#!/usr/bin/perl # revision 23.12.01 aospan # e-mail:aospan@netup.ru # Copyright (c) 2001 NetUP Systems . All rights reserved. # require 5.003; use DBI(); use CGI; use Env; use CGI::FastTemplate; require "/netup/utm/bin/utm_func.pm"; # INITIALIZE VARIABLES # START INITIALIZATION: VARIABLES AND SOME OTHER ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time); # OBTAIN VARIABLES FROM utm.cfg if (config()) { print "Error occured when utm.cfg processing! Stopped. \n"; exit (1); }; # Connect to the database if ($database_type eq "mysql") { $DBI_data="DBI:$database_type:database=$database;host=$base_host"; } elsif ($database_type eq "Pg") { $DBI_data="DBI:$database_type:dbname=$database"; } else { print "Unknown database $database_type! Stopped. \n"; exit (1); }; $dbh = DBI->connect("$DBI_data","$database_login","$database_password",{'RaiseError' => 1}); # PREPARE templates to USE my $tpl = new CGI::FastTemplate("$template_path"); $tpl->define( aaa_login => "$lang\_aaa_login.tpl", aaa_ok_admin => "$lang\_aaa_ok_admin.tpl", aaa_ok_user => "$lang\_aaa_ok_user.tpl", aaa_notok => "$lang\_aaa_notok.tpl", login => "aaa_login.tpl", ok_admin => "aaa_ok_admin.tpl", ok_user => "aaa_ok_user.tpl", ); # OBTAIN VARIABLES FROM dict if (dict()) { print "Error occured when dict processing! Stopped. \n"; exit (1); }; $aaa_pl = "aaa"; $users_pl = "users"; $stat_pl = "stat"; $time = time; $query = new CGI; $cmd = $query->param('cmd'); print "Content-Type: text/html\n\n"; print "
"; if ($cmd eq "user_verify") { user_verify(); } elsif ($cmd eq "sid_generate") { sid(); } else { $tpl->assign(TITLE => "$LOGIN_TO_UTM"); $tpl->assign(LOGIN_TO_UTM => "$LOGIN_TO_UTM"); $tpl->assign(LOGIN_M => "$LOGIN_M"); $tpl->assign(PASSWORD_M => "$PASSWORD_M"); $tpl->assign(LOGIN_BUTTON => "$LOGIN_BUTTON"); $tpl->assign(AAA_PL => "$aaa_pl"); $tpl->parse(ROWS => ["login"]); $tpl->print() }; # VERIFY USER LOGIN, PASSWORD, IP sub user_verify { $login = $query->param('login'); my $password = $query->param('password'); $crypted_password = crypt($password,$password); $sth = $dbh->prepare("SELECT * FROM users WHERE login=\"$login\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $ip = $ips->{'ip'}; $ip_type = $ips->{'ip_type'}; if ($ips->{'password'} ne $crypted_password) { print "Auth Error!"; write_event("Password incorrect:$password. IP:$REMOTE_ADDR. Login:$login","auth","system"); return (1); exit (1); }; if ($ips->{'ip'} ne $REMOTE_ADDR && $ip_type ne "1") { print "Auth Error!"; write_event("IP:$REMOTE_ADDR not much for login:$login","auth","system"); return (1); exit (1); }; }; $sth->finish(); if ($ip eq "") { print "Auth Error!"; write_event("login:$login not have IP","auth","system"); exit (1); }; # END VERIFY USER LOGIN, PASSWORD, IP # # OBTAIN privelege level (!!!!) # $sth = $dbh->prepare("SELECT * FROM users WHERE login=\"$login\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $priv_level = $ips->{'priv_level'}; $sys_message = $ips->{'sys_message'}; }; $sth->finish(); # END OBTAIN privelege level (!!!!) # OBTAIN LAST SESSION DATE $time_last_session = 0; $sth = $dbh->prepare("SELECT max(id) AS mid FROM sessions WHERE login=\"$login\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $mid = $ips->{'mid'}; }; $sth->finish(); $sth = $dbh->prepare("SELECT date FROM sessions WHERE id=\"$mid\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $time_last_session = $ips->{'date'}; }; $sth->finish(); $s_id = sid_generate(); $time = time; $dbh->do("INSERT INTO sessions VALUES (NULL, \"$login\", \"$REMOTE_ADDR\", \"$time\", \"$s_id\", NULL, NULL)"); $dbh->disconnect(); # END OBTAIN LAST SESSION DATE # # GOTO START PAGE (depend on priv_level (!!!!)) # if ($time_last_session ne 0) { $normal_last_session = localtime($time_last_session); }else { $normal_last_session = "never" }; $tpl->assign(TITLE => "UTM:$login"); $tpl->assign(STAT_PL => "$stat_pl"); $tpl->assign(USERS_PL => "$users_pl"); $tpl->assign(SID => "$s_id"); $tpl->assign(LAST_LOGIN => "$normal_last_session"); $refresh_time=3; if ($sys_message ne ""){ $tpl->assign(SYS_MESSAGE => "$sys_message"); $refresh_time=30; }else { $tpl->assign(SYS_MESSAGE => ""); }; $tpl->assign(AUTH_SUCCESS => "$AUTH_SUCCESS"); $tpl->assign(LLOGIN_MESSAGE => "$LLOGIN_MESSAGE"); $tpl->assign(ENTER_TO_AAREA => "$ENTER_TO_AAREA"); $tpl->assign(ENTER_TO_UAREA => "$ENTER_TO_UAREA"); if ($priv_level eq 0) { $tpl->assign(REFRESH_TIME => "$refresh_time"); $tpl->parse(ROWS => ["ok_user"]); $tpl->print(); exit (0); }; if ($priv_level eq 1) { $tpl->assign(REFRESH_TIME => "30"); $tpl->parse(ROWS => ["ok_admin"]); $tpl->print(); exit (0); }; }; # SESSION ID (SID) GENERATE sub sid_generate { @chars = ( "A" .. "Z", "a" .. "z", 0 .. 9); $s_id = join("", @chars[ map { rand @chars } (1 .. 28) ]); return $s_id; }; # END SESSION ID (SID) GENERATE