Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2009 → Rev 2010

/web/acc/backup/log_generation.php
0,0 → 1,394
<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>ALCASAR Report</TITLE>
<link rel="stylesheet" type="text/css" href="../../../css/bootstrap.min.css">
<script src="../../../js/jquery.js"></script>
<script src="../../../js/bootstrap.min.js"></script>
<style>
body{
background-color: #EFEFEF;
}
</style>
</HEAD>
<body>
 
<?php
#Cette page permet de générer les journaux d'imputabilité dans une archive avec mot de passe.
#Lors de la création de cette archive, tous les utilisateurs d'alcasar seront prévenus lors de leur prochaine connexion par un message d'alerte.
#Cette page a été créé suite à la demande d'une préfecture de police afin de faciliter le déroulement des affaires judiciaires UNIQUEMENT.
 
 
# Choice of language
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
{
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2));
}
if($Language == 'fr')
{
$l_info = "Génération des journaux d'imputabilité";
$l_log_info = "Vous allez générer des journaux qui avertiront tous les utilisateurs. En effet, cette pratique est réservée uniquement de le cadre d'une enquête judiciaire. Vous comprenez donc les risques en continuant ici.";
$l_password = "Entrez votre mot de passe afin de protéger votre archive contenant le PDF des journaux d'imputabilité";
$l_submit = "Continuer";
$l_date1="Commençant le ...";
$l_date2="Terminant le ...";
$l_hours="Jusqu\'au ...";
$l_options_info = "Que désirez vous?";
$l_options_1="Tous les journaux";
$l_options_2="Selectionnez un intervale ...";
$l_options_3="Selectionnez depuis une date ...";
$l_load="Chargement...";
$l_create="Les utilisateurs ont été prévenus de cette action et l'archive a bien été crée, retenez bien votre mot de passe car il sera impossible de vous le redonner";
$l_download="Télécharger l'archive";
$l_error="Vous devez remplir les informations du formulaire!";
$l_demandeur="Nom du demandeur :";
$l_commentary="Raison :";
$l_info_form="Information du demandeur :";
$l_logtab="Dernières entrées :";
$l_empty_log="Les journaux sont vides";
}
else
{
$l_info = "Imputabilities logs generation";
$l_log_info = "You are generating logs which will warn users. In fact, this action is only reserved for a judicial investigation. So, you understand risks if you proceed.";
$l_password = "Enter your password to protect your archive which contains the PDF of imputabilities logs.";
$l_submit = "Proceed";
$l_date1="Start at ...";
$l_date2="End at ...";
$l_hours="At ...";
$l_options_info = "What do you want?";
$l_options_1="All logs";
$l_options_2="Select a range ...";
$l_options_3="Select from a specific date ...";
$l_create="Users have been warned and your archive has been created! Don't forget your password!";
$l_load="Loading...";
$l_download="Download archive";
$l_error="You need to submit form informations!!";
$l_demandeur="Applicant name :";
$l_commentary="Reason :";
$l_info_form="User Information";
$l_logtab="Last entries :";
$l_empty_log="Logs are empty";
}
 
 
$filename='/var/www/html/acc/backup/log_info.txt';
 
if(isset($_POST['submit']))
{
$password=$_POST['password'];
$demandeur=$_POST['demandeur'];
$raison=$_POST['comment'];
 
#si le mot de passe est vide ou si il contient des espaces
if($password != "" && $demandeur != "" && $raison != "")
{
#Génération de log
$text=date("Y-m-d H:i:s")."|||".$demandeur."|||".$raison."|||".$_SERVER['REMOTE_ADDR']."|||";
#supprimer les nouvelles lignes
$text = str_replace("\n", ' ', $text);
$text = str_replace("\r", ' ', $text);
 
file_put_contents($filename, $text.PHP_EOL, FILE_APPEND);
 
 
#Création des journaux dans une archive avec mot de passe.
$filename_logs="imputabilities_logs.zip";
switch($_POST['submit'])
{
case 'query_all':
exec("sudo alcasar-generate_log.sh '$password'");
break;
case 'query_range':
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec'];
$date2_selected= $_POST['stop-year'].'-'.$_POST['stop-month'].'-'.$_POST['stop-day'].' '.$_POST['stop-hour'].':'.$_POST['stop-min'].':'.$_POST['stop-sec'];
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected' '$date2_selected' ");
break;
case 'query_simple':
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec'];
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected'");
break;
}
 
 
#Interface permettant de télécharger les journaux d'imputabilité
echo "<h3>$l_create</h3>";
echo "<a href=\"$filename_logs\" class=\"btn btn-info btn-lg\">";
echo " <span class=\"glyphicon glyphicon-download-alt\"></span> $l_download";
echo "</a>";
}
else
{
echo "$l_error";
}
 
 
 
}
else
{
#Interface permettant de configurer la génération des journaux d'imputabilité.
echo "<div>";
echo " <div style=\"margin-top:20px\">";
echo " <div>";
echo " <fieldset>";
echo " <h3>$l_info</h3>";
echo " <p>$l_log_info</p>";
echo " </fieldset>";
 
echo "<h4> $l_options_info </h4>";
echo "<div class=\"radio\">";
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact1()\" checked> $l_options_1 </label>";
echo "</div>";
echo "<div class=\"radio\">";
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact2()\"> $l_options_2 </label>";
echo "</div>";
echo "<div class=\"radio\">";
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact3()\"> $l_options_3 </label>";
echo "</div>";
echo "<form name=\"form_log\" method=\"post\" action=\"log_generation.php\" role=\"form\">";
echo "<p> $l_password </p><input name=\"password\" type=\"password\" size=\"25\">";
echo "<h2>$l_info_form</h2>";
echo "<p>$l_demandeur</p><textarea name='demandeur' style=\"height:25px;\"></textarea>";
echo "<p>$l_commentary</p><textarea name='comment'></textarea>";
echo "<p id=\"query_option\"></br></br><button type=\"submit\" onClick=\"this.classList.add('disabled');\" class=\"btn btn-primary\" name=\"submit\" value=\"query_all\"> $l_submit </button></p>";
 
 
 
}
 
echo "<br><div style=\"height:1px;background:#717171;border-bottom:1px solid #313030:\"></div>";
echo "<h2>$l_logtab</h2>";
if(file_exists($filename)){
 
echo "<div class=\"container\">";
echo "<table class=\"table table-striped\">";
echo "<thead>";
echo "<tr>";
echo "<th>Date</th>";
echo "<th>User</th>";
echo "<th>Reason</th>";
echo "<th>IP address</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
$fichier = fopen($filename, "r");
$content = file($filename);
foreach($content as $line){
$infos=explode("|||", $line);
echo "<tr>";
echo "<td>$infos[0]</td>";
echo "<td>$infos[1]</td>";
echo "<td>$infos[2]</td>";
echo "<td>$infos[3]</td>";
echo "</tr>";
}
 
echo "</tbody>";
echo "</table>";
echo "</div>";
 
 
}
else
{
echo "<p>$l_empty_log</p>";
}
 
#javascript permettant de generer les dropdown des dates. Il faut s'assurer que les données envoyées soient au bon format afin d'etre traité dans alcasar-generation_logs.sh
 
echo "<script>";
 
echo "function radio_interact1() {";
echo "document.getElementById(\"query_option\").innerHTML = '";
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_all\"> $l_submit</button>";
echo "';}";
 
echo "function radio_interact2() {";
echo " document.getElementById(\"query_option\").innerHTML = '";
 
echo "$l_date1 <select name=\"start-year\">";
$year = date('Y');
$years = $year-50;
for ($i = $year; $i >= $years; $i--) {
$sel = ($i == $year) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"start-month\">";
$month = date('m');
for ($i = 1; $i <= 12; $i++) {
$sel = ($i == $month) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
 
echo "</select>";
echo "-<select name=\"start-day\">";
$day = date('d');
for ($i = 1; $i <= 31; $i++) {
$sel = ($i == $day) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
 
echo "</select>";
echo "$l_hours <select name=\"start-hour\">";
$hour = date('G');
for ($i = 0; $i <= 23; $i++) {
$sel = ($i == $hour) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-min\">";
$min = date('i');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $min) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-sec\">";
$sec = date('s');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $sec) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "</br>";
 
echo "$l_date2 <select name=\"stop-year\">";
$year = date('Y');
$years = $year-50;
for ($i = $year; $i >= $years; $i--) {
$sel = ($i == $year) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"stop-month\">";
$month = date('m')+1;
for ($i = 1; $i <= 12; $i++) {
$sel = ($i == $month) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
 
echo "</select>";
echo "-<select name=\"stop-day\">";
$day = date('d');
for ($i = 1; $i <= 31; $i++) {
$sel = ($i == $day) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
 
echo "</select>";
echo "$l_hours <select name=\"stop-hour\">";
$hour = date('G');
for ($i = 0; $i <= 23; $i++) {
$sel = ($i == $hour) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"stop-min\">";
$min = date('i');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $min) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"stop-sec\">";
$sec = date('s');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $sec) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_range\"> $l_submit</button>";
echo "';}";
 
 
 
echo "function radio_interact3() {";
echo " document.getElementById(\"query_option\").innerHTML = '";
 
echo "$l_date1 <select name=\"start-year\">";
$year = date('Y');
$years = $year-50;
for ($i = $year; $i >= $years; $i--) {
$sel = ($i == $year) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"start-month\">";
$month = date('m');
for ($i = 1; $i <= 12; $i++) {
$sel = ($i == $month) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
 
echo "</select>";
echo "-<select name=\"start-day\">";
$day = date('d');
for ($i = 1; $i <= 31; $i++) {
$sel = ($i == $day) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
 
echo "</select>";
echo "$l_hours <select name=\"start-hour\">";
$hour = date('G');
for ($i = 0; $i <= 23; $i++) {
$sel = ($i == $hour) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-min\">";
$min = date('i');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $min) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-sec\">";
$sec = date('s');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $sec) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_simple\"> $l_submit</button>";
echo "';}";
echo "</script>";
 
echo "</form>";
echo "</div>";
echo "</div>";
echo "</div>";
?>
 
</body>
</html>
 
 
 
 
/web/acc/backup.php
1,6 → 1,8
<?php
$select[0]="$l_backup_archive";
$select[1]="$l_backup_log";
$fich[0]="backup/sauvegarde.php";
$fich[1]="backup/log_generation.php";
$j=0;
while ($j != count($select))
{
/web/acc/manager/lib/sql/change_attrs.php
82,6 → 82,8
if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') || $sql_attr=='Filter-Id'){
$old_val = $item_vals["$key"][$j];
$old_val = da_sql_escape_string($link, $old_val);
#we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs.
$val[3]=$old_val[3];
$res = da_sql_query($link,$config,
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
attribute = '$sql_attr' AND value = '$old_val';");
/web/acc/menu.php
74,6 → 74,7
$l_log="Générer les journaux";
$l_backup_archive="Archives";
$l_activity_report="Rapport d'activité";
$l_backup_log="Journaux d'imputabilité";
}
else
{
/web/index.php
83,11 → 83,28
return $time[0]." h ".$time[1]." m ".$time[2]." s";
}
 
//if user need to be warn
if(isset($_GET['warn']) && isset($_GET['url']))
{
$direct_access = False;
}
 
 
# If the user is connected : retrieve the 3 last connexions
if ((isset ($user[4])) && ($user[4] != "0")){
 
if(isset($_GET['redirect'])) # if user has been warned, we redirect him to his website
{
$redir = "http://".$_GET['url'];
header("Location: $_GET[url]",TRUE,307);
exit;
}
 
 
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
include_once("/etc/freeradius-web/config.php");
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history";
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
if ($link){
127,6 → 144,8
if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest.
echo "<script>window.location.reload(true)</script>"; # force DNS request
}
}
# Choice of language
if($Language == 'fr'){
169,6 → 188,13
$l_service_sms = "Service SMS actif";
$l_service_sms_n = "Service SMS non actif";
$l_acc_sms = "Auto enregistrement par SMS";
$l_explain_warn = "L'administrateur a créé une archive contenant vos journaux de connexion dans le cadre d'une affaire judiciaire.";
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>Je comprends et je souhaite continuer ma navigation.</a>";
$l_title_warn="Cher utilisateur, ";
$l_explain_warn_name="Une personne sous le nom de ";
$l_explain_warn_ip="sous cette IP : ";
$l_explain_warn_date="a consulté vos journaux de connexion le ";
$l_explain_warn_reason="en émettant la raison suivante : ";
}
else if($Language == 'pt'){
$l_access_denied = "Controle de acesso";
210,6 → 236,13
$l_service_sms = "SMS service enable";
$l_service_sms_n = "SMS service disable";
$l_acc_sms = "Auto registration by SMS";
$l_explain_warn = "El administrador ha creado un archivo que contiene los periódicos de inicio de sesión como parte de un proceso judicial.";
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>Lo comprendo y deseo continuar mi navegación.</a>";
$l_title_warn="Estimado usuario,";
$l_explain_warn_name="El usario ";
$l_explain_warn_ip="con este IP : ";
$l_explain_warn_date="consultó a sus registros de conexión el ";
$l_explain_warn_reason="con la siguiente razón : ";
}
else {
$l_access_denied = "Access control";
251,6 → 284,13
$l_service_sms = "SMS service enable";
$l_service_sms_n = "SMS service disable";
$l_acc_sms = "Auto registration by SMS";
$l_explain_warn = "The administrator created an archive which contains your imputabilities logs for a judicial investigation.";
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>I understand and I wish to continue.</a>";
$l_title_warn="Dear user,";
$l_explain_warn_name="Someone called ";
$l_explain_warn_ip="with this IP : ";
$l_explain_warn_date="has read your connexion logs at ";
$l_explain_warn_reason="because : ";
}
 
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
318,9 → 358,19
}
}
else {
#if user need to be warn about that someone who read his logs
if(isset($_GET['warn']) && isset($_GET['url']) && $_GET['warn'] == '1')
{
echo"
<div id=\"cadre_titre\" class=\"titre_refus\">
<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>";
<p id=\"acces_controle\" class=\"titre_refus\">$l_title_warn</p>";
}
else
{
echo"
<div id=\"cadre_titre\" class=\"titre_refus\">
<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>";
}
}
?>
<div id="boite_logo">
396,6 → 446,45
</div>";
}
else {
#if user need to be warn about that someone who read his logs
if(isset($_GET['warn']) && isset($_GET['url']) && $_GET['warn'] == '1')
{
$filename="/var/www/html/acc/backup/log_info.txt";
$l_explain_warn="";
if(file_exists($filename)){
$fichier = fopen($filename, "r");
$content = file($filename);
foreach($content as $line){
$infos=explode("|||", $line);
$log_date=$infos[0];
$log_user=$infos[1];
$log_reason=$infos[2];
$log_ip=$infos[3];
}
 
$l_explain_warn="$l_explain_warn_name$log_user ( $l_explain_warn_ip$log_ip ) $l_explain_warn_date$log_date $l_explain_warn_reason$log_reason";
}
else
{
echo "Log error!";
}
echo "
<div id=\"box_refuse\">
<img src=\"$img_rep$img_warning\">
<p>$l_explain_warn</p>
 
</div>
<div id=\"liens_redir\">
<p>$l_continue_link</p>
</div>";
 
}
else
{
echo "
<div id=\"box_refuse\">
<img src=\"$img_rep$img_false\">
404,7 → 493,8
<div id=\"liens_redir\">
<p>$l_back_page</p>
</div>";
}
}
}
if (($network_pb)&&(! $direct_access)) {
echo " <span>Diagnostic : $diagnostic</span>";
}
/web/intercept.php
374,6 → 374,37
default: $result = 0; // Default: It was not a form request -> client go to login form
}
 
//check if we need to warn user about the imputability logs.
if($result == 1)
{
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
include_once("/etc/freeradius-web/config.php");
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
$user_url=$_GET['userurl'];
$user_uid=$_GET['uid'];
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'";
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
if ($link){
$res = @da_sql_query($link,$config,$sql); // on affiche pas les erreurs
if ($res){
while(($row = @da_sql_fetch_array($res,$config))){
if ($row['attribute'] == "Filter-Id") $filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
}
if($filter_id[3] == '1')
{
#set the fourth bit of filter-id to '0'
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
$res = mysqli_multi_query($link,$sql);
header("Location: http://alcasar/index.php?warn=1&url=$user_url"); //we present to user information about imputability logs
exit;
}
}
}
}
}
 
 
# Otherwise it was not a form request
# Send out an error message
if ($result == 0) { //erreur