index.php

<?php
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

   // Define skynet (to allow access to files)
   define('skynet', 1);

   // Load framework
   require 'vendor/autoload.php';

   // Load the configuration file
   require_once("config.php");

   // Global array for Smarty data
   $data = array(
       'skynet_favicon' => $skynet_favicon,
       'skynet_stylesheet' => $skynet_stylesheet,
       'skynet_homepage' => $skynet_homepage,
       'skynet_version' => $skynet_version,
   );

   // Connect to the database server
   $sqlhdlr = new mysqli($skynet_dbHost,  $skynet_dbUser,  $skynet_dbPass,
                         $skynet_dbName);
   
   // Make sure we have a connection
   // TODO : This should be slimified (whatever that means)
   if (mysqli_connect_errno()) {
      die( '<p>Unable to connect to the database server at this time: ' .
            mysqli_connect_error() . ' </p>' );      
   }

   // Instantiate a slim instance
   $app = new \Slim\Slim(array(
       'view' => new \Slim\Views\Smarty(),
       'debug' => true,
       'log.enable' => true,
       'log.path' => 'logs/',
       'log.level' => 4,
       'mode' => 'development'
       ));
   
   // We want to use Smarty for templates, this sets up the necessary Smarty
   // configuration within Slim
   $view = $app->view();
   $view->parserDirectory = $skynet_smarty_dir;
   $view->parserCompileDirectory = "$skynet_work_dir/templates_c";
   $view->parserCacheDirectory = "$skynet_work_dir/cache";
   $view->parserExtensions = array(
      dirname(__FILE__) . '/libs',
   );

   $app->hook('slim.before', function () use ($app) {
      $app->view()->appendData(array('baseUrl' => '/index.php/'));
   });
   
   $isauthenticated = function( $role = 'user' ) {
      return function() use ( $role ) {
         // Globalize the phptodo variables needed
         global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
                $skynet_sessTime, $skynet_serveruri, $sqlhdlr, $data;

         // Try and get the id, last time, and user id from the sessions
         // database
         $query = sprintf('SELECT id, last, user_id FROM sessions WHERE ' .
                          'phpsessid = "%s"', session_id());

         if ($result = $sqlhdlr->query($query)) {
            list($id, $last, $user_id) = $result->fetch_array();
            $result->close();
         } else {
            die( 'Error: ' . $sqlhdlr->error );
         }

         // Check to see if an id was set, and if the time is valid
         if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
            // Good session, update the timestamp
            $query = sprintf("UPDATE sessions SET last = %d WHERE id = %d",
                             time(), $id);
      
            $sqlhdlr->query($query) or die( 'Error: ' . $sqlhdlr->error );
      
            // Create the user object
            $user_obj = new skynetUser($skynet_dbHost, $skynet_dbUser,
                                       $skynet_dbPass, $skynet_dbName,
                                       $user_id);
      
            // Assign the appropriate data to the smarty $data array
            $data['username'] = $user_obj->username();
            $data['adminflag'] = $user_obj->adminflag();

            if (get_magic_quotes_gpc()) {
               $data['fullname'] = stripslashes(htmlentities($user_obj->fullname(),
                                                         ENT_QUOTES));
            } else {
               $data['fullname'] = htmlentities($user_obj->fullname(),
                                                         ENT_QUOTES);
            }

            return($user_obj);
         } else {
            // If a guest role, then bypass the login redirect
            if ($role == 'guest') {
               $data['username'] = 'guest';
               return;
            }

            // Return a 0 to indicate that authentication was not successful
            $app = \Slim\Slim::getInstance();
            $app->flash('error', 'Login required');
            $app->redirect('/login');
         }
      
         // Return a 0 to indicate that authentication was not successful
         $app = \Slim\Slim::getInstance();
         $app->flash('error', 'Login required');
         $app->redirect('/login');
      };
   };

   // GET route
   $app->get('/', $isauthenticated(), function () use ($app) {
      global $data;
   
      prep_smarty($app);
      $app->render('main.tpl', $data);
   
   });

   // Login routine
   // TODO: Add a redirect here for users already logged in
   $app->get('/login', function () use ($app) {
      global $data;

      prep_smarty($app);   
      $app->render('login.tpl', $data);
   
   });

   // Login routine
   $app->post('/login', function () use ($app) {

      // Some global variables
      $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
      $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';

      // Check to see if this is a login attempt
      if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
         if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
             preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
            $authenticated = login($_REQUEST['username'], $_REQUEST['password']);
         } else {
            $app->flash('error', 'Invalid Username or Password');
            $app->redirect('/login');
         }
      } else {
         $app->flash('error', 'Username or Password missing');
         $app->redirect('/login');
      }

      // If the user is authenticated, jump them to the main page
      if ((isset($authenticated) && ($authenticated == 1)) ||
          ($user_obj = authenticate())) {
         if (isset($_SESSION['redirect'])) {
            $app->redirect($_SESSION['redirect']);
         } else {
            $app->redirect('/');
         }
         unset($_SESSION['redirect']);
   
      // Otherwise show the login page
      } else {
         $app->flash('error', 'Invalid Username or Password');
         $app->redirect('/login');
      }

      $app->flash('error', 'Critical Failure');
      $app->redirect('/login');

   });

   // Login routine
   $app->get('/logout', function () use ($app) {

      logout();
      
      $app->flash('success', 'Logout successful');
      $app->redirect('/login');
   
   });

   // GET route
   $app->get('/about', $isauthenticated('guest'), function () use ($app) {
      global $data;
   
      prep_smarty($app);

      $app->render('about.tpl', $data);
   
   });

   $app->run();

   $sqlhdlr->close();


   // Loads the whitespace_control filter for handling comments within the
   // Smarty templates
   function prep_smarty($app) {
      global $skynet_debug;

      $smarty = $app->view()->getInstance();
      $smarty->loadFilter("pre", 'whitespace_control');
      $smarty->debugging = $skynet_debug;
   }

?>