/
common.php
executable file
·158 lines (144 loc) · 4.41 KB
/
common.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?php
//global variable--------
$status=-1;
$debug=-1;
$log=-1;
$module_name="";
$function_name="";
$argv="";
//-----------------------
function service_check_hash() {
// print the flag in md5 hash
// we use it to service check
$userName="joy";
$password="chansey";
$hostName="127.0.0.1";
$link=mysql_connect($hostName, $userName, $password);
mysql_select_db("pmc", $link);
$query="(SELECT * FROM flag)";
mysql_query("SET NAMES UTF8");
$result=mysql_query($query);
$row = mysql_fetch_assoc($result);
$md5_flag = md5($row["flag"]);
echo "This website is for Network Security 2015 Final Project - attack and defense : ".$md5_flag;
}
function initial() {
global $status,$debug,$log,$function_name,$argv;
// first parse the pmc.ini
$ini = parse_ini_file("pmc.ini");
// Set variable
$status= $ini["Status"];
$debug = $ini["Debug"];
$log = $ini["Log"];
// Debug_mode
service_debug();
// checking...
service_status();
// log...
service_log();
// parse URL into Params
parse_param();
// include module
include_module();
// call module function
if($function_name!=NULL){
if($debug==1){
echo "use function ".$function_name.".<br>";
}
if($argv==NULL){
$function_name();
}else{
$function_name($argv);
}
}
}
function parse_param() {
// set the params from URL
// split with "/"
// EX: http :// .... /menu.php/module/function/argv/
// get the module name / function name / argv from URL
global $module_name,$function_name,$argv;
$urlParams = explode('/', $_SERVER['REQUEST_URI']);
$module_name = urldecode($urlParams[2]);
$function_name = urldecode( $urlParams[3]);
$argv = urldecode($urlParams[4]);
}
function service_status() {
global $status;
if($status==0){
// Disable the service for emergency maintenance
// so that other people won't attack you ~
// and you can patch your service
html_div(100,10,"#ffffff",20);
echo "This service is currently undergoing maintenance. <br>";
html_div_end();
die();
}
}
function service_debug() {
global $status,$debug,$log;
if($debug==1){
// Debug Mode On :
echo "Service Status: ".$status."<br>";
echo "Debug Mode: ".$debug."<br>";
echo "Log: ".$log."<br>";
}
}
function service_log() {
global $log;
if($log==1){
// TA provide you a simple logger~~ yay (at log/log.txt)
// you can modify your log information here
// log everything you want
// you don't need tcpdump anymore ~
$file = fopen("log/log.txt", "a");
//write IP
fwrite($file, $_SERVER["REMOTE_ADDR"]." ");
//write status
fwrite($file, "access website ");
//write URL
fwrite($file, $_SERVER["REQUEST_URI"]);
fwrite($file, "\n");
fclose($file);
}
}
function include_module() {
global $module_name,$debug;
// for urlencode string
$module_name = urldecode($module_name);
// for trace debug msg
if($debug==1){
echo "including module: ".$module_name."<br>";
}
// find the module file inside module folder
if(file_exists("./module/".$module_name.".php")){
// use ./menu.php/module/function/
// to access the website
include_once("./module/".$module_name.".php");
}
else if(file_exists("./module/".$module_name)){
// some people forget to delete .php behind the module name
// you can also add the .php extension on the URL
// use ./menu.php/module.php/function/
// to access the website
include_once("./module/".$module_name);
}else{
// error to include module
html_div(100,0,"#ffffff",20);
echo "[Error] Fail to include module :".$module_name.".<br>";
html_div_end();
return;
}
}
function html_div($width,$height,$color,$size) {
echo "<div class=\"font-effect\" style=\"width=".$width."%; ";
if($height!=0){echo "height:",$height,"%;";}
echo " background-color:".$color."; font-size:".$size."px;overflow-y: auto;\">";
}
function html_div_end() {
echo "</div>";
}
function html_img($url) {
echo "<img src=\"".$url."\">";
}
?>