public function GetFamilySitestt($domain, $getpartOnly = false)
{
if (!class_exists("squid_familysite")) {
include_once dirname(__FILE__) . "/class.squid.familysites.inc";
}
$fam = new squid_familysite();
return $fam->GetFamilySitestt($domain, $getpartOnly);
}
function ParseSizeBuffer($buffer)
{
if (!class_exists("class.logfile_daemon.inc")) {
include_once "/usr/share/artica-postfix/ressources/class.logfile_daemon.inc";
}
$re = explode(":::", $buffer);
$mac = trim(strtolower($re[0]));
if ($mac == "-") {
$mac == null;
}
$mac = str_replace("-", ":", $mac);
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$ipaddr = trim($re[1]);
// uid
$uid = $re[2];
$uid2 = $re[3];
if ($uid == "-") {
$uid = null;
}
if ($uid2 == "-") {
$uid2 = null;
}
if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $uid2)) {
$uid2 = null;
}
if ($uid == null) {
if ($uid2 != null) {
$uid = $uid2;
}
}
$zdate = $re[4];
$xtime = time();
$SUFFIX_DATE = date("YmdH", $xtime);
$logzdate = date("Y-m-d H:i:s", $xtime);
$proto = $re[5];
$uri = $re[6];
$code_error = $re[8];
$SIZE = $re[9];
$SquidCode = $re[10];
$UserAgent = urldecode($re[11]);
$Forwarded = $re[12];
$sitename = trim($re[13]);
$hostname = $re[14];
$response_time = $re[15];
$MimeType = $re[16];
$uid = str_replace("%20", " ", $uid);
$uid = str_replace("%25", "-", $uid);
if ($uid == "-") {
$uid = null;
}
$Forwarded = str_replace("%25", "", $Forwarded);
//events("MimeType: ......: $MimeType");
if (strpos($uid, '$') > 0) {
if (substr($uid, strlen($uid) - 1, 1) == "\$") {
$uid = null;
}
}
if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $uid)) {
$uid = null;
}
if (!preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $ipaddr)) {
eventsfailed("***** WRONG LINE ipaddr:{$ipaddr} column 13 " . @implode(" | ", $re) . "*****");
return;
}
if ($sitename == "-") {
$h = parse_url($uri);
if (isset($h["host"])) {
$sitename = $h["host"];
}
if ($sitename == "-") {
eventsfailed("***** WRONG SITENAME {$sitename} column 13 " . @implode(" | ", $re) . "*****");
eventsfailed("{$buffer}");
eventsfailed("*");
$GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1;
return;
}
if ($sitename == null) {
eventsfailed("***** WRONG SITENAME {$sitename} column 13 " . @implode(" | ", $re) . "*****");
eventsfailed("{$buffer}");
eventsfailed("*");
$GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1;
return;
}
}
if (strpos($sitename, ":") > 0) {
$XA = explode(":", $sitename);
$sitename = $XA[0];
}
if ($sitename == "127.0.0.1") {
$GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1;
if ($GLOBALS["VERBOSE"]) {
events("127.0.0.1 -> uid = null -> SKIP");
}
return;
}
if ($Forwarded == "unknown") {
$Forwarded = null;
}
if ($Forwarded == "-") {
$Forwarded = null;
}
if ($Forwarded == "0.0.0.0") {
$Forwarded = null;
}
if ($Forwarded == "255.255.255.255") {
$Forwarded = null;
}
if (strlen($Forwarded) > 4) {
$ipaddr = $Forwarded;
$mac = null;
}
$ipaddr = str_replace("%25", "-", $ipaddr);
$mac = str_replace("%25", "-", $mac);
if ($mac == "-") {
$mac = null;
}
if ($ipaddr == "127.0.0.1" or $ipaddr == "::") {
if ($uid == null) {
$GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1;
if ($GLOBALS["VERBOSE"]) {
events("127.0.0.1 -> uid = null -> SKIP");
}
return;
}
}
if (preg_match("#([0-9:a-z]+)\$#", $mac, $z)) {
$mac = $z[1];
}
if ($GLOBALS["VERBOSE"]) {
events("ITEM: DATE......: {$logzdate}");
events("ITEM: MAC.......: {$mac}");
events("ITEM: IP........: {$ipaddr}");
events("ITEM: Size......: {$SIZE}");
events("ITEM: SQUID CODE: {$SquidCode}");
events("ITEM: HTTP CODE.: {$code_error}");
events("ITEM: uid.......: {$uid}");
events("ITEM: uri.......: {$uri}");
events("ITEM: UserAgent.: {$UserAgent}");
events("ITEM: Forwarded.: {$Forwarded}");
events("ITEM: SiteName..: {$sitename}");
}
if ($UserAgent != null) {
UserAuthDB($mac, $ipaddr, $uid, $hostname, $UserAgent);
} else {
events("No UserAgents in {$buffer}");
}
$GLOBALS["COUNT_HASH_TABLE"] = $GLOBALS["COUNT_HASH_TABLE"] + 1;
$arrayURI = parse_url($uri);
$sitename = $arrayURI["host"];
if (strpos($sitename, ":")) {
$xtr = explode(":", $sitename);
$sitename = $xtr[0];
if (preg_match("#^www\\.(.+)#", $sitename, $rz)) {
$sitename = $rz[1];
}
}
$TimeCache = date("YmdH");
if (!isset($GLOBALS["FAMLILYSITE"][$sitename])) {
$fam = new squid_familysite();
$GLOBALS["FAMLILYSITE"][$sitename] = $fam->GetFamilySites($sitename);
}
$FamilySite = $GLOBALS["FAMLILYSITE"][$sitename];
$TablePrimaireHour = "squidhour_" . $TimeCache;
$TableSizeHours = "sizehour_" . $TimeCache;
$TableCacheHours = "cachehour_" . $TimeCache;
$tableYoutube = "youtubehours_" . $TimeCache;
$tableSearchWords = "searchwords_" . $TimeCache;
$tableQuotaTemp = "quotatemp_" . $TimeCache;
$category = null;
if ($GLOBALS["DisableLogFileDaemonCategories"] == 0) {
if ($GLOBALS["VERBOSE"]) {
$time_start = microtime(true);
}
$category = ufdbcat($sitename);
if ($GLOBALS["VERBOSE"]) {
$time_end = microtime(true);
$time_calc = $time_end - $time_start;
}
if ($GLOBALS["VERBOSE"]) {
events("{$sitename} = {$category} {$time_calc}ms");
}
}
$logfile_daemon = new logfile_daemon();
$cached = $logfile_daemon->CACHEDORNOT($SquidCode);
$SearchWords = $logfile_daemon->SearchWords($uri);
$GLOBALS["ACCEPTED_REQUESTS"] = $GLOBALS["ACCEPTED_REQUESTS"] + 1;
$MAIN["TIMESTAMP"] = time();
$MAIN["URI"] = $uri;
$MAIN["sitename"] = $sitename;
$MAIN["SIZE"] = $SIZE;
$MAIN["CACHED"] = $cached;
$MAIN["IPADDR"] = $ipaddr;
$MAIN["CATEGORY"] = $category;
$MAIN["MIMETYPE"] = $MimeType;
$MAIN["FAMILYSITE"] = $GLOBALS["FAMLILYSITE"][$sitename];
$MAIN["MAC"] = $mac;
$MAIN["UID"] = $uid;
$MAIN["USERAGENT"] = $UserAgent;
$MAIN["SQUID_CODE"] = $SquidCode;
$MAIN["RESPONSE_TIME"] = $response_time;
$MAIN["PROTO"] = $proto;
$MAIN["HTTP_CODE"] = $code_error;
if ($hostname != null) {
$MAIN["HOSTNAME"] = $hostname;
}
if (is_array($SearchWords)) {
$MAIN["WORDS"] = $SearchWords["WORDS"];
}
$md5 = md5(serialize($MAIN));
berekley_add($md5, base64_encode(serialize($MAIN)));
return;
if (!isset($GLOBALS["RTTCREATED"][$TimeCache])) {
events("Creating RTTH_{$TimeCache} table...");
if (create_tables($TimeCache)) {
$GLOBALS["RTTCREATED"][$TimeCache] = true;
}
}
$sql = "INSERT IGNORE INTO `squidlogs`.`RTTH_{$TimeCache}` (`xtime`,`sitename`,`ipaddr`,`uid`,`MAC`,`size`) VALUES('{$xtime}','{$FamilySite}','{$ipaddr}','{$uid}','{$mac}','{$SIZE}')";
if ($GLOBALS["VERBOSE"]) {
$time_start = microtime(true);
}
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TABLE" => "RTTH_{$TimeCache}", "CMD" => $sql)));
}
if ($GLOBALS["VERBOSE"]) {
$time_end = microtime(true);
$time_calc = $time_end - $time_start;
}
if ($GLOBALS["VERBOSE"]) {
events("RTTH_{$TimeCache} {$time_calc}ms DisableLogFileDaemonMySQL={$GLOBALS["DisableLogFileDaemonMySQL"]}");
}
$uri = xmysql_escape_string2($uri);
if (!isset($GLOBALS["CODE_TO_STRING"][$code_error])) {
$GLOBALS["CODE_TO_STRING"][$code_error] = $logfile_daemon->codeToString($code_error);
}
$zMD5 = md5("{$uri}{$xtime}{$mac}{$ipaddr}");
$TYPE = $GLOBALS["CODE_TO_STRING"][$code_error];
$cached = $GLOBALS["CACHEDX"][$SquidCode];
$UserAgent = xmysql_escape_string2($UserAgent);
if ($GLOBALS["VERBOSE"]) {
$time_start = microtime(true);
}
$sql = "INSERT IGNORE INTO `{$TableSizeHours}` (`zDate`,`size`,`cached`) VALUES ('{$logzdate}','{$SIZE}','{$cached}')";
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $TableSizeHours, "CMD" => $sql)));
}
if ($GLOBALS["VERBOSE"]) {
$time_end = microtime(true);
$time_calc = $time_end - $time_start;
}
if ($GLOBALS["VERBOSE"]) {
events("{$TableSizeHours} = {$time_calc}ms");
}
$sql = "INSERT IGNORE INTO `{$tableQuotaTemp}` (`xtime`,`keyr`,`ipaddr`,`familysite`,`servername`,`uid`,`MAC`,`size`) VALUES \n\t('{$logzdate}','{$zMD5}','{$ipaddr}','{$FamilySite}','{$FamilySite}','{$uid}','{$mac}','{$SIZE}')";
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $tableQuotaTemp, "CMD" => $sql)));
}
$sql = "INSERT IGNORE INTO `{$TablePrimaireHour}` (`sitename`,`uri`,`TYPE`,`REASON`,`CLIENT`,`hostname`,`zDate`,`zMD5`,`uid`,`QuerySize`,`cached`,`MAC`,`category`) VALUES ('{$sitename}','{$uri}','{$TYPE}','{$TYPE}','{$ipaddr}','{$hostname}','{$logzdate}','{$zMD5}','{$uid}','{$SIZE}','{$cached}','{$mac}','{$category}')";
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TABLE" => $TablePrimaireHour, "CMD" => $sql)));
}
$sql = "INSERT IGNORE INTO `{$TableCacheHours}` (`zDate`,`size`,`cached`,`familysite`) VALUES ('{$logzdate}','{$SIZE}','{$cached}','{$FamilySite}')";
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $TableCacheHours, "CMD" => $sql)));
}
if (strpos(" {$uri}", "youtube") > 0) {
$VIDEOID = $logfile_daemon->GetYoutubeID($uri);
if ($VIDEOID != null) {
$sql = "INSERT IGNORE INTO `{$tableYoutube}` (`zDate`,`ipaddr`,`hostname`,`uid`,`MAC` ,`account`,`youtubeid`) VALUES ('{$logzdate}','{$ipaddr}','','{$uid}','{$mac}','0','{$VIDEOID}')";
events_youtube($sql);
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $tableYoutube, "CMD" => $sql)));
}
}
}
if (is_array($SearchWords)) {
$words = xmysql_escape_string2($SearchWords["WORDS"]);
$sql = "INSERT IGNORE INTO `{$tableSearchWords}` (`zmd5`,`sitename`,`zDate`,`ipaddr`,`hostname`,`uid`,`MAC`,`account`,`familysite`,`words`) VALUES ('{$zMD5}','{$sitename}','{$logzdate}','{$ipaddr}','{$hostname}','{$uid}','{$mac}','0','{$FamilySite}','{$words}')";
if (!SEND_MYSQL($sql)) {
@file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $tableYoutube, "CMD" => $sql)));
}
}
if (count($GLOBALS["CACHE_SQL"]) > 2) {
events("CACHE_SQL = " . count($GLOBALS["CACHE_SQL"] . " seems 2 minutes"));
empty_TableHash();
}
$dd = date("Hi");
if (count($GLOBALS["CACHE_SQL"][$dd]) > 1000) {
events("CACHE_SQL[{$dd}] = " . count($GLOBALS["CACHE_SQL"][$dd]));
empty_TableHash();
}
return;
$GLOBALS["RTTHASH"][$SUFFIX_DATE][] = array("TIME" => $xtime, "MAC" => $mac, "IPADDR" => $ipaddr, "SIZE" => $SIZE, "SQUID_CODE" => $SquidCode, "HTTP_CODE" => $code_error, "UID" => $uid, "URI" => $uri, "USERAGENT" => $UserAgent, "SITENAME" => $sitename, "HOSTNAME" => $hostname, "RESPONSE_TIME" => $response_time);
$GLOBALS["ACCEPTED_REQUESTS"] = $GLOBALS["ACCEPTED_REQUESTS"] + 1;
if (count($GLOBALS["RTTHASH"][$SUFFIX_DATE]) > 50) {
if ($GLOBALS["VERBOSE"]) {
events("-> empty_TableHash()");
}
empty_TableHash();
}
if ($GLOBALS["VERBOSE"]) {
events("---------------------- DONE ----------------------");
}
}
function parseTemplate_extension($uri)
{
$js_forced["revsci.net"] = true;
$js_forced["omtrdc.net"] = true;
$array = parse_url($uri);
$hostname = $array["host"];
$fam = new squid_familysite();
$hostname = $fam->GetFamilySites($hostname);
if (count($array) == 0) {
return false;
}
if (!isset($array["path"])) {
return false;
}
$path_parts = pathinfo($array["path"]);
$ext = $path_parts['extension'];
if (preg_match("#(.+?)\\?#", $ext, $re)) {
$ext = $re[1];
}
if ($ext == "php") {
return false;
}
if ($ext == "html") {
return false;
}
$basename = $path_parts['basename'];
$filename = $path_parts['basename'];
if (preg_match("#\\/pixel\\?#", $uri)) {
parseTemplate_extension_gif();
return true;
}
if (isset($js_forced[$hostname])) {
$ext = "js";
}
if ($filename == null) {
$filename = "1x1.{$ext}";
}
$ctype = null;
switch ($ext) {
case "gif":
parseTemplate_extension_gif($filename);
return true;
case "png":
$ctype = "image/png";
break;
case "jpeg":
$ctype = "image/jpg";
break;
case "jpg":
$ctype = "image/jpg";
break;
case "js":
$ctype = "application/x-javascript";
break;
case "css":
$ctype = "text/css";
break;
}
//aspx
if ($ext == "js") {
header("content-type: application/x-javascript");
echo "// blocked by url filtering\n";
return true;
}
if ($ext == "css") {
header("content-type: text/css");
echo "\n";
echo "/**\n";
echo "* blocked by url filtering\n";
echo "* \n";
echo "*/\n";
return true;
}
if ($ext == "ico") {
$fsize = filesize("ressources/templates/Squid/favicon.ico");
header("content-type: image/vnd.microsoft.icon");
header("Content-Length: " . $fsize);
ob_clean();
flush();
readfile($fsize);
return true;
}
if ($ctype != null) {
if (!is_file("img/{$filename}")) {
$filename = null;
}
if ($filename == null) {
$filename = "1x1.{$ext}";
}
$fsize = filesize("img/{$filename}");
header("Content-Type: {$ctype}");
header("Content-Length: " . $fsize);
ob_clean();
flush();
readfile($fsize);
return true;
}
writelogs("{$uri}: {$ext} ({$filename}) Unkown", __FUNCTION__, __FILE__, __LINE__);
}
function x_GetFamilySites($sitename)
{
if (isset($GLOBALS["GetFamilySites"][$sitename])) {
return $GLOBALS["GetFamilySites"][$sitename];
}
$fam = new squid_familysite();
$GLOBALS["GetFamilySites"][$sitename] = $fam->GetFamilySites($sitename);
return $GLOBALS["GetFamilySites"][$sitename];
}
function Ranswomare($ARRAY)
{
$function = __FUNCTION__;
$database = "/etc/squid3/ransomwaretracker.db";
if (!is_file($database)) {
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$database} no such file");
}
return false;
}
$URI = $ARRAY["ORGURI"];
$urlenc = urlencode($URI);
$SquidGuardIPWeb = $GLOBALS["SquidGuardIPWeb"];
$userid = $ARRAY["userid"];
$PROTO = $ARRAY["PROTO"];
$IP = $ARRAY["IP"];
$IpClass = new IP();
if (preg_match("#([0-9\\.]+)\\/(.*)#", $IP, $re)) {
$hostname = $re[2];
$IP = $re[1];
}
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: RANSOMARE_FTIME = {$GLOBALS["RANSOMARE_FTIME"]}");
}
if (!isset($GLOBALS["RANSOMARE_FTIME"])) {
$GLOBALS["RANSOMARE_FTIME"] = filemtime($database);
$GLOBALS["RANSOMARE_DB"] = unserialize(@file_get_contents($database));
}
if (!isset($GLOBALS["RANSOMARE_DB"])) {
$GLOBALS["RANSOMARE_FTIME"] = filemtime($database);
$GLOBALS["RANSOMARE_DB"] = unserialize(@file_get_contents($database));
}
$ftime = filemtime($database);
if ($ftime != $GLOBALS["RANSOMARE_FTIME"]) {
$GLOBALS["RANSOMARE_FTIME"] = filemtime($database);
$GLOBALS["RANSOMARE_DB"] = unserialize(@file_get_contents($database));
}
$MAIN = $GLOBALS["RANSOMARE_DB"];
$H = parse_url($URI);
$domain = $H["host"];
if (strpos($domain, ":") > 0) {
$xdomain = explode(":", $domain);
$domain = $xdomain[0];
}
$domain = strtolower($domain);
if (preg_match("#(\\/|\\.)(windowsupdate|microsoft|netflix|google|msftncsi|teamviewer|lastpass|steamusercontent|nflxvideo|kaspersky)\\.[a-z]+#", $domain)) {
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: \"SKIP\"");
}
return false;
}
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: \"{$URI}\"");
}
$returned = "{$GLOBALS["SquidGuardIPWeb"]}?rule-id=0SquidGuardIPWeb=" . base64_encode($GLOBALS["SquidGuardIPWeb"]) . "&clientaddr={$IP}&clientname={$IP}&clientuser={$userid}" . "&clientgroup=default&targetgroup=ransomware&url={$urlenc}";
if ($IpClass->isValid($domain)) {
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: Check {$domain} in " . count($MAIN["IPS"]) . " IPS");
}
if (isset($MAIN["IPS"][$domain])) {
ufdbgevents("default", "ransomware");
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: TRUE IP");
}
Output_results($returned, __FUNCTION__, __LINE__);
return true;
}
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: \"PASS [OK]\"");
}
return false;
}
$f = new squid_familysite();
$familysite = $f->GetFamilySites($domain);
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: Check {$domain} in " . count($MAIN["DOMAINS"]) . " domains");
}
if (isset($MAIN["DOMAINS"][$domain])) {
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$domain}: TRUE DOMAIN");
}
ufdbgevents("default", "ransomware");
Output_results($returned, __FUNCTION__, __LINE__);
return true;
}
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: Check {$familysite} in " . count($MAIN["DOMAINS"]) . " domains");
}
if (isset($MAIN["DOMAINS"][$familysite])) {
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: TRUE DOMAIN FAMILYSITE");
}
ufdbgevents("default", "ransomware");
Output_results($returned, __FUNCTION__, __LINE__);
return true;
}
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: Check {$URI} in " . count($MAIN["URIS"]) . " Urls");
}
if (isset($MAIN["URIS"][$URI])) {
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: TRUE URL");
}
ufdbgevents("default", "ransomware");
Output_results($returned, __FUNCTION__, __LINE__);
return true;
}
if ($GLOBALS["DEBUG_RANSOMARE"]) {
events("{$function}: {$domain}: \"PASS [OK]\"");
}
}
function CheckRules($ARRAY)
{
$IPSRC = $ARRAY["IPADDR"];
$DOMAIN = $ARRAY["DOMAIN"];
$fam = new squid_familysite();
$FAMILY = $fam->GetFamilySites($DOMAIN);
if ($FAMILY == "articatech.net") {
return false;
}
if ($FAMILY == "artica.fr") {
return false;
}
if ($IPSRC == "127.0.0.1") {
return false;
}
$MAIN = LoadRules();
if (isset($MAIN["IPSRC"])) {
if (isset($MAIN["IPSRC"][$IPSRC])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[BLOCK]: {$IPSRC}");
}
return true;
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[SKIP]: IP:{$IPSRC}");
}
}
if (isset($MAIN["DOMS"])) {
if (isset($MAIN["DOMS"][$DOMAIN])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[BLOCK]: {$DOMAIN}");
}
return true;
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[SKIP]: DOM:{$DOMAIN}");
}
if (isset($MAIN["DOMS"][$FAMILY])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[BLOCK]: {$FAMILY}");
}
return true;
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[SKIP]: DOM:{$FAMILY}");
}
}
if (isset($MAIN["IPDOM"])) {
if (!isset($MAIN["IPDOM"][$IPSRC])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[SKIP]: {$IPSRC} FOR {$IPSRC}/FAMILY");
}
return false;
}
if (!isset($MAIN["IPDOM"][$IPSRC][$FAMILY])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[SKIP]: {$IPSRC} FOR {$IPSRC}/{$FAMILY}");
}
return false;
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("CheckRules()::[BLOCK]: {$IPSRC}/{$FAMILY}");
}
return true;
}
}
function paranoidmode($local_ip, $www)
{
if ($GLOBALS["UfdbEnableParanoidMode"] == 0) {
return;
}
if (intval($GLOBALS["UfdbEnableParanoidBlockW"]) < 1000) {
$GLOBALS["UfdbEnableParanoidBlockW"] = 5000;
}
if (intval($GLOBALS["UfdbEnableParanoidBlockC"]) < 1000) {
$GLOBALS["UfdbEnableParanoidBlockW"] = 5000;
}
if (intval($GLOBALS["UfdbEnableParanoidBlockU"]) == 0) {
$GLOBALS["UfdbEnableParanoidBlockU"] = 100;
}
if (isset($GLOBALS["UfdbEnableParanoidModeCounter"])) {
$GLOBALS["UfdbEnableParanoidModeCounter"] = 0;
}
$GLOBALS["UfdbEnableParanoidModeCounter"] = $GLOBALS["UfdbEnableParanoidModeCounter"] + 1;
if (!isset($GLOBALS["MEMORY_FAMILY"][$www])) {
$f = new squid_familysite();
$GLOBALS["MEMORY_FAMILY"][$www] = $f->GetFamilySites($www);
}
$www = $GLOBALS["MEMORY_FAMILY"][$www];
$Y = date("Y");
$M = date("M");
$D = date("d");
$H = date("H");
$DAYC = intval(@file_get_contents("/home/artica/ufdbcounters/{$Y}/{$M}/{$D}/{$www}/{$local_ip}"));
// $HOURC=intval(@file_get_contents("/home/artica/ufdbcounters/$Y/$M/$D/$H/$www/$local_ip"));
if ($DAYC > $GLOBALS["UfdbEnableParanoidBlockU"]) {
$pattern = "{$local_ip}/{$www}";
$sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) VALUES ('{$pattern}','dstdomainsrc',NOW())";
$md5 = md5($sql);
if (!isset($GLOBALS["SQLSAVED"][$md5])) {
$q = new mysql_squid_builder();
$q->QUERY_SQL($sql);
if (!$q->ok) {
squid_admin_mysql(0, "Paranoid mode FATAL! {$q->mysql_error}", null, __FILE__, __LINE__);
return;
}
$GLOBALS["SQLSAVED"][$md5] = true;
squid_admin_mysql(0, "Paranoid mode bann {$local_ip} to {$www} after {$DAYC} events", null, __FILE__, __LINE__);
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.paranoid.php >/dev/null 2>&1 &");
}
}
$DAYC = intval(@file_get_contents("/home/artica/ufdbcounters/{$Y}/{$M}/{$D}/{$www}/TOT"));
// $HOURC=intval(@file_get_contents("/home/artica/ufdbcounters/$Y/$M/$D/$H/$www/TOT"));
if ($DAYC > $GLOBALS["UfdbEnableParanoidBlockW"] - 1) {
$sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) VALUES ('{$www}','dstdomain',NOW())";
$md5 = md5($sql);
if (!isset($GLOBALS["SQLSAVED"][$md5])) {
$q = new mysql_squid_builder();
$q->QUERY_SQL($sql);
if (!$q->ok) {
squid_admin_mysql(0, "Paranoid mode FATAL! {$q->mysql_error}", null, __FILE__, __LINE__);
return;
}
$GLOBALS["SQLSAVED"][$md5] = true;
squid_admin_mysql(0, "Paranoid mode {$www} is banned! after {$DAYC} events", null, __FILE__, __LINE__);
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.paranoid.php >/dev/null 2>&1 &");
}
}
$DAYC = intval(@file_get_contents("/home/artica/ufdbcounters/{$Y}/{$M}/{$D}/{$local_ip}/TOT"));
// $HOURC=intval(@file_get_contents("/home/artica/ufdbcounters/$Y/$M/$D/$H/$local_ip/TOT"));
if ($DAYC > $GLOBALS["UfdbEnableParanoidBlockC"] - 1) {
$sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) VALUES ('{$local_ip}','src',NOW())";
$md5 = md5($sql);
if (!isset($GLOBALS["SQLSAVED"][$md5])) {
$q = new mysql_squid_builder();
$q->QUERY_SQL($sql);
if (!$q->ok) {
squid_admin_mysql(0, "Paranoid mode FATAL! {$q->mysql_error}", null, __FILE__, __LINE__);
return;
}
$DZ = array();
squid_admin_mysql(0, "Paranoid mode {$local_ip} is banned! after {$DAYC} events", null, __FILE__, __LINE__);
$GLOBALS["SQLSAVED"][$md5] = true;
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.global.access.php >/dev/null 2>&1 &");
}
}
if ($GLOBALS["UfdbEnableParanoidModeCounter"] > 5) {
if (isset($GLOBALS["MEMORY_FAMILY"])) {
if (count($GLOBALS["MEMORY_FAMILY"]) > 5000) {
$GLOBALS["MEMORY_FAMILY"] = array();
}
}
$GLOBALS["UfdbEnableParanoidModeCounter"] = 0;
}
}
function events_list()
{
$sock = new sockets();
$catz = new mysql_catz();
$sock->getFrameWork("squid.php?access-real=yes&rp={$_POST["rp"]}&query=" . urlencode($_POST["query"]) . "&SearchString={$_GET["SearchString"]}");
$filename = "/usr/share/artica-postfix/ressources/logs/access.log.tmp";
$dataZ = explode("\n", @file_get_contents($filename));
$tpl = new templates();
$data = array();
$data['page'] = 1;
$data['total'] = count($data);
$data['rows'] = array();
$today = date("Y-m-d");
$tcp = new IP();
$cachedT = $tpl->_ENGINE_parse_body("{cached}");
$unknown = $tpl->javascript_parse_text("{unknown}");
$c = 0;
if (count($dataZ) == 0) {
json_error_show("no data");
}
$zcat = new squid_familysite();
$logfileD = new logfile_daemon();
krsort($dataZ);
$IP = new IP();
while (list($num, $line) = each($dataZ)) {
$TR = preg_split("/[\\s]+/", $line);
if (count($TR) < 5) {
continue;
}
$c++;
$color = "black";
$date = date("Y-m-d H:i:s", $TR[0]);
$durationunit = "s";
$duration = $TR[1] / 1000;
if ($duration < 60) {
$duration = round($duration, 2);
}
if ($duration > 60) {
$duration = round($duration / 60, 2);
$durationunit = "mn";
}
$ip = $TR[2];
$zCode = explode("/", $TR[3]);
$size = $TR[4];
$PROTO = $TR[5];
if ($logfileD->CACHEDORNOT($zCode[0])) {
$color = "#009223";
}
$codeToString = $logfileD->codeToString($zCode[1]);
$port = null;
$infos = null;
$prefix = null;
$query = null;
$scheme = null;
if ($PROTO == "CONNECT") {
$color = "#BAB700";
$PROTO = "SSL";
$scheme = "https";
}
if ($zCode[1] > 399) {
$color = "#D0080A";
}
if ($zCode[1] == 307) {
$color = "#F59C44";
}
if ($PROTO == "GET" or $PROTO == "POST") {
if (preg_match("#TCP_REDIRECT#", $zCode[0])) {
$color = "#A01E1E";
}
}
$URL = $TR[6];
$SOURCE_URL = $URL;
$fontsize = 14;
if ($_GET["minsize"] == 1) {
$fontsize = 12;
}
$user = "******";
if ($user == "-") {
$user = null;
}
if ($user != null) {
$user = "******";
}
if (!isset($parse["scheme"])) {
if ($PROTO == "SSL") {
$GET_URL = "https://{$SOURCE_URL}";
}
} else {
$GET_URL = $SOURCE_URL;
}
$parse = parse_url($URL);
if ($scheme == null) {
$scheme = $parse["scheme"];
}
$hostname = $parse["host"];
if (preg_match("#(.+?):([0-9]+)#", $hostname, $re)) {
$hostname = $re[1];
$port = $re[2];
}
if ($IP->isValid($hostname)) {
$parse["query"] = null;
$parse["path"] = null;
$TT = explode(".", $hostname);
$net = $TT[0] . "." . $TT[1] . "." . $TT[2];
$infos = " (<a href=\"http://www.tcpiputils.com/browse/ip-address/{$hostname}\" style='text-decoration:underline;color:black' target=_new>TCP Utils</a> | <a href=\"https://db-ip.com/all/{$net}\" style='text-decoration:underline;color:black' target=_new>Subnet</a>)";
}
$path = $parse["path"];
$query = $parse["query"];
$familysite = $zcat->GetFamilySites($hostname);
$familysite = str_replace("'", "`", $familysite);
$familysiteEnc = urlencode($familysite);
if ($familysite != $hostname) {
$prefix = str_replace(".{$familysite}", "", $hostname);
if ($prefix != "www") {
$prefix = "<a href=\"javascript:blur();\"\n\t\t\t\tOnClick=\"javascript:Loadjs('squid.access.webfilter.tasks.php?familysite={$hostname}')\"\n\t\t\t\tstyle='text-decoration:underline;font-size:{$fontsize}px;color:{$color};font-weight:bold'>{$prefix}</a>";
}
}
$familysite = "<a href=\"javascript:blur();\" \n\t\tOnClick=\"javascript:Loadjs('squid.access.webfilter.tasks.php?familysite={$familysiteEnc}')\"\n\t\tstyle='text-decoration:underline;font-size:{$fontsize}px;color:{$color}'>{$familysite}</a>";
$URL = "{$scheme}://";
if ($prefix != null) {
$URL = $URL . "{$prefix}.";
}
$URL = $URL . "{$familysite}";
if ($port != null) {
$URL = $URL . ":{$port}";
}
if (!isset($_GET["categories-scan"])) {
if ($path != null) {
$URL = $URL . $path;
}
if ($query != null) {
$URL = $URL . "?{$query}";
}
} else {
$category = $catz->GET_CATEGORIES($hostname);
if ($category == null) {
$category = " ({$unknown})";
} else {
$category = " ({$category})";
}
$URL = $URL . $category;
}
$TR[6] = $URL;
$link = "<a href=\"{$GET_URL}\" target=_new><img src='img/icon-link.png'></a>";
if ($size > 1024) {
$size = FormatBytes($size / 1024);
} else {
$size = "{$size} Bytes";
}
$date = str_replace($today . " ", "", $date);
$data['rows'][] = array('id' => md5($line), 'cell' => array("<span style='font-size:{$fontsize}px;color:{$color}'>{$date}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$ip}{$user}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$zCode[0]} - {$codeToString}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$PROTO}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$TR[6]}{$infos}</span>", "<center style='font-size:{$fontsize}px;color:{$color}'>{$link}</center>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$size}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$duration}{$durationunit}</span>", "{$ip}"));
}
$data['total'] = $c;
echo json_encode($data);
}
function TIME_QUOTA($url)
{
if (trim($url) == null) {
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::URL is null [" . __LINE__ . "]");
return false;
}
}
if (strpos(" {$url}", "127.0.0.1 00:00:00:00:00:00") > 0) {
return false;
}
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::{$url} [" . __LINE__ . "]");
}
$values = explode(" ", $url);
$USERNAME = $values[0];
if (strpos($USERNAME, '$') > 0) {
if (substr($USERNAME, strlen($USERNAME) - 1, 1) == "\$") {
$USERNAME = null;
}
}
$IPADDR = $values[1];
$MAC = $values[2];
$XFORWARD = $values[3];
$WWW = $values[4];
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::USERNAME:{$USERNAME} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::IPADDR..:{$IPADDR} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::MAC.....:{$MAC} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::XFORWARD:{$XFORWARD} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::WWW.....:{$WWW} [" . __LINE__ . "]");
}
$USERNAME = str_replace("%20", " ", $USERNAME);
$USERNAME = str_replace("%25", "-", $USERNAME);
$IPADDR = str_replace("%25", "-", $IPADDR);
$MAC = str_replace("%25", "-", $MAC);
$XFORWARD = str_replace("%25", "-", $XFORWARD);
if ($XFORWARD == "-") {
$XFORWARD = null;
}
if ($MAC == "00:00:00:00:00:00") {
$MAC = null;
}
if ($MAC == "-") {
$MAC = null;
}
if ($USERNAME == "-") {
$USERNAME = null;
}
$IPCalls = new IP();
if ($IPCalls->isIPAddress($XFORWARD)) {
$IPADDR = $XFORWARD;
}
if (preg_match("#(.+?):[0-9]+#", $WWW, $re)) {
$WWW = $re[1];
}
if (preg_match("#^www\\.(.+)#", $WWW, $re)) {
$WWW = $re[1];
}
$fam = new squid_familysite();
$WWW = $fam->GetFamilySites($WWW);
$db_con = dba_open($GLOBALS["DBPATH"], "c", "db4");
if (!$db_con) {
WLOG("FATAL!!! TIME_QUOTA::{$GLOBALS["DBPATH"]}, unable to open");
return false;
}
$mainkey = md5(trim("{$USERNAME}{$IPADDR}{$MAC}{$WWW}"));
if ($USERNAME != null) {
$mainkey = md5("{$USERNAME}{$WWW}");
}
if ($USERNAME == null) {
if ($MAC != null) {
$mainkey = md5("{$MAC}{$WWW}");
}
}
$Fetched = true;
if (!dba_exists($mainkey, $db_con)) {
$Fetched = false;
if ($GLOBALS["DEBUG"]) {
WLOG("FATAL!!! TIME_QUOTA::{$mainkey} doesn't exists");
}
} else {
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::{$mainkey} Exists OK");
}
}
if (!$Fetched) {
$array["START"] = time();
$array["website"] = $WWW;
$array["username"] = $USERNAME;
$array["ipaddr"] = $IPADDR;
$array["MAC"] = $MAC;
$array["END"] = time();
$array["ORG_START"] = time();
if ($GLOBALS["DEBUG"]) {
WLOG("TIME_QUOTA::[{$WWW}]: new item for UID:{$USERNAME}; IPADDR={$IPADDR};MAC={$MAC},sitename={$WWW}");
}
dba_replace($mainkey, serialize($array), $db_con);
@dba_close($db_con);
return false;
}
$array = unserialize(dba_fetch($mainkey, $db_con));
if (!isset($array["END"])) {
$array["END"] = time();
}
if (!isset($array["ORG_START"])) {
$array["ORG_START"] = time();
}
if (!is_array($array)) {
if ($GLOBALS["DEBUG"]) {
WLOG("[{$WWW}]: FATAL!!! Array is not an array...");
}
} else {
if ($GLOBALS["DEBUG"]) {
WLOG("[{$WWW}]: In DB www:{$array["website"]} Last scan {$array["END"]}");
}
}
if (!is_numeric($array["START"])) {
$array["START"] = time();
}
if (!is_numeric($array["ORG_START"])) {
$array["ORG_START"] = time();
}
if ($array["START"] == 0) {
$array["START"] = time();
}
if (!isset($array["website"])) {
$array["website"] = $WWW;
}
if (!isset($array["username"])) {
$array["username"] = $USERNAME;
}
if (!isset($array["ipaddr"])) {
$array["ipaddr"] = $IPADDR;
}
if (!isset($array["MAC"])) {
$array["MAC"] = $MAC;
}
$array["SEC"] = time() - $array["START"];
$array["TIME"] = time_passed_min($array["START"], time());
if ($GLOBALS["ACL_RULES"] > 0) {
$array = TIMED_OUT($array);
}
if (!isset($array["LOCK"])) {
$array["LOCK"] = false;
}
if ($array["LOCK"]) {
if ($GLOBALS["DEBUG"]) {
WLOG("[{$WWW}]: ** LOCKED **");
}
}
$array["END"] = time();
if ($GLOBALS["DEBUG"]) {
WLOG("[{$WWW}]: TIME_QUOTA::Start: {$array["START"]} ({$array["SEC"]} seconds) for UID:{$USERNAME}; IPADDR={$IPADDR};MAC={$MAC},sitename={$WWW}");
}
if (!dba_replace($mainkey, serialize($array), $db_con)) {
WLOG("[{$WWW}]: TIME_QUOTA::FATAL ERROR, dba_replace {$mainkey}");
}
@dba_close($db_con);
return $array["LOCK"];
}
function events_list()
{
$sock = new sockets();
include_once 'ressources/class.ufdbguard-tools.inc';
$sock->getFrameWork("squid.php?ufdb-real=yes&rp={$_POST["rp"]}&query=" . urlencode($_POST["query"]));
$filename = "/usr/share/artica-postfix/ressources/logs/ufdb.log.tmp";
$dataZ = explode("\n", @file_get_contents($filename));
$tpl = new templates();
$data = array();
$data['page'] = 1;
$data['total'] = count($data);
$data['rows'] = array();
$today = date("Y-m-d");
$tcp = new IP();
$c = 0;
krsort($dataZ);
if (count($dataZ) == 0) {
json_error_show("no data");
}
$logfileD = new logfile_daemon();
$zcat = new squid_familysite();
while (list($num, $line) = each($dataZ)) {
$TR = preg_split("/[\\s]+/", $line);
if (count($TR) < 5) {
continue;
}
$c++;
$color = "black";
$date = $TR[0];
$TIME = $TR[1];
$PID = $TR[2];
$ALLOW = $TR[3];
$CLIENT = $TR[4];
$CLIENT_IP = $TR[5];
$RULE = $TR[6];
$CATEGORY = CategoryCodeToCatName($TR[7]);
$URI = $TR[8];
$PROTO = $TR[9];
$parse = parse_url($URI);
$hostname = $parse["host"];
if (!isset($parse["host"])) {
continue;
}
if ($CLIENT == null) {
$CLIENT = "-";
}
if ($ALLOW == "BLOCK-LD") {
$color = "#D0080A";
}
if ($ALLOW == "BLOCK") {
$color = "#D0080A";
}
if ($ALLOW == "REDIR") {
$color = "#BAB700";
}
if ($ALLOW == "PASS") {
$color = "#009223";
}
$familysite = $zcat->GetFamilySites($hostname);
$familysiteEnc = urlencode($familysite);
if ($CLIENT == $CLIENT_IP) {
$CLIENT_IP = null;
} else {
$CLIENT_IP = "/{$CLIENT_IP}";
}
$hostname = texttooltip($hostname, "{webfiltering_tasks_explain}", "Loadjs('squid.access.webfilter.tasks.php?familysite={$familysiteEnc}')");
$fontsize = 14;
if ($_GET["minsize"] == 1) {
$fontsize = 12;
}
if ($date == $today) {
$date = null;
}
$data['rows'][] = array('id' => md5($line), 'cell' => array("<span style='font-size:{$fontsize}px;color:{$color}'>{$date} {$TIME}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$CLIENT}{$CLIENT_IP}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$RULE}/{$CATEGORY}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$ALLOW}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$PROTO}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$hostname}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$URI}</span>"));
}
if ($c == 0) {
json_error_show("No data");
}
$data['total'] = $c;
echo json_encode($data);
}
function SIZE_QUOTA($url)
{
if (trim($url) == null) {
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::URL is null [" . __LINE__ . "]");
return false;
}
}
//- Group75 administrateur 192.168.1.9 00:26:b9:78:8f:0a - ttvpsy.psychologies.com ttvpsy.psychologies.com 75
$MAIN = explode(" ", $url);
$EXT_LOG = $MAIN[0];
$MYGROUP = $MAIN[1];
$USERNAME = $MAIN[2];
$IPADDR = $MAIN[3];
$MAC = $MAIN[4];
$XFORWARD = trim($MAIN[5]);
$WWW = $MAIN[6];
$WWW_SRC = $WWW;
$gpid = $MAIN[7];
if ($IPADDR == "127.0.0.1") {
return false;
}
if ($XFORWARD == "-") {
$XFORWARD = null;
}
if (strpos($USERNAME, '$') > 0) {
if (substr($USERNAME, strlen($USERNAME) - 1, 1) == "\$") {
$USERNAME = null;
}
}
$USERNAME = str_replace("%20", " ", $USERNAME);
$USERNAME = str_replace("%25", "-", $USERNAME);
$IPADDR = str_replace("%25", "-", $IPADDR);
$MAC = str_replace("%25", "-", $MAC);
$XFORWARD = str_replace("%25", "-", $XFORWARD);
if ($XFORWARD == "-") {
$XFORWARD = null;
}
if ($MAC == "00:00:00:00:00:00") {
$MAC = null;
}
if ($MAC == "-") {
$MAC = null;
}
if ($USERNAME == "-") {
$USERNAME = null;
}
$IPCalls = new IP();
if ($IPCalls->isIPAddress($XFORWARD)) {
$IPADDR = $XFORWARD;
}
if (preg_match("#(.+?):[0-9]+#", $WWW, $re)) {
$WWW = $re[1];
}
if (preg_match("#^www\\.(.+)#", $WWW, $re)) {
$WWW = $re[1];
}
if (!class_exists("squid_familysite")) {
include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc";
}
$fam = new squid_familysite();
$WWW = $fam->GetFamilySites($WWW);
$LOG_PREFIX = "{$WWW}";
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}: {$WWW_SRC}::GROUPID:{$gpid}; USERNAME:{$USERNAME};MAC:{$MAC}; IPADDR:{$IPADDR} [" . __LINE__ . "]");
}
LOADING_RULES($gpid);
if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEEK"])) {
$GLOBALS["ACL_RULES"][$gpid]["WEEK"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["HOUR"])) {
$GLOBALS["ACL_RULES"][$gpid]["HOUR"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["DAY"])) {
$GLOBALS["ACL_RULES"][$gpid]["DAY"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["MEMBER_HOUR"])) {
$GLOBALS["ACL_RULES"][$gpid]["MEMBER_HOUR"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["MEMBER_WEEK"])) {
$GLOBALS["ACL_RULES"][$gpid]["MEMBER_WEEK"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["MEMBER_DAY"])) {
$GLOBALS["ACL_RULES"][$gpid]["MEMBER_DAY"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"])) {
$GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_WEEK"])) {
$GLOBALS["ACL_RULES"][$gpid]["WEBSITE_WEEK"] = 0;
}
if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"])) {
$GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"] = 0;
}
$MaxPerDay = intval($GLOBALS["ACL_RULES"][$gpid]["DAY"]);
$MaxPerHour = intval($GLOBALS["ACL_RULES"][$gpid]["HOUR"]);
$MaxPerWeek = intval($GLOBALS["ACL_RULES"][$gpid]["WEEK"]);
$MEMBER_HOUR = intval($GLOBALS["ACL_RULES"][$gpid]["MEMBER_HOUR"]);
$MEMBER_DAY = intval($GLOBALS["ACL_RULES"][$gpid]["MEMBER_DAY"]);
$MEMBER_WEEK = intval($GLOBALS["ACL_RULES"][$gpid]["MEMBER_WEEK"]);
$WEBSITE_HOUR = intval($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"]);
$WEBSITE_DAY = intval($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_DAY"]);
$WEBSITE_WEEK = intval($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_WEEK"]);
if (CHECK_WEBSITE($WWW, $WEBSITE_HOUR, $WEBSITE_DAY, $WEBSITE_WEEK)) {
WLOG("{$LOG_PREFIX}: {$WWW} match size");
return true;
}
if (isset($GLOBALS["ACL_RULES"][$gpid]["CATEGORIES_HOUR"])) {
if (CHECK_CATEGORY_HOUR($WWW_SRC, $gpid)) {
WLOG("{$LOG_PREFIX}: {$WWW} Hourly Category match size");
return true;
}
} else {
WLOG("{$LOG_PREFIX}: {$gpid} CATEGORIES_HOUR not set");
}
if (isset($GLOBALS["ACL_RULES"][$gpid]["CATEGORIES_DAY"])) {
if (CHECK_CATEGORY_DAY($WWW_SRC, $gpid)) {
WLOG("{$LOG_PREFIX}: {$WWW} Daily Category match size");
return true;
}
}
if (isset($GLOBALS["ACL_RULES"][$gpid]["CATEGORIES_WEEK"])) {
if (CHECK_CATEGORY_WEEK($WWW_SRC, $gpid)) {
WLOG("{$LOG_PREFIX}: {$WWW} Weekly Category match size");
return true;
}
}
if ($USERNAME != null) {
$CHECK_USER = true;
if (CHECK_UID($WWW, "UID/{$USERNAME}", $MaxPerHour, $MaxPerDay, $MaxPerWeek)) {
WLOG("{$LOG_PREFIX}: {$USERNAME} {$WWW} match size");
return true;
}
if (CHECK_MEMBER("UID/{$USERNAME}", $MEMBER_HOUR, $MEMBER_DAY, $MEMBER_WEEK)) {
WLOG("{$LOG_PREFIX}: {$USERNAME} match size");
return true;
}
}
if (!$CHECK_USER) {
if ($MAC != null) {
$CHECK_USER = true;
if (CHECK_UID($WWW, "MAC/{$MAC}", $MaxPerHour, $MaxPerDay, $MaxPerWeek)) {
WLOG("{$LOG_PREFIX}: {$MAC} {$WWW} match size");
return true;
}
if (CHECK_MEMBER("UID/{$MAC}", $MEMBER_HOUR, $MEMBER_DAY, $MEMBER_WEEK)) {
WLOG("{$LOG_PREFIX}: {$USERNAME} match size");
return true;
}
}
}
if (!$CHECK_USER) {
if ($IPADDR != null) {
if (CHECK_UID($WWW, "IPADDR/{$IPADDR}", $MaxPerHour, $MaxPerDay, $MaxPerWeek)) {
WLOG("{$LOG_PREFIX}: {$IPADDR} {$WWW} match size");
return true;
}
if (CHECK_MEMBER("UID/{$IPADDR}", $MEMBER_HOUR, $MEMBER_DAY, $MEMBER_WEEK)) {
WLOG("{$LOG_PREFIX}: {$USERNAME} match size");
return true;
}
}
}
return false;
}
#!/usr/bin/php -q
<?php
$GLOBALS["DEBUG"] = false;
//ini_set('html_errors',0);ini_set('display_errors', 1);ini_set('error_reporting', E_ALL);ini_set('error_prepend_string','');ini_set('error_append_string','');
error_reporting(0);
include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php";
include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc";
include_once dirname(__FILE__) . "/framework/class.unix.inc";
$GLOBALS["MYPID"] = getmypid();
WLOG("Starting PID:{$GLOBALS["MYPID"]}");
$c = 0;
$DCOUNT = 0;
$fam = new squid_familysite();
while (!feof(STDIN)) {
$ARRAY = array();
$data = trim(fgets(STDIN));
if ($data == null) {
continue;
}
if (strpos($data, "cache_object://") > 0) {
fwrite(STDOUT, "ERR\n");
continue;
}
$result = false;
$tr = explode(" ", $data);
while (list($index, $value) = each($tr)) {
if ($index == 5) {
continue;
}
$tr[$index] = trim($value);
$tr[$index] = str_replace("%25", "", $tr[$index]);
function save()
{
$type = $_POST["object"];
if ($_POST["website"] != null) {
if (strpos($_POST["website"], "://")) {
$parse_url = parse_url($_POST["website"]);
$_POST["website"] = $parse_url["host"];
}
$fam = new squid_familysite();
$_POST["website"] = $fam->GetFamilySites($_POST["website"]);
}
if ($type == "src") {
$pattern = $_POST["ipaddr"];
}
if ($type == "dstdomain") {
$pattern = $_POST["website"];
}
if ($type == "dstdomainsrc") {
$pattern = "{$_POST["ipaddr"]}/{$_POST["website"]}";
}
$q = new mysql_squid_builder();
$q->QUERY_SQL("DELETE FROM webfilters_paranoid WHERE `pattern`='{$pattern}'");
$sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) \n\tVALUES ('{$pattern}','{$type}',NOW())";
$q->QUERY_SQL($sql);
if (!$q->ok) {
echo $q->mysql_error;
}
}
function SIZE_QUOTA($url)
{
if (trim($url) == null) {
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::URL is null [" . __LINE__ . "]");
return false;
}
}
if (strpos(" {$url}", "127.0.0.1 00:00:00:00:00:00") > 0) {
return false;
}
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::{$url} [" . __LINE__ . "]");
}
$values = explode(" ", $url);
$USERNAME = $values[0];
if (strpos($USERNAME, '$') > 0) {
if (substr($USERNAME, strlen($USERNAME) - 1, 1) == "\$") {
$USERNAME = null;
}
}
$IPADDR = $values[1];
$MAC = $values[2];
$XFORWARD = $values[3];
$WWW = $values[4];
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::USERNAME:{$USERNAME} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::IPADDR..:{$IPADDR} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::MAC.....:{$MAC} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::XFORWARD:{$XFORWARD} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG"]) {
WLOG("SIZE_QUOTA::WWW.....:{$WWW} [" . __LINE__ . "]");
}
$USERNAME = str_replace("%20", " ", $USERNAME);
$USERNAME = str_replace("%25", "-", $USERNAME);
$IPADDR = str_replace("%25", "-", $IPADDR);
$MAC = str_replace("%25", "-", $MAC);
$XFORWARD = str_replace("%25", "-", $XFORWARD);
if ($XFORWARD == "-") {
$XFORWARD = null;
}
if ($MAC == "00:00:00:00:00:00") {
$MAC = null;
}
if ($MAC == "-") {
$MAC = null;
}
if ($USERNAME == "-") {
$USERNAME = null;
}
$IPCalls = new IP();
if ($IPCalls->isIPAddress($XFORWARD)) {
$IPADDR = $XFORWARD;
}
if (preg_match("#(.+?):[0-9]+#", $WWW, $re)) {
$WWW = $re[1];
}
if (preg_match("#^www\\.(.+)#", $WWW, $re)) {
$WWW = $re[1];
}
if (!class_exists("squid_familysite")) {
include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc";
}
$fam = new squid_familysite();
$WWW = $fam->GetFamilySites($WWW);
if ($IPADDR != null) {
$keymd5 = md5("{$WWW}{$IPADDR}");
$LOG_PREFIX = "{$IPADDR}/{$WWW}";
}
if ($MAC != null) {
$keymd5 = md5("{$WWW}{$MAC}");
$LOG_PREFIX = "{$MAC}/{$WWW}";
}
if ($USERNAME != null) {
$keymd5 = md5("{$WWW}{$USERNAME}");
$LOG_PREFIX = "{$USERNAME}/{$WWW}";
}
$database_size_path = "/var/log/squid/" . date("YW") . "_QUOTASIZE.db";
if (!is_file($database_size_path)) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}:FATAL!!! {$database_size_path} doesn't exists");
}
return false;
}
$db_con = dba_open($database_size_path, "r", "db4");
if (!$db_con) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}:FATAL!!! SIZE_QUOTA::{$database_size_path}, unable to open");
}
return false;
}
if (!dba_exists($keymd5, $db_con)) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}:FATAL!!! SIZE_QUOTA::{$keymd5} doesn't exists");
}
return false;
}
$array = unserialize(dba_fetch($keymd5, $db_con));
dba_close($db_con);
$current_hour = 0;
$current_day = 0;
$current_week = 0;
if (isset($array["HOURLY"][date("d")][date("H")])) {
$current_hour = intval($array["HOURLY"][date("d")][date("H")]);
$current_hour = $current_hour / 1024;
$current_hour = $current_hour / 1024;
}
if (isset($array["DAILY"][date("d")])) {
$current_day = intval($array["DAILY"][date("d")]);
$current_day = $current_day / 1024;
$current_day = $current_day / 1024;
}
if (isset($array["WEEK"])) {
$current_week = intval($array["WEEK"]);
$current_week = $current_week / 1024;
$current_week = $current_week / 1024;
}
$rules_week = $GLOBALS["ACL_RULES"]["WEEK"];
$rules_hour = $GLOBALS["ACL_RULES"]["HOUR"];
$rules_day = $GLOBALS["ACL_RULES"]["DAY"];
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}:{$current_hour}MB/{$current_day}MB/{$current_week}MB - {$rules_hour}MB/{$rules_day}MB/{$rules_week}MB");
}
if ($rules_week > 0) {
if ($current_week > $rules_week) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}: WEEKLY: {$current_week}MB/{$rules_week}MB MACTHES --> OK");
}
return true;
}
}
if ($rules_day > 0) {
if ($current_day > $rules_day) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}: DAILY: {$current_day}MB/{$rules_day}MB MACTHES --> OK");
}
return true;
}
}
if ($rules_hour > 0) {
if ($current_hour > $rules_hour) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$LOG_PREFIX}:HOURLY: {$current_hour}MB/{$rules_hour}MB MACTHES --> OK");
}
return true;
}
}
return false;
}
function api_GetFamilySites($sitename)
{
if (isset($GLOBALS["GetFamilySites"][$sitename])) {
return $GLOBALS["GetFamilySites"][$sitename];
}
if (!class_exists("squid_familysite")) {
include_once dirname(__FILE__) . "/class.squid.familysites.inc";
}
$fam = new squid_familysite();
$GLOBALS["GetFamilySites"][$sitename] = $fam->GetFamilySites($sitename);
return $GLOBALS["GetFamilySites"][$sitename];
}
function categories_match($gpid, $sitname)
{
if (preg_match("#^www\\.(.+)#", $sitname, $re)) {
$sitname = $re[1];
}
if (preg_match("#^(.+):[0-9]+]#", $sitname, $re)) {
$sitname = $re[1];
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Analyze: Group: {$gpid} `{$sitname}`");
}
$categories_get_memory = categories_get_memory($gpid, $sitname);
if ($categories_get_memory != null) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Group: {$gpid} `{$sitname}` -> MEMORY: `{$categories_get_memory}` ");
}
if ($categories_get_memory == "UNKNOWN") {
return null;
}
return $categories_get_memory;
}
$q = new mysql_catz();
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Group: {$gpid} `{$sitname}` -> CATEGORY ?? [" . __LINE__ . "]");
}
$categoriF = $q->GET_CATEGORIES($sitname);
$trans = $q->TransArray();
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Group: {$gpid} `{$sitname}` -> category: `{$categoriF}` ");
}
if ($categoriF == null) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("squid_familysite()");
}
if (!class_exists("squid_familysite")) {
include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc";
}
$qF = new squid_familysite();
$familysite = $qF->GetFamilySites($sitname);
if ($familysite != $sitname) {
$categoriF = $q->GET_CATEGORIES($familysite);
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Group: {$gpid} `{$sitname}` -> {$familysite} -> category: `{$categoriF}` ");
}
}
}
if ($categoriF == null) {
categories_set_memory($gpid, $sitname, "UNKNOWN");
return null;
}
if (strpos($categoriF, ",") > 0) {
$categoriT = explode(",", $categoriF);
} else {
$categoriT[] = $categoriF;
}
while (list($a, $b) = each($categoriT)) {
$MAIN[$b] = true;
}
$filename = "/etc/squid3/acls/catz_gpid{$gpid}.acl";
$categories = unserialize(@file_get_contents($filename));
while (list($category_table, $category_rule) = each($categories)) {
$category_rule = urlencode($category_rule);
$categoryname = $trans[$category_table];
if (isset($MAIN[$categoryname])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("FOUND `{$categoryname}` -> `{$category_rule}` ");
}
categories_set_memory($gpid, $sitname, $category_rule);
return $category_rule;
}
}
categories_set_memory($gpid, $sitname, "UNKNOWN");
}
#!/usr/bin/php -q
<?php
$GLOBALS["DEBUG"] = false;
$GLOBALS["HERLPER_LOADED_BY_SQUID"] = true;
include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc";
include_once dirname(__FILE__) . "/ressources/class.mysql.catz.inc";
$GLOBALS["MYPID"] = getmypid();
WLOG("Starting PID:{$GLOBALS["MYPID"]}");
$GLOBALS["XVFERTSZ"] = XVFERTSZ();
$fam = new squid_familysite();
$q = new mysql_catz();
$DCOUNT = 0;
while (!feof(STDIN)) {
$Buffer = trim(fgets(STDIN));
if ($Buffer == null) {
if ($GLOBALS["DEBUG"]) {
WLOG("{$DCOUNT}] LOOP::URL `{$Buffer}` is null [" . __LINE__ . "]");
}
continue;
}
if ($GLOBALS["DEBUG"]) {
WLOG("{$DCOUNT}] LOOP::URL `{$Buffer}` [" . __LINE__ . "]");
}
$MAIN = explode(" ", $Buffer);
$prefix_channel = null;
// administrateur 192.168.1.177 3c:a9:f4:13:9b:90 - www.google.fr 57
if (is_numeric($MAIN[0])) {
$GLOBALS["CHANNEL"] = $MAIN[0];
$GLOBALS["DOMAIN"] = trim($MAIN[1]);
} else {
$GLOBALS["DOMAIN"] = trim($MAIN[0]);
function Paranoid($nopid = false)
{
$unix = new unix();
if (!$nopid) {
$mypid = getmypid();
if (isset($argv[1])) {
$argv = $argv[1];
}
$pids = $unix->PIDOF_PATTERN_ALL(basename(__FILE__) . ".*?{$argv}");
if (count($pids) > 1) {
while (list($num, $ligne) = each($pids)) {
$cmdline = @file_get_contents("/proc/{$num}/cmdline");
echo "Starting......: " . date("H:i:s") . " [SERV]: [{$mypid}] Already process PID {$num} {$cmdline} exists..\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: [{$mypid}] Running " . @file_get_contents("/proc/{$num}/cmdline") . "\n";
}
build_progress_paranoid("{already_process_exists_try_later}", 110);
die;
}
}
$ParanoidBlockerEmergency = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/ParanoidBlockerEmergency"));
$UfdbEnableParanoidMode = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/UfdbEnableParanoidMode"));
if ($ParanoidBlockerEmergency == 1) {
if (isInSquid()) {
build_progress_paranoid("{reconfigure}", 70);
$php = $unix->LOCATE_PHP5_BIN();
system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
}
build_progress_paranoid("{emergency}!!!", 110);
@unlink("/etc/squid3/paranoid.db");
return;
}
if ($UfdbEnableParanoidMode == 0) {
@unlink("/etc/squid3/paranoid.db");
if (isInSquid()) {
build_progress_paranoid("{reconfigure}", 70);
$php = $unix->LOCATE_PHP5_BIN();
system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
}
build_progress_paranoid("{disabled}!!!", 110);
return;
}
$sock = new sockets();
if ($sock->EnableUfdbGuard() == 0) {
build_progress_paranoid("{webfiltering} {disabled}!!!", 110);
@unlink("/etc/squid3/paranoid.db");
return;
}
build_progress_paranoid("{webfiltering} {enabled} OK", 25);
$ipClass = new IP();
$SquidFam = new squid_familysite();
$q = new mysql_squid_builder();
$ARRAY = array();
$results = $q->QUERY_SQL("SELECT pattern, object FROM webfilters_paranoid");
while ($ligne = mysql_fetch_assoc($results)) {
$ligne["pattern"] = trim(strtolower($ligne["pattern"]));
if ($ligne["pattern"] == null) {
continue;
}
build_progress_paranoid("{$ligne["pattern"]}", 50);
$ARRAY[$ligne["object"]][$ligne["pattern"]] = true;
}
$src = array();
$dstdomain = array();
if (isset($ARRAY["src"])) {
while (list($pattern, $xtrace) = each($ARRAY["src"])) {
if (!$ipClass->isValid($pattern)) {
continue;
}
$MAIN["IPSRC"][$pattern] = true;
}
}
if (isset($ARRAY["dstdomain"])) {
while (list($pattern, $xtrace) = each($ARRAY["dstdomain"])) {
$MAIN["DOMS"][$pattern] = true;
}
}
if (isset($ARRAY["dstdomainsrc"])) {
while (list($pattern, $xtrace) = each($ARRAY["dstdomainsrc"])) {
$fr = explode("/", $pattern);
if (!$ipClass->isValid($fr[0])) {
continue;
}
if ($fr[1] == null) {
continue;
}
$fr[1] = $SquidFam->GetFamilySites($fr[1]);
$MAIN["IPDOM"][trim($fr[0])][trim(strtolower($fr[1]))] = true;
}
}
if (!isInSquid()) {
build_progress_paranoid("{reconfigure}", 70);
$php = $unix->LOCATE_PHP5_BIN();
system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
}
if (!isInSquid()) {
build_progress_paranoid("{failed}", 110);
return;
}
build_progress_paranoid("{enabled} OK", 80);
if ($GLOBALS["RSQUID"]) {
$squidbin = $unix->LOCATE_SQUID_BIN();
shell_exec("{$squidbin} -k reconfigure");
}
@file_put_contents("/etc/squid3/paranoid.db", serialize($MAIN));
build_progress_paranoid("{done}", 100);
}
