function get_user_info($link, $user, $config) { if ($link && $config[sql_use_user_info_table] == 'true') { $user = da_sql_escape_string($user); $res = @da_sql_query($link, $config, "SELECT name FROM {$config['sql_user_info_table']} WHERE username = '******';"); if ($res) { $row = @da_sql_fetch_array($res, $config); if ($row) { return $row[name]; } } } }
include_once "../lib/sql/drivers/{$config['sql_type']}/functions.php"; } else { echo <<<EOM <body> <center> <b>Could not include SQL library functions. Aborting</b> </body> </html> EOM; exit; } $date = strftime('%A, %e %B %Y, %T %Z'); $sql_extra_query = ''; if ($config[sql_accounting_extra_query] != '') { $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config); $sql_extra_query = da_sql_escape_string($sql_extra_query); } $link = @da_sql_pconnect($config); $link2 = connect2db($config); $tot_in = $tot_rem = 0; if ($link) { $h = 21; $servers_num = 0; if ($config[general_ld_library_path] != '') { putenv("LD_LIBRARY_PATH={$config['general_ld_library_path']}"); } foreach ($nas_list as $nas) { $j = 0; $num = 0; if ($server != '') { if ($nas[name] == $server) {
$link = @da_sql_pconnect($config); if ($link) { if (isset($del_members)) { foreach ($del_members as $del) { $del = da_sql_escape_string($del); $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$login}';"); if (!$res) { echo "<b>Could not delete user {$del} from group: " . da_sql_error($link, $config) . "</b><br>\n"; } } } if ($new_members != '') { $Members = preg_split("/[\n\\s]+/", $new_members, -1, PREG_SPLIT_NO_EMPTY); if (!empty($Members)) { foreach ($Members as $new_member) { $new_member = da_sql_escape_string($new_member); $res = @da_sql_query($link, $config, "SELECT username FROM {$config['sql_usergroup_table']} WHERE\n\t\t\t\tusername = '******' AND groupname = '{$login}';"); if ($res) { if (@da_sql_num_rows($res, $config)) { echo "<b>User {$new_member} already is a member of the group</b><br>\n"; } else { $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\t\t\tVALUES ('{$login}','{$new_member}');"); if (!$res) { echo "<b>Error while adding user {$new_member} to group: " . da_sql_error($link, $config) . "</b><br>\n"; } } } else { echo "<b>Could not add new member {$new_member}: " . da_sql_error($link, $config) . "</b><br>\n"; } } }
$tmp = "{$sql_val[$column[$j]]}"; $res[$j] = $tmp == "" ? "COUNT(radacctid) AS res_{$j}" : "sum({$tmp}) AS res_{$j}"; } $i = 1; $servers[all] = 'all'; foreach ($nas_list as $nas) { $name = $nas[name]; if ($nas[ip] == '') { continue; } $servers[$name] = $nas[ip]; $i++; } ksort($servers); if ($server != 'all' && $server != '') { $server = da_sql_escape_string($server); $s = "AND nasipaddress = '{$server}'"; } $sql_extra_query = ''; if ($config[sql_accounting_extra_query] != '') { $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config); } $link = @da_sql_pconnect($config); if ($link) { for ($i = $num_days; $i > -1; $i--) { $day = "{$days[$i]}"; if ($config[general_stats_use_totacct] == 'yes') { $search = @da_sql_query($link, $config, "SELECT {$res['1']},{$res['2']},{$res['3']} FROM {$config['sql_total_accounting_table']}\n\t\t\t{$sql_val['user']} AND acctdate = '{$day}' {$s} {$sql_extra_query};"); } else { $search = @da_sql_query($link, $config, "SELECT {$res['1']},{$res['2']},{$res['3']} FROM {$config['sql_accounting_table']}\n\t\t\t{$sql_val['user']} AND acctstoptime >= '{$day} 00:00:00'\n\t\t\tAND acctstoptime <= '{$day} 23:59:59' {$s} {$sql_extra_query};"); }
} else { $msg = "<b>Error adding NAS '{$nasname}' " . da_sql_error($link, $config) . "</b><br>\n"; } } break; case 'change_nas': if ($nassecret == '' || $nasshortname == '') { $msg = "<b>Error. Required fields are not set</b><br>\n"; } else { $nasshortname = da_sql_escape_string($nasshortname); $nastype = da_sql_escape_string($nastype); $nasportnum = da_sql_escape_string($nasportnum); $nassecret = da_sql_escape_string($nassecret); $nascommunity = da_sql_escape_string($nascommunity); $nasdescription = da_sql_escape_string($nasdescription); $nasname = da_sql_escape_string($nasname); $res = @da_sql_query($link, $config, "UPDATE {$config['sql_nas_table']} SET\n\t\t\t\t\tshortname = '{$nasshortname}',\n\t\t\t\t\ttype = '{$nastype}',\n\t\t\t\t\tports = '{$nasportnum}',\n\t\t\t\t\tsecret = '{$nassecret}',\n\t\t\t\t\tcommunity = '{$nascommunity}',\n\t\t\t\t\tdescription = '{$nasdescription}' WHERE nasname = '{$nasname}';"); if ($res) { $msg = "<b>NAS '{$nasname}' was updated successfully</b><br>\n"; } else { $msg = "<b>Error updating NAS '{$selected_nas}' " . da_sql_error($link, $config) . "</b><br>\n"; } } break; } } $search = @da_sql_query($link, $config, "SELECT * FROM {$config['sql_nas_table']} ORDER BY nasname;"); if ($search) { $num = 0; unset($my_nas_list); while ($row = @da_sql_fetch_array($search, $config)) {
$res = @da_sql_query($link, $config, "SELECT " . da_sql_limit($max, 0, $config) . " username FROM {$config['sql_user_info_table']} WHERE\n\t\tlower({$search_IN}) LIKE '%{$search}%' " . da_sql_limit($max, 1, $config) . " " . da_sql_limit($max, 2, $config) . " ;"); if ($res) { while ($row = @da_sql_fetch_array($res, $config)) { $found_users[] = $row[username]; } } else { "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n"; } } else { if ($search_IN == 'radius' && $radius_attr != '') { require "../lib/sql/attrmap.php"; if ($attrmap["{$radius_attr}"] == '') { $attrmap["{$radius_attr}"] = $radius_attr; $attr_type["{$radius_attr}"] = 'replyItem'; } $table = $attr_type[$radius_attr] == 'checkItem' ? $config[sql_check_table] : $config[sql_reply_table]; $attr = $attrmap[$radius_attr]; $attr = da_sql_escape_string($attr); $res = @da_sql_query($link, $config, "SELECT " . da_sql_limit($max, 0, $config) . " username FROM {$table} WHERE attribute = '{$attr}'\n\t\tAND value LIKE '%{$search}%' " . da_sql_limit($max, 1, $config) . " " . da_sql_limit($max, 2, $config) . " ;"); if ($res) { while ($row = @da_sql_fetch_array($res, $config)) { $found_users[] = $row[username]; } } else { "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n"; } } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
$link = @da_sql_pconnect($config); if ($link) { if (isset($member_groups) && isset($edited_groups)) { $del_groups = array_diff($member_groups, $edited_groups); if (isset($del_groups)) { foreach ($del_groups as $del) { $del = da_sql_escape_string($del); $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$del}';"); if (!$res) { echo "<b>Could not delete user {$login} from group {$del}: " . da_sql_error($link, $config) . "</b><br>\n"; } else { echo "<b>User {$login} deleted from group {$del}</b><br>\n"; } } } $new_groups = array_diff($edited_groups, $member_groups); if (isset($new_groups)) { foreach ($new_groups as $new) { $new = da_sql_escape_string($new); $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\tVALUES ('{$new}','{$login}');"); if (!$res) { echo "<b>Error while adding user {$login} to group {$login}: " . da_sql_error($link, $config) . "</b><br>\n"; } else { echo "<b>User {$login} added to group {$new}</b><br>\n"; } } } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
<form action="badusers.php" method="get" name="master"> <input type=hidden name=do_delete value=0> <input type=hidden name=row_id value=0> EOM; ?> <p> <table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> <tr bgcolor="#d0ddb0"> <th>#</th><th>user</th><th>date</th><th>admin</th><th>reason</th><th>administrator action</th> </tr> <?php $auth_user = $_SERVER["PHP_AUTH_USER"]; if ($config[general_restrict_badusers_access] == 'yes') { $auth_user = da_sql_escape_string($auth_user); $extra_query = "AND admin == '{$auth_user}'"; } $link = @da_sql_pconnect($config); if ($link) { $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit($limit, 0, $config) . " * FROM {$config['sql_badusers_table']}\n\tWHERE username {$usercheck} {$extra_query} AND incidentdate <= '{$now_str}'\n\tAND incidentdate >= '{$prev_str}' " . da_sql_limit($limit, 1, $config) . " ORDER BY incidentdate {$order} " . da_sql_limit($limit, 2, $config) . " ;"); if ($search) { while ($row = @da_sql_fetch_array($search, $config)) { $num++; $id = $row[id]; $user = "******"; $User = urlencode($user); $date = "{$row['incidentdate']}"; $reason = "{$row['reason']}"; $admin = "{$row['admin']}"; if ($admin == $auth_user || $admin == '-') {
} if ($config[sql_use_operators] == 'true') { $text1 = ',op'; $text2 = ",':='"; $text3 = ", op = ':='"; } else { $text1 = ''; $text2 = ''; $text3 = ''; } $link = @da_sql_pconnect($config); if ($link) { if (is_file("../lib/crypt/{$config['general_encryption_method']}.php")) { include "../lib/crypt/{$config['general_encryption_method']}.php"; $passwd = da_encrypt($passwd); $passwd = da_sql_escape_string($passwd); $res = @da_sql_query($link, $config, "SELECT value FROM {$config['sql_check_table']} WHERE username = '******'\n\t\t\tAND attribute = '{$config['sql_password_attribute']}';"); if ($res) { $row = @da_sql_fetch_array($res, $config); if ($row) { $res = @da_sql_query($link, $config, "UPDATE {$config['sql_check_table']} SET value = '{$passwd}' {$text3} WHERE\n\t\t\t\tattribute = '{$config['sql_password_attribute']}' AND username = '******';"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Error while changing password: "******"</b><br>\n"; } } else { $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_check_table']} (attribute,value,username {$text1})\n\t\t\t\t\tVALUES ('{$config['sql_password_attribute']}','{$passwd}','{$login}' {$text2});"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Error while changing password: "******"</b><br>\n"; } } } else {
} if ($attr_type["{$key}"] == 'checkItem') { $table = "{$config['sql_groupcheck_table']}"; $type = 1; } else { if ($attr_type["{$key}"] == 'replyItem') { $table = "{$config['sql_groupreply_table']}"; $type = 2; } } $val = ${$attrmap}["{$key}"]; $val = da_sql_escape_string($val); $op_name = $attrmap["{$key}"] . '_op'; $op_val = ${$op_name}; if ($op_val != '') { $op_val = da_sql_escape_string($op_val); if (check_operator($op_val, $type) == -1) { echo "<b>Invalid operator ({$op_val}) for attribute {$key}</b><br>\n"; coninue; } $op_val2 = ",'{$op_val}'"; } if ($val == '' || check_defaults($val, $op_val, $default_vals["{$key}"])) { continue; } $res = @da_sql_query($link, $config, "INSERT INTO {$table} (attribute,value,groupname {$text})\n\t\t\tVALUES ('{$attrmap[$key]}','{$val}','{$login}' {$op_val2});"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Query failed for attribute {$key}: " . da_sql_error($link, $config) . "</b><br>\n"; } } echo "<b>Group created successfully</b><br>\n";
$now_str = $now_str != '' ? "{$now_str}" : date($config[sql_date_format], $now + 86400); $prev_str = $prev_str != '' ? "{$prev_str}" : date($config[sql_date_format], $now - 604800); $num = 0; $pagesize = $pagesize ? $pagesize : 10; if (!is_numeric($pagesize) && $pagesize != 'all') { $pagesize = 10; } $limit = $pagesize == 'all' ? '' : "{$pagesize}"; $selected[$pagesize] = 'selected'; $order = $order != '' ? $order : $config[general_accounting_info_order]; if ($order != 'desc' && $order != 'asc') { $order = 'desc'; } $selected[$order] = 'selected'; $now_str = da_sql_escape_string($now_str); $prev_str = da_sql_escape_string($prev_str); unset($da_name_cache); if (isset($_SESSION['da_name_cache'])) { $da_name_cache = $_SESSION['da_name_cache']; } echo <<<EOM <head> <title>subscription analysis for {$login}</title> <meta http-equiv="Content-Type" content="text/html; charset={$config['general_charset']}"> <link rel="stylesheet" href="style.css"> </head> <body> <center> <table border=0 width=550 cellpadding=0 cellspacing=0> <tr valign=top> <td align=center><img src="images/title2.gif"></td>
} else { echo "<b>Could not include SQL library</b><br>\n"; exit; } $link = @da_sql_pconnect($config); $fail = 0; if ($link) { if ($config[sql_use_user_info_table] == 'true') { $res = @da_sql_query($link, $config, "SELECT username FROM {$config['sql_user_info_table']} WHERE\n\t\tusername = '******';"); if ($res) { $Fcn = da_sql_escape_string($Fcn); $Fmail = da_sql_escape_string($Fmail); $Fou = da_sql_escape_string($Fou); $Ftelephonenumber = da_sql_escape_string($Ftelephonenumber); $Fhomephone = da_sql_escape_string($Fhomephone); $Fmobile = da_sql_escape_string($Fmobile); if (!@da_sql_num_rows($res, $config)) { $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_user_info_table']}\n\t\t\t\t(username,name,mail,department,homephone,workphone,mobile) VALUES\n\t\t\t\t('{$login}','{$Fcn}','{$Fmail}','{$Fou}','{$Ftelephonenumber}','{$Fhomephone}','{$Fmobile}');"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Could not add user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n"; $fail = 1; } } else { $res = @da_sql_query($link, $config, "UPDATE {$config['sql_user_info_table']} SET name = '{$Fcn}',Mail = '{$Fmail}',\n\t\t\t\tdepartment = '{$Fou}', homephone = '{$Fhomephone}', workphone = '{$Ftelephonenumber}',\n\t\t\t\tmobile = '{$Fmobile}' WHERE username = '******';"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Could not update user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n"; $fail = 1; } } } else { echo "<b>Could not find user in user info table: " . da_sql_error($link, $config) . "</b><br>\n";