#!/usr/bin/perl 
# revision 23.12.01 aospan
# e-mail:aospan@netup.ru
# Copyright (c) 2001 NetUP Systems <info@netup.ru>. All rights reserved.
#

require 5.003;
use DBI();
use CGI;
use Env;
use CGI::FastTemplate;

require "/netup/utm/bin/utm_func.pm";


# INITIALIZE VARIABLES
# START INITIALIZATION: VARIABLES AND SOME OTHER
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);

# OBTAIN VARIABLES FROM utm.cfg
if (config()) {
  print "Error occured when utm.cfg processing! Stopped. \n"; exit (1);
};


# Connect to the database
if ($database_type eq "mysql") {
  $DBI_data="DBI:$database_type:database=$database;host=$base_host";
} elsif ($database_type eq "Pg") {
  $DBI_data="DBI:$database_type:dbname=$database";
} else {
  print "Unknown database $database_type! Stopped. \n";
  exit (1);
};
$dbh = DBI->connect("$DBI_data","$database_login","$database_password",{'RaiseError' => 1});


# PREPARE templates to USE
my $tpl = new CGI::FastTemplate("$template_path");
$tpl->define(     aaa_login     => "$lang\_aaa_login.tpl",
                  aaa_ok_admin     => "$lang\_aaa_ok_admin.tpl",
                  aaa_ok_user     => "$lang\_aaa_ok_user.tpl",
                  aaa_notok     => "$lang\_aaa_notok.tpl",
                  login     => "aaa_login.tpl",
                  ok_admin     => "aaa_ok_admin.tpl",
                  ok_user     => "aaa_ok_user.tpl",
            );


# OBTAIN VARIABLES FROM dict
if (dict()) {
  print "Error occured when dict processing! Stopped. \n"; exit (1);
};

$aaa_pl = "aaa";
$users_pl = "users";
$stat_pl = "stat";
$time = time;
$query = new CGI;
$cmd = $query->param('cmd');
print "Content-Type: text/html\n\n";
print "<br>";

if ($cmd eq "user_verify") {
     user_verify();
} elsif ($cmd eq "sid_generate") {
     sid();
} else {
    $tpl->assign(TITLE => "$LOGIN_TO_UTM");
    $tpl->assign(LOGIN_TO_UTM => "$LOGIN_TO_UTM");
    $tpl->assign(LOGIN_M => "$LOGIN_M");
    $tpl->assign(PASSWORD_M => "$PASSWORD_M");
    $tpl->assign(LOGIN_BUTTON => "$LOGIN_BUTTON");
    $tpl->assign(AAA_PL => "$aaa_pl");
    $tpl->parse(ROWS => ["login"]);
    $tpl->print()
};

# VERIFY USER LOGIN, PASSWORD, IP 
sub user_verify {
  $login = $query->param('login');
  my $password = $query->param('password');
  $crypted_password = crypt($password,$password);
  $sth = $dbh->prepare("SELECT * FROM users WHERE login=\"$login\"");
  $sth->execute();
  while (my $ips = $sth->fetchrow_hashref()) {
    $ip = $ips->{'ip'};
    $ip_type = $ips->{'ip_type'};

    if ($ips->{'password'} ne $crypted_password) {
      print "Auth Error!"; 
      write_event("Password incorrect:$password. IP:$REMOTE_ADDR. Login:$login","auth","system");
      return (1); 
      exit (1);
    };

    if ($ips->{'ip'} ne $REMOTE_ADDR && $ip_type ne "1") {
      print "Auth Error!"; 
      write_event("IP:$REMOTE_ADDR not much for login:$login","auth","system");
      return (1); 
      exit (1);
    };
  };
  $sth->finish();

  if ($ip eq "") {
    print "Auth Error!"; 
    write_event("login:$login not have IP","auth","system");
    exit (1);
  };


  # END VERIFY USER LOGIN, PASSWORD, IP
  #
  # OBTAIN privelege level (!!!!)
  #
  $sth = $dbh->prepare("SELECT * FROM users WHERE login=\"$login\"");
  $sth->execute();

  while (my $ips = $sth->fetchrow_hashref()) {
    $priv_level = $ips->{'priv_level'};
    $sys_message = $ips->{'sys_message'};
  };
  $sth->finish();

  # END OBTAIN privelege level (!!!!)


  # OBTAIN LAST SESSION DATE
  $time_last_session = 0;
  $sth = $dbh->prepare("SELECT max(id) AS mid FROM sessions WHERE login=\"$login\"");
  $sth->execute();
  while (my $ips = $sth->fetchrow_hashref()) {
    $mid = $ips->{'mid'};
  };
  $sth->finish();

  $sth = $dbh->prepare("SELECT date FROM sessions WHERE id=\"$mid\"");
  $sth->execute();
  while (my $ips = $sth->fetchrow_hashref()) {
    $time_last_session = $ips->{'date'};
  };
  $sth->finish();

  $s_id = sid_generate();
  $time = time;
  $dbh->do("INSERT INTO sessions VALUES (NULL, \"$login\", \"$REMOTE_ADDR\", \"$time\", \"$s_id\", NULL, NULL)");
  $dbh->disconnect();

  # END OBTAIN LAST SESSION DATE
  #
  # GOTO START PAGE (depend on priv_level (!!!!))
  #
  if ($time_last_session ne 0) {
    $normal_last_session = localtime($time_last_session);
  }else {
     $normal_last_session = "never"
   };

  $tpl->assign(TITLE => "UTM:$login");
  $tpl->assign(STAT_PL => "$stat_pl");
  $tpl->assign(USERS_PL => "$users_pl");
  $tpl->assign(SID => "$s_id");
  $tpl->assign(LAST_LOGIN => "$normal_last_session");
  $refresh_time=3;
  if ($sys_message ne ""){
    $tpl->assign(SYS_MESSAGE => "$sys_message");
    $refresh_time=30;
  }else {
     $tpl->assign(SYS_MESSAGE => "");
   };

  $tpl->assign(AUTH_SUCCESS => "$AUTH_SUCCESS");
  $tpl->assign(LLOGIN_MESSAGE => "$LLOGIN_MESSAGE");
  $tpl->assign(ENTER_TO_AAREA => "$ENTER_TO_AAREA");
  $tpl->assign(ENTER_TO_UAREA => "$ENTER_TO_UAREA");

  if ($priv_level eq 0) {
    $tpl->assign(REFRESH_TIME => "$refresh_time");
    $tpl->parse(ROWS => ["ok_user"]);
    $tpl->print();
    exit (0);
  };

  if ($priv_level eq 1) {
    $tpl->assign(REFRESH_TIME => "30");
    $tpl->parse(ROWS => ["ok_admin"]);
    $tpl->print();
    exit (0);
  };

};

# SESSION ID (SID) GENERATE
sub sid_generate { 
  @chars = ( "A" .. "Z", "a" .. "z", 0 .. 9);
  $s_id = join("", @chars[ map { rand @chars } (1 .. 28) ]);
return $s_id;
};
# END SESSION ID (SID) GENERATE