index.php 7.95 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?php
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

   // Define skynet (to allow access to files)
   define('skynet', 1);

22
23
   // Load framework
   require 'vendor/autoload.php';
24
25
26
27

   // Load the configuration file
   require_once("config.php");

28
29
30
31
32
33
34
35
   // Global array for Smarty data
   $data = array(
       'skynet_favicon' => $skynet_favicon,
       'skynet_stylesheet' => $skynet_stylesheet,
       'skynet_homepage' => $skynet_homepage,
       'skynet_version' => $skynet_version,
   );

36
37
38
39
40
   // Connect to the database server
   $sqlhdlr = new mysqli($skynet_dbHost,  $skynet_dbUser,  $skynet_dbPass,
                         $skynet_dbName);
   
   // Make sure we have a connection
41
   // TODO : This should be slimified (whatever that means)
42
43
44
45
46
   if (mysqli_connect_errno()) {
      die( '<p>Unable to connect to the database server at this time: ' .
            mysqli_connect_error() . ' </p>' );      
   }

47
   // Instantiate a slim instance
48
49
50
51
52
53
54
55
56
   $app = new \Slim\Slim(array(
       'view' => new \Slim\Views\Smarty(),
       'debug' => true,
       'log.enable' => true,
       'log.path' => 'logs/',
       'log.level' => 4,
       'mode' => 'development'
       ));
   
57
58
   // We want to use Smarty for templates, this sets up the necessary Smarty
   // configuration within Slim
59
60
61
62
63
64
65
66
   $view = $app->view();
   $view->parserDirectory = $skynet_smarty_dir;
   $view->parserCompileDirectory = "$skynet_work_dir/templates_c";
   $view->parserCacheDirectory = "$skynet_work_dir/cache";
   $view->parserExtensions = array(
      dirname(__FILE__) . '/libs',
   );

67
68
69
70
71
72
   $app->hook('slim.before', function () use ($app) {
      $app->view()->appendData(array('baseUrl' => '/index.php/'));
   });
   
   $isauthenticated = function( $role = 'user' ) {
      return function() use ( $role ) {
73
74
         // Globalize the phptodo variables needed
         global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
75
                $skynet_sessTime, $skynet_serveruri, $sqlhdlr, $data;
76

77
78
         // Try and get the id, last time, and user id from the sessions
         // database
79
80
81
82
83
84
85
86
87
88
         $query = sprintf('SELECT id, last, user_id FROM sessions WHERE ' .
                          'phpsessid = "%s"', session_id());

         if ($result = $sqlhdlr->query($query)) {
            list($id, $last, $user_id) = $result->fetch_array();
            $result->close();
         } else {
            die( 'Error: ' . $sqlhdlr->error );
         }

89
         // Check to see if an id was set, and if the time is valid
90
91
         if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
            // Good session, update the timestamp
92
93
            $query = sprintf("UPDATE sessions SET last = %d WHERE id = %d",
                             time(), $id);
94
95
96
97
98
      
            $sqlhdlr->query($query) or die( 'Error: ' . $sqlhdlr->error );
      
            // Create the user object
            $user_obj = new skynetUser($skynet_dbHost, $skynet_dbUser,
99
100
                                       $skynet_dbPass, $skynet_dbName,
                                       $user_id);
101
      
102
            // Assign the appropriate data to the smarty $data array
103
104
            $data['username'] = $user_obj->username();
            $data['adminflag'] = $user_obj->adminflag();
105

106
107
108
109
110
111
112
            if (get_magic_quotes_gpc()) {
               $data['fullname'] = stripslashes(htmlentities($user_obj->fullname(),
                                                         ENT_QUOTES));
            } else {
               $data['fullname'] = htmlentities($user_obj->fullname(),
                                                         ENT_QUOTES);
            }
113

114
115
            return($user_obj);
         } else {
116
117
118
119
120
121
            // If a guest role, then bypass the login redirect
            if ($role == 'guest') {
               $data['username'] = 'guest';
               return;
            }

122
123
124
            // Return a 0 to indicate that authentication was not successful
            $app = \Slim\Slim::getInstance();
            $app->flash('error', 'Login required');
125
            $app->redirect('/login');
126
127
128
129
130
         }
      
         // Return a 0 to indicate that authentication was not successful
         $app = \Slim\Slim::getInstance();
         $app->flash('error', 'Login required');
131
         $app->redirect('/login');
132
133
134
135
136
137
138
139
      };
   };

   // GET route
   $app->get('/', $isauthenticated(), function () use ($app) {
      global $data;
   
      prep_smarty($app);
140
      $app->render('main.tpl', $data);
141
142
143
   
   });

144
145
146
   // Login routine
   // TODO: Add a redirect here for users already logged in
   $app->get('/login', function () use ($app) {
147
      global $data;
148

149
      prep_smarty($app);   
150
      $app->render('login.tpl', $data);
151
152
153
   
   });

154
155
   // Login routine
   $app->post('/login', function () use ($app) {
156

157
158
159
      // Some global variables
      $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
      $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
160

161
162
163
164
165
166
167
168
169
170
171
172
173
      // Check to see if this is a login attempt
      if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
         if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
             preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
            $authenticated = login($_REQUEST['username'], $_REQUEST['password']);
         } else {
            $app->flash('error', 'Invalid Username or Password');
            $app->redirect('/login');
         }
      } else {
         $app->flash('error', 'Username or Password missing');
         $app->redirect('/login');
      }
174

175
176
177
178
179
180
181
182
183
      // If the user is authenticated, jump them to the main page
      if ((isset($authenticated) && ($authenticated == 1)) ||
          ($user_obj = authenticate())) {
         if (isset($_SESSION['redirect'])) {
            $app->redirect($_SESSION['redirect']);
         } else {
            $app->redirect('/');
         }
         unset($_SESSION['redirect']);
184
   
185
186
187
188
189
      // Otherwise show the login page
      } else {
         $app->flash('error', 'Invalid Username or Password');
         $app->redirect('/login');
      }
190

191
192
      $app->flash('error', 'Critical Failure');
      $app->redirect('/login');
193

194
   });
195

196
197
   // Login routine
   $app->get('/logout', function () use ($app) {
198

199
200
201
202
203
204
      logout();
      
      $app->flash('success', 'Logout successful');
      $app->redirect('/login');
   
   });
205

206
207
208
209
210
   // GET route
   $app->get('/about', $isauthenticated('guest'), function () use ($app) {
      global $data;
   
      prep_smarty($app);
211

212
213
214
215
216
      $app->render('about.tpl', $data);
   
   });

   $app->run();
217
218
219

   $sqlhdlr->close();

220
221
222
223
224
225
226
227
228
229
230
231

   // Loads the whitespace_control filter for handling comments within the
   // Smarty templates
   function prep_smarty($app) {
      global $skynet_debug;

      $smarty = $app->view()->getInstance();
      $smarty->loadFilter("pre", 'whitespace_control');
      $smarty->debugging = $skynet_debug;
   }

?>