index.php 8.45 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?php
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

   // Define skynet (to allow access to files)
   define('skynet', 1);

22
   // Load framework
23
   require '../app/vendor/autoload.php';
24
25

   // Load the configuration file
26
   require_once('../app/config.php');
27

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
   // Load ORM
   use Illuminate\Database\Capsule\Manager as Capsule;

   // Initiate ORM instance
   $sqlhdlr = new Capsule;

   $sqlhdlr->addConnection([
       'driver'    => 'mysql',
       'host'      => $skynet_dbHost,
       'database'  => $skynet_dbName,
       'username'  => $skynet_dbUser,
       'password'  => $skynet_dbPass,
       'charset'   => 'utf8',
       'collation' => 'utf8_unicode_ci',
       'prefix'    => '',
       ]);

   // Set the event dispatcher used by Eloquent models... (optional)
   use Illuminate\Events\Dispatcher;
   use Illuminate\Container\Container;
   $sqlhdlr->setEventDispatcher(new Dispatcher(new Container));

   // Make this Capsule instance available globally via static methods... (optional)
   $sqlhdlr->setAsGlobal();

   // Setup the Eloquent ORM... (optional; unless you've used setEventDispatcher())
   $sqlhdlr->bootEloquent();

56
   // Global array for Smarty data
57
   $smarty_data = array(
58
59
60
61
       'skynet_favicon' => $skynet_favicon,
       'skynet_stylesheet' => $skynet_stylesheet,
       'skynet_homepage' => $skynet_homepage,
       'skynet_version' => $skynet_version,
62
63
       'skynet_useCDN' => $skynet_useCDN,
       'skynet_bootstrap_root' => $skynet_bootstrap_root,
64
65
66
   );

   // Instantiate a slim instance
67
   $app = new \Slim\Slim(array(
68
69
70
71
72
73
74
      'view' => new \Slim\Views\Smarty(),
      'debug' => true,
      'log.enable' => true,
      'log.path' => 'logs/',
      'log.level' => 4,
      'mode' => 'development',
      'templates.path' => '../app/templates'
75
76
       ));
   
77
78
   // We want to use Smarty for templates, this sets up the necessary Smarty
   // configuration within Slim
79
   $view = $app->view();
80
   //$view->parserDirectory = $skynet_smarty_dir;
81
82
83
   $view->parserCompileDirectory = "$skynet_work_dir/templates_c";
   $view->parserCacheDirectory = "$skynet_work_dir/cache";
   $view->parserExtensions = array(
84
      '../app/libs',
85
86
   );

87
88
89
90
91
92
   $app->hook('slim.before', function () use ($app) {
      $app->view()->appendData(array('baseUrl' => '/index.php/'));
   });
   
   $isauthenticated = function( $role = 'user' ) {
      return function() use ( $role ) {
93
         // Globalize the phptodo variables needed
94
         global $skynet_sessTime, $skynet_serveruri, $smarty_data, $sqlhdlr;
95

96
97
         // Try and get the id, last time, and user id from the sessions
         // database
98
99
100
101
         $result = $sqlhdlr->table('sessions')
            ->select('id', 'last', 'user_id')
            ->where('phpsessid', '=', session_id())
            ->first();
102
103
104
105
106

         $id = $result['id'];
         $last = $result['last'];
         $user_id = $result['user_id'];

107

108
         // Check to see if an id was set, and if the time is valid
109
110
         if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
            // Good session, update the timestamp
111
112
113
            $sqlhdlr->table('sessions')
               ->where('id', '=', $id)
               ->update(array('last' => time()));
114

115
            // Create the user object
116
            $user_obj = new skynetUser($sqlhdlr, $user_id);
117
      
118
119
120
            // Assign the appropriate data to the smarty $smarty_data array
            $smarty_data['username'] = $user_obj->username();
            $smarty_data['adminflag'] = $user_obj->adminflag();
121

122
            if (get_magic_quotes_gpc()) {
123
               $smarty_data['fullname'] = stripslashes(htmlentities($user_obj->fullname(),
124
125
                                                         ENT_QUOTES));
            } else {
126
               $smarty_data['fullname'] = htmlentities($user_obj->fullname(),
127
128
                                                         ENT_QUOTES);
            }
129

130
131
            return($user_obj);
         } else {
132
133
            // If a guest role, then bypass the login redirect
            if ($role == 'guest') {
134
               $smarty_data['username'] = 'guest';
135
136
137
               return;
            }

138
139
140
            // Return a 0 to indicate that authentication was not successful
            $app = \Slim\Slim::getInstance();
            $app->flash('error', 'Login required');
141
            $app->redirect('/login');
142
143
144
145
146
         }
      
         // Return a 0 to indicate that authentication was not successful
         $app = \Slim\Slim::getInstance();
         $app->flash('error', 'Login required');
147
         $app->redirect('/login');
148
149
150
151
152
      };
   };

   // GET route
   $app->get('/', $isauthenticated(), function () use ($app) {
153
      global $smarty_data;
154
155
   
      prep_smarty($app);
156
      $app->render('main.tpl', $smarty_data);
157
158
159
   
   });

160
161
162
   // Login routine
   // TODO: Add a redirect here for users already logged in
   $app->get('/login', function () use ($app) {
163
      global $smarty_data;
164

165
      prep_smarty($app);   
166
      $app->render('login.tpl', $smarty_data);
167
168
169
   
   });

170
171
   // Login routine
   $app->post('/login', function () use ($app) {
172

173
174
175
      // Some global variables
      $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
      $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
176

177
178
179
180
181
182
183
184
185
186
187
188
189
      // Check to see if this is a login attempt
      if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
         if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
             preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
            $authenticated = login($_REQUEST['username'], $_REQUEST['password']);
         } else {
            $app->flash('error', 'Invalid Username or Password');
            $app->redirect('/login');
         }
      } else {
         $app->flash('error', 'Username or Password missing');
         $app->redirect('/login');
      }
190

191
192
193
194
195
196
197
198
199
      // If the user is authenticated, jump them to the main page
      if ((isset($authenticated) && ($authenticated == 1)) ||
          ($user_obj = authenticate())) {
         if (isset($_SESSION['redirect'])) {
            $app->redirect($_SESSION['redirect']);
         } else {
            $app->redirect('/');
         }
         unset($_SESSION['redirect']);
200
   
201
202
203
204
205
      // Otherwise show the login page
      } else {
         $app->flash('error', 'Invalid Username or Password');
         $app->redirect('/login');
      }
206

207
208
      $app->flash('error', 'Critical Failure');
      $app->redirect('/login');
209

210
   });
211

212
213
   // Login routine
   $app->get('/logout', function () use ($app) {
214

215
216
217
218
219
220
      logout();
      
      $app->flash('success', 'Logout successful');
      $app->redirect('/login');
   
   });
221

222
223
224
225
226
227
228
229
230
231
232
   // Reports page
   $app->get('/reports', $isauthenticated(), function () use ($app) {
      global $smarty_data;
   
      prep_smarty($app);

      $app->render('reports.tpl', $smarty_data);
   
   });

   // About Page
233
   $app->get('/about', $isauthenticated('guest'), function () use ($app) {
234
      global $smarty_data;
235
236
   
      prep_smarty($app);
237

238
      $app->render('about.tpl', $smarty_data);
239
240
241
242
   
   });

   $app->run();
243

244
245
246
247
248
249
250
251
252
253
254
   // Loads the whitespace_control filter for handling comments within the
   // Smarty templates
   function prep_smarty($app) {
      global $skynet_debug;

      $smarty = $app->view()->getInstance();
      $smarty->loadFilter("pre", 'whitespace_control');
      $smarty->debugging = $skynet_debug;
   }

?>