From 5991a0c6354954e6bca213e6791d67ec23c3a654 Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Tue, 10 May 2016 09:24:53 +0200
Subject: [PATCH] gestione utenze e fix vari

---
 core/function.php            | 36 ++++++++++++++++++++
 proxy/acl_edit.php           | 11 ++++---
 proxy/pool_acl.php           |  2 +-
 proxy/pool_ip.php            |  2 +-
 proxy/pool_lista.php         |  2 +-
 proxy/squid_acl/squid_acl.pl |  3 +-
 proxy/users_edit.php         | 64 ++++++++++++++++++++++++++++--------
 proxy/users_gest.php         |  6 +++-
 proxy/users_lista.php        | 16 ++++++---
 proxy/users_pwd.php          | 21 ++++++++++++
 10 files changed, 136 insertions(+), 27 deletions(-)
 create mode 100755 proxy/users_pwd.php

diff --git a/core/function.php b/core/function.php
index e0c17e3..7886077 100755
--- a/core/function.php
+++ b/core/function.php
@@ -505,4 +505,40 @@ function byteConvert($bytes) {
 	return sprintf('%.2f '.$s[$e], ($bytes/pow(1024, $e)));
 }
 
+function generateStrongPassword($length = 9, $add_dashes = false, $available_sets = 'luds') {
+	$sets = array();
+
+	if(strpos($available_sets, 'l') !== false)
+		$sets[] = 'abcdefghjkmnpqrstuvwxyz';
+	if(strpos($available_sets, 'u') !== false)
+		$sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
+	if(strpos($available_sets, 'd') !== false)
+		$sets[] = '23456789';
+	if(strpos($available_sets, 's') !== false)
+		$sets[] = '!@#$%&*?';
+
+	$all = '';
+	$password = '';
+	foreach($sets as $set)
+	{
+		$password .= $set[array_rand(str_split($set))];
+		$all .= $set;
+	}
+	$all = str_split($all);
+	for($i = 0; $i < $length - count($sets); $i++)
+		$password .= $all[array_rand($all)];
+	$password = str_shuffle($password);
+	if(!$add_dashes)
+		return $password;
+	$dash_len = floor(sqrt($length));
+	$dash_str = '';
+	while(strlen($password) > $dash_len)
+	{
+		$dash_str .= substr($password, 0, $dash_len) . '-';
+		$password = substr($password, $dash_len);
+	}
+	$dash_str .= $password;
+	return $dash_str;
+}
+
 ?>
diff --git a/proxy/acl_edit.php b/proxy/acl_edit.php
index 54d7402..7cd07f7 100755
--- a/proxy/acl_edit.php
+++ b/proxy/acl_edit.php
@@ -61,6 +61,7 @@ if ($id) {
 				id,
 				nome,
 				attivo,
+				dflt,
 				DATE_FORMAT(data, '%d.%m.%Y %H:%i:%s') AS data
 			FROM
 				proxy_acl_list
@@ -80,6 +81,8 @@ if ($id) {
 				proxy_acl
 			WHERE
 				idacllist = $id
+			ORDER BY
+				rif
 			";
 	$res = mysql_query( $query, $DB_ID );
 }
@@ -114,13 +117,13 @@ if ($dato['attivo']) {
 		<tr>
 			<td rowspan=2 class="descrizione_c">Default</td>
 			<td class="descrizione_c">Nega</td>
-			<td class="descrizione_c">Ignora</td>
+			<td class="descrizione_c">Default</td>
 			<td class="descrizione_c">Autorizza</td>
 		</tr>
 		<tr>
-			<td class="radio"><input type="radio" name="dflt" value=-1 <?php if ($dflt == -1) { print "checked=\"checked\""; } ?> ></td>
-			<td class="radio"><input type="radio" name="dflt" value=0  <?php if ($dflt ==  0) { print "checked=\"checked\""; } ?> ></td>
-			<td class="radio"><input type="radio" name="dflt" value=1  <?php if ($dflt ==  1) { print "checked=\"checked\""; } ?> ></td>
+			<td class="radio"><input type="radio" name="dflt" value=-1 <?php if ($dato['dflt'] == -1) { print "checked=\"checked\""; } ?> ></td>
+			<td class="radio"><input type="radio" name="dflt" value=0  <?php if ($dato['dflt'] ==  0) { print "checked=\"checked\""; } ?> ></td>
+			<td class="radio"><input type="radio" name="dflt" value=1  <?php if ($dato['dflt'] ==  1) { print "checked=\"checked\""; } ?> ></td>
 		</tr>
 		</table>
 		</td>
diff --git a/proxy/pool_acl.php b/proxy/pool_acl.php
index bfacd74..c18ce56 100755
--- a/proxy/pool_acl.php
+++ b/proxy/pool_acl.php
@@ -94,7 +94,7 @@ function do_submit() {
 		<td class="descrizione">Indirizzo IP</td>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="radio">Nega</td>
-		<td class="radio">Ignora</td>
+		<td class="radio">Default</td>
 		<td class="radio">Autorizza</td>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="descrizione">Nome Lista</td>
diff --git a/proxy/pool_ip.php b/proxy/pool_ip.php
index 66318ff..d99f53e 100755
--- a/proxy/pool_ip.php
+++ b/proxy/pool_ip.php
@@ -61,7 +61,7 @@ if (isset($_GET['ip'])) {
 <?php	} else { ?>
 		<td rowspan=2 class="col3btn"><a href="pool_gest.php?azione=limita&ip=<?php print $dato['ip']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Utente non limitato" TITLE="Utente non limitato"></a></td>
 <?php	} ?>
-		<td rowspan=2 class="colip"><?php print $dato['ip'] ?></td>
+		<td rowspan=2 class="colip"><?php print $ip ?></td>
 
 		<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="colip"><?php print $dato['first'] ?></td>
diff --git a/proxy/pool_lista.php b/proxy/pool_lista.php
index e389b81..5ff23db 100755
--- a/proxy/pool_lista.php
+++ b/proxy/pool_lista.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti(10);
 view_top();
 
 if (isset($_POST['tempo'])) {
diff --git a/proxy/squid_acl/squid_acl.pl b/proxy/squid_acl/squid_acl.pl
index 1c60d10..9260ada 100755
--- a/proxy/squid_acl/squid_acl.pl
+++ b/proxy/squid_acl/squid_acl.pl
@@ -44,7 +44,8 @@ while($limit) {
 			print "OK\n";
 		} else {
 			print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
-			print "DENY2\n";
+#			print "DENY\n";
+			print "\n";
 		}
 	}
 }
diff --git a/proxy/users_edit.php b/proxy/users_edit.php
index e19def2..a6a0a63 100755
--- a/proxy/users_edit.php
+++ b/proxy/users_edit.php
@@ -26,23 +26,55 @@ if (isset($_POST['id'])) {
 	if ($pwd == -1) {
 		print "ERRORE le password devono coincidere";
 	} else {
-		$query = "	UPDATE
-					proxy_utenti
-				SET
-					user = '$user',
-					fullname = '$fullname',
-					ip = '$ip',
-					$pwd
-					modifica = NOW()
-				WHERE
-					id = $id	
-		";
+		if ($id) {
+			$query = "	UPDATE
+						proxy_utenti
+					SET
+						user = '$user',
+						fullname = '$fullname',
+						ip = '$ip',
+						$pwd
+						modifica = NOW()
+					WHERE
+						id = $id	
+			";
+		} else {
+			$query = "	INSERT INTO
+						proxy_utenti
+					SET
+						user = '$user',
+						fullname = '$fullname',
+						ip = '$ip',
+						$pwd
+						data = NOW(),
+						modifica = NOW(),
+						attivo = 0
+			";
+		}
+
 		$res = mysql_query( $query, $DB_ID );
+		if ($id == "") {
+			$id = mysql_insert_id();
+?>
+			<script type="text/javascript">
+				document.location.href='users_edit.php?id=<?php print $id ?>'
+			</script>
+<?php
+			exit;
+		}
 	}
 } elseif (isset($_GET['id'])) {
 	$id = $_GET['id'];
 }
 ?>
+<script type="text/javascript">
+function getvalue() {
+	MyIFrame = document.getElementById("chkpwd");
+	MyIFrame.src = "users_pwd.php";
+}
+</script>
+
+<iframe id="chkpwd" style="display:none; visibility:hidden;"></iframe>
 
 <form name="" method="post">
 <input type="hidden" name="id" value="<?php print $id ?>">
@@ -121,10 +153,14 @@ if ($dato['attivo']) {
 	</tr>
 	<tr>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="colip"><input type="password" size="16" name=pwd1></td>
+		<td class="colip"><input type="password" size="16" name=pwd1 id=pwd1></td>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="colip"><input type="password" size="16" name=pwd2></td>
-		<td colspan="7" class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><input type="password" size="16" name=pwd2 id=pwd2></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="spazioh"><input type="button" value="Genera password" onclick="window.open('users_pwd.php','_blank','width=1,toolbar=0,resizable=0,scrollbars=no,height=1,top=0,left=0,visible=none');"></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><input id=pwd type=text></p></td>
+		<td colspan="3" class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 	</tr>
 	<tr><td class="spaziov" colspan=10><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
 	<tr><td class="spaziov" colspan=10><input type="submit" value="Conferma"></td></tr>
diff --git a/proxy/users_gest.php b/proxy/users_gest.php
index aadfd07..bd567d5 100755
--- a/proxy/users_gest.php
+++ b/proxy/users_gest.php
@@ -30,6 +30,11 @@ if (isset($_GET['id'])) {
 				mysql_query( $query, $DB_ID );
 				$testo = "Utente Disabilitato";
 			break;
+			case "rimuovi":
+				$query = "DELETE FROM proxy_utenti WHERE id = $id";
+				mysql_query( $query, $DB_ID );
+				$testo = "Utente Eliminato";
+			break;
 			default:
 				$testo = "Regola non implementata";
 			break;
@@ -38,6 +43,5 @@ if (isset($_GET['id'])) {
 }
 ?>
 <script type="text/javascript">
-	confirmation ('<?php print "$testo" ?>');
 	document.location.href='<?php print $_SERVER['HTTP_REFERER']?>'
 </script>
diff --git a/proxy/users_lista.php b/proxy/users_lista.php
index ecb8b73..f58d125 100755
--- a/proxy/users_lista.php
+++ b/proxy/users_lista.php
@@ -6,6 +6,11 @@ view_top();
 ?>
 
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
+	<tr>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="spazioh"><a href="users_edit.php"><img src="<?php print $CONF['base_url'] ?>/img/addresource.png"></a></td>
+		<td colspan=9 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+	</tr>
 <?php
 $query = "	SELECT 
 			id,
@@ -24,15 +29,18 @@ $res = mysql_query( $query, $DB_ID );
 while ($dato = mysql_fetch_array ( $res )) {
 ?>
 
+
 	<tr>
 <?php
 	if ($dato['attivo']) {
 ?>
-		<td class="col3btn"><a href="users_gest.php?azione=blocca&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Utente Attivo" TITLE="Utente Attivo"></a></td>
+		<td class="spazioh"><a href="users_gest.php?azione=blocca&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Utente Attivo" TITLE="Utente Attivo"></a></td>
 <?php	} else { ?>
-		<td class="col3btn"><a href="users_gest.php?azione=abilita&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="Utente non Attivo" TITLE="Utente non Attivo"></a></td>
+		<td class="spazioh"><a href="users_gest.php?azione=abilita&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="Utente non Attivo" TITLE="Utente non Attivo"></a></td>
 <?php	} ?>
-		<td class="col3btn"><a href="users_edit.php?id=<?php print $dato['id'] ?>"><img src="<?php print $CONF['base_url'] ?>/img/modify.gif" ALT="Dettaglio" TITLE="Dettaglio"></a></td>
+		<td class="spazioh"><a href="users_gest.php?azione=rimuovi&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/trash.png"></a></td>
+
+		<td class="spazioh"><a href="users_edit.php?id=<?php print $dato['id'] ?>"><img src="<?php print $CONF['base_url'] ?>/img/modify.gif" ALT="Dettaglio" TITLE="Dettaglio"></a></td>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 
 		<td class="colip"><?php print $dato['user'] ?></td>
@@ -48,7 +56,7 @@ while ($dato = mysql_fetch_array ( $res )) {
 
 		</td>
 	</tr>
-	<tr><td class="spaziov" colspan=13><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr><td class="spaziov" colspan=11><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
 
 <?php
 } ?>
diff --git a/proxy/users_pwd.php b/proxy/users_pwd.php
new file mode 100755
index 0000000..5464437
--- /dev/null
+++ b/proxy/users_pwd.php
@@ -0,0 +1,21 @@
+<?php
+include_once ("../core/config.php");
+$UTENTE = login();
+$DIRITTI = diritti(1);
+?>
+<script type="text/javascript">
+<!--
+function invia(value) {
+	window.opener.document.getElementById('pwd').value = value;
+	window.opener.document.getElementById('pwd1').value = value;
+	window.opener.document.getElementById('pwd2').value = value;
+	window.close();
+}
+//-->
+</script>
+
+<?php
+?>
+<script type="text/javascript">
+	invia ('<?php print generateStrongPassword(9, false, "lud") ?>');
+</script>