-
Notifications
You must be signed in to change notification settings - Fork 0
/
sibyl.php
executable file
·146 lines (130 loc) · 5.36 KB
/
sibyl.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php
/* Usage Examples:
*
* Check if current user is an ACSOC member:
* if(SIBYL::checkFlag(SIBYL::FLAG_MEMBER)) {}
*
*/
abstract class SIBYL {
// Permission Flags (flags higher than 0x00800000 requires local network connection)
const FLAG_MEMBER = 0x00000010;
const FLAG_ANIVOC = 0x00800000;
const FLAG_COMMITTEE = 0x01000000;
const FLAG_FINENCIAL = 0x40000000;
const FLAG_SYSTEM_ADMIN = 0x80000000;
// ACSoc IP match
const ACSOC_IP_REGEX = "/123\.255\.66\.131/";
// Permission Flags in an array
public static $pFlags;
// Exported SQL connection
public static $sibylSQL;
// Authenticated UID (null if not logged in), escaped for SQL usage.
public static $activeUID = NULL;
// Permissions for current user
public static $userPermission = 0;
// Degraded permissions for current user (due to non-local connection)
public static $userDegraded = 0;
// Display messege (response from SIBYL system)
public static $displayMessege = "";
// Check permission flag(s) for current user
public static function checkFlag($flag) {
if(is_null(self::$activeUID)) return FALSE;
if (self::$userPermission & $flag) return TRUE;
else return FALSE;
}
// Check degraded permission flag(s) for current user
public static function checkdDFlag($flag) {
if(is_null(self::$activeUID)) return FALSE;
if (self::$userDegraded & $flag) return TRUE;
else return FALSE;
}
// MAIN ***********************************************************************************
// NOTE: Do not call this outside sibyl.php
public static function mainFunction() {
// Get permission flag array
$sibylClass = new ReflectionClass('SIBYL');
self::$pFlags = $sibylClass->getConstants();
// Connect to DB
self::$sibylSQL = mysqli_connect ( "localhost", "sibyl", "", "sibyl" );
if (mysqli_connect_errno ()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error ();
exit ( 1 );
}
// Check auth status
if(isset($_COOKIE['sibylkey'])) {
$sibylKey = filter_input(INPUT_COOKIE, 'sibylkey', FILTER_VALIDATE_REGEXP,
array("options"=>array("regexp"=>"/^[A-F0-9]{32}$/i")));
if($sibylKey) {
$authQuery = mysqli_fetch_row ( mysqli_query ( self::$sibylSQL,
"SELECT `sessions`.`uid`,`ip`,`activity`,`permissions` FROM `sessions` LEFT JOIN `users` ON
`sessions`.`uid` = `users`.`uid` WHERE `token` = '$sibylKey'" ) );
if($authQuery[0]) {
$timeRemain = strtotime($authQuery[2]) + 1800/*30 mins*/ - strtotime('now');
if($authQuery[1] == $_SERVER['REMOTE_ADDR'] && $timeRemain > 0) {
mysqli_query ( self::$sibylSQL, "UPDATE `sessions` SET `activity` = '" . date("Y-m-d H:i:s") . "' WHERE `token` = '$sibylKey'" );
self::$activeUID = $authQuery[0];
$localNetwork = preg_match(self::ACSOC_IP_REGEX, $_SERVER['REMOTE_ADDR']);
for($i = 0; $i < 32; $i++) {
$flag = intval($authQuery[3]) & (1<<$i);
if($i > 23 && !$localNetwork) {
self::$userDegraded |= $flag;
} else {
self::$userPermission |= $flag;
}
}
self::$displayMessege = "Logged in as: " . $authQuery[0];
} else {
mysqli_query ( self::$sibylSQL, "DELETE FROM `sessions` WHERE `token` = '$sibylKey'" );
self::$displayMessege = "Session timed out"; /* or IP changed */
}
}
}
}
// Handel login/logout request
if($_SERVER ['REQUEST_METHOD'] == "POST") {
if(isset($_POST['sibyllogout']) && !is_null(self::$activeUID)) {
mysqli_query ( self::$sibylSQL, "DELETE FROM `sessions` WHERE `uid` = '" . self::$activeUID . "'" );
self::$activeUID = NULL;
self::$userPermission = 0;
self::$userDegraded = 0;
self::$displayMessege = "Logout Successful!";
} else {
$req_uid = filter_input(INPUT_POST, 'sibyluid', FILTER_VALIDATE_REGEXP,
array("options"=>array("regexp"=>"/^([0-9]{10}|[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})$/i")));
$req_password = filter_input(INPUT_POST, 'sibylukey', FILTER_VALIDATE_REGEXP,
array("options"=>array("regexp"=>"/^([A-Z0-9]|\+|\/)+={0,2}$/i")));
if($req_uid && $req_password) {
$req_uid = mysqli_real_escape_string ( self::$sibylSQL, $req_uid );
$authQuery = mysqli_fetch_row ( mysqli_query ( self::$sibylSQL,
"SELECT `password`,`permissions` FROM `users` WHERE `uid` = '$req_uid'" ) );
if($authQuery[0] == $req_password) {
mysqli_query(self::$sibylSQL, "DELETE FROM `sessions` WHERE uid = '$req_uid'");
$sessionUID = $req_uid;
$sessionIP = $_SERVER['REMOTE_ADDR'];
$sessionTime = date("Y-m-d H:i:s");
$sessionToken = md5($sessionUID . $sessionIP . $sessionTime);
mysqli_query(self::$sibylSQL, "INSERT INTO `sessions` (`uid`,`token`,`ip`,`activity`)
VALUES ('$sessionUID','$sessionToken','$sessionIP','$sessionTime')");
setcookie('sibylkey', $sessionToken, time()+86400, '/');
self::$activeUID = $sessionUID;
$localNetwork = preg_match(self::ACSOC_IP_REGEX, $_SERVER['REMOTE_ADDR']);
for($i = 0; $i < 32; $i++) {
$flag = intval($authQuery[1]) & (1<<$i);
if($i > 23 && !$localNetwork) {
self::$userDegraded |= $flag;
} else {
self::$userPermission |= $flag;
}
}
self::$displayMessege = "Logged in as: " . $sessionUID;
} else {
self::$displayMessege = "Invalid email/SID or password.";
}
}
}
}
} /* Close mainFunction() */
} /* Close SIBYL class */
SIBYL::mainFunction();
mysqli_close(SIBYL::$sibylSQL);
?>