$del = da_sql_escape_string($del); $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$login}';"); if (!$res) { echo "<b>Could not delete user {$del} from group: " . da_sql_error($link, $config) . "</b><br>\n"; } } } if ($new_members != '') { $Members = preg_split("/[\n\\s]+/", $new_members, -1, PREG_SPLIT_NO_EMPTY); if (!empty($Members)) { foreach ($Members as $new_member) { $new_member = da_sql_escape_string($new_member); $res = @da_sql_query($link, $config, "SELECT username FROM {$config['sql_usergroup_table']} WHERE\n\t\t\t\tusername = '******' AND groupname = '{$login}';"); if ($res) { if (@da_sql_num_rows($res, $config)) { echo "<b>User {$new_member} already is a member of the group</b><br>\n"; } else { $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\t\t\tVALUES ('{$login}','{$new_member}');"); if (!$res) { echo "<b>Error while adding user {$new_member} to group: " . da_sql_error($link, $config) . "</b><br>\n"; } } } else { echo "<b>Could not add new member {$new_member}: " . da_sql_error($link, $config) . "</b><br>\n"; } } } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
$lastlog_client_ip = $row['framedipaddress']; $lastlog_server_name = $lastlog_server_ip != '' ? @gethostbyaddr($lastlog_server_ip) : '-'; $lastlog_client_name = $lastlog_client_ip != '' ? @gethostbyaddr($lastlog_client_ip) : '-'; $lastlog_callerid = $row['callingstationid']; if ($lastlog_callerid == '') { $lastlog_callerid = 'not available'; } $lastlog_input = $row['acctinputoctets']; $lastlog_input = bytes2str($lastlog_input); $lastlog_output = $row['acctoutputoctets']; $lastlog_output = bytes2str($lastlog_output); } else { $not_known = 1; } } else { echo "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n"; } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; } $monthly_limit = is_numeric($monthly_limit) ? time2str($monthly_limit) : $monthly_limit; $weekly_limit = is_numeric($weekly_limit) ? time2str($weekly_limit) : $weekly_limit; $daily_limit = is_numeric($daily_limit) ? time2str($daily_limit) : $daily_limit; $session_limit = is_numeric($session_limit) ? time2str($session_limit) : $session_limit; $remaining = is_numeric($remaining) ? time2str($remaining) : $remaining; if ($item_vals['Dialup-Access'][0] == 'FALSE' || !isset($item_vals['Dialup-Access'][0]) && $attrmap['Dialup-Access'] != '' && $attrmap['Dialup-Access'] != 'none') { $msg = <<<EON <font color=red><b> The user account is locked </b></font> EON; } else {
$link = @da_sql_pconnect($config); if ($link) { if (isset($member_groups) && isset($edited_groups)) { $del_groups = array_diff($member_groups, $edited_groups); if (isset($del_groups)) { foreach ($del_groups as $del) { $del = da_sql_escape_string($del); $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$del}';"); if (!$res) { echo "<b>Could not delete user {$login} from group {$del}: " . da_sql_error($link, $config) . "</b><br>\n"; } else { echo "<b>User {$login} deleted from group {$del}</b><br>\n"; } } } $new_groups = array_diff($edited_groups, $member_groups); if (isset($new_groups)) { foreach ($new_groups as $new) { $new = da_sql_escape_string($new); $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\tVALUES ('{$new}','{$login}');"); if (!$res) { echo "<b>Error while adding user {$login} to group {$login}: " . da_sql_error($link, $config) . "</b><br>\n"; } else { echo "<b>User {$login} added to group {$new}</b><br>\n"; } } } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
case 'change_nas': if ($nassecret == '' || $nasshortname == '') { $msg = "<b>Error. Required fields are not set</b><br>\n"; } else { $nasshortname = da_sql_escape_string($nasshortname); $nastype = da_sql_escape_string($nastype); $nasportnum = da_sql_escape_string($nasportnum); $nassecret = da_sql_escape_string($nassecret); $nascommunity = da_sql_escape_string($nascommunity); $nasdescription = da_sql_escape_string($nasdescription); $nasname = da_sql_escape_string($nasname); $res = @da_sql_query($link, $config, "UPDATE {$config['sql_nas_table']} SET\n\t\t\t\t\tshortname = '{$nasshortname}',\n\t\t\t\t\ttype = '{$nastype}',\n\t\t\t\t\tports = '{$nasportnum}',\n\t\t\t\t\tsecret = '{$nassecret}',\n\t\t\t\t\tcommunity = '{$nascommunity}',\n\t\t\t\t\tdescription = '{$nasdescription}' WHERE nasname = '{$nasname}';"); if ($res) { $msg = "<b>NAS '{$nasname}' was updated successfully</b><br>\n"; } else { $msg = "<b>Error updating NAS '{$selected_nas}' " . da_sql_error($link, $config) . "</b><br>\n"; } } break; } } $search = @da_sql_query($link, $config, "SELECT * FROM {$config['sql_nas_table']} ORDER BY nasname;"); if ($search) { $num = 0; unset($my_nas_list); while ($row = @da_sql_fetch_array($search, $config)) { $my_nas_name = $row['nasname']; if ($my_nas_name != '') { $num++; $my_nas_list[$my_nas_name]['name'] = $my_nas_name; $my_nas_list[$my_nas_name]['shortname'] = $row['shortname'];
<?php if (is_file("../lib/sql/drivers/{$config['sql_type']}/functions.php")) { include_once "../lib/sql/drivers/{$config['sql_type']}/functions.php"; } else { echo "<b>Could not include SQL library</b><br>\n"; exit; } $link = @da_sql_pconnect($config); if ($link) { $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_groupreply_table']} WHERE groupname = '{$login}';"); if ($res) { $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_groupcheck_table']} WHERE groupname = '{$login}';"); if ($res) { $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE groupname = '{$login}';"); if ($res) { echo "<b>Group {$login} deleted successfully</b><br>\n"; } else { echo "<b>Error deleting group {$login} from usergroup table: " . da_sql_error($link, $config) . "</b><br>\n"; } } else { echo "<b>Error deleting group {$login} from group check table: " . da_sql_error($link, $config) . "</b><br>\n"; } } else { echo "<b>Error deleting group {$login} from group reply table: " . da_sql_error($link, $config) . "</b><br>\n"; } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
} $date = date($config[sql_full_date_format]); $lockmsg_name = $attrmap['Dialup-Lock-Msg'] . '0'; $msg = ${$lockmsg_name}; $admin = '-'; if ($_SERVER["PHP_AUTH_USER"] != '') { $admin = $_SERVER["PHP_AUTH_USER"]; } if ($msg == '') { echo "<b>Lock Message should not be empty</b><br>\n"; } else { $sql_servers = array(); if ($config[sql_extra_servers] != '') { $sql_servers = explode(' ', $config[sql_extra_servers]); } $sql_servers[] = $config[sql_server]; foreach ($sql_servers as $server) { $link = @da_sql_host_connect($server, $config); if ($link) { $r = da_sql_query($link, $config, "INSERT INTO {$config['sql_badusers_table']} (username,incidentdate,admin,reason)\n\t\t\tVALUES ('{$login}','{$date}','{$admin}','{$msg}');"); if (!$r) { echo "<b>SQL Error:" . da_sql_error($link, $config) . "</b><br>\n"; } else { echo "<b>User added to badusers table</b><br>\n"; } da_sql_close($link, $config); } else { echo "<b>SQL Error: Could not connect to SQL database: {$server}</b><br>\n"; } } }
$text3 = ''; } $link = @da_sql_pconnect($config); if ($link) { if (is_file("../lib/crypt/{$config['general_encryption_method']}.php")) { include "../lib/crypt/{$config['general_encryption_method']}.php"; $passwd = da_encrypt($passwd); $passwd = da_sql_escape_string($passwd); $res = @da_sql_query($link, $config, "SELECT value FROM {$config['sql_check_table']} WHERE username = '******'\n\t\t\tAND attribute = '{$config['sql_password_attribute']}';"); if ($res) { $row = @da_sql_fetch_array($res, $config); if ($row) { $res = @da_sql_query($link, $config, "UPDATE {$config['sql_check_table']} SET value = '{$passwd}' {$text3} WHERE\n\t\t\t\tattribute = '{$config['sql_password_attribute']}' AND username = '******';"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Error while changing password: "******"</b><br>\n"; } } else { $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_check_table']} (attribute,value,username {$text1})\n\t\t\t\t\tVALUES ('{$config['sql_password_attribute']}','{$passwd}','{$login}' {$text2});"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Error while changing password: "******"</b><br>\n"; } } } else { echo "<b>Error while executing query: " . da_sql_error($link, $config) . "</b><br>\n"; } } else { echo "<b>Could not open encryption library file</b><br>\n"; } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
} else { if ($attr_type["{$key}"] == 'replyItem') { $table = "{$config['sql_groupreply_table']}"; $type = 2; } } $val = ${$attrmap}["{$key}"]; $val = da_sql_escape_string($val); $op_name = $attrmap["{$key}"] . '_op'; $op_val = ${$op_name}; if ($op_val != '') { $op_val = da_sql_escape_string($op_val); if (check_operator($op_val, $type) == -1) { echo "<b>Invalid operator ({$op_val}) for attribute {$key}</b><br>\n"; coninue; } $op_val2 = ",'{$op_val}'"; } if ($val == '' || check_defaults($val, $op_val, $default_vals["{$key}"])) { continue; } $res = @da_sql_query($link, $config, "INSERT INTO {$table} (attribute,value,groupname {$text})\n\t\t\tVALUES ('{$attrmap[$key]}','{$val}','{$login}' {$op_val2});"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Query failed for attribute {$key}: " . da_sql_error($link, $config) . "</b><br>\n"; } } echo "<b>Group created successfully</b><br>\n"; } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }
$Fmail = da_sql_escape_string($Fmail); $Fou = da_sql_escape_string($Fou); $Ftelephonenumber = da_sql_escape_string($Ftelephonenumber); $Fhomephone = da_sql_escape_string($Fhomephone); $Fmobile = da_sql_escape_string($Fmobile); if (!@da_sql_num_rows($res, $config)) { $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_user_info_table']}\n\t\t\t\t(username,name,mail,department,homephone,workphone,mobile) VALUES\n\t\t\t\t('{$login}','{$Fcn}','{$Fmail}','{$Fou}','{$Ftelephonenumber}','{$Fhomephone}','{$Fmobile}');"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Could not add user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n"; $fail = 1; } } else { $res = @da_sql_query($link, $config, "UPDATE {$config['sql_user_info_table']} SET name = '{$Fcn}',Mail = '{$Fmail}',\n\t\t\t\tdepartment = '{$Fou}', homephone = '{$Fhomephone}', workphone = '{$Ftelephonenumber}',\n\t\t\t\tmobile = '{$Fmobile}' WHERE username = '******';"); if (!$res || !@da_sql_affected_rows($link, $res, $config)) { echo "<b>Could not update user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n"; $fail = 1; } } } else { echo "<b>Could not find user in user info table: " . da_sql_error($link, $config) . "</b><br>\n"; $fail = 1; } if ($fail == 0) { echo "<b>User information updated successfully</b><br>\n"; } } else { echo "<b>Cannot use the user info table. Check the sql_use_user_info_table directive in admin.conf</b><br>\n"; } } else { echo "<b>Could not connect to SQL database</b><br>\n"; }