Commit 683f1f4a authored by Jason Frisvold's avatar Jason Frisvold
Browse files

- Initial code for front end (borrowed from phpTodo codebase)

parent cf11b96b
<?php
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
// Define skynet (to allow access to files)
define('skynet', 1);
// Define usesmarty (to indicate that config needs to load smarty)
define('usesmarty', 1);
// Load the configuration file
require_once("config.php");
// Connect to the database server
$sqlhdlr = new mysqli($skynet_dbHost, $skynet_dbUser, $skynet_dbPass,
$skynet_dbName);
// Make sure we have a connection
if (mysqli_connect_errno()) {
die( '<p>Unable to connect to the database server at this time: ' .
mysqli_connect_error() . ' </p>' );
}
// If the user is not authenticated, jump them to the home page
if (! $user_obj = authenticate()) {
$smarty->assign('username', 'guest');
}
// Close the SQL Handler
$sqlhdlr->close();
$smarty->display('about.tpl');
?>
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
// The work directory contains all of the private
// smarty data. This directory should be below the
// httpd root
$skynet_work_dir = '/path/to/smarty/workspace';
// The http directory is the first level directory
// where the skynet distribution was uncompressed
$skynet_http_dir = '/path/to/skynet/html';
// The smarty directory is the location of the Smarty.class.php file
$skynet_smarty_dir = '/path/to/smarty';
// This is the default stylesheet used by skynet
// The location of the stylesheet is relative to
// the http directory
$skynet_stylesheet = 'css/default.css';
// This is the favicon for the skynet application
$skynet_favicon = 'images/skynet-favicon.ico';
// This is the name of the skynet database
$skynet_dbName = 'skynet';
// This is the location of the database server
$skynet_dbHost = 'localhost';
// This is the login name for the database
$skynet_dbUser = 'skynet';
// This is the password for the database
$skynet_dbPass = 'cloud';
// Force HTTPS?
// You should ensure that HTTPS work prior to setting this parameter
$skynet_forceHTTPS = false;
// Default session time (in seconds)
$skynet_sessTime = 6000;
// Default number of records per page to display
// on the overview screen
$skynet_rpp = 15;
// If you have a Google API key, uncomment the following line and enter the
// key. This will cause skynet to use Google to load the AJAX libraries
// (This is often a speed boost for users)
//$skynet_Google_APIKey = '';
/* You should not need to change anything below */
// skynet Version
$skynet_version = '1.0 Beta';
// Debug Flag
$skynet_debug = true;
// AJAX Library Versions
$skynet_AJAX_jquery_version = '1.7.2';
$skynet_AJAX_jqueryui_version = '1.8.18';
$skynet_AJAX_jqueryui_theme = 'smoothness';
// skynet homepage
$skynet_homepage = 'http://phptodo.godshell.com';
// If there is a smarty instance, set the proper variables
if (defined('usesmarty')) {
// Set up smarty
include($skynet_smarty_dir . 'Smarty.class.php');
$smarty = new Smarty;
// Smarty directories
$smarty->template_dir = "$skynet_http_dir/templates";
$smarty->compile_dir = "$skynet_work_dir/templates_c";
$smarty->cache_dir = "$skynet_work_dir/cache";
$smarty->config_dir = "$skynet_work_dir/config";
// Load whitespace pre-filter for Smarty
$smarty->addPluginsDir($skynet_http_dir . '/libs/');
$smarty->loadFilter("pre", 'whitespace_control');
// Debug
$smarty->debugging = $skynet_debug;
// Assign the stylesheet and favicon to smarty
$smarty->assign('skynet_stylesheet', $skynet_stylesheet);
$smarty->assign('skynet_favicon', $skynet_favicon);
$smarty->assign('skynet_AJAX_jquery_version', $skynet_AJAX_jquery_version);
$smarty->assign('skynet_AJAX_jqueryui_version', $skynet_AJAX_jqueryui_version);
$smarty->assign('skynet_AJAX_jqueryui_theme', $skynet_AJAX_jqueryui_theme);
// Assign the Google API Key if set
if (isset($skynet_Google_APIKey)) {
$smarty->assign('skynet_Google_APIKey', $skynet_Google_APIKey);
}
// Assign the version number to smarty
$smarty->assign('skynet_version', $skynet_version);
// Assign the homepage to smarty
$smarty->assign('skynet_homepage', $skynet_homepage);
}
// Determine the script path
$skynet_serverpath = preg_replace('/' . basename($_SERVER['PHP_SELF']) . '/',
'', $_SERVER['PHP_SELF']);
// Redirect to HTTPS if necessary
if (($skynet_forceHTTPS == true) &&
(empty($_SERVER['HTTPS']) || ($_SERVER['HTTPS'] == 'off'))) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
exit;
}
// Determine the protocol, port, and server name
if (isset($_SERVER['HTTPS'])) {
if ($_SERVER['SERVER_PORT'] == 443) {
$skynet_serveruri = 'https://' . $_SERVER['HTTP_HOST'];
} else {
$skynet_serveruri = 'https://' . $_SERVER['HTTP_HOST'] . ':' .
$_SERVER['SERVER_PORT'];
}
} else {
if ($_SERVER['SERVER_PORT'] == 80) {
$skynet_serveruri = 'http://' . $_SERVER['HTTP_HOST'];
} else {
$skynet_serveruri = 'http://' . $_SERVER['HTTP_HOST'] . ':' .
$_SERVER['SERVER_PORT'];
}
}
// Force session IDs to be cookie based only
ini_set('session.use_only_cookies', TRUE);
// Disable transparent session IDs (avoid session ID leaking)
ini_set('session.use_trans_sid', FALSE);
// Security and user object libraries
require_once('libs/sec_check.php');
require_once('libs/skynetUser.php');
require_once('libs/funcs.php');
?>
/* Skynet - Automated "Cloud" Security Scanner *}
{* Copyright (C) 2014 Jason Frisvold <friz@godshell.com> *}
{* *}
{* This program is free software; you can redistribute it and/or modify *}
{* it under the terms of the GNU General Public License as published by *}
{* the Free Software Foundation; either version 2 of the License, or *}
{* (at your option) any later version. *}
{* *}
{* This program is distributed in the hope that it will be useful, *}
{* but WITHOUT ANY WARRANTY; without even the implied warranty of *}
{* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *}
{* GNU General Public License for more details. *}
{* *}
{* You should have received a copy of the GNU General Public License *}
{* along with this program; if not, write to the Free Software *}
{* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
/* Standard body element */
body { margin-left: 20px; margin-right: 20px; color: black; background-color: #dddddd; }
/* Header elements */
h1 { text-align: center; font-size: large; margin: 10px; }
h3 { text-align: center; font-size: medium; text-decoration: underline; margin: 10px; }
h3.alert { color: red; font-size: large; font-weight: bold; text-align: center; }
/* Span elements */
span { color: black; font-size: medium; }
span.small { color: black; font-size: small; }
span.tiny { color: black; font-size: x-small; }
.fakelinktiny { color: blue; cursor: pointer; font-size: x-small; }
/* Table elements */
table,th,thead,tbody,tr,td { padding: 5px; }
table { text-align: center; border: none; margin-left: auto; margin-right: auto; border-collapse: collapse; white-space: nowrap; }
table.naked { border: none; text-align: left; margin-left: auto; margin-right: auto; }
th { border: medium solid; text-align: center; vertical-align: middle; }
td.navigate { border: none; text-align: right; vertical-align: middle; }
tr.odd { border: thin solid; color: black; background-color: #c5c5c5; }
tr.even { border: thin solid; color: black; }
/* Division elements */
div.centered { text-align: center; }
div.header { }
div.searchbox { position: absolute; right: 0px; top: -25px; }
div.footer { clear: both; text-align: center; }
div.gpl { width: 80%; margin-left: 10%; margin-right: 10%; }
/* Link Elements */
:link { color: blue; background-color: transparent; }
:visited { color: blue; background-color: transparent; }
/* Image Elements */
img { border: none; }
img.w3c { border: none; width:88px; height:31px; }
/* Slider Elements */
#priority_slider { width: 250px; }
.ui-slider { position: relative; text-align: left; width: 20px;}
.ui-slider .ui-slider-handle { position: absolute; z-index: 2; height: 20px; cursor: default; }
.ui-slider .ui-slider-range { position: absolute; z-index: 1; font-size: .7em; display: block; border: 0; background-position: 0 0; }
/* "Other" elements */
hr.onethird { width: 33%; }
dd { line-height: 1.5em; margin-bottom: 1em; }
p.copyright { color: black; font-size: small; font-weight: normal; margin: 2px; }
.formdiv { width: 75%; margin: auto; }
.formlabel { float: left; width: 15%; }
.formrow { clear: both; margin-bottom: 5px; }
.forminput { margin-left: 150px; }
.forminput input, .forminput textarea { width: 99%; }
.formblock { width: 33%; float: left; min-height: 50px; }
#form_buttons { float: left; }
.error { border: 5px solid #FF0000; }
\ No newline at end of file
/* Skynet - Automated "Cloud" Security Scanner *}
{* Copyright (C) 2014 Jason Frisvold <friz@godshell.com> *}
{* *}
{* This program is free software; you can redistribute it and/or modify *}
{* it under the terms of the GNU General Public License as published by *}
{* the Free Software Foundation; either version 2 of the License, or *}
{* (at your option) any later version. *}
{* *}
{* This program is distributed in the hope that it will be useful, *}
{* but WITHOUT ANY WARRANTY; without even the implied warranty of *}
{* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *}
{* GNU General Public License for more details. *}
{* *}
{* You should have received a copy of the GNU General Public License *}
{* along with this program; if not, write to the Free Software *}
{* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
/* http://meyerweb.com/eric/tools/css/reset/
v2.0 | 20110126
License: none (public domain)
*/
html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, cite, code,
del, dfn, em, img, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,
b, u, i, center,
dl, dt, dd, ol, ul, li,
fieldset, form, label, legend,
table, caption, tbody, tfoot, thead, tr, th, td,
article, aside, canvas, details, embed,
figure, figcaption, footer, header, hgroup,
menu, nav, output, ruby, section, summary,
time, mark, audio, video {
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
vertical-align: baseline;
}
/* HTML5 display-role reset for older browsers */
article, aside, details, figcaption, figure,
footer, header, hgroup, menu, nav, section {
display: block;
}
body {
line-height: 1;
}
ol, ul {
list-style: none;
}
blockquote, q {
quotes: none;
}
blockquote:before, blockquote:after,
q:before, q:after {
content: '';
content: none;
}
table {
border-collapse: collapse;
border-spacing: 0;
}
\ No newline at end of file
<?php
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
// Define skynet (to allow access to files)
define('skynet', 1);
// Define usesmarty (to indicate that config needs to load smarty)
define('usesmarty', 1);
// Load the configuration file
require_once("config.php");
// Connect to the database server
$sqlhdlr = new mysqli($skynet_dbHost, $skynet_dbUser, $skynet_dbPass,
$skynet_dbName);
// Make sure we have a connection
if (mysqli_connect_errno()) {
die( '<p>Unable to connect to the database server at this time: ' .
mysqli_connect_error() . ' </p>' );
}
// Some global variables
$skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
$skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
// Check to see if this is a login attempt
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
$authenticated = login($_REQUEST['username'], $_REQUEST['password']);
} else {
$authenticated = 0;
}
}
// If the user is authenticated, jump them to the main page
if ((isset($authenticated) && ($authenticated == 1)) ||
($user_obj = authenticate())) {
if (isset($_SESSION['redirect'])) {
header('Location: ' . $_SESSION['redirect']);
} else {
//header('Location: ' . $skynet_serveruri .
// dirname($_SERVER['PHP_SELF']) . '/main.php');
header('Location: ' . $skynet_serveruri .
join_paths(dirname($_SERVER['PHP_SELF']), '/main.php'));
}
unset($_SESSION['redirect']);
// Otherwise show the login page
} else {
// If the previous attempt was a failure, show it properly
if (isset($authenticated) && ($authenticated == 0)) {
$smarty->assign('failed', 1);
}
// Display the template
$smarty->display('index.tpl');
}
$sqlhdlr->close();
?>
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
/**
* Join multiple paths together into a single path
* Reference : https://stackoverflow.com/questions/1091107/how-to-join-filesystem-path-strings-in-php
*/
function join_paths() {
$paths = array();
foreach (func_get_args() as $arg) {
if ($arg !== '') { $paths[] = $arg; }
}
return preg_replace('#/+#','/',join('/', $paths));
}
?>
\ No newline at end of file
<?php
/**
* Smarty Whitespace Control
*
* {-tag} remove white space infront of tag up to the previous non-whitespace character or beginning of the line
* "text \n\n\t {-tag}" -> "text \n\n{tag}"
* "text \n\n\t text\t {-tag}" -> "text \n\n\t text{tag}"
* {--tag} remove white space infront of tag up to the previous non-whitespace character
* "text \n\n\t {--tag}" -> "text{tag}"
* "text \n\n\t text\t {--tag}" -> "text \n\n\t text{tag}"
* {+-tag}
* {-+tag} replace white space infront of tag up to the previous non-whitespace character by a single line-break
* "text \n\n\t {-+tag}" -> "text\n{tag}"
* "text \n\n\t text\t {-+tag}" -> "text \n\n\t text\n{tag}"
*
* {tag-} remove white space after tag up to the next non-whitespace character or end of the line
* "{tag-} \n\n\t text" -> "{tag}\n\n\t text"
* "{tag-} text \n\n\t text" -> "{tag}text \n\n\t text"
* {tag--} remove white space after tag up to the next non-whitespace character
* "{tag--} \n\n\t text" -> "{tag}text"
* "{tag--} text \n\n\t text" -> "{tag}text \n\n\t text"
* {tag+-}
* {tag-+} replace white space after tag up to the next non-whitespace character by a single line-break
* "{tag-+} \n\n\t text" -> "{tag}\n\ntext"
* "{tag-+} text \n\n\t text" -> "{tag}\n\ntext \n\n\t text"
*
* {tag+} replace white space after tag up to the end of the line with an additional line-break
* "{tag+} \n\t text" -> "{tag}\n\n\t text"
* "{tag+} text \n\n\t text" -> "{tag}\n\ntext \n\n\t text"
*
* Any combination of the above, say {--tag+} is possible. Any + modifiers are executed before - modifiers, so
* "{tag+-}{--tag}" will lead to "{tag}{tag}"
*
* NOTE: {tag+} and {tag-+} cause two trailing \n. This is done because PHP itself throws away the first \n.
* So \n\n in the template will lead to \n in the output
*
* @param string $string raw template source
* @param Smarty_Internal_Template $template Template instance
* @return string raw template source after whitespace control was applied
* @author Rodney Rehm
*/
function smarty_prefilter_whitespace_control($string, Smarty_Internal_Template $template) {
$ldelim = $template->smarty->left_delimiter;
$rdelim = $template->smarty->right_delimiter;
$_ldelim = preg_quote($ldelim);
$_rdelim = preg_quote($rdelim);
// remove preceeding whitepsace preserving a single line-break
$string = preg_replace('#\s*'. $_ldelim .'(?:-\+|\+-)#', "\n" . $ldelim, $string);
// remove trailing whitespace preserving s single line-break
$string = preg_replace('#(?:\+-|-\+)'. $_rdelim .'\s*#', $rdelim . "\n\n", $string);
// remove preceeding whitepsace
$string = preg_replace('#\s*'. $_ldelim .'--|[^\S\r\n]*'. $_ldelim .'-#', $ldelim, $string);
// remove trailing whitespace
$string = preg_replace('#--'. $_rdelim .'\s*|-'. $_rdelim .'[^\S\r\n]*#', $rdelim, $string);
// force trailing line-break
$string = preg_replace('#\+'. $_rdelim .'(?:\s*[\r\n]|[^\S\r\n]*)#', $rdelim . "\n\n", $string);
return $string;
}
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
// Use a unique session name (ignored if session.auto_start is set to true)
session_name('skynet');
// Start the php session
session_start();
function login($username, $password) {
// Globalize the phptodo variables needed
global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
$skynet_sessTime, $sqlhdlr;
// Create user class
$user_obj = new skynetUser($skynet_dbHost, $skynet_dbUser,
$skynet_dbPass, $skynet_dbName,
-1, $username, $password, true);
if ($user_obj->logged_in()) {
// Regenerate the session ID (security enhancement)
session_regenerate_id();
// Insert the user_id into the sessions database along with the
// session ID and the current time
$query = sprintf('INSERT INTO sessions (phpsessid, user_id, last) ' .
'VALUES ("%s", "%s", %d)', session_id(),
$user_obj->user_id(), time());
$sqlhdlr->query($query) or die( 'Error: ' . $sqlhdlr->error );
// Clean up any old sessions that have timed out
$query = sprintf('DELETE FROM sessions WHERE last < %d', time() -
$skynet_sessTime);
$sqlhdlr->query($query) or die( 'Error: ' . $sqlhdlr->error );
// Return 1 indicating a successful login
return 1;
} else {
// Return 0 indicating a login failure
return 0;
}
// This code should never be executed
// Return 0 indicating a login failure
return 0;
}
function authenticate() {
// Globalize the phptodo variables needed
global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
$skynet_sessTime, $sqlhdlr;
// Globalize the user variables
global $smarty;
// Try and get the id, last time, and user if from the sessions database
$query = sprintf('SELECT id, last, user_id FROM sessions WHERE ' .
'phpsessid = "%s"', session_id());
if ($result = $sqlhdlr->query($query)) {
list($id, $last, $user_id) = $result->fetch_array();
$result->close();
} else {
die( 'Error: ' . $sqlhdlr->error );
}
// Check to see if an id was set, and if the time is good
if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {