protected final function RemoteExec($cmd, $rand = null, $method = null) { if (($result = $this->InitSSH()) !== true) { $this->SessionSwap('previous'); return $result; //trigger_error($result); } if (strstr($cmd, 'sudo ')) { exit('ERROR: RemoteExec() remove sudo in commands, we are already root'); } if (!$this->sudoOK) { list($user, $pass) = explode(' ', $this->Decrypt($_SESSION['cred'])); $this->GoSUDO($pass); } $is_ansi = ($cmd and in_array($cmd, array('top')) and $this->sudoOK) ? 1 : 0; $polling = ($rand and ctype_alnum($rand) and in_array($method, array('nohup', 'pscreen'))) ? 1 : 0; if ($polling) { // no need to redirect stderr to stdout, nohup does this for you //$randcapture = ' >/tmp/' . $randfile . ' &'; // bashpre-4 more compatible //$randcapture = ' >/tmp/' . $randfile . ' 2>&1 &'; // bash4 is the new way, but less compatible //$randcapture = ' &>/tmp/' . $randfile; $log = '/tmp/' . $this->tmp_prepend . $rand; $cnf = '/root/.screenrc_panel'; if ($method == 'nohup') { $this->ssh->write("touch {$log}; nohup {$cmd} >{$log} &\n"); $out = $this->SSHRead($_SESSION['rprompt'], 0, 1); list(, $pid) = explode(' ', $out); if ($pid and is_numeric($pid)) { $this->ssh->write("echo '{$pid}' > {$log}.pid\n"); } else { exit('PanelCommon->RemoteExec(): method: nohup, non-numeric pid: ' . $pid); } $this->SSHRead($_SESSION['rprompt']); return $pid; } else { if ($method == 'pscreen') { $this->ssh->write("screen -wipe; screen -li\n"); $out = $this->SSHRead($_SESSION['rprompt'], 0, 1); if (stristr($out, 'no sockets found')) { $write_cnf = "echo 'log on' > {$cnf}; echo 'logfile {$log}' >> {$cnf}; echo 'logfile flush 5' >> {$cnf}"; $this->ssh->write("{$write_cnf}; screen -c {$cnf} -dmLS panel\n"); $out = $this->SSHRead($_SESSION['rprompt']); $this->ssh->write("screen -li | grep panel | cut -d'.' -f1\n"); $pid = $this->SSHRead($_SESSION['rprompt'], 0, 1); if ($pid and is_numeric($pid)) { $this->ssh->write("echo '{$pid}' > {$log}.pid\n"); } else { exit('PanelCommon->RemoteExec(): method: pscreen, non-numeric pid: ' . $pid); } $this->SSHRead($_SESSION['rprompt']); $_SESSION['pscreen'] = $_SESSION['pscreen2'] = $rand; return $pid; } else { // get pid of running screen named 'panel' // $screenPID = 'screen -li | grep panel | sed -e "s/^[ \t]*//" | cut -d"." -f1'; // get config file of screen with specified pid // $screenCONF = 'ps aux | grep screen | grep $('.$screenPID.') | tr -s " " | cut -d" " -f13'; // get $rand from logfile // $screenRAND = 'cat $('.$screenCONF.') | grep "logfile /" | cut -d"/" -f3 | | cut -d"_" -f2'; // below is on long command to do the above action, you have to use bash vars, you cannot nest $() like you would think $cmd_get_rand = 'pid=$(screen -li | grep panel | sed -e "s/^[ \\t]*//" | cut -d"." -f1); conf=$(ps aux | grep screen | grep $pid | tr -s " " | cut -d" " -f13); echo $(cat $conf | grep "logfile /" | cut -d"/" -f3 | cut -d"_" -f2)'; //if (! $_SESSION['pscreen'] AND $_SESSION['pscreen2']) $_SESSION['pscreen'] = $_SESSION['pscreen2']; //else if (! $_SESSION['pscreen2']) //{ //$this->ssh->write("cat {$c} | grep 'logfile /' | cut -d'/' -f3 | | cut -d'_' -f2\n"); $this->ssh->write($cmd_get_rand . "\n"); $out = $this->SSHRead($_SESSION['rprompt'], 0, 1); //exit($out); $_SESSION['pscreen'] = $_SESSION['pscreen2'] = $out; //} $cmd1 = $cmd2 = ''; if (strstr($cmd, '----')) { list($cmd1, $cmd2) = explode('----', $cmd, 2); } $cmd_do_rtn = 'screen -S panel -p 0 -X stuff "' . $cmd . '$(echo -ne \'\\015\')"'; $cmd_no_rtn = 'screen -S panel -p 0 -X stuff "' . $cmd . '"'; $cmd = $cmd2 === 'noenterkey' ? $cmd_no_rtn : $cmd_do_rtn; $this->ssh->write($cmd . "\n"); $this->SSHRead($_SESSION['rprompt']); return 'send: ' . $cmd; } } } } else { if (strstr($cmd, 'ls ')) { $this->ssh->write("{$cmd}{$this->filter_colors}\n"); } else { $this->ssh->write("{$cmd}\n"); } if ($method === 'pscreen') { $this->ssh->write("echo -n '{$_SESSION['pscreen']}'\n"); $out = $this->SSHRead($_SESSION['pscreen'] . $_SESSION['rprompt'], 0, 1); $out = $this->MakeSingleSpace($out); $out = str_replace("{$_SESSION['rprompt']} echo -n '{$_SESSION['pscreen']}'", '', $out); return trim($out); } } $out = $this->SSHRead($_SESSION['rprompt']); if ($is_ansi) { $ansi = new File_ANSI(); if ($cmd === 'top') { $this->ssh->write('u'); $this->ssh->write("{$user}\n"); $out = $this->SSHRead($_SESSION['rprompt']); $ansi->appendString(trim($out)); $out = htmlspecialchars_decode(strip_tags($ansi->getScreen())); $this->ssh->write('q'); $this->SSHRead($_SESSION['rprompt']); } return $this->SSHClean($out); } else { $out = $this->SSHClean($out); return $out; } }
$cmdRcon = $_GET['cmd']; // We prepare and we send the command into the screen $cmd = "screen -S " . $session . " -p 0 -X stuff \"" . $cmdRcon . "\"`echo -ne '\r'`"; $ssh->exec($cmd . "\n"); unset($cmd); // Adding event to the database $message = 'RCON command (' . mysql_real_escape_string($cmdRcon) . ') sent to : ' . mysql_real_escape_string($server['name']); query_basic("INSERT INTO `" . DBPREFIX . "log` SET `serverid` = '" . $serverid . "', `message` = '" . $message . "', `name` = '" . mysql_real_escape_string($_SESSION['adminfirstname']) . " " . mysql_real_escape_string($_SESSION['adminlastname']) . "', `ip` = '" . $_SERVER['REMOTE_ADDR'] . "'"); unset($cmdRcon); header('Location: utilitiesrcontool.php?serverid=' . urlencode($serverid)); die; } // We retrieve screen contents $ssh->write("screen -R " . $session . "\n"); $ssh->setTimeout(1); @$ansi->appendString($ssh->read()); $screenContents = htmlspecialchars_decode(strip_tags($ansi->getScreen())); $ssh->disconnect(); unset($session); include "./bootstrap/header.php"; /** * Notifications */ include "./bootstrap/notifications.php"; ?> <script type="text/javascript"> $(document).ready(function() { prettyPrint(); }); </script> <div class="page-header">
public function checkDeviceFW($deviceID = false) { global $db_CS; global $access; global $allowedParams; global $allowedGroupsDeviceList; global $allowedGroupsArray; $deviceID = isset($_REQUEST['deviceID']) ? htmlspecialchars($_REQUEST['deviceID']) : $deviceID; $sql = "SELECT tLastAliveIP,tDeviceVPNName,tDeviceFirmware,tRootPwd FROM DeviceList WHERE id = '{$deviceID}'"; $db_CS->autocommit(FALSE); $data["rstatus"] = false; if ($rs = $db_CS->query($sql)) { if ($connection = $rs->fetch_assoc()) { set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/html/sacp/includes/phpseclib'); include 'Net/SSH2.php'; include 'File/ANSI.php'; $data["tDeviceVPNName"] = $connection["tDeviceVPNName"]; if (filter_var($connection["tLastAliveIP"], FILTER_VALIDATE_IP)) { $ssh = new Net_SSH2($connection["tLastAliveIP"], '22'); if (!$ssh->login('root', $connection["tRootPwd"])) { $host_connected = false; $data["result"] = "Auth failed!"; $data["alert_type"] = "danger alert"; } else { // WE GOT A CONNECTION ! $ansi = new File_ANSI(); $ssh->enablePTY(); $fwCMD = "cat /http/default/_version.php | grep 'define' | grep 'PRODUCT_VERSION' | awk -F ',' '{print \$2}' | sed 's/[^[:alnum:]\\.[:space:]]\\+//g'"; $ssh->exec($fwCMD); $ansi->appendString($ssh->read()); $response["cmdOutput"] = htmlspecialchars_decode(strip_tags($ansi->getHistory())); if ($connection["tDeviceFirmware"] != $response["cmdOutput"]) { $sql = "UPDATE DeviceList\n\t\t\t\t\t\t\t\t\tSET tDeviceFirmware = '" . $response["cmdOutput"] . "'\n\t\t\t\t\t\t\t\t\tWHERE id = '{$deviceID}'"; if ($db_CS->query($sql) && $db_CS->affected_rows > 0) { if ($this->updateDeviceHistoryMember($deviceID, 'tDeviceFirmware')) { $db_CS->commit(); $data["rstatus"] = true; $data["alert_type"] = "success alert"; $data["result"] = "FW updated from " . $connection["tDeviceFirmware"] . " to " . $response["cmdOutput"] . ""; } else { $data["rstatus"] = true; //$data["sql"] = $sql; $data["alert_type"] = "danger alert"; $data["result"] = 'Ошибка сохранения или такого устройства не существует'; } } } else { $data["rstatus"] = true; $data["alert_type"] = "success alert"; $data["result"] = "FW is up to date! (Answer: " . addslashes($response["cmdOutput"]) . ")"; } } } else { $data["result"] = "Wrong IP! (" . $connection["tLastAliveIP"] . ")"; } header('Content-Type: application/json'); echo json_encode($data); } } }