Location: PHPKode > projects > FuZZY - AUP Infraction Detection (AUPID) > fuzzy-karma-2.02/lib/msn.php
<?php
	/*
		This is the API that each filtering module should use.
		Any functions listed in this class MUST be used in your
		module.
		
		You may add any other functions that you feel are necessary
		or useful.
	*/
	 
	 	/*
			MSN Defines
		*/
			define("MSN_PORT_IDENT",771);      //check data section of packet to see what these are changed to.
			define("MSN_MESSAGE_POS",0);
			define("MSN_MESSAGE_IDENT","MSG");
			define("MSN_MESSAGE_LENGTH",3);
			define("MSN_SIGN_OFF","BYE");
			define("MSN_SIGN_ON","FLN");
			define("MSN_TYPING_IDENT",10);
	
		
	class msn
	{

		/*
			The variables listed below must remain, and should
			not need to be altered.
		*/
		var $active = false; //This is true or false.  This is called only by the constructor.
		
		/*
			The section below if for variables specific to your module.
		*/
		var $messages_output;
		var $messages;
		var $message_count = 0;
		var $users;
		var $user_count = 0;
		
		
		/*
			This is the constructor for the module.  Some of the basic functions that the
			constructor will perform are also included.
			The constructor takes a DAB object as a parameter.  This is the connection
			to the database.
		*/
		function msn($db) //Replace the function name with the name of the class
		{
			/*
				This is where we check to see if this module is marked as active.
				If it is not active, then we will not perform any actions.
			*/       //This comment keeps it from being tested for activity

			if(!$this->isActive($db))
				return false;	
			return true;
		}//end constructor
		
		
		/*
			This function actually performs the analysis for the module.  Any filtering
			one packet data should be performed here.
		*/
		function run($db)
		{
			if($this->active)
			{
				$array = "";	// Where you will store your packets
				$select = "SELECT * FROM fuzzy_temp WHERE packet_type=\"FUZZY MSN activity\" ORDER BY seq";	// The select statement you will use
				$delete = "DELETE FROM fuzzy_temp WHERE packet_type=\"FUZZY MSN activity\"";
				if(!$array = $db->query($select)) return false;   //PUTS ALL THE MSN PACKETS INTO $array
				$db->query($delete);
				
				/*
					Loop to analyze each packet one by one.
				*/
				while($row =@ mysql_fetch_array($array))
				{
					/*
						This is where you will actually perform the analysis on each packet
						If the packet matches your criteria, then you will store it in the
						table that matches with your filter.
					*/
					$message = "";
					$username = "";
					$email = "";
					$payload = utils::hexStringToASCII($row[data_payload]);
					if(substr($payload, MSN_MESSAGE_POS, MSN_MESSAGE_LENGTH) == MSN_MESSAGE_IDENT) //check to see if it's "MSG"
					{
						$temp = explode(" ", $payload);
						$username = mysql_escape_string(str_replace("%20", " ", $temp[2]));
						$email = $temp[1];
						if($username == "U")   //THIS MSN HEADER WILL ONLY HAVE AN EMAIL ADDRESS (WHEN I WAS SENDING PACKETS)
						{
							$email = mysql_escape_string(trim(substr($temp[count($temp)-1], 0, -EOP)));    //--  put parsed email into the fuzzy_msn_users[email_address] field  WHAT'S THIS?  PARSING TO GET THE EMAIL ADDRESS? -EOP=6?
							$username = "Unkown";
						}//end if
						if($username == "N")
						{
							$username = "Unkown";
							$email = "Unknown";
						}//end if
						if(ord($payload{strlen($payload)-3}) != MSN_TYPING_IDENT)                       //IF THIS PACKET REALLY CONTAINS A MESSAGE
						{
							$temp = explode(chr(13).chr(10), $payload);
							$message = mysql_escape_string(trim(substr($temp[count($temp)-1], 0)));
						}//end if message						
					}//end if
					elseif(substr($row, MSN_MESSAGE_POS, MSN_MESSAGE_LENGTH) == MSN_SIGN_OFF)	//THIS IS A SIGN OFF PACKET
					{
						$uname = $db->query("select * from fuzzy_msn where src_ip = \"$row[sip]\";");
						$message = $uname[username]." has signed off!";
						$this->message_count++;
					}//end elseif
					elseif(substr($payload, MSN_MESSAGE_POS, MSN_MESSAGE_LENGTH) == MSN_SIGN_ON)	//THIS IS A SIGN ON PACKET
					{
						$message = trim(substr($payload, MSN_MESSAGE_POS+MSN_MESSAGE_LENGTH, -4))." has just signed in!";
					}//end elseif
					//PUT THE INFORMATION INTO THE DATABASE
					if($message != "")
						$db->query("insert into fuzzy_msn (message, timestamp, src_ip, dest_ip, username, email) values ('$message', '$row[timestamp]', '$row[sip]', '$row[dip]', '$username', '$email')");					
				}//end while
				return true;
			}//end if active	
			else
				$db->query("delete from fuzzy_temp where packet_type like '%FUZZY MSN%'");
			return true;
		}//end run
		
		
		/*
			This function checks to see whether or not this filter is
			considered active.  It sets the "active" variable to true or
			false accordingly.
		*/
		function isActive($db)
		{
			$select = "SELECT active FROM fuzzy_preferences WHERE protocol=\"msn\"";
			$temp = mysql_fetch_array($db->query($select));
			if($temp[active] == 1){
				$this->active = true;
			}
			else{
				$this->active = false;
			}
			return true;
		}//end isActive
		
		
		/*
			This function performs the statistical analysis for this module
		*/
		function doStats($db)
		{
			/*
				This is where you will perform that statistical analysis
				based on the algorithm provided for this module.
			*/
		}//end doStats
		
		
		/*
			This function returns statistical information for the module.
		*/
		function getStats($db)
		{
			/*
				This should retrieve the statistical information and return it in
				html format.
			*/
		}//end getStats
		
		
		/*
			This function returns the threshold values that correspond to this filter.
		*/
		function getThresh($db)
		{
			/*
				This should retrieve the threshold information from the database
				that relates to this filter.
			*/
		}//end getThresh
		
		
		/*
			This function returns information about this filter in html format.
		*/
		function getData($db)
		{
			/*
				This returns information relating to this filter in HTML format.
			*/
			  /*
                                You should customize these next variables to match your protocol
                        */
                        $table_name = "fuzzy_msn";
                        $heading = "Fuzzy Packet Analysis - MSN Messenger";
                        $sub_heading = 'See <a href="ftp://ftp.rfc-editor.org/in-notes/rfc1939.txt">RFC 1939</a>.';
                        $this_filename = "msn.php";
                        
                        // Don't touch these next variables
                        $select = 'SELECT * FROM '.$table_name.' ORDER BY timestamp;';
                        $result = $db->query($select);
                        
                        $alt_color = 0;
                        $count = 0;
                        
                        /*
                                Make sure you use the same HTML format when you customize your fields
                        */
                        $protocol_html .= '<br /><br />
                                <table cellpadding="2" cellspacing="2" border="0">
                                        <tr>
                                                <td colspan="8">
                                                        <span class="heading">'.$heading.'</span>
                                                </td>
                                        </tr>
                                </table>
                                <table>
                                        <tr bgcolor="#006699">
                                                <td>
                                                        <span class="label">username</span>
                                                </td>
                                                <td>
                                                        <span class="label">email</span>
                                                </td>
                                                <td>
                                                        <span class="label">message</span>
                                                </td>
                                                <td>
                                                        <span class="label">timestamp</span>
                                                </td>
                                                <td>
                                                        <span class="label">alert</span>
                                                </td>
                                                <td bgcolor="ffffff"><!--Leave this cell here--></td>
                                        </tr>';
                        $alt_color = 1;
                        $num_alerts = 0;
                        $num_packets = 0;
                        while ($row = mysql_fetch_array($result))
                        {
                                /*
                                        You shouldn't need to touch anything here
                                */
                                // extract all values from the array
                                extract ($row, EXTR_OVERWRITE);
                                $text_color = "#3366cc";
                                $num_packets++;
                                if ($alt_color == 0)
                                {
                                        $row_color = "#ABCDEF";
                                        $alt_color = 1;
                                }
                                else 
                                {
                                        $row_color = "#EEEEEE";
                                        $alt_color = 0;
                                }
                                if ($alert == 1) 
                                {
                                        $row_color = "#FF0000";
                                        $text_color = "#ffffff";
                                        $num_alerts++;
                                }
                                /*
                                        Customize this to match the field in your protocol table
                                */
                                $protocol_html .= '
                                        <tr bgcolor="'.$row_color.'">
                                                <td>
                                                        <span style="color: '.$text_color.';">'.$username.'</span>
                                                </td>
                                                <td>
                                                        <span style="color: '.$text_color.';">'.$email.'</span>
                                                </td>
                                                <td>
                                                        <span style="color: '.$text_color.';">'.$message.'</span>
                                                </td>
                                                <td>
                                                        <span style="color: '.$text_color.';">'.$timestamp.'</span>
                                                </td>
                                                <td>
                                                        <span style="color: '.$text_color.';">'.$alert.'</span>
                                                </td>
                                                <td bgcolor="ffffff">
                                                        <span><a href="'.$base_url.'index.php?deletefrom='.$table_name.'&id='.$id.'&load='.$this_filename.'">Delete</a></span>
                                                </td>
                                        </tr>';
                        }
                        $protocol_html .= '</table>';
                        $protocol_html .= '
                                <table>
                                        <tr>
                                                <td>
                                                        <span>Packets Listed: '.$num_packets.'</span>
                                                </td>
                                        </tr>
                                        <tr>
                                                <td>
                                                        <span>Alerts Flagged: '.$num_alerts.'</span>
                                                </td>
                                        </tr>
                                </table>';
                        return ($protocol_html);
		}//end getData
	}// end class
?>
Return current item: FuZZY - AUP Infraction Detection (AUPID)