function get_sql_from_avr($file)
{
$sql = '';
$category = '';
$password = '';
// Change password if needed
$user = '******';
if (preg_match("/#/", $file)) {
list($category, $_name) = explode('#', basename($file), 2);
$category = trim(str_replace(' ', '_', $category));
}
if (file_exists($file) && filesize($file) > 0) {
$content = file_get_contents($file);
$decrypted_content = decrypt($content, $password);
$datareport = @unserialize($decrypted_content);
$report_name = $datareport["name"];
$report_data = @unserialize($datareport["report"]);
$format_error = $report_data ? FALSE : TRUE;
$validation_error = FALSE;
$validation_error = !validate($report_name, 'A-Za-z0-9\\s\\.,:@_\\-\\/\\?&\\=_\\-\\;\\#\\|') ? TRUE : FALSE;
if (!$validation_error) {
$validation_error = !validate($category, 'A-Za-z0-9\\s\\.,:@_\\-\\/\\?&\\=_\\-\\;\\#\\|') ? TRUE : FALSE;
}
if (!$format_error && !$validation_error) {
// Force some parameters
$report_data["profile"] = 'Default';
$report_data["user"] = 0;
$report_data["entity"] = '-1';
$report_data["category"] = !empty($category) ? str_replace('_', ' ', $category) : '';
$category = !empty($category) ? '_' . $category : '';
// check subreports ids
$newds = array();
$sub_reports = $datareport["sr"];
foreach ($sub_reports as $idr => $info) {
if ($idr < 3000) {
$newds[$idr] = $report_data["ds"][$idr];
}
}
$report_data["ds"] = $newds;
// insert
$sql .= ' REPLACE INTO alienvault.user_config (login, category, name, value) VALUES (\'' . qstr($user) . '\', \'' . qstr('custom_report' . $category) . '\', \'' . qstr($report_name) . '\', from_base64(\'' . base64_encode(serialize($report_data)) . '\'));' . "\n";
} else {
print_err($validation_error ? "Invalid character in Report Name or Category" : "Invalid Password, file format or category");
}
} else {
print_err(empty($file) ? "Use: php " . $argv[0] . " path/file_name.avr [category]" : "File {$file} doesn't exists");
}
return $sql;
}
{
echo $msg . '<br/>';
}
/********** INPUT VALIDATION **********/
// validate first name
validate_input($trimmed['fname'], 'first_name') ? $fn = $trimmed['fname'] : print_err('<center>- First Name is not valid: <em>(Must be between 2 & 20 characters and can only contain letters, apostrophes and hyphens)</em></center>');
// validate last name
validate_input($trimmed['lname'], 'last_name') ? $ln = $trimmed['lname'] : print_err('<center>- Last Name is not valid: <i>(Must be between 2 & 40 characters and can only contain letters, apostrophes and hyphens)</i></center>');
// validate email
validate_input($trimmed['email'], 'email') ? $em = $trimmed['email'] : print_err('<center>- You did not provide a valid email address</center>');
// validate password
if (validate_input($trimmed['pass'], 'password')) {
$trimmed['pass'] == $trimmed['pass2'] ? $pw = $trimmed['pass'] : print_err('<center>- Your passwords did not match</center>');
} else {
print_err('<center>- Please enter a valid password: <small>(Must be between 4 & 20 characters. Can only contain letters, numbers and underscores)</small></center>');
}
/**************************************/
// INPUT VALIDATION SUCCEEDED:
if ($fn && $ln && $em && $pw) {
// Create activation code:
$a = md5(uniqid(rand(), true));
$user = new User();
$user->register(['first_name' => $fn, 'last_name' => $ln, 'email' => $em, 'password' => $pw, 'prof_link' => strtolower($fn . '.' . $ln . uniqid(rand()))]);
} else {
print_err('<br/><center><h5 class="red">Please amend your information as detailed and try again</h5></center><br/><br/>');
}
}
}
// Include registration form markup
include FORMS . 'registration_form.inc.php';
include FOOTER;
function array_stick($base_arr, $add_arr)
{
if (is_array($base_arr) && is_array($add_arr)) {
foreach ($add_arr as $key => $value) {
$base_arr[$key] = array_merge($base_arr[$key], $value);
}
} else {
print_err("Input arguments are not arrays");
}
return $base_arr;
}
public function register($fields = [])
{
// CHECK EMAIL IS UNIQUE:
if (!$this->find($fields['email'], 'users', ['email'])) {
// if find() returned false then either of the following is true:
// - Email address provided is unique and we're good to go
// - Or there were errors querying the DB...
if (empty($this->_db->errors())) {
// Set activation code depending on site status:
$fields['active'] = LIVE ? md5(uniqid(rand(), true)) : NULL;
// Create new user in DB:
if (empty($this->_db->insert('users', $fields)->errors())) {
// Setup the new users directories and default files in file system:
if (!$this->create_new_user_dir($fields['prof_link'])) {
trigger_error("Error registering new user: Failed to create new users directories in file system");
print_err('<br/><center><h5 class="red uppercase">You have not been registered</h5></center><br/><br/>');
include FOOTER;
exit;
}
if (LIVE) {
// CONSTRUCT ACTIVATION EMAIL:
$body = "Thank you for creating an account with Boxtar UK. To activate your account please follow this link:\n\n";
// Add URL to activation script with required vars
$body .= BASE_URL . 'activate_acc.php?_x004a=' . urlencode($fields['email']) . '&_y0030=' . $fields['active'];
// send activation email
mail($fields['email'], 'Boxtar UK - Activate Your Box', $body, 'From: donotreply@boxtar.uk');
// Thank user
echo '<div class="md-container"><h5>Thank you for creating an account with BOXTAR UK ©</h5>
<p><br/><br/>An email has been sent to the provided email address. Please follow the link
in that email to activate your account</p></div">';
} else {
echo <<<EOT
<div class="md-container"><h5>Thank you for creating an account with BOXTAR UK ©</h5></div">
EOT;
}
// Close page and kill script (form wont be re-shown)
echo '</div><!-- boxtar-content -->';
include FOOTER;
exit;
} else {
trigger_error("Error inserting new user into DB in " . trim($_SERVER['SCRIPT_FILENAME'], '/') . " (register function)<br/>DB Errors: " . implode('<br/>', $this->_db->errors()));
print_err('<br/><center><h5 class="red uppercase">You have not been registered</h5></center><br/><br/>');
include FOOTER;
exit;
}
} else {
trigger_error("Error registering new user in " . trim($_SERVER['SCRIPT_FILENAME'], '/') . " (find function returned false)<br/>DB Errors: " . implode('<br/>', $this->_db->errors()));
print_err('<br/><center><h5 class="red uppercase">You have not been registered</h5></center><br/><br/>');
include FOOTER;
exit;
}
} else {
// find() returned true so a match was found
print_err('<center><p class="red">The provided e-mail address has already been registered<br/><i><a href="pass_retrieval.php">(Forgotten your password?)</a></i></p></center>');
}
}
// Login will simply fail if an invalid email address is provided as the DB Query
// won't return anything - so no need for unnecessary overhead
!empty($trimmed['email']) ? $em = $trimmed['email'] : print_err('You did not enter an email address');
!empty($trimmed['pass']) ? $pw = $trimmed['pass'] : print_err('You did not enter a password');
if ($em && $pw) {
// email and password provided - start querying DB
$user = new User();
$login_status = $user->login($em, $pw);
if ($login_status['status'] === true) {
redirect();
} else {
print_err($login_status['msg'] . '<br/><br/>Please try again');
}
} else {
// Email and/or password did NOT pass validation
print_err('<br/>Please try again');
}
} else {
if (isset($_GET['e'])) {
// Used for redirecting from activate_acc.php
$trimmed = ['email' => trim($_GET['e'])];
}
}
?>
<br/>
<br/>
<?php
include FORMS . 'login_form.inc.php';
?>
