cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Primo import

Browse Source
This commit is contained in:
cmaffio
2015-10-08 11:41:53 +02:00
parent 22de29deda
commit dd934cb895
40 changed files with 431 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

331
core/function.php Executable file
View File

@@ -0,0 +1,331 @@
<?php
function escape_string ($string)
{
if(is_array($string)) {
$clean = array();
foreach(array_keys($string) as $row) {
$clean[$row] = escape_string($string[$row]);
}
return $clean;
}
if (get_magic_quotes_gpc ())
{
$string = stripslashes($string);
}
if (!is_numeric($string))
{
$link = db_auth_connect();
$escaped_string = mysql_real_escape_string($string, $link);
}
else
{
$escaped_string = $string;
}
return $escaped_string;
}
function pop3_login($host,$user,$pass,$port=110,$folder="INBOX",$ssl=false)
{
$ssl=($ssl==false)?"/novalidate-cert":"";
$ritorno = (imap_open("{"."$host:$port/pop3$ssl"."}$folder",$user,$pass));
return $ritorno;
}
function db_login($user,$pass) {
global $DB_ID;
$query = "SELECT id FROM utenti WHERE utente ='$user' AND password = MD5('$pass') AND attivo = 1";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$ritorno = $dato['id'];
return $ritorno;
}
function db_data_connect () {
global $db_data_server, $db_data_user, $db_data_pwd, $db_data_name;
$db_data_id = mysql_connect($db_data_server, $db_data_user, $db_data_pwd);
mysql_select_db($db_data_name, $db_data_id);
return $db_data_id;
}
function login () {
global $_SESSION, $_POST, $POP3_Server, $DB_ID, $CONF;
session_name("FirewallSW");
session_start();
if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) {
$tMessage = '<span class="error_msg">Dati di autenticazione errati</span>';
$tUsername = $_SESSION['username'];
$_SESSION['auth'] = 0;
session_destroy();
include ("userlogin.php");
exit;
} else {
logga ($_SERVER['REQUEST_URI']);
$_SESSION['time'] = time();
return carica_utente ();
}
} else {
if ($_POST['fUsername']) {
$fUsername = $_POST['fUsername'];
$fPassword = $_POST['fPassword'];
if(db_login ($fUsername, $fPassword)) {
print "-- ".$_POST['fUsername']." - ".$_POST['fPassword']." --<br>";
$_SESSION = array();
$_SESSION['passwd'] = $fPassword;
$_SESSION['username'] = $fUsername;
$_SESSION['auth'] = 1;
$_SESSION['time'] = time();
session_regenerate_id(TRUE);
logga ("Accesso");
return carica_utente ();
} else {
$tMessage = 'Errore';
$tUsername = $fUsername;
include ("userlogin.php");
exit;
}
} else {
if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) {
$tMessage = '<span class="error_msg">Sessione scaduta</span>';
$tUsername = $_SESSION['username'];
logga ("Sessione scaduta");
include ("userlogin.php");
exit;
} else {
include ("userlogin.php");
exit;
}
}
}
}
function carica_conf () {
global $CONF, $DB_ID;
$query = "SELECT variabile, valore FROM conf";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$CONF[$dato[0]] = $dato[1];
}
}
function isadmin () {
global $UTENTE;
if ($UTENTE['admin']) {
return;
} else {
header("location: main.php");
exit;
}
}
function carica_utente () {
global $_SESSION, $CONF, $DB_ID;
$query = "SELECT * FROM utenti where utente = '".$_SESSION['username']."'";
$res = mysql_query( $query, $DB_ID );
$dati = mysql_fetch_array ( $res );
return $dati;
}
function is_first_access () {
global $_SESSION, $DB_ID, $CONF;
$utente = $_SESSION['username'];
$query = "SELECT * FROM utenti WHERE utente = '$utente'";
$res = mysql_query( $query, $DB_ID );
if (!mysql_fetch_array( $res )) {
$query = "INSERT INTO utenti SET utente='$utente', max_perm='".$CONF['permanenti']."', max_temp='".$CONF['temporanei']."', creato=now(), max_tempo='".$CONF['tempo_temporanei']."', totale=".$CONF['totale'].", idtemplate=".$CONF['template_base'];
mysql_query( $query, $DB_ID );
logga ("Creazione nuova utenza");
mkdir ($CONF['storage'].'/'.$utente);
logga ("Creazione storage utente");
}
}
function logga ($testo, $dest="") {
global $_SESSION, $DB_ID, $CONF;
if ($dest == "") {
$destinatario = $_SESSION['username'];
} else {
$destinatario = $dest;
}
$ip = @$_SERVER["REMOTE_ADDR"];
$sessione = session_id();;
// print "-- $sessione --";
$query = "INSERT INTO accessi_utenti SET utente = '$destinatario', quando = now(), ip = '$ip', cosa = '$testo', sessione = '$sessione'";
$queryuser = "UPDATE utenti SET ultimo = now() WHERE utente = '$destinatario'";
// print "-- $queryuser --";
$res = mysql_query( $query, $DB_ID );
$res = mysql_query( $queryuser, $DB_ID );
}
function logga_allegati ($id, $cosa) {
global $DB_ID, $CONF;
$ip = $_SERVER["REMOTE_ADDR"];
$query = "INSERT INTO accesso_allegati SET idallegato=$id, quando=now(), cosa='$cosa', ip='$ip'";
$res = mysql_query( $query, $DB_ID );
}
function ultimo_coll () {
global $_SESSION, $DB_ID, $CONF;
$query = "SELECT DATE_FORMAT(quando, '%d-%m-%Y %H:%i:%s') as quando FROM accessi_utenti WHERE utente = '".$_SESSION['username']."' AND cosa = 'Uscita' order by quando desc limit 1";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
if (is_null($dato['quando'])) {
return "Primo accesso";
} else {
return $dato['quando'];
}
}
function codice(){
global $DB_ID;
$N_Caratteri = 30;
$Stringa = "";
For($I=0;$I<$N_Caratteri;$I++){
do{
$N = Ceil(rand(48,122));
}while(!((($N >= 48) && ($N <= 57)) || (($N >= 65) && ($N <= 90)) || (($N >= 97) && ($N <= 122))));
$Stringa = $Stringa.Chr ($N);
}
$query = "SELECT * FROM allegati WHERE codice='$Stringa' AND vecchio=0";
$res = mysql_query( $query, $DB_ID );
if (mysql_fetch_array ( $res )) { $stringa = codice(); }
return $Stringa;
}
function invia_mail ($oggetto, $testo, $dest="") {
global $UTENTE, $CONF;
$headers = 'From: noreply@esseweb.eu' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if ($dest == "") {
$destinatario = $UTENTE['utente'];
} else {
$destinatario = $dest;
}
mail($destinatario, $oggetto, $testo, $headers);
}
function fsize ($stat) {
$stat = (float)$stat;
$idx = 0;
$arr = array("B","kB","MB","GB","TB","PB","EB","ZB","YB");
while(floor($stat/1024)>0){
$stat = round($stat/1024,2);
$idx++;
}
return $stat." ".$arr[$idx];
}
function creanome ($idparent) {
global $DB_ID;
$query = "SELECT interfacce.device, defrule.idparent, defrule.priorita FROM defrule JOIN interfacce ON defrule.idinterfacce = interfacce.id WHERE defrule.id = '$idparent'";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
if ($dato['idparent'] == 0) {
$ritorno = $dato['device']."-2:".$dato['priorita'];
return $ritorno;
} else {
$ritorno = creanome($dato['idparent']).":".$dato['priorita'];
return $ritorno;
}
}
function defrule_att ($id) {
global $DB_ID;
$query = "UPDATE defrule SET attivo=1, stato=2 WHERE id = $id";
if (mysql_query( $query, $DB_ID )) {
azioni ("defrule", $id, 1);
$query = "SELECT idparent FROM defrule WHERE id = $id";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$parent = $dato['idparent'];
if ($parent) {
$ritorno = defrule_att($parent);
} else {
$ritorno = 1;
}
} else {
return mysql_error();
}
return $ritorno;
}
function defrule_dis ($id, $stato=2) {
global $DB_ID;
$ritorno = 1;
$query = "UPDATE defrule SET attivo=0, stato=$stato WHERE id = $id";
if (mysql_query( $query, $DB_ID )) {
azioni ("defrule", $id, 3);
if ($stato == 3) {
$query_rule = "DELETE FROM rule WHERE iddefrule = $id";
mysql_query( $query_rule, $DB_ID );
}
$query = "SELECT id FROM defrule WHERE idparent = $id AND stato <> 3";
if ($res = mysql_query( $query, $DB_ID )) {
while ($dato = mysql_fetch_array ($res)) {
$ritorno = defrule_dis ($dato['id'], $stato);
}
} else {
return mysql_error();
}
} else {
return mysql_error();
}
return $ritorno;
}
function defrule_reset ($iddevice, $idparent, $fw) {
global $DB_ID;
$query = "SELECT id FROM defrule WHERE idinterfacce = $iddevice AND idparent = $idparent AND attivo = 1 AND stato <> 3";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$id_defrule = $dato['id'];
$query_azioni = "INSERT INTO azioni SET fw=$fw, tabella='defrule', idtabella=$id_defrule, stato=1, datains=NOW()";
mysql_query( $query_azioni, $DB_ID );
defrule_reset ($iddevice, $id_defrule, $fw);
}
}
function maxrate ($idrule, $idparent, $device) {
global $DB_ID;
if ($idparent == 0) {
$querylim = "SELECT rate, ceil FROM interfacce WHERE id = $device";
} else {
$querylim = "SELECT rate, ceil FROM defrule WHERE id = $idparent";
}
$queryatt = "SELECT SUM(rate) AS somma FROM defrule WHERE idinterfacce = $device AND attivo = 1 AND stato <> 3 AND id <> $idrule AND idparent = $idparent";
$querypri = "SELECT MAX(priorita) AS pri FROM defrule WHERE idinterfacce = $device AND stato <> 3 AND id <> $idrule AND idparent = $idparent AND priorita < 1000";
$reslim = mysql_query( $querylim, $DB_ID );
$datolim = mysql_fetch_array ($reslim);
$resatt = mysql_query( $queryatt, $DB_ID );
$datoatt = mysql_fetch_array ($resatt);
$respri = mysql_query( $querypri, $DB_ID );
$datopri = mysql_fetch_array ($respri);
$ritorno['rate'] = $datolim['rate'] - $datoatt['somma'];
$ritorno['ceil'] = $datolim['ceil'];
$ritorno['pri'] = $datopri['pri'] + 10;
return $ritorno;
}
function azioni ($tabella, $idtabella, $stato) {
global $DB_ID;
$query_fw = "SELECT id FROM firewall WHERE attivo = 1";
$res_fw = mysql_query( $query_fw, $DB_ID );
while ($dato_fw = mysql_fetch_array ($res_fw)) {
$id_fw = $dato_fw['id'];
$query_new = "INSERT INTO azioni SET fw = $id_fw, tabella = '$tabella', idtabella = $idtabella, stato = $stato, datains = NOW()";
// print "$query_new<br>";
mysql_query( $query_new, $DB_ID );
}
}
?>