eurysco

eurysco is a free and open source project based on PHP language, in order to enhance and simplify the remote administration of Microsoft operating systems with an intuitive, fast and responsive web interface

view my linkedin profileview my linkedin profile :)

Privacy Policy
     

Total sweet donations $23
Help me to support eurysco (^_^) !

Source userscp





0001 <?php
0002 
0003 include(str_replace('\\server', '', $_SERVER['DOCUMENT_ROOT']) . '\\include\\init_server.php');
0004 
0005 if (!isset($_POST['usr'])) { exit; }
0006 if (!isset($_POST['pwd'])) { exit; }
0007 
0008 $action = '';
0009 if (isset($_POST['act'])) {
0010 	$action = $_POST['act'];
0011 }
0012 
0013 $reconcileuser = '';
0014 if (isset($_POST['rus'])) {
0015 	$reconcileuser = $_POST['rus'];
0016 }
0017 
0018 $reconcilepass = '';
0019 if (isset($_POST['rpw'])) {
0020 	$reconcilepass = $_POST['rpw'];
0021 }
0022 
0023 set_time_limit(10);
0024 
0025 if (isset($_POST['lgn'])) {
0026 	if (!file_exists($euryscoinstallpath . '\\users\\' . base64_decode($_POST['usr']) . '.xml')) {
0027 		exit;
0028 	} else {
0029 		$userxml = simplexml_load_string(base64_decode(base64_decode(base64_decode(file_get_contents($euryscoinstallpath . '\\users\\' . base64_decode($_POST['usr']) . '.xml'), true))));
0030 		if ($userxml->settings->userauth == hash('sha512', base64_decode($_POST['usr']) . 'Distributed')) {
0031 			$usersusertype = $userxml->settings->usertype;
0032 			$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
0033 			$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
0034 			$mcrykey = pack('H*', hash('sha256', $usersusertype));
0035 			$A1 = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $mcrykey, substr(base64_decode($userxml->settings->password), $iv_size), MCRYPT_MODE_CBC, substr(base64_decode($userxml->settings->password), 0, $iv_size)));
0036 			$valid_response = md5($A1 . base64_decode($_POST['lgn']));
0037 			$lockedouttime = date('r');
0038 			$lockedoutcnam = $envcomputername;
0039 			$lockedoutsrip = $_SERVER['HTTP_X_FORWARDED_FOR'];
0040 			if (base64_decode($_POST['pwd']) != $valid_response) {
0041 				$passwlck = md5($userxml->settings->password . 3);
0042 				if ($userxml->settings->passwlck == md5($userxml->settings->password)) { $passwlck = md5($userxml->settings->password . 1); }
0043 				if ($userxml->settings->passwlck == md5($userxml->settings->password . 1)) { $passwlck = md5($userxml->settings->password . 2); }
0044 				if ($userxml->settings->passwlck == md5($userxml->settings->password . 2)) { $passwlck = md5($userxml->settings->password . 3); }
0045 				if (base64_decode($_POST['usr']) != 'Administrator') {
0046 					$xml = '<config>' . "\n" . '	<settings>' . "\n" . '		<username>' . $userxml->settings->username . '</username>' . "\n" . '		<usertype>' . $userxml->settings->usertype . '</usertype>' . "\n" . '		<userauth>' . $userxml->settings->userauth . '</userauth>' . "\n" . '		<password>' . $userxml->settings->password . '</password>' . "\n" . '		<passwchk>' . $userxml->settings->passwchk . '</passwchk>' . "\n" . '		<passwlck>' . $passwlck . '</passwlck>' . "\n" . '		<lckouttm>' . $lockedouttime . '</lckouttm>' . "\n" . '	0047 					$writexml = fopen($euryscoinstallpath . '\\users\\' . base64_decode($_POST['usr']) . '.xml', 'w');
0048 					fwrite($writexml, base64_encode(base64_encode(base64_encode($xml))));
0049 					fclose($writexml);
0050 				}
0051 			} else {
0052 				if ($userxml->settings->passwlck != md5($userxml->settings->password)) {
0053 					$xml = '<config>' . "\n" . '	<settings>' . "\n" . '		<username>' . $userxml->settings->username . '</username>' . "\n" . '		<usertype>' . $userxml->settings->usertype . '</usertype>' . "\n" . '		<userauth>' . $userxml->settings->userauth . '</userauth>' . "\n" . '		<password>' . $userxml->settings->password . '</password>' . "\n" . '		<passwchk>' . $userxml->settings->passwchk . '</passwchk>' . "\n" . '		<passwlck>' . md5($userxml->settings->password) . '</passwlck>' . "\n" . '		<lckouttm>' . $lockedouttime . '</lckouttm>' . 0054 					$writexml = fopen($euryscoinstallpath . '\\users\\' . base64_decode($_POST['usr']) . '.xml', 'w');
0055 					fwrite($writexml, base64_encode(base64_encode(base64_encode($xml))));
0056 					fclose($writexml);
0057 				}
0058 			}
0059 		}
0060 	}
0061 	exit;
0062 }
0063 
0064 if (!isset($_POST['xml'])) { exit; }
0065 
0066 if (base64_decode($action) == 'prereconcilepass' || base64_decode($action) == 'reconcilepass') {
0067 	$connusr = base64_decode($reconcileuser);
0068 	$connpwd = base64_decode($reconcilepass);
0069 } else {
0070 	$connusr = base64_decode($_POST['usr']);
0071 	$connpwd = base64_decode($_POST['pwd']);
0072 }
0073 
0074 $authresponse = '';
0075 $ch = curl_init();
0076 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
0077 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
0078 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT_MS, 10000);
0079 curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
0080 curl_setopt($ch, CURLOPT_USERPWD, $connusr . ':' . $connpwd);
0081 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
0082 curl_setopt($ch, CURLOPT_URL, 'https://127.0.0.1:' . $eurysco_coreport . '/userscp.php');
0083 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
0084 curl_setopt($ch, CURLOPT_POST, true);
0085 $data = array(
0086 	'ath' => base64_encode('Distributed'),
0087 	'xml' => $_POST['xml'],
0088 	'act' => $action,
0089 	'usr' => $_POST['usr']
0090 );
0091 curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
0092 $authresponse = curl_exec($ch);
0093 curl_close($ch);
0094 
0095 echo $authresponse;
0096 
0097 exit;
0098 
0099 ?>