PageRenderTime 47ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/0xSentinel/install.php

https://github.com/KinG-InFeT/0xSentinel
PHP | 186 lines | 168 code | 7 blank | 11 comment | 14 complexity | 4d05d25a6c599888255083909579a62b MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.  *
    4. 

  4.  * @project 0xSentinel
    5. 

  5.  * @author KinG-InFeT
    6. 

  6.  * @licence GNU/GPL
    7. 

  7.  *
    8. 

  8.  * @file install.php
    9. 

  9.  *
    10. 

  10.  * @link http://0xproject.netsons.org#0xSentinel
    11. 

  11.  *
    12. 

  12.  */
    13. 

  13.  
    14. 

  14. if(!(phpversion() >= '5.2.0')) {
    15. 

  15. 	die('<h2 align="center">In questo server è installata una versione di PHP invferiore alla 5.2.0, quindi 0xSentinel non potrà essere installato causa futuri maltunzionamenti!<br />
    16. 

  16. 		Si contatti l\'amministratore del server per aggiornare la versione di PHP installata sul server almeno alla 5.2.0</h2>');
    17. 

  17. }
    18. 

  18. 

  19. if(!(is_writable('./config.php')))
    20. 

  20. 	die("Il file config.php non ha i permessi di scrittura, impostarli a 777 per i server UNIX-Like");
    21. 

  21. 	
    22. 

  22. 

  23. if( isset($_GET['delete']) && $_GET['delete'] == 1 ) {
    24. 

  24. 	if( (unlink("install.php") == FALSE) || (unlink("rules.sql") == FALSE) ) {
    25. 

  25. 		die("<p align='center'><b>Unable to delete installation file</b><br>Please delete install.php and rules.sql manually for security reasons !</p>");
    26. 

  26. 	}else{
    27. 

  27. 		header("location: login.php");
    28. 

  28. 	}
    29. 

  29. }	
    30. 

  30. ?>
    31. 

  31. <html>
    32. 

  32. <head>
    33. 

  33. <title>0xSentinel Installation</title>
    34. 

  34. <link href="style.css" rel="stylesheet" type="text/css" />
    35. 

  35. <body>
    36. 

  36. <br />
    37. 

  37. <h1 align="center">0xSentinel Installation</h1><br />
    38. 

  38. <table width="100%" border="0" align="center">
    39. 

  39. <?php
    40. 

  40. if( isset($_POST['install']) == FALSE ){
    41. 

  41. ?>
    42. 

  42. <form method="POST">
    43. 

  43. 

  44. <table align="center" border="0" width="35%">
    45. 

  45. 		  <tbody><tr>
    46. 

  46. 		  <td width="100%"><div>Database Settings</div></td>
    47. 

  47. 		  </tr>
    48. 

  48. 		  </tbody></table>	<table align="center" border="0" width="35%">
    49. 

  49. 	<tbody><tr>
    50. 

  50. 		<td><div align="left"><b>Host</b></div></td>
    51. 

  51. 		<td><div align="right"><input name="host" type="text" width="150"></div></td>
    52. 

  52. 	</tr>
    53. 

  53. 	<tr>
    54. 

  54. 		<td><div align="left"><b>Username</b></div></td>
    55. 

  55. 		<td><div align="right"><input name="user" type="text" width="150"></div></td>
    56. 

  56. 	</tr>
    57. 

  57. 	<tr>
    58. 

  58. 		<td><div align="left"><b>Password</b></div></td>
    59. 

  59. 		<td><div align="right"><input name="pass" type="text" width="150"></div></td>
    60. 

  60. 	</tr>
    61. 

  61. 	<tr>
    62. 

  62. 		<td><div align="left"><b>Database name</b></div></td>
    63. 

  63. 		<td><div align="right"><input name="name" type="text" width="150"></div></td>
    64. 

  64. 	</tr>
    65. 

  65. 	</table>	
    66. 

  66. 	<br>
    67. 

  67. 	<table align="center" border="0" width="35%">
    68. 

  68. 		  <tbody><tr>
    69. 

  69. 		  <td width="100%"><div>General Settings</div></td>
    70. 

  70. 		  </tr>
    71. 

  71. 		  </tbody></table>	
    72. 

  72. 	<table align="center" border="0" width="35%">
    73. 

  73. 	<tbody><tr>
    74. 

  74. 		<td><div align="left"><b>Admin username</b></div></td>
    75. 

  75. 		<td><div align="right"><input name="admin_user" type="text" width="150"></div></td>
    76. 

  76. 	</tr>
    77. 

  77. 	<tr>
    78. 

  78. 		<td><div align="left"><b>Admin password</b></div></td>
    79. 

  79. 		<td><div align="right"><input name="admin_pass" type="password" width="150"></div></td>
    80. 

  80. 	</tr>
    81. 

  81. 	<tr>
    82. 

  82. 		<td><div align="left"><b>Admin email</b></div><br></td>
    83. 

  83. 		<td><div align="right"><input name="email" type="text" width="150"></div><br></td>
    84. 

  84. 	</tr>
    85. 

  85. 	<tr>
    86. 

  86. 		<td></td>
    87. 

  87. 		<td><div align="right"><input name="install" value="Install" type="submit"></div></td>
    88. 

  88. 	</tr>
    89. 

  89. </form>
    90. 

  90. <?php
    91. 

  91. }else{
    92. 

  92. 	$db_connect = @mysql_connect( $_POST['host'], $_POST['user'], $_POST['pass'] );
    93. 

  93. 	$db_select  = @mysql_select_db( $_POST['name'] );
    94. 

  94. 	
    95. 

  95. 	if(!$db_connect) {
    96. 

  96. 		die("<b>Errore durante la connessione al database MySQL</b><br>".mysql_errno()." : ".mysql_error());
    97. 

  97. 	} 
    98. 

  98. 	elseif(!$db_select) {
    99. 

  99. 		die("<b>Errore durante la selezione del database MySQL</b><br>".mysql_errno()." : ".mysql_error());
    100. 

  100. 	}
    101. 

  101. 

  102. 	if(!($fd = fopen( "config.php", "w+t" )))
    103. 

  103. 		die("Errore durante l'apertura sul file config.php<br /> Prego di controllare i permessi sul file!");
    104. 

  104. 

  105. 	if( !fwrite( $fd, "<?php\n"
    106. 

  106. 				 ."\t\$db_host = \"".trim($_POST['host'])."\";\n"
    107. 

  107. 				 ."\t\$db_user = \"".trim($_POST['user'])."\";\n"
    108. 

  108. 				 ."\t\$db_pass = \"".trim($_POST['pass'])."\";\n"
    109. 

  109. 				 ."\t\$db_name = \"".trim($_POST['name'])."\";\n"
    110. 

  110. 				 ."?>" ) ) {
    111. 

  111. 		die("Errore durante la scrittura del file config.php<br /> Prego di controllare i permessi sul file!");
    112. 

  112. 	}
    113. 

  113. 

  114. 	fclose($fd); 
    115. 

  115. 	
    116. 

  116. 	$query_create = "CREATE TABLE `0xSentinel_rules` (
    117. 

  117. 						`id` int(11) NOT NULL auto_increment,
    118. 

  118. 						`type` TEXT NOT NULL,
    119. 

  119. 						`regola` TEXT NOT NULL,
    120. 

  120. 						`descrizione` TEXT NOT NULL,
    121. 

  121. 						PRIMARY KEY  (`id`)
    122. 

  122. 					);";
    123. 

  123. 					
    124. 

  124.     $read_file = fopen("rules.sql","r");
    125. 

  125.     $dim_file  = filesize("rules.sql");
    126. 

  126.     $content   = fread($read_file,$dim_file);//contenuto
    127. 

  127.     fclose($read_file);
    128. 

  128. 

  129. 	mysql_query($query_create) or die(mysql_error());
    130. 

  130. 	mysql_query($content)      or die(mysql_error());
    131. 

  131. 	
    132. 

  132. 	$query_settings = "CREATE TABLE `0xSentinel_settings` (
    133. 

  133. 				`active` smallint(5) unsigned NOT NULL default 1,
    134. 

  134. 				`admin_user` TEXT NOT NULL,
    135. 

  135. 				`admin_pass` TEXT NOT NULL,
    136. 

  136. 				`email` TEXT NOT NULL,
    137. 

  137. 				`filter_get` smallint(5) unsigned NOT NULL default 1,
    138. 

  138. 				`filter_post` smallint(5) unsigned NOT NULL default 1,
    139. 

  139. 				`filter_cookie` smallint(5) unsigned NOT NULL default 1,
    140. 

  140. 				`filter_session` smallint(5) unsigned NOT NULL default 1,
    141. 

  141. 				`filter_ip` smallint(5) unsigned NOT NULL default 1,
    142. 

  142. 				`filter_csrf` smallint(5) unsigned NOT NULL default 1,
    143. 

  143. 				`filter_fpd` smallint(5) unsigned NOT NULL default 1,
    144. 

  144. 				`filter_scanner` smallint(5) unsigned NOT NULL default 1,
    145. 

  145. 				`email_notify` smallint(5) unsigned NOT NULL default 1
    146. 

  146. 			  );";
    147. 

  147. 			  
    148. 

  148. 	$query_settings_insert = "INSERT INTO `0xSentinel_settings` 
    149. 

  149. 						(`admin_user`, `admin_pass`, `email`) 
    150. 

  150. 						VALUES 
    151. 

  151. 						('".mysql_real_escape_string(trim($_POST['admin_user']))."', '".md5(trim($_POST['admin_pass']))."', '".mysql_real_escape_string(trim($_POST['email']))."');";
    152. 

    153. 

  153. 	mysql_query($query_settings)        or die(mysql_error());
    154. 

  154. 	mysql_query($query_settings_insert) or die(mysql_error());
    155. 

  155. 	
    156. 

  156. 	
    157. 

  157. 	$query_logs = "CREATE TABLE `0xSentinel_logs` (
    158. 

  158.     				`id` INT NOT NULL AUTO_INCREMENT ,
    159. 

  159.     				`pagina` TEXT NOT NULL ,
    160. 

  160.     				`query_string` TEXT NOT NULL ,
    161. 

  161.     				`type_attack` TEXT NOT NULL ,
    162. 

  162.     				`referer` TEXT NOT NULL ,
    163. 

  163.     				`ip` TEXT NOT NULL ,
    164. 

  164.     				`data` TEXT NOT NULL,
    165. 

  165.     				PRIMARY KEY  (`id`)
    166. 

  166. 				);";
    167. 

    168. 

  168. 	mysql_query($query_logs) or die(mysql_error());
    169. 

  169. 	
    170. 

  170. 	$query_ban_ip = "CREATE TABLE `0xSentinel_ban_ip` (
    171. 

  171.     	    			`id` INT NOT NULL AUTO_INCREMENT ,
    172. 

  172.     	    			`ip` TEXT NOT NULL ,
    173. 

  173.     	    			`motivazione` TEXT NOT NULL ,
    174. 

  174.           				`data` TEXT NOT NULL ,
    175. 

  175. 				        PRIMARY KEY  (`id`)
    176. 

  176. 				    );";
    177. 

    178. 

  178. 	mysql_query($query_ban_ip) or die(mysql_error());	
    179. 

  179. 	
    180. 

  180. 	print "\n<h3 align='center'><b><font color='green'>Installation succesfully completed</font></b>"
    181. 

  181. 	    . "\n<br />Click <a href='?delete=1'>here</a> to delete installation file .</h3>";
    182. 

  182. }
    183. 

  183. ?> 
    184. 

  184. </table>
    185. 

  185. </body>
    186. 

  186. </html>
    187. 

  187.