Commit 9901fd59 authored by Jason Frisvold's avatar Jason Frisvold
Browse files

- Move authentication and reports to separate files for organization

- Add statistics to main overview page
parent 74659dde
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
$isauthenticated = function( $role = 'user' ) {
return function() use ( $role ) {
// Globalize the phptodo variables needed
global $skynet_sessTime, $skynet_serveruri, $smarty_data, $sqlhdlr;
// Try and get the id, last time, and user id from the sessions
// database
$result = $sqlhdlr->table('sessions')
->select('id', 'last', 'user_id')
->where('phpsessid', '=', session_id())
->first();
$id = $result['id'];
$last = $result['last'];
$user_id = $result['user_id'];
// Check to see if an id was set, and if the time is valid
if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
// Good session, update the timestamp
$sqlhdlr->table('sessions')
->where('id', '=', $id)
->update(array('last' => time()));
// Create the user object
$user_obj = new skynetUser($sqlhdlr, $user_id);
// Assign the appropriate data to the smarty $smarty_data array
$smarty_data['username'] = $user_obj->username();
$smarty_data['adminflag'] = $user_obj->adminflag();
if (get_magic_quotes_gpc()) {
$smarty_data['fullname'] =
stripslashes(htmlentities($user_obj->fullname(), ENT_QUOTES));
} else {
$smarty_data['fullname'] = htmlentities($user_obj->fullname(),
ENT_QUOTES);
}
return($user_obj);
} else {
// If a guest role, then bypass the login redirect
if ($role == 'guest') {
$smarty_data['username'] = 'guest';
return;
}
// Return a 0 to indicate that authentication was not successful
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
$app->redirect('/login');
}
// Return a 0 to indicate that authentication was not successful
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
$app->redirect('/login');
};
};
// Login routine
// TODO: Add a redirect here for users already logged in
$app->get('/login', function () use ($app) {
global $smarty_data;
prep_smarty($app);
$app->render('login.tpl', $smarty_data);
});
// Login routine
$app->post('/login', function () use ($app) {
// Some global variables
$skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
$skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
// Check to see if this is a login attempt
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
$authenticated = login($_REQUEST['username'], $_REQUEST['password']);
} else {
$app->flash('error', 'Invalid Username or Password');
$app->redirect('/login');
}
} else {
$app->flash('error', 'Username or Password missing');
$app->redirect('/login');
}
// If the user is authenticated, jump them to the main page
if ((isset($authenticated) && ($authenticated == 1)) ||
($user_obj = authenticate())) {
if (isset($_SESSION['redirect'])) {
$app->redirect($_SESSION['redirect']);
} else {
$app->redirect('/');
}
unset($_SESSION['redirect']);
// Otherwise show the login page
} else {
$app->flash('error', 'Invalid Username or Password');
$app->redirect('/login');
}
$app->flash('error', 'Critical Failure');
$app->redirect('/login');
});
// Logout routine
$app->get('/logout', function () use ($app) {
logout();
$app->flash('success', 'Logout successful');
$app->redirect('/login');
});
?>
\ No newline at end of file
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner *#
#* Copyright (C) 2014-present Jason Frisvold <friz@godshell.com> *#
#* *#
#* This program is free software; you can redistribute it and/or modify *#
#* it under the terms of the GNU General Public License as published by *#
#* the Free Software Foundation; either version 2 of the License, or *#
#* (at your option) any later version. *#
#* *#
#* This program is distributed in the hope that it will be useful, *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *#
#* GNU General Public License for more details. *#
#* *#
#* You should have received a copy of the GNU General Public License *#
#* along with this program; if not, write to the Free Software *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
// Reports page
$app->get('/reports', $isauthenticated(), function () use ($app) {
global $smarty_data;
prep_smarty($app);
$app->render('reports.tpl', $smarty_data);
});
?>
\ No newline at end of file
......@@ -31,10 +31,16 @@
<div class='container'>
<div class='page-header'>
<h1>Main Page</h1>
<h1>System Overview</h1>
</div>
<p>Shit happens here...</p>
<h3>Statistics</h3>
<p>Total scan servers defined : {$total_servers}</p>
<p>Total scanners defined : {$total_scanners}</p>
<p>Total targets defined : {$total_targets}</p>
<p>Total timers defined : {$total_timers}</p>
<p>Total results : {$total_results}</p>
</div>
{include file='footer.tpl'}
......
......@@ -42,15 +42,15 @@
'prefix' => '',
]);
// Set the event dispatcher used by Eloquent models... (optional)
// Set the event dispatcher used by Eloquent models...
use Illuminate\Events\Dispatcher;
use Illuminate\Container\Container;
$sqlhdlr->setEventDispatcher(new Dispatcher(new Container));
// Make this Capsule instance available globally via static methods... (optional)
// Make this Capsule instance available globally via static methods...
$sqlhdlr->setAsGlobal();
// Setup the Eloquent ORM... (optional; unless you've used setEventDispatcher())
// Setup the Eloquent ORM...
$sqlhdlr->bootEloquent();
// Global array for Smarty data
......@@ -77,7 +77,6 @@
// We want to use Smarty for templates, this sets up the necessary Smarty
// configuration within Slim
$view = $app->view();
//$view->parserDirectory = $skynet_smarty_dir;
$view->parserCompileDirectory = "$skynet_work_dir/templates_c";
$view->parserCacheDirectory = "$skynet_work_dir/cache";
$view->parserExtensions = array(
......@@ -87,145 +86,35 @@
$app->hook('slim.before', function () use ($app) {
$app->view()->appendData(array('baseUrl' => '/index.php/'));
});
$isauthenticated = function( $role = 'user' ) {
return function() use ( $role ) {
// Globalize the phptodo variables needed
global $skynet_sessTime, $skynet_serveruri, $smarty_data, $sqlhdlr;
// Try and get the id, last time, and user id from the sessions
// database
$result = $sqlhdlr->table('sessions')
->select('id', 'last', 'user_id')
->where('phpsessid', '=', session_id())
->first();
$id = $result['id'];
$last = $result['last'];
$user_id = $result['user_id'];
// Check to see if an id was set, and if the time is valid
if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
// Good session, update the timestamp
$sqlhdlr->table('sessions')
->where('id', '=', $id)
->update(array('last' => time()));
// Create the user object
$user_obj = new skynetUser($sqlhdlr, $user_id);
// Assign the appropriate data to the smarty $smarty_data array
$smarty_data['username'] = $user_obj->username();
$smarty_data['adminflag'] = $user_obj->adminflag();
if (get_magic_quotes_gpc()) {
$smarty_data['fullname'] = stripslashes(htmlentities($user_obj->fullname(),
ENT_QUOTES));
} else {
$smarty_data['fullname'] = htmlentities($user_obj->fullname(),
ENT_QUOTES);
}
return($user_obj);
} else {
// If a guest role, then bypass the login redirect
if ($role == 'guest') {
$smarty_data['username'] = 'guest';
return;
}
// Return a 0 to indicate that authentication was not successful
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
$app->redirect('/login');
}
// Return a 0 to indicate that authentication was not successful
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
$app->redirect('/login');
};
};
// GET route
$app->get('/', $isauthenticated(), function () use ($app) {
global $smarty_data;
prep_smarty($app);
$app->render('main.tpl', $smarty_data);
});
// Login routine
// TODO: Add a redirect here for users already logged in
$app->get('/login', function () use ($app) {
global $smarty_data;
// Load the authentication routes
include('../app/authentication.php');
prep_smarty($app);
$app->render('login.tpl', $smarty_data);
});
// Load the report routes
include('../app/reports.php');
// Login routine
$app->post('/login', function () use ($app) {
// Some global variables
$skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
$skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
// Check to see if this is a login attempt
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
$authenticated = login($_REQUEST['username'], $_REQUEST['password']);
} else {
$app->flash('error', 'Invalid Username or Password');
$app->redirect('/login');
}
} else {
$app->flash('error', 'Username or Password missing');
$app->redirect('/login');
}
// If the user is authenticated, jump them to the main page
if ((isset($authenticated) && ($authenticated == 1)) ||
($user_obj = authenticate())) {
if (isset($_SESSION['redirect'])) {
$app->redirect($_SESSION['redirect']);
} else {
$app->redirect('/');
}
unset($_SESSION['redirect']);
// Otherwise show the login page
} else {
$app->flash('error', 'Invalid Username or Password');
$app->redirect('/login');
}
$app->flash('error', 'Critical Failure');
$app->redirect('/login');
});
// Login routine
$app->get('/logout', function () use ($app) {
logout();
$app->flash('success', 'Logout successful');
$app->redirect('/login');
});
// Home Page Route
$app->get('/', $isauthenticated(), function () use ($app) {
global $smarty_data, $sqlhdlr;
$smarty_data['total_servers'] = $sqlhdlr->table('cloud')
->where('disabled', 0)
->count();
$smarty_data['total_scanners'] = $sqlhdlr->table('spawn')
->where('disabled', 0)
->count();
$smarty_data['total_targets'] = $sqlhdlr->table('target')
->where('disabled', 0)
->count();
$smarty_data['total_timers'] = $sqlhdlr->table('timers')
->where('disabled', 0)
->count();
$smarty_data['total_results'] = $sqlhdlr->table('results')
->count();
// Reports page
$app->get('/reports', $isauthenticated(), function () use ($app) {
global $smarty_data;
prep_smarty($app);
$app->render('reports.tpl', $smarty_data);
$app->render('main.tpl', $smarty_data);
});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment