function system_information()
{
global $mysqli, $server, $redis_server, $mqtt_server;
$result = $mysqli->query("select now() as datetime, time_format(timediff(now(),convert_tz(now(),@@session.time_zone,'+00:00')),'%H:%i') AS timezone");
$db = $result->fetch_array();
@(list($system, $host, $kernel) = preg_split('/[\\s,]+/', php_uname('a'), 5));
@exec('ps ax | grep feedwriter.php | grep -v grep', $feedwriterproc);
$meminfo = false;
if (@is_readable('/proc/meminfo')) {
$data = explode("\n", file_get_contents("/proc/meminfo"));
$meminfo = array();
foreach ($data as $line) {
if (strpos($line, ':') !== false) {
list($key, $val) = explode(":", $line);
$meminfo[$key] = 1024 * floatval(trim(str_replace(' kB', '', $val)));
}
}
}
$emoncms_modules = "";
$emoncmsModulesPath = substr($_SERVER['SCRIPT_FILENAME'], 0, strrpos($_SERVER['SCRIPT_FILENAME'], '/')) . '/Modules';
// Set the Modules path
$emoncmsModuleFolders = glob("{$emoncmsModulesPath}/*", GLOB_ONLYDIR);
// Use glob to get all the folder names only
foreach ($emoncmsModuleFolders as $emoncmsModuleFolder) {
// loop through the folders
if ($emoncms_modules != "") {
$emoncms_modules .= " ";
}
$emoncms_modules .= str_replace($emoncmsModulesPath . "/", '', $emoncmsModuleFolder);
}
return array('date' => date('Y-m-d H:i:s T'), 'system' => $system, 'kernel' => $kernel, 'host' => $host, 'ip' => gethostbyname($host), 'uptime' => @exec('uptime'), 'http_server' => $_SERVER['SERVER_SOFTWARE'], 'php' => PHP_VERSION, 'zend' => function_exists('zend_version') ? zend_version() : 'n/a', 'db_server' => $server, 'db_ip' => gethostbyname($server), 'db_version' => 'MySQL ' . $mysqli->server_info, 'db_stat' => $mysqli->stat(), 'db_date' => $db['datetime'] . " (UTC " . $db['timezone'] . ")", 'redis_server' => $redis_server['host'] . ":" . $redis_server['port'], 'redis_ip' => gethostbyname($redis_server['host']), 'feedwriter' => !empty($feedwriterproc), 'mqtt_server' => $mqtt_server['host'], 'mqtt_ip' => gethostbyname($mqtt_server['host']), 'mqtt_port' => $mqtt_server['port'], 'hostbyaddress' => @gethostbyaddr(gethostbyname($host)), 'http_proto' => $_SERVER['SERVER_PROTOCOL'], 'http_mode' => $_SERVER['GATEWAY_INTERFACE'], 'http_port' => $_SERVER['SERVER_PORT'], 'php_modules' => get_loaded_extensions(), 'mem_info' => $meminfo, 'partitions' => disk_list(), 'emoncms_modules' => $emoncms_modules);
}
static function calcRange($iparray)
{
//print_r($iparray);
$iparray = array_unique($iparray);
$iparray = array_map("ip2long", $iparray[0]);
sort($iparray);
$iparray = array_map("long2ip", $iparray);
$ip_begin = $iparray[0];
$ip_end = $iparray[count($iparray) - 1];
$ip_begin_bin = self::ip2bin($ip_begin);
$ip_end_bin = self::ip2bin($ip_end);
$ip_shortened = self::findMatch(implode('', $ip_begin_bin), implode('', $ip_end_bin));
$cidr_range = strlen($ip_shortened);
$cidr_difference = 32 - $cidr_range;
$cidr_begin = $ip_shortened . str_repeat('0', $cidr_difference);
$cidr_end = $ip_shortened . str_repeat('1', $cidr_difference);
$ip_count = bindec($cidr_end) - bindec($cidr_begin) + 1;
$ips = array();
foreach ($iparray as $ip) {
$ips[] = array('ip' => $ip, 'bin' => implode('.', self::ip2bin($ip)), 'rdns' => gethostbyaddr($ip), 'long' => ip2long($ip), 'hex' => implode('.', self::ip2hex($ip)), 'octal' => implode('.', self::ip2oct($ip)), 'radians' => implode('/', self::ip2rad($ip)), 'base64' => implode('.', self::ip264($ip)), 'alpha' => implode('.', self::ip2alpha($ip)));
}
usort($ips, array('IPCalc', 'ipsort'));
$tmp = self::calcCIDR($ip_begin . '/' . $cidr_range);
return array('begin' => $tmp['begin'], 'end' => $tmp['end'], 'count' => $tmp['count'], 'suffix' => $cidr_range, 'ips' => $ips);
}
/**
* Resolves hostname
*
* @access public
* @param mixed $address address object
* @param boolena $override override DNS resolving flag
* @return void
*/
public function resolve_address($address, $override = false)
{
# settings
$this->get_settings();
# addresses object
$Address = new Addresses($this->Database);
# make sure it is dotted format
$address->ip = $Address->transform_address($address->ip_addr, "dotted");
# if dns_nameis set try to check
if (empty($address->dns_name) || is_null($address->dns_name)) {
# if permitted in settings
if ($this->settings->enableDNSresolving == 1 || $override) {
# resolve
$resolved = gethostbyaddr($address->ip);
if ($resolved == $address->ip) {
$resolved = "";
}
//resolve fails
return array("class" => "resolved", "name" => $resolved);
} else {
return array("class" => "", "name" => "");
}
} else {
return array("class" => "", "name" => $address->dns_name);
}
}
function get_mx($hostname)
{
if (strpos($hostname, '@')) {
list($user, $hostname) = explode('@', $hostname);
}
// split hostname from email address
if (function_exists('getmxrr')) {
@getmxrr($hostname, $mxhosts, $mxweight);
}
// check for a true MX record
if (isset($mxhosts) && !empty($mxhosts)) {
return array_shift($mxhosts);
} else {
// RFC says use the A line if there is no MX
$ip = gethostbyname($hostname);
// get the ip from hostname
if ($ip != $hostname) {
// continue if returned ip not hostname
$hostname = gethostbyaddr($ip);
// get the rdns (real) hostname
$ip = gethostbyname($hostname);
// check the (real) hostname has an A record
if ($ip != $hostname) {
return $hostname;
}
// return if returned ip not hostname
}
}
// If all else fails...
return $hostname;
}
function startthelog($logname, $quick = FALSE)
{
logit($logname, '-----------------------------------------------------------');
$line = '';
//logit($logname, $_SERVER['HTTP_REFERER']);
if (!$quick) {
// doing the dns lookup takes some extra time so use $quick to speed things up a bid
$line = gethostbyaddr($_SERVER["REMOTE_HOST"]);
if ($line == $_SERVER["REMOTE_ADDR"]) {
$line = '** No DNS entry found for calling IP';
}
$line = ' - ' . $line;
}
logit($logname, $_SERVER["REMOTE_ADDR"] . $line);
if (key_exists('HTTP_USER_AGENT', $_SERVER)) {
logit($logname, $_SERVER['HTTP_USER_AGENT'] . $line);
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (substr(str_replace(chr(10), '', print_r($_POST, true)), 10) == '') {
logit($logname, 'Called as a POST, but NO values were passed in');
} else {
logit($logname, 'POST values: ' . substr(str_replace(chr(10), '', print_r($_POST, true)), 10));
}
}
if ($_SERVER["QUERY_STRING"] != '') {
logit($logname, 'GET param string: ' . $_SERVER["QUERY_STRING"]);
}
}
function getComputerAndUserName() {
// $host = "SIN_HOST";
// if (isset($_SERVER["REMOTE_HOST"]))
// $host = $_SERVER["REMOTE_HOST"];
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
return substr(strtoupper($_SESSION["usuario"]."/".$host), 0, 64);
}
public function getArrayUsuario1($parametros)
{
$arrayAux = $this->dLogin->getArrayUsuario('2', $parametros['p2'], $parametros['p3']);
//$this->dLogin->getArrayUsuario1($parametros['p4'],$parametros['p2'],$parametros['p3']);
//sistema,usuario,clave
$ok = $arrayAux[0]['ok'];
if ($ok == 'ok') {
$array = $arrayAux[0];
if (isset($_SESSION)) {
session_unset();
// Finalmente, destruye la sesión
session_destroy();
}
session_start();
//echo 'sesion iniciada';
// session_id(time());
$_SESSION['iid_sistema'] = '2';
$_SESSION['login_user'] = $array['vlogin_usuario'];
$_SESSION['id_usuario'] = $array['iid_usuario'];
$_SESSION['host'] = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['id_persona'] = $array['c_cod_per'];
$_SESSION['nombre'] = $array['v_nomcompleto'];
$_SESSION['iCodigoEmpleado'] = $array['iCodigoEmpleado'];
if (isset($array['c_id_caja'])) {
$_SESSION["c_id_caja"] = $array['c_id_caja'];
} else {
$_SESSION["c_id_caja"] = "nada";
}
$_SESSION['path_principal'] = '../../../';
}
return $ok;
}
/**
* @see \wcf\system\event\listener\IParameterizedEventListener::execute()
*/
public function execute($eventObj, $className, $eventName, array &$parameters)
{
if (WCF::getUser()->userID && WCF::getSession()->getPermission('admin.general.canUseAcp') && !defined(get_class($eventObj) . '::DO_NOT_LOG')) {
// try to find existing session log
$sql = "SELECT\tsessionLogID\n\t\t\t\tFROM\twcf" . WCF_N . "_acp_session_log\n\t\t\t\tWHERE\tsessionID = ?\n\t\t\t\t\tAND lastActivityTime >= ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array(WCF::getSession()->sessionID, TIME_NOW - SESSION_TIMEOUT));
$row = $statement->fetchArray();
if (!empty($row['sessionLogID'])) {
$sessionLogID = $row['sessionLogID'];
$sessionLogEditor = new ACPSessionLogEditor(new ACPSessionLog(null, array('sessionLogID' => $sessionLogID)));
$sessionLogEditor->update(array('lastActivityTime' => TIME_NOW));
} else {
// create new session log
$sessionLog = ACPSessionLogEditor::create(array('sessionID' => WCF::getSession()->sessionID, 'userID' => WCF::getUser()->userID, 'ipAddress' => UserUtil::getIpAddress(), 'hostname' => @gethostbyaddr(WCF::getSession()->ipAddress), 'userAgent' => WCF::getSession()->userAgent, 'time' => TIME_NOW, 'lastActivityTime' => TIME_NOW));
$sessionLogID = $sessionLog->sessionLogID;
}
// format request uri
$requestURI = WCF::getSession()->requestURI;
// remove directories
$URIComponents = explode('/', $requestURI);
$requestURI = array_pop($URIComponents);
// remove session url
$requestURI = preg_replace('/(?:\\?|&)s=[a-f0-9]{40}/', '', $requestURI);
// save access
ACPSessionAccessLogEditor::create(array('sessionLogID' => $sessionLogID, 'ipAddress' => UserUtil::getIpAddress(), 'time' => TIME_NOW, 'requestURI' => $requestURI, 'requestMethod' => WCF::getSession()->requestMethod, 'className' => get_class($eventObj)));
}
}
/**
* @see EventListener::execute()
*/
public function execute($eventObj, $className, $eventName)
{
if (WCF::getUser()->userID && WCF::getUser()->getPermission('admin.general.canUseAcp') && !defined(get_class($eventObj) . '::DO_NOT_LOG')) {
// try to find existing session log
$sql = "SELECT\tsessionLogID\n\t\t\t\tFROM\twcf" . WCF_N . "_acp_session_log\n\t\t\t\tWHERE\tsessionID = '" . WCF::getSession()->sessionID . "'\n\t\t\t\t\tAND lastActivityTime >= " . (TIME_NOW - SESSION_TIMEOUT);
$row = WCF::getDB()->getFirstRow($sql);
if (!empty($row['sessionLogID'])) {
$sessionLogID = $row['sessionLogID'];
// update session log
$sql = "UPDATE\twcf" . WCF_N . "_acp_session_log\n\t\t\t\t\tSET\tlastActivityTime = " . TIME_NOW . "\n\t\t\t\t\tWHERE\tsessionLogID = " . $sessionLogID;
WCF::getDB()->registerShutdownUpdate($sql);
} else {
// create new session log
$sql = "INSERT INTO\twcf" . WCF_N . "_acp_session_log\n\t\t\t\t\t\t\t(sessionID, userID, ipAddress, hostname, userAgent, time, lastActivityTime)\n\t\t\t\t\tVALUES\t\t('" . WCF::getSession()->sessionID . "', " . WCF::getUser()->userID . ", '" . escapeString(WCF::getSession()->ipAddress) . "', '" . escapeString(@gethostbyaddr(WCF::getSession()->ipAddress)) . "', '" . escapeString(WCF::getSession()->userAgent) . "', " . TIME_NOW . ", " . TIME_NOW . ")";
WCF::getDB()->sendQuery($sql);
$sessionLogID = WCF::getDB()->getInsertID("wcf" . WCF_N . "_acp_session_log", 'sessionLogID');
}
// format request uri
$requestURI = WCF::getSession()->requestURI;
// remove directories
$URIComponents = explode('/', $requestURI);
$requestURI = array_pop($URIComponents);
// remove session url
$requestURI = preg_replace('/(?:\\?|&)s=[a-f0-9]{40}/', '', $requestURI);
// save access
$sql = "INSERT INTO\twcf" . WCF_N . "_acp_session_access_log\n\t\t\t\t\t\t(sessionLogID, packageID, ipAddress, time, requestURI, requestMethod, className)\n\t\t\t\tVALUES\t\t(" . $sessionLogID . ", " . PACKAGE_ID . ", '" . escapeString(WCF::getSession()->ipAddress) . "', " . TIME_NOW . ", '" . escapeString($requestURI) . "', '" . escapeString(WCF::getSession()->requestMethod) . "', '" . escapeString(get_class($eventObj)) . "')";
WCF::getDB()->registerShutdownUpdate($sql);
}
}
public function applet()
{
$f = $this->init_module('Libs/QuickForm');
$t = $f->createElement('text', 't');
$ok = $f->createElement('submit', 'ok', __('OK'));
$f->addGroup(array($t, $ok), 'w');
$f->display();
$msg =& $this->get_module_variable('msg');
if ($f->validate()) {
$w = $f->exportValues();
$w = $w['w']['t'];
if (ip2long($w) === false) {
$ip = gethostbynamel($w);
if ($ip) {
$msg = '';
foreach ($ip as $i) {
$msg .= $i . '<br>';
}
} else {
$msg = __('No such domain');
}
} else {
$domain = gethostbyaddr($w);
if ($domain != $w) {
$msg = $domain;
} else {
$msg = __('No such ip entry');
}
}
}
print $msg;
}
public function authenticate(\fpoirotte\Pssht\Messages\USERAUTH\REQUEST\Base $message, \fpoirotte\Pssht\Transport $transport, array &$context)
{
if (!$message instanceof \fpoirotte\Pssht\Messages\USERAUTH\REQUEST\PublicKey) {
throw new \InvalidArgumentException();
}
if ($message->getSignature() === null) {
return self::AUTH_REJECT;
}
$logging = \Plop\Plop::getInstance();
$reverse = gethostbyaddr($transport->getAddress());
$algos = \fpoirotte\Pssht\Algorithms::factory();
$cls = $algos->getClass('PublicKey', $message->getAlgorithm());
if ($cls === null || !$this->store->exists($message->getUserName(), $message->getKey())) {
$logging->info('Rejected public key connection from remote host "%(reverse)s" ' . 'to "%(luser)s" (unsupported key)', array('luser' => escape($message->getUserName()), 'reverse' => $reverse));
return self::AUTH_REJECT;
}
$key = $cls::loadPublic(base64_encode($message->getKey()));
$encoder = new \fpoirotte\Pssht\Wire\Encoder();
$encoder->encodeString($context['DH']->getExchangeHash());
$encoder->encodeBytes(chr(\fpoirotte\Pssht\Messages\USERAUTH\REQUEST\Base::getMessageId()));
$encoder->encodeString($message->getUserName());
$encoder->encodeString($message->getServiceName());
$encoder->encodeString(static::getName());
$encoder->encodeBoolean(true);
$encoder->encodeString($message->getAlgorithm());
$encoder->encodeString($message->getKey());
if ($key->check($encoder->getBuffer()->get(0), $message->getSignature())) {
$logging->info('Accepted public key connection from remote host "%(reverse)s" ' . 'to "%(luser)s" (using "%(algorithm)s" algorithm)', array('luser' => escape($message->getUserName()), 'reverse' => $reverse, 'algorithm' => escape($message->getAlgorithm())));
return self::AUTH_ACCEPT;
}
$logging->info('Rejected public key connection from remote host "%(reverse)s" ' . 'to "%(luser)s" (invalid signature)', array('luser' => escape($message->getUserName()), 'reverse' => $reverse));
return self::AUTH_REJECT;
}
/** Creates a new session entry in database and return its ID.
*
* @param $uid the id of the logged user
* @param $suid the id of the administrator who has just su'd to the user
* @return session the session id
*/
private function writeSession($uid, $suid = null)
{
$ip = $_SERVER['REMOTE_ADDR'];
$host = strtolower(gethostbyaddr($_SERVER['REMOTE_ADDR']));
$browser = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
@(list($forward_ip, ) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
$forward_host = $forward_ip;
if ($forward_host) {
$forward_host = strtolower(gethostbyaddr($forward_host));
}
$proxy = '';
if ($forward_ip || @$_SERVER['HTTP_VIA']) {
$proxy = 'proxy';
}
$uid = $uid == 0 ? null : $uid;
$suid = $suid == 0 ? null : $suid;
XDB::execute("INSERT INTO log_sessions\n SET uid={?}, host={?}, ip={?}, forward_ip={?}, forward_host={?}, browser={?}, suid={?}, flags={?}", $uid, $host, ip_to_uint($ip), ip_to_uint($forward_ip), $forward_host, $browser, $suid, $proxy);
if ($forward_ip) {
$this->proxy_ip = $ip;
$this->proxy_host = $host;
$this->ip = $forward_ip;
$this->host = $forward_host;
} else {
$this->ip = $ip;
$this->host = $host;
}
return XDB::insertId();
}
static function getRegSpamScore(&$score, array $user, $verbose, $debug, $model)
{
$o = XenForo_Application::getOptions();
if (trim($o->TPUDetectSpamRegHostname) != '') {
$hostname = gethostbyaddr($user['ip']);
if ($verbose) {
$model->logScore('tpu_detectspamreg_hostname_detected', 0, array('hostname' => $hostname));
}
foreach (explode("\n", $o->TPUDetectSpamRegHostname) as $entry) {
$entry = explode('|', trim($entry));
if (count($entry) != 2) {
continue;
}
list($points, $match) = $entry;
$regex = $model->buildWildcardRegex($match);
if (preg_match('/^' . $regex . '$/iU', $hostname)) {
$model->logScore('tpu_detectspamreg_hostname_fail', $points, array('hostname' => $match));
if (is_numeric($points)) {
$score['points'] += $points;
} else {
$score[$points] = true;
}
} else {
if ($debug) {
$model->logScore('tpu_detectspamreg_hostname_ok', 0, array('hostname' => $match));
}
}
}
}
}
/**
* This function puts a host
*
* @param string $pHost
* @return void
*/
public function resolv($pHost)
{
$aHost = explode("\\", $pHost);
if (count($aHost) > 1) {
$ipHost = $aHost[0];
$this->db_instance = $aHost[1];
} else {
$ipHost = $pHost;
}
if ($this->is_ipaddress($ipHost)) {
$this->ip = $ipHost;
if (!($this->hostname = @gethostbyaddr($ipHost))) {
$this->errno = 2000;
$this->errstr = "NET::Host down";
$this->error = G::loadTranslation('ID_HOST_UNREACHABLE');
}
} else {
$ip = @gethostbyname($ipHost);
$long = ip2long($ip);
if ($long == -1 || $long === false) {
$this->errno = 2000;
$this->errstr = "NET::Host down";
$this->error = G::loadTranslation('ID_HOST_UNREACHABLE');
} else {
$this->ip = @gethostbyname($ipHost);
$this->hostname = $pHost;
}
}
}
/**
* Discover host and port for specified prefix and ports
*
* @param $email
* @param $prefix
* @param $ports
* @return array
* @throws \Exception
*/
private function analyse($email, $prefix, $ports)
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
throw new \Exception('Not a valid email');
}
$host = null;
$domain = explode('@', $email);
if ($mxServer = Dns::getTopMx($domain[1])) {
// save MX-server information
$mxServerDomains = explode('.', $mxServer);
$mxServerRoot = implode('.', array_slice($mxServerDomains, -2, 2));
$this->mxServer = $mxServer;
$this->mxServerRoot = $mxServerRoot;
}
if ($port = Socket::pingPort($prefix . $domain[1], $ports)) {
$host = $prefix . $domain[1];
} elseif ($mxServer) {
if ($port = Socket::pingPort($mxServer, $ports)) {
$host = $mxServer;
} else {
$revMxServer = gethostbyaddr(gethostbyname($mxServer));
$revMxServerDomains = explode('.', $revMxServer);
$revMxServerRoot = @implode('.', array_slice($revMxServerDomains, -2, 2));
if ($port = Socket::pingPort($prefix . $revMxServerRoot, $ports)) {
$host = $prefix . $revMxServerRoot;
} else {
if ($port = Socket::pingPort($prefix . $mxServerRoot, $ports)) {
$host = $prefix . $mxServerRoot;
}
}
}
}
return [$host, $port];
}
/**
* This function puts a host
*
* @param string $pHost
* @return void
*/
public function resolv($pHost)
{
$aHost = explode("\\", $pHost);
if (count($aHost) > 1) {
$ipHost = $aHost[0];
$this->db_instance = $aHost[1];
} else {
$ipHost = $pHost;
}
if ($this->is_ipaddress($ipHost)) {
$this->ip = $ipHost;
if (!($this->hostname = @gethostbyaddr($ipHost))) {
$this->errno = 2000;
$this->errstr = "NET::Host down";
$this->error = "Destination Host Unreachable";
}
} else {
$ip = @gethostbyname($ipHost);
$long = ip2long($ip);
if ($long == -1 || $long === false) {
$this->errno = 2000;
$this->errstr = "NET::Host down";
$this->error = "Destination Host Unreachable";
} else {
$this->ip = @gethostbyname($ipHost);
$this->hostname = $pHost;
}
}
}
public function renderPanel()
{
$data = $this->getData();
$sections = array('Basics' => array('Machine' => php_uname('n')));
// NOTE: This may not be present for some SAPIs, like php-fpm.
if (!empty($data['Server']['SERVER_ADDR'])) {
$addr = $data['Server']['SERVER_ADDR'];
$sections['Basics']['Host'] = $addr;
$sections['Basics']['Hostname'] = @gethostbyaddr($addr);
}
$sections = array_merge($sections, $data);
$mask = array('HTTP_COOKIE' => true, 'HTTP_X_PHABRICATOR_CSRF' => true);
$out = array();
foreach ($sections as $header => $map) {
$rows = array();
foreach ($map as $key => $value) {
if (isset($mask[$key])) {
$rows[] = array($key, phutil_tag('em', array(), '(Masked)'));
} else {
$rows[] = array($key, is_array($value) ? json_encode($value) : $value);
}
}
$table = new AphrontTableView($rows);
$table->setHeaders(array($header, null));
$table->setColumnClasses(array('header', 'wide wrap'));
$out[] = $table->render();
}
return phutil_implode_html("\n", $out);
}
/**
* Add a record to ol_admins_logs table
* @param string $uri
*/
private function _addMetric($uri)
{
// Get user object in session
$userName = Zend_Auth::getInstance()->getIdentity()->api_user_username;
if (!isset($userName) || empty($userName)) {
return;
// user is not logged in
}
if (strlen($userName) > 0) {
// define query_string or post
$query_string = $_SERVER['QUERY_STRING'];
if ($_POST && strlen($query_string) == 0) {
// TODO: replace this with PHP query building function
$kv = array();
foreach ($_POST as $key => $value) {
$kv[] = "{$key}={$value}";
}
$query_string = join("&", $kv);
}
// Define data to add
$data = array();
$data['user'] = strip_tags($userName);
$data['page'] = strtolower(strtok($_SERVER['SERVER_PROTOCOL'], '/')) . '://' . $_SERVER['HTTP_HOST'] . $uri;
$data['params'] = $query_string;
$data['ip'] = $_SERVER['REMOTE_ADDR'];
$data['date'] = time();
$data['remote_host'] = gethostbyaddr($_SERVER['REMOTE_ADDR']);
// add row to ssp_sites_metrics table
$usersLogs = new OneLogin_Acl_UsersLogs();
$usersLogs->insert($data);
}
}
function logit($r = '')
{
global $siteurl, $prefs, $pretext;
$mydomain = str_replace('www.', '', preg_quote($siteurl, "/"));
$out['uri'] = @$pretext['request_uri'];
$out['ref'] = clean_url(str_replace("http://", "", serverSet('HTTP_REFERER')));
$host = $ip = serverSet('REMOTE_ADDR');
if (!empty($prefs['use_dns'])) {
// A crude rDNS cache
if ($h = safe_field('host', 'txp_log', "ip='" . doSlash($ip) . "' limit 1")) {
$host = $h;
} else {
// Double-check the rDNS
$host = @gethostbyaddr(serverSet('REMOTE_ADDR'));
if ($host != $ip and @gethostbyname($host) != $ip) {
$host = $ip;
}
}
}
$out['ip'] = $ip;
$out['host'] = $host;
$out['status'] = 200;
// FIXME
$out['method'] = serverSet('REQUEST_METHOD');
if (preg_match("/^[^\\.]*\\.?{$mydomain}/i", $out['ref'])) {
$out['ref'] = "";
}
if ($r == 'refer') {
if (trim($out['ref']) != "") {
insert_logit($out);
}
} else {
insert_logit($out);
}
}
private function InjectSystem($Command)
{
/* Disabled */
@mkdir("modules/Logs");
if (!file_exists("modules/Logs/CTM_Injects.htm")) {
$Creat = @fopen("modules/Logs/CTM_Injects.htm", "a+");
@fwrite($Creat, "*******************************************<br />\n -> Effect Web " . base64_decode(Web_Version) . "<br />\n -> Security Inject System<br />\n -> Powered by Erick-Master<br />\n -> CTM Team Softwares<br />\n -> www.ctmts.com.br<br />\n*******************************************<br />\n\n");
@fclose($Creat);
}
$Date = date("d/m/Y");
$Time = date("H:i:s");
$Browser = $_SERVER["HTTP_USER_AGENT"];
$Requested = $_SERVER["REQUEST_URI"];
$Method = $_SERVER["REQUEST_METHOD"];
$Addr = $_SERVER["REMOTE_ADDR"];
$HostAddr = gethostbyaddr($Addr);
$LogInject = "• IP do usuario: <b>" . $Addr . "</b><br />\n";
$LogInject .= "• IP Reverso: <b>" . $HostAddr . "</b><br />\n";
$LogInject .= "• Data: <b>" . $Date . "</b><br />\n";
$LogInject .= "• Hora: <b>" . $Time . "</b><br />\n";
$LogInject .= "• Navegador: <b>" . $Browser . "</b><br />\n";
$LogInject .= "• Pagina: <b>" . $Requested . "</b><br />\n";
$LogInject .= "• Metodo usado: <b>" . $Method . "</b><br />\n";
$LogInject .= "• Comando efetuado: <b>" . $Command . "</b><br />\n";
$LogInject .= "==============================================================================================================<br />\n";
$FileLog = @fopen("modules/Logs/CTM_Injects.htm", "a");
@fwrite($FileLog, $LogInject);
@fclose($FileLog);
exit("<script>window.alert('CTM-Error: Limpe os cookies ou retire os caracteres invalidos.'); history.go(-1);</script>");
}
function month()
{
if (preg_match('/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/', getenv("HTTP_X_FORWARDED_FOR")) == '') {
$uipanda = getenv('REMOTE_ADDR');
} else {
$uipanda = getenv('HTTP_X_FORWARDED_FOR');
}
$uproxyserver = getenv("HTTP_VIA");
$uipproxy = getenv("REMOTE_ADDR");
$uhost = gethostbyaddr($uipproxy);
$utime = time();
$month = $utime - 2592000;
// (in seconds)
@mysql_query("delete from useronlinemonth where timevisit<{$month}");
$qw = mysql_query("SELECT count(id) as total FROM useronlinemonth WHERE ipproxy = '{$uipproxy}'");
$countdataquery = mysql_fetch_assoc($qw);
$uexists = $countdataquery['total'];
if ($uexists > 0) {
@mysql_query("update useronlinemonth set timevisit='{$utime}' where ipproxy='{$uipproxy}'");
} else {
@mysql_query("insert into useronlinemonth (ipproxy,host,ipanda,proxyserver,timevisit) values ('{$uipproxy}','{$uhost}','{$uipanda}','{$uproxyserver}','{$utime}')");
}
//$rs=@mysql_query("select * from useronlinemonth");
$qw = mysql_query("SELECT count(id) as total FROM useronlinemonth");
$countdataquery = mysql_fetch_assoc($qw);
$jmlonline = $countdataquery['total'];
return "<b>{$jmlonline}</b>";
}
private function writeDBLog($method, $requestData, $responseType, $_response = '', $proxy_used = '', $curlStatus = '')
{
$this->loadModel('LogAutoxp')->clear();
$ip = $_SERVER['REMOTE_ADDR'];
$proxy_type = $this->isBot($ip) ? 'Bot' : 'Site';
$this->loadModel('LogAutoxp')->save(array('ip_type' => $proxy_type, 'ip' => $ip, 'host' => gethostbyaddr($ip), 'ip_details' => json_encode($_SERVER), 'proxy_used' => $proxy_used, 'method' => $method, 'request' => $this->getRequestURL($requestData, $method), 'response_type' => $responseType, 'response_status' => $curlStatus ? json_encode($curlStatus) : '', 'response' => $_response, 'cache_id' => $responseType == 'CACHE' ? Hash::get(Cache::settings('autoxp'), 'data.id') : 0, 'cache' => $responseType == 'CACHE' ? Hash::get(Cache::settings('autoxp'), 'data.value') : ''));
}
function processUpload()
{
global $mysql_link;
// TODO update
$image_desc = getRequestParameter("imageDesc");
$upload_user = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
//SQL Injection defence!
$image_name = addslashes($_FILES['image']['name']);
$uploadSql = "INSERT INTO `omnichanneldemo`.`demo_image` (`id`, `image`, `name`, `desc`, `create_dttm`, `modify_dttm`, `uploaded_by`) VALUES (NULL, '{$image}', '{$image_name}', '{$image_desc}', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '{$upload_user}');";
$result = $mysql_link->query($uploadSql);
$returnValue = array();
if ($result) {
$imgFolderUrl = "http://" . $_SERVER['SERVER_NAME'] . "/OmniChannelDemo/images/?img=";
$returnValue["status"] = "success";
$returnValue["message"] = "Image uploaded successfully";
$returnValue["imageId"] = $mysql_link->insert_id;
$returnValue["imageUrl"] = $imgFolderUrl . $mysql_link->insert_id;
} else {
$returnValue["status"] = "error";
$returnValue["message"] = $mysql_link->error;
$returnValue["imageId"] = null;
$returnValue["imageUrl"] = null;
}
return $returnValue;
}
public function userLogin($username, $password)
{
$sql = "select email, failedLogins, password, salt from users where email = ?";
$result = $this->executeQuery($sql, array($username));
$ip = $_SERVER['REMOTE_ADDR'];
if ($result[0]["failedLogins"] >= 100 || $result[0]['email'] == null) {
return false;
} else {
$hashed = hash('sha256', $password . $result[0]["salt"]);
$sql3 = "insert into LoginAttempts values(?, ?, ?, ?, ?)";
$hostname = gethostbyaddr($ip);
if ($hashed == $result[0]["password"]) {
$sql5 = "update users set session = ? where email = ?";
$session = hash('sha256', $username . $ip);
$result5 = $this->executeupdate($sql5, array($session, $username));
$time = date('Y-m-d G:i:s');
$result3 = $this->executeUpdate($sql3, array(0, $username, $time, $hostname, true));
return true;
} else {
$sql2 = "update users set failedLogins = failedLogins + 1 where email = ?";
$result2 = $this->executeUpdate($sql2, array($username));
$result4 = $this->executeUpdate($sql3, array(0, $username, $time, $hostname, false));
return false;
}
}
}
function sendEmailNotification($file, $mailto)
{
include "config.inc.php";
$to = $mailto;
$subject = 'Download: ' . $file;
$headers = "From: " . $conf['mailfrom'] . "\r\nReply-To: " . $conf['mailreplyto'];
$headers .= "\r\nMIME-Version: 1.0";
$headers .= "\r\nContent-Type: text/plain; charset=UTF-8";
// $headers .= "\r\nContent-Transfer-Encoding: quoted-printable";
//define the body of the message.
ob_start();
echo "Folgender Download fand statt: {$file}\n\n";
foreach ($_GET as $key => $value) {
echo "\n";
echo " Datum: " . date("d.M Y G:i:s") . "\n";
echo " IP-Adresse: " . $_SERVER['HTTP_X_FORWARDED_FOR'] . "\n";
echo " Provider: " . gethostbyaddr($_SERVER['HTTP_X_FORWARDED_FOR']) . "\n";
echo " Useragent: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
if (isset($_SERVER['HTTP_REFERER']) and $_SERVER['HTTP_REFERER'] != "") {
echo " Referer: " . $_SERVER['HTTP_REFERER'] . "\n";
}
echo "\n Location: https://www.iplocation.net/?query=" . $_SERVER['HTTP_X_FORWARDED_FOR'] . "\n\n";
}
//copy current buffer contents into $message variable and delete current output buffer
$message = ob_get_clean();
$mail_sent = @mail($to, $subject, $message, $headers);
}
private function capturaDatosRedUsuario()
{
$nombreHost = "";
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ipUsuario = explode(',', $_SERVER["HTTP_X_FORWARDED_FOR"]);
for ($i = 0; $i < count($ipUsuario); $i++) {
if (trim($ipUsuario[$i]) != "127.0.0.1" && isset($ipUsuario[$i])) {
if ($i > 0) {
$ipFinalUsuario .= ",";
}
$ipFinalUsuario .= $ipUsuario[$i];
$tmp = gethostbyaddr($ipUsuario[$i]);
if (isset($tmp)) {
$nombreHost = gethostbyaddr($ipUsuario[$i]);
}
}
}
$this->_ipAcceso = $ipFinalUsuario;
$this->_nombreHost = $nombreHost;
} else {
$this->_ipAcceso = $_SERVER["REMOTE_ADDR"];
$this->_nombreHost = gethostbyaddr($_SERVER["REMOTE_ADDR"]);
}
$this->_agenteUsuario = $_SERVER["HTTP_USER_AGENT"];
}
function user_admin_online_liste()
{
$OnListe = '';
$class = '';
$dif = date('Y-m-d H:i:s', time() - USERUPTIME);
$erg = db_query("SELECT DISTINCT `uid`, DATE_FORMAT(`uptime`, '%d.%m.%Y - %H:%i:%s') as `datum`, `ipa`, `name`, `content` as aufenthalt FROM `prefix_online` LEFT JOIN `prefix_user` on `prefix_user`.`id` = `prefix_online`.`uid` WHERE `uptime` > '" . $dif . "' ORDER BY `uid` DESC");
while ($row = db_fetch_object($erg)) {
$name = $row->name;
if ($row->uid == 0) {
$name = 'Gast';
}
$host_patterns = array('/crawl-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}\\.googlebot\\.com/si', '/[a-z]*[0-9]*\\.inktomisearch\\.com/si', '/[a-z]*[0-9]*\\.ask\\.com/si', '/p[0-9A-F]*\\.dip[0-9]*\\.t-(dialin|ipconnect)\\.(net|de)/si', '/[0-9A-F]*\\.ipt\\.aol\\.com/si', '/dslb-[0-9]{3}-[0-9]{3}-[0-9]{3}-[0-9]{3}.pools.arcor-ip.net/si', '/crawl[0-9]*\\}exabot\\.com/si', '/[0-9A-Z]+\\.adsl\\.highway\\.telekom\\.at/si');
$host_names = array('Bot Google', 'Bot Inktomi/Yahoo', 'Bot Ask.com', 'T-Online', 'AOL', 'Arcor DSL', 'Bot Exalead', 'Telekom Austria DSL');
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$OnListe .= '<tr class="' . $class . '">';
$OnListe .= '<td>' . $name . '</td>';
$OnListe .= '<td>' . $row->datum . '</td>';
$OnListe .= '<td>' . $row->ipa . '</td>';
$OnListe .= '<td>' . preg_replace($host_patterns, $host_names, @gethostbyaddr($row->ipa)) . '</td>';
$OnListe .= '<td>' . $row->aufenthalt . '</td>';
$OnListe .= '</tr>';
}
// $OnListe = substr($OnListe,0,strlen($OnListe) - 3);
return $OnListe;
}
function nojs()
{
$ip = $_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($ip);
if (!isset($_SERVER['HTTP_REFERER'])) {
$ref = 'None';
} else {
$ref = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (function_exists('getallheaders')) {
foreach (getallheaders() as $header => $info) {
$req .= htmlspecialchars($header) . ' - ' . htmlspecialchars($info) . '<br />';
}
} else {
$req = 'Undefined';
}
$data = '<center><a href="#' . hash . '" onclick="show(\'' . hash . '\');"><h4>' . $ip . '</h4></a></center>' . '<div id="' . hash . '" style="display:none;"><hr /><p>' . time . '</p><div class="text">' . '<h3>Info</h3>' . '<br />IP - <a href="http://ipinfo.io/' . $ip . '">' . $ip . '</a>' . '<br />Host - ' . $host . '<br />Referer - ' . $ref . '<br />Javascript not enabled!' . '<br /><h3>Request headers</b></h3> ' . $req;
if (file_exists(output) && is_writable(output)) {
$fp = fopen(output, 'a');
fwrite($fp, $data . '</div><br /><hr /></div>');
fclose($fp);
}
if (redirect == 1) {
header('Location: ' . redirect_url);
}
}
public function postLogin(Request $request)
{
$this->validate($request, ['username' => 'required', 'password' => 'required']);
$credentials = $request->only('username', 'password', 'active');
$employee = Employee::where('username', $credentials['username'])->where('active', true)->first();
if ($employee != null && password_verify($credentials['password'], $employee->password)) {
if (!$employee->isadmin) {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} else {
$ip = getenv('REMOTE_ADDR');
}
$host = gethostbyaddr($ip);
$ipAddress = 'Address : ' . $ip . ' Host : ' . $host;
$count = Ipaddress::where('ip', $ip)->count();
$today = date("Y-m-d");
if ($count == 0 || $employee->loginstartdate == null || $today < date('Y-m-d', strtotime($employee->loginstartdate)) || $employee->loginenddate != null && $today > date('Y-m-d', strtotime($employee->loginenddate))) {
return view('errors.permissiondenied', ['ipAddress' => $ipAddress]);
}
if ($employee->branchid == null) {
return redirect($this->loginPath())->withInput($request->only('username', 'remember'))->withErrors(['username' => 'บัญชีเข้าใช้งานของคุณยังไม่ได้ผูกกับสาขา โปรดติดต่อหัวหน้า หรือผู้ดูแล']);
}
}
if ($this->auth->attempt($credentials, $request->has('remember'))) {
return redirect()->intended($this->redirectPath());
}
} else {
return redirect($this->loginPath())->withInput($request->only('username', 'remember'))->withErrors(['username' => $this->getFailedLoginMessage()]);
}
}
static function is_aol_host()
{
if (ereg("proxy\\.aol\\.com\$", gethostbyaddr($_SERVER['REMOTE_ADDR'])) || stristr($_SERVER['HTTP_USER_AGENT'], "AOL")) {
return true;
}
return false;
}
