sec_check.php 5.64 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

// Use a unique session name (ignored if session.auto_start is set to true)
session_name('skynet');

// Start the php session
session_start();

function login($username, $password) {
   // Globalize the phptodo variables needed
27
   global $skynet_sessTime, $app;
28
          
29
   // Create user class
30
   $user_obj = new skynetUser($app->db, -1, $username, $password, true);
31
32
33
34
35
36
37

   if ($user_obj->logged_in()) {
      // Regenerate the session ID (security enhancement)
      session_regenerate_id();

      // Insert the user_id into the sessions database along with the
      // session ID and the current time
38
      $app->db->table('sessions')
39
40
41
42
43
44
         ->insert(array(
            'phpsessid' => session_id(),
            'user_id' => $user_obj->user_id(),
            'last' => time()
         ));

45
46
      // Clean up any old sessions that have timed out

47
      $app->db->table('sessions')
48
49
50
         ->where('last', '<', time() - $skynet_sessTime)
         ->delete();

51
52
53
54
55
56
57
58
59
60
61
62
63
64
      // Return 1 indicating a successful login
      return 1;
   } else {
      // Return 0 indicating a login failure
      return 0;
   }

   // This code should never be executed
   // Return 0 indicating a login failure
   return 0;
}

function authenticate() {
   // Globalize the phptodo variables needed
65
   global $skynet_sessTime, $app, $smarty_data;
66

67
   // Try and get the id, last time, and user if from the sessions database
68
   $results = $app->db->table('sessions')
69
70
71
      ->select('id', 'last', 'user_id')
      ->where('phpsessid', session_id())
      ->first();
72

73
74
75
   $id = $results['id'];
   $last = $results['last'];
   $user_id = $results['user_id'];
76
77
78
79

   // Check to see if an id was set, and if the time is good
   if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
      // Good session, update the timestamp
80
      $app->db->table('sessions')
81
82
83
84
         ->where('id', $id)
         ->update(array(
            'last', time()
         ));
85
86

      // Create the user object
87
      $user_obj = new skynetUser($app->db, $user_id);
88
89

      // Assign the username to the smarty template
90
91
      $smarty_data['username'] = $user_obj->username();
      $smarty_data['adminflag'] = $user_obj->adminflag();
92
      if (get_magic_quotes_gpc()) {
93
94
         $smarty_data['fullname'] =
            stripslashes(htmlentities($user_obj->fullname(), ENT_QUOTES));
95
      } else {
96
97
         $smarty_data['fullname'] =
            htmlentities($user_obj->fullname(), ENT_QUOTES);
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
      }

      return($user_obj);
   } else {
      // Return a 0 to indicate that authentication was not successful
      return 0;
   }

   // This code should never be executed
   return 0;
}

function feed_authenticate($user_id, $feed_id, $secret) {
   // Globalize the phptodo variables needed
   global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
113
          $skynet_sessTime, $app;
114
115
116
117
118
119
120

   // Create the skynetFeed object
   $feed = new skynetFeed($skynet_dbHost, $skynet_dbUser, $skynet_dbPass,
                           $skynet_dbName, $user_id, $feed_id);

   if ($feed->secret() == $secret) {
      // Create the user object
121
      $user_obj = new skynetUser($app->db, $user_id);
122
123
124
125
126
127
128
129
130
131
132
133

      return Array($feed, $user_obj);
   } else {
      // Return a 0 to indicate that authentication was not successful
      return 0;
   }

   // This code should never be executed
   return 0;
}

function logout() {
134
135
   global $app;

136
   // Try and get the id, last time, and user if from the sessions database
137
   $app->db->table('sessions')
138
139
140
      ->where('phpsessid', session_id())
      ->delete();

141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
   return(1);
}

// This function redirects the user to the login page
function login_redirect() {
   foreach ($_REQUEST as $varname => $varvalue) {
      if (! isset($_COOKIE["$varname"])) {
         if (get_magic_quotes_gpc()) {
            $varvalue = stripslashes($varvalue);
         }

         if (isset($redirect)) {
            $redirect .= "&$varname=" . urlencode($varvalue);
         } else {
            $redirect = basename($_SERVER['PHP_SELF']) . "?$varname=" .
                        urlencode($varvalue);
         }
      }
   }

   global $skynet_serveruri;

   $_SESSION['redirect'] = $skynet_serveruri . dirname($_SERVER['PHP_SELF']) .
                           '/';

   if (isset($redirect)) {
       $_SESSION['redirect'] .= $redirect;
   }

   header('Location: ' . $skynet_serveruri .
          join_paths(dirname($_SERVER['PHP_SELF']), '/index.php'));
}

?>