= time())) { if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) { $tMessage = 'Dati di autenticazione errati'; $tUsername = $_SESSION['username']; $_SESSION['auth'] = 0; session_destroy(); include ("userlogin.php"); exit; } else { logga ($_SERVER['REQUEST_URI']); $_SESSION['time'] = time(); return carica_utente (); } } else { if ($_POST['fUsername']) { $fUsername = $_POST['fUsername']; $fPassword = $_POST['fPassword']; if(db_login ($fUsername, $fPassword)) { $_SESSION = array(); $_SESSION['passwd'] = $fPassword; $_SESSION['username'] = $fUsername; $_SESSION['auth'] = 1; $_SESSION['time'] = time(); session_regenerate_id(TRUE); logga ("Accesso"); return carica_utente (); } else { $tMessage = 'Errore'; $tUsername = $fUsername; include ("userlogin.php"); exit; } } else { if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) { $tMessage = 'Sessione scaduta'; $tUsername = $_SESSION['username']; logga ("Sessione scaduta"); include ("userlogin.php"); exit; } else { include ("userlogin.php"); exit; } } } } function carica_conf () { global $CONF, $DB_ID; $query = "SELECT variabile, valore FROM conf"; $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ( $res )) { $CONF[$dato[0]] = $dato[1]; } } function isadmin () { global $UTENTE; if ($UTENTE['admin']) { return; } else { header("location: main.php"); exit; } } function carica_utente () { global $_SESSION, $CONF, $DB_ID; $query = "SELECT * FROM utenti where utente = '".$_SESSION['username']."'"; $res = mysql_query( $query, $DB_ID ); $dati = mysql_fetch_array ( $res ); return $dati; } function is_first_access () { global $_SESSION, $DB_ID, $CONF; $utente = $_SESSION['username']; $query = "SELECT * FROM utenti WHERE utente = '$utente'"; $res = mysql_query( $query, $DB_ID ); if (!mysql_fetch_array( $res )) { $query = "INSERT INTO utenti SET utente='$utente', max_perm='".$CONF['permanenti']."', max_temp='".$CONF['temporanei']."', creato=now(), max_tempo='".$CONF['tempo_temporanei']."', totale=".$CONF['totale'].", idtemplate=".$CONF['template_base']; mysql_query( $query, $DB_ID ); logga ("Creazione nuova utenza"); mkdir ($CONF['storage'].'/'.$utente); logga ("Creazione storage utente"); } } function logga ($testo, $dest="") { global $_SESSION, $DB_ID, $CONF; if ($dest == "") { $destinatario = $_SESSION['username']; } else { $destinatario = $dest; } $ip = @$_SERVER["REMOTE_ADDR"]; $sessione = session_id();; // print "-- $sessione --"; $query = "INSERT INTO accessi_utenti SET utente = '$destinatario', quando = now(), ip = '$ip', cosa = '$testo', sessione = '$sessione'"; $queryuser = "UPDATE utenti SET ultimo = now() WHERE utente = '$destinatario'"; // print "-- $queryuser --"; $res = mysql_query( $query, $DB_ID ); $res = mysql_query( $queryuser, $DB_ID ); } function logga_allegati ($id, $cosa) { global $DB_ID, $CONF; $ip = $_SERVER["REMOTE_ADDR"]; $query = "INSERT INTO accesso_allegati SET idallegato=$id, quando=now(), cosa='$cosa', ip='$ip'"; $res = mysql_query( $query, $DB_ID ); } function ultimo_coll () { global $_SESSION, $DB_ID, $CONF; $query = "SELECT DATE_FORMAT(quando, '%d-%m-%Y %H:%i:%s') as quando FROM accessi_utenti WHERE utente = '".$_SESSION['username']."' AND cosa = 'Uscita' order by quando desc limit 1"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); if (is_null($dato['quando'])) { return "Primo accesso"; } else { return $dato['quando']; } } function codice(){ global $DB_ID; $N_Caratteri = 30; $Stringa = ""; For($I=0;$I<$N_Caratteri;$I++){ do{ $N = Ceil(rand(48,122)); }while(!((($N >= 48) && ($N <= 57)) || (($N >= 65) && ($N <= 90)) || (($N >= 97) && ($N <= 122)))); $Stringa = $Stringa.Chr ($N); } $query = "SELECT * FROM allegati WHERE codice='$Stringa' AND vecchio=0"; $res = mysql_query( $query, $DB_ID ); if (mysql_fetch_array ( $res )) { $stringa = codice(); } return $Stringa; } function invia_mail ($oggetto, $testo, $dest="") { global $UTENTE, $CONF; $headers = 'From: noreply@esseweb.eu' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if ($dest == "") { $destinatario = $UTENTE['utente']; } else { $destinatario = $dest; } mail($destinatario, $oggetto, $testo, $headers); } function fsize ($stat) { $stat = (float)$stat; $idx = 0; $arr = array("B","kB","MB","GB","TB","PB","EB","ZB","YB"); while(floor($stat/1024)>0){ $stat = round($stat/1024,2); $idx++; } return $stat." ".$arr[$idx]; } function creanome ($idparent) { global $DB_ID; $query = "SELECT interfacce.device, defrule.idparent, defrule.priorita FROM defrule JOIN interfacce ON defrule.idinterfacce = interfacce.id WHERE defrule.id = '$idparent'"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); if ($dato['idparent'] == 0) { $ritorno = $dato['device']."-2:".$dato['priorita']; return $ritorno; } else { $ritorno = creanome($dato['idparent']).":".$dato['priorita']; return $ritorno; } } function defrule_att ($id) { global $DB_ID; $query = "UPDATE defrule SET attivo=1, stato=2 WHERE id = $id"; if (mysql_query( $query, $DB_ID )) { azioni ("defrule", $id, 1); $query = "SELECT idparent FROM defrule WHERE id = $id"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); $parent = $dato['idparent']; if ($parent) { $ritorno = defrule_att($parent); } else { $ritorno = 1; } } else { return mysql_error(); } return $ritorno; } function defrule_dis ($id, $stato=2) { global $DB_ID; $ritorno = 1; $query = "UPDATE defrule SET attivo=0, stato=$stato WHERE id = $id"; if (mysql_query( $query, $DB_ID )) { azioni ("defrule", $id, 3); if ($stato == 3) { $query_rule = "DELETE FROM rule WHERE iddefrule = $id"; mysql_query( $query_rule, $DB_ID ); } $query = "SELECT id FROM defrule WHERE idparent = $id AND stato <> 3"; if ($res = mysql_query( $query, $DB_ID )) { while ($dato = mysql_fetch_array ($res)) { $ritorno = defrule_dis ($dato['id'], $stato); } } else { return mysql_error(); } } else { return mysql_error(); } return $ritorno; } function defrule_reset ($iddevice, $idparent, $fw) { global $DB_ID; $query = "SELECT id FROM defrule WHERE idinterfacce = $iddevice AND idparent = $idparent AND attivo = 1 AND stato <> 3"; $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ($res)) { $id_defrule = $dato['id']; $query_azioni = "INSERT INTO azioni SET fw=$fw, tabella='defrule', idtabella=$id_defrule, stato=1, datains=NOW()"; mysql_query( $query_azioni, $DB_ID ); defrule_reset ($iddevice, $id_defrule, $fw); } } function maxrate ($idrule, $idparent, $device) { global $DB_ID; if ($idparent == 0) { $querylim = "SELECT rate, ceil FROM interfacce WHERE id = $device"; } else { $querylim = "SELECT rate, ceil FROM defrule WHERE id = $idparent"; } $queryatt = "SELECT SUM(rate) AS somma FROM defrule WHERE idinterfacce = $device AND attivo = 1 AND stato <> 3 AND id <> $idrule AND idparent = $idparent"; $querypri = "SELECT MAX(priorita) AS pri FROM defrule WHERE idinterfacce = $device AND stato <> 3 AND id <> $idrule AND idparent = $idparent AND priorita < 1000"; $reslim = mysql_query( $querylim, $DB_ID ); $datolim = mysql_fetch_array ($reslim); $resatt = mysql_query( $queryatt, $DB_ID ); $datoatt = mysql_fetch_array ($resatt); $respri = mysql_query( $querypri, $DB_ID ); $datopri = mysql_fetch_array ($respri); $ritorno['rate'] = $datolim['rate'] - $datoatt['somma']; $ritorno['ceil'] = $datolim['ceil']; $ritorno['pri'] = $datopri['pri'] + 10; return $ritorno; } function azioni ($tabella, $idtabella, $stato) { global $DB_ID; $query_fw = "SELECT id FROM firewall WHERE attivo = 1"; $res_fw = mysql_query( $query_fw, $DB_ID ); while ($dato_fw = mysql_fetch_array ($res_fw)) { $id_fw = $dato_fw['id']; $query_new = "INSERT INTO azioni SET fw = $id_fw, tabella = '$tabella', idtabella = $idtabella, stato = $stato, datains = NOW()"; // print "$query_new
"; mysql_query( $query_new, $DB_ID ); } } ?>