$res = @da_sql_query($link, $config, "SELECT " . da_sql_limit($max, 0, $config) . " username FROM {$config['sql_user_info_table']} WHERE\n\t\tlower({$search_IN}) LIKE '%{$search}%' " . da_sql_limit($max, 1, $config) . " " . da_sql_limit($max, 2, $config) . " ;"); if ($res) { while ($row = @da_sql_fetch_array($res, $config)) { $found_users[] = $row[username]; } } else { "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n"; } } else { if ($search_IN == 'radius' && $radius_attr != '') { require "../lib/sql/attrmap.php"; if ($attrmap["{$radius_attr}"] == '') { $attrmap["{$radius_attr}"] = $radius_attr; $attr_type["{$radius_attr}"] = 'replyItem'; } $table = $attr_type[$radius_attr] == 'checkItem' ? $config[sql_check_table] : $config[sql_reply_table]; $attr = $attrmap[$radius_attr]; $attr = da_sql_escape_string($attr); $res = @da_sql_query($link, $config, "SELECT " . da_sql_limit($max, 0, $config) . " username FROM {$table} WHERE attribute = '{$attr}'\n\t\tAND value LIKE '%{$search}%' " . da_sql_limit($max, 1, $config) . " " . da_sql_limit($max, 2, $config) . " ;"); if ($res) { while ($row = @da_sql_fetch_array($res, $config)) { $found_users[] = $row[username]; } } else { "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n"; } } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
$lastlog_input = bytes2str($lastlog_input); } else { $lastlog_input = 'not available'; } $lastlog_output = $row['acctoutputoctets']; if ($lastlog_output) { $lastlog_output = bytes2str($lastlog_output); } else { $lastlog_output = 'not available'; } } } else { echo "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n"; } if (!$logged_now) { $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit(1, 0, $config) . " * FROM {$config['sql_accounting_table']}\n\t\tWHERE username = '******' AND acctsessiontime != '0' " . da_sql_limit(1, 1, $config) . "\n\t\t ORDER BY acctstoptime DESC " . da_sql_limit(1, 2, $config) . " ;"); if ($search) { if (@da_sql_num_rows($search, $config)) { $row = @da_sql_fetch_array($search, $config); $lastlog_time = $row['acctstarttime']; $lastlog_server_ip = $row['nasipaddress']; $lastlog_server_port = $row['nasportid']; $lastlog_session_time = time2str($row['acctsessiontime']); $lastlog_client_ip = $row['framedipaddress']; $lastlog_server_name = $lastlog_server_ip != '' ? @gethostbyaddr($lastlog_server_ip) : '-'; $lastlog_client_name = $lastlog_client_ip != '' ? @gethostbyaddr($lastlog_client_ip) : '-'; $lastlog_callerid = $row['callingstationid']; if ($lastlog_callerid == '') { $lastlog_callerid = 'not available'; } $lastlog_input = $row['acctinputoctets'];
<p> <table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> <tr bgcolor="#d0ddb0"> <th>#</th><th>user</th><th>date</th><th>admin</th><th>reason</th><th>administrator action</th> </tr> <?php $auth_user = $_SERVER["PHP_AUTH_USER"]; if ($config[general_restrict_badusers_access] == 'yes') { $auth_user = da_sql_escape_string($auth_user); $extra_query = "AND admin == '{$auth_user}'"; } $link = @da_sql_pconnect($config); if ($link) { $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit($limit, 0, $config) . " * FROM {$config['sql_badusers_table']}\n\tWHERE username {$usercheck} {$extra_query} AND incidentdate <= '{$now_str}'\n\tAND incidentdate >= '{$prev_str}' " . da_sql_limit($limit, 1, $config) . " ORDER BY incidentdate {$order} " . da_sql_limit($limit, 2, $config) . " ;"); if ($search) { while ($row = @da_sql_fetch_array($search, $config)) { $num++; $id = $row[id]; $user = "******"; $User = urlencode($user); $date = "{$row['incidentdate']}"; $reason = "{$row['reason']}"; $admin = "{$row['admin']}"; if ($admin == $auth_user || $admin == '-') { $action = "<td><input type=submit class=button value=\"Delete\" OnClick=\"this.form.do_delete.value=1;this.form.row_id.value={$id}\"></td>"; } else { $action = "<td>-</td>"; } if ($admin == '') {
for ($i = 1; $i <= 9; $i++) { if ($acct_attrs['ua']["{$i}"] != '') { echo "<th>" . $acct_attrs['ua']["{$i}"] . "</th>\n"; } } $sql_extra_query = ''; if ($config[sql_accounting_extra_query] != '') { $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config); } ?> </tr> <?php $link = @da_sql_pconnect($config); if ($link) { $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit($limit, 0, $config) . " * FROM {$config['sql_accounting_table']}\n\tWHERE username = '******' AND acctstarttime <= '{$now_str}'\n\tAND acctstarttime >= '{$prev_str}' {$sql_extra_query} " . da_sql_limit($limit, 1, $config) . " ORDER BY acctstarttime {$order} " . da_sql_limit($limit, 2, $config) . " ;"); if ($search) { while ($row = @da_sql_fetch_array($search, $config)) { $tr_color = 'white'; $num++; $acct_type = "{$row['framedprotocol']}/{$row['nasporttype']}"; if ($acct_type == '') { $acct_type = '-'; } $acct_logedin = $row[acctstarttime]; $acct_sessiontime = $row[acctsessiontime]; $acct_sessiontime_sum += $acct_sessiontime; $acct_sessiontime = time2str($acct_sessiontime); $acct_ip = $row[framedipaddress]; if ($acct_ip == '') { $acct_ip = '-';
die("ORDER BY pattern is illegal. Exiting abnornally."); } if (!is_numeric($maxresults)) { die("Max Results is not in numeric form. Exiting abnormally."); } unset($query_view); foreach ($accounting_show_attrs as $val) { $query_view .= $val . ','; } $query_view = preg_replace('/,$/', '', $query_view); unset($sql_extra_query); if ($config[sql_accounting_extra_query] != '') { $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config); } $sql_extra_query = da_sql_escape_string($sql_extra_query); $query = "SELECT " . da_sql_limit($maxresults, 0, $config) . " {$query_view} FROM {$config['sql_accounting_table']}\n\t{$where} {$sql_extra_query} " . da_sql_limit($maxresults, 1, $config) . " ORDER BY {$order} " . da_sql_limit($maxresults, 2, $config) . ";"; echo <<<EOM <html> <head> <link rel="stylesheet" href="style.css"> </head> <body> <br> <table border=0 width=940 cellpadding=1 cellspacing=1> <tr valign=top> <td width=740></td> <td bgcolor="black" width=200> \t<table border=0 width=100% cellpadding=2 cellspacing=0> \t<tr bgcolor="#907030" align=right valign=top><th> \t<font color="white">Accounting Report Generator</font> \t</th></tr>
} if ($acct_attrs['fl'][9] != '') { echo "<th>" . $acct_attrs['fl'][9] . "</th>\n"; } unset($sql_extra_query); if ($config[sql_accounting_extra_query] != '') { $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config); $sql_extra_query = da_sql_escape_string($sql_extra_query); } ?> </tr> <?php $link = @da_sql_pconnect($config); if ($link) { $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit($limit, 0, $config) . " acctstoptime,username,nasipaddress,nasportid,acctterminatecause,callingstationid\n\tFROM {$config['sql_accounting_table']}\n\tWHERE acctstoptime <= '{$now_str}' AND acctstoptime >= '{$prev_str}'\n\tAND (acctterminatecause LIKE 'Login-Incorrect%' OR\n\tacctterminatecause LIKE 'Invalid-User%' OR\n\tacctterminatecause LIKE 'Multiple-Logins%') {$callerid_str} {$server_str} {$sql_extra_query} " . da_sql_limit($limit, 1, $config) . " ORDER BY acctstoptime {$order} " . da_sql_limit($limit, 2, $config) . " ;"); if ($search) { while ($row = @da_sql_fetch_array($search, $config)) { $num++; $acct_login = $row[username]; if ($acct_login == '') { $acct_login = '******'; } else { $acct_login = "******"user_admin.php?login={$acct_login}\" title=\"Edit user {$acct_login}\">{$acct_login}</a>"; } $acct_time = $row[acctstoptime]; $acct_server = $row[nasipaddress]; if ($acct_server != '') { $acct_server = $da_name_cache[$acct_server]; if (!isset($acct_server)) { $acct_server = $row[nasipaddress];
<?php echo <<<EOM <b>{$start}</b> up to <b>{$stop}</b> EOM; ?> <p> <table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> <tr bgcolor="#d0ddb0"> <th>#</th><th>login</th><th>date</th><th>server</th><th>connections number</th><th>connections duration</th><th>upload</th><th>download</th> </tr> <?php $link = @da_sql_pconnect($config); if ($link) { $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit($limit, 0, $config) . " * FROM {$config['sql_total_accounting_table']}\n\tWHERE acctdate >= '{$start}' AND acctdate <= '{$stop}' {$server_str} {$login_str} {$sql_extra_query} " . da_sql_limit($limit, 1, $config) . " ORDER BY {$order_attr} {$order} " . da_sql_limit($limit, 2, $config) . " ;"); if ($search) { while ($row = @da_sql_fetch_array($search, $config)) { $num++; $acct_login = $row[username]; if ($acct_login == '') { $acct_login = '******'; } else { $Acct_login = urlencode($acct_login); $acct_login = "******"user_admin.php?login={$Acct_login}\" title=\"Edit user {$acct_login}\">{$acct_login}</a>"; } $acct_time = $row[conntotduration]; $acct_time = time2str($acct_time); $acct_conn_num = $row[connnum]; $acct_date = $row[acctdate]; $acct_upload = $row[inputoctets];