0,0 → 1,231 |
<?php |
require('/etc/freeradius-web/config.php'); |
require('../lib/functions.php'); |
?> |
<html> |
<?php |
|
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php")) |
include_once("../lib/sql/drivers/$config[sql_type]/functions.php"); |
else{ |
echo <<<EOM |
<title>Unauthorized Service Usage History for $login</title> |
<meta http-equiv="Content-Type" content="text/html; charset=$config[general_charset]"> |
<link rel="stylesheet" href="style.css"> |
</head> |
<body> |
<center> |
<b>Could not include SQL library functions. Aborting</b> |
</body> |
</html> |
EOM; |
exit(); |
} |
|
$now = time(); |
$now_str = ($now_str != '') ? "$now_str" : date($config[sql_date_format],$now + 86400); |
$prev_str = ($prev_str != '') ? "$prev_str" : "0001-01-01 00:00:00"; |
|
$now_str = da_sql_escape_string($now_str); |
$prev_str = da_sql_escape_string($prev_str); |
|
$num = 0; |
$pagesize = ($pagesize) ? $pagesize : 10; |
if (!is_numeric($pagesize) && $pagesize != 'all') |
$pagesize = 10; |
$limit = ($pagesize == 'all') ? '' : "$pagesize"; |
$selected[$pagesize] = 'selected'; |
$login = ($login != '') ? $login : 'anyone'; |
$usercheck = ($login == 'anyone') ? "LIKE '%'" : "= '$login'"; |
$order = ($order != '') ? $order : $config[general_accounting_info_order]; |
if ($order != 'desc' && $order != 'asc') |
$order = 'desc'; |
$selected[$order] = 'selected'; |
|
echo <<<EOM |
<head> |
<title>Unauthorized Service Usage History for $login</title> |
<meta http-equiv="Content-Type" content="text/html; charset=$config[general_charset]"> |
<link rel="stylesheet" href="style.css"> |
</head> |
<body> |
<center> |
<table border=0 width=550 cellpadding=0 cellspacing=0> |
<tr valign=top> |
<td align=center><img src="images/title2.gif"></td> |
</tr> |
</table> |
EOM; |
|
if ($login != 'anyone'){ |
echo <<<EOM |
<table border=0 width=400 cellpadding=0 cellspacing=2> |
EOM; |
|
include("../html/user_toolbar.html.php"); |
|
print <<<EOM |
</table> |
EOM; |
} |
|
if ($do_delete == 1 && ($row_id != 0 && is_numeric($row_id))){ |
$link = da_sql_connect($config); |
if ($link){ |
$search = da_sql_query($link,$config, |
"SELECT id,admin FROM $config[sql_badusers_table] |
WHERE id = '$row_id';"); |
if ($search){ |
$row = da_sql_fetch_array($search,$config); |
if ($row[id] == $row_id){ |
$admin = "$row[admin]"; |
if (($admin != '-' && $_SERVER["PHP_AUTH_USER"] == $admin) || $admin == '-'){ |
$sql_servers = array(); |
if ($config[sql_extra_servers] != '') |
$sql_servers = explode(' ',$config[sql_extra_servers]); |
$sql_servers[] = $config[sql_server]; |
foreach ($sql_servers as $server){ |
$link2 = da_sql_host_connect($server,$config); |
if ($link2){ |
$r = da_sql_query($link2,$config, |
"DELETE FROM $config[sql_badusers_table] |
WHERE id = '$row_id';"); |
if (!$r) |
echo "<b>SQL Error:" . da_sql_error($link2,$config) . "</b><br>\n"; |
da_sql_close($link2,$config); |
} |
else |
echo "<b>SQL Error: Could not connect to SQL database: $server</b><br>\n"; |
} |
} |
} |
} |
else |
echo "<b>Database query failed: " . da_sql_error($link,$config) . "</b><br>\n"; |
da_sql_close($link,$config); |
} |
else |
echo "<b>Could not connect to SQL database</b><br>\n"; |
} |
|
echo <<<EOM |
<br><br> |
<table border=0 width=740 cellpadding=1 cellspacing=1> |
<tr valign=top> |
<td width=55%></td> |
<td bgcolor="black" width=45%> |
<table border=0 width=100% cellpadding=2 cellspacing=0> |
<tr bgcolor="#907030" align=right valign=top><th> |
<font color="white">Unauthorized Service Usage History for $login</font> |
</th></tr> |
</table> |
</td></tr> |
<tr bgcolor="black" valign=top><td colspan=2> |
<table border=0 width=100% cellpadding=12 cellspacing=0 bgcolor="#ffffd0" valign=top> |
<tr><td> |
<b>$prev_str</b> up to <b>$now_str</b> |
<form action="badusers.php" method="get" name="master"> |
<input type=hidden name=do_delete value=0> |
<input type=hidden name=row_id value=0> |
EOM; |
?> |
|
<p> |
<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> |
<tr bgcolor="#d0ddb0"> |
<th>#</th><th>user</th><th>date</th><th>admin</th><th>reason</th><th>administrator action</th> |
</tr> |
|
<?php |
$auth_user = $_SERVER["PHP_AUTH_USER"]; |
if ($config[general_restrict_badusers_access] == 'yes'){ |
$auth_user = da_sql_escape_string($auth_user); |
$extra_query = "AND admin == '$auth_user'"; |
} |
$link = da_sql_pconnect($config); |
if ($link){ |
$search = da_sql_query($link,$config, |
"SELECT " . da_sql_limit($limit,0,$config) . " * FROM $config[sql_badusers_table] |
WHERE username $usercheck $extra_query AND incidentdate <= '$now_str' |
AND incidentdate >= '$prev_str' " . da_sql_limit($limit,1,$config) . |
" ORDER BY incidentdate $order " . da_sql_limit($limit,2,$config) . " ;"); |
if ($search){ |
while( $row = da_sql_fetch_array($search,$config) ){ |
$num++; |
$id = $row[id]; |
$user = "$row[username]"; |
$User = urlencode($user); |
$date = "$row[incidentdate]"; |
$reason = "$row[reason]"; |
$admin = "$row[admin]"; |
if ($admin == $auth_user || $admin == '-') |
$action = "<td><input type=submit class=button value=\"Delete\" OnClick=\"this.form.do_delete.value=1;this.form.row_id.value=$id\"></td>"; |
else |
$action = "<td>-</td>"; |
if ($admin == '') |
$admin = '-'; |
if ($reason == '') |
$reason = '-'; |
echo <<<EOM |
<tr align=center> |
<td>$num</td> |
<td><a href="user_admin.php?login=$User" title="Edit user $user">$user</a></td> |
<td>$date</td> |
<td>$admin</td> |
<td>$reason</td> |
$action |
</tr> |
EOM; |
} |
} |
else |
echo "<b>Database query failed: " . da_sql_error($link,$config) . "</b><br>\n"; |
} |
else |
echo "<b>Could not connect to SQL database</b><br>\n"; |
echo <<<EOM |
</table> |
<tr><td> |
<hr> |
<tr><td align="center"> |
<table border=0> |
<tr><td colspan=6></td> |
<td rowspan=3 valign="bottom"> |
<small> |
the <b>from</b> date matches any login after the 00:00 that day, |
and the <b>to</b> date any login before the 23:59 that day. |
the default values shown are the <b>current week</b>. |
</td> |
</tr> |
<tr valign="bottom"> |
<td><small><b>user</td><td><small><b>from date</td><td><small><b>to date</td><td><small><b>pagesize</td><td><b>order</td> |
</td> |
<tr valign="middle"><td> |
<input type="text" name="login" size="11" value="$login"></td> |
<td><input type="text" name="prev_str" size="11" value="$prev_str"></td> |
<td><input type="text" name="now_str" size="11" value="$now_str"></td> |
<td><select name="pagesize"> |
<option $selected[5] value="5" >05 |
<option $selected[10] value="10">10 |
<option $selected[15] value="15">15 |
<option $selected[20] value="20">20 |
<option $selected[40] value="40">40 |
<option $selected[80] value="80">80 |
<option $selected[all] value="all">all |
</select> |
</td> |
<td><select name="order"> |
<option $selected[asc] value="asc">older first |
<option $selected[desc] value="desc">recent first |
</select> |
</td> |
EOM; |
?> |
|
<td><input type="submit" class=button value="show"></td></tr> |
</table></td></tr></form> |
</table> |
</tr> |
</table> |
</body> |
</html> |