Home Explore Help
Sign In
yosoyhendrix
/
Module-Util
mirror of https://github.com/OpenGamePanel/Module-Util
1
0
Fork 0
Files Issues 0 Wiki
Tree: bf2c41c3f8
Branches Tags
Module-Util
/
modules
/
util
/
network_tools.php

network_tools.php 3.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. <?php
    2. 

  2. /*
    3. 

  3.  *
    4. 

  4.  * OGP - Open Game Panel
    5. 

  5.  * Copyright (C) 2008 - 2018 The OGP Development Team
    6. 

  6.  *
    7. 

  7.  * http://www.opengamepanel.org/
    8. 

  8.  *
    9. 

  9.  * This program is free software; you can redistribute it and/or
    10. 

  10.  * modify it under the terms of the GNU General Public License
    11. 

  11.  * as published by the Free Software Foundation; either version 2
    12. 

  12.  * of the License, or any later version.
    13. 

  13.  *
    14. 

  14.  * This program is distributed in the hope that it will be useful,
    15. 

  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    17. 

  17.  * GNU General Public License for more details.
    18. 

  18.  *
    19. 

  19.  * You should have received a copy of the GNU General Public License
    20. 

  20.  * along with this program; if not, write to the Free Software
    21. 

  21.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
    22. 

  22.  *
    23. 

  23.  */
    24. 

  24. require 'includes/lib_remote.php';
    25. 

  25. function exec_ogp_module() 
    26. 

  26. {
    27. 

  27. 	global $db;
    28. 

  28. 	include 'modules/util/util_config.php';
    29. 

  29. 	$userInfo = $db->getUserById($_SESSION['user_id']);
    30. 

  30. 	$userRole = $userInfo['users_role'];
    31. 

  31. 	
    32. 

  32. 	$command = trim($_POST['command']);
    33. 

  33. 	$target = trim($_POST['remote_target']);
    34. 

  34. 	
    35. 

  35. 	// Check if the specified agent exists. If it does, assign it to $servers. Otherwise, return that it's an invalid agent.
    36. 

  36. 	if(($server = $db->getRemoteServerById($_POST['agent'])) === false){
    37. 

  37. 		die(get_lang('agent_invalid'));
    38. 

  38. 	}
    39. 

  39. 	
    40. 

  40. 	$remote = new OGPRemoteLibrary($server['agent_ip'], $server['agent_port'], $server['encryption_key'], 60);
    41. 

  41. 	
    42. 

  42. 	if($remote->status_chk() === 0){
    43. 

  43. 		echo get_lang('networktools_agent_offline');
    44. 

  44. 	}elseif(empty($target)){
    45. 

  45. 		echo get_lang('target_empty');
    46. 

  46. 	}elseif(empty($command)){
    47. 

  47. 		echo get_lang('command_empty');
    48. 

  48. 	}else{
    49. 

  49. 		$os = preg_match("/CYGWIN/", $remote->what_os()) ? 'windows' : 'linux';
    50. 

  50. 		
    51. 

  51. 		// Loop over $availableCommands from util_config.php
    52. 

  52. 		// Assign a variable, $allowAccess based on the current user's role and if the config file states the user's role is allowed access to this command.
    53. 

  53. 		for($x = 0; $x < count($availableCommands); ++$x){
    54. 

  54. 			if($availableCommands[$x]['title'] == $command){
    55. 

  55. 				$command = $availableCommands[$x][$os];
    56. 

  56. 				$allowAccess  = $availableCommands[$x][$userRole];
    57. 

  57. 			}
    58. 

  58. 		}
    59. 

  59. 		
    60. 

  60. 		if(isset($allowAccess) && $allowAccess === true){
    61. 

  61. 			// Check the command is available to us. If it's not, echo command_unavilable
    62. 

  62. 			$which = $remote->exec('which '.$command);
    63. 

  63. 			if(empty($which)){
    64. 

  64. 				echo get_lang('command_unavilable');
    65. 

  65. 			}else{
    66. 

  66. 				// Not completely necessary - gethostbyaddr(gethostbyname()) will return false if it's anything that's not valid.
    67. 

  67. 				// This is mostly for logging attempted arbitrary commands.
    68. 

  68. 				if(strpbrk($target, $blockedCharacters)){
    69. 

  69. 					if($logMaliciousUsage){
    70. 

  70. 						$db->logger(get_lang_f('command_bad_characters', $command, htmlentities($target)));
    71. 

  71. 					}
    72. 

  72. 					echo get_lang('command_hacking_attempt');
    73. 

  73. 				}else{
    74. 

  74. 					$target = gethostbyaddr(gethostbyname($target));
    75. 

  75. 					if(!$target){
    76. 

  76. 						echo get_lang('target_invalid');
    77. 

  77. 					}else{
    78. 

  78. 						$exec = $remote->exec($command.' '.$target);
    79. 

  79. 						echo ($exec === null) ? get_lang('exec_failed') : htmlentities(trim($exec));
    80. 

  80. 						if($logAllUsage){
    81. 

  81. 							$db->logger(get_lang_f('command_executed', $command, htmlentities($target)));
    82. 

  82. 						}
    83. 

  83. 					}
    84. 

  84. 				}
    85. 

  85. 			}
    86. 

  86. 		}else{
    87. 

  87. 			// If the user isn't allowed access but they've somehow got this far then they've changed the value="" attr.
    88. 

  88. 			// return with command_no_permissions and log the event.
    89. 

  89. 			echo get_lang('command_no_access');
    90. 

  90. 			if($logMaliciousUsage){
    91. 

  91. 				$db->logger(get_lang_f('command_no_permissions', $command, htmlentities($target)));
    92. 

  92. 			}
    93. 

  93. 		}	//else allowAccess
    94. 

  94. 	}
    95. 

  95. }
    96. 

  96. ?>
    97.