const
 g_Lock            = 0;       { Access level - Lock              }
 g_Guest           = 1;       { Access level - Guest             }
 g_User            = 2;       { Access level - User              }
 g_Root            = 3;       { Access level - Root              }
 g_List            = 'Lock,Guest,User,Root'; { Guard levels      }
 snd_Deny          = 'Deny';  { Sound on access denied           }

[TrustedUsers]
;----------------------------------------------------------------
;guard      user        host            IP          MAC
;----------------------------------------------------------------
*           .           .               .           .
*           *           *               *           *
;----------------------------------------------------------------
;web-x      username    remote_host     remote_addr password
;----------------------------------------------------------------
web-root    root        localhost       *           *
web-user    user        localhost       *           *
web-guest   guest       *               *           *
;----------------------------------------------------------------

[]
{
Check access level.
}
function GrantAccess(gWanted:Integer):Boolean;
var gLevel:Integer; b:Boolean;
begin
 gLevel:=WordIndex(ParamStr('Guard'),g_List)-1;
 if gLevel>=gWanted then GrantAccess:=True else begin
  b:=eval('@system @async @menu run FormCrw32.ActionWindowsSecretService')>0;
  Warning(RusEng('Требуется пароль '+ExtractWord(gWanted+1,g_List)+'. ',
                  ExtractWord(gWanted+1,g_List)+' password required.'));
  b:=Voice(snd_Deny);
  GrantAccess:=False;
 end;
end;
{
Check if given (Guard,User,Host,IP,MAC) set have access rights.
}
function GrantAccessDim(Guard,User,Host,IP,MAC:String):Boolean;
var t,i:Integer; w1,w2,w3,w4,w5:String; g,g1,g2,g3,g4,g5:Boolean;
begin
 g:=false;
 w1:='';w2:='';w3:='';w4:='';w5:='';
 t:=ReadIniSection(text_new,16,'',ReadIni('TrustedUsers'));
 for i:=0 to text_numln(t)-1 do
 if WordCount(text_getln(t,i))=5 then begin
  w1:=ExtractWord(1,text_getln(t,i));  if w1='.' then w1:=ParamStr('Guard');
  w2:=ExtractWord(2,text_getln(t,i));  if w2='.' then w2:=ParamStr('UserName');
  w3:=ExtractWord(3,text_getln(t,i));  if w3='.' then w3:=ParamStr('HostName');
  w4:=ExtractWord(4,text_getln(t,i));  if w4='.' then w4:=ParamStr('IPAddress');
  w5:=ExtractWord(5,text_getln(t,i));  if w5='.' then w5:=ExtractWord(1,ParamStr('MACAddress'));
  g1:=IsSameText(w1,'*') or (CompareGuards(w1,Guard)>=0);
  g2:=IsSameText(w2,'*') or IsSameText(w2,User);
  g3:=IsSameText(w3,'*') or IsSameText(w3,Host);
  g4:=IsSameText(w4,'*') or IsSameText(w4,IP);
  g5:=IsSameText(w5,'*') or IsSameText(w5,ExtractWord(1,MAC));
  if g1 and g2 and g3 and g4 and g5 then g:=true;
 end;
 b:=text_free(t);
 w1:='';w2:='';w3:='';w4:='';w5:='';
 GrantAccessDim:=g;
end;
{
Grant access to (User,Host,IP,Password) Web user.
Return 0/1/2/3=Deny/Guest/User/Root access level.
}
function GrantAccessWeb(User,Host,IP,Password:String):Integer;
var i:Integer; w1,w2,w3,w4,w5:String; g,g1,g2,g3,g4,g5:Integer;
begin
 g:=acc_Deny;
 w1:='';w2:='';w3:='';w4:='';w5:='';
 if text_NumLn(WEB.TrustedUsers)=0 then begin
  if Length(ReadIni('TrustedUsers'))>0 then begin
   i:=ReadIniSection(WEB.TrustedUsers,16,'',ReadIni('TrustedUsers'));
   if text_numln(WEB.TrustedUsers)=0
   then Trouble('TrustedUsers section is empty!');
  end else Trouble('TrustedUsers is not specified!');
 end;
 for i:=0 to text_numln(WEB.TrustedUsers)-1 do
 if WordCount(text_getln(WEB.TrustedUsers,i))=5 then begin
  w1:=ExtractWord(1,text_getln(WEB.TrustedUsers,i));
  g1:=WordIndex(w1,acc_webList);
  if g1>acc_Deny then begin
   w2:=ExtractWord(2,text_getln(WEB.TrustedUsers,i));
   if w2='.' then w2:=ParamStr('UserName');
   g2:=Ord(IsSameText(w2,'*') or IsSameText(w2,User));
   if g2>acc_Deny then begin
    w3:=ExtractWord(3,text_getln(WEB.TrustedUsers,i));
    if w3='.' then w3:=ParamStr('HostName');
    g3:=Ord(IsSameText(w3,'*') or IsSameText(w3,Host));
    if g3>acc_Deny then begin
     w4:=ExtractWord(4,text_getln(WEB.TrustedUsers,i));
     if w4='.' then w4:=ParamStr('IPAddress');
     g4:=Ord(IsSameText(w4,'*') or IsSameText(w4,IP));
     if g4>acc_Deny then begin
      w5:=ExtractWord(5,text_getln(WEB.TrustedUsers,i));
      g5:=Ord(IsSameText(w5,'*') or (w5=Password) or
             (Trim(Crypt_Decode(w5,'crw-daq.ru'))=Password));
     end;
    end;
   end;
  end;
  g:=Round(Max(g,g1*g2*g3*g4*g5));
 end;
 w1:='';w2:='';w3:='';w4:='';w5:='';
 GrantAccessWeb:=g;
end;
{
Grant access for HTTP request.
Mode bits are:
1 - Get username & password from Cookie items.
}
function WebAccessGranted(Mode:Integer):Integer;
begin
 if iAnd(Mode,1)>0 then begin
  {get username&password from cookies}
  if GetStringVar(WEB.CookieItems,'RemoteUserName',WEB.UserName)
  then WEB.UserName:=Trim(Crypt_Decode(WEB.UserName,dump(TimeBase)));
  if GetStringVar(WEB.CookieItems,'RemotePassword',WEB.Password)
  then WEB.Password:=Trim(Crypt_Decode(WEB.Password,dump(TimeBase)));
 end;
 WebAccessGranted:=GrantAccess(WEB.UserName,WEB.RemoteHost,WEB.RemoteAddr,WEB.Password);
end;

