cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
6d7923c5d54c0781df2bc15100a15f98fbc92697
pannello/core/function.php
cmaffio 6d7923c5d5 inserita gestione cambio password utenti proxy
2016-05-16 15:50:57 +02:00

636 lines
17 KiB
PHP
Executable File
Raw Blame History

<?php
function escape_string ($string)
{
if(is_array($string)) {
$clean = array();
foreach(array_keys($string) as $row) {
$clean[$row] = escape_string($string[$row]);
}
return $clean;
}
if (get_magic_quotes_gpc ())
{
$string = stripslashes($string);
}
if (!is_numeric($string))
{
$link = db_auth_connect();
$escaped_string = mysql_real_escape_string($string, $link);
}
else
{
$escaped_string = $string;
}
return $escaped_string;
}
function pop3_login($host,$user,$pass,$port=110,$folder="INBOX",$ssl=false)
{
$ssl=($ssl==false)?"/novalidate-cert":"";
$ritorno = (imap_open("{"."$host:$port/pop3$ssl"."}$folder",$user,$pass));
return $ritorno;
}
function db_login($user,$pass) {
global $DB_ID;
$query = "SELECT id FROM utenti WHERE utente ='$user' AND password = MD5('$pass') AND attivo = 1";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$ritorno = $dato['id'];
return $ritorno;
}
function db_data_connect () {
global $db_data_server, $db_data_user, $db_data_pwd, $db_data_name;
$db_data_id = mysql_connect($db_data_server, $db_data_user, $db_data_pwd);
mysql_select_db($db_data_name, $db_data_id);
return $db_data_id;
}
function login () {
global $_SESSION, $_POST, $POP3_Server, $DB_ID, $CONF;
session_name("SWP");
session_start();
if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) {
$tMessage = '<span class="error_msg">Dati di autenticazione errati</span>';
$tUsername = $_SESSION['username'];
$_SESSION['auth'] = 0;
session_destroy();
include ("userlogin.php");
exit;
} else {
logga ($_SERVER['REQUEST_URI']);
$_SESSION['time'] = time();
return carica_utente ();
}
} else {
if ($_POST['fUsername']) {
$fUsername = $_POST['fUsername'];
$fPassword = $_POST['fPassword'];
if(db_login ($fUsername, $fPassword)) {
$_SESSION = array();
$_SESSION['passwd'] = $fPassword;
$_SESSION['username'] = $fUsername;
$_SESSION['auth'] = 1;
$_SESSION['time'] = time();
session_regenerate_id(TRUE);
logga ("Accesso");
return carica_utente ();
} else {
$tMessage = 'Errore';
$tUsername = $fUsername;
include ("userlogin.php");
exit;
}
} else {
if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) {
$tMessage = '<span class="error_msg">Sessione scaduta</span>';
$tUsername = $_SESSION['username'];
logga ("Sessione scaduta");
include ("userlogin.php");
exit;
} else {
include ("userlogin.php");
exit;
}
}
}
}
function carica_conf ($modulo="") {
global $CONF, $DB_ID;
if ($modulo != "") {
$query = "SELECT prefisso FROM moduli WHERE nome = '$modulo'";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$tabella = $dato['prefisso']."conf";
} else {
$tabella = "conf";
}
$query = "SELECT variabile, valore FROM $tabella";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$tmp[$dato[0]] = $dato[1];
}
return $tmp;
}
function isadmin () {
global $UTENTE, $CONF;
if ($UTENTE['admin']) {
return;
} else {
header("location: ".$CONF['base_url']."/index.php");
exit;
}
}
function carica_utente () {
global $_SESSION, $CONF, $DB_ID;
$query = "SELECT * FROM utenti where utente = '".$_SESSION['username']."'";
$res = mysql_query( $query, $DB_ID );
$dati = mysql_fetch_array ( $res );
return $dati;
}
function is_first_access () {
global $_SESSION, $DB_ID, $CONF;
$utente = $_SESSION['username'];
$query = "SELECT * FROM utenti WHERE utente = '$utente'";
$res = mysql_query( $query, $DB_ID );
if (!mysql_fetch_array( $res )) {
$query = "INSERT INTO utenti SET utente='$utente', max_perm='".$CONF['permanenti']."', max_temp='".$CONF['temporanei']."', creato=now(), max_tempo='".$CONF['tempo_temporanei']."', totale=".$CONF['totale'].", idtemplate=".$CONF['template_base'];
mysql_query( $query, $DB_ID );
logga ("Creazione nuova utenza");
mkdir ($CONF['storage'].'/'.$utente);
logga ("Creazione storage utente");
}
}
function logga ($testo, $dest="") {
global $_SESSION, $DB_ID, $CONF;
if ($dest == "") {
$destinatario = $_SESSION['username'];
} else {
$destinatario = $dest;
}
$ip = @$_SERVER["REMOTE_ADDR"];
$sessione = session_id();;
// print "-- $sessione --";
$query = "INSERT INTO accessi_utenti SET utente = '$destinatario', quando = now(), ip = '$ip', cosa = '$testo', sessione = '$sessione'";
$queryuser = "UPDATE utenti SET ultimo = now() WHERE utente = '$destinatario'";
// print "-- $query --";
$res = mysql_query( $query, $DB_ID );
$res = mysql_query( $queryuser, $DB_ID );
}
function logga_allegati ($id, $cosa) {
global $DB_ID, $CONF;
$ip = $_SERVER["REMOTE_ADDR"];
$query = "INSERT INTO accesso_allegati SET idallegato=$id, quando=now(), cosa='$cosa', ip='$ip'";
$res = mysql_query( $query, $DB_ID );
}
function ultimo_coll () {
global $_SESSION, $DB_ID, $CONF;
$query = "SELECT DATE_FORMAT(quando, '%d-%m-%Y %H:%i:%s') as quando FROM accessi_utenti WHERE utente = '".$_SESSION['username']."' AND cosa = 'Uscita' order by quando desc limit 1";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
if (is_null($dato['quando'])) {
return "Primo accesso";
} else {
return $dato['quando'];
}
}
function codice(){
global $DB_ID;
$N_Caratteri = 30;
$Stringa = "";
For($I=0;$I<$N_Caratteri;$I++){
do{
$N = Ceil(rand(48,122));
}while(!((($N >= 48) && ($N <= 57)) || (($N >= 65) && ($N <= 90)) || (($N >= 97) && ($N <= 122))));
$Stringa = $Stringa.Chr ($N);
}
$query = "SELECT * FROM allegati WHERE codice='$Stringa' AND vecchio=0";
$res = mysql_query( $query, $DB_ID );
if (mysql_fetch_array ( $res )) { $stringa = codice(); }
return $Stringa;
}
function invia_mail ($oggetto, $testo, $dest="") {
global $UTENTE, $CONF;
$headers = 'From: noreply@esseweb.eu' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if ($dest == "") {
$destinatario = $UTENTE['utente'];
} else {
$destinatario = $dest;
}
mail($destinatario, $oggetto, $testo, $headers);
}
function fsize ($stat) {
$stat = (float)$stat;
$idx = 0;
$arr = array("B","kB","MB","GB","TB","PB","EB","ZB","YB");
while(floor($stat/1024)>0){
$stat = round($stat/1024,2);
$idx++;
}
return $stat." ".$arr[$idx];
}
function creanome ($idparent) {
global $DB_ID;
$query = "SELECT interfacce.device, defrule.idparent, defrule.priorita FROM defrule JOIN interfacce ON defrule.idinterfacce = interfacce.id WHERE defrule.id = '$idparent'";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
if ($dato['idparent'] == 0) {
$ritorno = $dato['device']."-2:".$dato['priorita'];
return $ritorno;
} else {
$ritorno = creanome($dato['idparent']).":".$dato['priorita'];
return $ritorno;
}
}
function defrule_att ($id) {
global $DB_ID;
$query = "UPDATE defrule SET attivo=1, stato=2 WHERE id = $id";
if (mysql_query( $query, $DB_ID )) {
azioni ("defrule", $id, 1);
$query = "SELECT idparent FROM defrule WHERE id = $id";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$parent = $dato['idparent'];
if ($parent) {
$ritorno = defrule_att($parent);
} else {
$ritorno = 1;
}
} else {
return mysql_error();
}
return $ritorno;
}
function defrule_dis ($id, $stato=2) {
global $DB_ID;
$ritorno = 1;
$query = "UPDATE defrule SET attivo=0, stato=$stato WHERE id = $id";
if (mysql_query( $query, $DB_ID )) {
azioni ("defrule", $id, 3);
if ($stato == 3) {
$query_rule = "DELETE FROM rule WHERE iddefrule = $id";
mysql_query( $query_rule, $DB_ID );
}
$query = "SELECT id FROM defrule WHERE idparent = $id AND stato <> 3";
if ($res = mysql_query( $query, $DB_ID )) {
while ($dato = mysql_fetch_array ($res)) {
$ritorno = defrule_dis ($dato['id'], $stato);
}
} else {
return mysql_error();
}
} else {
return mysql_error();
}
return $ritorno;
}
function defrule_reset ($iddevice, $idparent, $fw) {
global $DB_ID;
$query = "SELECT id FROM defrule WHERE idinterfacce = $iddevice AND idparent = $idparent AND attivo = 1 AND stato <> 3";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$id_defrule = $dato['id'];
$query_azioni = "INSERT INTO azioni SET fw=$fw, tabella='defrule', idtabella=$id_defrule, stato=1, datains=NOW()";
mysql_query( $query_azioni, $DB_ID );
defrule_reset ($iddevice, $id_defrule, $fw);
}
}
function maxrate ($idrule, $idparent, $device) {
global $DB_ID;
if ($idparent == 0) {
$querylim = "SELECT rate, ceil FROM interfacce WHERE id = $device";
} else {
$querylim = "SELECT rate, ceil FROM defrule WHERE id = $idparent";
}
$queryatt = "SELECT SUM(rate) AS somma FROM defrule WHERE idinterfacce = $device AND attivo = 1 AND stato <> 3 AND id <> $idrule AND idparent = $idparent";
$querypri = "SELECT MAX(priorita) AS pri FROM defrule WHERE idinterfacce = $device AND stato <> 3 AND id <> $idrule AND idparent = $idparent AND priorita < 1000";
$reslim = mysql_query( $querylim, $DB_ID );
$datolim = mysql_fetch_array ($reslim);
$resatt = mysql_query( $queryatt, $DB_ID );
$datoatt = mysql_fetch_array ($resatt);
$respri = mysql_query( $querypri, $DB_ID );
$datopri = mysql_fetch_array ($respri);
$ritorno['rate'] = $datolim['rate'] - $datoatt['somma'];
$ritorno['ceil'] = $datolim['ceil'];
$ritorno['pri'] = $datopri['pri'] + 10;
return $ritorno;
}
function azioni ($tabella, $idtabella, $stato) {
global $DB_ID;
$query_fw = "SELECT id FROM firewall WHERE attivo = 1";
$res_fw = mysql_query( $query_fw, $DB_ID );
while ($dato_fw = mysql_fetch_array ($res_fw)) {
$id_fw = $dato_fw['id'];
$query_new = "INSERT INTO azioni SET fw = $id_fw, tabella = '$tabella', idtabella = $idtabella, stato = $stato, datains = NOW()";
// print "$query_new<br>";
mysql_query( $query_new, $DB_ID );
}
}
function array_moduli () {
global $UTENTE, $DB_ID, $CONF;
$query = " SELECT
moduli.id AS id,
moduli.nome AS nome,
moduli.directory AS directory,
moduli.descrizione AS descrizione,
permessi.accesso AS accesso
FROM
utenti
JOIN
permessi ON utenti.id = permessi.id_utenti AND permessi.accesso > 0
JOIN
moduli ON moduli.id = permessi.id_moduli
WHERE
utenti.utente = '".$_SESSION['username']."'
AND
moduli.attivo = 1
";
$menu[] = array("Home", $CONF['base_url']."/core/main.php",0,"Home Page",0);
if ($UTENTE['admin']) {
$menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php",0,"Modifica configurazione",0);
$query .= " UNION DISTINCT SELECT
moduli.id AS id,
moduli.nome AS nome,
moduli.directory AS directory,
moduli.descrizione AS descrizione
FROM
moduli
WHERE
moduli.superadmin > 0
AND
moduli.attivo = 1
";
}
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php",$dato['id'], $dato['descrizione'], $dato['accesso']);
}
$menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php",0,"Cambio Password");
return $menu;
}
function home_moduli () {
global $UTENTE, $CONF;
$menu = array_moduli();
?>
<tr>
<td class="sep" width="5%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="sep" width="20%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="sep" width="75%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
<?php for ($i=0; $i<count($menu);$i++) { ?>
<tr>
<td class="spazioh"><a href="<?php print $menu[$i][1]?>"><img src="<?php print $CONF['base_url'] ?>/img/go.png"></a></td>
<td class="campo"><?php print $menu[$i][0] ?></td>
<td class="descrizione"><?php print $menu[$i][3] ?></td>
</tr>
<tr>
<td class="sep" colspan=3><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
<?php }
}
function lista_moduli () {
global $UTENTE, $DB_ID, $CONF;
$menu = array_moduli();
$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
$self = $pezzi[count($pezzi)-1];
?>
<ul id="nav">
<?php for ($i=0; $i<count($menu);$i++) {
if ($self == $menu[$i][1]) {
$classe = "sel";
} else {
$classe = "nosel";
}
?>
<li>
<a class="<?php print $classe ?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a>
<?php
if ($menu[$i][2] != 0) {
$query = " SELECT
moduli_page.nome AS nome,
moduli_page.pagina AS pagina,
moduli.directory AS directory
FROM
moduli_page
JOIN
moduli
ON
moduli.id = moduli_page.id_moduli
WHERE
moduli_page.attivo = 1
AND
moduli_page.livello <= ".$menu[$i][4]."
AND
moduli_page.id_moduli = ".$menu[$i][2]."
ORDER BY
moduli_page.ordine
";
$res_page = mysql_query( $query, $DB_ID ); ?>
<ul>
<?php while ($page = mysql_fetch_array ($res_page)) { ?>
<li><a href="<?php print $CONF['base_url']."/".$page['directory']."/".$page['pagina'] ?>"><?php print $page['nome'] ?></a></li>
<?php } ?>
</ul>
<?php } ?>
</li>
<?php } ?>
</ul>
<?php
}
function diritti ($minimo) {
global $UTENTE, $DB_ID, $CONF;
$query = " SELECT
livello
FROM
livelli
WHERE
nome = '$minimo'
";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ($res);
$minimo = $dato['livello'];
preg_match ('/^'.preg_replace('/\//','\/',$CONF['base_url']).'\/([^\/]+)\/.*/', $_SERVER['REQUEST_URI'], $trovato);
$modulo = $trovato[1];
$query = " SELECT
permessi.accesso AS accesso
FROM
moduli
JOIN
permessi
ON
moduli.id = permessi.id_moduli
AND
permessi.id_utenti = ".$UTENTE['id']."
WHERE
moduli.directory = '$modulo'
AND
moduli.attivo = 1
UNION DISTINCT SELECT
moduli.superadmin
FROM
moduli
JOIN
utenti
ON
utenti.id = ".$UTENTE['id']."
AND
utenti.admin = 1
WHERE
moduli.directory = '$modulo'
";
$res = mysql_query( $query, $DB_ID );
if ($dato = mysql_fetch_array ($res)) {
$risposta = $dato['accesso'];
} else {
$risposta = 0;
}
if ($risposta >= $minimo) {
return $risposta;
} else {
header("location: ".$CONF['base_url']."/index.php");
exit;
}
}
function get_levels () {
global $DB_ID;
$query = "SELECT nome, livello FROM livelli ORDER BY livello";
$res = mysql_query( $query, $DB_ID );
$livelli = array();
while ($dato = mysql_fetch_array ($res)) {
$livelli[$dato['livello']] = $dato['nome'];
}
return $livelli;
}
function view_top () {
global $CONF, $UTENTE;
include_once ($_SERVER["DOCUMENT_ROOT"].$CONF['base_url']."/core/top.php");
}
function view_footer () {
global $CONF, $UTENTE;
include_once ($_SERVER["DOCUMENT_ROOT"].$CONF['base_url']."/core/footer.php");
}
function byteConvert($bytes) {
if ($bytes == 0) return "0 B";
$s = array('B', 'KB', 'MB', 'GB', 'TB', 'PB');
$e = floor(log($bytes)/log(1024));
return sprintf('%.2f '.$s[$e], ($bytes/pow(1024, $e)));
}
function generateStrongPassword($length = 9, $add_dashes = false, $available_sets = 'luds') {
$sets = array();
if(strpos($available_sets, 'l') !== false)
$sets[] = 'abcdefghjkmnpqrstuvwxyz';
if(strpos($available_sets, 'u') !== false)
$sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
if(strpos($available_sets, 'd') !== false)
$sets[] = '23456789';
if(strpos($available_sets, 's') !== false)
$sets[] = '!@#$%&*?';
$all = '';
$password = '';
foreach($sets as $set)
{
$password .= $set[array_rand(str_split($set))];
$all .= $set;
}
$all = str_split($all);
for($i = 0; $i < $length - count($sets); $i++)
$password .= $all[array_rand($all)];
$password = str_shuffle($password);
if(!$add_dashes)
return $password;
$dash_len = floor(sqrt($length));
$dash_str = '';
while(strlen($password) > $dash_len)
{
$dash_str .= substr($password, 0, $dash_len) . '-';
$password = substr($password, $dash_len);
}
$dash_str .= $password;
return $dash_str;
}
function html_spazi ($dati) {
global $CONF;
print "<tr>";
$somma = 0;
foreach ($dati as $riga) {
if (!$riga) {
$riga = 100 - $somma;
} else {
$somma += $riga;
}
?>
<td class="sep" width="<?php print $riga ?>%"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<?php }
print "</tr>";
}
function html_intestazione ($dati, $tipo = array ()) {
global $CONF;
print "<tr>";
foreach ($dati as $key => $riga) {
if ($riga == "") {
$riga = "&nbsp;";
}
if (isset ($tipo[$key]) && $tipo[$key] != "") {
$classe = $tipo[$key];
} else {
$classe = "descrizione";
}
?>
<td class="<?php print $classe ?>"><?php print $riga ?></td>
<?php }
print "</tr>";
}
?>
Reference in New Issue View Git Blame Copy Permalink