functions.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Change Password</title>
</head>
<body>
<?php
//load users attributes
include "../../../config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql="SELECT * FROM users WHERE id=?";
$stmt = $conn->prepare($sql);
$m_userid=htmlspecialchars($_GET["userid"]);
$stmt->bind_param("i", $m_userid);
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$stmt->close();
$m_username=$row["username"];
$m_email=$row["email"];
$m_permissions=$row["perms"];
$conn->close();
?>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>Manage a user</h4>
</div>
<div class="card-body">
<form action="manage_user.php?update=true&userid=<?php echo($m_userid); ?>" method="post">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" class="form-control" id="username" name="username" value="<?php echo($m_username); ?>" required>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo($m_email); ?>" required>
</div>
<label for="perms_table">User permissions:</label>
<table class="table" id="perms_table" name="perms_table">
<thead>
<tr>
<th>#</th>
<th>Description</th>
<th>Allow/Deny</th>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">1</th>
<td>Add user <a data-bs-target="#warning" data-bs-toggle="modal" href="#warning">(Warning!)</a></td>
<?php
if($m_permissions[0]=="1")
echo('<td><input type="checkbox" name="add_user" checked></td>');
else
echo('<td><input type="checkbox" name="add_user"></td>');
?>
</tr>
<tr>
<th scope="row">2</th>
<td>Delete/list/manage user <a data-bs-target="#warning2" data-bs-toggle="modal" href="#warning2">(Warning!)</a></td>
<?php
if($m_permissions[1]=="1")
echo('<td><input type="checkbox" name="delete_user" checked></td>');
else
echo('<td><input type="checkbox" name="delete_user"></td>');
?>
</tr>
<tr>
<th scope="row">3</th>
<td>View log</td>
<?php
if($m_permissions[2]=="1")
echo('<td><input type="checkbox" name="view_log" checked></td>');
else
echo('<td><input type="checkbox" name="view_log"></td>');
?>
</tr>
<tr>
<th scope="row">4</th>
<td>Delete log</td>
<?php
if($m_permissions[3]=="1")
echo('<td><input type="checkbox" name="delete_log" checked></td>');
else
echo('<td><input type="checkbox" name="delete_log"></td>');
?>
</tr>
<tr>
<th scope="row">5</th>
<td>Server Settings</td>
<?php
if($m_permissions[4]=="1")
echo('<td><input type="checkbox" name="server_settings" checked></td>');
else
echo('<td><input type="checkbox" name="server_settings"></td>');
?>
</tr>
<tr>
<th scope="row">6</th>
<td>Client settings</td>
<?php
if($m_permissions[5]=="1")
echo('<td><input type="checkbox" name="client_settings" checked></td>');
else
echo('<td><input type="checkbox" name="client_settings"></td>');
?>
</tr>
<tr>
<th scope="row">7</th>
<td>Database settings</td>
<?php
if($m_permissions[6]=="1")
echo('<td><input type="checkbox" name="database_settings" checked></td>');
else
echo('<td><input type="checkbox" name="database_settings"></td>');
?>
</tr>
<tr>
<th scope="row">8</th>
<td>Add clients</td>
<?php
if($m_permissions[7]=="1")
echo('<td><input type="checkbox" name="add_clients" checked></td>');
else
echo('<td><input type="checkbox" name="add_clients"></td>');
?>
</tr>
<tr>
<th scope="row">9</th>
<td>Delete/list clients</td>
<?php
if($m_permissions[8]=="1")
echo('<td><input type="checkbox" name="delete_clients" checked></td>');
else
echo('<td><input type="checkbox" name="delete_clients"></td>');
?>
</tr>
<tr>
<th scope="row">10</th>
<td>View Incidents</td>
<?php
if($m_permissions[9]=="1")
echo('<td><input type="checkbox" name="view_incidents" checked></td>');
else
echo('<td><input type="checkbox" name="view_incidents"></td>');
?>
</tr>
<tr>
<th scope="row">11</th>
<td>Manage Incidents</td>
<?php
if($m_permissions[10]=="1")
echo('<td><input type="checkbox" name="manage_incidents" checked></td>');
else
echo('<td><input type="checkbox" name="manage_incidents"></td>');
?>
</tr>
</tbody>
</table>
<button type="submit" class="btn btn-primary btn-block">Update user</button>
</form>
<br>
<!-- php code to add user-->
<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST" and $block==0) {
// Retrieve user input
$m_email=$_POST["email"];
$m_username=$_POST["username"];
$m_permissions=get_perm_str();
// Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("UPDATE users set email=?, username=?,perms=? WHERE id=?");
$stmt->bind_param("sssi", $m_email, $m_username, $m_permissions,$m_userid);
$m_email=htmlspecialchars($_POST["email"]);
$m_username=htmlspecialchars($_POST["username"]);
$m_permissions=get_perm_str();
$stmt->execute();
$stmt->close();
$conn->close();
echo("<script>location.href='user_list.php'; </script>");
}elseif($block==1){
echo '<div class="alert alert-danger" role="alert">
You do not have permission to update a user!
</div>';
}
?>
</div>
</div>
</div>
<div class="modal fade" id="warning" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="false">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel">User add permission warning</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
A user with the permission "add_user" can add new users with all permissions.<br>
Including permissions which the user, who creates the new user does not have.<br>
This can be used for privilege escalation!<br>
Please only allow a few trusted users this permission!
</div>
</div>
</div>
</div>
<div class="modal fade" id="warning2" tabindex="-1" aria-labelledby="warning2_label" aria-hidden="false">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="warning2_label">User manage permission warning</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
A user with the permission "manage_user" can change all permissions of all users.<br>
Including permissions which the user, who has this permission does not have.<br>
This can be used for privilege escalation!<br>
Please only allow a few trusted users this permission!
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

333
server/app-code/system/secure_zone/php/passwd.php Normal file
View File

@@ -0,0 +1,333 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Change Password</title>
</head>
<body>
<script>
//js to handle passkey
async function createRegistration() {
try {
// check browser support
if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
throw new Error('Browser not supported.');
}
// get create args
let rep = await window.fetch('/system/insecure_zone/php/add_user_passkey.php?fn=getCreateArgs' + getGetParams(), {method:'GET', cache:'no-cache'});
const createArgs = await rep.json();
// error handling
if (createArgs.success === false) {
throw new Error(createArgs.msg || 'unknown error occured');
}
// replace binary base64 data with ArrayBuffer. a other way to do this
// is the reviver function of JSON.parse()
recursiveBase64StrToArrayBuffer(createArgs);
// create credentials
const cred = await navigator.credentials.create(createArgs);
// create object
const authenticatorAttestationResponse = {
transports: cred.response.getTransports ? cred.response.getTransports() : null,
clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null
};
// check auth on server side
rep = await window.fetch('/system/insecure_zone/php/add_user_passkey.php?fn=processCreate' + getGetParams(), {
method : 'POST',
body : JSON.stringify(authenticatorAttestationResponse),
cache : 'no-cache'
});
const authenticatorAttestationServerResponse = await rep.json();
// prompt server response
if (authenticatorAttestationServerResponse.success) {
reloadServerPreview();
window.alert(authenticatorAttestationServerResponse.msg || 'registration success');
} else {
throw new Error(authenticatorAttestationServerResponse.msg);
}
} catch (err) {
reloadServerPreview();
window.alert(err.message || 'unknown error occured');
}
}
function queryFidoMetaDataService() {
window.fetch('/system/insecure_zone/php/add_user_passkey.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) {
return response.json();
}).then(function(json) {
if (json.success) {
window.alert(json.msg);
} else {
throw new Error(json.msg);
}
}).catch(function(err) {
window.alert(err.message || 'unknown error occured');
});
}
/**
* convert RFC 1342-like base64 strings to array buffer
* @param {mixed} obj
* @returns {undefined}
*/
function recursiveBase64StrToArrayBuffer(obj) {
let prefix = '=?BINARY?B?';
let suffix = '?=';
if (typeof obj === 'object') {
for (let key in obj) {
if (typeof obj[key] === 'string') {
let str = obj[key];
if (str.substring(0, prefix.length) === prefix && str.substring(str.length - suffix.length) === suffix) {
str = str.substring(prefix.length, str.length - suffix.length);
let binary_string = window.atob(str);
let len = binary_string.length;
let bytes = new Uint8Array(len);
for (let i = 0; i < len; i++) {
bytes[i] = binary_string.charCodeAt(i);
}
obj[key] = bytes.buffer;
}
} else {
recursiveBase64StrToArrayBuffer(obj[key]);
}
}
}
}
/**
* Convert a ArrayBuffer to Base64
* @param {ArrayBuffer} buffer
* @returns {String}
*/
function arrayBufferToBase64(buffer) {
let binary = '';
let bytes = new Uint8Array(buffer);
let len = bytes.byteLength;
for (let i = 0; i < len; i++) {
binary += String.fromCharCode( bytes[ i ] );
}
return window.btoa(binary);
}
function ascii_to_hex(str) {
let hex = '';
for (let i = 0; i < str.length; i++) {
let ascii = str.charCodeAt(i).toString(16);
hex += ('00' + ascii).slice(-2); // Ensure each hex value is 2 characters long
}
return hex;
}
/**
* Get URL parameter
* @returns {String}
*/
function getGetParams() {
let url = '';
url += '&apple=1';
url += '&yubico=1';
url += '&solo=1'
url += '&hypersecu=1';
url += '&google=1';
url += '&microsoft=1';
url += '&mds=1';
url += '&requireResidentKey=0';
url += '&type_usb=1';
url += '&type_nfc=1';
url += '&type_ble=1';
url += '&type_int=1';
url += '&type_hybrid=1';
url += '&fmt_android-key=1';
url += '&fmt_android-safetynet=1';
url += '&fmt_apple=1';
url += '&fmt_fido-u2f=1';
url += '&fmt_none=1';
url += '&fmt_packed=1';
url += '&fmt_tpm=1';
url += '&rpId=auth.jakach.com';
url += '&userId=' + encodeURIComponent(ascii_to_hex('<?php echo($username);?>'));
url += '&userName=' + encodeURIComponent('<?php echo($username);?>');
url += '&userDisplayName=' + encodeURIComponent('<?php echo($username);?>');
url += '&userVerification=discouraged';
return url;
}
function reloadServerPreview() {
//let iframe = document.getElementById('serverPreview');
//iframe.src = iframe.src;
}
function setAttestation(attestation) {
let inputEls = document.getElementsByTagName('input');
for (const inputEl of inputEls) {
if (inputEl.id && inputEl.id.match(/^(fmt|cert)\_/)) {
inputEl.disabled = !attestation;
}
if (inputEl.id && inputEl.id.match(/^fmt\_/)) {
inputEl.checked = attestation ? inputEl.id !== 'fmt_none' : inputEl.id === 'fmt_none';
}
if (inputEl.id && inputEl.id.match(/^cert\_/)) {
inputEl.checked = attestation ? inputEl.id === 'cert_mds' : false;
}
}
}
/**
* force https on load
* @returns {undefined}
*/
window.onload = function() {
if (location.protocol !== 'https:' && location.host !== 'localhost') {
location.href = location.href.replace('http', 'https');
}
}
</script>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>Change Password (<?php echo($username); ?>)</h4>
</div>
<div class="card-body">
<form action="passwd.php?update=true" method="post">
<div class="form-group">
<label for="password">Password:</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="form-group">
<label for="password">New Password:</label>
<input type="password" class="form-control" id="new_password1" name="new_password1" required>
</div>
<div class="form-group">
<label for="password">Repeat New Password:</label>
<input type="password" class="form-control" id="new_password2" name="new_password2" required>
</div>
<br>
<button type="submit" class="btn btn-primary btn-block">Update</button>
<br>
Or
<br>
<button type="button" class="btn btn-primary btn-block" onclick="createRegistration()">Add a passkey</button>
</form>
<br>
<!-- php code to verify password-->
<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//include db pw
include "../../../config.php";
// Retrieve user input
$password = $_POST["password"];
$new_password1=$_POST["new_password1"];
$new_password2=$_POST["new_password2"];
$hash=password_hash($new_password1, PASSWORD_BCRYPT);
// Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$stmt->close();
$conn->close();
// Check if the user exists and verify the password
if($new_password1===$new_password2){
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
if (password_verify($password, $row['password'])) {
//password correct update
// Create connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
// Check connection
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("UPDATE users set password = ? where username = ?");
$stmt->bind_param("ss", $hash, $username);
$stmt->execute();
$stmt->close();
$conn->close();
echo '<br><div class="alert alert-success" role="alert">
Information updated successfully!
</div>';
} else {
echo '<div class="alert alert-danger" role="alert">
Incorrect password.
</div>';
}
} else {
echo '<div class="alert alert-danger" role="alert">
Incorrect password.
</div>';
}
}else{
echo '<div class="alert alert-danger" role="alert">
New password does not match.
</div>';
}
}
?>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

71
server/app-code/system/secure_zone/php/perms_functions.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
//get perms string from post request (like a uzser creation form)
function get_perm_str(){
//ge tthe set permissions of the form
$p1 = isset($_POST["add_user"]);
$p2 = isset($_POST["delete_user"]);
$p3 = isset($_POST["view_log"]);
$p4 = isset($_POST["delete_log"]);
$p5 = isset($_POST["server_settings"]);
$p6 = isset($_POST["client_settings"]);
$p7 = isset( $_POST["database_settings"]);
$p8 = isset($_POST["add_clients"]);
$p9 = isset($_POST["delete_clients"]);
$p10 = isset($_POST["view_incidents"]);
$p11 = isset($_POST["manage_incidents"]);
//$p10 = "0";
//init the permission string
$perms_str="";
//copy the perms into permission string)
if($p1==1)
$perms_str.="1";
else
$perms_str.="0";
if($p2==1)
$perms_str.="1";
else
$perms_str.="0";
if($p3==1)
$perms_str.="1";
else
$perms_str.="0";
if($p4==1)
$perms_str.="1";
else
$perms_str.="0";
if($p5==1)
$perms_str.="1";
else
$perms_str.="0";
if($p6==1)
$perms_str.="1";
else
$perms_str.="0";
if($p7==1)
$perms_str.="1";
else
$perms_str.="0";
if($p8==1)
$perms_str.="1";
else
$perms_str.="0";
if($p9==1)
$perms_str.="1";
else
$perms_str.="0";
if($p10==1)
$perms_str.="1";
else
$perms_str.="0";
if($p11==1)
$perms_str.="1";
else
$perms_str.="0";
return $perms_str;
}
?>

167
server/app-code/system/secure_zone/php/profile.php Normal file
View File

@@ -0,0 +1,167 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
$telegram_id=$_SESSION["telegram_id"];
?>
<?php
//update the info, if provided.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//include db pw
include "../../../config.php";
$email=htmlspecialchars($_POST["email"]);
$username_new=htmlspecialchars($_POST["username"]);
$telegram_id=htmlspecialchars($_POST["telegram_id"]);
$pw_login=isset($_POST["pw_login"]);
$send_login_message=isset($_POST["send_login_message"]);
$use_2fa=isset($_POST["use_2fa"]);
// Create connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
// Check connection
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
$user_hex_id=bin2hex($username_new);
$stmt = $conn->prepare("UPDATE users set email = ?, username = ?, telegram_id = ?, allow_pw_login = ?, user_hex_id = ?, send_login_message = ?, use_2fa = ? where username = ?");
$stmt->bind_param("sssisiis", $email, $username_new,$telegram_id, $pw_login,$user_hex_id, $send_login_message, $use_2fa, $username);
$email=htmlspecialchars($_POST["email"]);
$username_new=htmlspecialchars($_POST["username"]);
$telegram_id=htmlspecialchars($_POST["telegram_id"]);
$stmt->execute();
$stmt->close();
$conn->close();
$username=$username_new;
$_SESSION["username"]=$username;
$_SESSION["email"]=$email;
$_SESSION["telegram_id"]=$telegram_id;
$_SESSION["allow_pw_login"]=$pw_login;
$_SESSION["send_login_message"]=$send_login_message;
$_SESSION["use_2fa"]=$use_2fa;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Profile</title>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>Your Profile (<?php echo($username); ?>)</h4>
</div>
<div class="card-body">
<form action="profile.php?update=true" method="post">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" class="form-control" id="username" name="username" value="<?php echo($username); ?>" required>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo($email); ?>" required>
</div>
<div class="form-group">
<label for="telegram_id">Telegram ID:</label>
<input type="text" class="form-control" id="telegram_id" name="telegram_id" value="<?php echo($telegram_id); ?>">
</div>
<div class="form-group">
<label for="perms">Permissions:
<a data-bs-target="#perms_help" data-bs-toggle="modal" href="#perms_help">?</a>
</label>
<input type="text" class="form-control" id="perms" name="perms" value="<?php echo($perms); ?>" readonly>
</div>
<div class="form-group">
<label for="pw_login">Allow password logins. (Please make shure you have a working passkey, if you disable this!)</label>
<?php
if($_SESSION["allow_pw_login"]==1){
echo("<input type='checkbox' id='pw_login' name='pw_login' checked>");
}else{
echo("<input type='checkbox' id='pw_login' name='pw_login'>");
}
?>
</div>
<br>
<div class="form-group">
<label for="send_login_message">Send you a Telegram message when somebody logs in to your account.</label>
<?php
if($_SESSION["send_login_message"]==1){
echo("<input type='checkbox' id='send_login_message' name='send_login_message' checked>");
}else{
echo("<input type='checkbox' id='send_login_message' name='send_login_message'>");
}
?>
</div>
<br>
<div class="form-group">
<label for="use_2fa">Send you a Telegram message with a pin which is additionally needed to log in. (2fa)</label>
<?php
if($_SESSION["use_2fa"]==1){
echo("<input type='checkbox' id='use_2fa' name='use_2fa' checked>");
}else{
echo("<input type='checkbox' id='use_2fa' name='use_2fa'>");
}
?>
</div>
<br>
<button type="submit" class="btn btn-primary btn-block">Update</button>
</form>
<?php
if(isset($_GET["update"])){
echo '<br><div class="alert alert-success" role="alert">
Information updated successfully!
</div>';
}
?>
</div>
</div>
</div>
<div class="modal fade" id="perms_help" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="false">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel">Permission Explanation</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
1 Add User<br>
1 Delete/list/manage users<br>
1 View Log<br>
1 Delete Log<br>
1 Server Settings<br>
1 Client Settings<br>
1 Database Settings<br>
1 Add Clients<br>
1 Client List (manage)<br>
1 View Incidents<br>
1 Manage Incidents<br>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

127
server/app-code/system/secure_zone/php/user_list.php Normal file
View File

@@ -0,0 +1,127 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
if($perms[1]!=="1"){
header("location:/system/insecure_zone/php/no_access.php");
$block=1;
exit();
}else{
$block=0;
}
//for the get_perms_str() function
include "perms_functions.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Change Password</title>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-12">
<div class="card">
<div class="card-header">
<h4>User list</h4>
</div>
<div class="card-body">
<!-- table with all users => delete button -->
<?php
//include db pw
include "../../../config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//delete user if requested
if(isset($_GET["delete"])){
$userid=htmlspecialchars($_GET["delete"]);
$sql = "DELETE FROM users WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $userid);
// Execute the statement
$stmt->execute();
$stmt->close();
}
//get count of users
$sql = "SELECT count(*) AS user_count FROM users";
$stmt = $conn->prepare($sql);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$num_of_users=$row["user_count"];
$stmt->close();
//now list of all the users => userid, username, email, perms, delete
// Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$last_id=-1;
//create the table header
echo('<table class="table">');
echo('<thead>');
echo('<tr>');
echo('<th>Userid</th><th>Username</th><th>Email</th><th>Permissions</th><th>Edit User</th><th>Delete user</th>');
echo('</tr>');
echo('</thead>');
echo('<tbody>');
while($num_of_users!=0){
$sql = "SELECT * FROM users where id > $last_id";
$stmt = $conn->prepare($sql);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$last_id=$row["id"];
$username=$row["username"];
$email=$row["email"];
$perms=$row["perms"];
if($last_id!=1){ //number 1 is the unauthenticated user
echo('<tr>');
echo('<td>'.$last_id.'</td>');
echo('<td>'.$username.'</td>');
echo('<td>'.$email.'</td>');
echo('<td>'.$perms.'</td>');
echo('<td><a href="manage_user.php?userid='.$last_id.'">manage</a></td>');
echo('<td><a href="user_list.php?delete='.$last_id.'">delete</a></td>');
echo('</tr>');
}
$stmt->close();
$num_of_users--;
}
echo('</tbody>');
echo('</table>');
$conn->close();
?>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

39
server/app-code/system/secure_zone/php/welcome.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
// Redirect to the login page or handle unauthorized access
header("Location: /login.php");
exit();
}
$username = $_SESSION['username'];
$perms = $_SESSION["perms"];
$email = $_SESSION["email"];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Cyberhex</title>
</head>
<body>
<br><br>
<div class="container-fluid">
<div class="row justify-content-center">
<div class="col-md-12">
<div class="card">
<div class="card-header">
<h4>Dashboard</h4>
</div>
<div class="card-body" style="overflow-x:auto">
</div>
</div>
</div>
</div>
</div>
</body>
</html>