switch login from apache to form

docs/mysql/mysql.sql

@@ -176,7 +176,8 @@ CREATE TABLE `connections` (
 CREATE TABLE `Customers` (
   `id` int(11) NOT NULL,
   `Login` varchar(20) DEFAULT 'NULL',
-  `Pwd` varchar(32) DEFAULT 'NULL',
+  `password` varchar(255) DEFAULT 'NULL',
+  `api_key` varchar(255) DEFAULT NULL,
   `readonly` tinyint(1) NOT NULL DEFAULT 0
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
@@ -184,8 +185,8 @@ CREATE TABLE `Customers` (
 -- Дамп данных таблицы `Customers`
 --
 
-INSERT INTO `Customers` (`id`, `Login`, `Pwd`, `readonly`) VALUES(1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 0);
-
+INSERT INTO `Customers` (`id`, `Login`, `password`, `api_key`, `readonly`) VALUES
+(1, 'admin', '$2y$11$wohV8Tuqu0Yai9Shacei5OKfMxG5bnLxB5ACcZcJJ3pYEbIH0qLGG', 'c3284d0f94606de1fd2af172aba15bf31', 0);
 -- --------------------------------------------------------
 
 --

html/admin/customers/control-options.php

@@ -74,7 +74,7 @@ print_control_submenu($page_url);
 <td width=150><b><?php print WEB_config_option; ?></b></td>
 <td width=150><b><?php print WEB_config_value; ?></b></td>
 <td width=350><b><?php print WEB_msg_comment; ?></b></td>
-<td width=100><input type="submit" onclick="return confirm('<?php print WEB_msg_delete; ?>?')" name="remove" value="<?php print WEB_btn_remove; ?>"></td>
+<td width=100><input type="submit" onclick="return confirm('<?php print WEB_btn_delete; ?>?')" name="remove" value="<?php print WEB_btn_remove; ?>"></td>
 </tr>
 
 <?php
@@ -114,7 +114,7 @@ while ($row = mysqli_fetch_array($t_config)) {
 }
 ?>
 <tr>
-<td colspan=5 class="data"><?php print WEB_msg_add." ".mb_strtolower(WEB_config_option).":&nbsp"; print_option_select($db_link, "f_new_option"); ?></td>
+<td colspan=5 class="data"><?php print WEB_btn_add." ".mb_strtolower(WEB_config_option).":&nbsp"; print_option_select($db_link, "f_new_option"); ?></td>
 <td><input type="submit" name="create" value="<?php echo WEB_btn_add; ?>"></td>
 </tr>
 </table>

html/admin/customers/control-subnets.php

@@ -147,7 +147,7 @@ print_control_submenu($page_url);
 	<td><b><?php echo WEB_network_dyndns; ?></b></td>
 	<td><b><?php echo WEB_network_discovery; ?></b></td>
 	<td><b><?php echo WEB_cell_comment; ?></b></td>
-	<td><input type="submit" onclick="return confirm('<?php print WEB_msg_delete; ?>?')" name="s_remove" value="<?php print WEB_btn_remove; ?>"></td>
+	<td><input type="submit" onclick="return confirm('<?php print WEB_btn_delete; ?>?')" name="s_remove" value="<?php print WEB_btn_remove; ?>"></td>
 </tr>
 <?php
 $t_subnets = get_records($db_link,'subnets','True ORDER BY ip_int_start');

html/admin/customers/control.php

@@ -104,29 +104,29 @@ print_control_submenu($page_url);
 <table class="data">
 <?php
         if (is_option($db_link, 37)) {
-            print "<tr><td align=right>".WEB_control_access."&nbsp<input type=submit name='recheck_ip' value='".WEB_msg_refresh."'></td></tr>";
+            print "<tr><td align=right>".WEB_control_access."&nbsp<input type=submit name='recheck_ip' value='".WEB_btn_refresh."'></td></tr>";
         }
         if (is_option($db_link, 38)) {
-            print "<tr><td align=right>".WEB_control_dhcp."&nbsp<input type=submit name='refresh_dhcp' value='".WEB_msg_refresh."' ></td></tr>";
+            print "<tr><td align=right>".WEB_control_dhcp."&nbsp<input type=submit name='refresh_dhcp' value='".WEB_btn_refresh."' ></td></tr>";
         }
         if (is_option($db_link, 39)) {
-            print "<tr><td align=right>".WEB_control_dns."&nbsp<input type=submit name='refresh_dns' value='".WEB_msg_refresh."'  ></td></tr>";
+            print "<tr><td align=right>".WEB_control_dns."&nbsp<input type=submit name='refresh_dns' value='".WEB_btn_refresh."'  ></td></tr>";
         }
         if (is_option($db_link, 40)) {
-            print "<tr><td align=right>".WEB_control_nagios."&nbsp<input type=submit name='refresh_nagios' value='".WEB_msg_refresh."'></td></tr>";
-            print "<tr><td align=right>".WEB_control_nagios_clear_alarm."&nbsp<input type=submit name='up_nagios' value='".WEB_msg_run."'></td></tr>";
+            print "<tr><td align=right>".WEB_control_nagios."&nbsp<input type=submit name='refresh_nagios' value='".WEB_btn_refresh."'></td></tr>";
+            print "<tr><td align=right>".WEB_control_nagios_clear_alarm."&nbsp<input type=submit name='up_nagios' value='".WEB_btn_run."'></td></tr>";
         }
         if (is_option($db_link, 41)) {
-            print "<tr><td align=right>".WEB_control_scan_network."&nbsp<input type=submit name='discovery' value='".WEB_msg_run."'></td></tr>";
+            print "<tr><td align=right>".WEB_control_scan_network."&nbsp<input type=submit name='discovery' value='".WEB_btn_run."'></td></tr>";
         }
         if (is_option($db_link, 41)) {
-            print "<tr><td  align=right>".WEB_control_fping_scan_network."&nbsp<input type=submit name='discovery2' value='".WEB_msg_run."'></td></tr>";
+            print "<tr><td  align=right>".WEB_control_fping_scan_network."&nbsp<input type=submit name='discovery2' value='".WEB_btn_run."'></td></tr>";
         }
         if (get_option($db_link, 23)) {
-            print "<tr><td  align=right>".WEB_control_log_traffic_on."&nbsp<input type=submit name='save_traf_all' value='".WEB_msg_run."'></td></tr>";
-            print "<tr><td  align=right>".WEB_control_log_traffic_off."&nbsp<input type=submit name='not_save_traf_all' value='".WEB_msg_run."'></td></tr>";
+            print "<tr><td  align=right>".WEB_control_log_traffic_on."&nbsp<input type=submit name='save_traf_all' value='".WEB_btn_run."'></td></tr>";
+            print "<tr><td  align=right>".WEB_control_log_traffic_off."&nbsp<input type=submit name='not_save_traf_all' value='".WEB_btn_run."'></td></tr>";
         }
-        print "<tr><td  align=right>".WEB_control_clear_dns_cache."&nbsp<input type=submit name='clean_cache' value='".WEB_msg_run."'></td></tr>";
+        print "<tr><td  align=right>".WEB_control_clear_dns_cache."&nbsp<input type=submit name='clean_cache' value='".WEB_btn_run."'></td></tr>";
 ?>
 <tr>
 <td align=right><a href="ipcam.php"><?php echo WEB_control_port_off; ?></a></td>

html/admin/customers/editcustom.php

@@ -6,10 +6,14 @@ require_once ($_SERVER['DOCUMENT_ROOT']."/inc/idfilter.php");
 $msg_error = "";
 
 if (isset($_POST["edituser"])) {
+    global $salt;
     $new['Login'] = substr(trim($_POST["login"]), 0, 20);
     if (isset($_POST["pass"]) and (strlen(trim($_POST["pass"])) > 0)) {
-        $new['Pwd'] = md5($_POST["pass"]);
-    }
+        $new['password'] = password_hash($_POST["pass"], PASSWORD_BCRYPT);
+	}
+    if (isset($_POST["api_key"]) and (strlen(trim($_POST["api_key"])) > 20)) {
+        $new['api_key'] = $_POST["api_key"];
+	}
     $new['readonly'] = $_POST["f_ro"] * 1;
     update_record($db_link, "Customers", "id='$id'", $new);
     unset($_POST["pass"]);
@@ -24,6 +28,7 @@ print_control_submenu($page_url);
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/header.php");
 $customer=get_record($db_link,'Customers',"id=".$id);
 ?>
+
 <div id="cont">
 <br><b><?php echo WEB_custom_titles; ?></b><br>
 	<form name="def" action="editcustom.php?id=<?php echo $id; ?>" method="post">
@@ -32,11 +37,13 @@ $customer=get_record($db_link,'Customers',"id=".$id);
 			<tr>
 				<td><?php echo WEB_custom_login; ?></td>
 				<td><?php echo WEB_custom_password; ?></td>
+				<td><?php echo WEB_custom_api_key; ?></td>
 				<td><?php echo WEB_custom_mode; ?></td>
 			</tr>
 			<tr>
 				<td><input type="text" name="login" value="<?php print $customer['Login']; ?>" size=20></td>
 				<td><input type="text" name="pass" value="" size=20></td>
+				<td><input type="text" name="api_key" value="<?php print $customer['api_key']; ?>" size=50></td>
 				<td><?php print_qa_select('f_ro',$customer['readonly']); ?></td>
 			</tr>
 			<td colspan=2><input type="submit" name="edituser" value="<?php echo WEB_btn_save; ?>"></td>

html/admin/customers/index.php

@@ -7,18 +7,17 @@ $msg_error = "";
 if (isset($_POST["create"])) {
     $login = $_POST["newlogin"];
     if ($login) {
-        list ($lcount) = mysqli_fetch_array(mysqli_query($db_link, "Select count(id) from Customers where LCase(Login)=LCase('$login')"));
-        if ($lcount > 0) {
-            $msg_error = "Login already $login already exists!";
+	$customer = get_record_sql($db_link,"Select * from Customers WHERE LCase(Login)=LCase('$login')");
+        if (!empty($customer)) {
+            $msg_error = "Login $login already exists!";
             LOG_INFO($db_link, $msg_error);
             unset($_POST);
         } else {
             $new['Login'] = $login;
-            insert_record($db_link, "Customers", $new);
-            list ($id) = mysqli_fetch_array(mysqli_query($db_link, "Select id from Customers where Login='$login' order by id DESC"));
+	    $new['api_key'] = randomPassword(20);
             LOG_INFO($db_link, "Create new login: $login");
-            header("location: editcustom.php?id=$id");
-            exit;
+            $id = insert_record($db_link, "Customers", $new);
+	    if (!empty($id)) { header("Location: editcustom.php?id=$id"); exit; }
         }
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);
@@ -64,8 +63,8 @@ foreach ($users as $row) {
 <table class="data">
 	<tr>
 		<td><input type=text name=newlogin value="Unknown"></td>
-		<td><input type="submit" name="create" value="<?php echo WEB_msg_add; ?>"></td>
-		<td align="right"><input type="submit" onclick="return confirm('<?php print WEB_msg_delete; ?>?')" name="remove" value="<?php print WEB_btn_remove; ?>"></td>
+		<td><input type="submit" name="create" value="<?php echo WEB_btn_add; ?>"></td>
+		<td align="right"><input type="submit" onclick="return confirm('<?php print WEB_btn_delete; ?>?')" name="remove" value="<?php print WEB_btn_remove; ?>"></td>
 		</tr>
 	</table>
 </form>

html/admin/devices/building.php

@@ -6,7 +6,7 @@ if (isset($_POST["remove"])) {
     $fid = $_POST["f_id"];
     foreach ($fid as $key => $val) {
         if (isset($val) and $val > 1) {
-            LOG_INFO($db_link,'Удаляем расположение с id: '.$val);
+            LOG_INFO($db_link,'Remove building id: '.$val);
             delete_record($db_link, "building", "id=" . $val);
         }
     }
@@ -31,7 +31,7 @@ if (isset($_POST['save'])) {
             if (isset($value)) {
                 $new['name'] = $value;
                 $new['comment'] = $value_comment;
-                LOG_INFO($db_link,"Изменяем расположение id='{$save_id}': name=".$value." comment=".$value_comment);
+                LOG_INFO($db_link,"Change building id='{$save_id}': name=".$value." comment=".$value_comment);
                 update_record($db_link, "building", "id='{$save_id}'", $new);
             }
         }
@@ -44,7 +44,7 @@ if (isset($_POST["create"])) {
     $building_name = $_POST["new_building"];
     if (isset($building_name)) {
         $new['name'] = $building_name;
-        LOG_INFO($db_link,'Добавляем расположение $building_name');
+        LOG_INFO($db_link,'Add building $building_name');
         insert_record($db_link, "building", $new);
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);
@@ -61,9 +61,11 @@ print_device_submenu($page_url);
 <tr align="center">
 <td><input type="checkbox" onClick="checkAll(this.checked);"></td>
 <td><b>id</b></td>
-<td><b>Название</b></td>
-<td><b>Комментарий</b></td>
-<td><input type="submit" onclick="return confirm('Удалить?')" name="remove" value="Удалить"></td>
+<td><b><?php echo WEB_cell_name; ?></b></td>
+<td><b><?php echo WEB_cell_comment; ?></b></td>
+<td>
+<input type="submit" onclick="return confirm('<?php print WEB_btn_delete; ?>?')" name="remove" value="<?php print WEB_btn_remove; ?>">
+</td>
 </tr>
 <?php
 $t_building = get_records($db_link,'building','TRUE ORDER BY id');
@@ -73,7 +75,7 @@ foreach ($t_building as $row) {
     print "<td class=\"data\"><input type=\"hidden\" name='id[]' value='{$row['id']}'>{$row['id']}</td>\n";
     print "<td class=\"data\"><input type=\"text\" name='f_building_name[]' value='{$row['name']}'></td>\n";
     print "<td class=\"data\"><input type=\"text\" name='f_building_comment[]' value='{$row['comment']}'></td>\n";
-    print "<td class=\"data\"><button name='save[]' value='{$row['id']}'>Сохранить</button></td>\n";
+    print "<td class=\"data\"><button name='save[]' value='{$row['id']}'>".WEB_btn_save."</button></td>\n";
     print "</tr>\n";
 }
 ?>
@@ -81,7 +83,9 @@ foreach ($t_building as $row) {
 <table>
 <tr>
 <td><input type=text name=new_building value="Unknown"></td>
-<td><input type="submit" name="create" value="Добавить"></td>
+<td>
+<input type="submit" name="create" value="<?php print WEB_btn_add; ?>">
+</td>
 <td align="right"></td>
 </tr>
 </table>

html/admin/devices/devmodels.php

@@ -64,14 +64,15 @@ print_device_submenu($page_url);
 
 ?>
 <div id="cont">
+<br>
 <form name="def" action="devmodels.php" method="post">
 
 <table class="data">
 <tr>
-<td><b>Список моделей</b></td>
+<td><b><?php echo WEB_list_models; ?></b></td>
 <td><?php print_vendor_select($db_link,'vendor_select',$f_vendor_select); ?></td>
-<td>Отображать:<?php print_row_at_pages('rows',$displayed); ?></td>
-<td><input type="submit" name="OK" value="Показать"></td>
+<td><?php print WEB_rows_at_page."&nbsp:";print_row_at_pages('rows',$displayed); ?></td>
+<td><input type="submit" name="OK" value="<?php print WEB_btn_show; ?>"></td>
 </tr>
 </table>
 
@@ -87,16 +88,16 @@ if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
 print_navigation($page_url,$page,$displayed,$count_records[0],$total);
-
 ?>
+<br>
 <table class="data">
 <tr align="center">
 <td><input type="checkbox" onClick="checkAll(this.checked);"></td>
 <td><b>Id</b></td>
-<td><b>Производитель</b></td>
-<td><b>Название</b></td>
-<td><b>Шаблон Nagios</b></td>
-<td><input type="submit" name='save' value="Сохранить"></td>
+<td><b><?php echo WEB_model_vendor; ?></b></td>
+<td><b><?php echo WEB_cell_name; ?></b></td>
+<td><b><?php echo WEB_nagios_template; ?></b></td>
+<td><input type="submit" name='save' value="<?php echo WEB_btn_save; ?>"></td>
 </tr>
 <?php
 $t_ou = get_records_sql($db_link,'SELECT * FROM device_models '.$v_filter." ORDER BY vendor_id, model_name LIMIT $start,$displayed");
@@ -115,7 +116,7 @@ foreach ($t_ou as $row) {
 <table>
 <tr>
 <td><input type=text name=new_model value="Unknown"></td>
-<td><input type="submit" name="create" value="Добавить"></td>
+<td><input type="submit" name="create" value="<?php echo WEB_btn_add; ?>"></td>
 <td align="right"></td>
 </tr>
 </table>

html/admin/logout.html

@@ -1,54 +0,0 @@
-<!DOCTYPE html>
-<head>
-<meta http-equiv="Content-Type" content="text/html;" />
-<link rel="stylesheet" type="text/css" href="/white.css">
-<meta charset="utf-8" />
-<title>Выход</title>
-
-<script language="javascript" type="text/javascript">
-
-try{
-var agt=navigator.userAgent.toLowerCase();
-if (agt.indexOf("msie") != -1) {
-// IE clear HTTP Authentication
-document.execCommand("ClearAuthenticationCache");
-}
-else {
-var xmlhttp = createXMLObject();
-xmlhttp.open("GET",".force_logout_offer_login_mozilla",true,"logout","");
-xmlhttp.send("");
-xmlhttp.abort();
-}
-// window.location = "/rest/";
-} catch(e) {
-// There was an error
-alert("there was an error");
-}
-
-function createXMLObject() {
-try {
-if (window.XMLHttpRequest) {
-xmlhttp = new XMLHttpRequest();
-}
-// code for IE
-else if (window.ActiveXObject) {
-xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
-}
-} catch (e) {
-xmlhttp=false
-}
-return xmlhttp;
-}
-</script>
-
-</head>
-<body>
-<div align=center>
-<table>
-<tr>
-<td align="center" valign="middle"><p><font size="+1">Welcome</font></p><p><font size="+1"><a href="/admin/">Войти</a></font></p><p>&nbsp;</p>*</td>
-</tr>
-</table>
-</div>
-</body>
-</html>

html/cfg/config.sample.php

@@ -12,10 +12,10 @@ define("DB_NAME","stat");
 define("DB_USER","user");
 define("DB_PASS","password");
 
-define("CACTI_DB_HOST","localhost");
-define("CACTI_DB_NAME","cacti");
-define("CACTI_DB_USER","user");
-define("CACTI_DB_PASS","password");
+#define("CACTI_DB_HOST","localhost");
+#define("CACTI_DB_NAME","cacti");
+#define("CACTI_DB_USER","user");
+#define("CACTI_DB_PASS","password");
 
 define("IPCAM_GROUP_ID","5");
 

html/inc/auth.php

@@ -1,8 +1,7 @@
 <?php
-require_once ($_SERVER['DOCUMENT_ROOT']."/inc/login.php");
-login($db_link);
+require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.utils.php");
 
-if (isset($_GET['logout'])) { session_destroy(); header("Location: /logout.php"); }
+login($db_link);
 
 $start_time = microtime();
 $start_array = explode(" ",$start_time);

html/inc/auth.utils.php

@@ -0,0 +1,155 @@
+<?php
+
+define("CONFIG", 1);
+define("SQL", 1);
+require_once ($_SERVER['DOCUMENT_ROOT']."/cfg/config.php");
+require_once ($_SERVER['DOCUMENT_ROOT']."/inc/sql.php");
+require_once ($_SERVER['DOCUMENT_ROOT']."/inc/common.php");
+
+function logout()
+{
+if ( ! session_id() ) { session_start(); }
+if ( session_id() ) {
+    // Если есть активная сессия, удаляем куки сессии
+    setcookie(session_name(), session_id(), time()-60*60*24);
+    session_unset();
+    session_destroy();
+    }
+header("Location: /login.php");
+}
+
+function qlogout()
+{
+if ( ! session_id() ) { session_start(); }
+if ( session_id() ) {
+    // Если есть активная сессия, удаляем куки сессии
+    setcookie(session_name(), session_id(), time()-60*60*24);
+    session_unset();
+    session_destroy();
+    }
+exit;
+}
+
+//login by password
+function login($db)
+{
+    if (!session_id()) {
+	if ( ! session_start() ) { logout(); exit(); }
+	}
+    if (! IsAuthenticated($db)) { logout(); exit(); }
+    return true;
+}
+
+//login by api_key
+function Silentlogin($db)
+{
+    if (!session_id()) {
+	if ( ! session_start() ) { logout(); exit(); }
+	}
+    if (! IsSilentAuthenticated($db)) { logout(); exit(); }
+    return true;
+}
+
+function IsAuthenticated($db)
+{
+    if (!empty($_SESSION['user_id'])) { return true; }
+
+    if (empty($auth_ip)) {
+        $auth_ip = get_user_ip();
+        $_SESSION['IP'] = $auth_ip;
+	}
+
+    if (!empty($_POST['login'])) { $login = trim($_POST['login']); }
+    if (!empty($_POST['password'])) { $pass = trim($_POST['password']); }
+
+
+    if (empty($login) or empty($pass)) {
+        LOG_DEBUG($db, "login [$login] or password [$pass] undefined from $auth_ip: fail!");
+	logout();
+        return false;
+	}
+
+    $login = htmlspecialchars(stripslashes($login));
+    if (empty($login) or empty($pass)) {
+        LOG_DEBUG($db, "login [$login] or password [$pass] undefined from $auth_ip: fail!");
+	logout();
+        return false;
+	}
+
+    $query = "SELECT * FROM `Customers` WHERE Login='{$login}'";
+    $auth_record = get_record_sql($db,$query);
+    if (!empty($auth_record)) {
+	if (password_verify($pass, $auth_record['password'])) {
+            if (empty($_SESSION['session_id'])) {
+	        session_regenerate_id();
+    	        $_SESSION['session_id'] = session_id();
+		}
+            if (empty($_SESSION['user_id'])) {
+	        LOG_DEBUG($db, "login user [$login] from " . $_SESSION['IP'] . ": success.");
+	        }
+    	    $_SESSION['user_id'] = $auth_record['id'];
+    	    $_SESSION['login'] = $login;
+    	    return true;
+	    } else { 
+	    LOG_DEBUG($db, "login user [$login] from " . $_SESSION['IP'] . ": fail!");
+	    logout();
+	    return false;
+	    }
+	}
+    LOG_DEBUG($db, "login user [$login] from " . $_SESSION['IP'] . ": fail!");
+    logout();
+    return false;
+}
+
+function IsSilentAuthenticated($db)
+{
+    if (!empty($_SESSION['user_id'])) { return true;  }
+
+    if (empty($auth_ip)) {
+        $auth_ip = get_user_ip();
+        $_SESSION['IP'] = $auth_ip;
+    }
+
+    if (!empty($_GET['login'])) { $login = trim($_GET['login']); }
+    if (!empty($_POST['login'])) { $login = trim($_POST['login']); }
+
+    if (!empty($_GET['password'])) { $pass = trim($_GET['password']); }
+    if (!empty($_POST['password'])) { $pass = trim($_POST['password']); }
+    if (!empty($_GET['api_key'])) { $pass = trim($_GET['api_key']); }
+    if (!empty($_POST['api_key'])) { $pass = trim($_POST['api_key']); }
+
+    if (empty($login) or empty($pass)) {
+        LOG_DEBUG($db, "login or password undefined from $auth_ip: fail!");
+        logout();
+        return false;
+	}
+
+    $login = htmlspecialchars(stripslashes($login));
+
+    if ($login == '' or $pass == '') {
+        LOG_DEBUG($db, "login or password undefined from $auth_ip: fail!");
+        logout();
+        return false;
+	}
+
+    $query = "SELECT id FROM `Customers` WHERE Login='{$login}' AND `api_key`='{$pass}'";
+    $auth_record = get_record_sql($db,$query);
+    if (!empty($auth_record)) {
+        if (empty($_SESSION['session_id'])) {
+            session_regenerate_id();
+            $_SESSION['session_id'] = session_id();
+	    }
+        if (empty($_SESSION['user_id'])) {
+            LOG_DEBUG($db, "Silent login user [$login] from " . $_SESSION['IP'] . ": success.");
+	    }
+        $_SESSION['user_id'] = $auth_record['id'];
+        $_SESSION['login'] = $login;
+        return true;
+	}
+
+    LOG_DEBUG($db, "Silent login user $login from " . $_SESSION['IP'] . ": fail!");
+    logout();
+    return false;
+}
+
+?>

html/inc/common.php

@@ -29,6 +29,17 @@ $config["init"]=0;
 // 17, 'Maipu'
 // 18, 'Asus'
 
+function randomPassword($length = 8) {
+    $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
+    $pass = array(); //remember to declare $pass as an array
+    $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
+    for ($i = 0; $i < $length; $i++) {
+        $n = rand(0, $alphaLength);
+        $pass[] = $alphabet[$n];
+    }
+    return implode($pass); //turn the array into a string
+}
+
 function mb_ucfirst($str) {
     $str = mb_strtolower($str);
     $fc = mb_strtoupper(mb_substr($str, 0, 1));
@@ -399,7 +410,7 @@ function print_subnet_select($db, $subnet_name, $subnet_value)
 {
     print "<select name=\"$subnet_name\" >\n";
     $t_subnet = mysqli_query($db, "SELECT id,subnet FROM subnets ORDER BY ip_int_start");
-    print_select_item('Всe ip',0,$subnet_value);
+    print_select_item(WEB_select_item_all_ips,0,$subnet_value);
     while (list ($f_subnet_id, $f_subnet_name) = mysqli_fetch_array($t_subnet)) {
 	print_select_item($f_subnet_name,$f_subnet_id,$subnet_value);
     }
@@ -420,7 +431,7 @@ function print_subnet_select_office($db, $subnet_name, $subnet_value)
 {
     print "<select name=\"$subnet_name\" >\n";
     $t_subnet = mysqli_query($db, "SELECT id,subnet FROM subnets WHERE office=1 ORDER BY ip_int_start");
-    print_select_item('Всe ip',0,$subnet_value);
+    print_select_item(WEB_select_item_all_ips,0,$subnet_value);
     while (list ($f_subnet_id, $f_subnet_name) = mysqli_fetch_array($t_subnet)) {
 	print_select_item($f_subnet_name,$f_subnet_id,$subnet_value);
     }
@@ -471,57 +482,57 @@ print "<a href='".reencodeurl($page)."'> $display_name </a>";
 
 function print_log_submenu ($current_page) {
 print "<div id='submenu'>\n";
-print_submenu_url('Журнал dhcp','/admin/logs/dhcp.php',$current_page,0);
-print_submenu_url('Журнал работы ','/admin/logs/index.php',$current_page,0);
-print_submenu_url('Приключения маков','/admin/logs/mac.php',$current_page,0);
-print_submenu_url('История ip-адресов','/admin/logs/ip.php',$current_page,0);
-print_submenu_url('Неизвестные','/admin/logs/unknown.php',$current_page,0);
-print_submenu_url('Трафик','/admin/logs/detaillog.php',$current_page,0);
-print_submenu_url('syslog','/admin/logs/syslog.php',$current_page,1);
+print_submenu_url(WEB_submenu_dhcp_log,'/admin/logs/dhcp.php',$current_page,0);
+print_submenu_url(WEB_submenu_work_log,'/admin/logs/index.php',$current_page,0);
+print_submenu_url(WEB_submenu_mac_history,'/admin/logs/mac.php',$current_page,0);
+print_submenu_url(WEB_submenu_ip_history,'/admin/logs/ip.php',$current_page,0);
+print_submenu_url(WEB_submenu_mac_unknown,'/admin/logs/unknown.php',$current_page,0);
+print_submenu_url(WEB_submenu_traffic,'/admin/logs/detaillog.php',$current_page,0);
+print_submenu_url(WEB_submenu_syslog,'/admin/logs/syslog.php',$current_page,1);
 print "</div>\n";
 }
 
 function print_control_submenu ($current_page) {
 print "<div id='submenu'>\n";
-print_submenu_url('Управление','/admin/customers/control.php',$current_page,0);
-print_submenu_url('Сети','/admin/customers/control-subnets.php',$current_page,0);
-print_submenu_url('Сети (Статистика)','/admin/customers/control-subnets-usage.php',$current_page,0);
-print_submenu_url('Параметры','/admin/customers/control-options.php',$current_page,0);
-print_submenu_url('Пользователи','/admin/customers/index.php',$current_page,1);
+print_submenu_url(WEB_submenu_control,'/admin/customers/control.php',$current_page,0);
+print_submenu_url(WEB_submenu_network,'/admin/customers/control-subnets.php',$current_page,0);
+print_submenu_url(WEB_submenu_network_stats,'/admin/customers/control-subnets-usage.php',$current_page,0);
+print_submenu_url(WEB_submenu_options,'/admin/customers/control-options.php',$current_page,0);
+print_submenu_url(WEB_submenu_customers,'/admin/customers/index.php',$current_page,1);
 print "</div>\n";
 }
 
 function print_filters_submenu ($current_page) {
 print "<div id='submenu'>\n";
-print_submenu_url('Список фильтров','/admin/filters/index.php',$current_page,0);
-print_submenu_url('Группы фильтров','/admin/filters/groups.php',$current_page,1);
+print_submenu_url(WEB_submenu_filter_list,'/admin/filters/index.php',$current_page,0);
+print_submenu_url(WEB_submenu_filter_group,'/admin/filters/groups.php',$current_page,1);
 print "</div>\n";
 }
 
 function print_reports_submenu ($current_page) {
 print "<div id='submenu'>\n";
-print_submenu_url('Отчёт по трафику (ip)','/admin/reports/index-full.php',$current_page,0);
-print_submenu_url('Отчёт по трафику (login)','/admin/reports/index.php',$current_page,1);
+print_submenu_url(WEB_submenu_traffic_ip_report,'/admin/reports/index-full.php',$current_page,0);
+print_submenu_url(WEB_submenu_traffic_login_report,'/admin/reports/index.php',$current_page,1);
 print "</div>\n";
 }
 
 function print_trafdetail_submenu ($current_page,$params,$description) {
 print "<div id='submenu'>\n";
 print "$description\n";
-print_submenu_url('TOP 10 по трафику','/admin/reports/userdaydetail.php'."?$params",$current_page,0);
-print_submenu_url('Подробный лог','/admin/reports/userdaydetaillog.php'."?$params",$current_page,1);
+print_submenu_url(WEB_submenu_traffic_top10,'/admin/reports/userdaydetail.php'."?$params",$current_page,0);
+print_submenu_url(WEB_submenu_detail_log,'/admin/reports/userdaydetaillog.php'."?$params",$current_page,1);
 print "</div>\n";
 }
 
 function print_device_submenu ($current_page) {
 print "<div id='submenu'>\n";
-print_submenu_url('Активное сетевое оборудование','/admin/devices/index.php',$current_page,0);
-print_submenu_url('Пассивное оборудование','/admin/devices/index-passive.php',$current_page,0);
-print_submenu_url('Расположение','/admin/devices/building.php',$current_page,0);
-print_submenu_url('Структура','/admin/devices/index-tree.php',$current_page,0);
-print_submenu_url('Модели устройств','/admin/devices/devmodels.php',$current_page,0);
-print_submenu_url('Vendors','/admin/devices/devvendors.php',$current_page,0);
-print_submenu_url('Порты по вланам','/admin/devices/portsbyvlan.php',$current_page,1);
+print_submenu_url(WEB_submenu_net_devices,'/admin/devices/index.php',$current_page,0);
+print_submenu_url(WEB_submenu_passive_net_devices,'/admin/devices/index-passive.php',$current_page,0);
+print_submenu_url(WEB_submenu_buildings,'/admin/devices/building.php',$current_page,0);
+print_submenu_url(WEB_submenu_hierarchy,'/admin/devices/index-tree.php',$current_page,0);
+print_submenu_url(WEB_submenu_device_models,'/admin/devices/devmodels.php',$current_page,0);
+print_submenu_url(WEB_submenu_vendors,'/admin/devices/devvendors.php',$current_page,0);
+print_submenu_url(WEB_submenu_ports_vlan,'/admin/devices/portsbyvlan.php',$current_page,1);
 print "</div>\n";
 }
 
@@ -529,22 +540,22 @@ function print_editdevice_submenu ($current_page,$id,$dev_type) {
 print "<div id='submenu'>\n";
 $dev_id='';
 if (isset($id)) { $dev_id='?id='.$id; }
-print_submenu_url('Параметры','/admin/devices/editdevice.php'.$dev_id,$current_page,0);
+print_submenu_url(WEB_submenu_options,'/admin/devices/editdevice.php'.$dev_id,$current_page,0);
 if ($dev_type<=2) {
-    print_submenu_url('Порты','/admin/devices/switchport.php'.$dev_id,$current_page,0);
-    print_submenu_url('Состояние','/admin/devices/switchstatus.php'.$dev_id,$current_page,0);
-    print_submenu_url('Соединения','/admin/devices/switchport-conn.php'.$dev_id,$current_page,1);
+    print_submenu_url(WEB_submenu_ports,'/admin/devices/switchport.php'.$dev_id,$current_page,0);
+    print_submenu_url(WEB_submenu_state,'/admin/devices/switchstatus.php'.$dev_id,$current_page,0);
+    print_submenu_url(WEB_submenu_connections,'/admin/devices/switchport-conn.php'.$dev_id,$current_page,1);
     }
 print "</div>\n";
 }
 
 function print_ip_submenu ($current_page) {
 print "<div id='submenu'>\n";
-print_submenu_url('Список адресов','/admin/iplist/index.php',$current_page,0);
-print_submenu_url('Информация для nagios','/admin/iplist/nagios.php',$current_page,0);
-print_submenu_url('Дубли','/admin/iplist/doubles.php',$current_page,0);
-print_submenu_url('Удалённые адреса','/admin/iplist/deleted.php',$current_page,0);
-print_submenu_url('Правила автоназначения','/admin/iplist/auto_rules.php',$current_page,1);
+print_submenu_url(WEB_submenu_ip_list,'/admin/iplist/index.php',$current_page,0);
+print_submenu_url(WEB_submenu_nagios,'/admin/iplist/nagios.php',$current_page,0);
+print_submenu_url(WEB_submenu_doubles,'/admin/iplist/doubles.php',$current_page,0);
+print_submenu_url(WEB_submenu_deleted,'/admin/iplist/deleted.php',$current_page,0);
+print_submenu_url(WEB_submenu_auto_rules,'/admin/iplist/auto_rules.php',$current_page,1);
 print "</div>\n";
 }
 
@@ -626,7 +637,7 @@ function print_group_select($db, $group_name, $group_value)
 function print_building_select($db, $building_name, $building_value)
 {
     print "<select name=\"$building_name\">\n";
-    print_select_item('Всё',0,$building_value);
+    print_select_item(WEB_select_item_all,0,$building_value);
     $t_building = mysqli_query($db, "SELECT id,name FROM building Order by name");
     while (list ($f_building_id, $f_building_name) = mysqli_fetch_array($t_building)) {
 	print_select_item($f_building_name,$f_building_id,$building_value);
@@ -637,7 +648,7 @@ function print_building_select($db, $building_name, $building_value)
 function print_devtypes_select($db, $devtype_name, $devtype_value, $mode)
 {
     print "<select name=\"$devtype_name\">\n";
-    print_select_item('Всё',0,$devtype_value);
+    print_select_item(WEB_select_item_all,0,$devtype_value);
     $filter='';
     if (!empty($mode)) { $filter = "WHERE $mode"; }
     $t_devtype = mysqli_query($db, "SELECT id,name FROM device_types $filter ORDER BY name");
@@ -705,8 +716,8 @@ function get_queue($db, $queue_value)
 function print_qa_l3int_select($qa_name, $qa_value)
 {
     print "<select name=\"$qa_name\">\n";
-    print_select_item('Внутренний',0,$qa_value);
-    print_select_item('Внешний',1,$qa_value);
+    print_select_item(WEB_select_item_lan,0,$qa_value);
+    print_select_item(WEB_select_item_wan,1,$qa_value);
     print "</select>\n";
 }
 
@@ -722,8 +733,8 @@ function print_qa_rule_select($qa_name, $qa_value)
 function print_qa_select($qa_name, $qa_value)
 {
     print "<select name=\"$qa_name\">\n";
-    print_select_item('Да',1,$qa_value);
-    print_select_item('Нет',0,$qa_value);
+    print_select_item(WEB_select_item_yes,1,$qa_value);
+    print_select_item(WEB_select_item_no,0,$qa_value);
     print "</select>\n";
 }
 
@@ -732,8 +743,8 @@ function print_qa_select_ext($qa_name, $qa_value, $readonly)
     $state = '';
     if ($readonly) { $state='disabled=true'; }
     print "<select name=\"$qa_name\">\n";
-    print_select_item_ext('Да',1,$qa_value, $readonly);
-    print_select_item_ext('Нет',0,$qa_value, $readonly);
+    print_select_item_ext(WEB_select_item_yes,1,$qa_value, $readonly);
+    print_select_item_ext(WEB_select_item_no,0,$qa_value, $readonly);
     print "</select>\n";
 }
 
@@ -753,17 +764,17 @@ function print_dhcp_select($qa_name, $qa_value)
     if (! isset($qa_value) or strlen($qa_value) == 0) {
         $qa_value = 'all';
     }
-    print_select_item('Все события','all',$qa_value);
-    print_select_item('Аренда адреса','add',$qa_value);
-    print_select_item('Обновление аренды','old',$qa_value);
-    print_select_item('Освобождение адреса','del',$qa_value);
+    print_select_item(WEB_select_item_events,'all',$qa_value);
+    print_select_item(WEB_select_item_lease,'add',$qa_value);
+    print_select_item(WEB_select_item_lease_refresh,'old',$qa_value);
+    print_select_item(WEB_select_item_lease_free,'del',$qa_value);
     print "</select>\n";
 }
 
 function print_nagios_handler_select($qa_name)
 {
     print "<select name=\"$qa_name\">\n";
-    print_select_simple('Нет','');
+    print_select_simple(WEB_select_item_no,'');
     print_select_simple('restart-port','restart-port');
     print "</select>\n";
 }
@@ -771,7 +782,7 @@ function print_nagios_handler_select($qa_name)
 function print_dhcp_acl_select($qa_name)
 {
     print "<select name=\"$qa_name\">\n";
-    print_select_simple('Нет','');
+    print_select_simple(WEB_select_item_no,'');
     print_select_simple('hotspot-free','hotspot-free');
     print "</select>\n";
 }
@@ -780,9 +791,9 @@ function print_enabled_select($qa_name, $qa_value)
 {
     print "<select name=\"$qa_name\">\n";
     if (! isset($qa_value) or strlen($qa_value) == 0) { $qa_value = 0; }
-    print_select_item('Все',0,$qa_value);
-    print_select_item('Выключенные',1,$qa_value);
-    print_select_item('Включенные',2,$qa_value);
+    print_select_item(WEB_select_item_every,0,$qa_value);
+    print_select_item(WEB_select_item_disabled,1,$qa_value);
+    print_select_item(WEB_select_item_enabled,2,$qa_value);
     print "</select>\n";
 }
 
@@ -791,7 +802,7 @@ function print_vendor_select($db, $qa_name, $qa_value)
     print "<select name=\"$qa_name\" class=\"js-select-single\">\n";
     $sSQL = "SELECT id,`name` FROM `vendors` order by `name`";
     $vendors = mysqli_query($db, $sSQL);
-    print_select_item('Всё',0,$qa_value);
+    print_select_item(WEB_select_item_all,0,$qa_value);
     while (list ($v_id, $v_name) = mysqli_fetch_array($vendors)) {
 	print_select_item($v_name,$v_id,$qa_value);
     }
@@ -826,8 +837,8 @@ function get_qa($qa_value)
 function print_action_select($action_name, $action_value)
 {
     print "<select name=\"$action_name\">\n";
-	print_select_item('Разрешить',1,$action_value);
-	print_select_item('Запретить',0,$action_value);
+	print_select_item(WEB_select_item_allow,1,$action_value);
+	print_select_item(WEB_select_item_forbidden,0,$action_value);
     print "</select>\n";
 }
 
@@ -938,7 +949,7 @@ function print_device_select($db, $field_name, $device_id)
     print "<select name=\"$field_name\" class=\"js-select-single\" >\n";
     $d_sql = "SELECT D.device_name, D.id FROM devices AS D Where D.deleted=0 order by D.device_name ASC";
     $t_device = mysqli_query($db, $d_sql);
-    print_select_item('Все',0,$device_id);
+    print_select_item(WEB_select_item_every,0,$device_id);
     while (list ($f_name, $f_device_id) = mysqli_fetch_array($t_device)) {
 	print_select_item($f_name,$f_device_id,$device_id);
     }
@@ -950,7 +961,7 @@ function print_netdevice_select($db, $field_name, $device_id)
     print "<select name=\"$field_name\" class=\"js-select-single\" >\n";
     $d_sql = "SELECT D.device_name, D.id FROM devices AS D Where D.deleted=0 and D.device_type<=2 order by D.device_name ASC";
     $t_device = mysqli_query($db, $d_sql);
-    print_select_item('Все',0,$device_id);
+    print_select_item(WEB_select_item_every,0,$device_id);
     while (list ($f_name, $f_device_id) = mysqli_fetch_array($t_device)) {
 	print_select_item($f_name,$f_device_id,$device_id);
     }
@@ -976,7 +987,7 @@ function print_device_select_ip($db, $field_name, $device_ip)
     print "<select name=\"$field_name\" class=\"js-select-single\" >\n";
     $d_sql = "SELECT D.device_name, D.ip FROM devices AS D Where D.deleted=0 order by D.device_name ASC";
     $t_device = mysqli_query($db, $d_sql);
-    print_select_item('Все','',$device_ip);
+    print_select_item(WEB_select_item_every,'',$device_ip);
     while (list ($f_name, $f_device_ip) = mysqli_fetch_array($t_device)) {
 	print_select_item($f_name,$f_device_ip,$device_ip);
     }
@@ -988,7 +999,7 @@ function print_syslog_device_select($db, $field_name, $syslog_filter, $device_ip
     print "<select name=\"$field_name\" class=\"js-select-single\" >\n";
     $d_sql = "SELECT R.ip, D.device_name FROM (SELECT DISTINCT ip FROM remote_syslog WHERE $syslog_filter) AS R LEFT JOIN (SELECT ip, device_name FROM devices WHERE deleted=0) AS D ON R.ip=D.ip ORDER BY R.ip ASC";
     $t_device = mysqli_query($db, $d_sql);
-    print_select_item('Все','',$device_ip);
+    print_select_item(WEB_select_item_every,'',$device_ip);
     while (list ($f_ip, $f_name) = mysqli_fetch_array($t_device)) {
         if (!isset($f_name) or $f_name === '') { $f_name=$f_ip; }
 	print_select_item($f_name,$f_ip,$device_ip);
@@ -1001,7 +1012,7 @@ function print_gateway_select($db, $field_name, $device_id)
     print "<select name=\"$field_name\" >\n";
     $d_sql = "SELECT D.device_name, D.id FROM devices AS D Where D.deleted=0 and D.device_type=2 order by D.device_name ASC";
     $t_device = mysqli_query($db, $d_sql);
-    print_select_item('Все',0,$device_id);
+    print_select_item(WEB_select_item_every,0,$device_id);
     while (list ($f_name, $f_device_id) = mysqli_fetch_array($t_device)) {
 	print_select_item($f_name,$f_device_id,$device_id);
     }
@@ -3107,7 +3118,7 @@ if ($value == $current) { print "<option value=$value selected>$description</opt
 
 function print_row_at_pages ($name,$value) {
 print "<select name='".$name."'>\n";
-print_select_item('Много',pow(10,10),$value);
+print_select_item(WEB_select_item_more,pow(10,10),$value);
 print_select_item('25',25,$value);
 print_select_item('50',50,$value);
 print_select_item('100',100,$value);

html/inc/header.php

@@ -53,5 +53,5 @@ $('.js-select-single').select2();
 </a> |
 <a href="/admin/customers/control.php"> Managment </a> |
 <a href="/admin/logs/"> Logs </a> |
-<a href="<?php print $page_url.'?logout=1'; ?>">Exit</a>
+<a href="/logout.php">Exit</a>
 </div>

html/inc/languages/russian.php

@@ -107,10 +107,18 @@ define("WEB_MONTHS", array(
 12 => "Декабрь"
 ));
 
-/* common */
+/* common variables */
+define("WEB_days","дней");
+define("WEB_sec","секунд");
+
+/* error messages */
+define("WEB_auth_unknown","IP-адрес клиента не установлен");
+define("WEB_msg_exists","уже существует!");
+define("WEB_msg_ip_error","Формат адреса не верен!");
+
+/* common message */
 define("WEB_msg_IP","IP-адрес");
 define("WEB_msg_ERROR","Ошибка!");
-define("WEB_auth_unknown","IP-адрес клиента не установлен");
 define("WEB_msg_enabled","Включен");
 define("WEB_msg_disabled","Выключен");
 define("WEB_msg_login","Логин");
@@ -120,14 +128,59 @@ define("WEB_msg_now","Сейчас");
 define("WEB_msg_forbidden","Запрещено");
 define("WEB_msg_traffic_blocked","Блок по трафику");
 define("WEB_msg_internet","Интернет");
-define("WEB_msg_run","Выполнить");
-define("WEB_msg_refresh","Обновить");
-define("WEB_msg_delete","Удалить");
-define("WEB_msg_apply","Применить");
-define("WEB_msg_add","Добавить");
-define("WEB_days","дней");
-define("WEB_sec","секунд");
-define("WEB_page_speed","Страница сгенерирована за ");
+
+/* select items */
+define("WEB_select_item_yes","Да");
+define("WEB_select_item_no","Нет");
+define("WEB_select_item_lease","Аренда адреса");
+define("WEB_select_item_enabled","Включенные");
+define("WEB_select_item_wan","Внешний");
+define("WEB_select_item_lan","Внутренний");
+define("WEB_select_item_all_ips","Всe ip");
+define("WEB_select_item_every","Все");
+define("WEB_select_item_all","Всё");
+define("WEB_select_item_events","Все события");
+define("WEB_select_item_disabled","Выключенные");
+define("WEB_select_item_forbidden","Запретить");
+define("WEB_select_item_more","Много");
+define("WEB_select_item_lease_refresh","Обновление аренды");
+define("WEB_select_item_lease_free","Освобождение адреса");
+define("WEB_select_item_allow","Разрешить");
+
+/* submenu */
+define("WEB_submenu_dhcp_log","Журнал dhcp");
+define("WEB_submenu_work_log","Журнал работы");
+define("WEB_submenu_mac_history","Приключения маков");
+define("WEB_submenu_ip_history","История ip-адресов");
+define("WEB_submenu_mac_unknown","Неизвестные");
+define("WEB_submenu_traffic","Трафик");
+define("WEB_submenu_syslog","syslog");
+define("WEB_submenu_control","Управление");
+define("WEB_submenu_network","Сети");
+define("WEB_submenu_network_stats","Сети (Статистика)");
+define("WEB_submenu_options","Параметры");
+define("WEB_submenu_customers","Пользователи");
+define("WEB_submenu_filter_list","Список фильтров");
+define("WEB_submenu_filter_group","Группы фильтров");
+define("WEB_submenu_traffic_ip_report","Отчёт по трафику (ip)");
+define("WEB_submenu_traffic_login_report","Отчёт по трафику (login)");
+define("WEB_submenu_traffic_top10","TOP 10 по трафику");
+define("WEB_submenu_detail_log","Подробный лог");
+define("WEB_submenu_net_devices","Активное сетевое оборудование");
+define("WEB_submenu_passive_net_devices","Пассивное оборудование");
+define("WEB_submenu_buildings","Расположение");
+define("WEB_submenu_hierarchy","Структура");
+define("WEB_submenu_device_models","Модели устройств");
+define("WEB_submenu_vendors","Vendors");
+define("WEB_submenu_ports_vlan","Порты по вланам");
+define("WEB_submenu_ports","Порты");
+define("WEB_submenu_state","Состояние");
+define("WEB_submenu_connections","Соединения");
+define("WEB_submenu_ip_list","Список адресов");
+define("WEB_submenu_nagios","Информация для nagios");
+define("WEB_submenu_doubles","Дубли");
+define("WEB_submenu_deleted","Удалённые адреса");
+define("WEB_submenu_auto_rules","Правила автоназначения");
 
 /* header title */
 define("WEB_site_title","Панель администратора");
@@ -138,6 +191,8 @@ define("WEB_title_users_ips","Все адреса");
 define("WEB_title_filters","Фильтры");
 define("WEB_title_shapers","Шейперы");
 define("WEB_title_devices","Инфраструктура");
+define("WEB_page_speed","Страница сгенерирована за ");
+define("WEB_rows_at_page","Записей на страницу");
 
 /* traffic headers */
 define("WEB_title_ip","Адрес");
@@ -193,6 +248,7 @@ define("WEB_list_subnet","Список подсетей");
 define("WEB_list_customers","Список администраторов");
 define("WEB_list_filters","Список фильтров");
 define("WEB_list_users","Список полльзователей");
+define("WEB_list_models","Список моделей устройств");
 
 /* button names */
 define("WEB_btn_remove","Удалить");
@@ -205,12 +261,12 @@ define("WEB_btn_mac_add","+MAC");
 define("WEB_btn_mac_del","-MAC");
 define("WEB_btn_ip_add","+IP");
 define("WEB_btn_ip_del","-IP");
-
-/* error messages */
-define("WEB_msg_exists","уже существует!");
-define("WEB_msg_ip_error","Формат адреса не верен!");
-
-/* log messages */
+define("WEB_btn_run","Выполнить");
+define("WEB_btn_refresh","Обновить");
+define("WEB_btn_delete","Удалить");
+define("WEB_btn_apply","Применить");
+define("WEB_btn_add","Добавить");
+define("WEB_btn_show","Показать");
 
 /* control options */
 define("WEB_config_remove_option","Удалён параметр");
@@ -267,6 +323,7 @@ define("WEB_custom_titles","Администратор");
 define("WEB_custom_login","Логин");
 define("WEB_custom_password","Пароль");
 define("WEB_custom_mode","Только просмотр");
+define("WEB_custom_api_key","Ключ API");
 
 /* custom index */
 define("WEB_custom_index_title","Администраторы");
@@ -284,4 +341,8 @@ define("WEB_msg_traffic_for_login","Трафик клиента");
 define("WEB_public_day_traffic","за день, (Вх/Исх)");
 define("WEB_public_month_traffic","за месяц, (Вх/Исх)");
 
+/* device models */
+define("WEB_model_vendor","Производитель");
+define("WEB_nagios_template","Шаблон Нагиос");
+
 ?>

html/inc/login.php

@@ -1,165 +0,0 @@
-<?php
-define("CONFIG", 1);
-define("SQL", 1);
-require_once ($_SERVER['DOCUMENT_ROOT']."/cfg/config.php");
-require_once ($_SERVER['DOCUMENT_ROOT']."/inc/sql.php");
-require_once ($_SERVER['DOCUMENT_ROOT']."/inc/common.php");
-
-function is_session_exists() {
-    $sessionName = session_name();
-    if (!empty($_COOKIE[$sessionName]) || !empty($_REQUEST[$sessionName])) {
-        session_start();
-        return !empty($_SESSION);
-    }
-    return false;
-}
-
-function auth()
-{
-    header("WWW-Authenticate: Basic realm=\"Administration Panel\"");
-    close_access();
-    exit();
-}
-
-function close_access()
-{
-    header('HTTP/1.1 401 Unauthorized');
-    echo "You must enter a valid login and password to access this resource\n";
-    exit();
-}
-
-function login($db)
-{
-    session_start();
-
-//default timeout 8h in seconds
-    $inactive = 3600*8;
-    if (empty($_SESSION['timeout'])) { $_SESSION['timeout']=time(); }
-    $session_life = time() - $_SESSION['timeout'];
-    if($session_life > $inactive) { session_destroy(); header("Location: /logout.php"); }
-
-    if (empty($_SERVER['PHP_AUTH_USER']) and empty($_SERVER['PHP_AUTH_PW'])) {
-        auth();
-    }
-
-    if (! IsAuthenticated($db)) {
-        close_access();
-        exit();
-    }
-}
-
-function Silentlogin($db)
-{
-    session_start();
-    if (! IsSilentAuthenticated($db)) {
-        close_access();
-        exit();
-    }
-}
-
-function IsAuthenticated($db)
-{
-    if (!empty($_SESSION['user_id'])) { return 1; }
-
-    if (empty($auth_ip)) {
-        $auth_ip = get_user_ip();
-        $_SESSION['IP'] = $auth_ip;
-    }
-
-    if (!empty($_SERVER['PHP_AUTH_USER'])) {
-        $login = trim($_SERVER['PHP_AUTH_USER']);
-    }
-    if (!empty($_SERVER['PHP_AUTH_PW'])) {
-        $pass = trim($_SERVER['PHP_AUTH_PW']);
-    }
-
-    if (empty($login) or empty($pass)) {
-        LOG_DEBUG($db, "login [$login] or password [$pass] undefined from $auth_ip: fail!");
-        return false;
-    }
-    
-    $login = htmlspecialchars(stripslashes(substr($login, 0, 20)));
-    $pass = md5($pass);
-    if ($login == '' or $pass == '') {
-        LOG_DEBUG($db, "login [$login] or password [$pass] undefined from $auth_ip: fail!");
-        return false;
-    }
-
-    // LOG_DEBUG($db,"Try login [$login] with password [$pass] from $auth_ip.");
-    $query = "SELECT id FROM `Customers` WHERE Login='{$login}' AND `Pwd`='{$pass}' LIMIT 1";
-    $auth_login = mysqli_query($db, $query);
-    list ($auth_id) = mysqli_fetch_array($auth_login);
-    if (!empty($auth_id) and $auth_id > 0) {
-        if (empty($_SESSION['session_id'])) {
-            session_regenerate_id();
-            $_SESSION['session_id'] = session_id();
-        }
-        if (empty($_SESSION['user_id'])) {
-            LOG_DEBUG($db, "login user [$login] from " . $_SESSION['IP'] . ": success.");
-        }
-        $_SESSION['user_id'] = $auth_id;
-        $_SESSION['login'] = $login;
-        return 1;
-    }
-    LOG_DEBUG($db, "login user [$login] from " . $_SESSION['IP'] . ": fail!");
-}
-
-function IsSilentAuthenticated($db)
-{
-    if (!empty($_SESSION['user_id'])) {
-        return 1;
-    }
-
-    if (empty($auth_ip)) {
-        $auth_ip = get_user_ip();
-        $_SESSION['IP'] = $auth_ip;
-    }
-
-    if (!empty($_GET['login'])) {
-        $login = trim($_GET['login']);
-    }
-    if (!empty($_POST['login'])) {
-        $login = trim($_POST['login']);
-    }
-    if (!empty($_GET['password'])) {
-        $pass = trim($_GET['password']);
-    }
-    if (!empty($_POST['password'])) {
-        $pass = trim($_POST['password']);
-    }
-
-    if (empty($login) or empty($pass)) {
-        LOG_DEBUG($db, "login or password undefined from $auth_ip: fail!");
-        return false;
-    }
-
-    $login = htmlspecialchars(stripslashes(substr($login, 0, 20)));
-    $pass = $pass;
-
-    if ($login == '' or $pass == '') {
-        LOG_DEBUG($db, "login or password undefined from $auth_ip: fail!");
-        return false;
-    }
-
-    // LOG_DEBUG($db,"Try silent login [$login] with password [$pass] from $auth_ip.");
-    $query = "SELECT id FROM `Customers` WHERE Login='{$login}' AND `Pwd`='{$pass}' LIMIT 1";
-
-    $auth_login = mysqli_query($db, $query);
-    list ($auth_id) = mysqli_fetch_array($auth_login);
-    if (!empty($auth_id) and $auth_id > 0) {
-        if (empty($_SESSION['session_id'])) {
-            session_regenerate_id();
-            $_SESSION['session_id'] = session_id();
-        }
-        if (empty($_SESSION['user_id'])) {
-            LOG_DEBUG($db, "login user [$login] from " . $_SESSION['IP'] . ": success.");
-        }
-        $_SESSION['user_id'] = $auth_id;
-        $_SESSION['login'] = $login;
-        return 1;
-    }
-
-    LOG_DEBUG($db, "Silent login user $login from " . $_SESSION['IP'] . ": fail!");
-}
-
-?>

html/inc/qauth.php

@@ -1,5 +1,4 @@
 <?php
-require_once ("login.php");
+require_once ("auth.utils.php");
 Silentlogin($db_link);
-// session_write_close();
 ?>

html/login.css

@@ -0,0 +1,60 @@
+* {
+    box-sizing: border-box;
+    font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif;
+    font-size: 16px;
+    -webkit-font-smoothing: antialiased;
+    -moz-osx-font-smoothing: grayscale;
+}
+body {
+    background-color: #435165;
+}
+.login {
+    width: 400px;
+    background-color: #ffffff;
+    box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
+    margin: 100px auto;
+}
+.login h1 {
+    text-align: center;
+    color: #5b6574;
+    font-size: 24px;
+    padding: 20px 0 20px 0;
+    border-bottom: 1px solid #dee0e4;
+}
+.login form {
+    display: flex;
+    flex-wrap: wrap;
+    justify-content: center;
+    padding-top: 20px;
+}
+.login form label {
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    width: 50px;
+    height: 50px;
+    background-color: #3274d6;
+    color: #ffffff;
+}
+.login form input[type="password"], .login form input[type="text"] {
+    width: 310px;
+    height: 50px;
+    border: 1px solid #dee0e4;
+    margin-bottom: 20px;
+    padding: 0 15px;
+}
+.login form input[type="submit"] {
+    width: 100%;
+    padding: 15px;
+    margin-top: 20px;
+    background-color: #3274d6;
+    border: 0;
+    cursor: pointer;
+    font-weight: bold;
+    color: #ffffff;
+    transition: background-color 0.2s;
+}
+.login form input[type="submit"]:hover {
+    background-color: #2868c7;
+    transition: background-color 0.2s;
+}

html/login.php

@@ -0,0 +1,55 @@
+<?php
+
+require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.utils.php");
+require_once ($_SERVER['DOCUMENT_ROOT']."/inc/languages/" . HTML_LANG . ".php");
+
+$error = '';
+
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
+
+    $login = trim($_POST['login']);
+    $password = trim($_POST['password']);
+
+    // validate if login is empty
+    if (empty($login)) {
+        $error .= '<p class="error">Please enter login.</p>';
+	}
+
+    // validate if password is empty
+    if (empty($password)) {
+        $error .= '<p class="error">Please enter your password.</p>';
+	}
+
+    if (empty($error)) {
+	if (login($db_link)) { header("Location: /admin/index.php"); }
+	}
+
+    }
+?>
+
+<!DOCTYPE html>
+<html>
+    <head>
+    <title><?php echo WEB_site_title; ?> login</title>
+    <link rel="stylesheet" type="text/css" href="/<?php echo HTML_STYLE.'.css'; ?>">
+    <link rel="stylesheet" type="text/css" href="/login.css" >
+    <meta http-equiv="content-type" content="application/xhtml+xml" />
+    <meta charset="UTF-8" />
+    </head>
+    <body>
+	<div class="login">
+	    <h1>Login</h1>
+	    <form action="" method="post">
+		<label for="username">
+		    <i class="fas fa-user"></i>
+		</label>
+		<input type="text" name="login" placeholder="Username" id="login" required>
+		<label for="password">
+		    <i class="fas fa-lock"></i>
+		</label>
+		<input type="password" name="password" placeholder="Password" id="password" required>
+		<input type="submit" name="submit" value="Login">
+	    </form>
+	</div>
+    </body>
+</html>

html/logout.php

@@ -1,13 +1,4 @@
 <?php
-require_once ("inc/auth.php");
-
-$logout_url = '/admin/logout.html';
-LOG_DEBUG($db_link, "logout user " . $_SESSION['login'] . " from " . $_SESSION['IP']);
-
-unset($_COOKIE[session_name()]);
-$_SESSION = array();
-session_destroy();
-
-header('Location: ' . $logout_url, true, 301);
-
+require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.utils.php");
+logout();
 ?>

updates/20230312/mysql-customer.sql

@@ -0,0 +1,4 @@
+ALTER TABLE `Customers` ADD `api_key` VARCHAR(255) NULL DEFAULT NULL AFTER `Pwd`;
+UPDATE `Customers` set `api_key`=MD5(`Pwd`) where `api_key` is null;
+ALTER TABLE `Customers` CHANGE `Pwd` `password` VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT 'NULL';
+ALTER TABLE `Customers` CHANGE `api_key` `api_key` VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL;