initial upload of Dracker code

syphon1c · Nov 18, 2013 · 55438eb · 55438eb
1 parent 814e202
commit 55438eb
Show file tree

Hide file tree

Showing 209 changed files with 53,927 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,8 @@
+Dracker is a simple application written in PHP, used to do some basic tracking of MS Word documents. It is possible to use Dracker to:
+
+    - Track sensitive documents within your organisation (or externally depends where you setup it up)
+    - Create "honey pot" documents that should never be opened, placed in sensitive shares
+
+More details can be found at:
+
+    http://
diff --git a/SMTP.php b/SMTP.php
@@ -0,0 +1,73 @@
+<?php
+/**
+* Description of SMTP.php
+* version: 1.0
+* package: Dracker - Track and Trace
+* copyright: Copyright (C) 2013 Gareth Phillips. All rights reserved.
+* license: GNU/GPL, see license.htm.
+*
+* This file is part of the Dracker project.
+*
+* Dracker is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, under version 3 of the License.
+*
+* Dracker is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Dracker. If not, see <http://www.gnu.org/licenses/>.
+*
+* @author GPhillips
+**/
+
+include_once 'configs/DatabaseConnection.php';
+include_once 'configs/EncryptionKey.php';
+include_once 'inc/swiftmailer/lib/swift_required.php';
+
+$connection = new DatabaseConnection();
+
+$querySMTPSettings = $connection->executeQuery("SELECT host, port, ssl_enc, username, aes_decrypt(password, '$encrypt_key') as password, sender_email, sender_name, sys_default FROM settings_smtp WHERE sys_default = \"1\"");
+while ($rowSMTP = mysql_fetch_array($querySMTPSettings)){
+    $smtp_host = $rowSMTP['host'];
+    $smtp_port = $rowSMTP['port'];
+    if(isset($rowSMTP['ssl_enc']) && $rowSMTP['ssl_enc'] == 1){
+        $ssl = 'yes';
+    }else{
+        $ssl = 'no';
+    }
+    if(strlen($rowSMTP['username'])){
+        $smtp_username = $rowSMTP['username'];
+    }
+    if(strlen($rowSMTP['password'])){
+        $smtp_password = $rowSMTP['password'];
+    }
+    $smtp_senderemail = $rowSMTP['sender_email'];
+    $smtp_sendername = $rowSMTP['sender_name'];
+}
+
+if ( isset ( $smtp_host ) AND isset ( $smtp_username ) AND isset ( $smtp_password ) ) {
+        if ( ! isset ( $smtp_port ) ) {
+            $smtp_port = 25;
+        }
+        if($ssl == "no"){
+            $transport = Swift_SmtpTransport::newInstance ( $smtp_host, $smtp_port )
+                -> setUsername ( $smtp_username )
+                -> setPassword ( $smtp_password )
+            ;
+        }else{
+            $transport = Swift_SmtpTransport::newInstance ( $smtp_host, $smtp_port, 'tls' )
+                -> setUsername ( $smtp_username )
+                -> setPassword ( $smtp_password )
+            ;
+        }
+    }
+    if ( isset ( $smtp_host ) AND ! isset ( $smtp_username ) AND ! isset ( $smtp_password ) ) {
+        if($ssl == "no"){
+            $transport = Swift_SmtpTransport::newInstance ( $smtp_host, $smtp_port );
+        }else{
+            $transport = Swift_SmtpTransport::newInstance ( $smtp_host, $smtp_port, 'tls' );
+        }
+    }
diff --git a/account_reset.php b/account_reset.php
@@ -0,0 +1,142 @@
+<?php
+/**
+ *  Description of account_reset.php
+ * 
+ * @author GPhillips
+ */
+
+include_once 'configs/DatabaseConnection.php';
+
+ini_set("session.cookie_httponly", 1);
+
+// Adds X-Frame-Options to HTTP header, so that page cannot be shown in an iframe.
+header('X-Frame-Options: DENY');
+
+// Adds X-Frame-Options to HTTP header, so that page can only be shown in an iframe of the same site.
+header('X-Frame-Options: SAMEORIGIN');
+
+session_set_cookie_params($httponly = True);
+
+function cleanInput($input) {
+    $search_input = array(
+        '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
+        '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
+        '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
+        '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
+    );
+    $output = preg_replace($search_input, '', $input);
+    return $output;
+}
+
+function sanitize($input) {
+    if (is_array($input)) {
+        foreach($input as $var=>$val) {
+            $output[$var] = sanitize($val);
+        }
+    }
+    else {
+        if (get_magic_quotes_gpc()) {
+            $input = stripslashes($input);
+        }
+        $input  = cleanInput($input);
+        $connection = new DatabaseConnection();
+        $output = mysql_real_escape_string($input);
+    }
+    return $output;
+}
+
+
+if(isset($_GET['key'])) {
+    $token_key=$_GET['key'];
+    $token_key=sanitize($token_key);
+
+    $set_key="";
+    $connection = new DatabaseConnection();
+    $queryUserAccount = $connection->executeQuery("SELECT * FROM reset_accounts WHERE key_token = '$token_key'");
+    while ($rowAccountDetails = mysql_fetch_array($queryUserAccount)){
+        $uid=$rowAccountDetails['uid'];
+        $cid=$rowAccountDetails['cid'];
+        $set_email=$rowAccountDetails['email'];
+        $set_key=$rowAccountDetails['key_token'];
+
+        if($set_key=""){
+            header("location:index.php");
+        }
+    }
+}
+
+
+?>
+<html>
+ <head>
+   <meta charset="utf-8"> 
+   <title>Dracker Account Reset</title> 
+   <link href="css/login.css" rel="stylesheet" media="screen">
+   <link href="css/bootstrap-modal.css" rel="stylesheet">
+   <link href="css/bootstrap-responsive.css" rel="stylesheet">
+ </head>
+
+<body>
+
+<div class="navbar navbar-fixed-top">
+  <div class="navbar-inner">
+    <div class="container">
+      <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+      </a>
+      <a href="#" class="brand">Track and Trace Documents</a>
+      <div class="nav-collapse">
+      </div>
+    </div>
+  </div>
+</div>
+
+<div class="header"></div>
+
+<div class="main">
+    <div class="mid-container wrapper">
+  <h1 class="title">Dracker</h1>
+
+<form name="login" id="login"class="form-signin" method="post" action="login.php?msg=3">
+    <ul class="fields">
+      <li>
+        <input autocomplete="off" id="email_reset" name="email_reset" placeholder="email address" type="text" required />
+      </li>
+      <li>
+        <input autocomplete="off" id="mypassword_reset" name="mypassword_reset" placeholder="new password" type="password" required/>
+        <input autocomplete="off" id="key_reset" name="key_reset" placeholder="new password" type="hidden" value="<?echo $token_key?>"/>
+      </li>
+    </ul>
+
+    <div class="mid-form">
+      <input class="btn-flat inverse large pull-right" name="commit" type="submit" value="Reset" />
+     	<br> 
+    </div>
+  </form>
+</div>
+</div>
+
+<style>
+#ResetPass {
+       width: 500px; 
+       margin: -240px 0 0 -250px; 
+}
+</style>
+
+<div class="modal container hide fade" id="ResetPass" tabindex="-1" role="dialog" aria-labelledby="ResetPassLabel" aria-hidden="true">
+    <div class="modal-body">
+        <p>Loading...</p>
+    </div>
+</div>
+
+
+</body>
+
+<script type="text/javascript" src="js/bootstrap.js"></script>
+<script type="text/javascript" src="js/jquery.js"></script>
+<script type="text/javascript" src="js/bootstrap-modal.js"></script>
+<script type="text/javascript" src="js/bootstrap-modalmanager.js"></script>
+
+</html>
diff --git a/checklogin.php b/checklogin.php
@@ -0,0 +1,103 @@
+<?php
+
+/**
+ * Description of checklogin.php
+ *
+ * @author GPhillips
+ */
+
+session_start();
+session_regenerate_id(true);
+
+include_once 'configs/DatabaseConnection.php';
+$connection = new DatabaseConnection();
+
+// username and password sent from form
+$myusername=$_POST['myusername'];
+$mypassword=$_POST['mypassword'];
+
+function cleanInput($input) {
+    $search_input = array(
+        '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
+        '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
+        '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
+        '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
+    );
+    $output = preg_replace($search_input, '', $input);
+    return $output;
+}
+
+function sanitize($input) {
+    if (is_array($input)) {
+        foreach($input as $var=>$val) {
+            $output[$var] = sanitize($val);
+        }
+    }
+    else {
+        if (get_magic_quotes_gpc()) {
+            $input = stripslashes($input);
+        }
+        $input  = cleanInput($input);
+        $connection = new DatabaseConnection();
+        $output = mysql_real_escape_string($input);
+    }
+    return $output;
+}
+
+
+// To protect MySQL injection (more detail about MySQL injection)
+$myusername = sanitize($myusername);
+$mypassword = sanitize($mypassword);
+$pass = md5($mypassword);
+
+$session = session_id();
+$time = time(); 
+
+$sql = "SELECT * FROM user_account WHERE username='$myusername' and password='$pass'";
+$result = $connection->executeQuery($sql);
+
+// Mysql_num_row is counting table row
+$count = mysql_num_rows($result);
+
+// If result matched $myusername and $mypassword, table row must be 1 row
+
+if($count==1){
+
+  $row = mysql_fetch_array($result);
+  $username = $row['username'];
+  $uid = $row['id'];
+  sanitize($session);
+
+  $ipaddress = getenv('REMOTE_ADDR');
+
+  $new_session = "INSERT INTO loggedin (session, uid, username, time)VALUES('$session', '$uid', '$username', '$time')";
+  $connection->executeQuery($new_session);
+
+  // Register $myusername, $mypassword and redirect to file "login_success.php"
+  $_SESSION['myusername'] = $myusername;
+  $_SESSION['mypassword'] = $pass;
+  //session_register("myusername");
+  //session_register("mypassword");
+  ini_set("session.cookie_httponly", 1); //Set cookie into HTTPOnly mode
+
+  $message = "Username: <b>" . $username. "</b> logged in successfully!<br>
+              Source IP Address is: <b>" .$ipaddress . "</b><br>
+              Client Account ID:<b>" . $clientid . "</b> with role:<b>" . $role . "</b>";
+
+  $connection->executeQuery("INSERT INTO Logs VALUES(NULL, 'Notice', 'New', '$username', 'login.php', '$message', NULL)");
+  $connection->closeConnection();
+
+  header("location:view_results.php");
+
+} else {
+  $ipaddress = getenv('REMOTE_ADDR');
+  $message = "Username: <b>" . $myusername. "</b> failed to login!<br>
+              Source IP Address is: <b>" .$ipaddress . "</b><br>
+              ";
+
+  $connection->executeQuery("INSERT INTO Logs VALUES(NULL, 'Warning', 'New', '$myusername', 'login.php', '$message', NULL)");
+  $connection->closeConnection();
+  header("location:login.php?msg=1");
+}
+?>
+