#!/bin/sh

# Initialize library
MOD_CP_LIB=/opt/captive_portal/usr/libexec/functions
[ -f "$MOD_CP_LIB" ] || exit 2
. $MOD_CP_LIB

# Prepare environment
get_public_iface_info

# Verify user-agent
verify_useragent()
{
  # prepare variables
  USER_AGENT="$1"
  UA_DIR=$MOD_CP_SHARE_DIR/useragent
  # check whole whitelist
  while read expr; do
    # continue if not found
    echo "$USER_AGENT" | grep -q "$expr" || continue
    # check whole blacklist
    while read expr; do
       # abort if found
       echo "$USER_AGENT" | grep -q "$expr" && return 2
    done < $UA_DIR/blacklist
    # success = found in whitelist and not found in blacklist
    return 0
  done < $UA_DIR/whitelist
  return 1
}

# Verify ban by MAC address
verify_ban()
{
  NOW=`date +%s`
  for F in `grep -l "$1" $MOD_CP_BAN_DIR/* 2>/dev/null`; do
    QUERY=`cat $F`
    BAN_EXPIRE=`query_value_get "$QUERY" since`
    BAN_TIME=$((BAN_EXPIRE-NOW))
    if [ $BAN_TIME -ge 0 ]; then
      return 1
    else
      rm $F
    fi
  done
  return 0
}

# Verify restrict by MAC address
verify_restricted()
{
  NOW=`date +%s`
  for F in `grep -l "$1" $MOD_CP_RESTRICTED_DIR/* 2>/dev/null`; do
    QUERY=`cat $F`
    RESTRICTED_EXPIRE=`query_value_get "$QUERY" since`
    RESTRICTED_TIME=$((RESTRICTED_EXPIRE-NOW))
    if [ $RESTRICTED_TIME -ge 0 ]; then
      return 1
    else
      rm $F
    fi
  done
  return 0
}

# Execute command
PUBLIC_IF=`get_public_iface $2`
echo "public if $PUBLIC_IF $2" >> $MOD_CP_USERS_LOG_FILE
NOW=`date +%s`
NOW_LOG=`date +'%Y-%m-%d %H:%M:%S'`
case "$1" in
    login)
        IP=$2
        [ -n "$IP" ] || exit 3
        [ -f $MOD_CP_IP_DIR/$IP ] && exit 4
        [ -n "$3" ] || exit 5
        verify_useragent "$4"
        if [ $? -ne 0 ]; then
          echo "$4" >> $MOD_CP_DB_DIR/bad_ua.txt
          echo "$NOW_LOG login: $PUBLIC_IF: $IP ($MAC) User agent $UA is black listed" >> $MOD_CP_USERS_LOG_FILE
          exit 6
        fi
        MAC=`ip2mac $IP`
        verify_ban "$MAC"
        if [ $? -ne 0 ]; then
          echo "$NOW_LOG login: $PUBLIC_IF: $IP ($UA) has been banned" >> $MOD_CP_USERS_LOG_FILE
          exit 7
        fi
        verify_restricted "$MAC"
        if [ $? -ne 0 ]; then
          QUERY=`cat $MOD_RESTRICTED_IP_DIR/$IP`
          VOLUME_DL=`query_value_get "$QUERY" download`
          VOLUME_UL=`query_value_get "$QUERY" upload`
          if [ $VOLUME_DL -gt $MOD_CP_QOS_VOLUME_CUST_DLV -o $VOLUME_UL -gt $MOD_CP_QOS_VOLUME_CUST_ULV ]; then
            $MOD_CP_LIB_DIR/qos insert $IP restricted
          fi
        else
          UA=`echo $4 |sed -e "s/Mozilla\/5.0//" -e "s/(KHTML, like Gecko)//" -e "s/(//" -e "s/)//" -e "s/compatible;//" -e "s/cs-cz;//" -e "s/like Gecko//" -e "s/AppleWebKit\/[0-9][0-9][0-9].[0-9][0-9]//"`
          echo "public_if=$PUBLIC_IF&mac=$MAC&ipaddr=$IP&download=0&upload=0&since=$NOW&url=$3&useragent=$UA&" > $MOD_CP_IP_DIR/$IP
        fi
        touch /var/captive_portal/stats/"new$IP"
        $MOD_CP_LIB_DIR/firewall login $IP
        $MOD_CP_LIB_DIR/qos insert $IP
        echo "$NOW_LOG login: $PUBLIC_IF: $IP ($MAC) $UA has been successfully logged in" >> $MOD_CP_USERS_LOG_FILE
        exit 0
        ;;
    logout)
        IP=$2
        [ -n "$2" ] || exit 8
        if [ -f $MOD_CP_IP_DIR/$IP ]; then
           if [ $MOD_CP_RC_DELAY -gt 0 ]; then
             mv -f $MOD_CP_IP_DIR/$IP $MOD_CP_BAN_DIR/$IP
             EXPIRE=$((NOW+MOD_CP_RC_DELAY))
             sed -i -e "s/\(.*since=\).*\(&url=.*\)/\1$EXPIRE\2/" $MOD_CP_BAN_DIR/$IP
             $MOD_CP_LIB_DIR/firewall logout $IP $WEB_PORT_BP
           else
             rm $MOD_CP_IP_DIR/$IP
             $MOD_CP_LIB_DIR/firewall logout $IP
           fi
        elif [ -f $MOD_CP_RESTRICTED_DIR/$IP ]; then
           $MOD_CP_LIB_DIR/firewall logout $IP
        elif [ -f $MOD_CP_BAN_DIR/$IP ]; then
           if [ $MOD_CP_QOS_VOLUME_CUST_T -gt 0 ]; then
             $MOD_CP_LIB_DIR/firewall logout $IP $WEB_PORT_BP
             EXPIRE=$((NOW+MOD_CP_QOS_VOLUME_CUST_T*60))
             sed -i -e "s/\(.*since=\).*\(&url=.*\)/\1$EXPIRE\2/" $MOD_CP_BAN_DIR/$IP
           else
             rm $MOD_CP_BAN_DIR/$IP
             $MOD_CP_LIB_DIR/firewall logout $IP
           fi
        else
           echo "$NOW_LOG logout: $PUBLIC_IF: $IP logging out failed" >> $MOD_CP_USERS_LOG_FILE
           exit 9
        fi
        echo "$NOW_LOG logout: $PUBLIC_IF: $IP has been logged out" >> $MOD_CP_USERS_LOG_FILE
        exit 0
        ;;
    restrict)
        IP=$2
        [ -n "$2" ] || exit 8
        MAC=`ip2mac $IP`
        if [ ! -f $MOD_CP_IP_DIR/$IP ]; then
          echo "$NOW_LOG restrict: $PUBLIC_IF: $IP ($MAC) restricting failed" >> $MOD_CP_USERS_LOG_FILE
          exit 9
        fi
        EXPIRE_PERIOD=$((MOD_CP_QOS_VOLUME_CUST_UDT*60))
        EXPIRE_LIMIT=$((NOW+EXPIRE_PERIOD))
        mv -f $MOD_CP_IP_DIR/$IP $MOD_CP_RESTRICTED_DIR/$IP
        sed -i -e "s/\(.*since=\).*\(&url=.*\)/\1$EXPIRE_LIMIT\2/" $MOD_CP_RESTRICTED_DIR/$IP
        $MOD_CP_LIB_DIR/qos delete $IP
        $MOD_CP_LIB_DIR/qos insert $IP restricted
        echo "$NOW_LOG restrict: $PUBLIC_IF: $IP ($MAC) has been restricted" >> $MOD_CP_USERS_LOG_FILE
        exit 0
        ;;
    unrestrict)
        IP=$2
        [ -n "$2" ] || exit 8
        MAC=`ip2mac $IP`
        if [ ! -f $MOD_CP_RESTRICTED_DIR/$IP ]; then
          echo "$NOW_LOG unrestrict: $PUBLIC_IF: $IP ($MAC) unrestricting failed" >> $MOD_CP_USERS_LOG_FILE
          exit 9
        fi
        $MOD_CP_LIB_DIR/firewall logout $IP
        $MOD_CP_LIB_DIR/qos delete $IP restricted
        rm -f $MOD_CP_RESTRICTED_DIR/$IP
        echo "$NOW_LOG unrestrict: $PUBLIC_IF: $IP ($MAC) has been unrestricted" >> $MOD_CP_USERS_LOG_FILE
        exit 0
        ;;
    status)
        echo "Customers:"
        cat $MOD_CP_IP_DIR/* 2>/dev/null
        echo "Bans:"
        cat $MOD_CP_BAN_DIR/* 2>/dev/null
        echo "Restricted:"
        cat $MOD_CP_RESTRICTED_DIR/* 2>/dev/null
        exit 0
        ;;
    status_conn)
        N=`ls $MOD_CP_IP_DIR | awk 'END { print NR }'`
        echo "Connected : $N"
        exit 0
        ;;
    status_html)
        cat $MOD_CP_IP_DIR/* 2>/dev/null | awk -v TS_TITLE="Since" -f $MOD_CP_LIB_DIR/cust_html.awk
        exit 0
        ;;
    status_bans)
        N=`ls $MOD_CP_BAN_DIR | awk 'END { print NR }'`
        echo "Bans : $N"
        exit 0
        ;;
    status_restricted)
        N=`ls $MOD_CP_RESTRICTED_DIR | awk 'END { print NR }'`
        echo "Restricted : $N"
        exit 0
        ;;
    bans_html)
        cat $MOD_CP_BAN_DIR/* 2>/dev/null | awk -v TS_TITLE="Expire" -f $MOD_CP_LIB_DIR/cust_html.awk
        exit 0
        ;;
    restricted_html)
        cat $MOD_CP_RESTRICTED_DIR/* 2>/dev/null | awk -v TS_TITLE="Expire" -f $MOD_CP_LIB_DIR/cust_html.awk
        exit 0
        ;;
    *)
        echo "Usage: $0 login  {ip} [url] [user_agent]"
        echo "Usage: $0 logout {ip}"
        echo "Usage: $0 {status|status_conn|status_html|status_bans|bans_html}"
        exit 1
        ;;
esac
