From d4ae3c236b5314e644d0a87bd5bacf2f710ff1b7 Mon Sep 17 00:00:00 2001
From: fra-2107 <timchimienti@gmail.com>
Date: Fri, 22 Nov 2024 13:58:16 -0500
Subject: [PATCH] web2

---
 sql/sql.sql                            |  32 +++++
 {web => web1}/class/Alerts.class.php   |   0
 {web => web1}/class/Database.class.php |   0
 {web => web1}/css/styles.css           |   0
 {web => web1}/css/styles2.css          |   0
 {web => web1}/index.php                |   0
 {web => web1}/tmp.html                 |   0
 web2/index.php                         | 172 +++++++++++++++++++++++++
 web2/js/ajax.js                        |  68 ++++++++++
 web2/js/tweets.js                      |  72 +++++++++++
 web2/php/constants.php                 |   7 +
 web2/php/database.php                  | 127 ++++++++++++++++++
 web2/php/request.php                   |  46 +++++++
 13 files changed, 524 insertions(+)
 create mode 100644 sql/sql.sql
 rename {web => web1}/class/Alerts.class.php (100%)
 rename {web => web1}/class/Database.class.php (100%)
 rename {web => web1}/css/styles.css (100%)
 rename {web => web1}/css/styles2.css (100%)
 rename {web => web1}/index.php (100%)
 rename {web => web1}/tmp.html (100%)
 create mode 100644 web2/index.php
 create mode 100644 web2/js/ajax.js
 create mode 100644 web2/js/tweets.js
 create mode 100644 web2/php/constants.php
 create mode 100644 web2/php/database.php
 create mode 100644 web2/php/request.php

diff --git a/sql/sql.sql b/sql/sql.sql
new file mode 100644
index 0000000..a7c20d3
--- /dev/null
+++ b/sql/sql.sql
@@ -0,0 +1,32 @@
+#-----------------------------------------------
+# Nettoyage des tables dans la base de données
+#-----------------------------------------------
+
+DROP TABLE IF EXISTS alertes;
+
+#-----------------------------------------------
+# Table: alertes
+#----------------------------------------------
+
+CREATE TABLE alertes (
+    id SERIAL PRIMARY KEY, -- Identifiant unique pour chaque alerte
+    cef_version VARCHAR(10) DEFAULT 'CEF:1', -- Version du format CEF utilisé
+    date_alerte TIMESTAMP(3) NOT NULL, -- Date et heure de l'alerte avec une précision de millisecondes
+    agent_severity INT CHECK (agent_severity >= 0 AND agent_severity <= 10), -- Niveau de gravité de l'alerte sur une échelle de 0 à 10
+	device_event_class_id VARCHAR(1023), -- Identifiant de la signature permettant d'aider les moteurs de corrélations
+    device_product VARCHAR(63), -- Nom du produit à l'origine de l'alerte
+    device_vendor VARCHAR(63), -- Nom du fournisseur ou fabricant du produit
+    device_version VARCHAR(31), -- Version du produit ou dispositif ayant généré l'alerte
+    name VARCHAR(512), -- Nom descriptif de l'alerte
+	-- Champ d'extension du CEF
+	dst VARCHAR(45), -- Adresse IP de destination impliquée dans l'alerte
+	src VARCHAR(45), -- Adresse IP source impliquée dans l'alerte
+   	dpt INT, -- Port de destination utilisé pour l'événement ou l'alerte
+    spt INT, -- Port source de l'événement ou de l'alerte
+	msg VARCHAR(1023), -- Champ texte pour des notes ou commentaires additionnels concernant l'alerte
+	proto VARCHAR(10), -- Protocole réseau impliqué (ex : TCP, UDP)
+	bytesin INT, -- Quantité de bytes (8 bits ici) entrant (cas de flood ou DOS)
+	bytesout INT, -- Quantité des bytes (8 bits ici) sortants
+    reason VARCHAR(1023), -- Description de la raison de l'alerte expliquant pourquoi elle a été générée
+    act VARCHAR(50) -- Action entreprise en réponse à l'alerte (ex : bloqué, alerté uniquement, ...)
+);
\ No newline at end of file
diff --git a/web/class/Alerts.class.php b/web1/class/Alerts.class.php
similarity index 100%
rename from web/class/Alerts.class.php
rename to web1/class/Alerts.class.php
diff --git a/web/class/Database.class.php b/web1/class/Database.class.php
similarity index 100%
rename from web/class/Database.class.php
rename to web1/class/Database.class.php
diff --git a/web/css/styles.css b/web1/css/styles.css
similarity index 100%
rename from web/css/styles.css
rename to web1/css/styles.css
diff --git a/web/css/styles2.css b/web1/css/styles2.css
similarity index 100%
rename from web/css/styles2.css
rename to web1/css/styles2.css
diff --git a/web/index.php b/web1/index.php
similarity index 100%
rename from web/index.php
rename to web1/index.php
diff --git a/web/tmp.html b/web1/tmp.html
similarity index 100%
rename from web/tmp.html
rename to web1/tmp.html
diff --git a/web2/index.php b/web2/index.php
new file mode 100644
index 0000000..1c010be
--- /dev/null
+++ b/web2/index.php
@@ -0,0 +1,172 @@
+<?php
+
+ini_set('display_errors', 'on');
+error_reporting(E_ALL);
+
+spl_autoload_register(function ($class) {
+  include 'class/' . $class . '.class.php';
+});
+
+$db = new Database();
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+  <meta name="description" content="">
+  <meta name="author" content="">
+  <title>IDPS visualization</title>
+  <link rel="icon" type="image/x-icon" href="assets/favicon.ico"><!-- Core theme CSS (includes Bootstrap)-->
+  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+  <link href="/css/styles.css" rel="stylesheet">
+
+  <!-- JS Scripts -->
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.slim.min.js"
+      integrity="sha256-pasqAKBDmFT4eHoN2ndd6lN370kFiGUFyTiUHWhU7k8=" crossorigin="anonymous"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"
+      integrity="sha256-x3YZWtRjM8bJqf48dFAv/qmgL68SI4jqNWeSLMZaMGA=" crossorigin="anonymous"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.4.1/js/bootstrap.min.js"
+      integrity="sha256-WqU1JavFxSAMcLP2WIOI+GB2zWmShMI82mTpLDcqFUg=" crossorigin="anonymous"></script>
+    <script src="js/ajax.js" defer></script>
+
+    <!-- TODO -->
+    <script src="js/tweets.js" defer></script>
+</head>
+
+<body id="page-top">
+  <!-- Navigation-->
+  <nav class="navbar navbar-expand-lg navbar-dark bg-dark fixed-top" id="mainNav">
+    <div class="container px-4"><a class="navbar-brand" href="#page-top">Alerts</a><button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button>
+      <div class="collapse navbar-collapse" id="navbarResponsive">
+        <ul class="navbar-nav ms-auto">
+          <!-- TODO changer ? -->
+          <!-- <li class="nav-item"><a class="nav-link" href="/">Accueil</a></li>
+          <li class="nav-item"><a class="nav-link" href="#echouage">Liste des échouages</a></li>
+          <li class="nav-item"><a class="nav-link" href="add.php">Enregistrer un echouage</a></li>
+          <li class="nav-item"><a class="nav-link" href="stats.php">statistiques</a></li> -->
+        </ul>
+      </div>
+    </div>
+  </nav><!-- Header-->
+  <header class="bg-primary bg-gradient text-white">
+    <div class="container px-4 text-center">
+      <h1 class="fw-bolder">Alertes systemes</h1>
+      <p class="lead">meilleur outil de surveillance du monde</p>
+      <a class="btn btn-lg btn-light" href="#alertes">Alertes</a>
+    </div>
+  </header>
+
+  <section class="bg-light" id="alertes">
+    <div class="container px-4">
+      <div class="row gx-4 justify-content-center">
+        <div class="col-lg-8">
+          <h2>Liste des Attaques</h2>
+          <p class="lead">veuillez selectionner les filtres de recherche ou parcourez la liste ci-dessous</p>
+
+          <!-- ici les filtres -->
+          <form class="row g-3" method="POST">
+
+            <div class="col-auto">
+              <select class="form-select" aria-label="Choisir un niveau d'alerte" name="event_gravite">
+                <option selected value="">niveau d'alerte</option>
+                <?php for ($i = 1; $i <= 10; $i++) : ?>
+                  <option value="<?php echo $i; ?>"><?php echo $i; ?></option>
+                <?php endfor; ?>
+              </select>
+            </div>
+
+            <div class="col-auto">
+              <select class="form-select" aria-label="Chosisir une device" name="device_product">
+                <option selected value="">Appareil de détection</option>
+                <?php
+                $devices = $db->getDevices();
+                foreach ($devices as $device) : ?>
+                  <option value="<?php echo $device->getDeviceProduct(); ?>"><?php echo $device->getDeviceProduct(); ?></option>
+                <?php endforeach; ?>
+              </select>
+            </div> 
+
+
+            <div class="col-auto ms-auto me-0">
+              <button type="submit" class="btn btn-primary mb-3">Filtrer</button>
+            </div>
+          </form>
+
+          <table class="table table-striped">
+            <thead class="bg-primary text-white">
+              <tr>
+                <th scope="col" class="id">N°</th>
+                <th scope="col" class="Date">Date</th>
+                <th scope="col" class="label">Nom alerte</th>
+                <th scope="col" class="label">Appareil de détection</th>
+                <th scope="col" class="label">Adresse source</th>
+                <th scope="col" class="label">Niveau d'alerte</th>
+                <th scope="col" class="label"></th>
+                <th scope="col" class="label"></th>
+              </tr>
+            </thead>
+            <tbody style="border: 1px solid black;">
+
+              
+            </tbody>
+          </table>
+          <nav aria-label="Page navigation">
+            <ul class="pagination">
+
+              <?php
+              $nb_echouage = $db->getnbAlerts();
+              $nb_page = ceil($nb_echouage / 20);
+              if (isset($_GET["page"])) {
+                $page = intval($_GET['page']);
+              } else {
+                $page = 1;
+              }
+
+              if ($nb_page > 1) {
+                echo "<li class='page-item col-auto'><a class='page-link' href=index.php?page=1'>première page</a></li>";
+              }
+
+              if ($page > 1) {
+                echo "<li class='page-item col-auto'><a class='page-link' href=index.php?page=" . strval($page - 1) . "'>" . strval($page - 1) . "</a></li>";
+              }
+
+              echo "<li class='page-item col-auto'><a class='page-link' style=href=index.php?page=" . $page . "'>" . $page . "</a></li>";
+
+              if (($page) < $nb_page) {
+                echo "<li class='page-item col-auto'><a class='page-link' href=index.php?page=" . strval($page + 1) . "'>" . strval($page + 1) . "</a></li>";
+              }
+              if ($nb_page > 1) {
+                echo "<li class='page-item col-auto'><a class='page-link' href=index.php?page=" . strval($nb_page) . "'>dernière page</a></li>";
+              }
+              ?>
+
+
+            </ul>
+
+
+          </nav>
+
+
+
+
+        </div>
+      </div>
+    </div>
+  </section><!-- Contact section-->
+
+
+
+
+  <footer class="py-5 bg-dark">
+    <div class="container px-4">
+      <p class="m-0 text-center text-white">Copyright &copy; CIR2 2023/<a class="text-white" href="https://www.observatoire-pelagis.cnrs.fr/">Pelagis</a></p>
+    </div>
+  </footer><!-- Bootstrap core JS-->
+  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script><!-- Core theme JS-->
+  <!-- <script src="js/scripts.js"></script> -->
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web2/js/ajax.js b/web2/js/ajax.js
new file mode 100644
index 0000000..ab9cab2
--- /dev/null
+++ b/web2/js/ajax.js
@@ -0,0 +1,68 @@
+'use strict';
+
+//------------------------------------------------------------------------------
+//--- ajaxRequest --------------------------------------------------------------
+//------------------------------------------------------------------------------
+// Perform an Ajax request.
+// \param type The type of the request (GET, DELETE, POST, PUT).
+// \param url The url with the data.
+// \param callback The callback to call where the request is successful.
+// \param data The data associated with the request.
+function ajaxRequest(type, url, callback, data = null)
+{
+  let xhr;
+
+  // Create XML HTTP request.
+  xhr = new XMLHttpRequest();
+  if (type == 'GET' && data != null)
+    url += '?' + data;
+  xhr.open(type, url);
+  xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
+
+  // Add the onload function.
+  xhr.onload = () =>
+  {
+    switch (xhr.status)
+    {
+      case 200:
+      case 201:
+        console.log(xhr.responseText);
+        callback(JSON.parse(xhr.responseText));
+        break;
+      default:
+        httpErrors(xhr.status);
+    }
+  };
+
+  // Send XML HTTP request.
+  xhr.send(data);
+}
+
+//------------------------------------------------------------------------------
+//--- httpErrors ---------------------------------------------------------------
+//------------------------------------------------------------------------------
+// Display an error message accordingly to an error code.
+// \param errorCode The error code (HTTP status for example).
+function httpErrors(errorCode)
+{
+  let messages =
+  {
+    400: 'Requête incorrecte',
+    401: 'Authentifiez vous',
+    403: 'Accès refusé',
+    404: 'Page non trouvée',
+    500: 'Erreur interne du serveur',
+    503: 'Service indisponible'
+  };
+
+  // Display error.
+  if (errorCode in messages)
+  {
+    $('#errors').html('<strong>' + messages[errorCode] + '</strong>');
+    $('#errors').show();
+    setTimeout(() =>
+    {
+      $('#errors').hide();
+    }, 5000);
+  }
+}
diff --git a/web2/js/tweets.js b/web2/js/tweets.js
new file mode 100644
index 0000000..6a825a6
--- /dev/null
+++ b/web2/js/tweets.js
@@ -0,0 +1,72 @@
+'use strict';
+
+let login = 'cir2';
+let currentTitle = 'Liste des tweets';
+
+ajaxRequest('GET', 'php/request.php/tweets/', displayTweets);
+
+$('#all-button').click(() =>
+  {
+    currentTitle = 'Liste des tweets';
+    ajaxRequest('GET', 'php/request.php/tweets/', displayTweets);
+  }
+);
+
+$('#my-button').click(() =>
+  {
+    currentTitle = 'Liste de mes tweets';
+    ajaxRequest('GET', 'php/request.php/tweets/?login=' + login, displayTweets);
+  }
+);
+
+$('#tweet-add').submit((event) =>
+  {
+    event.preventDefault();
+    ajaxRequest('POST', 'php/request.php/tweets/', () =>
+      {
+        ajaxRequest('GET', 'php/request.php/tweets/', displayTweets);
+      }, 'login=' + login + '&text=' + $('#tweet').val());
+    $('#tweet').val('');
+  }
+);
+
+$('#tweets').on('click', '.mod', () =>
+  {
+    ajaxRequest('PUT', 'php/request.php/tweets/' +
+      $(event.target).closest('.mod').attr('value'), () =>
+        {
+          ajaxRequest('GET', 'php/request.php/tweets/', displayTweets);
+        }, 'login=' + login + '&text=' + prompt('Nouveau tweet :'));
+  }
+);
+$('#tweets').on('click', '.del', () =>
+  {
+    console.log('delete');
+    ajaxRequest('DELETE', 'php/request.php/tweets/' +
+      $(event.target).closest('.del').attr('value') +'?login=' + login, () =>
+        {
+          ajaxRequest('GET', 'php/request.php/tweets/', displayTweets);
+        }
+      );
+  }
+);
+
+//------------------------------------------------------------------------------
+//--- displayTweets ------------------------------------------------------------
+//------------------------------------------------------------------------------
+// Display tweets.
+// \param tweets The tweets data received via the Ajax request.
+function displayTweets(tweets)
+{
+  // Fill tweets.
+  $('#tweets').html('<h3>' + currentTitle + '</h3>');
+  for (let tweet of tweets)
+    $('#tweets').append('<div class="card"><div class="card-body">' +
+      tweet.login + ' : ' + tweet.text +
+      '<div class="btn-group float-right" role="group">' +
+      '<button type="button" class="btn btn-light float-right mod"' +
+      ' value="' + tweet.id + '"><i class="fa fa-edit"></i></button>' +
+      '<button type="button" class="btn btn-light float-right del"' +
+      ' value="' + tweet.id + '"><i class="fa fa-trash"></i></button>' +
+      '<div></div></div>');
+}
diff --git a/web2/php/constants.php b/web2/php/constants.php
new file mode 100644
index 0000000..01c9577
--- /dev/null
+++ b/web2/php/constants.php
@@ -0,0 +1,7 @@
+<?php
+  // Database constants.
+  define('DB_USER', 'sidps');
+  define('DB_PASSWORD', 'sidps');
+  define('DB_NAME', 'sidps');
+  define('DB_SERVER', 'localhost');
+?>
diff --git a/web2/php/database.php b/web2/php/database.php
new file mode 100644
index 0000000..6fa928b
--- /dev/null
+++ b/web2/php/database.php
@@ -0,0 +1,127 @@
+<?php
+  require_once('constants.php');
+
+  //----------------------------------------------------------------------------
+  //--- dbConnect --------------------------------------------------------------
+  //----------------------------------------------------------------------------
+  // Create the connection to the database.
+  // \return False on error and the database otherwise.
+  function dbConnect()
+  {
+    try
+    {
+      $db = new PDO('mysql:host='.DB_SERVER.';dbname='.DB_NAME.';charset=utf8',
+        DB_USER, DB_PASSWORD);
+      $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
+    }
+    catch (PDOException $exception)
+    {
+      error_log('Connection error: '.$exception->getMessage());
+      return false;
+    }
+    return $db;
+  }
+
+  //----------------------------------------------------------------------------
+  //--- dbRequestAlertes --------------------------------------------------------
+  //----------------------------------------------------------------------------
+  // Function to get all alertes 
+  // \param db The connected database.
+  // \return The list of alertes.
+  function dbRequestAlerts($db)
+  {
+    try
+    {
+      $request = 'SELECT * FROM alertes';
+      $statement = $db->prepare($request);
+      $statement->execute();
+      $result = $statement->fetchAll(PDO::FETCH_ASSOC);
+    }
+    catch (PDOException $exception)
+    {
+      error_log('Request error: '.$exception->getMessage());
+      return false;
+    }
+    return $result;
+  }
+
+  //----------------------------------------------------------------------------
+  //--- dbAddCTweet ------------------------------------------------------------
+  //----------------------------------------------------------------------------
+  // Add a tweet.
+  // \param db The connected database.
+  // \param login The login of the user.
+  // \param text The tweet to add.
+  // \return True on success, false otherwise.
+  function dbAddTweet($db, $login, $text)
+  {
+    try
+    {
+      $request = 'INSERT INTO tweets(login, text) VALUES(:login, :text)';
+      $statement = $db->prepare($request);
+      $statement->bindParam(':login', $login, PDO::PARAM_STR, 20);
+      $statement->bindParam(':text', $text, PDO::PARAM_STR, 80);
+      $statement->execute();
+    }
+    catch (PDOException $exception)
+    {
+      error_log('Request error: '.$exception->getMessage());
+      return false;
+    }
+    return true;
+  }
+  
+  //----------------------------------------------------------------------------
+  //--- dbModifyTweet ----------------------------------------------------------
+  //----------------------------------------------------------------------------
+  // Function to modify a tweet.
+  // \param db The connected database.
+  // \param id The id of the tweet to update.
+  // \param login The login of the user.
+  // \param text The new tweet.
+  // \return True on success, false otherwise.
+  function dbModifyTweet($db, $id, $login, $text)
+  {
+    try
+    {
+      $request = 'UPDATE tweets SET text=:text WHERE id=:id AND login=:login ';
+      $statement = $db->prepare($request);
+      $statement->bindParam(':id', $id, PDO::PARAM_INT);
+      $statement->bindParam(':login', $login, PDO::PARAM_STR, 20);
+      $statement->bindParam(':text', $text, PDO::PARAM_STR, 80);
+      $statement->execute();
+    }
+    catch (PDOException $exception)
+    {
+      error_log('Request error: '.$exception->getMessage());
+      return false;
+    }
+    return true;
+  }
+
+  //----------------------------------------------------------------------------
+  //--- dbDeleteTweet ----------------------------------------------------------
+  //----------------------------------------------------------------------------
+  // Delete a tweet.
+  // \param db The connected database.
+  // \param id The id of the tweet.
+  // \param login The login of the user.
+  // \return True on success, false otherwise.
+  function dbDeleteTweet($db, $id, $login)
+  {
+    try
+    {
+      $request = 'DELETE FROM tweets WHERE id=:id AND login=:login';
+      $statement = $db->prepare($request);
+      $statement->bindParam(':id', $id, PDO::PARAM_INT);
+      $statement->bindParam(':login', $login, PDO::PARAM_STR, 20);
+      $statement->execute();
+    }
+    catch (PDOException $exception)
+    {
+      error_log('Request error: '.$exception->getMessage());
+      return false;
+    }
+    return true;
+  }
+?>
diff --git a/web2/php/request.php b/web2/php/request.php
new file mode 100644
index 0000000..000664f
--- /dev/null
+++ b/web2/php/request.php
@@ -0,0 +1,46 @@
+<?php
+
+    require_once('database.php');
+
+    // Database connexion.
+    $db = dbConnect();
+    if (!$db)
+    {
+        header ('HTTP/1.1 503 Service Unavailable');
+        exit;
+    }
+
+    // Check the request.
+    $requestMethod = $_SERVER['REQUEST_METHOD'];
+    $request = $_SERVER['PATH_INFO'];
+    $request = explode('/', $request);
+
+    if ($request[1] != 'alertes')
+    {
+        header('HTTP/1.1 400 Bad Request');
+        exit;
+    }
+
+    if ($requestMethod == 'GET')
+    {
+        $data = dbRequestAlerts($db);
+    }
+  
+    if ($requestMethod == 'PUT')
+    {
+        parse_str(file_get_contents('php://input'), $_PUT);
+        if($id !=''&&isset($_PUT['login'])&&isset($_PUT['text']))
+            $data = dbModifyTweet($db, $id, $_PUT['login'], strip_tags($_PUT['text']));
+    }
+
+    // Send data to the client.
+    header('Content-Type: application/json; charset=utf-8');
+    header('Cache-control: no-store, no-cache, must-revalidate');
+    header('Pragma: no-cache');
+    if($requestMethod == 'POST')
+        header('HTTP/1.1 201 Created');
+    else
+        header('HTTP/1.1 200 OK');
+    echo json_encode($data);
+    exit;
+?>