function pattern_save()
{
$q = new mysql();
$ipclass = new IP();
$tr = explode("\n", $_POST["pattern-save"]);
$f = array();
while (list($num, $ligne) = each($tr)) {
$ligne = trim($ligne);
if ($ligne == null) {
continue;
}
if (!$ipclass->isIPAddressOrRange($ligne)) {
continue;
}
$f[] = "('{$_POST["routerid"]}','{$_POST["destination"]}','{$ligne}','{$_POST["service"]}')";
}
if (count($f) > 0) {
$sql = "INSERT IGNORE INTO `firehol_routers_exclude` (routerid,`destination`,`pattern`,`service`) VALUES " . @implode(",", $f);
$q->QUERY_SQL($sql, "artica_backup");
if (!$q->ok) {
echo $q->mysql_error;
}
}
}
function BlockIPs()
{
$ipClass = new IP();
$unix = new unix();
$tmpdir = $unix->TEMP_DIR();
$curl = new ccurl("https://rules.emergingthreatspro.com/fwrules/emerging-Block-IPs.txt");
$targetpath = "{$tmpdir}/emerging-Block-IPs.txt";
if (!$curl->GetFile($targetpath)) {
echo "{$targetpath} failed\n";
artica_update_event(0, "Unable to download emerging-Block-IPs.txt", $curl->errors, __FILE__, __LINE__);
return;
}
$f = explode("\n", @file_get_contents($targetpath));
$proxyname = $unix->hostname_g();
$q = new postgres_sql();
$q->suricata_tables();
$tr = array();
while (list($num, $ligne) = each($f)) {
$ligne = trim($ligne);
if ($ligne == null) {
continue;
}
if (strpos(" {$ligne}", "#") > 0) {
continue;
}
if (!$ipClass->isIPAddressOrRange($ligne)) {
continue;
}
$zdate = date("Y-m-d H:i:s");
$proto = "TCP";
$dest_port = 0;
$src_ip = $ligne;
$uduniq = md5("0,{$src_ip},{$dest_port},{$proto}");
if ($GLOBALS["VERBOSE"]) {
echo "0,{$src_ip},{$dest_port},{$proto}\n";
}
$tr[] = "('{$zdate}','{$uduniq}','0','{$src_ip}','{$dest_port}','{$proto}','{$proxyname}',1)";
}
if (count($tr) > 0) {
$q->QUERY_SQL("DELETE FROM suricata_firewall WHERE xauto=1");
}
$content = @implode(",", $tr);
$prefix = "INSERT INTO suricata_firewall (zdate,uduniq,signature,src_ip,dst_port,proto,proxyname,xauto) VALUES ";
$q->QUERY_SQL("{$prefix} {$content} ON CONFLICT DO NOTHING");
if (!$q->ok) {
echo $q->mysql_error . "\n";
return;
}
$php = $unix->LOCATE_PHP5_BIN();
shell_exec("{$php} /usr/share/artica-postfix/exec.suricata-fw.php --run");
}
function add_nocache_save()
{
$table = "denycache_websites";
$q = new mysql_squid_builder();
$q1 = new mysql_squid_builder();
$acl = new squid_acls();
$IP = new IP();
$sql = "CREATE TABLE IF NOT EXISTS `deny_cache_domains` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;";
$q->QUERY_SQL($sql);
$tr = explode("\n", $_POST["nocache"]);
$q->QUERY_SQL("TRUNCATE TABLE deny_cache_domains", "artica_backup");
while (list($none, $www) = each($tr)) {
$www = trim(strtolower($www));
if ($www == null) {
continue;
}
if (!$IP->isIPAddressOrRange($www)) {
if (substr($www, 0, 1) != "^") {
$www = $acl->dstdomain_parse($www);
}
}
$q->QUERY_SQL("INSERT IGNORE INTO deny_cache_domains (items) VALUES ('{$www}')", "artica_backup");
if (!$q->ok) {
echo $q->mysql_error;
return;
}
}
}
include_once dirname(__FILE__) . "/ressources/class.maincf.multi.inc";
include_once dirname(__FILE__) . "/ressources/class.postfix.regex.inc";
$q = new mysql();
$ipClass = new IP();
echo "Starting......: " . date("H:i:s") . " Building rules....\n";
$sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='whitelist' AND `type`='addr'";
$results = $q->QUERY_SQL($sql, "artica_backup");
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = trim($ligne["pattern"]);
if ($ipaddr == null) {
continue;
}
if ($ipaddr == "127.0.0.1/8") {
$ipaddr = "127.0.0.0/8";
}
if (!$ipClass->isIPAddressOrRange($ipaddr)) {
continue;
}
$MAINARRAY[] = "{$ipaddr}\tOK rule id {$ligne["ID"]}";
}
$sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='blacklist' AND `type`='addr'";
$results = $q->QUERY_SQL($sql, "artica_backup");
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = $ligne["pattern"];
if (!$ipClass->isIPAddressOrRange($ipaddr)) {
continue;
}
$MAINARRAY[] = "{$ipaddr}\tREJECT Go Away! rule id {$ligne["ID"]}";
}
echo "Starting......: " . date("H:i:s") . " /etc/postfix/acls.cdir.cf " . count($MAINARRAY) . " items\n";
@file_put_contents("/etc/postfix/acls.cdir.cf", @implode("\n", $MAINARRAY) . "\n");
function xbuild()
{
$STATS_APPLIANCE = false;
$InfluxListenInterface["127.0.0.1"] = true;
$InfluxListenInterface[GetInfluxListenIP()] = true;
$unix = new unix();
$php = $unix->LOCATE_PHP5_BIN();
if (is_file("/etc/artica-postfix/STATS_APPLIANCE")) {
$STATS_APPLIANCE = true;
}
$SET_ALL = false;
while (list($ipaddr, $array) = each($InfluxListenInterface)) {
build_progress_restart("{starting} Listen {$ipaddr}", 55);
if ($ipaddr == "0.0.0.0") {
$ipaddr = "*";
$SET_ALL = true;
}
$IPADDRZ[] = $ipaddr;
}
if ($SET_ALL) {
$IPADDRZ = array();
$IPADDRZ[] = "*";
}
xBackup();
$PostgreSQLSharedBuffer = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/PostgreSQLSharedBuffer"));
if ($PostgreSQLSharedBuffer == 0) {
$PostgreSQLSharedBuffer = 32;
}
$PostgreSQLEffectiveCacheSize = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/PostgreSQLEffectiveCacheSize"));
if ($PostgreSQLEffectiveCacheSize == 0) {
$PostgreSQLEffectiveCacheSize = 256;
}
$PostgreSQLWorkMem = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/PostgreSQLWorkMem"));
if ($PostgreSQLWorkMem == 0) {
$PostgreSQLWorkMem = 4;
}
$f[] = "# -----------------------------";
$f[] = "# PostgreSQL configuration file";
$f[] = "# -----------------------------";
$f[] = "#";
$f[] = "# This file consists of lines of the form:";
$f[] = "#";
$f[] = "# name = value";
$f[] = "#";
$f[] = "# (The \"=\" is optional.) Whitespace may be used. Comments are introduced with";
$f[] = "# \"#\" anywhere on a line. The complete list of parameter names and allowed";
$f[] = "# values can be found in the PostgreSQL documentation.";
$f[] = "#";
$f[] = "# The commented-out settings shown in this file represent the default values.";
$f[] = "# Re-commenting a setting is NOT sufficient to revert it to the default value;";
$f[] = "# you need to reload the server.";
$f[] = "#";
$f[] = "# This file is read on server startup and when the server receives a SIGHUP";
$f[] = "# signal. If you edit the file on a running system, you have to SIGHUP the";
$f[] = "# server for the changes to take effect, or use \"pg_ctl reload\". Some";
$f[] = "# parameters, which are marked below, require a server shutdown and restart to";
$f[] = "# take effect.";
$f[] = "#";
$f[] = "# Any parameter can also be given as a command-line option to the server, e.g.,";
$f[] = "# \"postgres -c log_connections=on\". Some parameters can be changed at run time";
$f[] = "# with the \"SET\" SQL command.";
$f[] = "#";
$f[] = "# Memory units: kB = kilobytes Time units: ms = milliseconds";
$f[] = "# MB = megabytes s = seconds";
$f[] = "# GB = gigabytes min = minutes";
$f[] = "# TB = terabytes h = hours";
$f[] = "# d = days";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# FILE LOCATIONS";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# The default values of these variables are driven from the -D command-line";
$f[] = "# option or PGDATA environment variable, represented here as ConfigDir.";
$f[] = "";
$f[] = "data_directory = '/home/ArticaStatsDB'\t\t# use data in another directory";
$f[] = "hba_file = '/home/ArticaStatsDB/pg_hba.conf'\t# host-based authentication file";
$f[] = "#ident_file = '/home/ArticaStatsDB/pg_ident.conf'\t# ident configuration file";
$f[] = "#external_pid_file = '/var/run/ArticaStats/postgres.pid'\t\t\t# write an extra PID file";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# CONNECTIONS AND AUTHENTICATION";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Connection Settings -";
$f[] = "";
$f[] = "listen_addresses = '" . @implode(",", $IPADDRZ) . "'";
$f[] = "port = 5432";
$f[] = "max_connections = 100";
$f[] = "# Note: Increasing max_connections costs ~400 bytes of shared memory per";
$f[] = "# connection slot, plus lock space (see max_locks_per_transaction).";
$f[] = "#superuser_reserved_connections = 3\t# (change requires restart)";
$f[] = "unix_socket_directories = '/tmp,/var/run/ArticaStats'";
$f[] = "#unix_socket_group = ''\t\t\t# (change requires restart)";
$f[] = "unix_socket_permissions = 0777\t\t# begin with 0 to use octal notation";
$f[] = "#bonjour = off";
$f[] = "#bonjour_name = ''";
$f[] = "";
$f[] = "# - Security and Authentication -";
$f[] = "";
$f[] = "#authentication_timeout = 1min";
$f[] = "#ssl = off";
$f[] = "#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'";
$f[] = "#ssl_prefer_server_ciphers = on\t\t# (change requires restart)";
$f[] = "#ssl_ecdh_curve = 'prime256v1'\t\t# (change requires restart)";
$f[] = "#ssl_cert_file = 'server.crt'\t\t# (change requires restart)";
$f[] = "#ssl_key_file = 'server.key'\t\t# (change requires restart)";
$f[] = "#ssl_ca_file = ''\t\t\t# (change requires restart)";
$f[] = "#ssl_crl_file = ''\t\t\t# (change requires restart)";
$f[] = "#password_encryption = on";
$f[] = "#db_user_namespace = off";
$f[] = "#row_security = on";
$f[] = "";
$f[] = "# GSSAPI using Kerberos";
$f[] = "#krb_server_keyfile = ''";
$f[] = "#krb_caseins_users = off";
$f[] = "";
$f[] = "# - TCP Keepalives -";
$f[] = "# see \"man 7 tcp\" for details";
$f[] = "";
$f[] = "#tcp_keepalives_idle = 0\t\t# TCP_KEEPIDLE, in seconds;";
$f[] = "\t\t\t\t\t# 0 selects the system default";
$f[] = "#tcp_keepalives_interval = 0\t\t# TCP_KEEPINTVL, in seconds;";
$f[] = "\t\t\t\t\t# 0 selects the system default";
$f[] = "#tcp_keepalives_count = 0\t\t# TCP_KEEPCNT;";
$f[] = "\t\t\t\t\t# 0 selects the system default";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# RESOURCE USAGE (except WAL)";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Memory -";
$f[] = "";
$f[] = "shared_buffers = {$PostgreSQLSharedBuffer}MB";
$f[] = "effective_cache_size = {$PostgreSQLEffectiveCacheSize}MB";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#huge_pages = try\t\t\t# on, off, or try";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#temp_buffers = 8MB\t\t\t# min 800kB";
$f[] = "#max_prepared_transactions = 0\t\t# zero disables the feature";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory";
$f[] = "# per transaction slot, plus lock space (see max_locks_per_transaction).";
$f[] = "# It is not advisable to set max_prepared_transactions nonzero unless you";
$f[] = "# actively intend to use prepared transactions.";
$f[] = "work_mem = {$PostgreSQLWorkMem}MB\t\t\t\t# min 64kB";
$f[] = "maintenance_work_mem = 64MB\t\t# min 1MB";
$f[] = "autovacuum_work_mem = -1\t\t# min 1MB, or -1 to use maintenance_work_mem";
$f[] = "#max_stack_depth = 2MB\t\t\t# min 100kB";
$f[] = "#dynamic_shared_memory_type = posix\t# the default is the first option";
$f[] = "\t\t\t\t\t# supported by the operating system:";
$f[] = "\t\t\t\t\t# posix";
$f[] = "\t\t\t\t\t# sysv";
$f[] = "\t\t\t\t\t# windows";
$f[] = "\t\t\t\t\t# mmap";
$f[] = "\t\t\t\t\t# use none to disable dynamic shared memory";
$f[] = "";
$f[] = "# - Disk -";
$f[] = "";
$f[] = "#temp_file_limit = -1\t\t\t# limits per-session temp file space";
$f[] = "\t\t\t\t\t# in kB, or -1 for no limit";
$f[] = "";
$f[] = "# - Kernel Resource Usage -";
$f[] = "";
$f[] = "#max_files_per_process = 1000\t\t# min 25";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#shared_preload_libraries = ''\t\t# (change requires restart)";
$f[] = "";
$f[] = "# - Cost-Based Vacuum Delay -";
$f[] = "";
$f[] = "#vacuum_cost_delay = 0\t\t\t# 0-100 milliseconds";
$f[] = "#vacuum_cost_page_hit = 1\t\t# 0-10000 credits";
$f[] = "#vacuum_cost_page_miss = 10\t\t# 0-10000 credits";
$f[] = "#vacuum_cost_page_dirty = 20\t\t# 0-10000 credits";
$f[] = "#vacuum_cost_limit = 200\t\t# 1-10000 credits";
$f[] = "";
$f[] = "# - Background Writer -";
$f[] = "";
$f[] = "#bgwriter_delay = 200ms\t\t\t# 10-10000ms between rounds";
$f[] = "#bgwriter_lru_maxpages = 100\t\t# 0-1000 max buffers written/round";
$f[] = "#bgwriter_lru_multiplier = 2.0\t\t# 0-10.0 multiplier on buffers scanned/round";
$f[] = "";
$f[] = "# - Asynchronous Behavior -";
$f[] = "";
$f[] = "#effective_io_concurrency = 1\t\t# 1-1000; 0 disables prefetching";
$f[] = "#max_worker_processes = 8";
$f[] = "#max_parallel_degree = 0\t\t# max number of worker processes per node";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# WRITE AHEAD LOG";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Settings -";
$f[] = "";
$f[] = "#wal_level = minimal\t\t\t# minimal, archive, hot_standby, or logical";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#fsync = on\t\t\t\t# turns forced synchronization on or off";
$f[] = "#synchronous_commit = on\t\t# synchronization level;";
$f[] = "\t\t\t\t\t# off, local, remote_write, or on";
$f[] = "#wal_sync_method = fsync\t\t# the default is the first option";
$f[] = "\t\t\t\t\t# supported by the operating system:";
$f[] = "\t\t\t\t\t# open_datasync";
$f[] = "\t\t\t\t\t# fdatasync (default on Linux)";
$f[] = "\t\t\t\t\t# fsync";
$f[] = "\t\t\t\t\t# fsync_writethrough";
$f[] = "\t\t\t\t\t# open_sync";
$f[] = "#full_page_writes = on\t\t\t# recover from partial page writes";
$f[] = "#wal_compression = off\t\t\t# enable compression of full-page writes";
$f[] = "#wal_log_hints = off\t\t\t# also do full page writes of non-critical updates";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#wal_buffers = -1\t\t\t# min 32kB, -1 sets based on shared_buffers";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#wal_writer_delay = 200ms\t\t# 1-10000 milliseconds";
$f[] = "";
$f[] = "#commit_delay = 0\t\t\t# range 0-100000, in microseconds";
$f[] = "#commit_siblings = 5\t\t\t# range 1-1000";
$f[] = "";
$f[] = "# - Checkpoints -";
$f[] = "";
$f[] = "#checkpoint_timeout = 5min\t\t# range 30s-1h";
$f[] = "#max_wal_size = 1GB";
$f[] = "#min_wal_size = 80MB";
$f[] = "#checkpoint_completion_target = 0.5\t# checkpoint target duration, 0.0 - 1.0";
$f[] = "#checkpoint_warning = 30s\t\t# 0 disables";
$f[] = "";
$f[] = "# - Archiving -";
$f[] = "";
$f[] = "#archive_mode = off\t\t# enables archiving; off, on, or always";
$f[] = "\t\t\t\t# (change requires restart)";
$f[] = "#archive_command = ''\t\t# command to use to archive a logfile segment";
$f[] = "\t\t\t\t# placeholders: %p = path of file to archive";
$f[] = "\t\t\t\t# %f = file name only";
$f[] = "\t\t\t\t# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'";
$f[] = "#archive_timeout = 0\t\t# force a logfile segment switch after this";
$f[] = "\t\t\t\t# number of seconds; 0 disables";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# REPLICATION";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Sending Server(s) -";
$f[] = "";
$f[] = "# Set these on the master and on any standby that will send replication data.";
$f[] = "";
$f[] = "#max_wal_senders = 0\t\t# max number of walsender processes";
$f[] = "\t\t\t\t# (change requires restart)";
$f[] = "#wal_keep_segments = 0\t\t# in logfile segments, 16MB each; 0 disables";
$f[] = "#wal_sender_timeout = 60s\t# in milliseconds; 0 disables";
$f[] = "";
$f[] = "#max_replication_slots = 0\t# max number of replication slots";
$f[] = "\t\t\t\t# (change requires restart)";
$f[] = "#track_commit_timestamp = off\t# collect timestamp of transaction commit";
$f[] = "\t\t\t\t# (change requires restart)";
$f[] = "";
$f[] = "# - Master Server -";
$f[] = "";
$f[] = "# These settings are ignored on a standby server.";
$f[] = "";
$f[] = "#synchronous_standby_names = ''\t# standby servers that provide sync rep";
$f[] = "\t\t\t\t# comma-separated list of application_name";
$f[] = "\t\t\t\t# from standby(s); '*' = all";
$f[] = "#vacuum_defer_cleanup_age = 0\t# number of xacts by which cleanup is delayed";
$f[] = "";
$f[] = "# - Standby Servers -";
$f[] = "";
$f[] = "# These settings are ignored on a master server.";
$f[] = "";
$f[] = "#hot_standby = off\t\t\t# \"on\" allows queries during recovery";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#max_standby_archive_delay = 30s\t# max delay before canceling queries";
$f[] = "\t\t\t\t\t# when reading WAL from archive;";
$f[] = "\t\t\t\t\t# -1 allows indefinite delay";
$f[] = "#max_standby_streaming_delay = 30s\t# max delay before canceling queries";
$f[] = "\t\t\t\t\t# when reading streaming WAL;";
$f[] = "\t\t\t\t\t# -1 allows indefinite delay";
$f[] = "#wal_receiver_status_interval = 10s\t# send replies at least this often";
$f[] = "\t\t\t\t\t# 0 disables";
$f[] = "#hot_standby_feedback = off\t\t# send info from standby to prevent";
$f[] = "\t\t\t\t\t# query conflicts";
$f[] = "#wal_receiver_timeout = 60s\t\t# time that receiver waits for";
$f[] = "\t\t\t\t\t# communication from master";
$f[] = "\t\t\t\t\t# in milliseconds; 0 disables";
$f[] = "#wal_retrieve_retry_interval = 5s\t# time to wait before retrying to";
$f[] = "\t\t\t\t\t# retrieve WAL after a failed attempt";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# QUERY TUNING";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Planner Method Configuration -";
$f[] = "";
$f[] = "#enable_bitmapscan = on";
$f[] = "#enable_hashagg = on";
$f[] = "#enable_hashjoin = on";
$f[] = "#enable_indexscan = on";
$f[] = "#enable_indexonlyscan = on";
$f[] = "#enable_material = on";
$f[] = "#enable_mergejoin = on";
$f[] = "#enable_nestloop = on";
$f[] = "#enable_seqscan = on";
$f[] = "#enable_sort = on";
$f[] = "#enable_tidscan = on";
$f[] = "";
$f[] = "# - Planner Cost Constants -";
$f[] = "";
$f[] = "#seq_page_cost = 1.0\t\t\t# measured on an arbitrary scale";
$f[] = "#random_page_cost = 4.0\t\t\t# same scale as above";
$f[] = "#cpu_tuple_cost = 0.01\t\t\t# same scale as above";
$f[] = "#cpu_index_tuple_cost = 0.005\t\t# same scale as above";
$f[] = "#cpu_operator_cost = 0.0025\t\t# same scale as above";
$f[] = "#parallel_tuple_cost = 0.1\t\t# same scale as above";
$f[] = "#parallel_setup_cost = 1000.0\t# same scale as above";
$f[] = "";
$f[] = "# - Genetic Query Optimizer -";
$f[] = "";
$f[] = "#geqo = on";
$f[] = "#geqo_threshold = 12";
$f[] = "#geqo_effort = 5\t\t\t# range 1-10";
$f[] = "#geqo_pool_size = 0\t\t\t# selects default based on effort";
$f[] = "#geqo_generations = 0\t\t\t# selects default based on effort";
$f[] = "#geqo_selection_bias = 2.0\t\t# range 1.5-2.0";
$f[] = "#geqo_seed = 0.0\t\t\t# range 0.0-1.0";
$f[] = "";
$f[] = "# - Other Planner Options -";
$f[] = "";
$f[] = "#default_statistics_target = 100\t# range 1-10000";
$f[] = "#constraint_exclusion = partition\t# on, off, or partition";
$f[] = "#cursor_tuple_fraction = 0.1\t\t# range 0.0-1.0";
$f[] = "#from_collapse_limit = 8";
$f[] = "#join_collapse_limit = 8\t\t# 1 disables collapsing of explicit";
$f[] = "\t\t\t\t\t# JOIN clauses";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# ERROR REPORTING AND LOGGING";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Where to Log -";
$f[] = "";
$f[] = "#log_destination = 'stderr'\t\t# Valid values are combinations of";
$f[] = "\t\t\t\t\t# stderr, csvlog, syslog, and eventlog,";
$f[] = "\t\t\t\t\t# depending on platform. csvlog";
$f[] = "\t\t\t\t\t# requires logging_collector to be on.";
$f[] = "";
$f[] = "# This is used when logging to stderr:";
$f[] = "#logging_collector = off\t\t# Enable capturing of stderr and csvlog";
$f[] = "\t\t\t\t\t# into log files. Required to be on for";
$f[] = "\t\t\t\t\t# csvlogs.";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "";
$f[] = "# These are only used if logging_collector is on:";
$f[] = "#log_directory = 'pg_log'\t\t# directory where log files are written,";
$f[] = "\t\t\t\t\t# can be absolute or relative to PGDATA";
$f[] = "#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'\t# log file name pattern,";
$f[] = "\t\t\t\t\t# can include strftime() escapes";
$f[] = "#log_file_mode = 0600\t\t\t# creation mode for log files,";
$f[] = "\t\t\t\t\t# begin with 0 to use octal notation";
$f[] = "#log_truncate_on_rotation = off\t\t# If on, an existing log file with the";
$f[] = "\t\t\t\t\t# same name as the new log file will be";
$f[] = "\t\t\t\t\t# truncated rather than appended to.";
$f[] = "\t\t\t\t\t# But such truncation only occurs on";
$f[] = "\t\t\t\t\t# time-driven rotation, not on restarts";
$f[] = "\t\t\t\t\t# or size-driven rotation. Default is";
$f[] = "\t\t\t\t\t# off, meaning append to existing files";
$f[] = "\t\t\t\t\t# in all cases.";
$f[] = "#log_rotation_age = 1d\t\t\t# Automatic rotation of logfiles will";
$f[] = "\t\t\t\t\t# happen after that time. 0 disables.";
$f[] = "#log_rotation_size = 10MB\t\t# Automatic rotation of logfiles will";
$f[] = "\t\t\t\t\t# happen after that much log output.";
$f[] = "\t\t\t\t\t# 0 disables.";
$f[] = "";
$f[] = "# These are relevant when logging to syslog:";
$f[] = "#syslog_facility = 'LOCAL0'";
$f[] = "#syslog_ident = 'postgres'";
$f[] = "";
$f[] = "# This is only relevant when logging to eventlog (win32):";
$f[] = "#event_source = 'PostgreSQL'";
$f[] = "";
$f[] = "# - When to Log -";
$f[] = "";
$f[] = "#client_min_messages = notice\t\t# values in order of decreasing detail:";
$f[] = "\t\t\t\t\t# debug5";
$f[] = "\t\t\t\t\t# debug4";
$f[] = "\t\t\t\t\t# debug3";
$f[] = "\t\t\t\t\t# debug2";
$f[] = "\t\t\t\t\t# debug1";
$f[] = "\t\t\t\t\t# log";
$f[] = "\t\t\t\t\t# notice";
$f[] = "\t\t\t\t\t# warning";
$f[] = "\t\t\t\t\t# error";
$f[] = "";
$f[] = "#log_min_messages = warning\t\t# values in order of decreasing detail:";
$f[] = "\t\t\t\t\t# debug5";
$f[] = "\t\t\t\t\t# debug4";
$f[] = "\t\t\t\t\t# debug3";
$f[] = "\t\t\t\t\t# debug2";
$f[] = "\t\t\t\t\t# debug1";
$f[] = "\t\t\t\t\t# info";
$f[] = "\t\t\t\t\t# notice";
$f[] = "\t\t\t\t\t# warning";
$f[] = "\t\t\t\t\t# error";
$f[] = "\t\t\t\t\t# log";
$f[] = "\t\t\t\t\t# fatal";
$f[] = "\t\t\t\t\t# panic";
$f[] = "";
$f[] = "#log_min_error_statement = error\t# values in order of decreasing detail:";
$f[] = "\t\t\t\t\t# debug5";
$f[] = "\t\t\t\t\t# debug4";
$f[] = "\t\t\t\t\t# debug3";
$f[] = "\t\t\t\t\t# debug2";
$f[] = "\t\t\t\t\t# debug1";
$f[] = "\t\t\t\t\t# info";
$f[] = "\t\t\t\t\t# notice";
$f[] = "\t\t\t\t\t# warning";
$f[] = "\t\t\t\t\t# error";
$f[] = "\t\t\t\t\t# log";
$f[] = "\t\t\t\t\t# fatal";
$f[] = "\t\t\t\t\t# panic (effectively off)";
$f[] = "";
$f[] = "#log_min_duration_statement = -1\t# -1 is disabled, 0 logs all statements";
$f[] = "\t\t\t\t\t# and their durations, > 0 logs only";
$f[] = "\t\t\t\t\t# statements running at least this number";
$f[] = "\t\t\t\t\t# of milliseconds";
$f[] = "";
$f[] = "";
$f[] = "# - What to Log -";
$f[] = "";
$f[] = "#debug_print_parse = off";
$f[] = "#debug_print_rewritten = off";
$f[] = "#debug_print_plan = off";
$f[] = "#debug_pretty_print = on";
$f[] = "#log_checkpoints = off";
$f[] = "#log_connections = off";
$f[] = "#log_disconnections = off";
$f[] = "#log_duration = off";
$f[] = "#log_error_verbosity = default\t\t# terse, default, or verbose messages";
$f[] = "#log_hostname = off";
$f[] = "#log_line_prefix = ''\t\t\t# special values:";
$f[] = "\t\t\t\t\t# %a = application name";
$f[] = "\t\t\t\t\t# %u = user name";
$f[] = "\t\t\t\t\t# %d = database name";
$f[] = "\t\t\t\t\t# %r = remote host and port";
$f[] = "\t\t\t\t\t# %h = remote host";
$f[] = "\t\t\t\t\t# %p = process ID";
$f[] = "\t\t\t\t\t# %t = timestamp without milliseconds";
$f[] = "\t\t\t\t\t# %m = timestamp with milliseconds";
$f[] = "\t\t\t\t\t# %n = timestamp with milliseconds (as a Unix epoch)";
$f[] = "\t\t\t\t\t# %i = command tag";
$f[] = "\t\t\t\t\t# %e = SQL state";
$f[] = "\t\t\t\t\t# %c = session ID";
$f[] = "\t\t\t\t\t# %l = session line number";
$f[] = "\t\t\t\t\t# %s = session start timestamp";
$f[] = "\t\t\t\t\t# %v = virtual transaction ID";
$f[] = "\t\t\t\t\t# %x = transaction ID (0 if none)";
$f[] = "\t\t\t\t\t# %q = stop here in non-session";
$f[] = "\t\t\t\t\t# processes";
$f[] = "\t\t\t\t\t# %% = '%'";
$f[] = "\t\t\t\t\t# e.g. '<%u%%%d> '";
$f[] = "#log_lock_waits = off\t\t\t# log lock waits >= deadlock_timeout";
$f[] = "#log_statement = 'none'\t\t\t# none, ddl, mod, all";
$f[] = "#log_replication_commands = off";
$f[] = "#log_temp_files = -1\t\t\t# log temporary files equal or larger";
$f[] = "\t\t\t\t\t# than the specified size in kilobytes;";
$f[] = "\t\t\t\t\t# -1 disables, 0 logs all temp files";
$f[] = "#log_timezone = 'GMT'";
$f[] = "";
$f[] = "";
$f[] = "# - Process Title -";
$f[] = "";
$f[] = "#cluster_name = ''\t\t\t# added to process titles if nonempty";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "#update_process_title = on";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# RUNTIME STATISTICS";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Query/Index Statistics Collector -";
$f[] = "";
$f[] = "track_activities = on";
$f[] = "track_counts = on";
$f[] = "#track_io_timing = off";
$f[] = "#track_functions = none\t\t\t# none, pl, all";
$f[] = "#track_activity_query_size = 1024\t# (change requires restart)";
$f[] = "#stats_temp_directory = 'pg_stat_tmp'";
$f[] = "";
$f[] = "";
$f[] = "# - Statistics Monitoring -";
$f[] = "";
$f[] = "#log_parser_stats = off";
$f[] = "#log_planner_stats = off";
$f[] = "#log_executor_stats = off";
$f[] = "#log_statement_stats = off";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# AUTOVACUUM PARAMETERS";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "autovacuum = on";
$f[] = "log_autovacuum_min_duration = -1";
$f[] = "autovacuum_max_workers = 3";
$f[] = "#autovacuum_naptime = 1min\t\t# time between autovacuum runs";
$f[] = "#autovacuum_vacuum_threshold = 50\t# min number of row updates before vacuum";
$f[] = "#autovacuum_analyze_threshold = 50\t# min number of row updates before analyze";
$f[] = "#autovacuum_vacuum_scale_factor = 0.2\t# fraction of table size before vacuum";
$f[] = "#autovacuum_analyze_scale_factor = 0.1\t# fraction of table size before analyze";
$f[] = "#autovacuum_freeze_max_age = 200000000\t# maximum XID age before forced vacuum";
$f[] = "#autovacuum_multixact_freeze_max_age = 400000000\t# maximum multixact age";
$f[] = "#autovacuum_vacuum_cost_delay = 20ms\t# default vacuum cost delay for";
$f[] = "#autovacuum_vacuum_cost_limit = -1\t# default vacuum cost limit for";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# CLIENT CONNECTION DEFAULTS";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Statement Behavior -";
$f[] = "";
$f[] = "#search_path = '\"\$user\", public'\t# schema names";
$f[] = "#default_tablespace = ''\t\t# a tablespace name, '' uses the default";
$f[] = "#temp_tablespaces = ''\t\t\t# a list of tablespace names, '' uses";
$f[] = "\t\t\t\t\t# only default tablespace";
$f[] = "#check_function_bodies = on";
$f[] = "#default_transaction_isolation = 'read committed'";
$f[] = "#default_transaction_read_only = off";
$f[] = "#default_transaction_deferrable = off";
$f[] = "#session_replication_role = 'origin'";
$f[] = "#statement_timeout = 0\t\t\t# in milliseconds, 0 is disabled";
$f[] = "#lock_timeout = 0\t\t\t# in milliseconds, 0 is disabled";
$f[] = "#vacuum_freeze_min_age = 50000000";
$f[] = "#vacuum_freeze_table_age = 150000000";
$f[] = "#vacuum_multixact_freeze_min_age = 5000000";
$f[] = "#vacuum_multixact_freeze_table_age = 150000000";
$f[] = "#bytea_output = 'hex'\t\t\t# hex, escape";
$f[] = "#xmlbinary = 'base64'";
$f[] = "#xmloption = 'content'";
$f[] = "#gin_fuzzy_search_limit = 0";
$f[] = "#gin_pending_list_limit = 4MB";
$f[] = "";
$f[] = "# - Locale and Formatting -";
$f[] = "";
$f[] = "#datestyle = 'iso, mdy'";
$f[] = "#intervalstyle = 'postgres'";
$f[] = "#timezone = 'GMT'";
$f[] = "#timezone_abbreviations = 'Default' # Select the set of available time zone";
$f[] = "\t\t\t\t\t# abbreviations. Currently, there are";
$f[] = "\t\t\t\t\t# Default";
$f[] = "\t\t\t\t\t# Australia (historical usage)";
$f[] = "\t\t\t\t\t# India";
$f[] = "\t\t\t\t\t# You can create your own file in";
$f[] = "\t\t\t\t\t# share/timezonesets/.";
$f[] = "#extra_float_digits = 0\t\t\t# min -15, max 3";
$f[] = "#client_encoding = sql_ascii\t\t# actually, defaults to database";
$f[] = "\t\t\t\t\t# encoding";
$f[] = "";
$f[] = "# These settings are initialized by initdb, but they can be changed.";
$f[] = "#lc_messages = 'C'\t\t\t# locale for system error message";
$f[] = "\t\t\t\t\t# strings";
$f[] = "#lc_monetary = 'C'\t\t\t# locale for monetary formatting";
$f[] = "#lc_numeric = 'C'\t\t\t# locale for number formatting";
$f[] = "#lc_time = 'C'\t\t\t\t# locale for time formatting";
$f[] = "";
$f[] = "# default configuration for text search";
$f[] = "#default_text_search_config = 'pg_catalog.simple'";
$f[] = "";
$f[] = "# - Other Defaults -";
$f[] = "";
$f[] = "dynamic_library_path = '/usr/local/ArticaStats/lib'";
$f[] = "#local_preload_libraries = ''";
$f[] = "#session_preload_libraries = ''";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# LOCK MANAGEMENT";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "#deadlock_timeout = 1s";
$f[] = "#max_locks_per_transaction = 64\t\t# min 10";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "# Note: Each lock table slot uses ~270 bytes of shared memory, and there are";
$f[] = "# max_locks_per_transaction * (max_connections + max_prepared_transactions)";
$f[] = "# lock table slots.";
$f[] = "#max_pred_locks_per_transaction = 64\t# min 10";
$f[] = "\t\t\t\t\t# (change requires restart)";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# VERSION/PLATFORM COMPATIBILITY";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# - Previous PostgreSQL Versions -";
$f[] = "";
$f[] = "#array_nulls = on";
$f[] = "#backslash_quote = safe_encoding\t# on, off, or safe_encoding";
$f[] = "#default_with_oids = off";
$f[] = "#escape_string_warning = on";
$f[] = "#lo_compat_privileges = off";
$f[] = "#operator_precedence_warning = off";
$f[] = "#quote_all_identifiers = off";
$f[] = "#sql_inheritance = on";
$f[] = "#standard_conforming_strings = on";
$f[] = "#synchronize_seqscans = on";
$f[] = "";
$f[] = "# - Other Platforms and Clients -";
$f[] = "";
$f[] = "#transform_null_equals = off";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# ERROR HANDLING";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "#exit_on_error = off\t\t\t# terminate session on any error?";
$f[] = "#restart_after_crash = on\t\t# reinitialize after backend crash?";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# CONFIG FILE INCLUDES";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# These options allow settings to be loaded from files other than the";
$f[] = "# default postgresql.conf.";
$f[] = "";
$f[] = "#include_dir = 'conf.d'\t\t\t# include files ending in '.conf' from";
$f[] = "\t\t\t\t\t# directory 'conf.d'";
$f[] = "#include_if_exists = 'exists.conf'\t# include file only if it exists";
$f[] = "#include = 'special.conf'\t\t# include file";
$f[] = "";
$f[] = "";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "# CUSTOMIZED OPTIONS";
$f[] = "#------------------------------------------------------------------------------";
$f[] = "";
$f[] = "# Add settings for extensions here";
build_progress_restart("{starting}", 60);
@file_put_contents("/home/ArticaStatsDB/postgresql.conf", @implode("\n", $f) . "\n");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /home/ArticaStatsDB/postgresql.conf done\n";
}
$f = array();
$f[] = "@authcomment@";
$f[] = "";
$f[] = "# TYPE DATABASE USER ADDRESS METHOD";
$f[] = "";
$f[] = "local all all trust";
$f[] = "host all all 127.0.0.1/32 trust";
$q = new mysql_squid_builder();
$Ipclass = new IP();
$sql = "SELECT * FROM influxIPClients";
$results = $q->QUERY_SQL($sql);
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = $ligne["ipaddr"];
$isServ = intval($ligne["isServ"]);
if (!$Ipclass->isIPAddressOrRange($ipaddr)) {
continue;
}
if (strpos($ipaddr, "/") == 0) {
$ipaddr = "{$ipaddr}/32";
}
if ($isServ == 1) {
$f[] = "host all all {$ipaddr} trust";
}
}
build_progress_restart("{starting}", 65);
@file_put_contents("/home/ArticaStatsDB/pg_hba.conf", @implode("\n", $f) . "\n");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /home/ArticaStatsDB/pg_hba.conf done\n";
}
}
function parse_rules()
{
$unix = new unix();
$sock = new sockets();
$q = new mysql_squid_builder();
$InfluxAdminPort = intval($sock->GET_INFO("InfluxAdminPort"));
if ($InfluxAdminPort == 0) {
$InfluxAdminPort = 8083;
}
$iptables = $unix->find_program("iptables");
$c = 0;
$sql = "SELECT * FROM influxIPClients";
$results = $q->QUERY_SQL($sql);
if (mysql_num_rows($results) == 0) {
return null;
}
$f[] = "\t{$iptables} -I INPUT -p tcp --destination-port 8086 -j REJECT --reject-with tcp-reset -m comment --comment \"ArticaStatsAppliance\" || true";
$f[] = "\t{$iptables} -I INPUT -p tcp --destination-port {$InfluxAdminPort} -j REJECT --reject-with tcp-reset -m comment --comment \"ArticaStatsAppliance\" || true";
$f[] = "\t{$iptables} -I INPUT -s 127.0.0.1 -p tcp --destination-port 8086 -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true";
$f[] = "\t{$iptables} -I INPUT -s 127.0.0.1 -p tcp --destination-port {$InfluxAdminPort} -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true";
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
while (list($interface, $ligne) = each($NETWORK_ALL_INTERFACES)) {
$IPADDR = $ligne["IPADDR"];
if ($interface == "lo") {
continue;
}
$f[] = "\t{$iptables} -I INPUT -s {$IPADDR} -p tcp --destination-port 8086 -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true";
$f[] = "\t{$iptables} -I INPUT -s {$IPADDR} -p tcp --destination-port {$InfluxAdminPort} -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true";
}
$Ipclass = new IP();
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = $ligne["ipaddr"];
$isServ = intval($ligne["isServ"]);
if (!$Ipclass->isIPAddressOrRange($ipaddr)) {
continue;
}
if ($isServ == 1) {
$f[] = "\t{$iptables} -I INPUT -s {$ipaddr} -p tcp --destination-port 8086 -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true";
} else {
$f[] = "\t{$iptables} -I INPUT -s {$ipaddr} -p tcp --destination-port {$InfluxAdminPort} -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true";
}
}
return @implode("\n", $f);
}
function pattern_item($destination, $eth = null, $port = 0, $destinationProto = 0)
{
$nic = new system_nic();
$trace = @debug_backtrace();
$interface = null;
$portText = null;
if (isset($trace[1])) {
$called = "in " . basename($trace[1]["file"]) . " function {$trace[1]["function"]}() line {$trace[1]["line"]}";
}
if ($GLOBALS["VERBOSE"]) {
echo "[" . __LINE__ . "]: Destination: {$destination} eth={$eth} port={$port} destinationProto={$destinationProto} - {$called}\n";
}
if (is_numeric($eth)) {
$eth = null;
}
if ($port > 0) {
$portText = "--srcport {$port}";
if ($destinationProto == 1) {
$portText = " --dport {$port}";
}
}
$pdest = "-s ";
if ($eth != null) {
if ($destinationProto == 0) {
$interface = " -m physdev --physdev-in {$eth} ";
}
}
if ($destinationProto == 1) {
$pdest = "-d ";
}
if ($destination == "*") {
$destination = "0.0.0.0/0";
}
if (trim($destination) == null) {
if ($GLOBALS["VERBOSE"]) {
echo "[" . __LINE__ . "]: Destination: return *** {$interface}{$portText} ***\n";
}
return "{$interface}{$portText}";
}
if (preg_match("#[0-9\\.]+-[0-9\\.]+#", $destination)) {
if ($destinationProto == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "[" . __LINE__ . "]: Destination: return *** {$interface}-m iprange --dst-range '{$destination}'{$portText} ***\n";
}
return "{$interface}-m iprange --dst-range '{$destination}'{$portText} ";
}
if ($GLOBALS["VERBOSE"]) {
echo "[" . __LINE__ . "]: Destination: return *** {$interface}-m iprange --src-range '{$destination}'{$portText} ***\n";
}
return "{$interface}-m iprange --src-range '{$destination}'{$portText} ";
}
$ipClass = new IP();
if ($ipClass->IsvalidMAC($destination)) {
if ($GLOBALS["VERBOSE"]) {
echo "[" . __LINE__ . "]: Destination: return *** {$interface}-m mac --mac-source {$destination}{$portText} ***\n";
}
return "{$interface}-m mac --mac-source {$destination}{$portText} ";
}
if ($ipClass->isIPAddressOrRange($destination)) {
return "{$interface}{$pdest}{$destination}{$portText} ";
}
}
function execute_autconfig()
{
$sock = new sockets();
build_progress("Execute....", 5);
build_progress("Loading settings....", 5);
$SquidAutoconfWizard = unserialize($sock->GET_INFO("SquidAutoconfWizard"));
$DOMAIN = $SquidAutoconfWizard["DOMAIN"];
$LOCALNET = $SquidAutoconfWizard["LOCALNET"];
$PROXY = $SquidAutoconfWizard["PROXY"];
$PORT = $SquidAutoconfWizard["PORT"];
echo "DOMAIN.........: {$DOMAIN}\n";
echo "LOCALNET.......: {$LOCALNET}\n";
echo "PROXY..........: {$PROXY}:{$PORT}\n";
if ($DOMAIN == null) {
build_progress("Missing domain....", 110);
return;
}
if ($LOCALNET == null) {
build_progress("Missing LOCALNET....", 110);
return;
}
if ($PROXY == null) {
build_progress("Missing PROXY....", 110);
return;
}
if (!is_numeric($PORT)) {
build_progress("Missing PROXY PORT....", 110);
return;
}
build_progress("Creating wpad.{$DOMAIN}....", 10);
$webserver = "wpad.{$DOMAIN}";
$sock->SET_INFO("EnableFreeWeb", 1);
build_progress("Creating wpad.{$DOMAIN} (loading class)", 11);
$free = new freeweb($webserver);
$free->servername = $webserver;
$free->groupware = "WPADDYN";
$free->Params["ServerAlias"]["wpad"] = true;
$free->CreateSite();
build_progress("Building wpad.{$DOMAIN} and alias wpad", 15);
build_progress("Creating wpad.{$DOMAIN} (saving configuration)", 12);
build_progress("Creating wpad.{$DOMAIN} (reloading configuration)", 13);
rebuild_vhost($webserver);
build_progress("Creating wpad.{$DOMAIN} (reloading configuration {done})", 14);
build_progress("Building first rule...", 15);
$rulnename = mysql_escape_string2("Wizard - all to {$PROXY}:{$PORT}");
$sql = "INSERT IGNORE INTO `wpad_rules` (`rulename`,`enabled`,`zorder`,`dntlhstname`) VALUES ('{$rulnename}',1,0,1)";
$q = new mysql_squid_builder();
if (!$q->FIELD_EXISTS("wpad_rules", "zorder")) {
$q->QUERY_SQL("ALTER TABLE `wpad_rules` ADD `zorder` smallint( 2 ) DEFAULT '0',ADD INDEX (`zorder`)");
}
if (!$q->FIELD_EXISTS("wpad_sources_link", "zorder")) {
$q->QUERY_SQL("ALTER TABLE `wpad_sources_link` ADD `zorder` smallint( 2 ) DEFAULT '0',ADD INDEX (`zorder`)");
}
if (!$q->FIELD_EXISTS("wpad_rules", "dntlhstname")) {
$q->QUERY_SQL("ALTER TABLE `wpad_rules` ADD `dntlhstname` smallint( 1 ) DEFAULT '0'");
}
if (!$q->FIELD_EXISTS("wpad_destination_rules", "rulename")) {
$q->QUERY_SQL("ALTER TABLE `wpad_destination_rules` ADD `rulename` VARCHAR(255) NOT NULL, ADD INDEX (`rulename`)");
build_progress("Building first rule...MySQL error", 110);
if (!$q->ok) {
echo $q->mysql_error . "\n";
}
return;
}
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("Building first rule...MySQL error", 110);
return;
}
$MAIN_RULE_ID = intval($q->last_id);
if ($MAIN_RULE_ID == 0) {
build_progress("Building first rule...MAIN_RULE_ID = 0!", 110);
return;
}
$zmd5 = md5("{$MAIN_RULE_ID}{$PROXY}{$PORT}");
build_progress("Add destination {$PROXY}:{$PORT}", 20);
$q->QUERY_SQL("INSERT IGNORE INTO wpad_destination (zmd5,aclid,proxyserver,proxyport,zorder)\n\t\t\tVALUES ('{$zmd5}','{$MAIN_RULE_ID}','{$PROXY}','{$PORT}',0)");
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("Add destination {$PROXY}:{$PORT} MySQL error", 110);
return;
}
build_progress("Creating Proxy object `Everyone`", 25);
$ligne = mysql_fetch_array($q->QUERY_SQL("SELECT ID FROM webfilters_sqgroups WHERE `GroupType`='all'"));
$SourceGroupID = intval($ligne["ID"]);
if ($SourceGroupID == 0) {
$sql = "INSERT IGNORE INTO webfilters_sqgroups (GroupName,GroupType,enabled,`acltpl`,`params`) VALUES ('Everyone','all','1','','');";
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("Creating Proxy object `Everyone` MySQL error", 110);
return;
}
$SourceGroupID = intval($q->last_id);
}
if ($SourceGroupID == 0) {
build_progress("Creating Proxy object `Everyone` SourceGroupID = 0!", 110);
return;
}
build_progress("Creating Proxy object `WPAD - Local networks`", 25);
$ligne = mysql_fetch_array($q->QUERY_SQL("SELECT ID FROM webfilters_sqgroups WHERE `GroupName`='WPAD - Local networks'"));
$NetWorkGroupID = intval($ligne["ID"]);
if ($NetWorkGroupID == 0) {
$sql = "INSERT IGNORE INTO webfilters_sqgroups (GroupName,GroupType,enabled,`acltpl`,`params`) \n\t\t\t\tVALUES ('WPAD - Local networks','src','1','','');";
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("Creating Proxy object `WPAD - Local networks` MySQL error", 110);
return;
}
$NetWorkGroupID = intval($q->last_id);
}
if ($NetWorkGroupID == 0) {
build_progress("Creating Proxy object `WPAD - Local networks` NetWorkGroupID = 0!", 110);
return;
}
$IP = new IP();
$LOCALNET_ARRAY = array();
if (strpos($LOCALNET, ",") > 0) {
$LOCALNET_ARRAY_TEMP = explode(",", $LOCALNET);
while (list($none, $line) = each($LOCALNET_ARRAY_TEMP)) {
$line = trim($line);
if (!$IP->isIPAddressOrRange($line)) {
continue;
}
$LOCALNET_ARRAY[] = "('{$line}','{$NetWorkGroupID}','1','')";
}
} else {
if ($IP->isIPAddressOrRange(trim($LOCALNET))) {
$LOCALNET_ARRAY[] = "('{$LOCALNET}','{$NetWorkGroupID}','1','')";
}
}
build_progress("Filling Proxy object `WPAD - Local networks`", 30);
$q->QUERY_SQL("DELETE FROM webfilters_sqitems WHERE gpid={$NetWorkGroupID}");
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("Filling Proxy object `WPAD - Local networks` MySQL error", 110);
return;
}
$sql = "INSERT INTO webfilters_sqitems (pattern,gpid,enabled,other)\n\tVALUES " . @implode(",", $LOCALNET_ARRAY);
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("Filling Proxy object `WPAD - Local networks` MySQL error", 110);
return;
}
build_progress("Linking Everyone - {$SourceGroupID} - to rule {$MAIN_RULE_ID}", 30);
$zmd5 = md5("{$MAIN_RULE_ID}{$SourceGroupID}");
$q->QUERY_SQL("INSERT INTO wpad_sources_link (zmd5,aclid,negation,gpid,zorder) VALUES ('{$zmd5}','{$MAIN_RULE_ID}','0','{$SourceGroupID}',1)");
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("MySQL error", 110);
return;
}
$zmd5 = md5("{$MAIN_RULE_ID}{$NetWorkGroupID}");
build_progress("Linking WPAD - Local networks - {$NetWorkGroupID} - to rule {$MAIN_RULE_ID}", 50);
$q->QUERY_SQL("INSERT INTO wpad_white_link (zmd5,aclid,negation,gpid,zorder) VALUES ('{$zmd5}','{$MAIN_RULE_ID}','0','{$NetWorkGroupID}',1)");
if (!$q->ok) {
echo $q->mysql_error . "\n";
build_progress("MySQL error", 110);
return;
}
build_progress("{success}", 100);
}
function item_import()
{
$page = CurrentPageName();
$tpl = new templates();
$ID = $_POST["item-id"];
$gpid = $_POST["ID"];
$q = new mysql_squid_builder();
$ligne = mysql_fetch_array($q->QUERY_SQL("SELECT GroupType FROM webfilters_sqgroups WHERE ID='{$gpid}'"));
$GroupType = $ligne["GroupType"];
$t = array();
$sqladd = "INSERT IGNORE INTO webfilters_sqitems (pattern,gpid,enabled,other) VALUES ";
$Patterns = array();
$f = explode("\n", $_POST["item-import"]);
$ipClass = new IP();
while (list($num, $pattern) = each($f)) {
if (trim($pattern) == null) {
continue;
}
if ($GroupType == "url_regex_extensions") {
if (preg_match("#\\.(.+?)\$#", $pattern, $re)) {
$pattern = $re[1];
}
}
if ($GroupType == "dstdomain") {
if (preg_match("#\\/\\/#", $pattern)) {
$URLAR = parse_url($pattern);
if (isset($URLAR["host"])) {
$pattern = $URLAR["host"];
}
}
if (preg_match("#^www.(.*)#", $pattern, $re)) {
$pattern = $re[1];
}
if (preg_match("#(.*?)\\/#", $pattern, $re)) {
$pattern = $re[1];
}
}
if ($GroupType == "arp") {
$pattern = trim(strtoupper($pattern));
$pattern = str_replace("-", ":", $pattern);
}
if ($GroupType == "dst") {
if (!$ipClass->isIPAddressOrRange($pattern)) {
continue;
}
}
if ($GroupType == "src") {
if (!$ipClass->isIPAddressOrRange($pattern)) {
continue;
}
}
$ligne = mysql_fetch_array($q->QUERY_SQL("SELECT ID FROM webfilters_sqitems WHERE gpid='{$gpid}' AND pattern='{$pattern}'"));
if (trim($ligne["ID"]) > 0) {
continue;
}
$Patterns[$pattern] = true;
}
if (count($Patterns) > 0) {
while (list($a, $b) = each($Patterns)) {
$t[] = "('{$a}','{$gpid}','1','')";
}
}
if (count($t) > 0) {
$sql = $sqladd . @implode(",", $t);
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error . "\n***\n{$sql}\n****\n";
return;
}
}
}
function apache_firewall()
{
$q = new mysql();
$unix = new unix();
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
if ($q->COUNT_ROWS("iptables_webint", "artica_backup") == 0) {
return null;
}
$f[] = "Order Allow,Deny";
$ipClass = new IP();
$c = 0;
$results = $q->QUERY_SQL("SELECT * FROM iptables_webint", "artica_backup");
while ($ligne = mysql_fetch_assoc($results)) {
$pattern = $ligne["pattern"];
if (!$ipClass->isIPAddressOrRange($pattern)) {
continue;
}
$f[] = "\tAllow from {$pattern}";
$c++;
}
if (count($c) > 0) {
$f[] = "\tAllow from 127.0.0.1";
return @implode("\n", $f);
}
}
function firewall_rules($type = 0)
{
if (isset($GLOBALS["FWRLS"][$type])) {
return $GLOBALS["FWRLS"][$type];
}
$Ipclass = new IP();
$q = new mysql_squid_builder();
$f = array();
$array[100] = "garbage";
$array[0] = "global";
$array[1] = "known-users";
$array[2] = "unknown-users";
$results = $q->QUERY_SQL("SELECT * FROM hotspot_networks WHERE hotspoted={$type} AND direction=0 ORDER BY zorder");
$Count = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking \"{$array[$type]}\" {$Count} rule(s)\n";
}
if ($Count == 0) {
if ($type == 1) {
return "FirewallRule allow to 0.0.0.0/0";
}
return;
}
while ($ligne = mysql_fetch_assoc($results)) {
$hotspoted = $ligne["hotspoted"];
$proto = $ligne["proto"];
$port = $ligne["port"];
if ($port == 0) {
$port = null;
}
$pattern = $ligne["pattern"];
$action = $ligne["action"];
$s = array();
$s[] = $action;
if ($proto != null) {
$s[] = $proto;
}
if ($port != null) {
$s[] = "port {$port}";
}
if (!$Ipclass->isIPAddressOrRange($pattern)) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: resolving \"{$pattern}\"\n";
}
$pattern = gethostbyname($pattern);
}
if (!$Ipclass->isIPAddressOrRange($pattern)) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: unable to resolve {$ligne["pattern"]}\n";
}
continue;
}
$s[] = "to {$pattern}";
$f[] = "\tFirewallRule " . @implode(" ", $s);
}
if ($type == 1) {
if (count($f) == 0) {
$f[] = "\tFirewallRule allow to 0.0.0.0/0";
}
}
if ($type == 0) {
if (count($f) == 0) {
$f[] = "\tFirewallRule drop to 0.0.0.0/0";
}
}
$GLOBALS["FWRLS"][$type] = @implode("\n", $f);
return $GLOBALS["FWRLS"][$type];
}
function pattern_save()
{
$q = new mysql_meta();
$ipclass = new IP();
$tr = explode("\n", $_POST["pattern-save"]);
$f = array();
while (list($num, $ligne) = each($tr)) {
$ligne = trim($ligne);
if ($ligne == null) {
continue;
}
if (!$ipclass->isIPAddressOrRange($ligne)) {
echo "{$ligne} Not a range or IP address\n";
continue;
}
$f[] = "('{$_POST["groupid"]}','{$_POST["destport"]}','{$_POST["include"]}','{$ligne}')";
}
if (count($f) > 0) {
$sql = "INSERT IGNORE INTO `proxy_ports_wbl` (`groupid`,`destport`,`include`,`pattern`) VALUES " . @implode(",", $f);
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error;
return;
}
}
}
function InSquid($reconfigure_squid = false)
{
$unix = new unix();
$sock = new sockets();
$ipClass = new IP();
$q = new mysql_squid_builder();
$acls = new squid_acls();
$acls->clean_dstdomains();
build_progress_squidr("{checking} {whitelist}", 30);
$sql = "CREATE TABLE IF NOT EXISTS `privoxy_whitelist` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;";
$q->QUERY_SQL($sql);
$results = $q->QUERY_SQL("SELECT * FROM privoxy_whitelist");
$ACLS = array();
$ACLS["IPS"] = array();
$ACLS["DOMS"] = array();
while ($ligne = mysql_fetch_assoc($results)) {
$items = trim(strtolower($ligne["items"]));
if ($ipClass->isIPAddressOrRange($items)) {
$ACLS["IPS"][$items] = $items;
}
$ACLS["DOMS"][$items] = $items;
}
$ipacls = array();
$ACLS["DOMS"]["apple.com"] = "apple.com";
$ACLS["DOMS"]["windowsupdate.com"] = "windowsupdate.com";
$ACLS["DOMS"]["googleapis.com"] = "googleapis.com";
$ACLS["DOMS"]["mozilla.net"] = "mozilla.net";
$ACLS["DOMS"]["teamviewer.com"] = "teamviewer.com";
$ACLS["DOMS"]["microsoft.com"] = "microsoft.com";
$ACLS["DOMS"]["artica.fr"] = "artica.fr";
if (count($ACLS["IPS"]) > 0) {
while (list($num, $line) = each($ACLS["IPS"])) {
$ipacls[] = $line;
}
}
if (count($ACLS["DOMS"]) > 0) {
while (list($num, $line) = each($ACLS["DOMS"])) {
$domacls[] = $line;
}
}
if (count($domacls) > 0) {
$domacls = $acls->clean_dstdomains($domacls);
}
$PrivoxyPort = intval($sock->GET_INFO("PrivoxyPort"));
$f = explode("\n", @file_get_contents("/etc/squid3/squid.conf"));
$privoxyInSquid = false;
while (list($num, $line) = each($f)) {
if (preg_match("#include.*?privoxy\\.conf#", $line)) {
$privoxyInSquid = true;
break;
}
}
$InSquid[] = "acl AntiAdsPost method POST";
if (count($domacls) > 0) {
@file_put_contents("/etc/squid3/AntiAdsDenyWeb.acl", @implode("\n", $domacls));
$InSquid[] = "acl AntiAdsDenyWeb dstdomain \"/etc/squid3/AntiAdsDenyWeb.acl\"";
}
if (count($ipacls) > 0) {
@file_put_contents("/etc/squid3/AntiAdsDenyIP.acl", @implode("\n", $ipacls));
$InSquid[] = "acl AntiAdsDenyIP dst \"/etc/squid3/AntiAdsDenyIP.acl\"";
}
$InSquid[] = "cache_peer 127.0.0.1 parent {$PrivoxyPort} 7 no-query no-digest no-netdb-exchange name=AntiAds";
$InSquid[] = "always_direct allow FTP";
if (count($ipacls) > 0) {
$InSquid[] = "cache_peer_access AntiAds deny AntiAdsDenyIP";
}
if (count($domacls) > 0) {
$InSquid[] = "cache_peer_access AntiAds deny AntiAdsDenyWeb";
}
$InSquid[] = "cache_peer_access AntiAds deny AntiAdsPost";
$InSquid[] = "cache_peer_access AntiAds allow all";
@file_put_contents("/etc/squid3/privoxy.conf", @implode("\n", $InSquid));
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/squid3/privoxy.conf done\n";
}
build_progress_squidr("{reconfiguring}", 50);
if ($privoxyInSquid == false) {
$php = $unix->LOCATE_PHP5_BIN();
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Reconfiguring Squid-cache\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
}
if ($reconfigure_squid) {
build_progress_squidr("{reloading}", 90);
$squidbin = $unix->LOCATE_SQUID_BIN();
system("{$squidbin} -f /etc/squid3/squid.conf -k reconfigure");
}
build_progress_squidr("{done}", 100);
}
function firewall_rules($type = 0)
{
if (isset($GLOBALS["FWRLS"][$type])) {
return $GLOBALS["FWRLS"][$type];
}
$HotSpotWhiteWhatsApp = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotWhiteWhatsApp"));
$Ipclass = new IP();
$q = new mysql_squid_builder();
$f = array();
$array[100] = "garbage";
$array[0] = "global";
$array[1] = "known-users";
$array[2] = "unknown-users";
if ($type == 1) {
if ($HotSpotWhiteWhatsApp == 1) {
$f[] = "FirewallRule allow tcp port 5222";
$f[] = "FirewallRule allow tcp port 5223";
$f[] = "FirewallRule allow tcp port 5228";
}
}
//--------------------------------------------------------------------------
$sql = "SELECT * FROM `hotspot_whitelist`";
$results = $q->QUERY_SQL($sql);
while ($ligne = mysql_fetch_assoc($results)) {
$f[] = "\tFirewallRule allow to {$ligne["ipaddr"]}";
}
//--------------------------------------------------------------------------
$results = $q->QUERY_SQL("SELECT * FROM hotspot_networks WHERE hotspoted={$type} AND direction=0 ORDER BY zorder");
$Count = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking \"{$array[$type]}\" {$Count} rule(s)\n";
}
if ($Count == 0) {
$f[] = "# Type {$type} No rule set";
if ($type == 1) {
$f[] = "FirewallRule allow to 0.0.0.0/0";
}
return @implode("\n", $f);
}
while ($ligne = mysql_fetch_assoc($results)) {
$hotspoted = $ligne["hotspoted"];
$proto = $ligne["proto"];
$port = $ligne["port"];
if ($port == 0) {
$port = null;
}
$pattern = $ligne["pattern"];
$action = $ligne["action"];
$s = array();
$s[] = $action;
if ($proto != null) {
$s[] = $proto;
}
if ($port != null) {
$s[] = "port {$port}";
}
$f[] = "# Type {$type} to {$pattern}/{$proto} port:{$port} action={$action} ";
if (!$Ipclass->isIPAddressOrRange($pattern)) {
$f[] = "# ! {$pattern} isIPAddressOrRange -> false -> try to resolve";
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: resolving \"{$pattern}\"\n";
}
$pattern = gethostbyname($pattern);
}
if (!$Ipclass->isIPAddressOrRange($pattern)) {
$f[] = "# ! {$pattern} isIPAddressOrRange -> false";
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: unable to resolve {$ligne["pattern"]}\n";
}
continue;
}
$s[] = "to {$pattern}";
$f[] = "\tFirewallRule " . @implode(" ", $s);
}
if ($type == 1) {
if (count($f) == 0) {
$f[] = "\tFirewallRule allow to 0.0.0.0/0";
}
}
if ($type == 0) {
if (count($f) == 0) {
$f[] = "\tFirewallRule drop to 0.0.0.0/0";
}
}
$GLOBALS["FWRLS"][$type] = @implode("\n", $f);
return $GLOBALS["FWRLS"][$type];
}
function build()
{
$sock = new sockets();
$unix = new unix();
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort");
$ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort");
$ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort");
$ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort");
$ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL");
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$EnableArticaHotSpotCAS = $sock->GET_INFO("EnableArticaHotSpotCAS");
if (!is_numeric($EnableArticaHotSpotCAS)) {
$EnableArticaHotSpotCAS = 0;
}
$HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
if ($ArticaHotSpotPort == 0) {
$ArticaHotSpotPort = rand(38000, 64000);
$sock->SET_INFO("ArticaHotSpotPort", $ArticaHotSpotPort);
}
if ($ArticaSSLHotSpotPort == 0) {
$ArticaSSLHotSpotPort = rand(38500, 64000);
$sock->SET_INFO("ArticaSSLHotSpotPort", $ArticaSSLHotSpotPort);
}
if ($ArticaHotSpotInterface == null) {
$ArticaHotSpotInterface = "eth0";
}
if (!is_numeric($ArticaSplashHotSpotPort)) {
$ArticaSplashHotSpotPort = 16080;
}
if (!is_numeric($ArticaSplashHotSpotPortSSL)) {
$ArticaSplashHotSpotPortSSL = 16443;
}
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
$GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr;
$time = time();
$suffixTables = "-m comment --comment \"ArticaHotSpot-{$time}\"";
$q = new mysql_squid_builder();
$ipClass = new IP();
$iptables = $unix->find_program("iptables");
defaults_ports();
$f[] = ebtables_rules();
if ($GLOBALS["EBTABLES"]) {
$GLOBALS["MARKHTTP"] = null;
$GLOBALS["MARKHTTPS"] = null;
}
if (!$GLOBALS["EBTABLES"]) {
$f[] = "{$iptables} -t mangle -N internet -m comment --comment ArticaHotSpot-{$time}";
$f[] = "{$iptables} -t mangle -N internssl -m comment --comment ArticaHotSpot-{$time}";
$f[] = "{$iptables} -t mangle -A internet -j MARK --set-mark 99 -m comment --comment ArticaHotSpot-{$time}";
$f[] = "{$iptables} -t mangle -A internssl -j MARK --set-mark 98 -m comment --comment ArticaHotSpot-{$time}";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} C.A.S : {$EnableArticaHotSpotCAS}\n";
}
$Squid_http_address = "127.0.0.1:{$ArticaHotSpotPort}";
$webserver_http_address = "{$ipaddr}:{$ArticaSplashHotSpotPort}";
$c = 0;
if ($EnableArticaHotSpotCAS == 1) {
$ArticaHotSpotCASHost = $sock->GET_INFO("ArticaHotSpotCASHost");
$ArticaHotSpotCASPort = $sock->GET_INFO("ArticaHotSpotCASPort");
$f[] = whitelist_destination($ArticaHotSpotCASHost);
}
$sql = "SELECT * FROM `hotspot_whitelist`";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n";
}
return;
}
$Total = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} whitelisted websites\n";
}
while ($ligne = mysql_fetch_assoc($results)) {
$f[] = whitelist_webserver($ligne["ipaddr"], $ligne["port"], $ligne["ssl"]);
}
$sql = "SELECT * FROM `hotspot_networks` WHERE hotspoted=0";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n";
}
return;
}
$Total = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} whitelisted\n";
}
while ($ligne = mysql_fetch_assoc($results)) {
$pattern = $ligne["pattern"];
if ($ipClass->IsvalidMAC($pattern)) {
$c++;
$f[] = redirect_mac_to_proxy($pattern);
continue;
}
if ($ipClass->isIPAddressOrRange($pattern)) {
$c++;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Whitelist IP: {$pattern} {$ArticaHotSpotPort}/{$ArticaSSLHotSpotPort}\n";
}
$f[] = redirect_ip_to_proxy($pattern);
continue;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Unkown `{$pattern}`\n";
}
}
$sql = "SELECT * FROM `hotspot_networks` WHERE hotspoted=1";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n";
}
return;
}
$Total = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} hotspoted\n";
}
while ($ligne = mysql_fetch_assoc($results)) {
$pattern = $ligne["pattern"];
$restrict_web = $ligne["restrict_web"];
if ($ipClass->IsvalidMAC($pattern)) {
$c++;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} hostpot MAC: {$pattern} {$ipaddr}:{$ArticaSplashHotSpotPort}/{$ipaddr}:{$ArticaSplashHotSpotPortSSL}\n";
}
$f[] = redirect_mac_to_splash($pattern, $restrict_web);
continue;
}
if ($ipClass->isIPAddressOrRange($pattern)) {
$c++;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} hostpot IP: {$pattern} {$ipaddr}:{$ArticaSplashHotSpotPort} - {$ipaddr}:{$ArticaSplashHotSpotPortSSL}\n";
}
$f[] = redirect_ip_to_splash($pattern, $restrict_web);
continue;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Unkown `{$pattern}`\n";
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$c} rule(s)\n";
}
if ($c == 0) {
$f[] = redirect_ip_to_splash("0.0.0.0/0");
}
$f[] = "{$iptables} -t nat -A POSTROUTING -j MASQUERADE {$suffixTables}";
@file_put_contents("/etc/artica-postfix/hotspot.conf", @implode("\n", $f));
}
function item_add()
{
$addr = $_POST["addr"];
$ip = new IP();
if (!$ip->isIPAddressOrRange($addr)) {
echo "Wrong Network Address or range \"{$addr}\"";
return;
}
$q = new mysql();
$sql = "INSERT IGNORE INTO pdns_restricts (`address`) VALUES('{$addr}')";
$q->QUERY_SQL($sql, "artica_backup");
if (!$q->ok) {
echo $q->mysql_error;
return;
}
$sock = new sockets();
$sock->getFrameWork("pdns.php?reconfigure=yes");
}
function TrustedNetworks()
{
$ipClass = new IP();
$q = new mysql();
$sql = "SELECT * FROM postfix_whitelist_con";
$results = $q->QUERY_SQL($sql, "artica_backup");
if (!$q->ok) {
echo "{$q->mysql_error}\n";
}
while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
if ($ipClass->isIPAddressOrRange($ligne["ipaddr"])) {
$f[] = "trusted_networks {$ligne["ipaddr"]}";
}
$hostname = trim(strtolower($ligne["hostname"]));
if (strlen($hostname) < 3) {
continue;
}
if ($hostname == null) {
continue;
}
if (!$ipClass->isIPAddressOrRange($ligne["ipaddr"])) {
$f[] = "whitelist_from_rcvd *@* {$hostname}";
}
}
$sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='whitelist' AND `type`='addr'";
$results = $q->QUERY_SQL($sql, "artica_backup");
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = trim($ligne["pattern"]);
if ($ipaddr == null) {
continue;
}
if ($ipaddr == "127.0.0.1/8") {
$ipaddr = "127.0.0.0/8";
}
if (!$ipClass->isIPAddressOrRange($ipaddr)) {
continue;
}
$f[] = "trusted_networks {$ipaddr}";
}
$sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='whitelist' AND `type`='from'";
$results = $q->QUERY_SQL($sql, "artica_backup");
while ($ligne = mysql_fetch_assoc($results)) {
$from = trim($ligne["pattern"]);
if ($from == null) {
continue;
}
if ($ipClass->isIPAddressOrRange($from)) {
continue;
}
$from = str_replace(".*", "*", $from);
$f[] = "whitelist_from {$from}";
}
$ldap = new clladp();
$nets = $ldap->load_mynetworks();
if (!is_array($nets)) {
$f[] = "trusted_networks 127.0.0.0/8";
}
while (list($num, $network) = each($nets)) {
$cleaned[$network] = $network;
}
unset($nets);
while (list($network, $network2) = each($cleaned)) {
$nets[] = $network;
}
while (list($a, $b) = each($nets)) {
$f[] = "trusted_networks {$b}";
}
$sql = "SELECT * FROM postfix_global_whitelist WHERE enabled=1 AND score=0 ORDER BY sender";
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$f[] = "whitelist_from {$ligne["sender"]}";
}
$count = count($f);
echo "Starting......: " . date("H:i:s") . " spamassassin Whitelisted ({$count} rows) done\n";
$user = new usersMenus();
$init_pre = dirname($user->spamassassin_conf_path) . "/trusted_nets.pre";
$final = @implode("\n", $f) . "\n";
@file_put_contents($init_pre, $final);
}
function pattern_save()
{
$q = new mysql_squid_builder();
$ipclass = new IP();
$tr = explode("\n", $_POST["pattern-save"]);
$f = array();
while (list($num, $ligne) = each($tr)) {
$ligne = trim($ligne);
if ($ligne == null) {
continue;
}
if (!$ipclass->isIPAddressOrRange($ligne)) {
continue;
}
$f[] = "('{$_POST["portid"]}','{$_POST["include"]}','{$ligne}')";
}
if (count($f) > 0) {
$sql = "INSERT IGNORE INTO `proxy_ports_wbl` (portid,`include`,`pattern`) VALUES " . @implode(",", $f);
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error;
}
}
}
