Log File Manager

/cgi-bin/.cfg/php/custom/log_file_manager.php * * Note: Files in /tmp directory should have filenames containing dates, so that new log files are created daily from * customizations (at a minimum). Files are automatically removed from this site /tmp directory every two weeks, by timestamp. * * Disclaimer: Use this customization at your own risk. It is strongly recommended that a) log files produced do not contain sensitive * data, and b) this customization only be used over https. * */ use RightNow\Connect\v1_3 as RNCPHP; use RightNow\Connect\Crypto\v1_3 as Crypto; if (!defined('DOCROOT')) { $docroot = get_cfg_var('doc_root'); define('DOCROOT', $docroot); } //hard coded to allow for file downloads without the need to enter credentials // allows for the Crypto API to be initialized, so that the actual user's credentials // are used to authenticate downloads // define('DECRYPT_USERNAME', ""); define('DECRYPT_PASSWORD', ""); /* * See 'API access control and authentication' here: * * https://documentation.custhelp.com/euf/assets/devdocs/cloud22a/Connect_PHP/Default.htm * */ function authenticate($userName, $password) { require_once(DOCROOT . '/include/services/AgentAuthenticator.phph'); // use function below instead, if you want to limit users of this script by profile //return AgentAuthenticator::authenticateCookieOrCredentialsAndProfile($userName, $password, $agentProfile = array("Admin Profile", "Agent Profile")); // add profile specific check return AgentAuthenticator::authenticateCredentials($userName, $password); } function pass() { if (!empty($_POST['password'])) { return htmlspecialchars(trim($_POST['password'])); } return ''; } function user() { if (!empty($_POST['username'])) { return htmlspecialchars(trim($_POST['username'])); } return ''; } function viewFile($path) { if (file_exists($path)) { echo $path . ":"; echo "

"; header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($path)); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($path)); readfile($path); } } function downloadFile($path) { if (file_exists($path)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($path)); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($path)); readfile($path); } } function scanTmp($dir) { $dircontents = array(); if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { $dircontents[] = $file; } closedir($dh); } } sort($dircontents); return $dircontents; } function makeSafe($field, $mode='encrypt') { try { $cipher = new Crypto\AES(); $cipher->Mode->ID =1; $cipher->IV->Value = "1234567812345678"; $cipher->KeySize->LookupName = "128_bits"; $cipher->KeyDerivative = new Crypto\CryptoKeyDerivative(); $cipher->KeyDerivative->Mode->ID = 2; $cipher->KeyDerivative->Salt = new Crypto\CryptoKeyDerivativeSalt(); $cipher->KeyDerivative->Salt->Value = "yiuyipoipi"; $cipher->KeyDerivative->Password = "UYIUYDSFSDFSDFPOIPOI"; $cipher->KeyDerivative->Iteration = 1000; if ($mode == 'encrypt') { $cipher->Text = $field; $cipher->encrypt(); return $cipher->EncryptedText; } else { $cipher->EncryptedText = $field; $cipher->decrypt(); return $cipher->Text; } } catch (\Exception $e) { echo "Exception: " . $e->getMessage(); } } if (!empty($_GET['action']) && (trim($_GET['action']) == 'view' || trim($_GET['action']) == 'download')) { try { //authenticate with the hard-coded credentials // only to get to the Crypto API and decrypt the real user's credentials authenticate(htmlspecialchars(trim(DECRYPT_USERNAME)), htmlspecialchars(trim(DECRYPT_PASSWORD))); if (!authenticate(htmlspecialchars(trim(makeSafe(base64_decode($_POST['username']), 'decrypt'))), htmlspecialchars(trim(makeSafe(base64_decode($_POST['password']), 'decrypt'))))) { exit(); } if (trim($_GET['action']) == 'view') { viewFile($_GET['path']); } else { downloadFile($_GET['path']); } exit(); } catch (\Exception $e) { echo "Exception: " . $e->getMessage(); } } else { authenticate(user(), pass()); } ?> Log File Manager ", $resource); printf("", $date); printf("", $size); printf("", $thisPath, $thisPath); } ?>

Name	Date	Size (bytes)	Action
%s	%s	%s