diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..de4254d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,43 @@ +--- +name: Bug Report +about: Something isn't working +title: "[Bug]: " +labels: bug +assignees: userjack6880 + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Software Version** +[ ] Version 0 Alpha 8.1 +[ ] Version 0 Alpha 8 +[ ] Other + +**Desktop (please complete the following information):** + - OS [e.g. macOS] + - Browser [e.g. Safari] + - Version [e.g. 15.3] + +**Server (please complete the following information):** +- Server OS [e.g. CentOS 7.3] +- Web Server [e.g. Apache 2.4.52] +- PHP Version [e.g. 7.4] +- SQL Variant and Version [e.g. MariaDB 10.2] + +**Additional context** +Add any other context about the problem here. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/critical_report.md b/.github/ISSUE_TEMPLATE/critical_report.md new file mode 100644 index 0000000..4924e7d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/critical_report.md @@ -0,0 +1,43 @@ +--- +name: Critical Bug Report +about: Something is critically broken +title: "[Critical Bug]: " +labels: critical, bug +assignees: userjack6880 + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Software Version** +[ ] Version 0 Alpha 8.1 +[ ] Version 0 Alpha 8 +[ ] Other + +**Desktop (please complete the following information):** + - OS [e.g. macOS] + - Browser [e.g. Safari] + - Version [e.g. 15.3] + +**Server (please complete the following information):** +- Server OS [e.g. CentOS 7.3] +- Web Server [e.g. Apache 2.4.52] +- PHP Version [e.g. 7.4] +- SQL Variant and Version [e.g. MariaDB 10.2] + +**Additional context** +Add any other context about the problem here. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/enhancement_request.md b/.github/ISSUE_TEMPLATE/enhancement_request.md new file mode 100644 index 0000000..e58e606 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement_request.md @@ -0,0 +1,11 @@ +--- +name: Enhancement Request +about: New feature or request +title: "[Request]: " +labels: enhancement +assignees: userjack6880 + +--- + +**Describe the bug** +A clear and concise description of what you want us to consider. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 0000000..505b033 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.md @@ -0,0 +1,11 @@ +--- +name: Question +about: Further information is requested +title: "[Question]: " +labels: question, help wanted +assignees: userjack6880 + +--- + +**Describe the bug** +What do you need help with? \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..417e4a0 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,41 @@ +# Pull Request Template + +## Description + +Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. + +Fixes # (issue) + +## Type of change + +Please delete options that are not relevant. + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] This change requires a documentation update + +## How Has This Been Tested? + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +**Test Configuration**: +* OS: +* OS Kernel Version: +* WebServer: +* WebServer Version: +* PHP Version: +* SQL Variant: +* SQL Version: + +## Checklist: + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] New and existing unit tests pass locally with my changes +- [ ] Any dependent changes have been merged and published in downstream modules +- [ ] I have checked my code and corrected any misspellings \ No newline at end of file diff --git a/README.md b/README.md index b2a7027..d17fbe9 100644 --- a/README.md +++ b/README.md @@ -4,17 +4,23 @@ This is Open DMARC Analyzer version 0 alpha-8 (0-α8) by John Bradley (john@syst Open DMARC Analyzer was written because there didn't seem to be a full-featured self-hosted report analyzer that provided enough details to make heads or tails of a large volume of DMARC reports that come into medium to large-sized organizations. While other solutions required paid subscriptions or have part of it hosted on AWS, Open DMARC Analyzer will run on any webserver that supports PHP 7.4+ and MySQL 15.1+. -# System Requirements -- http webserver -- php 7.4+ -- mysql 15.1+ or equivalent +# Requirements +- Apache 2 or equivalent +- PHP 5 (PHP 7 required for phpWhois) +- PHP PDO +- MySQL 15.1 or equivalent +- A database that is pre-populated with data from rrdmarc or dmarcts-report-parser # Dependencies -## Required - [jsmitty12/phpWhois](https://github.com/jsmitty12/phpWhois/) -It is highly recommended that you install this package using composer. Instructions are found on the package's git page. This is required, and will replace most GeoIP data if you disable the MaxMind DB reader package. +One of the following 2 packages are required to be installed. + +**[jsmitty12/phpWhois](https://github.com/jsmitty12/phpWhois/)** + +It is highly recommended that you install this package using composer. Instructions are found on the package's git page. This is required, and will replace most GeoIP data if you disable the MaxMind DB reader package. This package *will* require PHP 7. + +**[MaxMind DB Reader PHP API](https://github.com/maxmind/MaxMind-DB-Reader-php)** -## Optional - [MaxMind DB Reader PHP API](https://github.com/maxmind/MaxMind-DB-Reader-php) A note on this dependency - I've tried to write the one refrence to this external project as optional as possible, and it can almost completely be configured from config.php, due to the limitation of php namespace, I haven't come across a way that won't require you to dig deeper into the code if you happen to chose a compatible library to replace this MaxMind one. If you do wish to replace this library with another compatible one, the line in question is located in `includes\functions.php`: ```php $reader = new MaxMind\Db\Reader(GEO_DB); @@ -24,17 +30,104 @@ It is highly recommended that you install this package using composer. Instructi You will also need the GeoLite2 database from MaxMind (or any other compatible DB). It can be obtained from [here](https://dev.maxmind.com/geoip/geoip2/geolite2/). Open DMARC Analyzer makes use of the GeoLite2 City database. -The MaxMind library is not distributed with this project, and is ultimately an optional feature to the project as a whole. +The MaxMind library is not distributed with this project, and is ultimately an optional feature to the project as a whole, unless you are using PHP 5. + +# Setting up Open DMARC Analyzer + +Obtaining Open DMARC Analyzer through `git` is probably the easiest way, in addition to doing occasional pulls to get up-to-date versions. + +``` +git clone https://github.com/userjack6880/Open-DMARC-Analyzer.git +``` + +Optionally, a [zip file of the latest release](https://github.com/userjack6880/Open-DMARC-Analyzer/releases) can be downloaded. + +Once downloaded and installed in a desired directory, install either jsmitty12's phpWhois package or the MaxMind DB Reader package through composer. Rename `config.php.pub` to `config.php` and edit the configuration for your environment (see the next section on **Configuration Options** for details). Finally, run `install.php` to create the database view used by this software package. + +`install.php` should remove itself and `mysql.sql` once complete. If permissions aren't given, `install.php` may not delete those files. It is recommended to manually delete these. + +# Configuration Options + +**Database Options** +```php +define('DB_HOST', 'localhost'); +define('DB_USER', 'dmarc'); +define('DB_PASS', 'password'); +define('DB_NAME', 'dmarc'); +define('DB_PORT', '3306'); // default port 3306 +``` + +**Debug Settings** +```php +define('DEBUG', 1); +``` +*Not Currently Used* + +**Template Settings** +```php +define('TEMPLATE','openda'); +``` +This will load the visual templated located `templates/`. Simply name the directory the template is located in. Do not use a trailing slash. + +**Package Loader** +```php +define('AUTO_LOADER','vendor/autoload.php'); +``` +Should not need to change this setting unless using a non-standard composer installation. + +**GeoIP2 Settings** +```php +define('GEO_ENABLE', 1); +define('GEO_DB', 'includes/geolite2.mmdb'); +``` +Allows you to select between jsmitty12's phpWhois package and the MaxMind DB Reader package. The default is to use the MaxMind DB Reader package, as it provides the most relevant data to the user. To fall back to the jsmitty12's phpWhois package, change the `GEO_ENABLE` option to `0`. + +The second option, `GEO_DB` is used in conjunction with the MaxMind DB Reader package. The path to the MaxMind GeoIP database is relative to the root of the software package. + +**Date Range** +```php +define('DATE_RANGE', '-1w'); +``` +Defines the standard starting date range for data presented. All pages where dates are relevant start at a certain point and end at the time the page is loaded. This option defines where that starting point is, and the increment by which that starting date is changed. + +Valid date signifiers are `m`, `w`, and `d` for "month", "week", and "day". # Latest Changes -## 0-α8 +## 0-α8.1 + +- Added `CODE_OF_CONDUCT`, `CONTRIBUTING`, pull request template, issue templates, and organized documents into docs folder. +- Added basic installation script to add `report_stats` view from file and attempt to cleanup after itself. +- Further fleshed out `README.md` +- Improved compatibility with older SQL databases that do not support `INET6_ATON` or `INET6_NTOA`. +- Added SQL error output. + +See `CHANGELOG` under `docs` for full details of all changes. + +# Tested System Configurations + +| OS | HTTP | PHP | SQL | +| --------- | ------------- | ------ | --------------- | +| Debian 11 | Apache 2.4.52 | 7.4.25 | MariaDB 10.5.12 | +| CentOS 7 | Apache 2.4.6 | 5.4.16 | MariaDB 5.5.65 | + +If you have a system configuration not listed, and would like to contribue this data, please [provide feedback](https://github.com/userjack6880/Open-Dmarc-Analyzer/issues). + +# Release Cycle and Versioning + +This project regular release cycle is not yet determined. Versioning is under the Anomaly Versioning Scheme (2022), as outlined in `VERSIONING` under `docs`. + +# Contributing + +Public contributions are encouraged. Please review `CONTRIBUTING` under `docs` for contributing procedures. Additionally, please take a look at our `CODE_OF_CONDUCT`. By participating in this project you agree to abide by the Code of Conduct. + +# Contributors -- Rewrite of ODA for performance and visual improvements and feature simplification. -- Begin Documentation Process +Primary Contributors +- John Bradley - Initial Work -See `CHANGELOG.md` for full details of all changes. +Thanks to [all who contributed](https://github.com/userjack6880/Open-DMARC-Analyzer/graphs/contributors) and [have given feedback](https://github.com/userjack6880/Open-DMARC-Analyzer/issues?q=is%3Aissue). -# License +# Licenses -Open DMARC Analyzer is released under GNU GPLv3. See LICENSE. +Open DMARC Analyzer is released under GNU GPLv3. See `LICENSE`. diff --git a/config.php.pub b/config.php.pub index ea16a27..a1d891b 100644 --- a/config.php.pub +++ b/config.php.pub @@ -21,7 +21,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ -// MySQL Settings +// Database Settings define('DB_HOST', 'localhost'); define('DB_USER', 'dmarc'); @@ -44,7 +44,7 @@ define('AUTO_LOADER', 'vendor/autoload.php'); // autoloader for composer insta define('GEO_ENABLE', 1); // 0 - disable GeoIP2, 1 - enable GeoIP2 define('GEO_DB', 'includes/geolite2.mmdb'); // location of GeoIP2 database -// Defaults +// Date Range define('DATE_RANGE', '-1w'); diff --git a/CHANGELOG.md b/docs/CHANGELOG.md similarity index 83% rename from CHANGELOG.md rename to docs/CHANGELOG.md index 8aaf734..0fff78b 100644 --- a/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 0-α8.1 + +- Added `CODE_OF_CONDUCT.md`, `CONTRIBUTING.md`, pull request template, issue templates, and organized documents into docs folder. +- Added basic installation script to add `report_stats` view from file and attempt to cleanup after itself. +- Further fleshed out `README.md` +- Improved compatibility with older SQL databases that do not support `INET6_ATON` or `INET6_NTOA`. +- Added SQL error output. + ## 0-α8 - Rewrite of ODA for performance and visual improvements and feature simplification. diff --git a/docs/CODE_OF_CONDUCT.md b/docs/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..34ae487 --- /dev/null +++ b/docs/CODE_OF_CONDUCT.md @@ -0,0 +1,81 @@ +# Code of Conduct + +The Internet is a vast space with a diverse community of professionals and enthusaists with an equally vast set of interests and opinions. From this deep well of diversity comes a wellspring of fresh and bold ideas that can further humanity as a whole. But it is this same diversity that can lead to communication failures and discontent. + +This document, the Code of Conduct, serves as a general guideline on how the community revolving around this project, and all projects directly under my control, including those here on GitHub, the [System Anomaly](https://systemanomaly.com) website and web persona, personal and public social channels, and any other channels of communication spawned from these. These guidelines apply to everyone from myself at the top all the way down to those wishing to engage with these projects. + +Don't take this necessarially as a list of things which cannot be done. It is simply a guideline, which may be enhanced by a set of rules that apply to specific situations, which will be clearly posted if needed. + +Violations of this code of conduct are primarly enforced where it is applied, however violations outside of these spaces may preclude an individual from participation in these spaces. + +If you believe an individual has violated the Code of Conduct, please send an email to conduct@j3b.in. Please read the section titled **Reporting Guidelines** before doing so, and if you want to know how enforcement is handled, please read the section titled **Enforcement**. + +Thank You +John Bradley +(userjack6880) + +## The Code + +### Be Kind +The world can be tough at times, and we do not need to be reminded of this fact through these spaces. A kind, considerate, and welcoming demeanor makes this space a better place, and can make someone's day a little brighter. Welcome those who wish to engage with this space, regardless of identity. This includes, but is not limited to, members of any race, ethnicity, culture, national origin, immigration status, social and economic class, education level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion, and ability both mental and physical. + +### Be Respectful +In addition to being kind, throught he course of participation in these spaces, one should be considerate and respectful. Your contributions may be used by others, and you may use others' contributations, and your decisions will affect others. Take this in account when making these decisions. Additionally, you may disagree with the decision, action, or opinion of another individual, and vice-versa. Handle disagreements with respect to the other individual. Do not allow frustration to be an excuse for poor behavior, poor manners, or personal attacks. These spaces are intended to be welcoming, and making someone feel uncomfortable or threatened is not productive. Instead, try to understand where the other person is coming from, and make an attempt to address the issue. + +Additionally, the following actions are not considered kind, respectful, or acceptable: +- Violent threats or language directed against another person. +- Discriminatory jokes and language. +- Posting sexually explicit or violent material. +- Posting, or threatening to post, other people's personally identifying information (PII), also known as "doxing". +- Personal insults, especially using bigoted language such as racist or sexist terms. +- Unwelcomed attention or harassment, sexual or otherwise. No means no. +- Advocating for or encouraging the above behavior. + +## Enforcement +Breaking these guidelines does not always mean immediate expulsion from participation in these spaces. Infractions are investigated and handled on a case-by-case basis. Enforcement may come in many forms, from initial warnings for minor first-offense, requesting that the offending individual apologize to those who were harmed, to finally explusion for the most egregious violations of the Code of Conduct. + +Those put in charge of enforcement of the Code of Conduct, the Council, have final say in how it is enforced. A formal request for reconsideration is allowed, but reversasl in a decision is not guaranteed. + +## Council Members +- Chair: John Bradley (john@j3b.in) + +Because these projects are currently small in nature, the council consists of one member. Positions will open up as projects and related communities grow. The Code of Conduct will be updated as needed. + +## Reporting Guidelines +If you believe someone is violating the Code of Conduct, please email conduct@j3b.in. **All reports will remain confidential**. If a public statement is required in the course of enforcement, any identifying information will remain confidential **unless instructed otherwise** by those individuals. + +**If you believe anyone is in physical danger, please contact law enforcement first**. If you are unsure who needs to be contacted, please include that in your report and we will make an attempt to notify the appropriate agencies. + +If you are unsure if an incident is a violation of the Code of Conduct, report it anyways. Remember, **all reports will remain confidential**, and if a report isn't a violation, no harm will have been done. Likewise, if a violation isn't reported, nothing will be resolved. You will not be negatively looked upon if an incident isn't a violation, and knowing about these incidents will allow us to better adjust the Code of Conduct and processes related to the Code of Conduct as well as adjust specific rules and processes that apply to individual spaces. + +Please include in your report: +- Your contact info, so that we can get in touch with you for a follow up. +- Names, real or otherwise, so as long as it is able to allow us to identify the individual that violated the Code of Conduct. Include any witnesses that can back up your report. +- When and where the incident occured. Please be as specific as possible. Also indicate if the issue is ongoing. +- Your account of what occured, and a copy or link to any publicly available record of what occured. +- Any additional context or information that you believe may be relevant. + +## What Happens When We Receive a Report +When an incident is reported, the Council will acknolwedge as soon as possible to the individual that submitted the report that we received it an have begun investigations. Once this has occured, the Council will immediately review: +- What happened. +- If this was a violation of the Code of Conduct. +- Who violated the Code of Conduct. +- If this is ongoing or if there is a threat to someone's safety. + +If the violation is ongoing or a threat to safety, the Council will work immediately to resolve the situation as best as possible, and may delay an official response until the situation has been resolved. + +Once there is a clear picture of what occured, an official response will be issued. It may include: +- Nothing, if there is no violation. +- A public and/or private reprimand. +- A request for public and/or private apology. +- Request the violator to take a break from these spaces. +- Temporarially or permanently ban the violator from some or all of these spaces. + +The reporter will be notified of the Council's decision, and any related individuals will be contacted as needed. Public actions are reserved for the most severe violations of the Code of Conduct. + +## What If a Report Includes a Violation By a Council Member? +Currently, because the council consists solely of one member, it can be a difficult decision to make a report. This is understandable. There is no real good solution to this problem at this time. + +We still request that, if you are comfortable, to report a violation by the Council member, since this will give them an opportunity for self-reflection and self-correction. + +*All decisions* regarding violations by a Council member are considered public, and all reprimands to and apologies by a Council member will be public. Individuals making these reports will remain confidential unless instructed otherwise. \ No newline at end of file diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md new file mode 100644 index 0000000..c9d2e5f --- /dev/null +++ b/docs/CONTRIBUTING.md @@ -0,0 +1,34 @@ + +# How to contribute to Open DMARC Analyzer + +## **Bug Reporting** + +* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/userjack6880/Open-DMARC-Analyzer/issues). + +* If an open issue addressing the problem does not exist, [open a new one](https://github.com/userjack6880/Open-DMARC-Analyzer/issues/new). Be sure to include a title and clear description, and as much relevant information as possible, including error messages, screenshots, or configuration files. **Please sanitize any passwords or sensitive information**. + +## **Contributing Bugfixes and Patches** + +* Open a new GitHub pull request with the patch. Issue PRs to the main branch for bugfixes and patches. See **Contributing Feature Changes and Additions** for non-fixes. + +* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable. + +* Pull requests will be reviewed and encorporated once it has been tested. + +## **Contributing Feature Changes and Additions** + +* First issue a feature request under [Issues](https://github.com/userjack6880/Open-DMARC-Analyzer/issues/new) using the appropriate template. + +* Open a new GitHub pull request with the feature change or addition. Issue PRs to the testing branch and include in the PR description the relevant issue number. Changes will be pushed through to the dev branch once it has been tested, and could possibly become part of the main branch. + +## **Formatting PRs** + +Pull requests that are only formatting and whitespace changes will be rejected. + +## **Additional Info** + +Open DMARC Analyzer is a continually changing project. Contributions, requests, and bug reports help made it what it is today and continues to be a source of inspiration and continual improvement, and are greatly appreciated. + +Thank You +John Bradley +(userjack6880) \ No newline at end of file diff --git a/docs/VERSIONING.md b/docs/VERSIONING.md new file mode 100644 index 0000000..8eae482 --- /dev/null +++ b/docs/VERSIONING.md @@ -0,0 +1,50 @@ +# Versioning-Scheme + +This is a general guideline for all projects controlled by John Bradley (userjack6880) or part of the System Anomaly sphere of influence. This scheme shall be called the Anomaly Versioning Scheme (2022). + +## Overview +``` +Major - (Stage) SubMajor . Minor + +ex + +Alpha Project: 0-α1.6 Version 0 Alpha 1.6 +Feature Complete: 1-fc Version 1 Feature Complete +Beta Project: 1-β4 Version 1 Beta 4 +Release Candidate: 5-rc2 Version 5 Release Candidate 2 +Stable: 1 Version 1 +Stable Update: 1-u3 Version 1 Update 3 +``` + +## Stages +Project stages are defined as followed: +- Alpha: the project is still in a state where features may be added and serious errors and fixes are not the primary focus of development. This is the "get shit working" stage of development. Alpha versions are not production ready. These versions are denoted with the Greek letter α or the word "Alpha". +- Feature Complete: this project is still not in a state where fixes are the primary focus of development, but no new features are added. Existing features are fleshed out for full functionality before moving onto beta. It's still technically an Alpha version and is not production ready. Usually there will only be one feature complete version. These versions are denoted with "fc" or "Feature Complete". +- Beta: the project has moved onto bug fixes and error correcting. This is where everything is tested and polished. While not considered production ready, these versions can be put into production at the risk of the user, as no new features will be added. These version are denoted with the Greek letter β or the word "Beta". +- Release Candidate: the project is ready for release. It is assumed this version will become a stable release if no major bugs are found. Fixes are only applied to the Beta Stage and pushed back up to a new Release Candidate version. During this stage, documentation is completed. These versions are denoted with "rc" or "Release Candidate". +- Stable: the project is finally released. No major bugs are known, all features are implemented, and the software is production safe. These have no denotations unless an update is issued. +- Stable Update: A major fix was applied or a minor feature update was issued. These are denoted with "u" or "Update". + +## Major Versions +Major versions are established in one of two ways. Initial project creation has a major version number of 0, but are incremented to version 1 once it becomes feature complete. Feature completeness means that no major features will be added to this version. Additional features are agregated into the next version, which may begin as soon as a version exits alpha and begins beta testing. + +## Submajor Versions +Submajor version are limited to the stage of development in which the code was changed. Submajor changes also vary depending on stage of development. + +- Alpha submajor versions include significant rewrites of the code or new features added. +- Feature Complete code does not have a submajor. +- Beta submajor versions are included when a major bug is fixed, a feature is fleshed out, or there is a significant rewrite to accomplished either goal. +- Release Candidate submajor versions are issued if a major bug is found and fixed. The first submajor release candidate version will not have a number attached. +- Stable submajor versions are issued if a major bug is found and fixed or a feature is tweaked after release. Stable submajor versions add the stage indicater "u" or "Update". + +## Minor Versions +Minor versions are updates to submajor versions. Like submajor versions, these also vary depending on stage of development. + +- Alpha minor versions are very minor code changes, like a small tweak to a variable or changing single digit lines. +- Feature Complete code does not have minor versions. +- Beta minor versions are like Alpha minor versions, and are very minor code changes. +- Release Candidate code does not have minor versions. +- Stable code does not have minor versions. + +# Implementation +This versioning system will be implemented on date of publish (29 March, 2022), and projects will be updated accordingly. \ No newline at end of file diff --git a/includes/db.php b/includes/db.php index 0916f8b..92af7a5 100644 --- a/includes/db.php +++ b/includes/db.php @@ -47,6 +47,11 @@ function dbQuery($pdo, $statement, $params) { else { $query->execute(); } + if($query->errorCode() != 0) { + $errors = $query->errorInfo(); + echo " failed: ".$errors[2]."
"; + exit(); + } } catch (PDOException $e) { echo 'Could not perform query: '.$e->getMessage(); @@ -55,7 +60,6 @@ function dbQuery($pdo, $statement, $params) { $rows = []; while ($row = $query->fetch(PDO::FETCH_ASSOC)) { - $row = array_map('htmlspecialchars', $row); array_push($rows, $row); } $query = null; diff --git a/includes/functions.php b/includes/functions.php index 09572b6..4bff104 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -55,8 +55,8 @@ function get_ip($ip4, $ip6) { $array['ipv4'] = true; return $array; } - if ($ip6) { - $array['ip'] = $ip6; + else { + $array['ip'] = inet_ntop($ip6); $array['ipv4'] = false; return $array; } @@ -132,7 +132,7 @@ function dashboard($dateRange,$domain) { // details if a specific domain is selected if ($domain != "all") { // new stat query - $statement = "SELECT ip, INET6_NTOA(ip6) as ip6, + $statement = "SELECT ip, ip6, SUM(rcount) as messages, SUM(compliant) as compliant, SUM(none) as none, @@ -271,9 +271,13 @@ function reportDashboard($report) { function getDomains($dateRange) { $pdo = dbConn(); $startDate = date("Y-m-d H:i:s",strtotime(strtolower("-".dateNum($dateRange)." ".dateWord($dateRange)))); - $statement = "SELECT UNIQUE domain FROM report WHERE mindate BETWEEN :startdate AND NOW()"; + $statement = "SELECT DISTINCT domain FROM report WHERE mindate BETWEEN :startdate AND NOW()"; $params[':startdate'] = $startDate; $domains = dbQuery($pdo, $statement, $params); + foreach ($domains as $key => $domain) { + $domain = array_map('htmlspecialchars', $domain); + $domains[$key] = $domain; + } $pdo = NULL; return $domains; } diff --git a/includes/template.php b/includes/template.php index 267121f..d4830c5 100644 --- a/includes/template.php +++ b/includes/template.php @@ -24,7 +24,7 @@ // Versioning ----------------------------------------------------------------- function oda_version() { - echo "0-α8"; + echo "0-α8.1"; } @@ -52,17 +52,23 @@ function control_bar($page, $domain, $dateRange, $ip = '') { // pages that need domain controls if ($page == "index" || $page == "sender") { - echo "
\n"; $domains = getDomains($dateRange); if (count($domains) == 1 && $page != "sender") { $domain = $domains[0]['domain']; + echo "
\n"; + } + else { + echo "
\n"; } // Show if all domains are being shown or a single domain echo "
\n"; if ($page == "index" ) { - if ($domain == "all") { + if (count($domains) == 1) { + echo "Since $startdate\n"; + } + else if ($domain == "all") { echo "

All Domains


\n Since $startdate\n"; } @@ -85,21 +91,24 @@ function control_bar($page, $domain, $dateRange, $ip = '') { echo "
\n"; // Domain Selection and Date Selection - echo "
\n -
\n + echo "
\n"; + + if (count($domains) > 1) { + echo "\n \n + foreach ($domains as $listDomain) { + echo "\n"; + } + echo "\n \n \n \n \n
\n"; + } // date selection -1 unit in config $datePrev = $dateNum+1; @@ -142,6 +151,7 @@ function overview_bar($stats, $domain) { if ($domain == "all") { $domain_count = 0; foreach ($stats as $stat) { + $stat = array_map('htmlspecialchars',$stat); $total = $total+$stat['total_messages']; if ($stat['none'] > 0) { $dmarc_none = $dmarc_none+$stat['none']; } if ($stat['quarantine'] > 0) { $dmarc_quar = $dmarc_quar+$stat['quarantine']; } @@ -156,10 +166,13 @@ function overview_bar($stats, $domain) { // clunky, but detects if we have more than one domain, and changes all to a single domain if it's just one if ($domain_count == 1) { - $domain = $stats[0]['domain']; + $domain = $stats[0]['domain']; + $policy = ucfirst($stats[0]['policy_p']); + $policy_pct = $stats[0]['policy_pct']; } } else { + $stats[0] = array_map('htmlspecialchars',$stats[0]); $total = $stats[0]['total_messages']; $policy = ucfirst($stats[0]['policy_p']); $policy_pct = $stats[0]['policy_pct']; @@ -230,6 +243,7 @@ function overview_bar($stats, $domain) { // Overview Bar --------------------------------- function domain_overview($stats, $dateRange) { foreach ($stats as $stat) { + $stat = array_map('htmlspecialchars',$stat); // extract stats $dmarc_none = 0; $dmarc_quar = 0; @@ -319,6 +333,7 @@ function domain_details($stats, $domain, $dateRange) { // extract stats - this'll be sorted by senderIP $ip = get_ip($stat['ip'], $stat['ip6']); + $stat = array_map('htmlspecialchars',$stat); $messages = $stat['messages']; if ($stat['compliant'] > 0) { $compliant = $stat['compliant']; } if ($stat['none'] > 0) { $none = $stat['none']; } @@ -331,10 +346,19 @@ function domain_details($stats, $domain, $dateRange) { // calculate stats $dmarc_comp_pct = number_format(100 * ($compliant / $messages)); - $dkim_comp_pct = number_format(100 * ($dkim_align / $none)); - $dkim_pass_pct = number_format(100 * ($dkim_pass / $none)); - $spf_comp_pct = number_format(100 * ($spf_align / $none)); - $spf_pass_pct = number_format(100 * ($spf_pass / $none)); + if ($none > 0) { + $dkim_comp_pct = number_format(100 * ($dkim_align / $none)); + $dkim_pass_pct = number_format(100 * ($dkim_pass / $none)); + $spf_comp_pct = number_format(100 * ($spf_align / $none)); + $spf_pass_pct = number_format(100 * ($spf_pass / $none)); + } + else { + // sometimes we get entries that are full reject + $dkim_comp_pct = 0; + $dkim_pass_pct = 0; + $spf_comp_pct = 0; + $spf_pass_pct = 0; + } // now present echo "
\n @@ -401,9 +425,15 @@ function sender_details($geo_data, $stats, $domain, $dateRange, $ip) { } // present the data, obi-wan - echo "
\n -
\n -
\n + if (GEO_ENABLE) { + echo "
\n +
\n"; + } + else { + echo "
\n +
\n"; + } + echo "
\n
\n"; if ($ip != '') { echo "$ip
\n"; } @@ -417,9 +447,14 @@ function sender_details($geo_data, $stats, $domain, $dateRange, $ip) { echo "
\n
\n -
\n - \n -
\n +
\n"; + + // if there's no maxmind data, then there's no map to find + if (GEO_ENABLE) { + echo "\n"; + } + + echo "
\n
\n
\n"; @@ -438,6 +473,7 @@ function sender_details($geo_data, $stats, $domain, $dateRange, $ip) { } foreach ($stats as $stat) { + $stat = array_map('htmlspecialchars',$stat); $dkimresult = $stat['dkimresult'] ?: 'unknown'; $dkim_align = $stat['dkim_align'] ?: 'unknown'; $spfresult = $stat['spfresult'] ?: 'unknown'; @@ -467,6 +503,11 @@ function sender_details($geo_data, $stats, $domain, $dateRange, $ip) { } function report_details($data, $report) { + + if ($data[0]['ip6'] != '') { $ip = $data[0]['ip6']; } + $data[0] = array_map('htmlspecialchars',$data[0]); + if ($data[0]['ip6'] != '') { $data[0]['ip6'] = $ip; } + if ($data[0]['policy_adkim'] == 'r') { $dkim_policy = 'Relaxed'; } else if ($data[0]['policy_adkim'] == 's') { $dkim_policy = 'Strict'; } else { $dkim_policy = 'unknown'; } @@ -526,6 +567,7 @@ function report_details($data, $report) { foreach ($data as $row) { $ip = get_ip($row['ip'],$row['ip6']); + $row = array_map('htmlspecialchars',$row); $dkimresult = $row['dkimresult'] ?: 'unknown'; $dkim_align = $row['dkim_align'] ?: 'unknown'; $spfresult = $row['spfresult'] ?: 'unknown'; diff --git a/install.php b/install.php new file mode 100644 index 0000000..11f53b9 --- /dev/null +++ b/install.php @@ -0,0 +1,92 @@ +. +*/ + +// Includes +include_once 'includes.php'; + +// Connect to database + +echo "connecting to database..."; +$pdo = dbConn(); +echo " success
"; + +// Read in file and build statement +$statement =''; + +echo "opening file..."; +$lines = file('mysql.sql'); +echo " success
"; + +foreach ($lines as $line) +{ + echo "→ $line
"; + // skip comments + if (substr($line, 0, 2) == '--' || $line == '') { continue; } + + // add line to statement + $statement .= $line; + + // check for end of query and run it + if (substr(trim($line), -1, 1) == ';') { + try { + echo "performing query..."; + $query = $pdo->prepare($statement); + $query->execute(); + + if($query->errorCode() != 0) { + $errors = $query->errorInfo(); + echo " failed: ".$errors[2]."
"; + exit(); + } + } + catch (PDOException $e) { + echo " failed: ".$e->getMessage()."
"; + exit(); + } + echo " success
"; + $query = NULL; + $statement = ''; + } +} + +echo "database successfully updated
"; + +// kill the PDO +$pdo = NULL; + +echo "deleting installation files
"; + +if (unlink('mysql.sql') == true) { + echo "DELETED → mysql.sql
"; +} +else { + echo "FAILED → mysql.sql
"; +} + +if (unlink(__FILE__) == true) { + echo "DELETED → install.php
"; +} +else { + echo "FAILED → install.php
"; +} +?> diff --git a/mysql.sql b/mysql.sql index cc65ae7..1d41a4a 100644 --- a/mysql.sql +++ b/mysql.sql @@ -1,4 +1,4 @@ -CREATE VIEW report_stats AS ( +CREATE VIEW IF NOT EXISTS report_stats AS ( SELECT report.serial, domain, rcount, disposition, reason, policy_p, policy_pct, dkimdomain, dkimresult, dkim_align,