[PHP] - Source For Simple Server Monitor/Control Panel

I'm not going to get into great detail with everything so I'll give it to you quickly.

Required:
-Ubuntu 8.04 LTS Dedicated or VP Server
-Lighttpd, mysql-server, vsftpd, and sendmail installed
-Expect installed

Since most of the code is designed specifically for one of my server setups the account adding probably wont work from server to server, although the simple functions such as the stop/start and monitoring tools will.

Simply change the username and password in the code (yes this login is not secure at all but it was just a fun test to fill up an hour or two, nothing practical since I've written much more advanced software for my servers).

I needed to add make.sh since 'expect' was necessary to act as if a real human was filling out the forms necessary for setup. Expect is a tool for Linux systems designed to automate filling out forms over the command line. Since php creates a new shell session everytime a command is entered I couldn't fill out forms etc etc, so I just execute make.sh with the necessary arguments and expect automates it all.

index.php

Code:

<?php
//Website Control Panel
//This script requires:
//1.)Vsftpd, lighttpd, mysql-server, sendmail
//2.)Also requires expect to be installed + php safemode off
set_time_limit(0);
if($_GET['o'] == "login" && $_POST['username'] == "username" && $_POST['password'] == "password") {
	setcookie("cpuser","doesnotmatter",time() + 3600);
	echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
}else if(!isset($_COOKIE['cpuser'])) {
	die("Login is required.<br><form action='index.php?o=login' method='post'>
		<br><input type='text' name='username'>
		<br><input type='password' name='password'>
		<br><input type='submit' value='Login'>
		</form>");
}else if($_GET['o'] == "lighttpd") { 
	if($_GET['a'] == "restart") {
		echo(shell_exec("sudo /etc/init.d/lighttpd restart"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "start") {
		echo(shell_exec("sudo /etc/init.d/lighttpd start"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "stop") {
		echo(shell_exec("sudo /etc/init.d/lighttpd stop"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}
}else if($_GET['o'] == "vsftpd") {
	if($_GET['a'] == "restart") {
		echo(shell_exec("sudo /etc/init.d/vsftpd restart"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "start") {
		echo(shell_exec("sudo /etc/init.d/vsftpd start"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "stop") {
		echo(shell_exec("sudo /etc/init.d/vsftpd stop"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}
}else if($_GET['o'] == "mysql") {
	if($_GET['a'] == "restart") {
		echo(shell_exec("sudo /etc/init.d/mysql restart"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "start") {
		echo(shell_exec("sudo /etc/init.d/mysql start"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "stop") {
		echo(shell_exec("sudo /etc/init.d/mysql stop"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}
}else if($_GET['o'] == "sendmail") {
	if($_GET['a'] == "restart") {
		echo(shell_exec("sudo /etc/init.d/sendmail restart"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "start") {
		echo(shell_exec("sudo /etc/init.d/sendmail start"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}else if($_GET['a'] == "stop") {
		echo(shell_exec("sudo /etc/init.d/sendmail stop"));
		flush();
		sleep(5);
		echo("<meta http-equiv='Refresh' content='0; URL=index.php'>");
	}
}else if($_GET['o'] == "account") {
	if($_GET['a'] == "new") {
		echo(shell_exec("sh make.sh ".$_POST['username']." ".$_POST['password'])); //Creates the account + main folder + mysql account + databases
		flush();
		shell_exec("sudo mkdir /var/www/".$_POST['username']."/public_html");
		shell_exec("sudo chown ".$_POST['username']." /var/www/".$_POST['username']."");
		shell_exec("sudo chown ".$_POST['username']. "/var/www/".$_POST['username']."/public_html");
		shell_exec("sudo chown www-data /etc/lighttpd/lighttpd.conf");
		$fh = fopen("/etc/lighttpd/lighttpd.conf", "a");
		fwrite($fh, "\n\$HTTP[\"host\"] =~ \"".$_POST['domain']."\" {
server.document-root = \"/var/www/".$_POST['username']."/public_html\"
}");
		fwrite($fh, "\n\$HTTP[\"host\"] =~ \"".$_POST['subdomain']."\" {
server.document-root = \"/var/www/".$_POST['username']."/public_html\"
}");
		fclose($fh);
		shell_exec("sudo chown root /etc/lighttpd/lighttpd.conf");
		echo "<br><br><center><a href='index.php'>Setup Successful, Click Here to Return</a></center>";
		flush();
		shell_exec("sudo /etc/init.d/lighttpd restart"); //This stops the script ;)
	}
}else{
	$ftp = "<font color='red'>Offline</font>";
	$mysql = "<font color='red'>Offline</font>";
	$sendmail = "<font color='red'>Offline</font>";
	$res = shell_exec("nmap localhost");
	if(strrpos($res, "ftp")) {
		$ftp = "<font color='green'>Online</font>";
	}
	if(strrpos($res, "mysql")) {
		$mysql = "<font color='green'>Online</font>";
	}
	if(strrpos($res, "smtp")) {
		$sendmail = "<font color='green'>Online</font>";
	}
	//Memory Usage
	$res = shell_exec("free -k");
	$res = preg_replace("/\s+/",";",$res); //This represents whitespace: /\s+/
	$ex = explode(";", $res); //Whitespace is replaced with a ';' so it can be exploded
	$mempercent = ($ex[9]/$ex[8]) * 100;
	//Uptime
	$res = shell_exec("uptime");
	$res = preg_replace("/\s+/",";",$res);
	$ex2 = explode(";", $res);
	$uptime = str_replace(",","",$ex2[3]); //Replaces the comma at end of time with nothing, essentially removes it
	$cpu = str_replace(",","",$ex2[8]);	
	echo "<center><font size='3'><b>BareBones Control Panel</b></font></center>
		<br><table border='1' width='300'><tr><td bgcolor='#B0B0B0'>
		<center><b>Server Statistics:</b></center>
		Server Uptime: ".$uptime."
		<br>Total Memory: ".$ex[8]."kb
		<br>Memory Used: ".$ex[9]."kb
		<br>Memory Free: ".$ex[10]."kb
		<br>Memory Percentile: %".$mempercent."
		<br>Current CPU Usage: %".$cpu."
		<br>
		</td></tr>
		</table><br>
		<font color='green'>Online</font>		
		<table border='1' width='300'><tr><td bgcolor='#FFE303'><br><b>Lighttpd Server:</b>
		<br><form action='index.php?o=lighttpd&a=restart' method='post'>
			<input type='submit' value='Restart'>
			</form></td>
		<td bgcolor='#7FFF00'><form action='index.php?o=lighttpd&a=start' method='post'>
			<input type='submit' value='Start'>
			</form></td>
		<td bgcolor='#EE0000'><form action='index.php?o=lighttpd&a=stop' method='post'>
			<input type='submit' value='Stop'>
			</form></td></tr>
		</table>
		<br>$ftp
		<table border='1' width='300'><tr><td bgcolor='#FFE303'><br><b>Vsftpd Server:&nbsp;&nbsp;&nbsp;</b>
		<br><form action='index.php?o=vsftpd&a=restart' method='post'>
			<input type='submit' value='Restart'>
			</form></td>
		<td bgcolor='#7FFF00'><form action='index.php?o=vsftpd&a=start' method='post'>
			<input type='submit' value='Start'>
			</form></td>
		<td bgcolor='#EE0000'><form action='index.php?o=vsftpd&a=stop' method='post'>
			<input type='submit' value='Stop'>
			</form></td></tr>
		</table>
		<br>$mysql
		<table border='1' width='300'><tr><td bgcolor='#FFE303'><br><b>MySQL Server:&nbsp;&nbsp;&nbsp;</b>
		<br><form action='index.php?o=mysql&a=restart' method='post'>
			<input type='submit' value='Restart'>
			</form></td>
		<td bgcolor='#7FFF00'><br><form action='index.php?o=mysql&a=start' method='post'>
			<input type='submit' value='Start'>
			</form></td>
		<td bgcolor='#EE0000<form action='index.php?o=mysql&a=stop' method='post'>
			<input type='submit' value='Stop'>
			</form></td></tr>
		</table>
		<br>$sendmail
		<table border='1' width='300'><tr><td bgcolor='#FFE303'><br><b>Sendmail Server:</b>
		<br><form action='index.php?o=sendmail&a=restart' method='post'>
			<input type='submit' value='Restart'>
			</form></td>
		<td bgcolor='#7FFF00'><form action='index.php?o=sendmail&a=start' method='post'>
			<input type='submit' value='Start'>
			</form></td>
		<td bgcolor='#EE0000'><form action='index.php?o=sendmail&a=stop' method='post'>
			<input type='submit' value='Stop'>
			</form></td></tr>
		</table>
		<br>
		<table border='1'><tr><td bgcolor='#33A1DE'>
		<b>Create Account:</b><br><form action='index.php?o=account&a=new' method='post'>
			Username:<input type='text' name='username'>
			<br>Password:<input type='text' name='password'>
			<br>Subdomain:<input type='text' name='subdomain'>
			<br>Domain:<input type='text' name='domain'>
			<br><input type='submit' value='Create Account'>
			</form>
			Note: You must manually add the zone at your managed dns.</tr></td>
		</table>
		";
}
?>

make.sh

Code:

#!/bin/sh
# \
exec expect -f "$0" ${1+"$@"}
set password [lindex $argv 1]
set username [lindex $argv 0]

spawn sudo adduser --home /var/www/$username $username
expect "assword:"
send "$password\r"
expect "assword:"
send "$password\r"
expect "Name []:"
send "0\r"
expect "Number []:"
send "0\r"
expect "Phone []:"
send "0\r"
expect "Phone []:"
send "0\r"
expect "Other []:"
send "0\r"
expect "N]"
send "y\r"
expect eof

# \
exec expect -f "$0" ${1+"$@"}
set password [lindex $argv 1]
set username [lindex $argv 0]
spawn mysql -u root -p
expect "assword:"
send "r"
expect "sql>"
send "CREATE USER '$username'@'%' IDENTIFIED BY '$password';\r"
expect "sql>"
send "GRANT USAGE ON * . * TO '$username'@'%' IDENTIFIED BY '$password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;\r"
expect "sql>"
send "CREATE DATABASE IF NOT EXISTS `$username` ;\r"
expect "sql>"
send "GRANT ALL PRIVILEGES ON `$username` . * TO '$username'@'%';\r"
expect "sql>"
send "CREATE DATABASE IF NOT EXISTS `$username 1` ;\r"
expect "sql>"
send "GRANT ALL PRIVILEGES ON `$username 1` . * TO '$username'@'%';\r"
expect "sql>"
send "CREATE DATABASE IF NOT EXISTS `$username 2` ;\r"
expect "sql>"
send "GRANT ALL PRIVILEGES ON `$username 2` . * TO '$username'@'%';\r"
expect "sql>"
send "CREATE DATABASE IF NOT EXISTS `$username 3` ;\r"
expect "sql>"
send "GRANT ALL PRIVILEGES ON `$username 3` . * TO '$username'@'%';\r"
expect "sql>"
send "CREATE DATABASE IF NOT EXISTS `$username 4` ;\r"
expect "sql>"
send "GRANT ALL PRIVILEGES ON `$username 4` . * TO '$username'@'%';\r"
expect "sql>"
send "CREATE DATABASE IF NOT EXISTS `$username 5` ;\r"
expect "sql>"
send "GRANT ALL PRIVILEGES ON `$username 5` . * TO '$username'@'%';\r"
expect "sql>"
send "set password for '$username'@'%' = password('$password');\r"
expect "sql>"
send "quit\r"
expect eof

exit 0

Feel free to elaborate on this code, have fun.

 

Well, you can easily get into the script by setting a fake cookie.

What is the shell script for? It's setting up a database, but for what?

 

I didn't want to include the encryption system I use for my php script's since it would be a vulnerability, but for the purpose of demonstration this system is semi-secure.

Make.sh utilizes the 'expect' tool to interact with the command line like a human being (something that shell_exec can't do). Make.sh is adding a separate user account on the box in addition to a mysql user for them with 5 databases that only them + root can access.

 

Didn't notice that.

I ran it, and it works perfectly on my host. Except, I'm not allowed to stop any services, only restart.

 

Glad to hear it works for you, what operating system is your host running?

 

uname -a says:

Code:

Linux gator477.hostgator.com 2.6.24.7-grsec #1 SMP Wed May 14 21:56:43 CDT 2008 i686 i686 i386 GNU/Linux

To be honest, I can't really tell what it is.

 

Is that a trick question? -.-

 

"Linux" isn't very specific towards identifying the Operating System the server is running. There are several official Linux versions and distributions as well as hundreds of other non-official ones.