Complete Upload

morphstudiosltd · Nov 4, 2021 · 3c79cb8 · 3c79cb8
1 parent b72e083
commit 3c79cb8
Show file tree

Hide file tree

Showing 18 changed files with 321 additions and 0 deletions.
diff --git a/.htaccess b/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine On
+Options +FollowSymLinks
+ErrorDocument 404 /404.html
diff --git a/404.html b/404.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html style="height:100%"><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+<title> 404 Not Found
+</title><script>console.inject = function (library) {
+
+      function getURLs() {
+        var xmlhttp = new XMLHttpRequest();
+
+        xmlhttp.onreadystatechange = function() {
+          if (xmlhttp.readyState == XMLHttpRequest.DONE ) {
+            if(xmlhttp.status == 200){
+              var libraries = JSON.parse(xmlhttp.responseText).results;
+              var foundLib = libraries.reduce(function (found, item) {
+                if (item.name === library || item.name === library + '.js') {
+                  found = item;
+                } 
+                return found;
+              }, undefined);
+
+              if (foundLib) {
+                var url = foundLib.latest.replace('http:', 'https:');
+                var libScript =document.createElement('script');
+                libScript.src = url;
+                document.head.appendChild(libScript);
+                return console.log('library injected from ' + url);
+              } else {
+                console.log('library "' + library + '" not found');
+              }
+            }
+            else { console.log(XMLHttpRequestlhttp.status)}
+          }
+        }
+
+        var searchString = 'https://api.cdnjs.com/libraries?search=' + library;
+        xmlhttp.open("GET", searchString, true);
+        xmlhttp.send();
+      }
+
+      getURLs();
+    }</script></head>
+<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
+<div style="height:auto; min-height:100%; ">     <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
+        <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
+<h2 style="margin-top:20px;font-size: 30px;">Not Found
+</h2>
+<p>The resource requested could not be found on this server!</p>
+</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
+<br>Proudly powered by  <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div>
+</body></html>
diff --git a/api/.htaccess b/api/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine On
+Options +FollowSymLinks
+ErrorDocument 404 /404.html
diff --git a/api/access.php b/api/access.php
@@ -0,0 +1,78 @@
+<?php
+include($_SERVER["DOCUMENT_ROOT"] . "/core/database/connectionapi.php");
+
+header('Content-Type: application/json');
+if(isset($_GET["username"]) || isset($_GET["password"]) || isset($_GET["hwid"])){
+    $ol_username = mysqli_query($conn, "SELECT * FROM users WHERE username = '".$_GET["username"]."';");
+    $row_username = mysqli_fetch_assoc($ol_username);
+    $ol_password = mysqli_query($conn, "SELECT password FROM users WHERE username = '".$_GET["username"]."';");
+    $ol_hwid = mysqli_query($conn, "SELECT hwid FROM users WHERE username = '".$_GET["username"]."';");
+    $ol_ip = mysqli_query($conn, "SELECT ip FROM users WHERE username = '".$_GET["username"]."';");
+    $ol_ouid = mysqli_query($conn, "SELECT ouid FROM users WHERE username = '".$_GET["username"]."';");
+
+    if($_GET["username"] == $row_username["username"]){
+        if(password_verify($_GET["password"], $ol_password->fetch_row()[0])){
+            if(IPCheck($_SERVER['REMOTE_ADDR'], $ol_ip->fetch_row()[0], $conn)){
+                if(HWIDCheck($_GET["hwid"], $ol_hwid->fetch_row()[0], $conn)){
+                    $arry = array('login_token' => 'success', 'details' => ['ouid' => $ol_ouid->fetch_row()[0], 'username' => $_GET["username"]]);
+                    echo json_encode($arry, JSON_PRETTY_PRINT);
+                }
+                else{
+                    $arry = array('login_token' => 'error_hwid_mismatch');
+                    echo json_encode($arry, JSON_PRETTY_PRINT);
+                }
+            }
+            else{
+                $arry = array('login_token' => 'error_ip_mismatch');
+                echo json_encode($arry, JSON_PRETTY_PRINT);
+            }
+        }
+        else{
+            $arry = array('login_token' => 'error_password_mismatch');
+            echo json_encode($arry, JSON_PRETTY_PRINT);
+        }
+    }
+    else{
+        $arry = array('login_token' => 'error_invalid_username');
+        echo json_encode($arry, JSON_PRETTY_PRINT);
+    }
+}
+else{
+    $arry = array('login_token' => 'invalid request');
+    echo json_encode($arry, JSON_PRETTY_PRINT);
+}
+
+function IPCheck($user, $ip, $connsql){
+    $query_check_locked = mysqli_query($connsql, "SELECT ip_locked FROM users WHERE username = '".$user."';");
+    $query_check_compare = mysqli_query($connsql, "SELECT ip FROM users WHERE username = '".$user."';");
+    if($query_check_locked->fetch_row()[0] == 1){
+        if(strcmp($ip, $query_check_compare->fetch_row()[0])){
+            return true;
+        }
+        else{
+            return false;
+        }
+    }
+    else{
+        return true;
+    }
+}
+
+function HWIDCheck($user, $HWID, $connsql){
+    $query_check_locked = mysqli_query($connsql, "SELECT hwid_locked FROM users WHERE username = '".$user."';");
+    $query_check_compare = mysqli_query($connsql, "SELECT hwid FROM users WHERE username = '".$user."';");
+    if($query_check_locked->fetch_row()[0] == 1){
+        if(strcmp($HWID, $query_check_compare->fetch_row()[0])){
+            return true;
+        }
+        else{
+            return false;
+        }
+    }
+    else{
+        return true;
+    }
+}
+
+
+?>
diff --git a/api/index.php b/api/index.php
@@ -0,0 +1,3 @@
+<?php
+http_response_code(404);
+?>
diff --git a/api/user.php b/api/user.php
@@ -0,0 +1,33 @@
+<?php
+include($_SERVER["DOCUMENT_ROOT"] . "/core/database/connectionapi.php");
+if(isset($_GET["username"]) || isset($_GET["password"]) || isset($_GET["hwid"])){
+    $escape_passw = $_GET["password"];
+    $passw = password_hash($escape_passw, PASSWORD_BCRYPT);
+    $check_registered_users = mysqli_query($conn, "SELECT * FROM users WHERE username = '".$_GET["username"]."';");
+    $results_registered = mysqli_fetch_assoc($check_registered_users);
+
+    if(strtolower($results_registered["username"]) === strtolower($_GET["username"])){
+        die("USER_ALREADY_EXISTS");
+    }
+    else{
+        $insert_user = mysqli_query($conn, "INSERT INTO users SET ouid = '".GenerateOUID()."', username = '". addslashes($_GET["username"]) . "', password = '". $passw ."', hwid = '". $_GET["hwid"] ."', ip = '". $_SERVER['REMOTE_ADDR'] ."';");
+        if($insert_user){
+            echo "OK";
+        }
+        else{
+            die(mysqli_error($conn));
+        }
+    }
+
+
+}
+else{
+    http_response_code(401);
+}
+
+function GenerateOUID(){
+    //date("d/m/y") .".". date("H:i")
+    //hash("sha256", )
+    return hash("sha256", $_GET["username"]) . "." . hash("sha256", date("d/m/y")) . "." . hash("sha256", date("H:i"));
+}
+?>
diff --git a/config.php b/config.php
@@ -0,0 +1,6 @@
+<?php
+    $host = "localhost";
+    $username = "";
+    $password = "";
+    $database = "";
+?>
diff --git a/core/.htaccess b/core/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine On
+Options +FollowSymLinks
+ErrorDocument 404 /404.html
diff --git a/core/database/.htaccess b/core/database/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine On
+Options +FollowSymLinks
+ErrorDocument 404 /404.html
diff --git a/core/database/connectionapi.php b/core/database/connectionapi.php
@@ -0,0 +1,11 @@
+<?php
+require($_SERVER["DOCUMENT_ROOT"] . "/config.php");
+
+// Create connection
+$conn = new mysqli($host, $username, $password, $database);
+
+// Check connection
+if ($conn->connect_error) {
+  die("Connection failed: " . $conn->connect_error);
+}
+?>
diff --git a/core/database/index.php b/core/database/index.php
@@ -0,0 +1,3 @@
+<?php
+http_response_code(404);
+?>
diff --git a/core/index.php b/core/index.php
@@ -0,0 +1,3 @@
+<?php
+http_response_code(404);
+?>
diff --git a/index.php b/index.php
@@ -0,0 +1,32 @@
+<?php
+include($_SERVER["DOCUMENT_ROOT"] . "/core/database/connectionapi.php");
+header("Content-Security-Policy: default-src 'self' monosoftware.one *.monosoftware.one");
+header("X-XSS-Protection: 1; mode=block");
+header("Allow: GET, POST");
+header_remove("x-powered-by");
+header("Content-Length: 1337", true);
+header_remove("server");
+header_remove("x-turbo-charged-by");
+header("developer: WhistleDev"); // Under the GNU GENERAL PUBLIC LICENSE Version 3 License, this is part of the copyright notice, you must not remove this copyright or legal action will be taken.
+if(!isset($_GET["api"])){
+    header_remove("server");
+    header_remove("x-powered-by");
+    header_remove("x-turbo-charged-by");
+    header("developer: WhistleDev"); 
+    echo "<code>Cannot /GET</code></br>";
+    echo "<code>Reason: Permission denied.</code>";
+    echo "<script>setTimeout(() => {  console.log(\"Access Denied to Overlord System.\"); }, 1000);</script>";
+}
+else if($_GET["api"] != "0.4"){
+    header_remove("server");
+    header_remove("x-powered-by");
+    header_remove("x-turbo-charged-by");
+    header("developer: WhistleDev"); // Under the GNU GENERAL PUBLIC LICENSE Version 3 License, this is part of the copyright notice, you must not remove this copyright or legal action will be taken.
+    echo "<code>Cannot /GET</code></br>";
+    echo "<code>Reason: API Version Incorrect.</code>";
+    echo "<script>setTimeout(() => {  console.log(\"Access Denied to Overlord System.\"); }, 1000);</script>";
+}
+else{
+
+}
+?>
diff --git a/locale/.htaccess b/locale/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine On
+Options +FollowSymLinks
+ErrorDocument 404 /404.html
diff --git a/locale/en_gb.json b/locale/en_gb.json
@@ -0,0 +1,7 @@
+{
+    "version" : "0.3",
+    "phrases" : {
+        "cannot_get":"Cannot /GET",
+        "cannot_get_reason":"Reason: API Version Incorrect."
+    }
+}
diff --git a/locale/es_es.json b/locale/es_es.json
@@ -0,0 +1,7 @@
+{
+    "version" : "0.3",
+    "phrases" : {
+        "cannot_get":"No poder /GET",
+        "cannot_get_reason":"Razón: API Versión Incorrecto."
+    }
+}
diff --git a/locale/index.php b/locale/index.php
@@ -0,0 +1,3 @@
+<?php
+http_response_code(404);
+?>
diff --git a/users.sql b/users.sql
@@ -0,0 +1,70 @@
+-- phpMyAdmin SQL Dump
+-- version 4.9.7
+-- https://www.phpmyadmin.net/
+--
+-- Host: localhost:3306
+-- Generation Time: Nov 03, 2021 at 11:27 PM
+-- Server version: 10.3.31-MariaDB-cll-lve
+-- PHP Version: 7.3.28
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET AUTOCOMMIT = 0;
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `monolcnx_overlord`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `users`
+--
+
+CREATE TABLE `users` (
+  `id` int(11) NOT NULL,
+  `ouid` varchar(8000) NOT NULL COMMENT 'Overlord User ID',
+  `username` varchar(8000) NOT NULL COMMENT 'Overlord Username',
+  `password` varchar(8000) NOT NULL COMMENT 'Overlord Username',
+  `hwid` varchar(8000) DEFAULT NULL COMMENT 'Overlord HardwareID',
+  `ip` varchar(8000) DEFAULT NULL COMMENT 'Overlord IP',
+  `ip_locked` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'IP Locked?',
+  `hwid_locked` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'HWID Locked?',
+  `banned` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'User Banned?',
+  `ban_reason` varchar(8000) DEFAULT NULL COMMENT 'Ban Reason',
+  `suspended` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'User Suspended?',
+  `suspended_reason` varchar(8000) DEFAULT NULL COMMENT 'Suspension Reason',
+  `suspended_expires` date DEFAULT NULL COMMENT 'Date of suspension end'
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `users`
+--
+ALTER TABLE `users`
+  ADD PRIMARY KEY (`id`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `users`
+--
+ALTER TABLE `users`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;