From 2ecc6266d911e9dee5213bf2cdae64c7d926a868 Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Thu, 12 May 2016 16:57:15 +0200
Subject: [PATCH 1/5] Inserimento richiesta di conferma

---
 TODO                 |  6 +++--
 proxy/proxy_gest.php | 64 +++++++++++++++++++++++++++++---------------
 2 files changed, 47 insertions(+), 23 deletions(-)

diff --git a/TODO b/TODO
index f7653c5..1310c86 100644
--- a/TODO
+++ b/TODO
@@ -1,7 +1,9 @@
 # Moduli da implementare
-- Proxy
+- Accesso Desktop
 - Firewall
 - DHCP
 - Routing
 
-
+# Proxy
+- Possibilita' per gli utenti proxy di cambiarsi la password
+- gestione generazione gruppi utenze
diff --git a/proxy/proxy_gest.php b/proxy/proxy_gest.php
index 4409bee..c0c56a2 100755
--- a/proxy/proxy_gest.php
+++ b/proxy/proxy_gest.php
@@ -2,6 +2,11 @@
 include_once ("../core/config.php");
 $UTENTE = login();
 $DIRITTI = diritti(1);
+
+// _SERVER["HTTP_REFERER"]
+// _SERVER["PHP_SELF"]
+// _SERVER["REQUEST_URI"]
+
 ?>
 <html>
 <head>
@@ -19,78 +24,95 @@ if (isset($_GET['id'])) {
 	$id = $_GET['id'];
 	if (isset($_GET['azione'])) {
 		$azione = $_GET['azione'];
+		$genera = 0;
 		switch ($azione) {
 			case "net_up":
 				$query = "UPDATE proxy_net SET attivo = 1 WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate l'abilitazione della rete?";
 			break;
 			case "net_down":
 				$query = "UPDATE proxy_net SET attivo = 0 WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate la disabilitazione della rete?";
 			break;
 			case "net_rm":
 				$query = "DELETE FROM proxy_net WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate la rimozione della rete?";
 			break;
 
 			case "acl_up":
 				$query = "UPDATE proxy_acl_list SET attivo = 1, data = NOW() WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate l'abilitazione della ACL?";
 			break;
 			case "acl_down":
 				$query = "UPDATE proxy_acl_list SET attivo = 0, data = NOW() WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate la disabilitazione della ACL?";
 			break;
 			case "link_up":
 				$query = "UPDATE proxy_acl SET attivo = 1, data = NOW() WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate l'abilitazione dell'URL?";
 			break;
 			case "link_down":
 				$query = "UPDATE proxy_acl SET attivo = 0, data = NOW() WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate la disabilitazione dell'URL?";
 			break;
 			case "link_rm":
 				$query = "DELETE FROM proxy_acl WHERE id = $id";
-				mysql_query( $query, $DB_ID );
+				$testo = "Confermate la cancellazione dell'URL?";
 			break;
 
 			case "pool_ins":
 				$query = "INSERT INTO proxy_pool (ip, pool, attivo, ins) VALUES ('$id', 1, 1, NOW()) ON DUPLICATE KEY UPDATE attivo = 1";
-				mysql_query( $query, $DB_ID );
-				genera($DB_ID);
+				$testo = "Confermate l'inserimento dell'indirizzo IP nel pool di limitazione?";
+				$genera = 1;
 			break;
 			case "pool_rem":
 				$query = "INSERT INTO proxy_pool (ip, pool, attivo, ins) VALUES ('$id', 1, 0, NOW()) ON DUPLICATE KEY UPDATE attivo = 0";
-				mysql_query( $query, $DB_ID );
-				genera($DB_ID);
+				$testo = "Confermate la rimozione dell'indirizzo IP dal pool di limitazione?";
+				$genera = 1;
 			break;
 
 			case "user_up":
 				$query = "UPDATE proxy_utenti SET attivo = 1 WHERE id = $id";
-				mysql_query( $query, $DB_ID );
-				$testo = "Utente Abilitato";
+				$testo = "Confermate l'abilitazione dell'utente?";
 			break;
 			case "user_down":
 				$query = "UPDATE proxy_utenti SET attivo = 0 WHERE id = $id";
-				mysql_query( $query, $DB_ID );
-				$testo = "Utente Disabilitato";
+				$testo = "Confermate la disabilitazione dell'utente?";
 			break;
 			case "user_rm":
 				$query = "DELETE FROM proxy_utenti WHERE id = $id";
-				mysql_query( $query, $DB_ID );
-				$testo = "Utente Eliminato";
+				$testo = "Confermate la cancellazione dell'utente?";
 			break;
 
 			default:
 				$testo = "Regola non implementata";
 			break;
 		}
+
+		if (isset($_GET['ref'])) {
+			$ref = pack ('H*', $_GET['ref']);
+			mysql_query( $query, $DB_ID );
+			if ($genera) genera($DB_ID);
+?>
+<script type="text/javascript">
+	document.location.href="<?php print $ref ?>"
+</script>
+<?php 		} else { 
+			$ref = unpack ('H*', $_SERVER["HTTP_REFERER"]);
+?>
+<script type="text/javascript">
+	var r = confirm("<?php print $testo ?>");
+	if (r == true) {
+		document.location.href="<?php print $_SERVER['REQUEST_URI']?>&ref=<?php print $ref[1] ?>"
+	} else {
+		document.location.href="<?php print $_SERVER['HTTP_REFERER']?>"
+	}
+</script>
+<?php		}
+
 	}
 }
 ?>
-<script type="text/javascript">
-	document.location.href='<?php print $_SERVER['HTTP_REFERER']?>'
-</script>
 
 <?php
 function genera ($DB_ID) {

From d01f3a895ed712e9ec8971db8ac8bc71ef13df7e Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Fri, 13 May 2016 17:02:01 +0200
Subject: [PATCH 2/5] fix vari e sistemazioni

---
 DBDiff/proxy.sql          |  4 ++
 core/function.php         | 78 ++++++++++++++++++++++++++++++++++-----
 firewall/index.php        |  2 +-
 proxy/acl_edit.php        |  2 +-
 proxy/acl_lista.php       | 14 +------
 proxy/index.php           |  2 +-
 proxy/net_acl.php         | 28 ++------------
 proxy/net_edit.php        |  2 +-
 proxy/net_lista.php       | 16 +-------
 proxy/pool_acl.php        |  2 +-
 proxy/pool_ip.php         |  2 +-
 proxy/pool_lista.php      |  2 +-
 proxy/proxy_gest.php      |  7 +---
 proxy/users_edit.php      |  2 +-
 proxy/users_lista.php     | 13 +++----
 proxy/users_pwd.php       |  2 +-
 routing/index.php         |  2 +-
 routing/linee.php         |  2 +-
 routing/modlinea.php      |  2 +-
 utenti/dettlogutenti.php  |  3 +-
 utenti/index.php          |  2 +-
 utenti/logutenti.php      |  2 +-
 utenti/modutenti.php      |  2 +-
 utenti/permessiutenti.php |  2 +-
 utenti/updatepermessi.php |  2 +-
 25 files changed, 106 insertions(+), 91 deletions(-)
 create mode 100644 DBDiff/proxy.sql

diff --git a/DBDiff/proxy.sql b/DBDiff/proxy.sql
new file mode 100644
index 0000000..27ead1a
--- /dev/null
+++ b/DBDiff/proxy.sql
@@ -0,0 +1,4 @@
+ALTER TABLE `proxy_utenti` ADD `guest` INT NOT NULL DEFAULT '0' AFTER `modifica`;
+
+INSERT INTO `pannello_vbc`.`livelli` (`id`, `livello`, `nome`) VALUES (NULL, '1', 'Libero');
+ALTER TABLE `moduli_page` ADD `livello` INT NOT NULL AFTER `pagina`;
diff --git a/core/function.php b/core/function.php
index 4e3a4f7..e79f841 100755
--- a/core/function.php
+++ b/core/function.php
@@ -345,7 +345,8 @@ function array_moduli () {
 				moduli.id AS id,
 				moduli.nome AS nome,
 				moduli.directory AS directory,
-				moduli.descrizione AS descrizione
+				moduli.descrizione AS descrizione,
+				permessi.accesso AS accesso
 			FROM
 				utenti
 			JOIN
@@ -358,10 +359,10 @@ function array_moduli () {
 				moduli.attivo = 1
 		";
 
-	$menu[] =	array("Home", $CONF['base_url']."/core/main.php",0,"Home Page");
+	$menu[] =	array("Home", $CONF['base_url']."/core/main.php",0,"Home Page",0);
 
 	if ($UTENTE['admin']) {
-		$menu[]	=	array("Configurazione", $CONF['base_url']."/core/conf.php",0,"Modifica configurazione");
+		$menu[]	=	array("Configurazione", $CONF['base_url']."/core/conf.php",0,"Modifica configurazione",0);
 		$query .= "	UNION DISTINCT SELECT
 					moduli.id AS id,
 					moduli.nome AS nome,
@@ -379,7 +380,7 @@ function array_moduli () {
 	$res = mysql_query( $query, $DB_ID );
 
 	while ($dato = mysql_fetch_array ($res)) {
-		$menu[]	=	array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id'], $dato['descrizione']);
+		$menu[]	=	array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id'], $dato['descrizione'], $dato['accesso']);
 	}
 
 	$menu[]	=	array("Cambio password", $CONF['base_url']."/core/chkpasswd.php",0,"Cambio Password");
@@ -437,10 +438,12 @@ function lista_moduli () {
 						moduli_page 
 					JOIN
 						moduli
-					ON
-						moduli.id = moduli_page.id_moduli
+						ON
+							moduli.id = moduli_page.id_moduli
 					WHERE 
 						moduli_page.attivo = 1 
+						AND
+						moduli_page.livello <= ".$menu[$i][4]."
 					AND 
 						moduli_page.id_moduli = ".$menu[$i][2]." 
 					ORDER BY 
@@ -465,6 +468,18 @@ function lista_moduli () {
 function diritti ($minimo) {
 	global $UTENTE, $DB_ID, $CONF;
 
+	$query = "	SELECT
+				livello
+			FROM
+				livelli
+			WHERE
+				nome = '$minimo'
+		";
+
+	$res = mysql_query( $query, $DB_ID );
+	$dato = mysql_fetch_array ($res);	
+	$minimo = $dato['livello'];
+
 	preg_match ('/^'.preg_replace('/\//','\/',$CONF['base_url']).'\/([^\/]+)\/.*/', $_SERVER['REQUEST_URI'], $trovato);
 	$modulo = $trovato[1];
 
@@ -473,17 +488,25 @@ function diritti ($minimo) {
 			FROM
 				moduli
 			JOIN
-				permessi ON moduli.id = permessi.id_moduli AND permessi.id_utenti = ".$UTENTE['id']."
+				permessi 
+				ON 
+					moduli.id = permessi.id_moduli 
+					AND 
+					permessi.id_utenti = ".$UTENTE['id']."
 			WHERE
 				moduli.directory = '$modulo'
-			AND
+				AND
 				moduli.attivo = 1
 			UNION DISTINCT SELECT 
 				moduli.superadmin 
 			FROM 
 				moduli 
 			JOIN 
-				utenti ON utenti.id = ".$UTENTE['id']." AND utenti.admin = 1 
+				utenti 
+				ON 
+					utenti.id = ".$UTENTE['id']." 
+					AND 
+					utenti.admin = 1 
 			WHERE 
 				moduli.directory = '$modulo'
 		";
@@ -572,4 +595,41 @@ function generateStrongPassword($length = 9, $add_dashes = false, $available_set
 	return $dash_str;
 }
 
+function html_spazi ($dati) {
+	global $CONF;
+
+	print "<tr>";
+	$somma = 0;
+	foreach ($dati as $riga) {
+		if (!$riga) {
+			$riga = 100 - $somma;
+		} else {
+			$somma += $riga;
+		}	
+?>
+		<td class="sep" width="<?php print $riga ?>%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+<?php	}
+	print "</tr>";
+}
+
+function html_intestazione ($dati, $tipo = array ()) {
+	global $CONF;
+
+	print "<tr>";
+	foreach ($dati as $key => $riga) {
+		if ($riga == "") {
+			$riga = "&nbsp;";
+		}
+
+		if (isset ($tipo[$key]) && $tipo[$key] != "") {
+			$classe = $tipo[$key];
+		} else {
+			$classe = "descrizione";
+		}
+?>
+		<td class="<?php print $classe ?>"><?php print $riga ?></td>
+<?php	}
+	print "</tr>";
+}
+
 ?>
diff --git a/firewall/index.php b/firewall/index.php
index 5771ac6..f8ccc8a 100755
--- a/firewall/index.php
+++ b/firewall/index.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti();
+$DIRITTI = diritti('Libero');
 
 
 
diff --git a/proxy/acl_edit.php b/proxy/acl_edit.php
index 74fe228..6e1b218 100755
--- a/proxy/acl_edit.php
+++ b/proxy/acl_edit.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_POST['rif']) && $_POST['rif'] != "") {
diff --git a/proxy/acl_lista.php b/proxy/acl_lista.php
index bb95634..a87e124 100755
--- a/proxy/acl_lista.php
+++ b/proxy/acl_lista.php
@@ -1,23 +1,13 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 ?>
 
 <form name="" method="post">
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
-	<tr>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="30%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="10%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="10%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="30%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-	</tr>
+<?php	html_spazi (array(5,5,5,30,5,10,5,10,0)); ?>
 	<tr>
 		<td ><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td width="5%"><a href="acl_edit.php"><img src="<?php print $CONF['base_url'] ?>/img/addresource.png"></a></td>
diff --git a/proxy/index.php b/proxy/index.php
index afcbc82..9872256 100755
--- a/proxy/index.php
+++ b/proxy/index.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Utente');
 view_top();
 ?>
 
diff --git a/proxy/net_acl.php b/proxy/net_acl.php
index 29a9fdf..64569eb 100755
--- a/proxy/net_acl.php
+++ b/proxy/net_acl.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_POST['id'])) {
@@ -79,29 +79,9 @@ function do_submit() {
 <form name="acl" method="post">
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
 <input type="hidden" name="id" value="<?php print $id ?>">
-	<tr>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="20%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="6%" ><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="6%" ><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="6%" ><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%" ><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="20%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="27%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-	</tr>
-	<tr>
-		<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="descrizione">Rete</td>
-		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="radio">Nega</td>
-		<td class="radio">Default</td>
-		<td class="radio">Autorizza</td>
-		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="descrizione">Nome Lista</td>
-		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-	</tr>
-<?php
+<?php	
+html_spazi (array(5,20,5,6,6,6,5,20,0)); 
+html_intestazione (array ("","Rete","","Nega","Default","Autorizza","","Nome Lista",""), array("","","","radio","radio","radio","","",""));
 $res = mysql_query( $query, $DB_ID );
 $conta = 0;
 while ($dato = mysql_fetch_array ( $res )) {
diff --git a/proxy/net_edit.php b/proxy/net_edit.php
index 1b673ec..3d0e7c6 100755
--- a/proxy/net_edit.php
+++ b/proxy/net_edit.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_POST['id'])) {
diff --git a/proxy/net_lista.php b/proxy/net_lista.php
index d571943..fc2129c 100755
--- a/proxy/net_lista.php
+++ b/proxy/net_lista.php
@@ -1,24 +1,12 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(10);
+$DIRITTI = diritti('Admin');
 view_top();
 ?>
 <form name="" method="post">
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
-	<tr>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="2%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="2%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="9%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="2%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="9%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="2%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="15%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="44%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-	</tr>
+<?php	html_spazi (array(5,5,2,5,2,9,2,9,2,15,0)); ?>
 	<tr>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="spazioh"><a href="net_edit.php"><img src="<?php print $CONF['base_url'] ?>/img/addresource.png"></a></td>
diff --git a/proxy/pool_acl.php b/proxy/pool_acl.php
index c18ce56..372d9fa 100755
--- a/proxy/pool_acl.php
+++ b/proxy/pool_acl.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_POST['id'])) {
diff --git a/proxy/pool_ip.php b/proxy/pool_ip.php
index 9b7c70b..db2d7c0 100755
--- a/proxy/pool_ip.php
+++ b/proxy/pool_ip.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 ?>
 <form name="" method="post">
diff --git a/proxy/pool_lista.php b/proxy/pool_lista.php
index c290631..78a58ac 100755
--- a/proxy/pool_lista.php
+++ b/proxy/pool_lista.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(10);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_POST['tempo'])) {
diff --git a/proxy/proxy_gest.php b/proxy/proxy_gest.php
index c0c56a2..4749deb 100755
--- a/proxy/proxy_gest.php
+++ b/proxy/proxy_gest.php
@@ -1,12 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
-
-// _SERVER["HTTP_REFERER"]
-// _SERVER["PHP_SELF"]
-// _SERVER["REQUEST_URI"]
-
+$DIRITTI = diritti('Admin');
 ?>
 <html>
 <head>
diff --git a/proxy/users_edit.php b/proxy/users_edit.php
index e17d2ba..d7154f1 100755
--- a/proxy/users_edit.php
+++ b/proxy/users_edit.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_POST['id'])) {
diff --git a/proxy/users_lista.php b/proxy/users_lista.php
index bc77c65..c9dffc0 100755
--- a/proxy/users_lista.php
+++ b/proxy/users_lista.php
@@ -1,15 +1,15 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 ?>
-
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
+<?php	html_spazi (array (5,5,5,2,10,2,13,2,10,2,10,0)); ?>
 	<tr>
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="spazioh"><a href="users_edit.php"><img src="<?php print $CONF['base_url'] ?>/img/addresource.png"></a></td>
-		<td colspan=9 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td colspan=10 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 	</tr>
 <?php
 $query = "	SELECT 
@@ -26,10 +26,9 @@ $query = "	SELECT
 	";
 
 $res = mysql_query( $query, $DB_ID );
+html_intestazione (array ("","","","","Utente","","Nome Completo","","Ultimo Accesso","","IP Associato",""));
 while ($dato = mysql_fetch_array ( $res )) {
 ?>
-
-
 	<tr>
 <?php
 	if ($dato['attivo']) {
@@ -53,10 +52,10 @@ while ($dato = mysql_fetch_array ( $res )) {
 
 		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="colip"><?php print $dato['ip'] ?></td>
-
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		</td>
 	</tr>
-	<tr><td class="spaziov" colspan=11><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr><td class="spaziov" colspan=12><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
 
 <?php
 } ?>
diff --git a/proxy/users_pwd.php b/proxy/users_pwd.php
index 5464437..52b618f 100755
--- a/proxy/users_pwd.php
+++ b/proxy/users_pwd.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 ?>
 <script type="text/javascript">
 <!--
diff --git a/routing/index.php b/routing/index.php
index 1c1bebb..d01e1f6 100755
--- a/routing/index.php
+++ b/routing/index.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 $conf_route = carica_conf('Routing');
diff --git a/routing/linee.php b/routing/linee.php
index 2d70f2e..9b23ffa 100755
--- a/routing/linee.php
+++ b/routing/linee.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(10);
+$DIRITTI = diritti('Admin');
 view_top();
 ?>
 
diff --git a/routing/modlinea.php b/routing/modlinea.php
index 63b14ca..1d829e4 100755
--- a/routing/modlinea.php
+++ b/routing/modlinea.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(10);
+$DIRITTI = diritti('Admin');
 view_top();
 
 $netmask = array(	30	=>	"/30 - 255.255.255.252",
diff --git a/utenti/dettlogutenti.php b/utenti/dettlogutenti.php
index 3d48648..c15ef75 100755
--- a/utenti/dettlogutenti.php
+++ b/utenti/dettlogutenti.php
@@ -1,8 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti();
-//isadmin();
+$DIRITTI = diritti('Admin');
 ?>
 <body>
 <link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/css/stile.css" />
diff --git a/utenti/index.php b/utenti/index.php
index 6df42cc..3d82035 100755
--- a/utenti/index.php
+++ b/utenti/index.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 ?>
 
diff --git a/utenti/logutenti.php b/utenti/logutenti.php
index 76ee161..04044e8 100755
--- a/utenti/logutenti.php
+++ b/utenti/logutenti.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti();
+$DIRITTI = diritti('Admin');
 //isadmin();
 ?>
 <body>
diff --git a/utenti/modutenti.php b/utenti/modutenti.php
index dc6a528..c81273e 100755
--- a/utenti/modutenti.php
+++ b/utenti/modutenti.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(10);
+$DIRITTI = diritti('Admin');
 view_top();
 
 if (isset($_GET['id'])) {
diff --git a/utenti/permessiutenti.php b/utenti/permessiutenti.php
index f326686..f7161aa 100755
--- a/utenti/permessiutenti.php
+++ b/utenti/permessiutenti.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti(1);
+$DIRITTI = diritti('Admin');
 view_top();
 
 $query = "	SELECT
diff --git a/utenti/updatepermessi.php b/utenti/updatepermessi.php
index e2b866d..64d049f 100755
--- a/utenti/updatepermessi.php
+++ b/utenti/updatepermessi.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-$DIRITTI = diritti();
+$DIRITTI = diritti('Admin');
 
 $user_id = $_GET['user_id'];
 $accesso = $_GET['accesso'];

From 6d7923c5d54c0781df2bc15100a15f98fbc92697 Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Mon, 16 May 2016 15:50:57 +0200
Subject: [PATCH 3/5] inserita gestione cambio password utenti proxy

---
 core/function.php             |   2 +-
 core/logout.php               |   2 +-
 proxy/ext/chkpasswd_proxy.php | 153 ++++++++++++++++++++++++++++++++++
 proxy/ext/footer_proxy.php    |  17 ++++
 proxy/ext/function_proxy.php  | 143 +++++++++++++++++++++++++++++++
 proxy/ext/logout_proxy.php    |  10 +++
 proxy/ext/main.php            |  15 ++++
 proxy/ext/top_proxy.php       |  30 +++++++
 proxy/ext/userlogin.php       |  23 +++++
 9 files changed, 393 insertions(+), 2 deletions(-)
 create mode 100755 proxy/ext/chkpasswd_proxy.php
 create mode 100644 proxy/ext/footer_proxy.php
 create mode 100644 proxy/ext/function_proxy.php
 create mode 100644 proxy/ext/logout_proxy.php
 create mode 100644 proxy/ext/main.php
 create mode 100644 proxy/ext/top_proxy.php
 create mode 100644 proxy/ext/userlogin.php

diff --git a/core/function.php b/core/function.php
index e79f841..152b488 100755
--- a/core/function.php
+++ b/core/function.php
@@ -49,7 +49,7 @@ function db_data_connect () {
 
 function login () {
 	global $_SESSION, $_POST, $POP3_Server, $DB_ID, $CONF;
-	session_name("FirewallSW");
+	session_name("SWP");
 	session_start();
 	if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
 		if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) {
diff --git a/core/logout.php b/core/logout.php
index 5abf62c..7226380 100755
--- a/core/logout.php
+++ b/core/logout.php
@@ -2,7 +2,7 @@
 include_once ("config.php");
 login();
 logga ("Uscita");
-session_name("AllegatiSW");
+session_name("SWP");
 session_start();
 $_SESSION['auth'] = 0;
 session_destroy();
diff --git a/proxy/ext/chkpasswd_proxy.php b/proxy/ext/chkpasswd_proxy.php
new file mode 100755
index 0000000..7e8d02b
--- /dev/null
+++ b/proxy/ext/chkpasswd_proxy.php
@@ -0,0 +1,153 @@
+<?php
+include_once ("../../core/config.php");
+include_once ("function_proxy.php");
+$UTENTE = login_proxy();
+view_top_proxy();
+
+if (isset ($_POST['id'])) {
+	$modifica = 2;
+	$id 		= $_POST['id'];
+	$utente 	= $_POST['utente'];
+	$password1 	= $_POST['password1'];
+	$password2	= $_POST['password2'];
+
+	if (($password1 != "ahg5t!frtb5@u&^!") && ($password1 == $password2)) {
+		$querypwd = "pass = PASSWORD('$password1'),";
+	} else {
+		$querypwd = "";
+	}
+
+	$testo = "L'utente e' stato correttamente modificato";
+	$query = "UPDATE proxy_utenti SET $querypwd modifica = NOW() WHERE `id`=$id";
+?>
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+	<tr>
+		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""><td>
+	</tr>
+	<tr>
+		<td>
+<?php	if (mysql_query( $query, $DB_ID )) { ?>
+<?php print $testo ?><br>
+<?php	} else { ?>
+Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?php print mysql_error() ?><br>
+<?php print $query ?><br>
+<?php	} ?>
+		</td>
+	</tr>
+	<tr>
+		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td>
+	</tr>
+	<tr>
+		<td><input type="button" value="Ok" onclick="location.href = 'main.php';"></button></td>
+	</tr>
+	<tr>
+		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td>
+	</tr>
+</table>
+<?php
+} else {
+
+	$bottone = "Modifica";
+	$modifica = 1;
+	$query = "SELECT * FROM proxy_utenti WHERE user = '".$UTENTE['user']."'";
+	$res = mysql_query( $query, $DB_ID );
+	$dato = mysql_fetch_array ( $res );
+	$dato['password'] = "ahg5t!frtb5@u&^!";
+}
+?>
+
+<?php if (($modifica == 0 || $modifica == 1) && !isset($_GET['rm'])) { ?>
+
+<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.js"></script>
+<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.js"></script>
+<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.js"></script>
+<link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.css" />
+
+<script type="text/javascript">
+$(document).ready(function() 
+{
+	$("#modulo").validate( {
+		rules: {
+			password1: {
+				password: "#utente",
+				minlength: 0
+			},
+			password2: {
+				equalTo: "#password1"
+			}
+		},
+		messages: {
+			password2: {
+				equalTo: "Le due password devono essere uguali"
+			}
+		},
+
+		errorPlacement: function(error, element) {
+			error.prependTo( element.parent().next() );
+		},
+		success: function(label) {
+			label.html("&nbsp;").addClass("checked");
+		}
+	});
+});
+</script>
+
+<form action="chkpasswd_proxy.php" method="post" id="modulo">
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+<input type="hidden" name="id" value="<?php print $dato['id'] ?>">
+<tr>
+	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
+	<td>Nome Utente</td>
+	<td><?php print $dato['user']?></td>
+	<td class="status" colspan="6"></td>
+</tr>
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
+<tr>
+	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
+	<td class="label"><label id="lmail" for="mail">Indirizzo E-Mail</label></td>
+	<td class="field"><input id="mail" name="mail" type="text" value="<?php print $dato['mail']?>" maxlength="50" /></td>
+	<td class="status" colspan="6"></td>
+</tr>
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
+<tr>
+	<td class="col1" colspan="9">
+	<table cellpadding="0" cellspacing="0" border="0" width="100%">
+		<tr>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="40" height="50" alt=""></td>
+			<td class="label"><label id="lpassword" for="password">Password</label></td>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="10" height="1" alt=""></td>
+			<td class="field" width="30"><input id="password1" name="password1" type="password" size="30" maxlength="32" value="<?php print $dato['password'] ?>" /></td>
+			<td class="status" width="400">
+				<div class="password-meter">
+					<div class="password-meter-message">&nbsp;</div>
+					<div class="password-meter-bg">
+						<div class="password-meter-bar"></div>
+					</div>
+				</div>
+			</td>
+		</tr>
+		<tr>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="40" height="50" alt=""></td>
+			<td class="label"><label id="lpassword_confirm" for="password_confirm">Password</label></td>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="10" height="1" alt=""></td>
+			<td class="field" width="30"><input id="password2" name="password2" type="password" size="30" maxlength="32" value="<?php print $dato['password'] ?>" /></td>
+			<td class="status" width="400"></td>
+		</tr>
+		<tr><td colspan="9" class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" alt=""></td></tr>
+	</table>
+	</td>
+</tr>
+
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
+<tr><td align="center" colspan="9">
+	<input type="submit" value="<?php print $bottone ?>">
+	&nbsp;&nbsp;&nbsp;
+	<input type="button" value="Annulla" onclick="location.href = 'main.php';"></button>
+</td></tr>
+
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td></tr>
+</table>
+</form>
+<?php } ?>
+
+<?php view_footer_proxy(); ?>
diff --git a/proxy/ext/footer_proxy.php b/proxy/ext/footer_proxy.php
new file mode 100644
index 0000000..b8d7df7
--- /dev/null
+++ b/proxy/ext/footer_proxy.php
@@ -0,0 +1,17 @@
+	</td></tr>
+	<tr><td>
+		<table cellpadding="0" cellspacing="0" border="0" width="100%">
+		<tr bgcolor="#FFC350">
+			<td nowrap class="lbottom">&nbsp;<?php print $CONF['Versione'] ?></td>
+			<td width="500">&nbsp;</td>
+<?php if ($UTENTE['admin']) { ?>
+			<td class="rtop"><a class="rtop" href="main.php">Admin&nbsp;</a></td>
+<?php } else {?>
+			<td>&nbsp;</td>
+<?php } ?>
+		</tr>
+		</table>
+	</td></tr>
+</table>
+</body>
+</html>
diff --git a/proxy/ext/function_proxy.php b/proxy/ext/function_proxy.php
new file mode 100644
index 0000000..ad188e0
--- /dev/null
+++ b/proxy/ext/function_proxy.php
@@ -0,0 +1,143 @@
+<?php
+
+function view_top_proxy () {
+	global $CONF, $UTENTE;
+	include_once ("top_proxy.php");
+}
+
+function view_footer_proxy () {
+	global $CONF, $UTENTE;
+	include_once ("footer_proxy.php");
+}
+
+function db_login_proxy($user,$pass) {
+	global $DB_ID;
+	$query = "SELECT id FROM proxy_utenti WHERE user = '$user' AND pass = PASSWORD('$pass') AND attivo = 1";
+	$res = mysql_query( $query, $DB_ID );
+	$dato = mysql_fetch_array ( $res );
+	$ritorno = $dato['id'];
+	return $ritorno;
+}
+
+function login_proxy () {
+	global $_SESSION, $_POST, $DB_ID, $CONF;
+	session_name("authmail");
+	session_start();
+	if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
+		if(!db_login_proxy ($_SESSION['username'], $_SESSION['passwd'])) {
+			$tMessage = '<span class="error_msg">Dati di autenticazione errati</span>';
+			$tUsername = $_SESSION['username'];
+			$_SESSION['auth'] = 0;
+			session_destroy();
+			include ("userlogin.php");
+			exit;
+		} else {
+			logga ($_SERVER['REQUEST_URI']);
+			$_SESSION['time'] = time();
+			return carica_utente_proxy ();
+		}
+	} else {
+		if ($_POST['fUsername']) {
+			$fUsername = $_POST['fUsername'];
+	   		$fPassword = $_POST['fPassword'];
+	   		if(db_login_proxy ($fUsername, $fPassword)) {
+		      		$_SESSION = array();
+		      		$_SESSION['passwd'] = $fPassword;
+		      		$_SESSION['username'] = $fUsername;
+		      		$_SESSION['auth'] = 1;
+      				$_SESSION['time'] = time();
+				session_regenerate_id(TRUE);
+      				return carica_utente_proxy ();
+   			} else {
+   				$tMessage = 'Errore';
+        		 	$tUsername = $fUsername;
+				include ("userlogin.php");
+        		 	exit;
+   			}
+		} else {
+			if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) {
+				$tMessage = '<span class="error_msg">Sessione scaduta</span>';
+				$tUsername = $_SESSION['username'];
+				logga ("Sessione scaduta");
+				include ("userlogin.php");
+       			  	exit;
+			} else {
+				include ("userlogin.php");
+       			  	exit;
+			}
+		}
+	}
+}
+
+function carica_utente_proxy () {
+	global $_SESSION, $CONF, $DB_ID;
+	$query = "SELECT * FROM proxy_utenti where user = '".$_SESSION['username']."'";
+	$res = mysql_query( $query, $DB_ID );
+	$dati = mysql_fetch_array ( $res );
+
+	return $dati;
+}
+
+function lista_moduli_proxy () {
+	global $UTENTE, $DB_ID, $CONF;
+
+	$menu[] =	array("Home", "main.php",0,"Home Page",0);
+	$menu[]	=	array("Cambio password", "chkpasswd_proxy.php",0,"Cambio Password");
+
+	$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
+	$self = $pezzi[count($pezzi)-1];
+?>
+		<ul id="nav">
+<?php 	for ($i=0; $i<count($menu);$i++) {
+		if ($self == $menu[$i][1]) {
+			$classe = "sel";
+		} else {
+			$classe = "nosel";
+		}
+?>
+			<li>
+				<a class="<?php print $classe ?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a>
+<?php
+		if ($menu[$i][2] != 0) {
+			$query = "	SELECT 
+						moduli_page.nome AS nome, 
+						moduli_page.pagina AS pagina,
+						moduli.directory AS directory
+					FROM 
+						moduli_page 
+					JOIN
+						moduli
+						ON
+							moduli.id = moduli_page.id_moduli
+					WHERE 
+						moduli_page.attivo = 1 
+						AND
+						moduli_page.livello <= ".$menu[$i][4]."
+					AND 
+						moduli_page.id_moduli = ".$menu[$i][2]." 
+					ORDER BY 
+						moduli_page.ordine
+				";
+
+			$res_page = mysql_query( $query, $DB_ID ); ?>
+				<ul>
+<?php			while ($page = mysql_fetch_array ($res_page)) { ?>
+					<li><a href="<?php print $CONF['base_url']."/".$page['directory']."/".$page['pagina'] ?>"><?php print $page['nome'] ?></a></li>
+<?php			} ?>
+				</ul>
+
+<?php		} ?>
+			</li>
+<?php	} ?>
+		</ul>
+
+<?php
+}
+
+
+
+
+
+
+
+?>
diff --git a/proxy/ext/logout_proxy.php b/proxy/ext/logout_proxy.php
new file mode 100644
index 0000000..35b6ff9
--- /dev/null
+++ b/proxy/ext/logout_proxy.php
@@ -0,0 +1,10 @@
+<?php
+include_once ("../../core/config.php");
+include_once ("function_proxy.php");
+login_proxy();
+session_name("authmail");
+session_start();
+$_SESSION['auth'] = 0;
+session_destroy();
+header('Location: main.php');
+?>
diff --git a/proxy/ext/main.php b/proxy/ext/main.php
new file mode 100644
index 0000000..f09c8f4
--- /dev/null
+++ b/proxy/ext/main.php
@@ -0,0 +1,15 @@
+<?php
+include_once ("../../core/config.php");
+include_once ("function_proxy.php");
+$UTENTE = login_proxy();
+view_top_proxy();
+?>
+
+<META HTTP-EQUIV="Refresh" CONTENT="30" URL="main.php">
+
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+	<tr><td class="spaziov" colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+</table>
+
+<img src="img/spazio.gif" width="1" height="20" alt="">
+<?php view_footer_proxy(); ?>
diff --git a/proxy/ext/top_proxy.php b/proxy/ext/top_proxy.php
new file mode 100644
index 0000000..bb413a2
--- /dev/null
+++ b/proxy/ext/top_proxy.php
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<title>Autenticazione Proxy</title>
+</head>
+<body>
+<link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/css/stile.css" />
+<table cellpadding="0" cellspacing="0" border="0" align="center" width="1000">
+<?php 
+	if ($UTENTE['user'] != '') { ?>
+	<tr><td>
+		<table cellpadding="0" cellspacing="0" border="0" width="100%">
+		<tr bgcolor="#FFC350">
+			<td nowrap class="ltop">Utente: <?php print $_SESSION['username'] ?></td>
+			<td width="200">&nbsp;</td>
+			<td class="rtop"><a class="rtop" href="logout_proxy.php">Logout</a></td>
+		</tr>
+		</table>
+	</td></tr>
+	<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr><td align="center">
+<?php
+
+	lista_moduli_proxy();
+	} else {?>
+	<tr bgcolor="#FFC350"><td>&nbsp;</td></tr>
+<?php 	} ?>
+	</td></tr>
+	<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr><td align="center">
diff --git a/proxy/ext/userlogin.php b/proxy/ext/userlogin.php
new file mode 100644
index 0000000..46d54b3
--- /dev/null
+++ b/proxy/ext/userlogin.php
@@ -0,0 +1,23 @@
+<?php view_top_proxy(); ?>
+<form name="login" method="post">
+<table cellpadding="0" cellspacing="10" border="0"  id="login_table">
+   <tr align="center" valign="middle">
+      <td colspan="2"><h4><?php print "Benvenuto" ?></h4></td>
+   </tr>
+   <tr>
+      <td><?php print "Utente:"; ?></td>
+      <td><input type="text" name="fUsername" value="<?php print $tUsername; ?>" /></td>
+   </tr>
+   <tr>
+      <td><?php print "Password:"; ?></td>
+      <td><input type="password" name="fPassword" /></td>
+   </tr>
+   <tr>
+      <td colspan="2" align="center"><input type="submit" name="submit" value="<?php print "Accedi"; ?>" /></td>
+   </tr>
+   <tr>
+      <td colspan="2" align="center"<?php print $tMessage; ?></td>
+   </tr>
+</table>
+</form>
+<?php view_footer_proxy(); ?>

From d3a75524fab8d15a36d42ecdcde7b0be6f3f97eb Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Tue, 17 May 2016 16:50:51 +0200
Subject: [PATCH 4/5] Gestione gruppi proxy

---
 .htaccess                              |  6 ++
 DBDiff/proxy.sql                       | 23 +++++++
 proxy/ext/chkpasswd_proxy.php          | 15 ++---
 proxy/ext/footer_proxy.php             |  4 +-
 proxy/ext/function_proxy.php           |  2 +-
 proxy/ext/logout_proxy.php             |  6 +-
 proxy/ext/{main.php => main_proxy.php} |  6 +-
 proxy/ext/top_proxy.php                |  4 +-
 proxy/squid_acl/squid_acl.pl           | 12 ++--
 proxy/squid_acl/squid_acl_net.pl       | 12 ++--
 proxy/squid_acl/squid_auth.pl          | 26 ++++++--
 proxy/users_group_edit.php             | 84 ++++++++++++++++++++++++++
 proxy/users_group_lista.php            | 66 ++++++++++++++++++++
 proxy/users_lista.php                  |  4 +-
 rewrite.php                            | 27 +++++++++
 15 files changed, 256 insertions(+), 41 deletions(-)
 mode change 100755 => 100644 proxy/ext/chkpasswd_proxy.php
 rename proxy/ext/{main.php => main_proxy.php} (69%)
 create mode 100755 proxy/users_group_edit.php
 create mode 100755 proxy/users_group_lista.php
 create mode 100644 rewrite.php

diff --git a/.htaccess b/.htaccess
index 96aa873..fdaaa92 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,3 +1,9 @@
 RewriteEngine on
 RewriteRule ^(.*/)?img/(.*) risorse/immagini/$2 [L]
 RewriteRule ^(.*/)?css/(.*) risorse/stili/$2 [L]
+
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /pannello_vbc/rewrite.php [L]
+
+
diff --git a/DBDiff/proxy.sql b/DBDiff/proxy.sql
index 27ead1a..55a6f69 100644
--- a/DBDiff/proxy.sql
+++ b/DBDiff/proxy.sql
@@ -2,3 +2,26 @@ ALTER TABLE `proxy_utenti` ADD `guest` INT NOT NULL DEFAULT '0' AFTER `modifica`
 
 INSERT INTO `pannello_vbc`.`livelli` (`id`, `livello`, `nome`) VALUES (NULL, '1', 'Libero');
 ALTER TABLE `moduli_page` ADD `livello` INT NOT NULL AFTER `pagina`;
+
+CREATE TABLE `rewrite` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `from_url` varchar(512) NOT NULL,
+  `to_url` varchar(512) NOT NULL,
+  `attivo` tinyint(1) NOT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `from_url` (`from_url`(255))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8
+
+INSERT INTO `rewrite` (`id`, `from_url`, `to_url`, `attivo`) VALUES
+(1, 'pannello_vbc/proxy_auth.php', 'proxy/ext/main_proxy.php', 1),
+(2, 'pannello_vbc/main_proxy.php', 'proxy/ext/main_proxy.php', 1),
+(3, 'pannello_vbc/logout_proxy.php', 'proxy/ext/logout_proxy.php', 1),
+(4, 'pannello_vbc/chkpasswd_proxy.php', 'proxy/ext/chkpasswd_proxy.php', 1);
+
+ALTER TABLE `proxy_utenti` ADD `primo` DATETIME NULL AFTER `modifica`;
+ALTER TABLE `proxy_utenti` ADD `ultimo` DATETIME NULL AFTER `ultimo`;
+ALTER TABLE `proxy_utenti` ADD `tempo` DECIMAL(20,2) NOT NULL DEFAULT '0' AFTER `attivo`;
+ALTER TABLE `proxy_utenti` CHANGE `ip` `ip` VARCHAR(15) CHARACTER SET utf8 COLLATE utf8_general_ci NULL;
+REVOKE ALL PRIVILEGES ON `pannello_vbc`.`proxy_utenti` FROM 'pannello_proxy'@'%'; GRANT SELECT, UPDATE (`primo`, `ultimo`, `attivo`) ON `pannello_vbc`.`proxy_utenti` TO 'pannello_proxy'@'%';
+
+INSERT INTO `pannello_vbc`.`moduli_page` (`id`, `id_moduli`, `nome`, `ordine`, `pagina`, `livello`, `attivo`) VALUES (NULL, '1', 'Lista Gruppi', '35', 'users_group_lista.php', '10', '1'); 
diff --git a/proxy/ext/chkpasswd_proxy.php b/proxy/ext/chkpasswd_proxy.php
old mode 100755
new mode 100644
index 7e8d02b..6fb8fa6
--- a/proxy/ext/chkpasswd_proxy.php
+++ b/proxy/ext/chkpasswd_proxy.php
@@ -1,6 +1,6 @@
 <?php
-include_once ("../../core/config.php");
-include_once ("function_proxy.php");
+include_once ("core/config.php");
+include_once ("proxy/ext/function_proxy.php");
 $UTENTE = login_proxy();
 view_top_proxy();
 
@@ -38,7 +38,7 @@ Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?p
 		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td>
 	</tr>
 	<tr>
-		<td><input type="button" value="Ok" onclick="location.href = 'main.php';"></button></td>
+		<td><input type="button" value="Ok" onclick="location.href = 'main_proxy.php';"></button></td>
 	</tr>
 	<tr>
 		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td>
@@ -102,13 +102,6 @@ $(document).ready(function()
 	<td class="status" colspan="6"></td>
 </tr>
 <tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
-<tr>
-	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
-	<td class="label"><label id="lmail" for="mail">Indirizzo E-Mail</label></td>
-	<td class="field"><input id="mail" name="mail" type="text" value="<?php print $dato['mail']?>" maxlength="50" /></td>
-	<td class="status" colspan="6"></td>
-</tr>
-<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
 <tr>
 	<td class="col1" colspan="9">
 	<table cellpadding="0" cellspacing="0" border="0" width="100%">
@@ -142,7 +135,7 @@ $(document).ready(function()
 <tr><td align="center" colspan="9">
 	<input type="submit" value="<?php print $bottone ?>">
 	&nbsp;&nbsp;&nbsp;
-	<input type="button" value="Annulla" onclick="location.href = 'main.php';"></button>
+	<input type="button" value="Annulla" onclick="location.href = 'main_proxy.php';"></button>
 </td></tr>
 
 <tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td></tr>
diff --git a/proxy/ext/footer_proxy.php b/proxy/ext/footer_proxy.php
index b8d7df7..2045aba 100644
--- a/proxy/ext/footer_proxy.php
+++ b/proxy/ext/footer_proxy.php
@@ -1,11 +1,11 @@
 	</td></tr>
 	<tr><td>
 		<table cellpadding="0" cellspacing="0" border="0" width="100%">
-		<tr bgcolor="#FFC350">
+		<tr bgcolor="#34c6ea">
 			<td nowrap class="lbottom">&nbsp;<?php print $CONF['Versione'] ?></td>
 			<td width="500">&nbsp;</td>
 <?php if ($UTENTE['admin']) { ?>
-			<td class="rtop"><a class="rtop" href="main.php">Admin&nbsp;</a></td>
+			<td class="rtop"><a class="rtop" href="main_proxy.php">Admin&nbsp;</a></td>
 <?php } else {?>
 			<td>&nbsp;</td>
 <?php } ?>
diff --git a/proxy/ext/function_proxy.php b/proxy/ext/function_proxy.php
index ad188e0..847752f 100644
--- a/proxy/ext/function_proxy.php
+++ b/proxy/ext/function_proxy.php
@@ -81,7 +81,7 @@ function carica_utente_proxy () {
 function lista_moduli_proxy () {
 	global $UTENTE, $DB_ID, $CONF;
 
-	$menu[] =	array("Home", "main.php",0,"Home Page",0);
+	$menu[] =	array("Home", "main_proxy.php",0,"Home Page",0);
 	$menu[]	=	array("Cambio password", "chkpasswd_proxy.php",0,"Cambio Password");
 
 	$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
diff --git a/proxy/ext/logout_proxy.php b/proxy/ext/logout_proxy.php
index 35b6ff9..0923c3e 100644
--- a/proxy/ext/logout_proxy.php
+++ b/proxy/ext/logout_proxy.php
@@ -1,10 +1,10 @@
 <?php
-include_once ("../../core/config.php");
-include_once ("function_proxy.php");
+include_once ("core/config.php");
+include_once ("proxy/ext/function_proxy.php");
 login_proxy();
 session_name("authmail");
 session_start();
 $_SESSION['auth'] = 0;
 session_destroy();
-header('Location: main.php');
+header('Location: main_proxy.php');
 ?>
diff --git a/proxy/ext/main.php b/proxy/ext/main_proxy.php
similarity index 69%
rename from proxy/ext/main.php
rename to proxy/ext/main_proxy.php
index f09c8f4..3113fc2 100644
--- a/proxy/ext/main.php
+++ b/proxy/ext/main_proxy.php
@@ -1,11 +1,11 @@
 <?php
-include_once ("../../core/config.php");
-include_once ("function_proxy.php");
+include_once ("core/config.php");
+include_once ("proxy/ext/function_proxy.php");
 $UTENTE = login_proxy();
 view_top_proxy();
 ?>
 
-<META HTTP-EQUIV="Refresh" CONTENT="30" URL="main.php">
+<META HTTP-EQUIV="Refresh" CONTENT="30" URL="main_proxy.php">
 
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
 	<tr><td class="spaziov" colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
diff --git a/proxy/ext/top_proxy.php b/proxy/ext/top_proxy.php
index bb413a2..93da496 100644
--- a/proxy/ext/top_proxy.php
+++ b/proxy/ext/top_proxy.php
@@ -10,7 +10,7 @@
 	if ($UTENTE['user'] != '') { ?>
 	<tr><td>
 		<table cellpadding="0" cellspacing="0" border="0" width="100%">
-		<tr bgcolor="#FFC350">
+		<tr bgcolor="#34c6ea">
 			<td nowrap class="ltop">Utente: <?php print $_SESSION['username'] ?></td>
 			<td width="200">&nbsp;</td>
 			<td class="rtop"><a class="rtop" href="logout_proxy.php">Logout</a></td>
@@ -23,7 +23,7 @@
 
 	lista_moduli_proxy();
 	} else {?>
-	<tr bgcolor="#FFC350"><td>&nbsp;</td></tr>
+	<tr bgcolor="#34c6ea"><td>&nbsp;</td></tr>
 <?php 	} ?>
 	</td></tr>
 	<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
diff --git a/proxy/squid_acl/squid_acl.pl b/proxy/squid_acl/squid_acl.pl
index 7d8f7b3..5f829a6 100755
--- a/proxy/squid_acl/squid_acl.pl
+++ b/proxy/squid_acl/squid_acl.pl
@@ -9,7 +9,7 @@ require "$Bin/../script/conntrack.conf";
 
 local $SIG{ALRM} = sub {
 	my $time = localtime; # scalar context
-	print LOG "$$ - $time - Exit\n";
+#	print LOG "$$ - $time - Exit\n";
 	exit 1;
 };
 
@@ -21,8 +21,8 @@ my $dbmysql = DBI->connect("DBI:mysql:;host=$DBhost", $DBuser, $DBpass) or die (
 $sts = $dbmysql->prepare("use $DBname");
 $sts->execute ();
 
-open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log";
-LOG->autoflush(1);
+#open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log";
+#LOG->autoflush(1);
 
 while($limit) {
 	alarm $timeout;
@@ -35,15 +35,15 @@ while($limit) {
 	my $ritorno = cerca ($param[1],$param[2], -1);
 	$limit--;
 	if ($ritorno) {
-		print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
+#		print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
 		print "DENY\n";
 	} else {
 		$ritorno = cerca ($param[1],$param[2], 1);
 		if ($ritorno) {
-			print LOG "$param[0] - $param[1] - $param[2] - OK\n";
+#			print LOG "$param[0] - $param[1] - $param[2] - OK\n";
 			print "OK\n";
 		} else {
-			print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
+#			print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
 #			print "DENY\n";
 			print "\n";
 		}
diff --git a/proxy/squid_acl/squid_acl_net.pl b/proxy/squid_acl/squid_acl_net.pl
index 3a2c04d..71660e4 100755
--- a/proxy/squid_acl/squid_acl_net.pl
+++ b/proxy/squid_acl/squid_acl_net.pl
@@ -9,7 +9,7 @@ require "$Bin/../script/conntrack.conf";
 
 local $SIG{ALRM} = sub {
 	my $time = localtime; # scalar context
-	print LOG "$$ - $time - Exit\n";
+#	print LOG "$$ - $time - Exit\n";
 	exit 1;
 };
 
@@ -21,8 +21,8 @@ my $dbmysql = DBI->connect("DBI:mysql:;host=$DBhost", $DBuser, $DBpass) or die (
 $sts = $dbmysql->prepare("use $DBname");
 $sts->execute ();
 
-open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log";
-LOG->autoflush(1);
+#open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log";
+#LOG->autoflush(1);
 
 while($limit) {
 	alarm $timeout;
@@ -35,15 +35,15 @@ while($limit) {
 	my $ritorno = cerca ($param[1],$param[2], -1);
 	$limit--;
 	if ($ritorno) {
-		print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
+#		print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
 		print "DENY\n";
 	} else {
 		$ritorno = cerca ($param[1],$param[2], 1);
 		if ($ritorno) {
-			print LOG "$param[0] - $param[1] - $param[2] - OK\n";
+#			print LOG "$param[0] - $param[1] - $param[2] - OK\n";
 			print "OK\n";
 		} else {
-			print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
+#			print LOG "$param[0] - $param[1] - $param[2] - ERR\n";
 			print "\n";
 		}
 	}
diff --git a/proxy/squid_acl/squid_auth.pl b/proxy/squid_acl/squid_auth.pl
index e1bf799..45b1ca1 100755
--- a/proxy/squid_acl/squid_auth.pl
+++ b/proxy/squid_acl/squid_auth.pl
@@ -8,7 +8,7 @@ require "$Bin/../script/conntrack.conf";
 
 local $SIG{ALRM} = sub {
 	my $time = localtime; # scalar context
-	print LOG "$$ - $time - Exit\n";
+#	print LOG "$$ - $time - Exit\n";
 	exit 1;
 };
 
@@ -20,8 +20,8 @@ my $dbmysql = DBI->connect("DBI:mysql:;host=$DBhost", $DBuser, $DBpass) or die (
 $sts = $dbmysql->prepare("use $DBname");
 $sts->execute ();
 
-open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log";
-LOG->autoflush(1);
+#open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log";
+#LOG->autoflush(1);
 
 alarm $timeout;
 while($limit) {
@@ -29,11 +29,10 @@ while($limit) {
 	my $input = <>;
 	chop $input;
 
-#	my ($acl, $ip) = split / /, $input;
 	my @param = split / /, $input;
 
 	if ($param[0] ne "") {
-		$query = "SELECT id FROM proxy_utenti WHERE user = '".$param[0]."' AND pass = PASSWORD('".$param[1]."') AND attivo = 1";
+		$query = "SELECT id, primo, (tempo*3600)-time_to_sec(timediff(ultimo, primo)) AS rimasto, tempo FROM proxy_utenti WHERE user = '".$param[0]."' AND pass = PASSWORD('".$param[1]."') AND attivo = 1";
 		$limit--;
 		alarm $timeout;
 	} else {
@@ -47,7 +46,22 @@ while($limit) {
 
 	if ($ref = $sts->fetchrow_hashref ) {
 		my $id = $$ref{'id'};
-		my $query = "UPDATE proxy_utenti SET data = NOW() WHERE id = $id";
+		my $primo = $$ref{'primo'};
+		my $rimasto = $$ref{'rimasto'};
+		my $tempo = $$ref{'tempo'};
+
+		my $agg = "";
+		my $query = "";
+		if (($tempo > 0) && ($rimasto < 0)){
+			$agg = "attivo = 0,";
+		}
+
+		if (!$primo) {
+			$query = "UPDATE proxy_utenti SET $agg primo =  NOW(), ultimo = NOW() WHERE id = $id";
+		} else {
+			$query = "UPDATE proxy_utenti SET $agg ultimo = NOW() WHERE id = $id";
+		}
+#		print LOG "$rimasto -- $query\n";
 		$sts = $dbmysql->prepare($query);
 		$sts->execute ();
 		print "OK\n";
diff --git a/proxy/users_group_edit.php b/proxy/users_group_edit.php
new file mode 100755
index 0000000..459b862
--- /dev/null
+++ b/proxy/users_group_edit.php
@@ -0,0 +1,84 @@
+<?php
+include_once ("../core/config.php");
+$UTENTE = login();
+$DIRITTI = diritti('Admin');
+view_top();
+
+if (isset($_POST['id'])) {
+	$prefisso 	= 	$_POST['prefisso'];
+	$da	 	= 	$_POST['da'];
+	$a	 	= 	$_POST['a'];
+	$a	 	= 	$_POST['a'];
+	$lung 		= 	$_POST['lung'];
+	$lpwd 		= 	$_POST['lpwd'];
+	$tempo 		= 	$_POST['tempo'];
+
+	$lunghezza = $lung - strlen ($prefisso);
+	$parametro = "0".$lunghezza."d";
+	for ($i=$da;$i<=$a;$i++) {
+		$utgruppo = sprintf ("%s%$parametro",$prefisso,$i);
+		$pwgruppo = generateStrongPassword($length = $lpwd, $add_dashes = false, $available_sets = 'lud');
+
+		$query = "	INSERT INTO
+					proxy_utenti
+				SET
+					user = '$utgruppo',
+					pass = PASSWORD('$pwgruppo'),
+					fullname = 'Utente Guest',
+					data = NOW(),
+					modifica = NOW(),
+					guest = 1,
+					attivo = 1,
+					tempo = $tempo
+		";
+		$res = mysql_query( $query, $DB_ID );
+	}
+?>
+<script type="text/javascript">
+        document.location.href="users_group_lista.php"
+</script>
+<?php
+
+}
+?>
+
+<form name="" method="post">
+<input type="hidden" name="id" value="0">
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+
+<?php
+html_spazi (array(2,10,2,16,2,10,0));
+html_intestazione (array ("","Prefisso","","Intervallo","","Lunghezza",""), array("","","","radio","","",""));
+?>
+	<tr>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><input type="text" size="16" name="prefisso"></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="radio">
+			<input type="text" size="2" name="da">
+			&nbsp;-&nbsp;
+			<input type="text" size="2" name="a">
+		</td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><input type="text" size="3" name="lung"></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		</td>
+	</tr>
+	<tr><td class="spaziov" colspan=7><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+<?php html_intestazione (array ("","Lunghezza Password","","Tempo assegnato (h)","","","")); ?>
+	<tr>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><input type="text" size="3" name="lpwd"></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><input type="text" size="3" name="tempo" value=24></td>
+		<td colspan=3 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+	</tr>
+	<tr><td class="spaziov" colspan=7><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="spaziov" colspan=6><input type="submit" value="Conferma"></td>
+	</tr>
+</table>
+</form>
+<img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="20" alt="">
+<?php view_footer(); ?>
diff --git a/proxy/users_group_lista.php b/proxy/users_group_lista.php
new file mode 100755
index 0000000..13b5e20
--- /dev/null
+++ b/proxy/users_group_lista.php
@@ -0,0 +1,66 @@
+<?php
+include_once ("../core/config.php");
+$UTENTE = login();
+$DIRITTI = diritti('Admin');
+view_top();
+?>
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+<?php	html_spazi (array (5,5,5,2,10,2,13,2,10,2,10,0)); ?>
+	<tr>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="spazioh"><a href="users_group_edit.php"><img src="<?php print $CONF['base_url'] ?>/img/addresource.png"></a></td>
+		<td colspan=10 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+	</tr>
+<?php
+$query = "	SELECT 
+			id,
+			user,
+			fullname,
+			attivo,
+			DATE_FORMAT(primo, '%d.%m.%Y %H:%i:%s') AS primo,
+			DATE_FORMAT(ultimo, '%d.%m.%Y %H:%i:%s') AS ultimo
+		FROM
+			proxy_utenti
+		WHERE
+			guest = 1
+		ORDER BY
+			user
+	";
+
+$res = mysql_query( $query, $DB_ID );
+html_intestazione (array ("","","","","Utente","","Nome Completo","","Primo Accesso","","Ultimo Accesso",""));
+while ($dato = mysql_fetch_array ( $res )) {
+?>
+	<tr>
+<?php
+	if ($dato['attivo']) {
+?>
+		<td class="spazioh"><a href="proxy_gest.php?azione=user_down&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Utente Attivo" TITLE="Utente Attivo"></a></td>
+<?php	} else { ?>
+		<td class="spazioh"><a href="proxy_gest.php?azione=user_up&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="Utente non Attivo" TITLE="Utente non Attivo"></a></td>
+<?php	} ?>
+		<td class="spazioh"><a href="proxy_gest.php?azione=user_rm&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/trash.png"></a></td>
+
+		<td class="spazioh"><a href="users_edit.php?id=<?php print $dato['id'] ?>"><img src="<?php print $CONF['base_url'] ?>/img/modify.gif" ALT="Dettaglio" TITLE="Dettaglio"></a></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+
+		<td class="colip"><?php print $dato['user'] ?></td>
+
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><?php print $dato['fullname'] ?></td>
+
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><?php print $dato['primo'] ?></td>
+
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="colip"><?php print $dato['ultimo'] ?></td>
+		<td class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		</td>
+	</tr>
+	<tr><td class="spaziov" colspan=12><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+
+<?php
+} ?>
+</table>
+<img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="20" alt="">
+<?php view_footer(); ?>
diff --git a/proxy/users_lista.php b/proxy/users_lista.php
index c9dffc0..cff2ad5 100755
--- a/proxy/users_lista.php
+++ b/proxy/users_lista.php
@@ -17,10 +17,12 @@ $query = "	SELECT
 			user,
 			fullname,
 			attivo,
-			DATE_FORMAT(data, '%d.%m.%Y %H:%i:%s') AS data,
+			DATE_FORMAT(ultimo, '%d.%m.%Y %H:%i:%s') AS data,
 			ip
 		FROM
 			proxy_utenti
+		WHERE
+			guest = 0
 		ORDER BY
 			user
 	";
diff --git a/rewrite.php b/rewrite.php
new file mode 100644
index 0000000..0a5ad02
--- /dev/null
+++ b/rewrite.php
@@ -0,0 +1,27 @@
+<?php 
+include_once ("core/config.php");
+
+$path = ltrim($_SERVER['REQUEST_URI'], '/');
+
+$query = "	SELECT
+			to_url
+		FROM
+			rewrite
+		WHERE
+			from_url = '$path'
+			AND
+			attivo = 1
+";
+
+$res = mysql_query( $query, $DB_ID );
+
+if ($valori = mysql_fetch_array ( $res )) {
+	include ($valori['to_url']);
+} else {
+	print "$path non c'e'";
+	exit;
+}
+
+
+
+?>

From dd90762a6f885ba0cb36126af06f552cde877b33 Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Tue, 17 May 2016 17:18:34 +0200
Subject: [PATCH 5/5] Fix vari

---
 DBDiff/proxy.sql                              |  2 ++
 calendar.css => OLD_REMOVE/calendar.css       |  0
 chk.php => OLD_REMOVE/chk.php                 |  0
 footer_mini.php => OLD_REMOVE/footer_mini.php |  0
 gestfw.php => OLD_REMOVE/gestfw.php           |  0
 modrule.php => OLD_REMOVE/modrule.php         |  0
 rule.php => OLD_REMOVE/rule.php               |  0
 top_mini.php => OLD_REMOVE/top_mini.php       |  0
 TODO                                          |  3 ---
 core/function.php                             | 13 ++++++-------
 10 files changed, 8 insertions(+), 10 deletions(-)
 rename calendar.css => OLD_REMOVE/calendar.css (100%)
 rename chk.php => OLD_REMOVE/chk.php (100%)
 rename footer_mini.php => OLD_REMOVE/footer_mini.php (100%)
 rename gestfw.php => OLD_REMOVE/gestfw.php (100%)
 rename modrule.php => OLD_REMOVE/modrule.php (100%)
 rename rule.php => OLD_REMOVE/rule.php (100%)
 rename top_mini.php => OLD_REMOVE/top_mini.php (100%)

diff --git a/DBDiff/proxy.sql b/DBDiff/proxy.sql
index 55a6f69..7c9b832 100644
--- a/DBDiff/proxy.sql
+++ b/DBDiff/proxy.sql
@@ -25,3 +25,5 @@ ALTER TABLE `proxy_utenti` CHANGE `ip` `ip` VARCHAR(15) CHARACTER SET utf8 COLLA
 REVOKE ALL PRIVILEGES ON `pannello_vbc`.`proxy_utenti` FROM 'pannello_proxy'@'%'; GRANT SELECT, UPDATE (`primo`, `ultimo`, `attivo`) ON `pannello_vbc`.`proxy_utenti` TO 'pannello_proxy'@'%';
 
 INSERT INTO `pannello_vbc`.`moduli_page` (`id`, `id_moduli`, `nome`, `ordine`, `pagina`, `livello`, `attivo`) VALUES (NULL, '1', 'Lista Gruppi', '35', 'users_group_lista.php', '10', '1'); 
+
+ALTER TABLE `moduli` ADD `ordine` INT NOT NULL AFTER `nome`;
diff --git a/calendar.css b/OLD_REMOVE/calendar.css
similarity index 100%
rename from calendar.css
rename to OLD_REMOVE/calendar.css
diff --git a/chk.php b/OLD_REMOVE/chk.php
similarity index 100%
rename from chk.php
rename to OLD_REMOVE/chk.php
diff --git a/footer_mini.php b/OLD_REMOVE/footer_mini.php
similarity index 100%
rename from footer_mini.php
rename to OLD_REMOVE/footer_mini.php
diff --git a/gestfw.php b/OLD_REMOVE/gestfw.php
similarity index 100%
rename from gestfw.php
rename to OLD_REMOVE/gestfw.php
diff --git a/modrule.php b/OLD_REMOVE/modrule.php
similarity index 100%
rename from modrule.php
rename to OLD_REMOVE/modrule.php
diff --git a/rule.php b/OLD_REMOVE/rule.php
similarity index 100%
rename from rule.php
rename to OLD_REMOVE/rule.php
diff --git a/top_mini.php b/OLD_REMOVE/top_mini.php
similarity index 100%
rename from top_mini.php
rename to OLD_REMOVE/top_mini.php
diff --git a/TODO b/TODO
index 1310c86..da0bcc1 100644
--- a/TODO
+++ b/TODO
@@ -4,6 +4,3 @@
 - DHCP
 - Routing
 
-# Proxy
-- Possibilita' per gli utenti proxy di cambiarsi la password
-- gestione generazione gruppi utenze
diff --git a/core/function.php b/core/function.php
index 152b488..c5c269c 100755
--- a/core/function.php
+++ b/core/function.php
@@ -357,6 +357,8 @@ function array_moduli () {
 				utenti.utente = '".$_SESSION['username']."'
 			AND
 				moduli.attivo = 1
+			ORDER BY
+				ordine
 		";
 
 	$menu[] =	array("Home", $CONF['base_url']."/core/main.php",0,"Home Page",0);
@@ -392,13 +394,10 @@ function home_moduli () {
 	global $UTENTE, $CONF;
 
 	$menu = array_moduli();
-?>
-	<tr>
-		<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="20%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-		<td class="sep" width="75%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
-	</tr>
-<?php	for ($i=0; $i<count($menu);$i++) { ?>
+
+	html_spazi (array (5,30,0));
+
+	for ($i=1; $i<count($menu);$i++) { ?>
 	<tr>
 		<td class="spazioh"><a href="<?php print $menu[$i][1]?>"><img src="<?php print $CONF['base_url'] ?>/img/go.png"></a></td>
 		<td class="campo"><?php print $menu[$i][0] ?></td>