diff --git a/.htaccess b/.htaccess index 96aa873..fdaaa92 100644 --- a/.htaccess +++ b/.htaccess @@ -1,3 +1,9 @@ RewriteEngine on RewriteRule ^(.*/)?img/(.*) risorse/immagini/$2 [L] RewriteRule ^(.*/)?css/(.*) risorse/stili/$2 [L] + +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME} !-d +RewriteRule . /pannello_vbc/rewrite.php [L] + + diff --git a/DBDiff/proxy.sql b/DBDiff/proxy.sql new file mode 100644 index 0000000..55a6f69 --- /dev/null +++ b/DBDiff/proxy.sql @@ -0,0 +1,27 @@ +ALTER TABLE `proxy_utenti` ADD `guest` INT NOT NULL DEFAULT '0' AFTER `modifica`; + +INSERT INTO `pannello_vbc`.`livelli` (`id`, `livello`, `nome`) VALUES (NULL, '1', 'Libero'); +ALTER TABLE `moduli_page` ADD `livello` INT NOT NULL AFTER `pagina`; + +CREATE TABLE `rewrite` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `from_url` varchar(512) NOT NULL, + `to_url` varchar(512) NOT NULL, + `attivo` tinyint(1) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `from_url` (`from_url`(255)) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 + +INSERT INTO `rewrite` (`id`, `from_url`, `to_url`, `attivo`) VALUES +(1, 'pannello_vbc/proxy_auth.php', 'proxy/ext/main_proxy.php', 1), +(2, 'pannello_vbc/main_proxy.php', 'proxy/ext/main_proxy.php', 1), +(3, 'pannello_vbc/logout_proxy.php', 'proxy/ext/logout_proxy.php', 1), +(4, 'pannello_vbc/chkpasswd_proxy.php', 'proxy/ext/chkpasswd_proxy.php', 1); + +ALTER TABLE `proxy_utenti` ADD `primo` DATETIME NULL AFTER `modifica`; +ALTER TABLE `proxy_utenti` ADD `ultimo` DATETIME NULL AFTER `ultimo`; +ALTER TABLE `proxy_utenti` ADD `tempo` DECIMAL(20,2) NOT NULL DEFAULT '0' AFTER `attivo`; +ALTER TABLE `proxy_utenti` CHANGE `ip` `ip` VARCHAR(15) CHARACTER SET utf8 COLLATE utf8_general_ci NULL; +REVOKE ALL PRIVILEGES ON `pannello_vbc`.`proxy_utenti` FROM 'pannello_proxy'@'%'; GRANT SELECT, UPDATE (`primo`, `ultimo`, `attivo`) ON `pannello_vbc`.`proxy_utenti` TO 'pannello_proxy'@'%'; + +INSERT INTO `pannello_vbc`.`moduli_page` (`id`, `id_moduli`, `nome`, `ordine`, `pagina`, `livello`, `attivo`) VALUES (NULL, '1', 'Lista Gruppi', '35', 'users_group_lista.php', '10', '1'); diff --git a/TODO b/TODO index f7653c5..1310c86 100644 --- a/TODO +++ b/TODO @@ -1,7 +1,9 @@ # Moduli da implementare -- Proxy +- Accesso Desktop - Firewall - DHCP - Routing - +# Proxy +- Possibilita' per gli utenti proxy di cambiarsi la password +- gestione generazione gruppi utenze diff --git a/core/function.php b/core/function.php index 4e3a4f7..152b488 100755 --- a/core/function.php +++ b/core/function.php @@ -49,7 +49,7 @@ function db_data_connect () { function login () { global $_SESSION, $_POST, $POP3_Server, $DB_ID, $CONF; - session_name("FirewallSW"); + session_name("SWP"); session_start(); if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) { if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) { @@ -345,7 +345,8 @@ function array_moduli () { moduli.id AS id, moduli.nome AS nome, moduli.directory AS directory, - moduli.descrizione AS descrizione + moduli.descrizione AS descrizione, + permessi.accesso AS accesso FROM utenti JOIN @@ -358,10 +359,10 @@ function array_moduli () { moduli.attivo = 1 "; - $menu[] = array("Home", $CONF['base_url']."/core/main.php",0,"Home Page"); + $menu[] = array("Home", $CONF['base_url']."/core/main.php",0,"Home Page",0); if ($UTENTE['admin']) { - $menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php",0,"Modifica configurazione"); + $menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php",0,"Modifica configurazione",0); $query .= " UNION DISTINCT SELECT moduli.id AS id, moduli.nome AS nome, @@ -379,7 +380,7 @@ function array_moduli () { $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ($res)) { - $menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id'], $dato['descrizione']); + $menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id'], $dato['descrizione'], $dato['accesso']); } $menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php",0,"Cambio Password"); @@ -437,10 +438,12 @@ function lista_moduli () { moduli_page JOIN moduli - ON - moduli.id = moduli_page.id_moduli + ON + moduli.id = moduli_page.id_moduli WHERE moduli_page.attivo = 1 + AND + moduli_page.livello <= ".$menu[$i][4]." AND moduli_page.id_moduli = ".$menu[$i][2]." ORDER BY @@ -465,6 +468,18 @@ function lista_moduli () { function diritti ($minimo) { global $UTENTE, $DB_ID, $CONF; + $query = " SELECT + livello + FROM + livelli + WHERE + nome = '$minimo' + "; + + $res = mysql_query( $query, $DB_ID ); + $dato = mysql_fetch_array ($res); + $minimo = $dato['livello']; + preg_match ('/^'.preg_replace('/\//','\/',$CONF['base_url']).'\/([^\/]+)\/.*/', $_SERVER['REQUEST_URI'], $trovato); $modulo = $trovato[1]; @@ -473,17 +488,25 @@ function diritti ($minimo) { FROM moduli JOIN - permessi ON moduli.id = permessi.id_moduli AND permessi.id_utenti = ".$UTENTE['id']." + permessi + ON + moduli.id = permessi.id_moduli + AND + permessi.id_utenti = ".$UTENTE['id']." WHERE moduli.directory = '$modulo' - AND + AND moduli.attivo = 1 UNION DISTINCT SELECT moduli.superadmin FROM moduli JOIN - utenti ON utenti.id = ".$UTENTE['id']." AND utenti.admin = 1 + utenti + ON + utenti.id = ".$UTENTE['id']." + AND + utenti.admin = 1 WHERE moduli.directory = '$modulo' "; @@ -572,4 +595,41 @@ function generateStrongPassword($length = 9, $add_dashes = false, $available_set return $dash_str; } +function html_spazi ($dati) { + global $CONF; + + print ""; + $somma = 0; + foreach ($dati as $riga) { + if (!$riga) { + $riga = 100 - $somma; + } else { + $somma += $riga; + } +?> + +"; +} + +function html_intestazione ($dati, $tipo = array ()) { + global $CONF; + + print ""; + foreach ($dati as $key => $riga) { + if ($riga == "") { + $riga = " "; + } + + if (isset ($tipo[$key]) && $tipo[$key] != "") { + $classe = $tipo[$key]; + } else { + $classe = "descrizione"; + } +?> + +"; +} + ?> diff --git a/core/logout.php b/core/logout.php index 5abf62c..7226380 100755 --- a/core/logout.php +++ b/core/logout.php @@ -2,7 +2,7 @@ include_once ("config.php"); login(); logga ("Uscita"); -session_name("AllegatiSW"); +session_name("SWP"); session_start(); $_SESSION['auth'] = 0; session_destroy(); diff --git a/firewall/index.php b/firewall/index.php index 5771ac6..f8ccc8a 100755 --- a/firewall/index.php +++ b/firewall/index.php @@ -1,7 +1,7 @@
- - - - - - - - - - - + diff --git a/proxy/ext/chkpasswd_proxy.php b/proxy/ext/chkpasswd_proxy.php new file mode 100644 index 0000000..6fb8fa6 --- /dev/null +++ b/proxy/ext/chkpasswd_proxy.php @@ -0,0 +1,146 @@ + +
+ + + + + + + + + + + + + + +
+
+ +
+ +Non e' stato possibile eseguire l'operazione richiesta a causa di un errore:
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Nome Utente
+ + + + + + + + + + + + + + + + +
+
+
 
+
+
+
+
+
+
+ +     + +
+
+ + + diff --git a/proxy/ext/footer_proxy.php b/proxy/ext/footer_proxy.php new file mode 100644 index 0000000..2045aba --- /dev/null +++ b/proxy/ext/footer_proxy.php @@ -0,0 +1,17 @@ + + + + + + + + + + + + +
  Admin  
+ + + + diff --git a/proxy/ext/function_proxy.php b/proxy/ext/function_proxy.php new file mode 100644 index 0000000..847752f --- /dev/null +++ b/proxy/ext/function_proxy.php @@ -0,0 +1,143 @@ += time())) { + if(!db_login_proxy ($_SESSION['username'], $_SESSION['passwd'])) { + $tMessage = 'Dati di autenticazione errati'; + $tUsername = $_SESSION['username']; + $_SESSION['auth'] = 0; + session_destroy(); + include ("userlogin.php"); + exit; + } else { + logga ($_SERVER['REQUEST_URI']); + $_SESSION['time'] = time(); + return carica_utente_proxy (); + } + } else { + if ($_POST['fUsername']) { + $fUsername = $_POST['fUsername']; + $fPassword = $_POST['fPassword']; + if(db_login_proxy ($fUsername, $fPassword)) { + $_SESSION = array(); + $_SESSION['passwd'] = $fPassword; + $_SESSION['username'] = $fUsername; + $_SESSION['auth'] = 1; + $_SESSION['time'] = time(); + session_regenerate_id(TRUE); + return carica_utente_proxy (); + } else { + $tMessage = 'Errore'; + $tUsername = $fUsername; + include ("userlogin.php"); + exit; + } + } else { + if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) { + $tMessage = 'Sessione scaduta'; + $tUsername = $_SESSION['username']; + logga ("Sessione scaduta"); + include ("userlogin.php"); + exit; + } else { + include ("userlogin.php"); + exit; + } + } + } +} + +function carica_utente_proxy () { + global $_SESSION, $CONF, $DB_ID; + $query = "SELECT * FROM proxy_utenti where user = '".$_SESSION['username']."'"; + $res = mysql_query( $query, $DB_ID ); + $dati = mysql_fetch_array ( $res ); + + return $dati; +} + +function lista_moduli_proxy () { + global $UTENTE, $DB_ID, $CONF; + + $menu[] = array("Home", "main_proxy.php",0,"Home Page",0); + $menu[] = array("Cambio password", "chkpasswd_proxy.php",0,"Cambio Password"); + + $pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2); + $self = $pezzi[count($pezzi)-1]; +?> + + + diff --git a/proxy/ext/logout_proxy.php b/proxy/ext/logout_proxy.php new file mode 100644 index 0000000..0923c3e --- /dev/null +++ b/proxy/ext/logout_proxy.php @@ -0,0 +1,10 @@ + diff --git a/proxy/ext/main_proxy.php b/proxy/ext/main_proxy.php new file mode 100644 index 0000000..3113fc2 --- /dev/null +++ b/proxy/ext/main_proxy.php @@ -0,0 +1,15 @@ + + + + + + +
+ + + diff --git a/proxy/ext/top_proxy.php b/proxy/ext/top_proxy.php new file mode 100644 index 0000000..93da496 --- /dev/null +++ b/proxy/ext/top_proxy.php @@ -0,0 +1,30 @@ + + + +Autenticazione Proxy + + + + + + + + + + + +
+ + + + + + +
Utente:  Logout
+
+ +
 
diff --git a/proxy/ext/userlogin.php b/proxy/ext/userlogin.php new file mode 100644 index 0000000..46d54b3 --- /dev/null +++ b/proxy/ext/userlogin.php @@ -0,0 +1,23 @@ + +
+ + + + + + + + + + + + + + + + + + +

" />
+
+ diff --git a/proxy/index.php b/proxy/index.php index afcbc82..9872256 100755 --- a/proxy/index.php +++ b/proxy/index.php @@ -1,7 +1,7 @@ diff --git a/proxy/net_acl.php b/proxy/net_acl.php index 29a9fdf..64569eb 100755 --- a/proxy/net_acl.php +++ b/proxy/net_acl.php @@ -1,7 +1,7 @@ - - - - - - - - - - - - - - - - - - - - - - -
ReteNegaDefaultAutorizzaNome Lista
- - - - - - - - - - - - - + diff --git a/proxy/pool_acl.php b/proxy/pool_acl.php index c18ce56..372d9fa 100755 --- a/proxy/pool_acl.php +++ b/proxy/pool_acl.php @@ -1,7 +1,7 @@ diff --git a/proxy/pool_lista.php b/proxy/pool_lista.php index c290631..78a58ac 100755 --- a/proxy/pool_lista.php +++ b/proxy/pool_lista.php @@ -1,7 +1,7 @@ @@ -19,78 +19,95 @@ if (isset($_GET['id'])) { $id = $_GET['id']; if (isset($_GET['azione'])) { $azione = $_GET['azione']; + $genera = 0; switch ($azione) { case "net_up": $query = "UPDATE proxy_net SET attivo = 1 WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate l'abilitazione della rete?"; break; case "net_down": $query = "UPDATE proxy_net SET attivo = 0 WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate la disabilitazione della rete?"; break; case "net_rm": $query = "DELETE FROM proxy_net WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate la rimozione della rete?"; break; case "acl_up": $query = "UPDATE proxy_acl_list SET attivo = 1, data = NOW() WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate l'abilitazione della ACL?"; break; case "acl_down": $query = "UPDATE proxy_acl_list SET attivo = 0, data = NOW() WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate la disabilitazione della ACL?"; break; case "link_up": $query = "UPDATE proxy_acl SET attivo = 1, data = NOW() WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate l'abilitazione dell'URL?"; break; case "link_down": $query = "UPDATE proxy_acl SET attivo = 0, data = NOW() WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate la disabilitazione dell'URL?"; break; case "link_rm": $query = "DELETE FROM proxy_acl WHERE id = $id"; - mysql_query( $query, $DB_ID ); + $testo = "Confermate la cancellazione dell'URL?"; break; case "pool_ins": $query = "INSERT INTO proxy_pool (ip, pool, attivo, ins) VALUES ('$id', 1, 1, NOW()) ON DUPLICATE KEY UPDATE attivo = 1"; - mysql_query( $query, $DB_ID ); - genera($DB_ID); + $testo = "Confermate l'inserimento dell'indirizzo IP nel pool di limitazione?"; + $genera = 1; break; case "pool_rem": $query = "INSERT INTO proxy_pool (ip, pool, attivo, ins) VALUES ('$id', 1, 0, NOW()) ON DUPLICATE KEY UPDATE attivo = 0"; - mysql_query( $query, $DB_ID ); - genera($DB_ID); + $testo = "Confermate la rimozione dell'indirizzo IP dal pool di limitazione?"; + $genera = 1; break; case "user_up": $query = "UPDATE proxy_utenti SET attivo = 1 WHERE id = $id"; - mysql_query( $query, $DB_ID ); - $testo = "Utente Abilitato"; + $testo = "Confermate l'abilitazione dell'utente?"; break; case "user_down": $query = "UPDATE proxy_utenti SET attivo = 0 WHERE id = $id"; - mysql_query( $query, $DB_ID ); - $testo = "Utente Disabilitato"; + $testo = "Confermate la disabilitazione dell'utente?"; break; case "user_rm": $query = "DELETE FROM proxy_utenti WHERE id = $id"; - mysql_query( $query, $DB_ID ); - $testo = "Utente Eliminato"; + $testo = "Confermate la cancellazione dell'utente?"; break; default: $testo = "Regola non implementata"; break; } + + if (isset($_GET['ref'])) { + $ref = pack ('H*', $_GET['ref']); + mysql_query( $query, $DB_ID ); + if ($genera) genera($DB_ID); +?> + + + + -connect("DBI:mysql:;host=$DBhost", $DBuser, $DBpass) or die ( $sts = $dbmysql->prepare("use $DBname"); $sts->execute (); -open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log"; -LOG->autoflush(1); +#open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log"; +#LOG->autoflush(1); while($limit) { alarm $timeout; @@ -35,15 +35,15 @@ while($limit) { my $ritorno = cerca ($param[1],$param[2], -1); $limit--; if ($ritorno) { - print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; +# print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; print "DENY\n"; } else { $ritorno = cerca ($param[1],$param[2], 1); if ($ritorno) { - print LOG "$param[0] - $param[1] - $param[2] - OK\n"; +# print LOG "$param[0] - $param[1] - $param[2] - OK\n"; print "OK\n"; } else { - print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; +# print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; # print "DENY\n"; print "\n"; } diff --git a/proxy/squid_acl/squid_acl_net.pl b/proxy/squid_acl/squid_acl_net.pl index 3a2c04d..71660e4 100755 --- a/proxy/squid_acl/squid_acl_net.pl +++ b/proxy/squid_acl/squid_acl_net.pl @@ -9,7 +9,7 @@ require "$Bin/../script/conntrack.conf"; local $SIG{ALRM} = sub { my $time = localtime; # scalar context - print LOG "$$ - $time - Exit\n"; +# print LOG "$$ - $time - Exit\n"; exit 1; }; @@ -21,8 +21,8 @@ my $dbmysql = DBI->connect("DBI:mysql:;host=$DBhost", $DBuser, $DBpass) or die ( $sts = $dbmysql->prepare("use $DBname"); $sts->execute (); -open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log"; -LOG->autoflush(1); +#open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log"; +#LOG->autoflush(1); while($limit) { alarm $timeout; @@ -35,15 +35,15 @@ while($limit) { my $ritorno = cerca ($param[1],$param[2], -1); $limit--; if ($ritorno) { - print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; +# print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; print "DENY\n"; } else { $ritorno = cerca ($param[1],$param[2], 1); if ($ritorno) { - print LOG "$param[0] - $param[1] - $param[2] - OK\n"; +# print LOG "$param[0] - $param[1] - $param[2] - OK\n"; print "OK\n"; } else { - print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; +# print LOG "$param[0] - $param[1] - $param[2] - ERR\n"; print "\n"; } } diff --git a/proxy/squid_acl/squid_auth.pl b/proxy/squid_acl/squid_auth.pl index e1bf799..45b1ca1 100755 --- a/proxy/squid_acl/squid_auth.pl +++ b/proxy/squid_acl/squid_auth.pl @@ -8,7 +8,7 @@ require "$Bin/../script/conntrack.conf"; local $SIG{ALRM} = sub { my $time = localtime; # scalar context - print LOG "$$ - $time - Exit\n"; +# print LOG "$$ - $time - Exit\n"; exit 1; }; @@ -20,8 +20,8 @@ my $dbmysql = DBI->connect("DBI:mysql:;host=$DBhost", $DBuser, $DBpass) or die ( $sts = $dbmysql->prepare("use $DBname"); $sts->execute (); -open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log"; -LOG->autoflush(1); +#open LOG, ">> /srv/www/htdocs/pannello_vbc/proxy/squid_acl/squid_pool.log"; +#LOG->autoflush(1); alarm $timeout; while($limit) { @@ -29,11 +29,10 @@ while($limit) { my $input = <>; chop $input; -# my ($acl, $ip) = split / /, $input; my @param = split / /, $input; if ($param[0] ne "") { - $query = "SELECT id FROM proxy_utenti WHERE user = '".$param[0]."' AND pass = PASSWORD('".$param[1]."') AND attivo = 1"; + $query = "SELECT id, primo, (tempo*3600)-time_to_sec(timediff(ultimo, primo)) AS rimasto, tempo FROM proxy_utenti WHERE user = '".$param[0]."' AND pass = PASSWORD('".$param[1]."') AND attivo = 1"; $limit--; alarm $timeout; } else { @@ -47,7 +46,22 @@ while($limit) { if ($ref = $sts->fetchrow_hashref ) { my $id = $$ref{'id'}; - my $query = "UPDATE proxy_utenti SET data = NOW() WHERE id = $id"; + my $primo = $$ref{'primo'}; + my $rimasto = $$ref{'rimasto'}; + my $tempo = $$ref{'tempo'}; + + my $agg = ""; + my $query = ""; + if (($tempo > 0) && ($rimasto < 0)){ + $agg = "attivo = 0,"; + } + + if (!$primo) { + $query = "UPDATE proxy_utenti SET $agg primo = NOW(), ultimo = NOW() WHERE id = $id"; + } else { + $query = "UPDATE proxy_utenti SET $agg ultimo = NOW() WHERE id = $id"; + } +# print LOG "$rimasto -- $query\n"; $sts = $dbmysql->prepare($query); $sts->execute (); print "OK\n"; diff --git a/proxy/users_edit.php b/proxy/users_edit.php index e17d2ba..d7154f1 100755 --- a/proxy/users_edit.php +++ b/proxy/users_edit.php @@ -1,7 +1,7 @@ + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +  -  + +
+ + + diff --git a/proxy/users_group_lista.php b/proxy/users_group_lista.php new file mode 100755 index 0000000..13b5e20 --- /dev/null +++ b/proxy/users_group_lista.php @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Utente AttivoUtente non AttivoDettaglio
+ + diff --git a/proxy/users_lista.php b/proxy/users_lista.php index bc77c65..cff2ad5 100755 --- a/proxy/users_lista.php +++ b/proxy/users_lista.php @@ -1,15 +1,15 @@ - + - + - - - + - + diff --git a/proxy/users_pwd.php b/proxy/users_pwd.php index 5464437..52b618f 100755 --- a/proxy/users_pwd.php +++ b/proxy/users_pwd.php @@ -1,7 +1,7 @@