From 94e43fe557a6f05f366595d402178397030004ee Mon Sep 17 00:00:00 2001
From: Jordan Wright <jmwright798@gmail.com>
Date: Sun, 31 Jan 2016 19:50:41 -0600
Subject: [PATCH] Initial commit - adding db migration as well as the logic to
 add the payload

---
 controllers/route.go                          | 36 +++++++++++++++++--
 db/dbconf.yml                                 |  5 +++
 ...20160131153104_0.1.2_add_event_details.sql |  8 +++++
 models/campaign.go                            |  1 +
 models/models.go                              |  1 +
 static/css/main.css                           |  8 +++++
 static/js/app/campaign_results.js             | 13 +++++--
 7 files changed, 68 insertions(+), 4 deletions(-)
 create mode 100644 db/dbconf.yml
 create mode 100644 db/migrations/20160131153104_0.1.2_add_event_details.sql

diff --git a/controllers/route.go b/controllers/route.go
index 5276811f..78a466e7 100644
--- a/controllers/route.go
+++ b/controllers/route.go
@@ -1,11 +1,13 @@
 package controllers
 
 import (
+	"encoding/json"
 	"fmt"
 	"html/template"
 	"log"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 
 	"github.com/gophish/gophish/auth"
@@ -120,7 +122,12 @@ func PhishTracker(w http.ResponseWriter, r *http.Request) {
 // PhishHandler handles incoming client connections and registers the associated actions performed
 // (such as clicked link, etc.)
 func PhishHandler(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
+	err := r.ParseForm()
+	if err != nil {
+		Logger.Println(err)
+		http.NotFound(w, r)
+		return
+	}
 	id := r.Form.Get("rid")
 	if id == "" {
 		http.NotFound(w, r)
@@ -140,7 +147,32 @@ func PhishHandler(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		Logger.Println(err)
 	}
-	c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED})
+	switch {
+	case r.Method == "GET":
+		err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED})
+		if err != nil {
+			Logger.Println(err)
+		}
+	case r.Method == "POST":
+		// If data was POST'ed, let's record it
+		// Store the data in an event
+		d := struct {
+			Payload url.Values        `json:"payload"`
+			Browser map[string]string `json:"browser"`
+		}{
+			Payload: r.Form,
+		}
+		rj, err := json.Marshal(d)
+		if err != nil {
+			Logger.Println(err)
+			http.NotFound(w, r)
+			return
+		}
+		c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_DATA_SUBMIT, Details: string(rj)})
+		if err != nil {
+			Logger.Println(err)
+		}
+	}
 	w.Write([]byte(p.HTML))
 }
 
diff --git a/db/dbconf.yml b/db/dbconf.yml
new file mode 100644
index 00000000..819cc99a
--- /dev/null
+++ b/db/dbconf.yml
@@ -0,0 +1,5 @@
+production:
+    driver: sqlite3 
+    open: gophish.db
+    dialect: sqlite3
+    import: github.com/mattn/go-sqlite3
diff --git a/db/migrations/20160131153104_0.1.2_add_event_details.sql b/db/migrations/20160131153104_0.1.2_add_event_details.sql
new file mode 100644
index 00000000..e8cc90f1
--- /dev/null
+++ b/db/migrations/20160131153104_0.1.2_add_event_details.sql
@@ -0,0 +1,8 @@
+
+-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+ALTER TABLE events ADD COLUMN details BLOB;
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
diff --git a/models/campaign.go b/models/campaign.go
index 644f3868..b29d79bd 100644
--- a/models/campaign.go
+++ b/models/campaign.go
@@ -108,6 +108,7 @@ type Event struct {
 	Email      string    `json:"email"`
 	Time       time.Time `json:"time"`
 	Message    string    `json:"message"`
+	Details    string    `json:"details"`
 }
 
 // GetCampaigns returns the campaigns owned by the given user.
diff --git a/models/models.go b/models/models.go
index 68c8d09c..2e296603 100644
--- a/models/models.go
+++ b/models/models.go
@@ -33,6 +33,7 @@ const (
 	EVENT_SENDING_ERROR  string = "Error Sending Email"
 	EVENT_OPENED         string = "Email Opened"
 	EVENT_CLICKED        string = "Clicked Link"
+	EVENT_DATA_SUBMIT    string = "Submitted Data"
 	STATUS_SUCCESS       string = "Success"
 	STATUS_UNKNOWN       string = "Unknown"
 	ERROR                string = "Error"
diff --git a/static/css/main.css b/static/css/main.css
index 4c6c4656..572dbe55 100644
--- a/static/css/main.css
+++ b/static/css/main.css
@@ -433,3 +433,11 @@ table.dataTable thead .sorting_desc:after {
 	color:#999999;
 	font-style:italic;
 }
+.timeline-event-details {
+	font-size:16px;
+	margin-top:5px;
+	cursor:pointer;
+}
+.timeline-event-details>.table-responsive{
+	display:none;
+}
diff --git a/static/js/app/campaign_results.js b/static/js/app/campaign_results.js
index 440b3439..51d77e79 100644
--- a/static/js/app/campaign_results.js
+++ b/static/js/app/campaign_results.js
@@ -38,6 +38,12 @@ var statuses = {
         label: "label-default",
         icon: "fa-times"
     },
+    "Submitted Data":{
+        slice: "ct-slice-donut-clicked",
+        legend: "ct-legend-clicked",
+        label: "label-danger",
+        icon: "fa-exclamation"
+    },
     "Unknown": {
         slice: "ct-slice-donut-error",
         legend: "ct-legend-error",
@@ -122,8 +128,11 @@ function renderTimeline(data) {
                 '    <div class="timeline-icon ' + statuses[event.message].label + '">' +
                 '    <i class="fa ' + statuses[event.message].icon + '"></i></div>' +
                 '    <div class="timeline-message">' + event.message +
-                '    <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span></div>'
-            results += '</div>'
+                '    <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
+	    if (event.details) {
+	    	results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'
+	    }
+            results += '</div></div>'
         }
     })
     results += '</div></div>'