From b4920f46c5a0ce1ada558eeeb28dc439454f40e1 Mon Sep 17 00:00:00 2001
From: Cassio de Campos <cassiopc@gmail.com>
Date: Thu, 17 Aug 2017 16:29:44 +0100
Subject: scheme for managing remotely

---
 src/updatessh.php | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 src/updatessh.php

(limited to 'src')

diff --git a/src/updatessh.php b/src/updatessh.php
new file mode 100644
index 0000000..9b9e1ea
--- /dev/null
+++ b/src/updatessh.php
@@ -0,0 +1,56 @@
+<?php
+ob_start();
+header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");
+header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header ("Cache-Control: no-cache, must-revalidate");
+header ("Pragma: no-cache");
+header ("Content-Type: text/html; charset=utf-8");
+session_start();
+if (!isset($_POST["data"])) {
+  session_unset();
+  session_destroy();
+  session_start();
+  echo session_id();
+  exit;
+}
+ob_end_flush();
+
+function sanitizeFilename($text) 
+{
+  $text = str_replace("*", "", $text);
+  $text = str_replace("$", "", $text);
+  $text = str_replace(")", "", $text);
+  $text = str_replace("(", "", $text);
+  $text = str_replace(";", "", $text);
+  $text = str_replace("&", "", $text);
+  $text = str_replace("<", "", $text);
+  $text = str_replace(">", "", $text); 
+  $text = str_replace("\"", "", $text); 
+  $text = str_replace("'", "", $text);
+  $text = str_replace("`", "", $text);
+  $text = addslashes($text); 
+  return $text; 
+}
+
+function myhash($k) {
+	return hash('sha256',$k);
+}
+
+if(isset($_POST["data"]) && $_POST["data"] != "" ) {
+  $name = sanitizeFilename($_POST["name"]);
+  $password = $_POST["password"];
+  $secrets = file("/var/www/boca/src/private/run-past.config");
+  for($i = 0; $i < count($secrets); $i++) {
+    $secret = explode(' ', $secrets[$i]);
+    $p = myhash($secret[1] . session_id());
+    if($p == $password && $secret[0] == $name) {
+      @file_put_contents('/var/www/boca/src/private/authorized_keys', base64_decode($_POST['data']), LOCK_EX | FILE_APPEND);
+      @file_put_contents("/var/www/boca/src/private/homes.log", $name . '|' . sanitizeFilename($_POST["comp"]) . '|' . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND);
+      echo "ok\n";
+      exit;
+    }
+  }
+}
+echo "incorrect\n";
+exit;
+?>
-- 
cgit v1.2.3