Location: PHPKode > projects > Pothos > pothos-0.1.1/fullrecord.php
<?
///////////////////////////////////////////////////////////////////////////////////////
// Pothos - IPTables Firewall Tool
// Copyright (c) 2004, Ken Stanley
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification,
// are permitted provided that the following conditions are met:
//
//  - Redistributions of source code must retain the above copyright notice, this list
//    of conditions and the following disclaimer.
//  - Redistributions in binary form must reproduce the above copyright notice, this
//    list of conditions and the following disclaimer in the documentation and/or other
//    materials provided with the distribution.
//  - Neither the name of the Author nor the names of its contributors may be
//    used to endorse or promote products derived from this software without specific
//    prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
// OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
// SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
// BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
// DAMAGE.
//
// Contact author : hide@address.com
///////////////////////////////////////////////////////////////////////////////////////
//error_reporting(0);
require_once('includes/config.inc');
require_once('includes/functions.inc');

include('includes/header.inc');

if ($preferences['mysql']['persist'] == "true") {
	$chandle = mysql_pconnect(
			$preferences['mysql']['host'],
			$preferences['mysql']['user'],
			$preferences['mysql']['pass']);
}
else {
	$chandle = mysql_connect(
			$preferences['mysql']['host'],
			$preferences['mysql']['user'],
			$preferences['mysql']['pass']);
}

if (!$chandle) {
	dberr($preferences['path']);
}
else {
	$mysql_query = "SELECT * FROM ulog WHERE id='" . $_GET['val'] . "'";

	$qhandle = mysql_db_query($preferences['mysql']['dbase'], $mysql_query, $chandle);

	if (!$qhandle) {
		dberr($preferences['path']);
	}
	else {
		foreach (($row = mysql_fetch_array($qhandle, MYSQL_ASSOC)) as $key => $value) {
			switch ($key) {
				case "id":
					$id = $value;
					break;
				case "raw_mac":
					$mac = $value;
					break;
				case "oob_time_sec":
					$date = date("Y-m-d H:i:s", $value);
					break;
				case "oob_prefix":
					$chain = $value;
					break;
				case "oob_in":
					$iface_in = $value;
					break;
				case "oob_out":
					$iface_out = $value;
					break;
				case "ip_saddr":
					$shost = gethostbyaddr(long2ip($value));
					$saddr = long2ip($value);
					break;
				case "ip_daddr":
					$dhost = gethostbyaddr(long2ip($value));
					$daddr = long2ip($value);
					break;
				case "ip_protocol":
					$protocol = getprotobynumber($value);
					break;
				case "tcp_sport":
					if ($value <> NULL)
						$sport = getport($protocol, $value);
					break;
				case "tcp_dport":
					if ($value <> NULL)
						$dport = getport($protocol, $value);
					break;
				case "udp_sport":
					if ($value <> NULL)
						$sport = getport($protocol, $value);
					break;
				case "udp_dport":
					if ($value <> NULL)
						$dport = getport($protocol, $value);
					break;
			}
		}

		$qhandle = mysql_db_query(
			$preferences['mysql']['dbase'],
			"SELECT DISTINCT tcp_dport,udp_dport,count(*) FROM ulog" .
			" WHERE ip_saddr='" . sprintf("%u",ip2long($saddr)) . "' GROUP BY tcp_dport,udp_dport",
			$chandle);

		if (!$qhandle) {
			dberr($preferences['path']);
		}
		else {
			while ($row = mysql_fetch_array($qhandle, MYSQL_ASSOC)) {
				$ports['tcp'][] = $row['tcp_dport'];
				$ports['udp'][] = $row['udp_dport'];
				$ports['count'] = $row['count(*)'];
			}

			$header = "Full record for $shost (ID: $id)";

			$table = "<table border=0 cellpadding=0 cellspacing=0 width=100%>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
			$table .= "<b>Date:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" width=275>$date</td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" colspan=7>&nbsp;</td>\n";
			$table .= " </tr>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
			$table .= "<b>Mac Address:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" width=275>$mac</td>\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=50>";
			$table .= "<b>Protocol:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" width=25>$protocol</td>\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=75>";
			$table .= "<b>Source Port:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" width=25>$sport</td>\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=100>";
			$table .= "<b>Destination Port:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\">$dport</td>\n";
			$table .= " </tr>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
			$table .= "<b>Source Host:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" width=275>$shost</td>\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" colspan=2 width=110>";
			$table .= "<b>Destination Host:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" colspan=4>$dhost</td>\n";
			$table .= " </tr>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
			$table .= "<b>Source IP:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" width=275>$saddr</td>\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" colspan=2>";
			$table .= "<b>Destination IP:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" colspan=4>$daddr</td>\n";
			$table .= " </tr>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\">\n";
			$table .= "   <b>TCP Ports:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\">";

			for ($i = 0; $i < count($ports['tcp']);$i++) {
				$table .= $ports['tcp'][$i] . "&nbsp;";
			}

			$table .= "  </td>\n";
			$table .= "  <td align=\"right\" valign=\"top\" class=\"fullrecord_cell\" colspan=2>\n";
			$table .= "   <b>UDP Ports:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" colspan=4>";

			for ($i = 0; $i < count($ports['udp']);$i++) {
				$table .= $ports['udp'][$i] . "&nbsp;";
			}

			$table .= "  </td>\n";
			$table .= " </tr>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td align=\"right\" valign=\"top\" class=\"fullrecord_cell\">\n";
			$table .= "<b>Total Hits:</b></td>\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" colspan=8>\n";
			$table .= $ports['count'] . "</td>\n";
			$table .= " </tr>\n";
			$table .= " <tr class=\"fullrecord_row\">\n";
			$table .= "  <td valign=\"top\" class=\"fullrecord_cell\" colspan=8>\n";
			$table .= "   <h3><u>Whois record for <i>$saddr</i>:</u></h3>\n";
			$table .= "   <pre>\n";

			exec(escapeshellcmd("whois -H $saddr"),$whois);

			foreach ($whois as $output) {
				// Don't print commented lines
				//if (substr($output, 0, 1) <> "#")
					$table .= "$output\n";
			}

			$table .= "   </pre>\n";
			$table .= "  </td>\n";
			$table .= " </tr>\n";
			$table .= "</table>\n";

			create_table("100%",$preferences['path'],$header,$table);
		}
	}

	// Since using mysql_close with a persistent connection doesn't do anything, 
	// we just go ahead and call mysql_close regardless of the type of connection
	// we created (it saves a line or two of code).
	mysql_close($chandle);
}
include('includes/footer.inc');
?>
Return current item: Pothos