internal HttpSessionData(HttpRequest httpPacket) { base.HttpHeadVariables = httpPacket.VariablesHttpHead; base.HttpPostVariables = httpPacket.VariablesHttpPost; base.RequestedFile = httpPacket.RequestUrl; this.Cookies = new AVLTree <string, string>(); this.HttpPacket = httpPacket; this.Stream = httpPacket.Stream; try { this.RemoteEndpoint = httpPacket.TcpClient?.Client?.RemoteEndPoint; this.LocalEndpoint = httpPacket.TcpClient?.Client?.LocalEndPoint; } catch { } if (httpPacket.Cookies != null) { foreach (KeyValuePair <string, string> kvp in httpPacket.Cookies) { this.Cookies.Add(kvp); } } this.RawHttpPacket = httpPacket.RawRequest; if (SessionContainer.SessionIdTransmissionType == SessionContainer.ESessionIdTransmissionType.Cookie) { base.Ssid = this.Cookies["ssid"]; } else { Logger.LogExcept(new NotImplementedException($"The given SessionIdTransmissionType ({SessionContainer.SessionIdTransmissionType}) could not be handled in {GetType().ToString()}.")); } base.PerFileVariables = SessionContainer.GetFileDictionary(httpPacket.RequestUrl); this._userInfo = SessionContainer.GetUserInfoFromSsid(Ssid); CurrentSession = this; }
/// <summary> /// Tells if a user has ever been registered with the given name /// </summary> /// <param name="userName">the name of the user</param> /// <returns>true if the user has ever existed</returns> public bool UserExists(string userName) { return(SessionContainer.GetUserInfoFromName(userName) != null); }
private void ProcessHrefs(ref string ret, HttpSessionData sessionData) { // href="#" untouched // href="somelink.html?123=bla" even with onclick="xyz" will contain the ssid in post for (int i = 0; i < ret.Length - 1; i++) { if ((ret[i] == '<' && ret[i + 1] == 'a') || (i > 5 && ret.Substring(i - 6, 7) == "<button")) { int state = 0; int hrefPos = -1, onclickPos = -1; int linkStartPos = -1, onclickStartPos = -1; int linkEndPos = -1, onclickEndPos = -1; char stringEndChar = '\0'; // search for href for (int j = i + 3; j < ret.Length - 5; j++) { if (state == 0 && j < ret.Length - 5 && ret.Substring(j, 4) == "href" && hrefPos == -1) { j += 3; hrefPos = j; state = 1; } else if (state == 1 && ret[j] == '=') { state = 2; } else if (state == 2 && (ret[j] == '\'' || ret[j] == '\"')) { state = 3; stringEndChar = ret[j]; linkStartPos = j + 1; if (j + 1 < ret.Length && ret[j + 1] == '#') { goto CONTINUE_SEARCH_FOR_LINK_TAG; } j++; } else if (state == 3 && j > linkStartPos + 1 && ret[j] == stringEndChar) { state = 0; linkEndPos = j - 1; } else if (state == 0 && j < ret.Length - 5 && ret.Substring(j, 7) == "onclick" && onclickPos == -1) { state = -1; j += 6; } else if (state == -1 && ret[j] == '=') { state = -2; } else if (state == -2 && (ret[j] == '\'' || ret[j] == '\"')) { stringEndChar = ret[j]; state = -3; onclickStartPos = j + 1; } else if (state == -3 && ret[j] == stringEndChar) { onclickEndPos = j - 1; state = 0; } else if (ret[j] == '>') { if (linkStartPos > -1 && linkEndPos > -1) { ret = ret.Remove(linkStartPos - 1, 1); ret = ret.Insert(linkStartPos - 1, "\""); ret = ret.Remove(linkEndPos + 1, 1); ret = ret.Insert(linkEndPos + 1, "\""); if (onclickStartPos > -1 && onclickEndPos > -1) { ret = ret.Remove(onclickStartPos - 1, 1); ret = ret.Insert(onclickStartPos - 1, "\""); ret = ret.Remove(onclickEndPos + 1, 1); ret = ret.Insert(onclickEndPos + 1, "\""); string hash = SessionContainer.GenerateUnusedHash(); string add = ";var f_" + hash + "=document.createElement('form');f_" + hash + ".setAttribute('method','POST');f_" + hash + ".setAttribute('action','" + ret.Substring(linkStartPos, linkEndPos - linkStartPos + 1) + "');f_" + hash + ".setAttribute('enctype','application/x-www-form-urlencoded');var i_" + hash + "=document.createElement('input');i_" + hash + ".setAttribute('type','hidden');i_" + hash + ".setAttribute('name','ssid');i_" + hash + ".setAttribute('value','" + sessionData.Ssid + "');f_" + hash + ".appendChild(i_" + hash + ");document.body.appendChild(f_" + hash + ");f_" + hash + ".submit();document.body.remove(f_" + hash + ");"; if (onclickStartPos > linkStartPos) { ret = ret.Insert(onclickEndPos + 1, add); j += add.Length; ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1); ret = ret.Insert(linkStartPos, "#"); j -= (linkEndPos - 1); } else { ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1); ret = ret.Insert(linkStartPos, "#"); j -= (linkEndPos - 1); ret = ret.Insert(onclickEndPos + 1, add); j += add.Length; } } else { string add = "#\" onclick =\"var f=document.createElement('form');f.setAttribute('method','POST');f.setAttribute('action','" + ret.Substring(linkStartPos, linkEndPos - linkStartPos + 1) + "');f.setAttribute('enctype','application/x-www-form-urlencoded');var i=document.createElement('input');i.setAttribute('type','hidden');i.setAttribute('name','ssid');i.setAttribute('value','" + sessionData.Ssid + "');f.appendChild(i);document.body.appendChild(f);f.submit();document.body.remove(f);"; ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1); j -= linkEndPos; ret = ret.Insert(linkStartPos, add); j += add.Length; } } i = j; goto CONTINUE_SEARCH_FOR_LINK_TAG; } } CONTINUE_SEARCH_FOR_LINK_TAG :; } } }