= time())) { if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) { $tMessage = 'Dati di autenticazione errati'; $tUsername = $_SESSION['username']; $_SESSION['auth'] = 0; session_destroy(); include ("userlogin.php"); exit; } else { logga ($_SERVER['REQUEST_URI']); $_SESSION['time'] = time(); return carica_utente (); } } else { if ($_POST['fUsername']) { $fUsername = $_POST['fUsername']; $fPassword = $_POST['fPassword']; if(db_login ($fUsername, $fPassword)) { $_SESSION = array(); $_SESSION['passwd'] = $fPassword; $_SESSION['username'] = $fUsername; $_SESSION['auth'] = 1; $_SESSION['time'] = time(); session_regenerate_id(TRUE); logga ("Accesso"); return carica_utente (); } else { $tMessage = 'Errore'; $tUsername = $fUsername; include ("userlogin.php"); exit; } } else { if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) { $tMessage = 'Sessione scaduta'; $tUsername = $_SESSION['username']; logga ("Sessione scaduta"); include ("userlogin.php"); exit; } else { include ("userlogin.php"); exit; } } } } function carica_conf ($modulo="") { global $CONF, $DB_ID; if ($modulo != "") { $query = "SELECT prefisso FROM moduli WHERE nome = '$modulo'"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); $tabella = $dato['prefisso']."conf"; } else { $tabella = "conf"; } $query = "SELECT variabile, valore FROM $tabella"; $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ( $res )) { $tmp[$dato[0]] = $dato[1]; } return $tmp; } function isadmin () { global $UTENTE, $CONF; if ($UTENTE['admin']) { return; } else { header("location: ".$CONF['base_url']."/index.php"); exit; } } function carica_utente () { global $_SESSION, $CONF, $DB_ID; $query = "SELECT * FROM utenti where utente = '".$_SESSION['username']."'"; $res = mysql_query( $query, $DB_ID ); $dati = mysql_fetch_array ( $res ); return $dati; } function is_first_access () { global $_SESSION, $DB_ID, $CONF; $utente = $_SESSION['username']; $query = "SELECT * FROM utenti WHERE utente = '$utente'"; $res = mysql_query( $query, $DB_ID ); if (!mysql_fetch_array( $res )) { $query = "INSERT INTO utenti SET utente='$utente', max_perm='".$CONF['permanenti']."', max_temp='".$CONF['temporanei']."', creato=now(), max_tempo='".$CONF['tempo_temporanei']."', totale=".$CONF['totale'].", idtemplate=".$CONF['template_base']; mysql_query( $query, $DB_ID ); logga ("Creazione nuova utenza"); mkdir ($CONF['storage'].'/'.$utente); logga ("Creazione storage utente"); } } function logga ($testo, $dest="") { global $_SESSION, $DB_ID, $CONF; if ($dest == "") { $destinatario = $_SESSION['username']; } else { $destinatario = $dest; } $ip = @$_SERVER["REMOTE_ADDR"]; $sessione = session_id();; // print "-- $sessione --"; $query = "INSERT INTO accessi_utenti SET utente = '$destinatario', quando = now(), ip = '$ip', cosa = '$testo', sessione = '$sessione'"; $queryuser = "UPDATE utenti SET ultimo = now() WHERE utente = '$destinatario'"; // print "-- $query --"; $res = mysql_query( $query, $DB_ID ); $res = mysql_query( $queryuser, $DB_ID ); } function logga_allegati ($id, $cosa) { global $DB_ID, $CONF; $ip = $_SERVER["REMOTE_ADDR"]; $query = "INSERT INTO accesso_allegati SET idallegato=$id, quando=now(), cosa='$cosa', ip='$ip'"; $res = mysql_query( $query, $DB_ID ); } function ultimo_coll () { global $_SESSION, $DB_ID, $CONF; $query = "SELECT DATE_FORMAT(quando, '%d-%m-%Y %H:%i:%s') as quando FROM accessi_utenti WHERE utente = '".$_SESSION['username']."' AND cosa = 'Uscita' order by quando desc limit 1"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); if (is_null($dato['quando'])) { return "Primo accesso"; } else { return $dato['quando']; } } function codice(){ global $DB_ID; $N_Caratteri = 30; $Stringa = ""; For($I=0;$I<$N_Caratteri;$I++){ do{ $N = Ceil(rand(48,122)); }while(!((($N >= 48) && ($N <= 57)) || (($N >= 65) && ($N <= 90)) || (($N >= 97) && ($N <= 122)))); $Stringa = $Stringa.Chr ($N); } $query = "SELECT * FROM allegati WHERE codice='$Stringa' AND vecchio=0"; $res = mysql_query( $query, $DB_ID ); if (mysql_fetch_array ( $res )) { $stringa = codice(); } return $Stringa; } function invia_mail ($oggetto, $testo, $dest="") { global $UTENTE, $CONF; $headers = 'From: noreply@esseweb.eu' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if ($dest == "") { $destinatario = $UTENTE['utente']; } else { $destinatario = $dest; } mail($destinatario, $oggetto, $testo, $headers); } function fsize ($stat) { $stat = (float)$stat; $idx = 0; $arr = array("B","kB","MB","GB","TB","PB","EB","ZB","YB"); while(floor($stat/1024)>0){ $stat = round($stat/1024,2); $idx++; } return $stat." ".$arr[$idx]; } function creanome ($idparent) { global $DB_ID; $query = "SELECT interfacce.device, defrule.idparent, defrule.priorita FROM defrule JOIN interfacce ON defrule.idinterfacce = interfacce.id WHERE defrule.id = '$idparent'"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); if ($dato['idparent'] == 0) { $ritorno = $dato['device']."-2:".$dato['priorita']; return $ritorno; } else { $ritorno = creanome($dato['idparent']).":".$dato['priorita']; return $ritorno; } } function defrule_att ($id) { global $DB_ID; $query = "UPDATE defrule SET attivo=1, stato=2 WHERE id = $id"; if (mysql_query( $query, $DB_ID )) { azioni ("defrule", $id, 1); $query = "SELECT idparent FROM defrule WHERE id = $id"; $res = mysql_query( $query, $DB_ID ); $dato = mysql_fetch_array ( $res ); $parent = $dato['idparent']; if ($parent) { $ritorno = defrule_att($parent); } else { $ritorno = 1; } } else { return mysql_error(); } return $ritorno; } function defrule_dis ($id, $stato=2) { global $DB_ID; $ritorno = 1; $query = "UPDATE defrule SET attivo=0, stato=$stato WHERE id = $id"; if (mysql_query( $query, $DB_ID )) { azioni ("defrule", $id, 3); if ($stato == 3) { $query_rule = "DELETE FROM rule WHERE iddefrule = $id"; mysql_query( $query_rule, $DB_ID ); } $query = "SELECT id FROM defrule WHERE idparent = $id AND stato <> 3"; if ($res = mysql_query( $query, $DB_ID )) { while ($dato = mysql_fetch_array ($res)) { $ritorno = defrule_dis ($dato['id'], $stato); } } else { return mysql_error(); } } else { return mysql_error(); } return $ritorno; } function defrule_reset ($iddevice, $idparent, $fw) { global $DB_ID; $query = "SELECT id FROM defrule WHERE idinterfacce = $iddevice AND idparent = $idparent AND attivo = 1 AND stato <> 3"; $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ($res)) { $id_defrule = $dato['id']; $query_azioni = "INSERT INTO azioni SET fw=$fw, tabella='defrule', idtabella=$id_defrule, stato=1, datains=NOW()"; mysql_query( $query_azioni, $DB_ID ); defrule_reset ($iddevice, $id_defrule, $fw); } } function maxrate ($idrule, $idparent, $device) { global $DB_ID; if ($idparent == 0) { $querylim = "SELECT rate, ceil FROM interfacce WHERE id = $device"; } else { $querylim = "SELECT rate, ceil FROM defrule WHERE id = $idparent"; } $queryatt = "SELECT SUM(rate) AS somma FROM defrule WHERE idinterfacce = $device AND attivo = 1 AND stato <> 3 AND id <> $idrule AND idparent = $idparent"; $querypri = "SELECT MAX(priorita) AS pri FROM defrule WHERE idinterfacce = $device AND stato <> 3 AND id <> $idrule AND idparent = $idparent AND priorita < 1000"; $reslim = mysql_query( $querylim, $DB_ID ); $datolim = mysql_fetch_array ($reslim); $resatt = mysql_query( $queryatt, $DB_ID ); $datoatt = mysql_fetch_array ($resatt); $respri = mysql_query( $querypri, $DB_ID ); $datopri = mysql_fetch_array ($respri); $ritorno['rate'] = $datolim['rate'] - $datoatt['somma']; $ritorno['ceil'] = $datolim['ceil']; $ritorno['pri'] = $datopri['pri'] + 10; return $ritorno; } function azioni ($tabella, $idtabella, $stato) { global $DB_ID; $query_fw = "SELECT id FROM firewall WHERE attivo = 1"; $res_fw = mysql_query( $query_fw, $DB_ID ); while ($dato_fw = mysql_fetch_array ($res_fw)) { $id_fw = $dato_fw['id']; $query_new = "INSERT INTO azioni SET fw = $id_fw, tabella = '$tabella', idtabella = $idtabella, stato = $stato, datains = NOW()"; // print "$query_new
"; mysql_query( $query_new, $DB_ID ); } } function lista_moduli () { global $UTENTE, $DB_ID, $CONF; $query = " SELECT moduli.id AS id, moduli.nome AS nome, moduli.directory AS directory FROM utenti JOIN permessi ON utenti.id = permessi.id_utenti AND permessi.accesso > 0 JOIN moduli ON moduli.id = permessi.id_moduli WHERE utenti.utente = '".$_SESSION['username']."' AND moduli.attivo = 1 "; $menu[] = array("Home", $CONF['base_url']."/core/main.php",0); if ($UTENTE['admin']) { $menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php"); $query .= " UNION DISTINCT SELECT moduli.nome AS nome, moduli.directory AS directory FROM moduli WHERE moduli.superadmin > 0 AND moduli.attivo = 1 "; } $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ($res)) { $menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id']); } $menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php",0); $pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2); $self = $pezzi[count($pezzi)-1]; ?>

= $minimo) { return $risposta; } else { header("location: ".$CONF['base_url']."/index.php"); exit; } } function get_levels () { global $DB_ID; $query = "SELECT nome, livello FROM livelli ORDER BY livello"; $res = mysql_query( $query, $DB_ID ); $livelli = array(); while ($dato = mysql_fetch_array ($res)) { $livelli[$dato['livello']] = $dato['nome']; } return $livelli; } function view_top () { global $CONF, $UTENTE; include_once ($_SERVER["CONTEXT_DOCUMENT_ROOT"].$CONF['base_url']."/core/top.php"); } function view_footer () { global $CONF, $UTENTE; include_once ($_SERVER["CONTEXT_DOCUMENT_ROOT"].$CONF['base_url']."/core/footer.php"); } ?>