search suspicious ip active last 3 days

html/admin/iplist/index.php

@@ -38,11 +38,11 @@ $_SESSION[$page_url]['ip']=$f_ip;
 $ip_list_type_filter='';
 if ($ip_type>0) {
     //suspicious
-    if ($ip_type===3) { $ip_list_type_filter = " and (User_auth.dhcp_action NOT IN ('arp', 'netflow') and (ABS(User_auth.dhcp_time - User_auth.last_found)>259200))"; }
+    if ($ip_type===3) { $ip_list_type_filter = " and (User_auth.dhcp_action IN ('add', 'old', 'del') and (ABS(User_auth.dhcp_time - User_auth.last_found)>259200) and (UNIX_TIMESTAMP()-User_auth.last_found)<259200)"; }
     //dhcp
-    if ($ip_type===2) { $ip_list_type_filter = " and (User_auth.dhcp_action NOT IN ('arp', 'netflow'))"; }
+    if ($ip_type===2) { $ip_list_type_filter = " and (User_auth.dhcp_action IN ('add', 'old', 'del'))"; }
     //static
-    if ($ip_type===1) { $ip_list_type_filter = " and (User_auth.dhcp_action IN ('arp', 'netflow'))"; }
+    if ($ip_type===1) { $ip_list_type_filter = " and (User_auth.dhcp_action NOT IN ('add', 'old', 'del'))"; }
     }
 
 $ip_where = '';

html/admin/users/edituser.php

@@ -155,6 +155,7 @@ if (isset($_POST["addauth"])) {
             $fid = new_auth($db_link, $fip, $fmac, $id);
             if (!empty($fid)) {
                 $new['dhcp']=$f_dhcp;
+                $new["dhcp_action"]='manual';
                 update_record($db_link,"User_auth","id=".$fid,$new);
                 apply_auth_rule($db_link,$fid,$id);
                 LOG_WARNING($db_link,"Add ip for login: ".$user_info["login"].": ip => $fip, mac => $fmac",$fid);