Login   Register  
PHP Classes
elePHPant
Icontem

File: lib/start.inc.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Roman Shneer  >  PHP Security Scanner  >  lib/start.inc.php  >  Download  
File: lib/start.inc.php
Role: Class source
Content type: text/plain
Description: Class source
Class: PHP Security Scanner
Stop security attacks blocking malicious values
Author: By
Last change:
Date: 1 year ago
Size: 14,072 bytes
 

Contents

Class file image Download
<?
/**
*Class Start - P.W.S.M.
*templates and auth functions
*Author Roman Shneer romanshneer@gmail.com
*1.02.2012
*Any changes at your risk and criminal responsibility
*/
eval(base64_decode('session_start();
Class Start{
var $db;

var $trust,$license_key;
	function chk_installation_login()
	{


	if(!$this->chk_config())$this->send2wisard();

	if(!$this->chk_db())$this->send2wisard();

	if(!$this->chk_user())$this->send2login();

	$this->trust=$this->chk_luser();
	#print $this->trust."<hr>";
	return true;
	}
    function chk_installation()
	{

	if(!$this->chk_config())$this->send2wisard();
	if(!$this->chk_db())$this->send2wisard();
     return true;
	}

	function send2login()
	{
    header("Location:login/");
	}
	function chk_config()
	{
	if(!file_exists("conf/config.php")&&!file_exists("../conf/config.php"))return false;
	else return true;
	}
	function chk_user()
	{
	if((isset($_SESSION['user']))||(isset($_SESSION['install'])&&($_SESSION['install']['step']==5)))
    	{
    	return true;
    	}else return false;
	}
	function chk_luser()
	{
	
	global $memcache_obj;
	$key_file='conf/license.php';
	if(!file_exists($key_file))$key_file='../conf/license.php';
	if(file_exists($key_file))
	{
	include_once $key_file;
	$this->license_key=$license_key;
	
	#print file_exists('/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']));
	if(file_exists('/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']))&&(file_get_contents('/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']))>0))
	{
	 
	#print file_get_contents('/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']));
	#die('/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']).'<hr>');
	$trust=file_get_contents('/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']));
	
	}else{
	$chk_url='http://romanshneer.info/pwsm/chk.php?key='.$license_key;
	#print $chk_url."<hr>";
	$answer=$this->request($chk_url);
	#die($answer."<hr>");
	$trust=(($answer=='true')?true:false);
	}

	}else $trust=false;

	$this->create_tmp_trust($trust);

	$this->trust=$trust;
	return $trust;
	}
	function create_tmp_trust($trust)
	{
	if(is_writable("/tmp/"))
	{
	$tmp_name='/tmp/trust_pwsm_'.urlencode($_SERVER['SERVER_NAME']);
	$f=fopen($tmp_name,"w+");
	$res=fwrite($f,$trust);
	fclose($f);
	#die($tmp_name);
	}
	}
	function chk_db()
	{

	if(isset($this->db))return $this->db;

    if(file_exists("conf/config.php"))
    {

    include_once("conf/config.php");

    include_once 'lib/'.$db_type.'/db.inc.php';

    }elseif(file_exists("../conf/config.php")){

    include_once("../conf/config.php");

    include_once '../lib/'.$db_type.'/db.inc.php';
    #die($db_type."XX<hr>");
    }

    $db=new DB($db_host,$db_name,$db_user,$db_pass);

    $this->db=$db;
#die($db);
    return $db;
	}
	function request($url){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$html=curl_exec($ch);curl_close($ch);return $html;}
	function send2wisard()
	{
	$arr=explode("/",$_SERVER['REQUEST_URI']);
	if(in_array('login',$arr))
	{
	array_pop($arr);array_pop($arr);
	}else{
	array_pop($arr);
	}
	$arr[]='install';
	$url_string=implode("/",$arr)."/";
	header("Location:".$url_string);
	}
	function login_form()
	{
	$html='';

		if(isset($_POST['name'])&&isset($_POST['password']))
		{
    	$db=$this->db;
    	$user=$db->ROW_Q("SELECT * FROM pwsm_users where name='".$db->Q($_POST['name'],1)."' AND pass='".md5($db->Q($_POST['password'],1))."'");

    	if($user)
    	{
    		$_SESSION['user']=$user;

    		header("Location:".substr($_SERVER['REQUEST_URI'],0,strlen($_SERVER['REQUEST_URI'])-6));
		exit();
    		#

    	}else{
    	$html.='<div class="message error">Wrong username or password</div>';
    	}

		}
  	$html.='<div class="box" style="margin:0 auto;width:300px;"><form action="" method="POST">
			<table>
  			<tr><td colspan=2>'.$this->draw_sign4ie("UserName").'<input type="text" name="name"  placeholder="UserName"  id="user_name"></td></tr>
  			<tr><td colspan=2>'.$this->draw_sign4ie("Password").'<input type="password" name="password" placeholder="Password"  id="user_password"></td></tr>
  			<tr><td><input type="submit" value="SignIn" class="green_cl btn"></td><td><a href="login/?act=restore" class="gray_cl btn">Restore password</a></td></tr>
  			</table></form></div>';
  	return $html;
	}
	function draw_sign4ie($placeholder)
	{
	 if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false))
	 {
	      return "<b>".$placeholder."</b> ";
	 }
	}
	function restorenow_form($key)
	{
	$sql="SELECT  * FROM pwsm_users WHERE md5(CONCAT(CONCAT(name,email),created))='".$this->db->Q($key)."' AND chg_pass_time>".strtotime("-2 hours");

	$user=$this->db->ROW_Q($sql);
	if(isset($_POST['op']))
		{
		$this->db->QUERY("UPDATE pwsm_users SET pass='".md5($_POST['password1'])."' WHERE id=".$user['id']);
		$html='<div>Password changed, now try go to login page <a href="login/">Back to Login page</a></div>';
		}else{
	$html='<form action="" method="POST" name="pass_chg"><table>' .
			'<tr><td>Type Password:</td><td><input type="password" name="password1"></td></tr>' .
			'<tr><td>ReType Password:</td><td><input type="password" name="password2"></td></tr>' .
			'<tr><td colspan=2><input type="submit" name="op" value="update" onClick="return chk_pass_chg_form();"></td></tr>' .

			'</table></form>';
		}
	return $html;
	}
    function  restore_form()
    {
    $html='';
    if(isset($_POST['email']))
    {
    	$sql="SELECT * FROM pwsm_users WHERE email='".$this->db->Q($_POST['email'])."'";
    	$user=$this->db->ROW_Q($sql);
    	if($user['id'])
    	{
    	$subject="You( or somebody) try use module forget password on system PSS of ".$_SERVER['SERVER_NAME']." SERVER";
    	$body="You( or somebody) try use module forget password on system PSS of ".$_SERVER['SERVER_NAME']." SERVER<br>";
    	$body.="If it's true, continue with temporary secure link for change password is valid 2 hours<br>";
    	$body.=$this->create_secure_forgot_link($user);
    	#die($body);
    	mail($user['email'],$subject,$body);
    	$this->db->QUERY("UPDATE pwsm_users SET chg_pass_time=".time()." WHERE id=".$this->db->Q($user['id']));
    	$html.='<div class="message"><b>E-mail sended, please check your incoming box<br><a href="login/">Back to Login page</a></b></div>';    	$sended=true;
    	}else{
    	$html.='<div class="error">User not found!</div>';
    	}

    }
    if(!isset($sended))
    {
    $html.='<div class="box" style="width:400px;margin:0 auto;"><form action="" method="POST">
    		<table border=0 width="400">
  			<caption><b>Restore user password by email</b></caption>
  			<tr><td><input type="text" name="email" placeholder="User Email"></td></tr>
  			<tr><td><input type="submit" value="remember password" class="green_cl btn"></td><td><a href="login/">Back to Login page</a></td></tr>
  			</table></form></div>';

    }
  	return $html;
    }
    function create_secure_forgot_link($user)
	{
	#phpinfo();
	$url='http://'.$_SERVER['SERVER_NAME'].substr($_SERVER['REQUEST_URI'],0,strpos($_SERVER['REQUEST_URI'],"?"))."?act=restorenow&key=".md5($user['name'].$user['email'].$user['created']);
	return '<a href="'.$url.'">'.$url.'</a>';
	}
	function template_html($headers,$contents)
	{
#	print_r($_SERVER);
    $html='<html>
    <title>PHP Web Security Monitor - '.$headers['title'].'</title>

    <head>
    <META NAME=description CONTENT="'.$headers['description'].'">
    <META NAME=keywords CONTENT="'.$headers['keywords'].'">
    <META NAME=robots CONTENT="noindex,follow">
    ';
    if(file_exists("../conf/config.php"))
    {
    $html.='<link rel="stylesheet" type="text/css" href="../style.css.php" />
    <script language="JavaScript" src="../lib.js"></script>
    <link rel="icon" href="../favicon.ico" type="image/x-icon">
    <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon">';
    $html.='<base href="../">';
    }else{
    $html.='<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">';
    }
    $html.='
    <link rel="stylesheet" type="text/css" href="style.css.php" />
    
    <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
    <script language="JavaScript" src="lib.js"></script>';

    $html.='</head>
    <body>
	<div class="content">
    <div class="header"><a href="http://romanshneer.info/pwsm/"><img src="http://romanshneer.info/pwsm/logo1.png" class="logo"></a>
    <div><h1>PHP Web Security Monitor - '.$headers['title'].'</h1></div>
    '.(isset($headers['header'])?$headers['header']:'')
    .(($this->trust!=true)?'<h3 class="error"><a href="?q=about">Please buy software</a></h3>':'')
    .'</div>';
    if(count($contents))foreach($contents as $content)
    	$html.='<div class="row1">'.$content.'</div>';
    $html.='</div>
    <div class="footer">'.$headers['footer'].'</div>
    </body></html>';

    return $html;
	}
	function template_html4install($contents)
	{
    $html='<html>
    <title>PHP Web Security Monitor - Installation Wisard</title>

    <head>
    <META NAME=robots CONTENT="noindex,follow">
    ';
    $headers['footer']='Copiright 2012,PHP Web Security Monitor   <a href="mailto:shaman33@gmail.com">Contact</a>';
    $html.='
    <link rel="stylesheet" type="text/css" href="../style.css" />
    <script language="JavaScript" src="../lib.js"></script>
    </head>
    <body>
    <div class="header"><a href="http://romanshneer.info/pwsm/" title="PHP Web Security Monitor"><img src="http://romanshneer.info/pwsm/logo1.png" class="logo" title="PHP Web Security Monitor" alt="PHP Web Security Monitor"></a>
    <h1>PHP Web Security Monitor - Installation Wisard</h1></div>
    <div class="content">';
    if(count($contents))foreach($contents as $content)
    	$html.='<div class="row">'.$content.'</div>';
    $html.='</div>
    <div class="footer">'.$headers['footer'].'</div>
    </body></html>';

    return $html;
	}
	function letter_from_past()
	{
		if(isset($_SESSION['error']))
		{
		$msg=$_SESSION['error'];
        unset($_SESSION['error']);
        return $msg;
		}
		if(isset($_SESSION['msg']))
		{
		$msg=$_SESSION['msg'];
        unset($_SESSION['msg']);
        return $msg;
		}
		return false;
	}


}'));
?>