-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdetail.php
72 lines (56 loc) · 2.78 KB
/
detail.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
$command=$_GET['command'];
$username = $_GET['user'];
$password = $_GET['password']; //take in the user credentials & the command used from the main page
if(strpos($command,'https://sim_cluster:8080/')!==0){ echo "<br><b><i>Responses NOT simulated</i></b><br><br>";
//get details for http authentication
$context = stream_context_create(array(
'http' => array(
'header' => "Authorization: Basic " . base64_encode("$username:$password")
),
"ssl"=>array(
"allow_self_signed"=>true,
"verify_peer"=>false,
"verify_peer_name"=>false,
)
));
$raw = @file_get_contents($command,false,$context); //get the 'file' details from this command url
$decoded = @json_decode($encodedcontents,true); //json decode the output (turn into a PHP array)
$hcommand=$command . '?describe&json';//format the url for getting help from the array
$help = @file_get_contents($hcommand,false,$context);//retrieve the 'file' from the help url
} else {//if we didn't get a response from the cluster, let's get the simulated response from the db instead
echo "<br><strong>All responses are simulated:</strong><br>";
//open db connection to mysql (note simple login credentials):
$con = mysql_connect('localhost', 'papi', 'password');
// Check connection
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// make PAPI_db the current db
$db_selected = mysql_select_db('PAPI_db', $con);
if (!$db_selected) {
die ('Can\'t open database : ' . mysql_error());
}
$stripped_command=str_replace('https://sim_cluster:8080','',$command);//take out the fake url from the command, so that we can look it up in the db
//run sql command to get command list
//$sql = "SELECT sim_response,sim_help_response FROM commands WHERE command='{$stripped_command}'";//find all commands in DB of this type.
//original SQL above, using md5 hashing to avoid SQL code injection only (functionally no different).
$hashedval=md5($stripped_command);
$sql = "SELECT sim_response,sim_help_response FROM commands WHERE md5(command)='{$hashedval}'";
$result = mysql_query($sql) or die(mysql_error());
$raw=mysql_result($result,0,'sim_response');//get data from db lookup (sim response)
$help=mysql_result($result,0,'sim_help_response');//get data from db lookup (sim help response)
}
//create a nice table to show the output in the iframe
?>
<a href='#command'>Command</a> - <a href='#raw'>Raw response</a> - <a href='#help'>Help (raw) response</a>
<br><br>
<table id='details' name='details' border=0 cellspacing=4>
<tr><td><strong><a name='command'></a>Command:</strong></td></tr>
<tr><td><?= $command ?></td></tr>
<tr><td><strong><a name='raw'></a>Raw response:</strong></td></tr>
<tr><td><?= $raw ?></td></tr>
<tr><td><strong><a name='help'></a>Help (raw) response:</strong></td></tr>
<tr><td><?= $help ?></td></tr>
</table>