eurysco

eurysco is a free and open source project based on PHP language, in order to enhance and simplify the remote administration of Microsoft operating systems with an intuitive, fast and responsive web interface

view my linkedin profileview my linkedin profile :)

Privacy Policy
     

Total sweet donations $23
Help me to support eurysco (^_^) !

Source auth





0001 <?php
0002 
0003 if ($_SERVER['SCRIPT_NAME'] == '/index.php' || $_SERVER['SCRIPT_NAME'] == '/connect.php') { echo '<euryscoServer>' . "\n"; }
0004 
0005 $badaut = scandir($euryscoinstallpath . '\\badaut\\server\\');
0006 if (count($badaut) > 22 && $_SERVER['HTTP_X_FORWARDED_FOR'] != '127.0.0.1' && $_SERVER['HTTP_X_FORWARDED_FOR'] != '::1') {
0007 	if ($_SERVER['SCRIPT_NAME'] == '/index.php') {
0008 		echo '<connectionstatus>eurysco Server &#x25cf; ' . strtolower($envcomputername) . ' &#x25cf; Forbidden Authentication</connectionstatus>' . "\n";
0009 		echo '</euryscoServer>';
0010 	}
0011 	exit;
0012 }
0013 
0014 $realm = '';
0015 $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
0016 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
0017 
0018 if (file_exists($euryscoinstallpath . '\\conf\\config_server.xml')) {
0019 	$userxml = simplexml_load_string(base64_decode(base64_decode(base64_decode(file_get_contents($euryscoinstallpath . '\\conf\\config_server.xml', true)))));
0020 	$usersusername = $userxml->settings->username;
0021 	$usersusertype = $userxml->settings->usertype;
0022 	$userspassword = $userxml->settings->password;
0023 	$users["$usersusername"] = "$userspassword";
0024 }
0025 	
0026 if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
0027 	header('HTTP/1.1 401 Unauthorized');
0028 	header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . hash('whirlpool', uniqid()) . '",opaque="' . hash('sha512', $realm) . '"');
0029 	if ($_SERVER['SCRIPT_NAME'] == '/index.php' || $_SERVER['SCRIPT_NAME'] == '/connect.php') {
0030 		echo '<connectionstatus>eurysco Server &#x25cf; ' . strtolower($envcomputername) . ' &#x25cf; Authentication Required</connectionstatus>' . "\n";
0031 		echo '</euryscoServer>';
0032 	}
0033 	exit;
0034 }
0035 
0036 if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])) {
0037 	header('HTTP/1.1 401 Unauthorized');
0038 	header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . hash('whirlpool', uniqid()) . '",opaque="' . hash('sha512', $realm) . '"');
0039 	if ($_SERVER['SCRIPT_NAME'] == '/index.php' || $_SERVER['SCRIPT_NAME'] == '/connect.php') {
0040 		echo '<connectionstatus>eurysco Server &#x25cf; ' . strtolower($envcomputername) . ' &#x25cf; Authentication Error</connectionstatus>' . "\n";
0041 		echo '</euryscoServer>';
0042 	}
0043 	failBlk ();
0044 	exit;
0045 }
0046 
0047 $mcrykey = pack('H*', hash('sha256', $usersusertype));
0048 $A1 = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $mcrykey, substr(base64_decode($users[$data['username']]), $iv_size), MCRYPT_MODE_CBC, substr(base64_decode($users[$data['username']]), 0, $iv_size)));
0049 $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
0050 $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
0051 
0052 if ($data['response'] != $valid_response) {
0053 	header('HTTP/1.1 401 Unauthorized');
0054 	header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . hash('whirlpool', uniqid()) . '",opaque="' . hash('sha512', $realm) . '"');
0055 	if ($_SERVER['SCRIPT_NAME'] == '/index.php' || $_SERVER['SCRIPT_NAME'] == '/connect.php') {
0056 		echo '<connectionstatus>eurysco Server &#x25cf; ' . strtolower($envcomputername) . ' &#x25cf; Authentication Error</connectionstatus>' . "\n";
0057 		echo '</euryscoServer>';
0058 	}
0059 	failBlk ();
0060 	exit;
0061 }
0062 
0063 function http_digest_parse($txt) {
0064 	$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
0065 	$data = array();
0066 	$keys = implode('|', array_keys($needed_parts));
0067 
0068 	preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
0069 
0070 	foreach ($matches as $m) {
0071 		$data[$m[1]] = $m[3] ? $m[3] : $m[4];
0072 		unset($needed_parts[$m[1]]);
0073 	}
0074 
0075 	return $needed_parts ? false : $data;
0076 }
0077 
0078 function failBlk () {
0079 	$fp = fopen(str_replace('\\server', '', $_SERVER['DOCUMENT_ROOT']) . '\\badaut\\server\\' . md5($_SERVER['HTTP_X_FORWARDED_FOR']) . '.txt', 'w');
0080 	fwrite($fp, 'UTC ' . date('Y-m-d H:i:s', time()) . ' - IP: ' . $_SERVER['HTTP_X_FORWARDED_FOR'] . PHP_EOL);
0081 	fclose($fp);
0082 }
0083 
0084 $badautipdc = strtotime(date('Y-m-d H:i:s', time()));
0085 $badaut = scandir($euryscoinstallpath . '\\badaut\\server\\');				
0086 foreach($badaut as $badautip)
0087 if($badautip != '.' && $badautip != '..') {
0088 	if ((($badautipdc - (strtotime(date('Y-m-d H:i:s', filemtime($euryscoinstallpath . '\\badaut\\server\\' . $badautip))))) / 60 / 60) > 24) {
0089 		unlink($euryscoinstallpath . '\\badaut\\server\\' . $badautip);
0090 	}
0091 }
0092 
0093 if ($_SERVER['SCRIPT_NAME'] == '/index.php' || $_SERVER['SCRIPT_NAME'] == '/connect.php') { echo '<connectionstatus>eurysco Server &#x25cf; ' . strtolower($envcomputername) . ' &#x25cf; Connection Successful</connectionstatus>'; }
0094 
0095 ?>