cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Aggiunta info proxy

Browse Source
This commit is contained in:
cmaffio
2016-03-16 12:04:22 +01:00
parent a5ed0d219d
commit 990b05d3f2
6 changed files with 825 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

569
core/:q Normal file
View File

@@ -0,0 +1,569 @@
<?php
function escape_string ($string)
{
if(is_array($string)) {
$clean = array();
foreach(array_keys($string) as $row) {
$clean[$row] = escape_string($string[$row]);
}
return $clean;
}
if (get_magic_quotes_gpc ())
{
$string = stripslashes($string);
}
if (!is_numeric($string))
{
$link = db_auth_connect();
$escaped_string = mysql_real_escape_string($string, $link);
}
else
{
$escaped_string = $string;
}
return $escaped_string;
}
function pop3_login($host,$user,$pass,$port=110,$folder="INBOX",$ssl=false)
{
$ssl=($ssl==false)?"/novalidate-cert":"";
$ritorno = (imap_open("{"."$host:$port/pop3$ssl"."}$folder",$user,$pass));
return $ritorno;
}
function db_login($user,$pass) {
global $DB_ID;
$query = "SELECT id FROM utenti WHERE utente ='$user' AND password = MD5('$pass') AND attivo = 1";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$ritorno = $dato['id'];
return $ritorno;
}
function db_data_connect () {
global $db_data_server, $db_data_user, $db_data_pwd, $db_data_name;
$db_data_id = mysql_connect($db_data_server, $db_data_user, $db_data_pwd);
mysql_select_db($db_data_name, $db_data_id);
return $db_data_id;
}
function login () {
global $_SESSION, $_POST, $POP3_Server, $DB_ID, $CONF;
session_name("FirewallSW");
session_start();
if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) {
$tMessage = '<span class="error_msg">Dati di autenticazione errati</span>';
$tUsername = $_SESSION['username'];
$_SESSION['auth'] = 0;
session_destroy();
include ("userlogin.php");
exit;
} else {
logga ($_SERVER['REQUEST_URI']);
$_SESSION['time'] = time();
return carica_utente ();
}
} else {
if ($_POST['fUsername']) {
$fUsername = $_POST['fUsername'];
$fPassword = $_POST['fPassword'];
if(db_login ($fUsername, $fPassword)) {
$_SESSION = array();
$_SESSION['passwd'] = $fPassword;
$_SESSION['username'] = $fUsername;
$_SESSION['auth'] = 1;
$_SESSION['time'] = time();
session_regenerate_id(TRUE);
logga ("Accesso");
return carica_utente ();
} else {
$tMessage = 'Errore';
$tUsername = $fUsername;
include ("userlogin.php");
exit;
}
} else {
if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) {
$tMessage = '<span class="error_msg">Sessione scaduta</span>';
$tUsername = $_SESSION['username'];
logga ("Sessione scaduta");
include ("userlogin.php");
exit;
} else {
include ("userlogin.php");
exit;
}
}
}
}
function carica_conf ($modulo="") {
global $CONF, $DB_ID;
if ($modulo != "") {
$query = "SELECT prefisso FROM moduli WHERE nome = '$modulo'";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$tabella = $dato['prefisso']."conf";
} else {
$tabella = "conf";
}
$query = "SELECT variabile, valore FROM $tabella";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$tmp[$dato[0]] = $dato[1];
}
return $tmp;
}
function isadmin () {
global $UTENTE, $CONF;
if ($UTENTE['admin']) {
return;
} else {
header("location: ".$CONF['base_url']."/index.php");
exit;
}
}
function carica_utente () {
global $_SESSION, $CONF, $DB_ID;
$query = "SELECT * FROM utenti where utente = '".$_SESSION['username']."'";
$res = mysql_query( $query, $DB_ID );
$dati = mysql_fetch_array ( $res );
return $dati;
}
function is_first_access () {
global $_SESSION, $DB_ID, $CONF;
$utente = $_SESSION['username'];
$query = "SELECT * FROM utenti WHERE utente = '$utente'";
$res = mysql_query( $query, $DB_ID );
if (!mysql_fetch_array( $res )) {
$query = "INSERT INTO utenti SET utente='$utente', max_perm='".$CONF['permanenti']."', max_temp='".$CONF['temporanei']."', creato=now(), max_tempo='".$CONF['tempo_temporanei']."', totale=".$CONF['totale'].", idtemplate=".$CONF['template_base'];
mysql_query( $query, $DB_ID );
logga ("Creazione nuova utenza");
mkdir ($CONF['storage'].'/'.$utente);
logga ("Creazione storage utente");
}
}
function logga ($testo, $dest="") {
global $_SESSION, $DB_ID, $CONF;
if ($dest == "") {
$destinatario = $_SESSION['username'];
} else {
$destinatario = $dest;
}
$ip = @$_SERVER["REMOTE_ADDR"];
$sessione = session_id();;
// print "-- $sessione --";
$query = "INSERT INTO accessi_utenti SET utente = '$destinatario', quando = now(), ip = '$ip', cosa = '$testo', sessione = '$sessione'";
$queryuser = "UPDATE utenti SET ultimo = now() WHERE utente = '$destinatario'";
// print "-- $query --";
$res = mysql_query( $query, $DB_ID );
$res = mysql_query( $queryuser, $DB_ID );
}
function logga_allegati ($id, $cosa) {
global $DB_ID, $CONF;
$ip = $_SERVER["REMOTE_ADDR"];
$query = "INSERT INTO accesso_allegati SET idallegato=$id, quando=now(), cosa='$cosa', ip='$ip'";
$res = mysql_query( $query, $DB_ID );
}
function ultimo_coll () {
global $_SESSION, $DB_ID, $CONF;
$query = "SELECT DATE_FORMAT(quando, '%d-%m-%Y %H:%i:%s') as quando FROM accessi_utenti WHERE utente = '".$_SESSION['username']."' AND cosa = 'Uscita' order by quando desc limit 1";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
if (is_null($dato['quando'])) {
return "Primo accesso";
} else {
return $dato['quando'];
}
}
function codice(){
global $DB_ID;
$N_Caratteri = 30;
$Stringa = "";
For($I=0;$I<$N_Caratteri;$I++){
do{
$N = Ceil(rand(48,122));
}while(!((($N >= 48) && ($N <= 57)) || (($N >= 65) && ($N <= 90)) || (($N >= 97) && ($N <= 122))));
$Stringa = $Stringa.Chr ($N);
}
$query = "SELECT * FROM allegati WHERE codice='$Stringa' AND vecchio=0";
$res = mysql_query( $query, $DB_ID );
if (mysql_fetch_array ( $res )) { $stringa = codice(); }
return $Stringa;
}
function invia_mail ($oggetto, $testo, $dest="") {
global $UTENTE, $CONF;
$headers = 'From: noreply@esseweb.eu' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if ($dest == "") {
$destinatario = $UTENTE['utente'];
} else {
$destinatario = $dest;
}
mail($destinatario, $oggetto, $testo, $headers);
}
function fsize ($stat) {
$stat = (float)$stat;
$idx = 0;
$arr = array("B","kB","MB","GB","TB","PB","EB","ZB","YB");
while(floor($stat/1024)>0){
$stat = round($stat/1024,2);
$idx++;
}
return $stat." ".$arr[$idx];
}
function creanome ($idparent) {
global $DB_ID;
$query = "SELECT interfacce.device, defrule.idparent, defrule.priorita FROM defrule JOIN interfacce ON defrule.idinterfacce = interfacce.id WHERE defrule.id = '$idparent'";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
if ($dato['idparent'] == 0) {
$ritorno = $dato['device']."-2:".$dato['priorita'];
return $ritorno;
} else {
$ritorno = creanome($dato['idparent']).":".$dato['priorita'];
return $ritorno;
}
}
function defrule_att ($id) {
global $DB_ID;
$query = "UPDATE defrule SET attivo=1, stato=2 WHERE id = $id";
if (mysql_query( $query, $DB_ID )) {
azioni ("defrule", $id, 1);
$query = "SELECT idparent FROM defrule WHERE id = $id";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$parent = $dato['idparent'];
if ($parent) {
$ritorno = defrule_att($parent);
} else {
$ritorno = 1;
}
} else {
return mysql_error();
}
return $ritorno;
}
function defrule_dis ($id, $stato=2) {
global $DB_ID;
$ritorno = 1;
$query = "UPDATE defrule SET attivo=0, stato=$stato WHERE id = $id";
if (mysql_query( $query, $DB_ID )) {
azioni ("defrule", $id, 3);
if ($stato == 3) {
$query_rule = "DELETE FROM rule WHERE iddefrule = $id";
mysql_query( $query_rule, $DB_ID );
}
$query = "SELECT id FROM defrule WHERE idparent = $id AND stato <> 3";
if ($res = mysql_query( $query, $DB_ID )) {
while ($dato = mysql_fetch_array ($res)) {
$ritorno = defrule_dis ($dato['id'], $stato);
}
} else {
return mysql_error();
}
} else {
return mysql_error();
}
return $ritorno;
}
function defrule_reset ($iddevice, $idparent, $fw) {
global $DB_ID;
$query = "SELECT id FROM defrule WHERE idinterfacce = $iddevice AND idparent = $idparent AND attivo = 1 AND stato <> 3";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$id_defrule = $dato['id'];
$query_azioni = "INSERT INTO azioni SET fw=$fw, tabella='defrule', idtabella=$id_defrule, stato=1, datains=NOW()";
mysql_query( $query_azioni, $DB_ID );
defrule_reset ($iddevice, $id_defrule, $fw);
}
}
function maxrate ($idrule, $idparent, $device) {
global $DB_ID;
if ($idparent == 0) {
$querylim = "SELECT rate, ceil FROM interfacce WHERE id = $device";
} else {
$querylim = "SELECT rate, ceil FROM defrule WHERE id = $idparent";
}
$queryatt = "SELECT SUM(rate) AS somma FROM defrule WHERE idinterfacce = $device AND attivo = 1 AND stato <> 3 AND id <> $idrule AND idparent = $idparent";
$querypri = "SELECT MAX(priorita) AS pri FROM defrule WHERE idinterfacce = $device AND stato <> 3 AND id <> $idrule AND idparent = $idparent AND priorita < 1000";
$reslim = mysql_query( $querylim, $DB_ID );
$datolim = mysql_fetch_array ($reslim);
$resatt = mysql_query( $queryatt, $DB_ID );
$datoatt = mysql_fetch_array ($resatt);
$respri = mysql_query( $querypri, $DB_ID );
$datopri = mysql_fetch_array ($respri);
$ritorno['rate'] = $datolim['rate'] - $datoatt['somma'];
$ritorno['ceil'] = $datolim['ceil'];
$ritorno['pri'] = $datopri['pri'] + 10;
return $ritorno;
}
function azioni ($tabella, $idtabella, $stato) {
global $DB_ID;
$query_fw = "SELECT id FROM firewall WHERE attivo = 1";
$res_fw = mysql_query( $query_fw, $DB_ID );
while ($dato_fw = mysql_fetch_array ($res_fw)) {
$id_fw = $dato_fw['id'];
$query_new = "INSERT INTO azioni SET fw = $id_fw, tabella = '$tabella', idtabella = $idtabella, stato = $stato, datains = NOW()";
// print "$query_new<br>";
mysql_query( $query_new, $DB_ID );
}
}
function lista_moduli () {
global $UTENTE, $DB_ID, $CONF;
$query = " SELECT
moduli.id AS id,
moduli.nome AS nome,
moduli.directory AS directory
FROM
utenti
JOIN
permessi ON utenti.id = permessi.id_utenti AND permessi.accesso > 0
JOIN
moduli ON moduli.id = permessi.id_moduli
WHERE
utenti.utente = '".$_SESSION['username']."'
AND
moduli.attivo = 1
";
$menu[] = array("Home", $CONF['base_url']."/core/main.php",0);
if ($UTENTE['admin']) {
$menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php");
$query .= " UNION DISTINCT SELECT
moduli.nome AS nome,
moduli.directory AS directory
FROM
moduli
WHERE
moduli.superadmin > 0
AND
moduli.attivo = 1
";
}
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id']);
}
$menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php",0);
$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
$self = $pezzi[count($pezzi)-1];
?>
<ul id="nav">
<li>
<a href="#">Home</a>
</li>
<li>
<a href="#">About</a>
<ul>
<li><a href="#">The product</a></li>
<li><a href="#">Meet the team</a></li>
</ul>
</li>
<li>
<a href="#">Services</a>
<ul>
<li><a href="#">Sevice one</a></li>
<li><a href="#">Sevice two</a></li>
<li><a href="#">Sevice three</a></li>
<li><a href="#">Sevice four</a></li>
</ul>
</li>
<li>
<a href="#">Product</a>
<ul>
<li><a href="#">Small product (one)</a></li>
<li><a href="#">Small product (two)</a></li>
<li><a href="#">Small product (three)</a></li>
<li><a href="#">Small product (four)</a></li>
<li><a href="#">Big product (five)</a></li>
<li><a href="#">Big product (six)</a></li>
<li><a href="#">Big product (seven)</a></li>
<li><a href="#">Big product (eight)</a></li>
<li><a href="#">Enormous product (nine)</a></li>
<li><a href="#">Enormous product (ten)</a></li>
<li><a href="#">Enormous product (eleven)</a></li>
</ul>
</li>
<li>
<a href="#">Contact</a>
<ul>
<li><a href="#">Out-of-hours</a></li>
<li><a href="#">Directions</a></li>
</ul>
</li>
</ul>
<table cellpadding="0" cellspacing="0" border="1" width="90%">
<tr bgcolor="#d2f4df">
<?php for ($i=0; $i<count($menu);$i++) { ?>
<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<?php if ($menu[$i][2] == 0) {
if ($self == $menu[$i][1]) {
$classe = "menuatt";
} else {
$classe = "menu";
}
?>
<td nowrap class="<?php echo $classe?>"><a class="<?php echo $classe?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a></td>
<?php
} else {
?>
<td nowrap>
<div class="dropdown">
<a data-toggle="dropdown" href="#" class="btn btn-primary"><?php print $menu[$i][0]?></a>
<ul class="dropdown-menu">
<li><a href="#">Item 1</a></li>
<li><a href="#">Item 2</a></li>
<li><a href="#">Item 3</a></li>
<li><a href="#">Item 4</a></li>
</ul>
</div>
</td>
<?php
}
} ?>
<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
</table>
<?php
}
function diritti ($minimo) {
global $UTENTE, $DB_ID, $CONF;
preg_match ('/^'.preg_replace('/\//','\/',$CONF['base_url']).'\/([^\/]+)\/.*/', $_SERVER['REQUEST_URI'], $trovato);
$modulo = $trovato[1];
$query = " SELECT
permessi.accesso AS accesso
FROM
moduli
JOIN
permessi ON moduli.id = permessi.id_moduli AND permessi.id_utenti = ".$UTENTE['id']."
WHERE
moduli.directory = '$modulo'
AND
moduli.attivo = 1
UNION DISTINCT SELECT
moduli.superadmin
FROM
moduli
JOIN
utenti ON utenti.id = ".$UTENTE['id']." AND utenti.admin = 1
WHERE
moduli.directory = '$modulo'
";
$res = mysql_query( $query, $DB_ID );
if ($dato = mysql_fetch_array ($res)) {
$risposta = $dato['accesso'];
} else {
$risposta = 0;
}
if ($risposta >= $minimo) {
return $risposta;
} else {
header("location: ".$CONF['base_url']."/index.php");
exit;
}
}
function get_levels () {
global $DB_ID;
$query = "SELECT nome, livello FROM livelli ORDER BY livello";
$res = mysql_query( $query, $DB_ID );
$livelli = array();
while ($dato = mysql_fetch_array ($res)) {
$livelli[$dato['livello']] = $dato['nome'];
}
return $livelli;
}
function view_top () {
global $CONF, $UTENTE;
include_once ($_SERVER["CONTEXT_DOCUMENT_ROOT"].$CONF['base_url']."/core/top.php");
}
function view_footer () {
global $CONF, $UTENTE;
include_once ($_SERVER["CONTEXT_DOCUMENT_ROOT"].$CONF['base_url']."/core/footer.php");
}
?>

51
core/function.php
View File

@@ -342,6 +342,7 @@ function lista_moduli () {
global $UTENTE, $DB_ID, $CONF;
$query = " SELECT
moduli.id AS id,
moduli.nome AS nome,
moduli.directory AS directory
FROM
@@ -356,11 +357,12 @@ function lista_moduli () {
moduli.attivo = 1
";
$menu[] = array("Home", $CONF['base_url']."/core/main.php");
$menu[] = array("Home", $CONF['base_url']."/core/main.php",0);
if ($UTENTE['admin']) {
$menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php");
$query .= " UNION DISTINCT SELECT
moduli.id AS id,
moduli.nome AS nome,
moduli.directory AS directory
FROM
@@ -375,29 +377,40 @@ function lista_moduli () {
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php");
$menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id']);
}
$menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php");
$menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php",0);
$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
$self = $pezzi[count($pezzi)-1];
?>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr bgcolor="#d2f4df">
<?php for ($i=0; $i<count($menu);$i++) {
<ul id="nav">
<?php for ($i=0; $i<count($menu);$i++) {
if ($self == $menu[$i][1]) {
$classe = "menuatt";
$classe = "sel";
} else {
$classe = "menu";
$classe = "nosel";
}
?>
<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td nowrap class="<?php echo $classe?>"><a class="<?php echo $classe?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a></td>
<?php } ?>
<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
</table>
<li>
<a class="<?php print $classe ?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a>
<?php
if ($menu[$i][2] != 0) {
$query = "SELECT nome, pagina FROM moduli_page WHERE attivo = 1 AND id_moduli = ".$menu[$i][2]." ORDER BY ordine";
$res_page = mysql_query( $query, $DB_ID ); ?>
<ul>
<?php while ($page = mysql_fetch_array ($res_page)) { ?>
<li><a href="<?php print $page['pagina'] ?>"><?php print $page['nome'] ?></a></li>
<?php } ?>
</ul>
<?php } ?>
</li>
<?php } ?>
</ul>
<?php
}
@@ -464,4 +477,14 @@ function view_footer () {
global $CONF, $UTENTE;
include_once ($_SERVER["CONTEXT_DOCUMENT_ROOT"].$CONF['base_url']."/core/footer.php");
}
function byteConvert($bytes) {
$s = array('B', 'Kb', 'MB', 'GB', 'TB', 'PB');
$e = floor(log($bytes)/log(1024));
return sprintf('%.2f '.$s[$e], ($bytes/pow(1024, $e)));
}
?>