#!/usr/bin/perl # revision 23.12.01 aospan # e-mail:aospan@netup.ru # Copyright (c) 2001 NetUP Systems . All rights reserved. # require 5.003; use Time::Local; use CGI::FastTemplate; use DBI(); use CGI; use Env; require "/netup/utm/bin/utm_func.pm"; # INITIALIZE VARIABLES # START INITIALIZATION: VARIABLES AND SOME OTHER ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time); # OBTAIN VARIABLES FROM utm.cfg if (config()) { print "Error occured when utm.cfg processing! Stopped. \n"; exit (1); }; # Connect to the database if ($database_type eq "mysql") { $DBI_data="DBI:$database_type:database=$database;host=$base_host"; } elsif ($database_type eq "Pg") { $DBI_data="DBI:$database_type:dbname=$database"; } else { print "Unknown database $database_type! Stopped. \n"; exit (1); }; $dbh = DBI->connect("$DBI_data","$database_login","$database_password",{'RaiseError' => 1}); $aaa_pl = "aaa"; $users_pl = "users"; $stat_pl = "stat"; $time = time; ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime($time); $month = $mon + 1; $query = new CGI; $cmd = $query->param('cmd'); print "Content-Type: text/html\n\n"; # OBTAIN VARIABLES FROM dict if (dict()) { print "Error occured when dict processing! Stopped. \n"; exit (1); }; # PREPARE templates to USE my $tpl = new CGI::FastTemplate("$template_path"); $tpl->define( stat_on => "stat_on.tpl", stat_off => "stat_off.tpl", stat_on_result => "stat_on_result.tpl", stat_off_result => "stat_off_result.tpl", stat_password => "stat_password.tpl", stat_password_change => "stat_password_change.tpl", stat_settings => "stat_settings.tpl", stat_report => "stat_report.tpl", stat_report_full => "stat_report_full.tpl", stat_help => "stat_help.tpl", stat_menu => "stat_menu.tpl", stat_bye => "stat_bye.tpl", stat_payments => "stat_payments.tpl", stat_payments_table => "stat_payments_table.tpl", stat_payments_row => "stat_payments_row.tpl", ); $tpl->assign(TITLE => "UTM:$login"); if ($cmd eq "change_pas_form") { change_pas_form(); } elsif ($cmd eq "change_pas") { change_pas(); } elsif ($cmd eq "onoff_form") { onoff_form(); } elsif ($cmd eq "onoff") { onoff(); } elsif ($cmd eq "user_report") { user_report(); } elsif ($cmd eq "user_report_detailed") { user_report_detailed(); } elsif ($cmd eq "payments_log") { payments_log(); } elsif ($cmd eq "frames") { frames(); } elsif ($cmd eq "display_menu") { display_menu(); } elsif ($cmd eq "settings") { settings(); } elsif ($cmd eq "change_lang") { change_lang(); } elsif ($cmd eq "help") { help(); } elsif ($cmd eq "bye") { bye(); } elsif ($cmd eq "bye_message") { bye_message(); } else { print "

Who are you, baby? Who? Hacker ? He-he ...


"; exit(0); }; # # VERIFY SID (depend on sessions table) AND RETURN CODE (0 - succsessfull) # sub sid_verify { #OBTAIN DATE OF LAST USER ACTIVITY $sth = $dbh->prepare("SELECT MAX(date) as max_date FROM sessions WHERE ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $max_date = $ips->{'max_date'}; }; $sth->finish(); $time = time; $timeout = $time - $max_date; #VERIFY S_ID $verify_result = 1; $sth = $dbh->prepare("SELECT * FROM sessions WHERE s_id=\"$s_id\" AND date>=\"$max_date\" AND ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $verify_result = 0; }; $sth->finish(); if ($verify_result eq 1) {return (1)}; if ($timeout >= $user_session_timeout) { print "user_session_timeout:$user_session_timeout
"; print "Session closed! Timeout."; $dbh->do("UPDATE sessions SET s_id=\"0\" where s_id=\"$s_id\""); print " "; }; # UPDATE UTM.sessions $time = time; $dbh->do("UPDATE sessions SET date=\"$time\" WHERE s_id = \"$s_id\""); return (0); }; sub frames { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; print "UTM Client ver. 2.0"; print ""; print ""; print ""; print ""; print ""; } sub display_menu { $s_id = $query->param('sid'); if (sid_verify() ne 0){ exit(0) }; # TEXT VARIABLE ASSIGN $tpl->assign(ONOFF_MESSAGE => "$ONOFF_MESSAGE"); $tpl->assign(CH_PASSWORD_MESSAGE => "$CH_PASSWORD_MESSAGE"); $tpl->assign(REPORT_MESSAGE => "$REPORT_MESSAGE"); $tpl->assign(PAYMENTS_REP_M => "$PAYMENTS_REP_M"); $tpl->assign(SETTINGS_M => "$SETTINGS_M"); $tpl->assign(HELP_M => "$HELP_M"); $tpl->assign(EXIT_M => "$EXIT_M"); $tpl->assign(SID => "$s_id"); $tpl->assign(STAT_PL => "$stat_pl"); $tpl->parse(ROWS => ["stat_menu"]); $tpl->print(); } sub change_pas_form { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; $tpl->assign(SID => "$s_id"); $tpl->assign(STAT_PL => "$stat_pl"); $tpl->assign(CH_PASSWORD_MESSAGE => "$CH_PASSWORD_MESSAGE"); $tpl->assign(LOGIN_M => "$LOGIN_M"); $tpl->assign(OLD_PASSWORD => "$OLD_PASSWORD"); $tpl->assign(NEW_PASSWORD => "$NEW_PASSWORD"); $tpl->assign(RET_NEW_PASSWORD => "$RET_NEW_PASSWORD"); $tpl->assign(CHANGE_BUTTON => "$CHANGE_BUTTON"); $tpl->parse(ROWS => ["stat_password"]); $tpl->print(); }; sub payments_log { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; $sth = $dbh->prepare("SELECT login FROM users WHERE ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $login = "$ips->{'login'}"; }; $sth->finish(); $tpl->assign(ROWS => ""); $sth = $dbh->prepare("SELECT login,date,qnt FROM bills_history WHERE login=\"$login\" ORDER BY date DESC"); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $norm_date = localtime ($ips->{'date'}); $tpl->assign( LOGIN => "$ips->{'login'}", DATE => "$norm_date", QNT => "$ips->{'qnt'}"); $tpl->parse(ROWS => ".stat_payments_row"); }; $sth->finish(); $dbh->disconnect(); $tpl->assign(PAYMENTS_REP_M => "$PAYMENTS_REP_M"); $tpl->assign(LOGIN_M => "$LOGIN_M"); $tpl->assign(PAYMENT_DATE_M => "$PAYMENT_DATE_M"); $tpl->assign(PAYMENT_QNT_M => "$PAYMENT_QNT_M"); $tpl->assign(SID => "$s_id"); $tpl->assign(STAT_PL => "$stat_pl"); $tpl->parse(TABLE => ["stat_payments_table", "stat_payments"]); $tpl->print(); exit (0); }; sub change_pas { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; my $login = $query->param('login'); my $old_pas = $query->param('old_password'); my $pas1 = $query->param('password1'); my $pas2 = $query->param('password2'); $crypted_password=crypt($old_pas,$old_pas); # TEXT VARIABLE ASSIGN $tpl->assign(ONOFF_MESSAGE => "$ONOFF_MESSAGE"); $sth = $dbh->prepare("SELECT password FROM users WHERE login=\"$login\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $login_exist="yes"; if ($ips->{'password'} ne $crypted_password) { $tpl->assign(CH_PASSWORD_STAT_M => "Old password incorrect! Go back and try again!"); exit (0); }; }; $sth->finish(); if ($login_exist ne "yes"){ $tpl->assign(CH_PASSWORD_STAT_M => "No such login !"); exit (0); }; if ($pas1 ne $pas2){ $tpl->assign(CH_PASSWORD_STAT_M => "$CH_PASSWORD_MISMATCH_M"); exit(0) }; $crypted_password=crypt($pas1,$pas1); $dbh->do("UPDATE users SET password=\"$crypted_password\" WHERE login=\"$login\""); $tpl->assign(CH_PASSWORD_STAT_M => "$CH_PASSWORD_OK_M"); $dbh->disconnect(); }; sub onoff_form { $s_id = $query->param('sid'); if (sid_verify() ne 0){ exit(0) }; $sth = $dbh->prepare("SELECT * FROM users WHERE ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $id = $ips->{'id'}; $login = $ips->{'login'}; }; $sth->finish(); $inet_stat=firewall("check","$login","$REMOTE_ADDR"); $tpl->assign(SID => "$s_id"); if ($inet_stat ne "on") { $tpl->assign(ONOFF_MESSAGE => "$ONOFF_MESSAGE"); $tpl->assign(INTERNET_IS_OFF => "$INTERNET_IS_OFF"); $tpl->assign(ENABLE_BUTTON => "$ENABLE_BUTTON"); $tpl->parse(ROWS => ["stat_on"]); $tpl->print(); }else { $tpl->assign(ONOFF_MESSAGE => "$ONOFF_MESSAGE"); $tpl->assign(INTERNET_IS_ON => "$INTERNET_IS_ON"); $tpl->assign(DISABLE_BUTTON => "$DISABLE_BUTTON"); $tpl->parse(ROWS => ["stat_off"]); $tpl->print(); }; $dbh->disconnect(); }; sub onoff { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; my $ineton = $query->param('ineton'); $sth = $dbh->prepare("SELECT * FROM users WHERE ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $id = $ips->{'id'}; $login = $ips->{'login'}; $block = $ips->{'block'}; $ip_type = $ips->{'ip_type'}; }; $sth->finish(); $rule = 1000 + $id; if ($ineton eq "on" && $block eq "0") { $tpl->assign(ON_RESULT_MESSAGE => "$ON_RESULT_MESSAGE"); $tpl->assign(ON_RESULT => "$ON_RESULT"); firewall("on","$login","$REMOTE_ADDR"); # INSERT ip INTO used_ips $dbh->do("INSERT INTO used_ips VALUES (\"$login\", \"$REMOTE_ADDR\")"); $tpl->parse(ROWS => ["stat_on_result"]); $tpl->print(); } else { $tpl->assign(OFF_RESULT_MESSAGE => "$OFF_RESULT_MESSAGE"); $tpl->assign(OFF_RESULT => "$OFF_RESULT"); firewall("off","$login","$REMOTE_ADDR"); # DELETE FROM used_ips AND update traffic $dbh->do("DELETE from used_ips where login=\"$login\""); # END DELETE AND UPDATE traffic $tpl->parse(ROWS => ["stat_off_result"]); $tpl->print(); }; $dbh->disconnect(); }; sub user_report { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; $sth = $dbh->prepare("SELECT * FROM users WHERE ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $login = $ips->{'login'}; $full_name = $ips->{'full_name'}; $ip = $ips->{'ip'}; $bill = $ips->{'bill'}; $price = $ips->{'price'}; $credit = $ips->{'credit'}; $block = $ips->{'block'}; $reg_date = $ips->{'reg_date'}; $bytes_from = $ips->{'bytes_from'}; $bytes_to = $ips->{'bytes_to'}; $ftime = $ips->{'ftime'}; $ltime = $ips->{'ltime'}; }; $sth->finish(); $norm_last_session = localtime(last_session()); $tpl->assign(LOGIN => "$login"); $tpl->assign(FULL_NAME => "$full_name"); $tpl->assign(IP => "$ip"); $tpl->assign(BALANCE => "$bill"); $tpl->assign(MBYTE_PRICE => "$price"); $tpl->assign(LAST_LOGIN => "$norm_last_session"); # TEXT VARIABLE ASSIGN $tpl->assign(REPORT_MESSAGE => "$REPORT_MESSAGE"); $tpl->assign(LOGIN_M => "$LOGIN_M"); $tpl->assign(FULL_NAME_M => "$FULL_NAME_M"); $tpl->assign(IP_M => "$IP_M"); $tpl->assign(BALANCE_M => "$BALANCE_M"); $tpl->assign(PRICE_M => "$PRICE_M"); $tpl->assign(ACCOUNT_STAT_M => "$ACCOUNT_STAT_M"); $tpl->assign(TR_REPORT_M => "$TR_REPORT_M"); $tpl->assign(FROM_REGDATE_M => "$FROM_REGDATE_M"); $tpl->assign(TO_M => "$TO_M"); $tpl->assign(FROM_M => "$FROM_M"); $tpl->assign(MBYTES_M => "$MBYTES_M"); $tpl->assign(PRICE_TO_FROM_M => "$PRICE_TO_FROM_M"); $tpl->assign(MBYTES_TOTAL_M=> "$MBYTES_TOTAL_M"); $tpl->assign(PRICE_TOTAL_M => "$PRICE_TOTAL_M"); $tpl->assign(REPORT_PERIOD_REQ_M => "$REPORT_PERIOD_REQ_M"); $tpl->assign(PERIOD_FORMAT_M => "$PERIOD_FORMAT_M"); $tpl->assign(REPORT_BUTTON_M => "$REPORT_BUTTON_M"); $tpl->assign(SESSIONS_REPORT_M => "$SESSIONS_REPORT_M"); $tpl->assign(LLOGIN_MESSAGE => "$LLOGIN_MESSAGE"); if ($block ne 0) { $tpl->assign(ACCOUNT_STATUS => "Locked"); }else { $tpl->assign(ACCOUNT_STATUS => "Non locked"); }; $begin_day_norm = localtime($reg_date); $tpl->assign(REG_DATE => "$begin_day_norm"); # # DISPLAY TRAFFIC from begin_day till this moment # $mbytes_from = sprintf("%.3f", $bytes_from/1048576); $mbytes_to = sprintf("%.3f",$bytes_to/1048576); $bytes_to_price=sprintf("%.3f",$price * $mbytes_to); $bytes_from_price=sprintf("%.3f",$price * $mbytes_from); $bytes_sum = $mbytes_to + $mbytes_from; $bytes_sum_price = sprintf("%.3f",$price * $bytes_sum); $tpl->assign(BYTES_TO => "$mbytes_to"); $tpl->assign(BYTES_FROM => "$mbytes_from"); $tpl->assign(PRICE_TO => "$bytes_to_price"); $tpl->assign(PRICE_FROM => "$bytes_from_price"); $tpl->assign(BYTES_TOTAL => "$bytes_sum"); $tpl->assign(PRICE_TOTAL => "$bytes_sum_price"); $tpl->assign(SID => "$s_id"); # # DISPLAY DETAILED TRAFFIC REPORT # $r_b_year = $year + 1900; $tpl->assign(STAT_PL => "$stat_pl"); $tpl->assign(B_DAY => "$mday"); $tpl->assign(B_MONTH => "$month"); $tpl->assign(B_YEAR => "$r_b_year"); $tpl->assign(L_HOUR => "$hour"); $tpl->assign(L_DAY => "$mday"); $tpl->assign(L_MONTH => "$month"); $tpl->assign(L_YEAR => "$r_b_year"); $tpl->parse(ROWS => ["stat_report"]); $tpl->print(); $dbh->disconnect(); }; sub user_report_detailed { $s_id = $query->param('sid'); if (sid_verify() ne 0){ exit(0) }; $sth = $dbh->prepare("SELECT * FROM users WHERE ip=\"$REMOTE_ADDR\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $login = $ips->{'login'}; $full_name = $ips->{'full_name'}; $ip = $ips->{'ip'}; $bill = $ips->{'bill'}; $price = $ips->{'price'}; $credit = $ips->{'credit'}; $block = $ips->{'block'}; $reg_date = $ips->{'reg_date'}; $bytes_from = $ips->{'bytes_from'}; $bytes_to = $ips->{'bytes_to'}; $ftime = $ips->{'ftime'}; $ltime = $ips->{'ltime'}; }; $sth->finish(); # # DISPLAY DETAILED TRAFFIC REPORT # $b_hour = $query->param('b_hour'); $b_mday = $query->param('b_day'); $b_month = $query->param('b_month'); $b_year = $query->param('b_year'); $l_hour = $query->param('l_hour'); $l_mday = $query->param('l_day'); $l_month = $query->param('l_month'); $l_year = $query->param('l_year'); $b_time = timelocal (0,0,$b_hour,$b_mday,$b_month - 1,$b_year); $l_time = timelocal (0,0,$l_hour,$l_mday,$l_month - 1,$l_year); $norm_b_time = localtime ($b_time); $norm_l_time = localtime ($l_time); #OBTAIN TRAFFIC INFO FOR REQUESTED PERIOD $sth = $dbh->prepare("SELECT SUM\(bytes_all\) as tr_to FROM traffic WHERE ip_to=\"$ip\" AND ftime > \"$b_time\" AND ftime <\"$l_time\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $bytes_to = $ips->{'tr_to'}; $mbytes_to = sprintf("%.3f", $bytes_to/1048576); }; $sth->finish(); $sth = $dbh->prepare("SELECT SUM\(bytes_all\) as tr_from FROM traffic WHERE ip_from=\"$ip\" AND ftime > \"$b_time\" AND ftime <\"$l_time\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $bytes_from = $ips->{'tr_from'}; $mbytes_from = sprintf("%.3f", $bytes_from/1048576); }; $sth->finish(); $tpl->assign(BYTES_FROM_DETAILED => "$mbytes_from"); $tpl->assign(BYTES_TO_DETAILED => "$mbytes_to"); $bytes_to_price=$price * $mbytes_to; $bytes_from_price=$price * $mbytes_from; $mbytes_sum = $mbytes_to + $mbytes_from; $bytes_sum_price = $price * $mbytes_sum; $tpl->assign(PRICE_TO_DETAILED => "$bytes_to_price"); $tpl->assign(PRICE_FROM_DETAILED => "$bytes_from_price"); $tpl->assign(BYTES_TOTAL_DETAILED => "$mbytes_sum"); $tpl->assign(PRICE_TOTAL_DETAILED => "$bytes_sum_price"); $norm_last_session = localtime(last_session()); $tpl->assign(LOGIN => "$login"); $tpl->assign(FULL_NAME => "$full_name"); $tpl->assign(IP => "$ip"); $tpl->assign(BALANCE => "$bill"); $tpl->assign(MBYTE_PRICE => "$price"); $tpl->assign(LAST_LOGIN => "$norm_last_session"); $tpl->assign(BEGIN_REPORT_DATE => "$norm_b_time"); $tpl->assign(END_REPORT_DATE => "$norm_l_time"); if ($block ne 0) { $tpl->assign(ACCOUNT_STATUS => "Locked"); }else { $tpl->assign(ACCOUNT_STATUS => "Non locked"); }; # TEXT VARIABLE ASSIGN $tpl->assign(REPORT_MESSAGE => "$REPORT_MESSAGE"); $tpl->assign(LOGIN_M => "$LOGIN_M"); $tpl->assign(FULL_NAME_M => "$FULL_NAME_M"); $tpl->assign(IP_M => "$IP_M"); $tpl->assign(BALANCE_M => "$BALANCE_M"); $tpl->assign(PRICE_M => "$PRICE_M"); $tpl->assign(ACCOUNT_STAT_M => "$ACCOUNT_STAT_M"); $tpl->assign(TR_REPORT_M => "$TR_REPORT_M"); $tpl->assign(FROM_REGDATE_M => "$FROM_REGDATE_M"); $tpl->assign(TO_M => "$TO_M"); $tpl->assign(FROM_M => "$FROM_M"); $tpl->assign(MBYTES_M => "$MBYTES_M"); $tpl->assign(PRICE_TO_FROM_M => "$PRICE_TO_FROM_M"); $tpl->assign(MBYTES_TOTAL_M=> "$MBYTES_TOTAL_M"); $tpl->assign(PRICE_TOTAL_M => "$PRICE_TOTAL_M"); $tpl->assign(REPORT_PERIOD_REQ_M => "$REPORT_PERIOD_REQ_M"); $tpl->assign(PERIOD_FORMAT_M => "$PERIOD_FORMAT_M"); $tpl->assign(REPORT_BUTTON_M => "$REPORT_BUTTON_M"); $tpl->assign(SESSIONS_REPORT_M => "$SESSIONS_REPORT_M"); $tpl->assign(LLOGIN_MESSAGE => "$LLOGIN_MESSAGE"); $tpl->assign(SID => "$s_id"); $tpl->parse(ROWS => ["stat_report_full"]); $tpl->print(); $dbh->disconnect(); } sub bye { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; $dbh->do("UPDATE sessions SET s_id=\"0\" where s_id=\"$s_id\""); $dbh->disconnect(); print " "; }; sub bye_message { $tpl->assign(SESSION_CLOSED_M => "$SESSION_CLOSED_M"); $tpl->assign(LOGIN_TO_UTM => "$LOGIN_TO_UTM"); $tpl->parse(ROWS => ["stat_bye"]); $tpl->print(); }; sub last_session { # OBTAIN LAST SESSION DATE $time_last_session = 0; $sth = $dbh->prepare("SELECT max(id) AS mid FROM sessions WHERE login=\"$login\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $mid = $ips->{'mid'}; }; $sth->finish(); $mid = $mid - 1; $sth = $dbh->prepare("SELECT date FROM sessions WHERE id=\"$mid\""); $sth->execute(); while (my $ips = $sth->fetchrow_hashref()) { $time_last_session = $ips->{'date'}; }; $sth->finish(); $dbh->disconnect(); # END OBTAIN LAST SESSION DATE return ($time_last_session); }; sub help { $s_id = $query->param('sid'); if (sid_verify() ne 0){ exit(0) }; $tpl->assign(HELP_M => "$HELP_M"); $tpl->parse(ROWS => ["stat_help"]); $tpl->print(); }; sub settings { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; $tpl->assign(SID => "$s_id"); $tpl->assign(STAT_PL => "$stat_pl"); $tpl->assign(CH_PASSWORD_MESSAGE => "$CH_PASSWORD_MESSAGE"); $tpl->assign(LOGIN_M => "$LOGIN_M"); $tpl->assign(OLD_PASSWORD => "$OLD_PASSWORD"); $tpl->assign(NEW_PASSWORD => "$NEW_PASSWORD"); $tpl->assign(RET_NEW_PASSWORD => "$RET_NEW_PASSWORD"); $tpl->assign(CHANGE_BUTTON => "$CHANGE_BUTTON"); $tpl->assign(SETTINGS_M => "$SETTINGS_M"); $tpl->assign(LANG_M => "$LANG_M"); $tpl->assign(CH_LANG_M => "$CH_LANG_M"); $tpl->parse(ROWS => ["stat_settings"]); $tpl->print(); }; sub change_lang { $s_id = $query->param('sid'); if (sid_verify() ne 0){exit(0)}; $ch_to_lang = $query->param('lang'); if ($dbh->do("UPDATE users SET lang=\"$ch_to_lang\" where ip=\"$REMOTE_ADDR\"")){ print "Language changed succesfully!"; } else { print "some error!"; }; };