Here is a very simple script that once uploaded locks onto various architectures and extracts the database using the captured details.
For example, wordpress and concrete5 have been detected here:
When nothing is detected it will still offer the manual entering of the username and password.
It currently supports Concrete5 and WordPress, but I can easily upgrade it to support many more like ZF1, ZF2, Magento, Drupal, Joomla, etc, if there is any interest.
This is handy when you need to quickly copy a database, you simply upload this script to the doc_root and the script will attempt to handle the rest for you.
The script comes with password protection to prevent unauthorised usage, or it will not just be you downloading the database.
The script stores the username and password of those authorised to use it within the code, the password can be entered in plain text, or you can define your own algorithm and store the password encrypted in this way, within the code.
The script can be downloaded from github here and the full source code is below.
/*
Adrian Callaghan 21 Mar 2017
Very lightweight database dumper that automatically locks access details provided by other PHP frameworks
****** How to use ******
Enter your usernames and passwords into the constructor in either plain text (insecure if read by someone else) or encypted
Example 1: allowing bob access with the password 1234 and joe access with password 5678 - no encryption
dbDump::Init(array(
'users' => array(
array('username'=>'bob','password'=>'1234'),
array('username'=>'joe','password'=>'5678'),
)));
Example 2: allowing bob access with the password 1234 and joe access with password 5678 - with encyption method and hashed passwords that must match the method result
dbDump::Init(array(
'users' => array(
array('username'=>'bob','password'=>'81dc9bdb52d04dc20036dbd8313ed055'),
array('username'=>'joe','password'=>'674f3c2c1a8a6f90461e8a66fb5550ba'),
),
'passwordEncryption'=>function($pass){
return md5($pass);
}
));
*/
/******************
Constructor
*******************/
dbDump::Init(array(
'users' => array(
array('username'=>'bob','password'=>'81dc9bdb52d04dc20036dbd8313ed055'),
array('username'=>'joe','password'=>'674f3c2c1a8a6f90461e8a66fb5550ba'),
),
'passwordEncryption'=>function($pass){
return md5($pass);
}
));
/******************
Class starts...
*******************/
final class dbDump{
const APP_STATE = 'state';
const APP_AUTH = 'MY_TOKEN';
const APP_SALT = 'MY_SALT';
private $_users;
private $_passwordEncryption;
protected function destroySession(){
$this->initSession();
session_destroy();
return $this;
}
protected function initSession(){
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
return $this;
}
protected function getSession($object = true){
$this->initSession();
return $object ? (object) $_SESSION : $_SESSION;
}
protected function getSessionVar($var = ''){
return isset($this->session->{$var}) ? $this->session->{$var} : false;
}
protected function setSessionVar($key, $val){
$session = $this->session;
$session->{$key} = $val;
$this->session = (array) $session;
}
protected function setSession(array $values){
$this->initSession();
$_SESSION = $values;
return $this;
}
protected function getGet($object = true){
return $object ? (object) $_GET : $_GET;
}
protected function getGetVar($var = ''){
return isset($this->post->{$var}) ? $this->post->{$var} : false;
}
protected function isPost(){
return empty($this->getPost(false)) ? false : true;
}
protected function getPost($object = true){
return $object ? (object) $_POST : $_POST;
}
protected function getPostVar($var = ''){
return isset($this->post->{$var}) ? $this->post->{$var} : false;
}
protected function getState(){
return $this->getSessionVar(self::APP_STATE);
}
protected function setState($state = ''){
$this->setSessionVar(self::APP_STATE, $state);
return $this;
}
protected function is_constant($token) {
return $token == T_CONSTANT_ENCAPSED_STRING || $token == T_STRING || $token == T_LNUMBER || $token == T_DNUMBER;
}
protected function strip($value) {
return preg_replace('!^([\'"])(.*)\1$!', '$2', $value);
}
protected function getDefinitions($php){
$defines = array();
$state = 0;
$key = '';
$value = '';
$tokens = token_get_all($php);
$token = reset($tokens);
while ($token) {
// dump($state, $token);
if (is_array($token)) {
if ($token[0] == T_WHITESPACE || $token[0] == T_COMMENT || $token[0] == T_DOC_COMMENT) {
// do nothing
} else if ($token[0] == T_STRING && strtolower($token[1]) == 'define') {
$state = 1;
} else if ($state == 2 && $this->is_constant($token[0])) {
$key = $token[1];
$state = 3;
} else if ($state == 4 && $this->is_constant($token[0])) {
$value = $token[1];
$state = 5;
}
} else {
$symbol = trim($token);
if ($symbol == '(' && $state == 1) {
$state = 2;
} else if ($symbol == ',' && $state == 3) {
$state = 4;
} else if ($symbol == ')' && $state == 5) {
$defines[$this->strip($key)] = $this->strip($value);
$state = 0;
}
}
$token = next($tokens);
}
return $defines;
}
protected function generateDbForm($fields = null, $forceDisplay = false){
if ($fields===null && !$forceDisplay){
return;
}
$form = "
";
return $form;
}
protected function getPlatform($options){
$error = '- ';
$out .= $this->getPlatform((object) array(
'conf' => 'wp-config.php',
'logo' => 'https://s.w.org/about/images/logos/wordpress-logo-32-blue.png',
'logoW' => '32',
'logoH' => '32',
'host' => 'DB_HOST',
'table' => 'DB_NAME',
'username' => 'DB_USER',
'password' => 'DB_PASSWORD'
));
$out .= $this->getPlatform((object) array(
'conf' => 'config/site.php',
'logo' => 'https://www.concrete5.org/files/3613/5517/8150/concrete5_Wordmark_200x37.png',
'logoW' => '200',
'logoH' => '37',
'host' => 'DB_SERVER',
'table' => 'DB_DATABASE',
'username' => 'DB_USERNAME',
'password' => 'DB_PASSWORD'
));
/*$out .= $this->getPlatform((object) array(
'conf' => 'config/autoload/local.php',
'logo' => 'http://clloh.com/wp-content/uploads/2015/08/zf2-logo-128x128.png',
'logoW' => '128',
'logoH' => '128',
'host' => 'DB_SERVER',
'table' => 'DB_DATABASE',
'username' => 'DB_USERNAME',
'password' => 'DB_PASSWORD'
));*/
$out .= $this->getPlatform((object) array(
'logo' => 'https://www.mysql.com/common/logos/logo-mysql-170x115.png',
'logoW' => '170',
'logoH' => '115',
'force' => true,
));
return $out.'