<?php
# ------------------------------------------------------------------------------
/*  squidguard_configurator.inc
    2006-2011 Serg Dvoriancev
    2013 (squidGuard 1.5 beta) Luiz G. Costa <gugabsd@mundounix.com.br>

    part of pfSense (www.pfSense.com)

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/
# ------------------------------------------------------------------------------
# SquidGuard Configurator
# email: dv_serg@mail.ru
# ------------------------------------------------------------------------------
# squidGuard inline options:
# squidGuard -C all          - update database
# squidGuard -c <configfile> - create squidGuard with specified config file
# ------------------------------------------------------------------------------
# Notes:
#   for work squidGuard need present ALL destinations;
#   if dest not present in config - then this item will ignored in operations
#   (in rebuild DB for example)
# ------------------------------------------------------------------------------
# Directories:
# work path - $workdir
# log path  - $workdir + $logdir
# ------------------------------------------------------------------------------

require_once('globals.inc');
require_once('config.inc');
require_once('util.inc');
require_once('pfsense-utils.inc');
require_once('pkg-utils.inc');
require_once('filter.inc');
require_once('service-utils.inc');

# squid package must exists by default system path (for v.2.0/2.1)
# todo: move include string to the squid-function call string position
if (file_exists('/usr/local/pkg/squid.inc')) {
    require_once('/usr/local/pkg/squid.inc');
}

# ------------------------------------------------------------------------------
# Allow additional execution time 0 = no limit
# ------------------------------------------------------------------------------
ini_set('max_execution_time', '3600');
ini_set('max_input_time',     '3600');
ini_set('memory_limit',       '100M');

# ------------------------------------------------------------------------------
# ToDo ! Must use all settings via $squidguard_config !
# Sdelat rewrite dlya smeny skachivaniya

# ------------------------------------------------------------------------------
# files header
# ------------------------------------------------------------------------------
define('FILES_DB_HEADER', '
# ------------------------------------------------------------------------------
# File created by squidGuard package GUI
# (C)2006-2010 Serg Dvoriancev
# ------------------------------------------------------------------------------
');

define('CONFIG_SG_HEADER', "
# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================
");

# ------------------------------------------------------------------------------
# squid config options
# ------------------------------------------------------------------------------
define('REDIRECTOR_OPTIONS_REM',   '# squidGuard options');
define('REDIRECTOR_PROGRAM_OPT',   'url_rewrite_program');
define('REDIRECT_BYPASS_OPT',      'url_rewrite_bypass');
define('REDIRECT_CHILDREN_OPT',    'url_rewrite_children');
define('REDIRECTOR_PROCESS_COUNT', '16 startup=8 idle=4 concurrency=0'); # redirector processes count will started

# ------------------------------------------------------------------------------
# squidguard config options
# ------------------------------------------------------------------------------
# define default redirection url (redirector get this url for all blocked url's)
# * !ATTENTION! this url must be exists; IF url not exist, redirector will't block
#               (returned to squid some url, what blocked)
# ------------------------------------------------------------------------------
define('REDIRECT_BASE_URL', '/sgerror.php');
define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u');

# ------------------------------------------------------------------------------
# squidguard system constants
# ------------------------------------------------------------------------------

$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0) {
	if (file_exists('/usr/pbi/squidguard-squid3-' . php_uname("m")))
		define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-squid3-' . php_uname("m"));
	else
		define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-devel-' . php_uname("m"));
} else
	define('SQUIDGUARD_LOCALBASE','/usr/local');

if (!defined('SQUID_LOCALBASE') && ($pf_version > 2.0))
	define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m"));
elseif (!defined('SQUID_LOCALBASE'))
	define('SQUID_LOCALBASE','/usr/local');

define('SQUID_CONFIGFILE',              SQUID_LOCALBASE . '/etc/squid/squid.conf');
define('TMP_DIR',                       '/var/tmp');
#
define('SQUIDGUARD_CONFIGFILE',         '/squidGuard.conf');
define('SQUIDGUARD_CONFLOGFILE',        '/sg_configurator.log');
define('SQUIDGUARD_LOGFILE',            'block.log');
define('SQUIDGUARD_GUILOGFILE',         'squidGuard.log');
define('SQUIDGUARD_CONFBASE',           SQUID_LOCALBASE . '/etc/squid');
define('SQUIDGUARD_WORKDIR',            SQUIDGUARD_LOCALBASE . '/etc/squidGuard');
define('SQUIDGUARD_BINPATH',            SQUIDGUARD_LOCALBASE . '/bin');
define('SQUIDGUARD_TMP',                '/tmp/squidGuard');                             # SG temp
define('SQUIDGUARD_VAR',                '/var/squidGuard');                             # SG variables
define('SQUIDGUARD_STATE',              '/squidGuard.state');
define('SQUIDGUARD_REBUILD',            '/squidGuard.rebuild');
define('SQUIDGUARD_CONFXML',            '/squidguard_conf.xml');
define('SQUIDGUARD_DBHOME',             '/var/db/squidGuard');
define('SQUIDGUARD_DBHOME_BLK',         SQUIDGUARD_DBHOME);
define('SQUIDGUARD_DBSAMPLE',           '/var/db/squidGuard.sample');
define('SQUIDGUARD_LOGDIR',             '/var/squidGuard/log');
define('SQUIDGUARD_WEBGUI_LOG',         '/squidguard_gui.log');
define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log');
#
define('SQUIDGUARD_SCR_LOGROTATE',      SQUIDGUARD_LOCALBASE . '/etc/rc.d/squidGuard_logrotate');    # Logrotate script
#
# DB home catalog contains 'Blacklist' and 'User' sub-catalogs
define('SQUIDGUARD_DB_BLACKLIST',       '/bl');
define('SQUIDGUARD_DB_USER',            '/usr');
define('SQUIDGUARD_BL_UNPACK',          '/unpack');
define('SQUIDGUARD_BL_DB',              '/db');
#
# DB/Blacklist defines

#>
define('SQUIDGUARD_BLK_ENTRIES',        '/blacklist.files');
#<

define('SQUIDGUARD_BLK_FILELIST',       '/blacklist.files');
define('SQUIDGUARD_BLK_FILELISTPATH',   SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_FILELIST);
define('BLACKLIST_ARCHIVE',             '/blacklists.tar');
define('SCR_NAME_BLKUPDATE',            '/tmp/squidGuard_blacklist_update.sh');
define('DB_REBUILD_SH',                 '/tmp/squidGuard_db_rebuild.sh');
define('DB_REBUILD_CONF',               '/tmp/squidGuard_db_rebuild.conf');
define('DB_REBUILD_BLK_CONF',           '/squidGuard_blk_rebuild.conf');
define('BLK_TEMP',                      '/tmp/sg_blk');
define('SG_BLK_ARC',                    '/arcdb');                               # blk db archive
define('SG_INFO_FILE',                  '/var/squidGuard/sg_db_upd.inf');

define('SG_UPDATE_TARFILE',             '/tmp/squidguard_blacklist.tar');
define('SG_UPDATE_TMPFILE',             '/tmp/squidguard_download.tmp');
define('SG_UPDATE_LOGFILE',             '/tmp/squidguard_download.log');
define('SG_UPDATE_STATFILE',            '/tmp/squidguard_download.stat');

# ==============================================================================
# CONSTANTS
# ==============================================================================
# redirect mode
define('RMOD_NONE',          'rmod_none');
define('RMOD_INT_ERRORPAGE', 'rmod_int');
define('RMOD_INT_BLANKPAGE', 'rmod_int_bpg');
define('RMOD_INT_BLANKIMG',  'rmod_int_bim');
define('RMOD_INT_SIZELIMIT', 'rmod_int_szl');
define('RMOD_EXT_ERR',       'rmod_ext_err');
define('RMOD_EXT_RDR',       'rmod_ext_rdr');
define('RMOD_EXT_MOVED',     'rmod_ext_mov');
define('RMOD_EXT_FOUND',     'rmod_ext_fnd');
# Log level: 0-error, 1-warning; 2-info
define('SQUIDGUARD_INFO',                   2);
define('SQUIDGUARD_WARNING',                1);
define('SQUIDGUARD_ERROR',                  0);
#
define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'");

# ==============================================================================
# OPTIONS
# ==============================================================================
# Log
define('SQUIDGUARD_GUILOG_LEVEL',           SQUIDGUARD_INFO);     # log level
define('SQUIDGUARD_GUILOG_MAXCOUNT',        500);                 # log max lines
define('SQUIDGUARD_GUILOG_ENABLE',          true);                # on/off gui log - option override GUI settings
define('SQUIDGUARD_LOG_ENABLE',             true);                # on/off SG  log - option override GUI settings
define('SQUIDGUARD_LOGROTATE_MAXCOUNT',     1000);                # logrotate max lines

#
define('FLT_DEFAULT_ALL', 'all');
define('FLT_NOTALLOWIP',  '!in-addr');

# owner user name (squid system user - need for define rights access)
define('OWNER_NAME', 'proxy');

# Debug
define('DEBUG_ON', 'true');

# ==============================================================================
# black list
# ==============================================================================
# known black list standard names
# ------------------------------------------------------------------------------
define('FLT_AD',         'ads');
define('FLT_AGGRESSIVE', 'aggressive');
define('FLT_AUDIOVIDEO', 'audio-video');
define('FLT_DRUGGS',     'druggs');
define('FLT_GAMBLING',   'gambling');
define('FLT_HACKING',    'hacking');
define('FLT_MAIL',       'mail');
define('FLT_PORN',       'porn');
define('FLT_PROXY',      'proxy');
define('FLT_VIOLENCE',   'viol');
define('FLT_WAREZ',      'warez');

# ==============================================================================
# SquidGuard Configurator
# ==============================================================================

# ------------------------------------------------------------------------------
# squidguard system fields
# ------------------------------------------------------------------------------
define('F_SQUIDGUARD',          'squidGuard');
define('F_LOGDIR',              'logdir');
define('F_DBHOME',              'dbhome');
define('F_WORKDIR',             'workdir');
define('F_LDAPENABLE',          'ldap_enable');
define('F_LDAPBINDDN',          'ldapbinddn');
define('F_LDAPBINDPASS',        'ldapbindpass');
define('F_LDAPVERSION',         'ldapversion');
define('F_STRIPNTDOMAIN',       'stripntdomain');
define('F_STRIPREALM',          'striprealm');
define('F_BINPATH',             'binpath');
define('F_PROCCESSCOUNT',       'process_count');
define('F_SQUIDCONFIGFILE',     'squid_configfile');
define('F_ENABLED',             'enabled');
define('F_SGCONF_XML',          'sgxml_file');

# other fields
define('F_ITEM',                'item');
define('F_TIMES',               'times');
define('F_SOURCES',             'sources');
define('F_DESTINATIONS',        'destinations');
define('F_REWRITES',            'rewrites');
define('F_ACLS',                'acls');
define('F_DEFAULT',             'default');
define('F_NAME',                'name');
define('F_DESCRIPTION',         'description');
define('F_IP',                  'ip');
define('F_URLS',                'urls');
define('F_DOMAINS',             'domains');
define('F_EXPRESSIONS',         'expressions');
define('F_REDIRECT',            'redirect');
define('F_TARGETURL',           'targeturl');
define('F_REPLACETO',           'replaceto');
define('F_LOG',                 'log');
define('F_ITEM',                'item');
define('F_DISABLED',            'disabled');
define('F_TIMENAME',            'timename');
define('F_DESTINATIONNAME',     'destname');
define('F_REDIRECT',            'redirect');
define('F_REWRITE',             'rewrite');
define('F_MODE',                'mode');
define('F_REWRITENAME',         'rewritename');
define('F_OVERDESTINATIONNAME', 'overdestname');
define('F_OVERREDIRECT',        'overredirect');
define('F_OVERREWRITE',         'overrewrite');
define('F_OVERREWRITENAME',     'overrewritename');
define('F_TIMETYPE',            'timetype');
define('F_TIMEDAYS',            'timedays');
define('F_DATRANGE',            'daterange');
define('F_TIMERANGE',           'sg_timerange');
define('F_RMOD',                'redirect_mode');                     # [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302;
define('F_NOTALLOWINGIP',       'notallowingip');                     # not allowing ip in URL
define('F_USERNAME',            'username');
define('F_ORDER',               'order');

# log
define('F_ENABLELOG',           'enablelog');
define('F_ENABLEGUILOG',        'enableguilog');
define('F_LOGROTATION',         'logrotation');

#Clean adversiting
define('F_ADV_BLANKIMG',	'adv_blankimg');

# transparent mode
define('F_SQUID_TRANSPARENT_MODE',   'squid_transparent_mode');
define('F_CURRENT_LAN_IP',           'current_lan_ip');
define('F_CURRENT_GUI_PORT',         'current_gui_port');
define('F_CURRENT_GUI_PROTO',        'current_gui_protocol');

# blacklist
define('F_BLACKLISTENABLED',    'blacklist_enabled');
define('F_BLACKLISTURL',        'blacklist_url');

# ==============================================================================
# Globals
# ==============================================================================
$squidguard_config = array(); # squidGuard config array

# call default init
sg_init();

# ------------------------------------------------------------------------------
# sg_init - initialize config array
# ------------------------------------------------------------------------------
function sg_init($init = '')
{
    global $squidguard_config;

    $squidguard_config = array();
    if(empty($init) or !is_array($init) ) {
        # default init (for generate minimal config)
        $squidguard_config[F_LOGDIR]          = SQUIDGUARD_LOGDIR;
        $squidguard_config[F_DBHOME]          = SQUIDGUARD_DBHOME;
        $squidguard_config[F_WORKDIR]         = SQUIDGUARD_WORKDIR;
        $squidguard_config[F_BINPATH]         = SQUIDGUARD_BINPATH;
        $squidguard_config[F_SQUIDCONFIGFILE] = SQUID_CONFIGFILE;
        $squidguard_config[F_PROCCESSCOUNT]   = REDIRECTOR_PROCESS_COUNT;

    } else {
        # copy config from $init
        foreach($init as $key => $in)
            $squidguard_config[$key] = $in;
    }

    return $squidguard_config;
}

# ------------------------------------------------------------------------------
# sg_loadconfig_xml
# ------------------------------------------------------------------------------
function sg_load_configxml($filename)
{
    global $squidguard_config;

    sg_init();
    if (file_exists($filename)) {
        $xmlconf = file_get_contents($filename);

        if (!empty($xmlconf)) {
            $squidguard_config = $xmlconf[F_SQUIDGUARD];
            sg_addlog("sg_load_configxml", "Success update from '$filename'.", SQUIDGUARD_INFO);
        } else
            sg_addlog("sg_load_configxml", "File '$filename' is empty.", SQUIDGUARD_ERROR);
    } else
            sg_addlog("sg_load_configxml", "File '$filename' does not exists.", SQUIDGUARD_ERROR);
}

# ------------------------------------------------------------------------------
# sg_saveconfig_xml
# ------------------------------------------------------------------------------
function sg_save_configxml($filename)
{
    global $squidguard_config;
    conf_mount_rw();
    file_put_contents($filename, dump_xml_config($squidguard_config, F_SQUIDGUARD));
    conf_mount_ro();
}

# ------------------------------------------------------------------------------
# sg_reconfigure - squidguard reconfiguration
# ------------------------------------------------------------------------------
function sg_reconfigure()
{
    global $squidguard_config;
    $conf_file = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFIGFILE;

    # 1. check system
    sg_check_system();

    # 2. reconfigure user db
    sg_reconfigure_user_db();

    # 3. generate squidGuard config
    $conf = sg_create_config();
    if ($conf) {
        conf_mount_rw();
        if ($squidguard_config[F_WORKDIR])
            $conf_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE;
        file_put_contents($conf_file, $conf);
        file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default
        set_file_access($squidguard_config[F_WORKDIR], OWNER_NAME, 0755);
        conf_mount_ro();
        sg_addlog("sg_reconfigure", "Save squidGuard config to '$conf_file'.", SQUIDGUARD_INFO);
    } else
        sg_addlog("sg_reconfigure", "Can't create squidGuard config.", SQUIDGUARD_ERROR);

    # 4. reconfigure squid
    squid_reconfigure();
}

# ------------------------------------------------------------------------------
# squid_reconfigure
# Insert in '/usr/local/squid/etc/squid.conf' options:
#     redirector_bypass off
#     redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file
#     url_rewrite_children 5
# ------------------------------------------------------------------------------

function squid_reconfigure($remove_only = '')
{
    global $config;
    global $squidguard_config;
    $conf = '';
    $cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options'];
    # remove old options
    if (!empty($cust_opt)) {
        $conf = explode(";", $cust_opt);
        foreach ($conf as $key => $c_opt) {
            $t_opt = ltrim($c_opt);
            if ((strpos($t_opt, REDIRECTOR_PROGRAM_OPT) === 0) or
                (strpos($t_opt, REDIRECT_BYPASS_OPT)    === 0) or
                (strpos($t_opt, REDIRECT_CHILDREN_OPT)  === 0))
                 unset($conf[$key]);
        }
        sg_addlog("squid_reconfigure", "Remove old redirector options from Squid config.", SQUIDGUARD_INFO);
    }

    # add new options - if squidGuard enabled
    if (empty($remove_only) && ($squidguard_config[F_ENABLED] === 'on')) {
        $redirector_path = $squidguard_config[F_BINPATH] . '/squidGuard';
        $redirector_conf = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE;

        $conf[] = REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf";
        $conf[] = REDIRECT_BYPASS_OPT    . " off";
        $conf[] = REDIRECT_CHILDREN_OPT  . " " . REDIRECTOR_PROCESS_COUNT;

        sg_addlog("squid_reconfigure", "Add new redirector options to Squid config.", SQUIDGUARD_INFO);
    }

    # update config
    if (is_array($conf)) $conf = implode(";", $conf);

	/* Only update squid options if we have something to do, otherwise this can interfere with squid's default options in a new install. */
	if ($conf != $cust_opt) {
		$config['installedpackages']['squid']['config'][0]['custom_options'] = $conf;
		write_config('Update redirector options to squid config.');
	}

    # resync squid package, if installed
    if (function_exists('squid_resync')) {
        squid_resync();
    }
}

# ------------------------------------------------------------------------------
# sg_check_system - check squidguard catalog's and access right's
# ------------------------------------------------------------------------------
function sg_check_system()
{
    global $squidguard_config;
    conf_mount_rw();

    # check work_dir & create if not exists
    $work_dir = $squidguard_config[F_WORKDIR];
    if (!empty($work_dir)) {
        # check dir's
        if (!file_exists($work_dir)) {
            mwexec("mkdir -p $work_dir");
            set_file_access($work_dir, OWNER_NAME, 0755);
            sg_addlog("sg_check_system", "Create work dir '$work_dir'.", SQUIDGUARD_WARNING);
        }
    }

    # check log_dir & create if not exists
    $log_dir = $squidguard_config[F_LOGDIR];
    if (!empty($log_dir)) {
        if (!file_exists($log_dir)) {
            mwexec("mkdir -p $log_dir");
            sg_addlog("sg_check_system", "Create log dir '$log_dir'.", SQUIDGUARD_WARNING);
        }
        # set access right - need start any time;
        # (SG possible start from console and log file will have only root access)
        set_file_access($log_dir, OWNER_NAME, 0755);
    }

    # check db dir
    $db_dir = $squidguard_config[F_DBHOME];
    if (!empty($db_dir)) {
        if (!file_exists($db_dir)) {
            mwexec("mkdir -p $db_dir");
            sg_addlog("sg_check_system", "Create db dir '$db_dir'.", SQUIDGUARD_WARNING);
        }
        # set access right
        set_file_access($db_dir, OWNER_NAME, 0755);
    }
    conf_mount_ro();

    # logrotate
    if (file_exists(SQUIDGUARD_SCR_LOGROTATE)) unlink(SQUIDGUARD_SCR_LOGROTATE);
    if ($squidguard_config[F_LOGROTATION] == 'on') {
        file_put_contents(SQUIDGUARD_SCR_LOGROTATE, sg_script_logrotate());
        set_file_access  (SQUIDGUARD_SCR_LOGROTATE, OWNER_NAME, 0755);
    }
}
# ==============================================================================
# squidGuard DB
# ==============================================================================
# sg_reconfigure_user_db - reconfigure(update) db user entries
# ------------------------------------------------------------------------------
function sg_reconfigure_user_db()
{
    global $squidguard_config;
    conf_mount_rw();
    $dbhome = $squidguard_config[F_DBHOME];

    sg_addlog("sg_reconfigure_user_db", "Begin with '$dbhome'", SQUIDGUARD_INFO);

    # create user DB catalog, if not extsts
    if (!file_exists($dbhome)) {
        if (!mkdir($dbhome, 0755)) {
            sg_addlog("sg_reconfigure_user_db", "Can't create user DB directory '$dbhome'.", SQUIDGUARD_ERROR);
            return;
        }
        set_file_access($dbhome, OWNER_NAME, 0755);
        sg_addlog("sg_reconfigure_user_db", "Create user DB directory '$dbhome'.", SQUIDGUARD_INFO);
    }

    # update destinations to db
    $dests = $squidguard_config[F_DESTINATIONS];
    if(!empty($dests)){
        $dst_names = Array();
        $dst_list  = Array();

        sg_addlog("sg_reconfigure_user_db", "Add user entries", SQUIDGUARD_INFO);
        foreach($dests[F_ITEM] as $dst) {
            $path = "$dbhome/" . $dst[F_NAME];
            $dst_names[] = $path;
            $dst_list["usr_{$dst[F_NAME]}"] = $dst[F_NAME];

            # 1. check destination catalog and create them, if need
            if (!file_exists($path)) {
                if (!mkdir ($path, 0755)) {
                    sg_addlog("sg_reconfigure_user_db", "Can't create dir '$path'.", SQUIDGUARD_ERROR);
                    return;
                }
                sg_addlog("sg_reconfigure_user_db", "Create dir '$path'.", SQUIDGUARD_INFO);
            }

            # 2. build domains file
            $domains = $dst[F_DOMAINS];
            if (!empty($domains)) {
                $content = trim(str_replace(" ", "\n", $domains));
                file_put_contents($path . '/domains', $content);
                sg_addlog("sg_reconfigure_user_db", "Add {$dst[F_NAME]} domains '$domains';", SQUIDGUARD_INFO);
            }
            unset($domains);

            # 3. build urls file
            $urls = $dst[F_URLS];
            if (!empty($urls)) {
                $content = trim(str_replace(" ", "\n", $urls));
                file_put_contents($path . '/urls', $content);
                    sg_addlog("sg_reconfigure_user_db", "Add {$dst[F_NAME]} urls '$content';", SQUIDGUARD_INFO);
            }
            unset($urls);

            # 4. build expression file
            $expr = $dst[F_EXPRESSIONS];
            if (!empty($expr)) {
                $content = trim(str_replace("|", " ", $expr)); # delete first and last unnecessary '|' symbol
                $content = str_replace(" ", "|", $content);
                file_put_contents($path . '/expressions', $content);
                sg_addlog("sg_reconfigure_user_db", "Add {$dst[F_NAME]} expressions '$content';", SQUIDGUARD_INFO);
            }
            unset($expr);
        }

        # 5. recursive set files access
        set_file_access($dbhome, OWNER_NAME, 0755);

        # 6. rebuild user db ('/var/db/squidGuard')
        squidguard_rebuild_db("_usrdb", $dbhome, $dst_list);
    } else
        sg_addlog("sg_reconfigure_user_db", "User destinations list empty.", SQUIDGUARD_WARNING);

    # 7. remove unused db entries
    sg_remove_unused_db_entries();
    conf_mount_ro();
}

# ------------------------------------------------------------------------------
# sg_remove_unused_db_entries
# ------------------------------------------------------------------------------
function sg_remove_unused_db_entries()
{
    global $squidguard_config;
    conf_mount_rw();
    $db_entries = array();
    $file_list = '';
    $dbhome  = $squidguard_config[F_DBHOME];
    $workdir = $squidguard_config[F_WORKDIR];

    # black list entries
    # * worked only with 'blacklist entries list file - else may be deleted black list entry
    if (file_exists(SQUIDGUARD_BLK_FILELISTPATH)) {
        $file_for_del = array();

        # load blk entries
        $db_entries = explode("\n", file_get_contents(SQUIDGUARD_BLK_FILELISTPATH));

        # $db_entries + add user entries
        $dests = $squidguard_config[F_DESTINATIONS];
        if (!empty($dests)) {
            foreach($dests[F_ITEM] as $dst)
                $db_entries[] = $dst[F_NAME];
        }

        # diff between file list and entries list
        $file_list = scan_dir($dbhome);
        if (is_array($file_list) and is_array($db_entries)) {
            $file_for_del = array_diff($file_list, $db_entries);
        }

        # delete
        if (is_array($file_for_del) and !empty($file_for_del)) {
            foreach($file_for_del as $fd) {
                $file_fd = "$dbhome/$fd";
                if (!empty($fd) && ($fd != ".") && ($fd != "..")) {
                    if (file_exists($file_fd)) {
                        mwexec("rm -R $file_fd");
                        sg_addlog("sg_remove_unused_db_entries", "Removed file '$file_fd'.", SQUIDGUARD_INFO);
                    } else
                        sg_addlog("sg_remove_unused_db_entries", "File'$file_fd' not found.", SQUIDGUARD_ERROR);
                }
            }
        }
    }
    conf_mount_ro();
}
# ------------------------------------------------------------------------------
# sg_rebuild_db  Rebuild squidGuard DB from list items
# ------------------------------------------------------------------------------
# $shtag         - rebuild SH script TAG
# $rdb_dbhome    - DB directory  (default: '/var/db/squidGuard')
# $rdb_itemslist - items list as ['dest_key']='dest_DB_path'
#                  dest_DB_path - path without '$rdb_dbhome'
#                  example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners'
# ------------------------------------------------------------------------------
/*
function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist)
{
    global $squidguard_config;
    conf_mount_rw();
    $conf   = '';
    $conf_path = '';
    $logdir = $squidguard_config[F_LOGDIR];
    $dbhome = $squidguard_config[F_DBHOME];

    # current dbhome dir
    if (!empty($rdb_dbhome)) $dbhome = $rdb_dbhome;
    sg_addlog("sg_rebuild_db", "Begin with path '$dbhome'.", SQUIDGUARD_INFO);

    # define - where config will placed
    $conf_path = "/tmp/squidGuard_rebuild.conf" . $shtag;

    # make rebuild config; include all found dest items
    $conf = sg_create_simple_config($dbhome, $rdb_itemslist);
    file_put_contents($conf_path, $conf);
    set_file_access($conf_path, OWNER_NAME, 0750);
    sg_addlog("sg_rebuild_db", "Create temporary config '$conf_path'.", SQUIDGUARD_INFO);

    # *** SH script ***
    $sh_scr = Array();
    $sh_scr[] = "#!/bin/sh";
    $sh_scr[] = "cd $dbhome";
    $sh_scr[] = $squidguard_config[F_BINPATH] . "/squidGuard -c $conf_path -C all";
    $sh_scr[] = "wait"; # wait while SG rebuild DB

    # set DB owner and right access
    $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome";

    # restart squid for changes to take effects
    $sh_scr[] = SQUID_LOCALBASE . "/sbin/squid -k reconfigure";

    # store & exec sh
    $sh_scr = implode("\n", $sh_scr);
    $shfile =  DB_REBUILD_SH . $shtag;
    file_put_contents($shfile, $sh_scr);
    set_file_access($shfile, OWNER_NAME, 0750);
    # ! not background exec !
    mwexec($shfile);
    sg_addlog("sg_rebuild_db", "Started SH script '$shfile'.", SQUIDGUARD_INFO);
    conf_mount_ro();
}
*/
# ------------------------------------------------------------------------------
# squidguard_rebuild_db  Rebuild squidGuard DB from list items
# ------------------------------------------------------------------------------
# $tag           - rebuild task TAG
# $rdb_dbhome    - DB directory  (default: '/var/db/squidGuard')
# $rdb_itemslist - items list as ['dest_key']='dest_DB_path'
#                  dest_DB_path - path without '$rdb_dbhome'
#                  example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners'
# ------------------------------------------------------------------------------
function squidguard_rebuild_db($tag, $rdb_dbhome, $rdb_itemslist)
{
    global $squidguard_config;

    $dbhome    = $rdb_dbhome;
    $logdir    = $squidguard_config[F_LOGDIR];
    $workdir   = $squidguard_config[F_WORKDIR];
    $conf_path = "{$workdir}/squidGuard_{$tag}rebuild.conf";

    sg_addlog("squidguard_rebuild_db", "Begin with path '$dbhome'.", SQUIDGUARD_INFO);

    # make rebuild config; include all found dest items
    $dbitems = array();
    if ($rdb_itemslist) {
        # items list as ['dest_key']='dest_DB_path'
        foreach ($rdb_itemslist as $it) {
        	$dbitems[str_replace('/', '_', $it)] = $it; # replace path to name
        }
    }
    file_put_contents($conf_path, sg_create_simple_config($dbhome, $dbitems));
    set_file_access($conf_path, OWNER_NAME, 0750);
    sg_addlog("squidguard_rebuild_db", "Create rebuild config '$conf_path'.", SQUIDGUARD_INFO);

    # rebuild blacklist db
    mwexec_bg("/usr/bin/nice -n20 " . SQUIDGUARD_BINPATH . "/squidGuard -c $conf_path -C all");
    # wait
    while (exec("ps -auxwwww | grep 'squidGuard -c .* -C all' | grep -v grep | awk '{print $2}' | wc -l | awk '{ print $1 }'") > 0) {
        sleep (10);
    }
    set_file_access($dbhome, OWNER_NAME, 0755);
    sg_addlog("squidguard_rebuild_db", "Start rebuild DB.", SQUIDGUARD_INFO);
}

# ==============================================================================
# Log
# ------------------------------------------------------------------------------
# sg_addlog
# ------------------------------------------------------------------------------
function sg_addlog($module, $log, $level = 0)
{
    global $squidguard_config;

    # log disabled
    if ( SQUIDGUARD_GUILOG_ENABLE === false || $squidguard_config[F_ENABLEGUILOG] != 'on' ) return;

    # log level
    if ($level > SQUIDGUARD_GUILOG_LEVEL) return;

    if ($module) $module = "[$module]";

    $leveltext = "";
    switch($level) {
        case SQUIDGUARD_INFO:    $leveltext = "";    break;
        case SQUIDGUARD_WARNING: $leveltext = "Warning"; break;
        default:                 $leveltext = "Error";   break;
    }

    $logfile = '';
    $logfile = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE;
    $log_content = array();

    setlocale(LC_TIME, '');
    $dt = date("d.m.Y H:i:s");

    # define logfile
    if (!empty($squidguard_config)) {
        if (file_exists($squidguard_config[F_LOGDIR]))
        $logfile = $squidguard_config[F_LOGDIR] . SQUIDGUARD_CONFLOGFILE;
    } else
        $log_content[] = "$dt : " . "[sg_addlog] Error: squidguard_config is empty";

    $tmplog = '';
    if (file_exists($logfile))
        $tmplog = file_get_contents($logfile);
    $log_content = explode("\n", $tmplog);
    unset($tmplog);

    # shrink to MAXCOUNT log entries
    $log_content[] = "$dt : $module $leveltext $log";
    if (count($log_content) > SQUIDGUARD_GUILOG_MAXCOUNT)
        array_splice($log_content, 0, SQUIDGUARD_GUILOG_MAXCOUNT - count($log_content));

    file_put_contents($logfile, implode("\n", $log_content));
}
# ------------------------------------------------------------------------------
# sg_getlog
# ------------------------------------------------------------------------------
function sg_getlog($last_entries_count)
{
    global $squidguard_config;
    $log_content = '';
    $logfile = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE;

    # define logfile
    if (!empty($squidguard_config) && file_exists($squidguard_config[F_LOGDIR]))
        $logfile = $squidguard_config[F_LOGDIR] . SQUIDGUARD_CONFLOGFILE;

    # get log last 100 entries
    if (file_exists($logfile)) {
        $log_content = explode("\n", file_get_contents($logfile));
        if (count($log_content) > $last_entries_count)
            array_splice($log_content, 0, $last_entries_count - count($log_content));

        # insert log file name on top
        $log_content[0] = $logfile;
        $log_content = implode("\n", $log_content);
    }

    return $log_content;
}

# ==============================================================================
# make config
# ==============================================================================
# sg_create_config
# ------------------------------------------------------------------------------

function sg_create_config()
{
    global $squidguard_config;
    $sgconf = array();
    $sg_tag = new TSgTag;
    $error_res = '';
    $temp_str = '';

    if(!is_array($squidguard_config) || empty($squidguard_config)) {
        sg_addlog("sg_create_config", "Bad squidGuard config data.", SQUIDGUARD_ERROR);
        return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [1]).");
    }

    # check configuration data
    if (!sg_check_config_data($error_res)) {
        sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR);
        sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR);
        return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2]).");
    }

    # --- Header ---
    $sgconf[] = CONFIG_SG_HEADER;
    $sgconf[] = "logdir {$squidguard_config[F_LOGDIR]}";
    $sgconf[] = "dbhome {$squidguard_config[F_DBHOME]}";
    if ( $squidguard_config[F_LDAPENABLE] == 'on' ) {
        $sgconf[] = "ldapbinddn {$squidguard_config[F_LDAPBINDDN]}";
        $sgconf[] = "ldapbindpass {$squidguard_config[F_LDAPBINDPASS]}";
        $sgconf[] = "ldapprotover {$squidguard_config[F_LDAPVERSION]}";
        if ( $squidguard_config[F_STRIPNTDOMAIN] )
            $sgconf[] = "stripntdomain true";
        if ( $squidguard_config[F_STRIPREALM] )
            $sgconf[] = "striprealm true";
    }

    # --- Times ---
    if ($squidguard_config[F_TIMES]) {
        $temp_str = '';
        foreach($squidguard_config[F_TIMES][F_ITEM] as $tm) {
            $sg_tag->clear();
            $sg_tag->set("time", $tm[F_NAME], "", $tm[F_DESCRIPTION]);

            foreach($tm[F_ITEM] as $itm) {
                $dts = ($itm[F_TIMETYPE] === "weekly") ? $itm[F_TIMEDAYS] : $itm[F_DATERANGE];
                $sg_tag->items[] = "{$itm[F_TIMETYPE]} $dts {$itm[F_TIMERANGE]}";
            }
            $sgconf[] = "";
            $sgconf[] = $sg_tag->tag_text();

            # log
            $temp_str .= " {$tm[F_NAME]}";
        }
        # log
        $temp_str = !empty($temp_str) ? $temp_str : "Nothing.";
        sg_addlog("sg_create_config", "Add times: $temp_str", SQUIDGUARD_INFO);
    }

    # --- Sources ---
    if ($squidguard_config[F_SOURCES]) {
        $temp_str = '';
        foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) {
            $sg_tag->clear();
            $sg_tag->set("src", $src[F_NAME], "", $src[F_DESCRIPTION]);

            # separate IP, domains, usernames
            if (strpos(trim($src[F_SOURCE]), 'ldapusersearch') === false) {
                $tsrc = explode(" ", trim($src[F_SOURCE]));
                foreach($tsrc as $sr) {
                        $sr = trim($sr);
                        if     (empty($sr))           continue;
                        if     (is_ipaddr_valid($sr)) $sg_tag->items[] = "ip     $sr";
                        elseif (is_domain_valid($sr)) $sg_tag->items[] = "domain $sr";
                        elseif (is_username($sr))     $sg_tag->items[] = "user   " . str_replace("'", "", $sr);
                }
            } else {
                $sg_tag->items[] = trim($src[F_SOURCE]);
            }

            if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                if ($src[F_LOG]) $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE;
            }

            $sgconf[] = "";
            $sgconf[] = $sg_tag->tag_text();

            # log
            $temp_str .= " " . $src[F_NAME];
        }
        # log
        $temp_str = !empty($temp_str) ? $temp_str : "Nothing.";
        sg_addlog("sg_create_config", "Add sources: $temp_str", SQUIDGUARD_INFO);
    }

    # --- Blacklist ---
    # Note! Blacklist must be added to config permanently. It's need for rebuild DB now

    $db_entries = sg_entries_blacklist();
    if (($squidguard_config[F_BLACKLISTENABLED] === 'on') and $db_entries) {
        $log_entr_added = '';
        $log_entr_ignored = '';
        sg_addlog("sg_create_config", "Add blacklist entries", SQUIDGUARD_INFO);
        foreach($db_entries as $key => $ent) {
            $ent_state = array();
            $file_dms  = "{$squidguard_config[F_DBHOME]}/$ent/domains";
            $file_urls = "{$squidguard_config[F_DBHOME]}/$ent/urls";
            $file_expr = "{$squidguard_config[F_DBHOME]}/$ent/expressions";

            # check blacklist acl state
            if (file_exists($file_dms)) {
                $ent_state['exists'] = 'on';
                $ent_state[F_DOMAINS] = 'on';
            }
            if (file_exists($file_urls)) {
                $ent_state['exists'] = 'on';
                $ent_state[F_URLS] = 'on';
            }
            if (file_exists($file_expr)) {
                $ent_state['exists'] = 'on';
                $ent_state[F_EXPRESSIONS] = 'on';
            }

            # create config if blacklist item exists
            if ($ent_state['exists']) {
                $sg_tag->clear();
                $sg_tag->set("dest", $ent, "", "");

                if ($ent_state[F_DOMAINS])     $sg_tag->items[] = "domainlist $ent/domains";
                if ($ent_state[F_EXPRESSIONS]) $sg_tag->items[] = "expressionlist $ent/expressions";
                if ($ent_state[F_URLS])        $sg_tag->items[] = "urllist $ent/urls";

		# Check if $ent contains adv or ads, and F_ADV_BLANKIMG is on then add a custom redirect
		  $adv_pos = strpos($ent,'_adv');
		  $ads_pos = strpos($ent, '_ads');
		  if ( ($ads_pos > 0 || $adv_pos > 0) && $squidguard_config[F_ADV_BLANKIMG] == 'on')
			     $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[F_REDIRECT], RMOD_INT_BLANKIMG);

                if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                    $sg_tag->items[] = "log ". SQUIDGUARD_LOGFILE;
                }

                $sgconf[] = "";
                $sgconf[] = $sg_tag->tag_text();

                # log
                $log_entr_added .= " $ent;";
            } else {
                $sgconf[] = "\t# Config ERROR: Destination '$ent' not found in DB";
                $log_entr_ignored .= " $ent;";
            }
        }

        # log 'added' and 'ignored'
        if (!empty($log_entr_added))   sg_addlog("sg_create_config", "Added: $log_entr_added .", SQUIDGUARD_INFO);
        if (!empty($log_entr_ignored)) sg_addlog("sg_create_config", "Ignored: $log_entr_ignored .", SQUIDGUARD_WARNING);
    }

    # --- Destinations ---
    if ($squidguard_config[F_DESTINATIONS]) {
        $temp_str = '';
        foreach($squidguard_config[F_DESTINATIONS][F_ITEM] as $dst) {
            $dstname = $dst[F_NAME];
            $sg_tag->clear();
            $sg_tag->set("dest", $dst[F_NAME], "", $dst[F_DESCRIPTION]);

            if ($dst[F_DOMAINS])
                $sg_tag->items[] = "domainlist $dstname/domains";
            if ($dst[F_EXPRESSIONS])
                $sg_tag->items[] = "expressionlist $dstname/expressions";
            if ($dst[F_URLS])
                $sg_tag->items[] = "urllist $dstname/urls";
            if ($dst[F_RMOD] != RMOD_NONE)
                $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[F_REDIRECT], $dst[F_RMOD]);
            if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                if ($dst[F_LOG])
                    $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE;
            }

            $sgconf[] = "";
            $sgconf[] = $sg_tag->tag_text();

            # log
            $temp_str .= " $dstname;";
        }
        # log
        $temp_str = !empty($temp_str) ? $temp_str : "Nothing.";
        sg_addlog("sg_create_config", "Add destinations: $temp_str", SQUIDGUARD_INFO);
    }

    # --- Rewrites ---
    if ($squidguard_config[F_REWRITES]) {
        $temp_str = '';
        $log_entr_added = '';
        $log_entr_err = '';
        foreach($squidguard_config[F_REWRITES][F_ITEM] as $rew) {
            $sg_tag->clear();
            $sg_tag->set("rew", $rew[F_NAME], "", "");

            if (is_array($rew[F_ITEM])) {
                foreach ($rew[F_ITEM] as $rw)
                    $sg_tag->items[] = "s@{$rw[F_TARGETURL]}@{$rw[F_REPLACETO]}@{$rw[F_MODE]}";

                if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                    if ($rew[F_LOG])
                        $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE;
                }

                $sgconf[] = "";
                $sgconf[] = $sg_tag->tag_text();
                # log
                $log_entr_added .= " {$rew[F_NAME]};";
            }
            else {
                $sgconf[] = "";
                $sgconf[] = "# Rewrite {$rew[F_NAME]} error.";
                # log
                $log_entr_err .= " {$rew[F_NAME]};";
            }
        }

        # log
        if (!empty($log_entr_added)) sg_addlog("sg_create_config", "Add rewrites: $log_entr_added", SQUIDGUARD_INFO);
        if (!empty($log_entr_err))   sg_addlog("sg_create_config", "Add rewrites error $log_entr_err", SQUIDGUARD_ERROR);
    }

    # ----------------------------------------
    $entry_blacklist = sg_entries_blacklist();

    # --- ACL ---
    $sg_tag->clear();
    $sg_tag->set("acl", "", "", "");
    if ($squidguard_config[F_ACLS]) {
        $temp_str = '';
        $log_entr_added = '';
        foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) {
            if (!$acl[F_DISABLED]) {
                $sg_acltag = new TSgTag;
                $sg_acltag->set($acl[F_NAME], "", $acl[F_TIMENAME], $acl[F_DESCRIPTION]);

                # delete blacklist entries from 'pass' if blacklist disabled
                if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') {
                    acl_remove_blacklist_items($acl[F_DESTINATIONNAME]);
                    acl_remove_blacklist_items($acl[F_OVERDESTINATIONNAME]);
                }

                # not allowing IP in URL
                if ($acl[F_NOTALLOWINGIP]) {
                    $acl[F_DESTINATIONNAME]     = "!in-addr {$acl[F_DESTINATIONNAME]}";
                    $acl[F_OVERDESTINATIONNAME] = "!in-addr {$acl[F_OVERDESTINATIONNAME]}";
                }

                # re-order acl pass (<white><!in-addr><deny><allow><all|none>)
                $acl[F_DESTINATIONNAME]     = sg_aclpass_reorder($acl[F_DESTINATIONNAME]);
                $acl[F_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[F_OVERDESTINATIONNAME]);

                # ontime
                $sg_acltag->items[] = "pass {$acl[F_DESTINATIONNAME]}";
                if ($acl[F_RMOD] != RMOD_NONE)
                $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_REDIRECT], $acl[F_RMOD]);
                if ($acl[F_REWRITENAME])
                    $sg_acltag->items[] = "rewrite {$acl[F_REWRITENAME]}";
                if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                    if ($acl[F_LOG])
                        $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE;
                }

                # overtime
                if ($acl[F_TIMENAME]) {
                    $sg_acltag->items[] = "} else {";
                    $sg_acltag->items[] = "pass {$acl[F_OVERDESTINATIONNAME]}";
                    if ($acl[F_REDIRECMODE] !== RMOD_NONE)
                        $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_OVERREDIRECT], $acl[F_RMOD]);
                    if ($acl[F_OVERREWRITENAME])
                        $sg_acltag->items[] = "rewrite {$acl[F_OVERREWRITENAME]}";
                    if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                        if ($acl[F_LOG])
                            $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE;
                    }
                }
                $sg_tag->items[] = $sg_acltag;
            }
            $log_entr_added .= " {$acl[F_NAME]};";
        }
        # log
        $log_entr_added = !empty($log_entr_added) ? $log_entr_added : "Nothing.";
        sg_addlog("sg_create_config", "Add ACL's: $log_entr_added", SQUIDGUARD_INFO);
    }

    # --- Default ---
    $sg_tag_def = new TSgTag;
    $sg_tag_def->set("default", "", "", "");
    $def = $squidguard_config[F_DEFAULT];
    sg_addlog("sg_create_config", "Add Default", SQUIDGUARD_INFO);
    if ($def) {
        $temp_str = '';

        # delete blacklist entries from 'pass' if blacklist disabled
        if ($squidguard_config[F_BLACKLISTENABLED] !== 'on')
            acl_remove_blacklist_items($def[F_DESTINATIONNAME]);

        # not allowing IP in URL
        if ($def[F_NOTALLOWINGIP])
            $def[F_DESTINATIONNAME] = "!in-addr " . $def[F_DESTINATIONNAME];

        # re-order acl pass (<allow><deny<all|none>)
        $def[F_DESTINATIONNAME] = sg_aclpass_reorder($def[F_DESTINATIONNAME]);

        # ! 'Default' must use without times !
        $sg_tag_def->items[] = "pass {$def[F_DESTINATIONNAME]}";
        if ($def[F_RMOD] !== RMOD_NONE)
            $sg_tag_def->items[] = "redirect " .  sg_redirector_base_url($def[F_REDIRECT], $def[F_RMOD]);
        if ($def[F_REWRITENAME])
            $sg_tag_def->items[] = "rewrite {$def[F_REWRITENAME]}";
        if ($squidguard_config[F_ENABLELOG] == 'on' ) {
            if ($def[F_LOG])
                $sg_tag_def->items[] = "log " . SQUIDGUARD_LOGFILE;
        }
    } # <- if def
    else {
        $msg =  "ACL 'default' is empty, will use default 'block all'";
        $sg_tag_def->items[] = "# $msg";
        $sg_tag_def->items[] = "pass none";
        $sg_tag_def->items[] = "redirect " . sg_redirector_base_url('', RMOD_INT_ERRORPAGE);
        sg_addlog("sg_create_config", "$msg.", SQUIDGUARD_ERROR);
    }

    # --- ACL end ---
    $sg_tag->items[] = $sg_tag_def; # add 'default' ACL object
    $sgconf[] = "";
    $sgconf[] = $sg_tag->tag_text();

    # delete "\n" chars before each string - SG bug (first string of config must be not empty)
    foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n");
    return implode("\n", $sgconf);
}

# ------------------------------------------------------------------------------
# sg_create_simple_config
#     Create config for DB rebuilding
#     Default rule - block all
#     Variables:
#         $blk_dbhome   - temporary DB home dir, may be different with DBHOME
#         $blk_destlist - is array as [dst_name] = 'path',
#                         where path - catalog without dbhome path
#                         For example: dbhome is '/var/db/squidGuard/',
#                         path can be 'usr/ads' or 'bl/poxy'
#         $redirect_to  - redirector string
# ------------------------------------------------------------------------------
function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404")
{
    global $squidguard_config;
    $sgconf = array();
    $logdir = $squidguard_config[F_LOGDIR];
    $dbhome = $blk_dbhome ? $blk_dbhome : $squidguard_config[F_DBHOME];

    sg_addlog("sg_create_simple_config", "Begin with dbhome='$dbhome'.", SQUIDGUARD_INFO);

    # header
    $sgconf[] = CONFIG_SG_HEADER;

    # init section
    $sgconf[] = "logdir $logdir";
    $sgconf[] = "dbhome $dbhome";
    if ( $squidguard_config[F_LDAPENABLE] == 'on' ) {
        $sgconf[] = "ldapbinddn {$squidguard_config[F_LDAPBINDDN]}";
        $sgconf[] = "ldapbindpass \"{$squidguard_config[F_LDAPBINDPASS]}\"";
        $sgconf[] = "ldapprotover {$squidguard_config[F_LDAPVERSION]}";
        if ( $squidguard_config[F_STRIPNTDOMAIN] )
            $sgconf[] = "stripntdomain true";
        if ( $squidguard_config[F_STRIPREALM] )
            $sgconf[] = "striprealm true";
    }

    $sgconf[] = "";

    # destination section
    if (is_array($blk_destlist)) {
        foreach($blk_destlist as $dst => $dpath) {
            $tmp_s = array();

            # check item elements
            if (file_exists("$dbhome/$dpath/domains"))     $tmp_s[] = "\t domainlist $dpath/domains";
            if (file_exists("$dbhome/$dpath/urls"))        $tmp_s[] = "\t urllist $dpath/urls";
            if (file_exists("$dbhome/$dpath/expressions")) $tmp_s[] = "\t expressionlist $dpath/expressions";

            # create only valid items
            if (!empty($tmp_s)) {
                $tmp_s = implode("\n", $tmp_s);
                $sgconf[] = "dest $dst {\n $tmp_s \n}\n";
                sg_addlog("sg_create_simple_config", "Added item '$dst' = '$dbhome/$dpath'.", SQUIDGUARD_INFO);
            } else
                sg_addlog("sg_create_simple_config", "Ignored empty item '$dst' = '$dbhome/$dpath'.", SQUIDGUARD_WARNING);
        }
    }

    # acl section
    $sgconf[] = "acl {\n\t default {\n\t\t pass all ";
    $sgconf[] = "\t\t redirect " . sg_redirector_base_url($redirect_to, RMOD_INT_ERRORPAGE); # use sgerror only!
    $sgconf[] = "\t } \n}";

    # delete "\n" chars before each string - SG bug (first string of config must be not empty)
    foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n");

    return implode("\n", $sgconf);
}

# -------------------------------------------------------------------------------------------------
# sg_redirector_base_url
#   $url - url where redirect to
#   $use_internal - ignore 'Redirect mode' option, use internal (for rebuild config, for example)
#
# -------------------------------------------------------------------------------------------------
function sg_redirector_base_url($rdr_info, $redirect_mode)
{
    global $squidguard_config;
    $rdr_path = '';

    # gui port, ip & proto
    $guiip = (!empty($squidguard_config[F_CURRENT_LAN_IP])) ? $squidguard_config[F_CURRENT_LAN_IP] : '127.0.0.1';
    $guiport = (!empty($squidguard_config[F_CURRENT_GUI_PORT])) ? $squidguard_config[F_CURRENT_GUI_PORT] : '80';
    $rdr_path = "http://$guiip:$guiport" . REDIRECT_BASE_URL;

    # check redirect
    $errmsg = '';
    if (!sg_check_redirect($redirect_mode, $rdr_info, $errmsg)) {
        $redirect_mode = RMOD_INT_ERRORPAGE;
        $rdr_info = "Bad redirect settings. $errmsg Check you configuration.";
        sg_addlog("sg_redirector_base_url", "$errmsg", SQUIDGUARD_ERROR);
    }

    switch($redirect_mode) {
        case RMOD_EXT_ERR:         $rdr_path = "$rdr_info" . REDIRECT_URL_ARGS; break;
        case RMOD_EXT_RDR:         $rdr_path = "$rdr_info"; break;
        case RMOD_EXT_MOVED:       $rdr_path = "301:$rdr_info"; break;
        case RMOD_EXT_FOUND:       $rdr_path = "302:$rdr_info"; break;
        case RMOD_INT_BLANKPAGE:   $rdr_path .= "?url=blank&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break;
        case RMOD_INT_BLANKIMG:    $rdr_path .= "?url=blank_img&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break;
        case RMOD_INT_SIZELIMIT:   $rdr_path .= "?url=maxlen_$rdr_info" . REDIRECT_URL_ARGS; break;
        case RMOD_INT_ERRORPAGE:
        default:                   $rdr_path .= "?url=" . rawurlencode("403 $rdr_info") . REDIRECT_URL_ARGS; break;
    }

    sg_addlog("sg_redirector_base_url", "Select redirector base url ($rdr_path)", SQUIDGUARD_INFO);
    return $rdr_path;
}

# -------------------------------------------------------------------------------------------------
# sg_aclpass_reorder
# -------------------------------------------------------------------------------------------------
function sg_aclpass_reorder($pass)
{
    $ar_pass = explode(" ", $pass);

    # 'pass' order: <white> <!in_addr> <deny> <allow> <all|none>
    if (is_array($ar_pass)) {
        $pass_end = '';
        $pass_fst = array(); # whitelist - '^' prefix (will deleted)
        $pass_sec = array(); # blacklist - '!' prefix
        $pass_lst = array(); # allow
        foreach ($ar_pass as $val) {
            $tk = trim($val);
            if ($tk === 'all' or $tk === 'none')
                $pass_end   = $val;
            elseif (strpos($tk, "^") !== false)
                # delete '^' prefix
                $pass_fst[] = str_replace('^', '', $val);
            elseif (strpos($tk, "!") !== false)
                $pass_sec[] = $val;
            else
                    $pass_lst[] = $val;
        }
        $ar_pass = array_merge($pass_fst, $pass_sec, $pass_lst);
        $ar_pass[] = $pass_end;
    }
    return implode(" ", $ar_pass);
}

# ------------------------------------------------------------
# sg_check_config_data
# ------------------------------------------------------------
function sg_check_config_data (&$input_errors)
{
    global $squidguard_config;
    $elog = array();
    $times        = sg_list_itemsfield($squidguard_config[F_TIMES], F_NAME);
    $sources      = sg_list_itemsfield($squidguard_config[F_SOURCES], F_NAME);
    $destinations = sg_list_itemsfield($squidguard_config[F_DESTINATIONS], F_NAME);
    $rewrites     = sg_list_itemsfield($squidguard_config[F_REWRITES], F_NAME);
    $acls = array();

    # --- Times ---
    if ($squidguard_config[F_TIMES]) {
        $key_tm = array_count_values($times);
        foreach($squidguard_config[F_TIMES][F_ITEM] as $tm) {
            # check name as unique and name format
            $tm_name = $tm[F_NAME];
            $err_s = '';
            if (!check_name_format($tm_name, $err_s))
                $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s";

            if ($key_tm[$tm_name] > 1)
                $elog[] = "(T2) TIME '$tm_name' error: duplicate time name '$tm_name'";

            # check time items format
            sg_check_time($tm, $elog);
        }
    }

    # --- Sources ---
    if ($squidguard_config[F_SOURCES]) {
        $key_src = array_count_values($sources);
        foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) {
            # check name as unique and name format
            $src_name = $src[F_NAME];
            $err_s = '';
            if (!check_name_format($src_name, $err_s))
                $elog[] = "(A1) ACL '$src_name'error: $err_s";

            if ($key_src[$src_name] > 1)
                $elog[] = "(A2) ACL '$src_name' error: duplicate source name '$src_name'";

            sg_check_src($src, $elog);
        }
    }

    # --- Destinations ---
    if ($squidguard_config[F_DESTINATIONS]) {
        $key_dst = array_count_values($destinations);
        foreach($squidguard_config[F_DESTINATIONS][F_ITEM] as $dst) {
            # check name as unique and name format
            $dst_name = $dst[F_NAME];
            $err_s = '';
            if (!check_name_format($dst_name, $err_s))
                $elog[] = "(D1) DEST '$dst_name' error: $err_s";

            if ($key_dst[$dst_name] > 1)
                $elog[] = "(D2) DEST '$dst_name' error: duplicate destination name '$dst_name'";
            #
            sg_check_dest($dst, $elog);
        }
    }

    # --- Blacklist ---
    if ($squidguard_config[F_BLACKLISTENABLED]) {
        $blk_entries_file = SQUIDGUARD_BLK_FILELISTPATH;
        if (file_exists($blk_entries_file)) {
            $blk_entr = explode("\n", file_get_contents($blk_entries_file));
            foreach($blk_entr as $entr) {
                if ($entr) {
                    $destinations[] = $entr;
                    # check entry for exists
                    $dbfile = $squidguard_config[F_DBHOME] . "/$entr";
                    if (!file_exists($dbfile))
                        $elog[] = "(B1) BLACKLIST '$entr' error: file '$dbfile' not found";
                }
            }
        }
    }

    # --- Rewrites ---
    if ($squidguard_config[F_REWRITES]) {
        $key_rw = array_count_values($rewrites);
        foreach($squidguard_config[F_REWRITES][F_ITEM] as $rw) {
            # check check name as unique and name format
            $rw_name = $rw[F_NAME];
            $err_s = '';
            if (!check_name_format($rw_name, $err_s))
                $elog[] = "(R1) REWRITE '$rw_name' error: $err_s";

            if ($key_rw[$rw_name] > 1)
                $elog[] = "(R2) REWRITE '$rw_name' error: duplicate rewrite name '$rw_name'";
        }
    }

    $key_times = array_count_values($times);
    $key_sources = array_count_values($sources);
    $key_destinations = array_count_values($destinations);
    $key_rewrites = array_count_values($rewrites);

    # --- ACLs ---
    if ($squidguard_config[F_ACLS]) {
        $acls = array();
        foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) {
            # skip disabled acl
            if ($acls[F_DISABLED]) continue;

            $acl_name = $acl[F_NAME];

            # check acl name for unique and exists (as source items)
            if ($acl_name and !$key_sources[$acl_name])
                $elog[] = "(A1) ACL '$acl_name' error: acl name '$acl_name' not found";

            $acls[] = $acl_name;
            $key_acls = array_count_values($acls);
            if ($key_acls[$acl_name] > 1)
                $elog[] = "(A2) ACL '$acl_name' error: duplicate acl name '$acl_name'";

            # check time
            $time = $acl[F_TIMENAME];
            if ($time and !$key_times[$time]) # time name must exists
                $elog[] = "(A3) ACL '$acl_name' error: time name '$time' not found";

            # check destinations
            if ($acl[F_DESTINATIONNAME]) {
                $acldest = $acl[F_DESTINATIONNAME];
                $acldest = str_replace("!", "", $acldest);
                $acldest = str_replace("^", "", $acldest);
                $acldest = explode(" ", $acldest);
                $key_acldest = array_count_values($acldest);
                foreach($acldest as $adest) {
                    # check duplicates destinations in acl
                    if ($key_acldest[$adest] > 1)
                        $elog[] = "(A4) ACL '$acl_name' error: duplicate destination name '$adest'. Any destination must included once.";
                    # check destinations for exists
                    if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
                        $elog[] = "(A5) ACL '$acl_name' error: destination name '$adest' not found";
                }
            } else {
                $elog[] = "(A6) ACL '$acl_name' error: ontime pass list is empty. Added 'none'.";
                $acl[F_DESTINATIONNAME] = "none";
            }

            # check overtime destinations
            if ($time) {
                if ($acl[F_OVERDESTINATIONNAME]) {
                    $acloverdest = $acl[F_OVERDESTINATIONNAME];
                    $acloverdest = str_replace("!", "", $acloverdest);
                    $acloverdest = str_replace("^", "", $acloverdest);
                    $acloverdest = explode(" ", $acloverdest);
                    $key_acloverdest = array_count_values($acloverdest);
                    foreach($acloverdest as $adest) {
                        # check duplicates destinations in acl
                        if ($key_acloverdest[$adest] > 1)
                            $elog[] = "(A7) ACL '$acl_name' error: duplicate overtime destination name '$adest'. Any destination must included once.";
                        # check destinations for exists
                        if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
                            $elog[] = "(A8) ACL '$acl_name' error: overtime destination name '$adest' not found";
                    }
                } else {
                    $elog[] = "(A9) ACL '$acl_name' error: overtime pass list is empty. Added 'none'.";
                    $acl[F_OVERDESTINATIONNAME] = "none";
                }
            }

            # check rewrite
            $rew = $acl[F_REWRITENAME];
            if ($rew and !$key_rewrites[$rew])
                $elog[] = "(AA) ACL '$acl_name' error: rewrite name '$rew' not found";

            # check overtime rewrite
            $overrew = $acl[F_OVERREWRITENAME];
            if ($time and $overrew and !$key_rewrites[$overrew])
                $elog[] = "(AB) ACL '$acl_name' error: overtime rewrite name '$overrew' not found";

            # check redirect
            $redir = $acl[F_REDIRECT];
            $overredir = $acl[F_OVERREDIRECT];
        }
    }

    # --- Default ---
    if ($squidguard_config[F_ACLS]) {
        $def = $squidguard_config[F_DEFAULT];

        # check time
        $time = $def[F_TIMENAME];
        if ($time and !$key_times[$time]) # time name must exists
            $elog[] = "(DF1) ACL 'default' error: time name '$time' not found";

        # check destinations
        if ($def[F_DESTINATIONNAME]) {
            $defdest = $def[F_DESTINATIONNAME];
            $defdest = str_replace("!", "", $defdest);
            $defdest = str_replace("^", "", $defdest);
            $defdest = explode(" ", $defdest);
            $key_defdest = array_count_values($defdest);
            foreach($defdest as $adest) {
                # check duplicates destinations in acl
                if ($key_defdest[$adest] > 1)
                    $elog[] = "(DF2) ACL 'default' error: duplicate destination name '$adest'. Any destination must included once.";
                # check destinations for exists
                if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
                    $elog[] = "(DF3) ACL 'default' error: destination name '$adest' not found";
            }
        } else {
            $elog[] = "(DF4) ACL 'default' error: ontime pass list is empty. Added 'none'.";
            $def[F_DESTINATIONNAME] = "none";
        }

        # check rewrite
        $rew = $def[F_REWRITENAME];
        if ($rew and !$key_rewrites[$rew])
            $elog[] = "(DF5) ACL 'default' error: rewrite name '$rew' not found";

        # check overtime rewrite
        $overrew = $def[F_OVERREWRITENAME];
        if ($time and $overrew and !$key_rewrites[$overrew])
            $elog[] = "(DF6) ACL 'default' error: overtime rewrite name '$overrew' not found";

        # check redirect
        $redir = $def[F_REDIRECT];
        $overredir = $def[F_OVERREDIRECT];
    }

    # update log
    if (!empty($elog)) {
            $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog);
    }

    return empty($elog);
}

# ========================== UTILS =============================================

# ------------------------------------------------------------------------------


# ==============================================================================
# self utils
# ==============================================================================
# Set file access
# ------------------------------------------------------------------------------
function set_file_access($dir, $owner, $mod)
{
    $mod = sprintf("%o", $mod);
    if (!file_exists($dir)) return;
    # recursive change access
    mwexec("chown -R -v $owner $dir");
    mwexec("chgrp -R -v $owner $dir");
    mwexec("chmod -R -v $mod $dir");
}
# ------------------------------------------------------------------------------
# scan_dir - build files listing for $dir
# ------------------------------------------------------------------------------
function scan_dir($dir)
{
    $files = array();
    if (file_exists($dir)) {
        $dh = opendir($dir);
        while (false !== ($filename = readdir($dh))) {
            # skip '.' and '..' names
            if (($filename !== '.') and ($filename !== '..')) $files[] = $filename;
        }
        sort($files);
    }
    return $files;
}

# ******************************************************************************
# squidguard utils
# ******************************************************************************
# sg_list_itemsfield - get items field list
# ------------------------------------------------------------------------------
function sg_list_itemsfield($xml_items, $fld_name)
{
    $ls = array();
    if (is_array($xml_items[F_ITEM]))
        foreach($xml_items[F_ITEM] as $it) {
            $ls[] = $it[$fld_name];
        }
    return $ls;
}

# ------------------------------------------------------------------------------
# is_url - check url an err_codes
# ------------------------------------------------------------------------------
if(!function_exists("is_url")) {
	function is_url($url)
	{
	    if (empty($url))                return false;
	    if (preg_match("/^(http|https):\/\//i", $url))    return true;
	    if (strstr("blank", $url))      return true;
	    if (strstr("blank_img", $url))  return true;
	    if (preg_match("/^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))/i", $url)) return true; # http error code 30x, 4xx, 50x.
	    return false;
	}
}

# url as 'domain/path': 'mydomain.com/index.php'
function is_dest_url($url)
{
    $fmt  = "[a-zA-Z0-9_-]";

    if (empty($url)) return false;
    if (preg_match("/^(($fmt){1,}\.){1,}($fmt){2,}(\/(.[^\*][^ ])*)/i", $url)) return true;
    return false;
}
# ------------------------------------------------------------------------------
# is_masksubnet - check ip/mask
# ------------------------------------------------------------------------------
function is_masksubnet($subnet)
{
    if (!is_string($subnet))
        return false;

    list($ip,$msk) = explode('/', $subnet);
    if (!is_ipaddr($ip) || !is_ipaddr($msk))
        return false;

    return true;
}
# ------------------------------------------------------------------------------
# is_iprange - check ip1-ip2
# ------------------------------------------------------------------------------
function is_iprange_sg($ip_range) {
    if (!is_string($ip_range))  return false;

    list($ip1,$ip2) = explode('-', $ip_range);
    if (!is_ipaddr($ip1) || !is_ipaddr($ip2)) return false;

    # ip2 < ip1 - wrong
    if (ipcmp(ip2, ip1) === -1) return false;

    return true;
}
# ------------------------------------------------------------------------------
# is_ipaddr_valid - validate IP, subnet, IP range
# ------------------------------------------------------------------------------
function is_ipaddr_valid($val)
{
    return is_string($val) && (is_ipaddr($val) || is_masksubnet($val) || is_subnet($val) || is_iprange_sg($val));
}

# ------------------------------------------------------------------------------
# is_domain_valid - check domain format
# ------------------------------------------------------------------------------
function is_domain_valid($domain)
{
    $dm_fmt = "([a-z0-9\-]{1,})";
    $dm_fmt = "/^(($dm_fmt{1,}\.){1,}$dm_fmt{2,})+$/i"; # example: (my.)(super.)(domain.)com
    return is_string($domain) && preg_match($dm_fmt, trim($domain));
}

# ------------------------------------------------------------------------------
# is_username - check username
# ------------------------------------------------------------------------------
function is_username($username)
{
    $unm_fmt = "/^\'[a-zA-Z_0-9\.\-]{1,}\'$/i";
    return is_string($username) && preg_match($unm_fmt, trim($username));
}
# ------------------------------------------------------------------------------
# check name
# ------------------------------------------------------------------------------
function check_name_format ($name, &$input_errors)
{
    $elog = array();
    $val = trim($name);

    if ((strlen($val) < 2) || (strlen($val) > 16))
        $elog[] = " Size of name '$val' must be between [2..16].";

    # All symbols must be [a-zA-Z_0-9\-] First symbol = letter.
    if (!preg_match("/^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$/i", $val))
        $elog[] = " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter.";

    # update log
    if (!empty($elog)) {
            $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog);
    }

    return empty($elog);
}
# ******************************************************************************
# squidguard check
# ******************************************************************************
# check redirect
# ------------------------------------------------------------------------------
function sg_check_redirect($rdr_mode, $rdr_info, &$err_msg)
{
    $res = true;
    switch($rdr_mode) {
        case RMOD_EXT_ERR: case RMOD_EXT_RDR: case RMOD_EXT_MOVED: case RMOD_EXT_FOUND:
            $res = is_url($rdr_info);
            if (!$res) $err_msg = "Valid URL expected, but '$rdr_info' found.";
            break;
        case RMOD_INT_SIZELIMIT:
            $res = is_numeric($rdr_path);
            if (!$res) $err_msg = "Valid number value expected, but '$rdr_info' found.";
            break;
        case RMOD_INT_BLANKPAGE: case RMOD_INT_BLANKIMG: case RMOD_INT_ERRORPAGE:
        default:
             $res = true; break;
    }
    return $res;
}

# ------------------------------------------------------------------------------
# sg_check_time
# ------------------------------------------------------------------------------
function sg_check_time($sgtime, &$input_errors)
{
    $err = '';
    $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun");
    $timetypes = array("weekly", "date");

    if (is_array($sgtime[F_ITEM])) {
        # check date and time
        foreach ($sgtime[F_ITEM] as $item) {
            if (!in_array(trim($item[F_TIMETYPE]), $timetypes))
                $err .= " Invalid type '{$item[F_TIMETYPE]}'.";
            if (!in_array(trim($item[F_TIMEDAYS]), $days))
                $err .= " Invalid week day '{$item[F_TIMEDAYS]}'.";
            if (trim($item[F_DATERANGE])) $err  .= check_date(trim($item[F_DATERANGE]));
            if (trim($item[F_TIMERANGE])) $err  .= check_time(trim($item[F_TIMERANGE]));
        }
    }

    # errors update
    if (!empty($err)) $input_errors[] = "TIME '{$sgtime[F_NAME]}': $err";
    return empty($err);
}

# ------------------------------------------------------------------------------
# sg_check_dest
# ------------------------------------------------------------------------------
function sg_check_dest($sgx, &$input_errors)
{
    $elog = array();
    $dm = explode(" ", $sgx[F_DOMAINS]);
#   $ex = explode(" ", $sgx[F_EXPRESSIONS]);
    $ur = explode(" ", $sgx[F_URLS]);
    array_packitems($dm);
    array_packitems($ur);

    # domain or ip
    foreach ($dm as $d_it) {
        if ($d_it && !is_domain_valid($d_it) && !is_ipaddr($d_it)) $elog[] = "Item '$d_it' is not a domain.";
    }

    # url
    foreach ($ur as $u_it)
        if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url.";

    # check redirect
    sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], $elog);

    # update log
    if (!empty($elog)) {
        $elog = "DEST '{$sgx[F_NAME]}': " . implode(" ", $elog);
        if (is_array($input_errors))
                 $input_errors[] = $elog;
            else $input_errors   = $elog;
    }
    return empty($elog);
}

# ------------------------------------------------------------------------------
# sg_check_src
# ------------------------------------------------------------------------------
function sg_check_src($sgx, &$input_errors)
{
    $elog = array();

    # source may be as one ('source') field or as two ('ip' and 'domain') fields
    $src = (isset($sgx[F_SOURCE])) ? $sgx[F_SOURCE] : $sgx[F_IP] . " " . $sgx[F_DOMAINS];
    if (strpos($sgx[F_SOURCE], 'ldapusersearch') === false) {
        $src = explode(" ", $src);
        foreach ($src as $s_item) {
                if ($s_item) {
                        if (!is_ipaddr_valid($s_item) and !is_domain_valid($s_item) and !is_username($s_item) and (strpos($s_item, 'ldapusersearch') !== false))
                                $elog[] = "SRC '{$sgx[F_NAME]}': Item '$s_item' is not a ip address or a domain or a 'username'.";
                }
        }
    }

    # update log
    if (!empty($elog)) {
            $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog);
    }

    return empty($elog);
}

# ------------------------------------------------------------------------------
# check rebuild blacklist
# ------------------------------------------------------------------------------
function is_blacklist_update_started()
{
    return exec("ps auxw | grep \"[s]quidGuard_blk_rebuild\" | awk '{print $2}' | wc -l | awk '{ print $1 }'");
}

# ------------------------------------------------------------------------------
# Strings
# ------------------------------------------------------------------------------
# str_pack_spaces - replace two and more space to single
# ------------------------------------------------------------------------------
function str_packspaces($str)
{
    while(strpos($str, '  ')) $str = str_replace('  ', ' ', $str);
}

function array_packitems(&$arval)
{
    if (is_array($arval)) {
        $arval = array_map("trim", $arval);          # trim all items
        $arval = array_diff($arval, array(' ', '')); # exclude ' ' abd '' elements
        $arval = array_unique($arval);               # unique items
        $arval = array_values($arval);               # pack array
    }
    return $arval;
}

# -----------------------------------------------------------------------------
# check date
#       date or date range format: 'yyyy-mm-dd', 'yyyy-m-d', 'yyyy.mm.dd'  'yyyy.mm.dd-yyyy.mm.dd'
#       date mask format: '*-mm-dd', 'yyyy-*-dd', 'yyyy.mm.*' (but not for range)
# -----------------------------------------------------------------------------
function check_date($date)
{
    $err = '';
    $val = trim($date);
    $dtfmt = "/^([0-9]{4})\.([0-9]{2})\.([0-9]{2})/i";

    # check date range
    if (preg_match("{$dtfmt}-{$dtfmt}$", $val)) {
        $val = explode("-", str_replace(".", '', $val));
        if (intval($val[0]) >= intval($val[1]))
            $err .= "Invalid date range, begin range must be less than the end. {$val[0]} - {$val[1]}";
    }
    elseif (!preg_match("/^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$/i", $val)) {
        $err .= "Bad date format.";
    }

    if ($err)
        $err = " Invalid date '$date'.
                 $err
                 You mast use date or date range format: 'yyyy.mm.dd' and 'yyyy.mm.dd-yyyy.mm.dd'.
                 Also possible use mask * (mean any). Example: '*-10-01', '1990-*-*'.";
    return $err;
}

# -----------------------------------------------------------------------------
# check time
# -----------------------------------------------------------------------------
function check_time($time)
{
    $err = '';
    $time = trim($time);

    if (empty($time)) return '';

    # time range format: 'HH:MM-HH:MM'
    if (!preg_match("/^([0-2][0-9])\:([0-5][0-9])-([0-2][0-9])\:([0-5][0-9])$/i", $time))
        $err = "Invalid time range '$time'. You must use 'HH:MM-HH:MM' time range format. ";
    else {
        $tms = str_replace("-", "\n", $time);
        $tmsview = explode("\n", $tms);
        $tms = str_replace(":", "", $tms);
        $tms = explode("\n", $tms);
        if ($tms[0] >= 2400)
            $err .= "Invalid time range var1='{$tmsview[0]}' must be < '24:00'. ";
        if ($tms[1] > 2400)
            $err .= "Invalid time range var2='{$tmsview[1]}' must be <= '24:00'. ";
        if ($tms[0] >= $tms[1])
            $err .= "Invalid time range var1='{$tmsview[0]}' must be < var2='{$tmsview[1]}'. ";
    }

    return $err;
}

# -----------------------------------------------------------------------------
# acl_remove_blacklist_items
# -----------------------------------------------------------------------------
function acl_remove_blacklist_items(&$items)
{
    # add !items and ^items
    $db_entries = sg_entries_blacklist();
    if (!is_array($db_entries))
    	return;
    $tdb_entries = array();
    foreach ($db_entries as $ent) {
        $tdb_entries[] = $ent;
        $tdb_entries[] = "!$ent";
        $tdb_entries[] = "^$ent";
    }
    $db_entries = $tdb_entries;
    unset($tdb_entries);

    # delete blacklist entries from 'pass' if blacklist disabled
    $items = explode(" ", $items);
    $items = implode(" ", array_diff($items, $db_entries));
    return $items;
}

# -----------------------------------------------------------------------------
# sg_script_logrotate
# truncate SG logfile to $lines
# -----------------------------------------------------------------------------
function sg_script_logrotate()
{
	$lines = SQUIDGUARD_LOGROTATE_MAXCOUNT;

	global $squidguard_config;

	$sglogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_LOGFILE;
	$sgguilogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_GUILOGFILE;
	$sgconflogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_CONFLOGFILE;
    $res =
<<<EOD
#!/bin/sh
#
# This file generated automaticly with SquidGuard configurator
# Rotates the block logfile
tail -{$lines} {$sglogname} > {$sglogname}.0
tail -{$lines} {$sglogname}.0 > {$sglogname}
rm -f {$sglogname}.0
# Rotates the squidguard GUI logile
tail -{$lines} {$sgguilogname} > {$sgguilogname}.0
tail -{$lines} {$sgguilogname}.0 > {$sgguilogname}
rm -f {$sgguilogname}.0
# Rotates the squidguard conf logile
tail -{$lines} {$sgconflogname} > {$sgconflogname}.0
tail -{$lines} {$sgconflogname}.0 > {$sgconflogname}
rm -f {$sgconflogname}.0
EOD;
    return $res;
}

# ------------------------------------------------------------------------------
# squidguard_setup_cron
# ------------------------------------------------------------------------------
function squidguard_cron_install()
{
    global $squidguard_config;

    $on_off = $squidguard_config[F_LOGROTATION] == 'on';

    $opt = "";
    if ($on_off) {
        $opt    = array("0", "0", "*", "*", "*", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE);
    }
    squidguard_setup_cron("squidGuard_logrotate", $opt, $on_off);
}

# ------------------------------------------------------------------------------
# squidguard_setup_cron
# ------------------------------------------------------------------------------
# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command'
# ------------------------------------------------------------------------------
function squidguard_setup_cron($task_key, $options, $on_off)
{
    global $config;
    $cron_item = array();

    # $on_off = TRUE/FALSE - install/deinstall cron task:
    # prepare new cron item
	if (is_array($options)) {
        $cron_item['minute']  =  $options[0];
        $cron_item['hour']    =  $options[1];
        $cron_item['mday']    =  $options[2];
        $cron_item['month']   =  $options[3];
        $cron_item['wday']    =  $options[4];
        $cron_item['who']     = ($options[5]) ? $options[5] : 'nobody';
        $cron_item['command'] =  $options[6];
    }

    # unset old cron task with $task_key
    if (!empty($task_key)) {
        $flag_cron_upd = false;
        # delete old cron task if exists
        if (is_array($config['cron']['item'])) {
            foreach($config['cron']['item'] as $key => $val) {
                if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) {
                    unset($config['cron']['item'][$key]);
                    $flag_cron_upd = true;
                    break;
                }
            }
        }

        # set new cron task
        if (($on_off === true) and !empty($cron_item)) {
            $config['cron']['item'][] = $cron_item;
            $flag_cron_upd = true;
        }

        # write config and configure cron only if cron task modified
        if ($flag_cron_upd === true) {
            write_config("Installed cron task '$task_key' for 'squidGuard' package");
            configure_cron();
        }
    }
    else {
        # ! error $name !
        return;
    }
}

# *****************************************************************************
# RAMDisk
#     Temp ramdisk for quickly DB update
# *****************************************************************************
function squidguard_ramdisk($enable)
{
    $ramsize = 300;

    # delete old squidguard ramdisk
    if (file_exists("/dev/md15")) {
        mwexec("umount -f " . SQUIDGUARD_TMP);
        mwexec("sleep 1");
        mwexec("mdconfig -d -u 15");
    }

    if ($enable === true) {
        # create temp ramdisk
        # size 300Mb very nice for work with Archive < 30Mb
        # this is size use physical RAM + Swap file
        mwexec("/sbin/mdmfs -s {$ramsize}M md15 " . SQUIDGUARD_TMP);
        mwexec("chmod 1777 " . SQUIDGUARD_TMP);
    }
}

# ******************************************************************************
# Blacklist
# ******************************************************************************

# ------------------------------------------------------------------------------
# squidguard_update_stat
# ------------------------------------------------------------------------------
function squidguard_update_log($msg, $new="")
{
    $to = $new ? ">" : ">>";  # create new or save to exists file
    mwexec("echo $msg $to " . SG_UPDATE_STATFILE);
}

# -----------------------------------------------------------------------------
# squidguard_blacklist_update_start()
# -----------------------------------------------------------------------------
function squidguard_blacklist_update_start($url_filename)
{
    # 1. if started - calncel
    if (squidguard_blacklist_update_IsStarted()) squidguard_blacklist_update_cancel();

    # 2. delete old script
    if (file_exists(SCR_NAME_BLKUPDATE)) unlink(SCR_NAME_BLKUPDATE);

    # 3. create new php script & set permissions
    file_put_contents(SCR_NAME_BLKUPDATE, squidguard_script_blacklistupdate($url_filename, ""));
    set_file_access  (SCR_NAME_BLKUPDATE, OWNER_NAME, 0755);

    # 4. start script background
    mwexec_bg(SCR_NAME_BLKUPDATE);
}

# -----------------------------------------------------------------------------
# squidguard_blacklist_update_cancel
# -----------------------------------------------------------------------------
function squidguard_blacklist_update_cancel()
{
    # kill script and SG update process
    mwexec("kill `ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}'`");
    mwexec("kill `ps auxwwww | grep 'squidGuard -c .* -C all' | grep -v 'grep' | awk '{print $2}'`");
    squidguard_ramdisk(false);

    squidguard_update_log("Blacklist update terminated by user.", "");
}

# -----------------------------------------------------------------------------
# squidguard_blacklist_update_clearlog
# -----------------------------------------------------------------------------
function squidguard_blacklist_update_clearlog()
{
    # zero file
    file_put_contents(SG_UPDATE_STATFILE, "");
}

# -----------------------------------------------------------------------------
# squidguard_blacklist_update_IsStarted()
# -----------------------------------------------------------------------------
function squidguard_blacklist_update_IsStarted()
{
    return exec("ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}' | wc -l | awk '{ print $1 }'");
}

# -----------------------------------------------------------------------------
# sg_reconfigure_blacklist($source_filename, $opt)
#     $source_filename - file name or url
#     $opt - option:
#         '' or 'local'   - update from local file
#         'url'           - update from url
# -----------------------------------------------------------------------------
function sg_reconfigure_blacklist($source_filename, $opt = '')
{
    global $squidguard_config;
    $sf = trim($source_filename);
    $sf_contents = '';

    sg_addlog("sg_reconfigure_blacklist", "Begin blacklist update.", SQUIDGUARD_INFO);
    squidguard_update_log("Begin blacklist update", "New");

    # 1. check system
    sg_check_system();

    # 2. download
    if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar'
        sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO);
        squidguard_update_log("Copy archive from file '$sf'");
        if (file_exists($sf)) {
            $sf_contents = file_get_contents($sf);
        } else {
            sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR);
            squidguard_update_log("File '$sf' not found.");
            return;
        }
    }
    # from url
    else {
        sg_addlog("sg_reconfigure_blacklist", "Download from url '$sf'.", SQUIDGUARD_INFO);
        squidguard_update_log("Start download.");
        $sf_contents = sg_uploadfile_from_url($sf, $opt);
    }

    # 3. update
    if (empty($sf_contents)) {
        sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'. Terminate.", SQUIDGUARD_ERROR);
        squidguard_update_log("Bad content from '$sf'. Terminate.");
        return;
    }

    # save black list archive content to local file
    file_put_contents(SG_UPDATE_TARFILE, $sf_contents);

    # update blacklist
    sg_update_blacklist(SG_UPDATE_TARFILE);
}

# ------------------------------------------------------------------------------
# sg_update_blacklist - update blacklist from file
# How it's work:
#     - unpack tar archive to temp dir
#     - copy subdir's tree to one-level TempDB
#     - rebuild TempDB
#     - create Blacklist files listing and copy to values dir and TempDB dir
#     - background rebuild temp DB via sh script (longer proccess) and copy to work DB
# ------------------------------------------------------------------------------

function sg_update_blacklist($from_file)
{
    global $squidguard_config;
    $dbhome  = SQUIDGUARD_DBHOME;
    $workdir = SQUIDGUARD_WORKDIR;
    $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK;
    $arc_db_dir     = SQUIDGUARD_TMP . SG_BLK_ARC;
    $conf_path      = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF;
    $blklist_file   = SQUIDGUARD_BLK_FILELISTPATH;

    sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO);

    if (file_exists($from_file)) {
        # check work and DB dir's
        if (file_exists($squidguard_config[F_DBHOME]))  $dbhome  = $squidguard_config[F_DBHOME];
        if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR];

        # delete old tmp dir's
        if (file_exists($tmp_unpack_dir)) mwexec("rm -R $tmp_unpack_dir");
        if (file_exists($arc_db_dir))     mwexec("rm -R $arc_db_dir");
        squidguard_ramdisk(false);

        # create new tmp/arc dir's, use ramdisk for quick operations
        squidguard_ramdisk(true);
        mwexec("mkdir -p -m 0755 $tmp_unpack_dir");
        mwexec("mkdir -p -m 0755 $arc_db_dir");

        # 1. unpack archive
        squidguard_update_log("Unpack archive");
        mwexec("tar zxvf $from_file -C $tmp_unpack_dir");
        set_file_access($tmp_unpack_dir, OWNER_NAME, 0755);
        sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO);

        # 2. copy blacklist to TempDB base & create entries list
        squidguard_update_log("Scan blacklist categories.");
        if (file_exists($tmp_unpack_dir)) {
            $blk_items = array();
            $blk_list  = array();

            # scan blacklist items
            scan_blacklist_cat($tmp_unpack_dir, "blk", $blk_items);

            # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB)
            foreach ($blk_items as $key => $val) {
                $current_dbpath = "$arc_db_dir/$key";
                if (count($val)) {
                    # make blk_list for config file
                    $blk_list[$key] = $key;

                    # delete '$current_dbpath' for correct moving
                    # need moving $val['path'] to $current_dbpath
                    # if $current_dbpath exists, then $val['path'] will created as subdir - !it's worng!
                    if (file_exists($current_dbpath))
                        mwexec("rm -R $current_dbpath");
                    mwexec("mv -f {$val['path']}/ $current_dbpath");
                    sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO);
                }
            }
            set_file_access($arc_db_dir, OWNER_NAME, 0755);

            # create entries list
            if (count($blk_items)) {
                # save to temp DB
                $cont = implode("\n", array_keys($blk_items));

                # temp blacklist files
                $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST;
                file_put_contents($blklist_file, $cont);
                set_file_access  ($blklist_file, OWNER_NAME, 0755);

                # system blacklist files
                $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
                file_put_contents($blklist_file, $cont);
                set_file_access  ($blklist_file, OWNER_NAME, 0755);

                sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO);
                squidguard_update_log("Found " . count($blk_items) . " items.");
            }

            # rebuild db & save to work dir
            squidguard_update_log("Start rebuild DB.");
            squidguard_rebuild_db("blk_", $arc_db_dir, $blk_list);

            squidguard_update_log("Copy DB to workdir.");
            $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST;
            mwexec("cp -R -p $arc_db_dir/ $dbhome");
            mwexec("cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR);
            set_file_access($dbhome, OWNER_NAME, 0755);

            squidguard_update_log("Reconfigure Squid proxy.");
            mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure");

            squidguard_update_log("Blacklist update complete.");

        }

        # free ramdisk
        squidguard_ramdisk(false);
    }
    else sg_addlog("sg_update_blacklist", "File $from_file not found.", SQUIDGUARD_ERROR);
}

# -----------------------------------------------------------------------------
# sg_entries_blacklist
# -----------------------------------------------------------------------------
function sg_entries_blacklist()
{
    $contents = '';

    $fl = SQUIDGUARD_BLK_FILELISTPATH;
    if (file_exists($fl))
        $contents = explode("\n", file_get_contents($fl));

    return $contents;
}
# -----------------------------------------------------------------------------
# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard')
# -----------------------------------------------------------------------------
/*
function sg_blacklist_rebuild_db()
{
    global $squidguard_config;
    $dst_list = array();
    $dbhome  = $squidguard_config[F_DBHOME];
    $workdir = $squidguard_config[F_WORKDIR];

    # current dbhome and work dir's
    sg_addlog("sg_blacklist_rebuild_db", "Start with path '$dbhome'.", SQUIDGUARD_INFO);

    # make dest list
    $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
    if (file_exists($blklist_file)) {
        $blklist = explode("\n", file_get_contents($blklist_file));
        if (is_array($blklist))
            foreach($blklist as $bl) { $dst_list[$bl] = $bl; }
    }

    # rebuild user db ('/var/db/squidGuard')
    squidguard_rebuild_db("_blkdb", $dbhome, $dst_list);
}
*/
# -----------------------------------------------------------------------------
# sg_uploadfile_from_url
# -----------------------------------------------------------------------------
function sg_uploadfile_from_url($url_file, $proxy = '')
{
    $err = 0;
    $download_tmpfile = SG_UPDATE_TMPFILE; #"/tmp/squidguard_download.tmp";
    $download_logfile = SG_UPDATE_LOGFILE; #"/tmp/squidguard_download.log";

    conf_mount_rw();
    # open destination file
    $s = "Download archive '$url_file'" . ( $proxy ? " via proxy'$proxy'" : "" );
    sg_addlog("sg_uploadfile_from_url", $s, SQUIDGUARD_INFO);
    squidguard_update_log( $s );

    # open temp and log files for curl
    $ftmp = fopen($download_tmpfile, "w"); # download result file
    $flog = fopen($download_logfile, "w"); # download log file

    $result = '';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url_file);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_NOPROGRESS, 0);
    curl_setopt($ch, CURLOPT_FILE,   $ftmp);
    curl_setopt($ch, CURLOPT_STDERR, $flog);

    if (!empty($proxy)) {
        $ip    = '';
        $login = '';
        $s     = trim($proxy);
        if (strpos($s, ' ')) {
            $ip    = substr($s, 0, strpos($s, ' '));
            $login = substr($s, strpos($s, ' ') + 1);
        } else      $ip    = $s;

        if($ip != '') {
            curl_setopt($ch, CURLOPT_PROXY, $ip);
            if($login != '')
                curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login);
        }
    }
#    $result=curl_exec ($ch);
    curl_exec ($ch);
    $err = curl_errno($ch);
    if ($err)
         squidguard_update_log( "Download error: " . curl_error($ch) );
    else squidguard_update_log( "Download complete" );
    curl_close ($ch);

    # close temp and log files
    fclose($ftmp);
    fclose($flog);
    conf_mount_ro();

    if (!$err &&  file_exists( $download_tmpfile ))
        $result = file_get_contents( $download_tmpfile );
    return $result;
}

# ------------------------------------------------------------------------------
# squidguard_blacklist_restore_arcdb - copy arc blacklist to db
# ------------------------------------------------------------------------------
function squidguard_blacklist_restore_arcdb()
{
    global $squidguard_config;
    $dbhome           = $squidguard_config[F_DBHOME] ? $squidguard_config[F_DBHOME] : SQUIDGUARD_DBHOME;
    $blklist_file     = SQUIDGUARD_BLK_FILELISTPATH;
    $arc_db_dir       = SQUIDGUARD_DBSAMPLE;

    squidguard_update_log("Restore default blacklist DB.", "new");
    if (file_exists($arc_db_dir)) {
        conf_mount_rw();
        # copy arc blacklist to work DB with permissions
        mwexec("cp -R -p $arc_db_dir/ $dbhome");
        set_file_access($dbhome, OWNER_NAME, 0755);
        sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO);

        # generate blacklist files list
        $blklist = "";
        $files   = scan_dir("$arc_db_dir/");
        if ($files) $blklist = implode("\n", $files);
        file_put_contents($blklist_file, $blklist);
        set_file_access($blklist_file, OWNER_NAME, 0755);

        squidguard_rebuild_db("arc_", $dbhome, $files);

        squidguard_update_log("Reconfigure Squid proxy.");
        mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure");

        conf_mount_ro();
        squidguard_update_log("Restore success.");
    } else {
        sg_addlog("squidguard_blacklist_restore_arcdb", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR);
        squidguard_update_log("Restore error: File '$arc_db_dir' or '$blklist_file' not found.");
    }
}

# ------------------------------------------------------------------------------
# scan_blacklist_cat - scan all dirs and subdirs tree and make blk enrties list
#     $cur_dir - start directory
#     $key_name - current key name
# ------------------------------------------------------------------------------
# blk entry[key]:
#    ["domains"]     domains file path
#    ["urls"]        urls file path
#    ["expressions"] expressions file path
# ------------------------------------------------------------------------------
function scan_blacklist_cat($curdir, $key_name, &$cat_array)
{

    if (file_exists($curdir) and is_dir($curdir)) {
        $blk_entry = array();
        $files = scan_dir($curdir);

        foreach($files as $fls) {
            $fls_file = "$curdir/$fls";

            if (($fls != ".") and ($fls != "..")) {
                if (is_file($fls_file)) {

                     # add files path
                     switch(strtolower($fls)) {
                         case "domains":
                             $blk_entry["domains"] = $fls_file;
                             $blk_entry["path"]    = $curdir;
                             break;
                         case "urls":
                             $blk_entry["urls"] = $fls_file;
                             $blk_entry["path"]    = $curdir;
                             break;
                         case "expressions":
                             $blk_entry["expressions"] = $fls_file;
                             $blk_entry["path"]    = $curdir;
                             break;
                     }
                 }
                 elseif (is_dir($fls_file)) {
                     $fls_key = $key_name . "_" . $fls;

                     # recursive call
                     scan_blacklist_cat($fls_file, $fls_key, $cat_array);
                 }
            }
        }

        if (count($blk_entry))
            $cat_array[$key_name] = $blk_entry;
    }
}

# =============================================================================
# Blacklist Scripts
# =============================================================================

# squidGuard blacklist update php script
function squidguard_script_blacklistupdate($fname, $opt)
{
    $sh[] = "#!/usr/local/bin/php -f";
    $sh[] = "<?php";
    $sh[] = "    \$incl = \"/usr/local/pkg/squidguard_configurator.inc\";";
    $sh[] = "    if (file_exists(\$incl)) {";
    $sh[] = "        require_once(\$incl);";
    $sh[] = "        sg_reconfigure_blacklist( \"{$fname}\", \"{$opt}\" );";
    $sh[] = "    }";
    $sh[] = "    exit;";
    $sh[] = "?>";
    return implode ("\n", $sh);
}

# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# classes
# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

class TSgTag
{
    var $tag;
    var $name;
    var $time;
    var $items;
    var $desc;

    function __construct() {
        $this->clear();
    }

    function clear() {
        $this->tag    = '';
        $this->name   = '';
        $this->time   = '';
        $this->items  = array();
        $this->desc   = '';
    }

    function set($tag, $name, $time, $desc) {
        $this->tag    = $tag;
        $this->name   = $name;
        $this->time   = $time;
        $this->desc   = $desc;
    }

    function tag_text($offset = 0) {
        $str = array();
        $off = str_repeat("\t", $offset);

        $str[] = $off . "# {$this->desc}";
        if (empty($this->time))
             $str[] = $off . "{$this->tag} {$this->name} {";
        else $str[] = $off . "{$this->tag} {$this->name} within {$this->time} {";

        # get items
        foreach($this->items as $it) {
            if (is_a($it, "TSgTag"))
                $str[] = $off . $it->tag_text($offset + 1); # sub tag
            else $str[] = $off . "\t{$it}";                  # item
        }

        $str[] = $off . "}";
        return implode("\n", $str);
    }
}

?>