[Phplogcon-dev] FW: phpLogCon
Rainer Gerhards
rgerhards at hq.adiscon.com
Tue Dec 6 10:15:19 CET 2005
Hi all,
I am forwarding a very good post from Brian to the list.
Now that we have the list, I invite everyone to join the discussion and
iron out how it is best to proceed. I think Brian has done some
exceptionally good work and I would be glad if we can move toward
jointly creating a great app.
Brian: sorry for the silence the past days. Now Michael is back from
vacation and he has a much better understanding of phpLogCon than I
have. I think it'll make sense if you too primarily disucss how to
proceed - I will throw in any advise I can offer, but as I've said I am
not proficient with php. But sometimes I have good ideas on the "overall
picture" ;)
Thanks,
Rainer
> -----Original Message-----
> From: Brian Shea [mailto:bgshea at gmail.com]
> Sent: Tuesday, December 06, 2005 9:03 AM
> To: Rainer Gerhards
> Subject: Re: phpLogCon
>
> This is a work-in-progress, you can view a demo on my site. I
> have about 4 more days of work before this will by a 100%
> usable version. You can download a snap-shot of the code. I
> have not put any copyrigth's on my files yet. So please don't
> publish them.
>
> Link is not on webpage, but file should be there if you paste
> the link into a browser.
>
> http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2
>
> Watch out for the new file structure
> /sessions/ --- Hold session related code files
> /pages/ --- Hold the different view, home,
> event, syslogtags, etc.
> /pages/forms/ --- was /forms/
>
> All pages are access through index.php and the
> $_SESSION['pages'] variable and a sub pages by the get data
> slt or lid.
> This hides much of the information about the web app, so it
> will be harder to XSS, but if they have the code ...
>
> http://www.hackthebox.org/files/phplogcon-1.2.4_bgs.tar.bz2
>
> TODO:
> 1) Clean up and organization.
> 2) Combine like code on different pages into functions
> 3) Get filter settings in to stored sessions
> 4) You had some comments about user's being able to select
> different filters, that needs to be done, should be easy at
> this point.
> 5) Finish the user-config page.
> 6) Consider using Text_CAPTCHA to prevent brute force scripts
> of trying to login, this would be optional, cause it can be
> annoying/unavailable.
>
>
> On 12/5/05, Brian Shea <bgshea at gmail.com> wrote:
>
> That could work, but since you i'm 8 hours behind you,
> midnight for me is 8am for you and by time i wake up at 8:30
> it's the end of your day.
>
> Either way will work.
>
> Reposted the file. phplogcon_1.2.3_bgs.tar.bz2
>
> now I'm off to bed ;)
>
>
>
> On 12/5/05, Brian Shea <bgshea at gmail.com> wrote:
>
> I dont mind. 4 to 5am is no problem, besides,
> if i get up that eairly i have a good change of making it to
> work on time, otherwise i don't roll out of bed till 8:30 ;)
>
> Also, added session_write_close() on line 117.
> You might find an extra 's' on line 118 (typo). I'm going to
> re-bzip the files. (keyboard short cut is ALT-F-S, sometimes
> i hit the fn key next to alt key)
>
> Anyway, you should find that adding stored
> varibles to phplogcon by $_SESSION is quite easy now. Have fun!!
>
> Off to sleep.
>
>
>
> On 12/5/05, Rainer Gerhards <
> rgerhards at hq.adiscon.com <mailto:rgerhards at hq.adiscon.com> > wrote:
>
> Hi Brian,
>
> thanks for sticking around ;) I guess
> this week will be a much better
> one with Michael coming back from
> vacation. I think it is not a good
> idea to make you get up early just to
> talk to us ;) What do you think: I
> could set up a developers mailing list
> and all discussions could take
> place on that. I guess that would be
> more convenient for everyone...
>
> Rainer
>
> > -----Original Message-----
> > From: Brian Shea [mailto: bgshea at gmail.com]
> > Sent: Sunday, December 04, 2005 7:03 PM
> > To: Andre Lorbach; Rainer Gerhards
> > Subject: Re: phpLogCon
> >
> > Andre, Rainer
> >
> > I'm going to write php Session
> handling functions. This will
> > be a separate file that can be
> included and used with out any
> > changes to your current version.
> Since php session handling
> > functions can be set from php, so
> this file will set them.
> > Then all the session data will be
> written to (DB, FILE,
> > dev/null) what ever.
> >
> > Also, if you still want to chat on
> MSN, maybe we can arrange
> > a time this week. I think it would be
> better for me to get up
> > early (4 or 5am) which would be your
> afternoon. Any day but
> > my Thursday would work.
> >
> > I would like to work with you, if you
> still want that. This
> > is your project, so it is your call.
> >
> > Regards,
> >
> > Brian Shea
> >
> >
> > On 12/1/05, Brian Shea
> <bgshea at gmail.com> wrote:
> >
> > My MSN account is
> bgshea at gmail.com <mailto:bgshea at gmail.com>
> >
> >
> >
> >
> > On 12/1/05, Brian Shea
> <bgshea at gmail.com> wrote:
> >
> > Okay, I'll setup an
> account and we can chat!
> >
> > Thanks,
> >
> > Brian Shea
> >
> >
> >
> > On 12/1/05, Andre Lorbach <
> > alorbach at ro1.adiscon.com
> <mailto:alorbach at ro1.adiscon.com>
> <mailto:alorbach at ro1.adiscon.com> > wrote:
> >
> > Hi,
> >
> > you will
> contact me (Andre Lorbach) on
> > MSN using: delta_ray at hotmail.com
> > Timm Herget has
> the following MSN:
> > therget at gmx.net
> >
> > I will be on
> MSN again tomorrow, so
> > don't wounder when I am offline
> > there.
> >
> > Best regards,
> > Andre Lorbach
> >
> > > -----Original
> Message-----
> > > From: Brian
> Shea [mailto:
> > bgshea at gmail.com <mailto:
> bgshea at gmail.com <mailto:bgshea at gmail.com> > ]
> > > Sent:
> Wednesday, November 30, 2005 6:35 PM
> > > To: Rainer Gerhards
> > > Subject: Re: phpLogCon
> > >
> > > Umm, not
> sure, I have Gaim and that
> > support a number of
> > > protocols. I
> don't use chat that
> > often so any of them are
> > > fine. Just
> let me know what you guys
> > use (MSN/ICQ/AIM) and
> > > I'll sign up
> for an account.
> > >
> > > Yeah, That's
> my project i do to get
> > away from computers.
> > >
> > >
> > > On 11/30/05,
> Rainer Gerhards <
> > rgerhards at hq.adiscon.com > wrote:
> > >
> > >
> excellent (and good luck with
> > your truck!!!). Any
> > > preferrence regarding
> > > the messenging?
> > >
> > > Rainer
> > >
> > > >
> -----Original Message-----
> > > > From:
> Brian Shea [mailto:
> > bgshea at gmail.com <mailto:
> bgshea at gmail.com <mailto:bgshea at gmail.com> > ]
> > > > Sent:
> Wednesday, November 30,
> > 2005 5:04 PM
> > > > To:
> Rainer Gerhards
> > > >
> Subject: Re: phpLogCon
> > > >
> > > > Okay,
> that will work for me
> > too cause i need to install the
> > > >
> engine for my truck this
> > weekend and will be tied up with
> > > > that
> for the rest of the
> > week. I'll hold off off on the
> > > >
> emails till we can all get
> > together. Let me know when is good
> > > > for
> you. Also let me know
> > what were are going to use.
> > > >
> > > > Thanks,
> > > >
> > > >
> > > > On
> 11/30/05, Rainer Gerhards <
> > >
> rgerhards at hq.adiscon.com
> > <mailto: rgerhards at hq.adiscon.com
> <mailto:rgerhards at hq.adiscon.com> > <mailto:
> > rgerhards at hq.adiscon.com
> <mailto:rgerhards at hq.adiscon.com> > > wrote:
> > > >
> > > > Brian,
> > > >
> > > >
> just one further note.
> > I think there is lots of room
> > > > for
> improvements,
> > > >
> even besides the bug
> > fixing. The good thing is that I
> > > > am
> also in control
> > > >
> of a back-end, namely
> > rsyslog, which definitely
> > > helps with the
> > > >
> integration.
> > > >
> > > > Rainer
> > > >
> > > >
> > -----Original Message-----
> > > >
> > From: Brian Shea
> > [mailto: bgshea at gmail.com]
> > > >
> > Sent: Monday,
> > November 28, 2005 10:36 PM
> > > >
> > To: Rainer Gerhards
> > > >
> > Subject: Re: phpLogCon
> > > > >
> > > >
> > Sure, this will give
> > me a chance to really
> > > help out on an
> > > >
> > open source project.
> > I use ton of open source
> > > software and
> > > >
> > occasionally buy
> > Tee-Shirts or Mugs, but that
> > > doesn't really
> > > >
> > go all that far. I'll
> > be glad to help in
> > > anyway possible.
> > > > >
> > > >
> > I'm gonna spend more
> > time tonight to
> > > re-instate
> cookies with
> > > >
> > more protection and
> > better cookie expiration.
> > > > >
> > > >
> > I think we should
> > look at moving all the auth
> > > code to one
> > > >
> > function or set of
> > functions. I was having a
> > > bit of trouble
> > > >
> > last night with
> > erroneous valid sessions even
> > > when i logged
> > > >
> > out. No doubt a
> > result of my changes. I
> > > eventually over came
> > > >
> > the issue, but it is
> > a hack at best.
> > > > >
> > > > > Brian
> > > > >
> > > > >
> > > >
> > On 11/28/05, Rainer Gerhards <
> > >
> rgerhards at hq.adiscon.com
> > <mailto: rgerhards at hq.adiscon.com
> <mailto:rgerhards at hq.adiscon.com> >
> > <mailto: rgerhards at hq.adiscon.com
> <mailto:rgerhards at hq.adiscon.com> > > wrote:
> > > > >
> > > >
> > Brian,
> > > > >
> > > >
> > the office I am
> > in has had some ISP
> > > troubles today. I
> > > >
> > am receiving messages
> > out of order...
> > > Anyhow... I really
> > > >
> > appreciate your work
> > - it is awsome ;) I
> > > think we could
> > > >
> > really do quite a lot
> > together and I am
> > > excited about that
> > > >
> > opportunity. The
> > primary coder so far -
> > > Michael Meckelein -
> > > >
> > is on vacation since
> > friday, he'll be back
> > > next monday. I
> > > >
> > have asked Andre to
> > work with you. I think
> > > that will be fun
> > > >
> > ;) I myself have
> > mostly worked on the basic
> > > concept, and even
> > > >
> > that not for quite some time.
> > > > >
> > > >
> > I think we are
> > on a quite good track now :)
> > > > >
> > > > >
> > > >
> > Rainer
> > > > >
> > > > >
> > > > >
> > -----Original Message-----
> > > >
> > From: Brian Shea
> > >
> [mailto:bgshea at gmail.com]
> > > >
> > Sent:
> > Monday, November 28, 2005 4:20 PM
> > > >
> > To:
> > Rainer Gerhards
> > > > >
> > Subject: phpLogCon
> > > > >
> > > > >
> > > >
> > You can
> > use this email for
> > > coordinating the
> > > >
> > fixes. I'll be at
> > work from 8:00 to 4:30, but
> > > after that I'm
> > > >
> > free to work on phpLogCon.
> > > > >
> > > >
> > BTW:
> > > > >
> > > >
> > The
> > code is pretty good, The
> > > first thing we
> > > >
> > need to do is have a
> > central authentication
> > > point. Move all
> > > >
> > the valid user checks
> > to one function that is
> > > called at the
> > > >
> > start of the scripts,
> > and if fails kills the
> > > session and
> > > >
> > sends the user back
> > to index.php.
> > > > >
> > > >
> > I
> > noticed that you had some of
> > > the auth code in
> > > >
> > index.php, some in
> > writestandardhead and more
> > > in auth. I
> > > >
> > moved most of the
> > auth code to auth, but
> > > there is still a few
> > > >
> > bits and pieces left over.
> > > > >
> > > >
> > Regrads,
> > > >
> > Brian
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
>
>
>
>
>
>
More information about the Phplogcon-dev
mailing list