X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/d7026c509f7a7ff0383689789f2e0b5b1fcc9b59..aff88622fc65f266e4c511c5138b950cc72ba444:/projects/stargazer/user_impl.cpp?ds=sidebyside

diff --git a/projects/stargazer/user_impl.cpp b/projects/stargazer/user_impl.cpp
index f01ba563..d530108b 100644
--- a/projects/stargazer/user_impl.cpp
+++ b/projects/stargazer/user_impl.cpp
@@ -32,11 +32,9 @@
 #define _GNU_SOURCE
 #endif
 
-#include <pthread.h>
-#include <unistd.h> // access
-
-#include <cassert>
-#include <cstdlib>
+#include "user_impl.h"
+#include "settings_impl.h"
+#include "stg_timer.h"
 
 #include "stg/users.h"
 #include "stg/common.h"
@@ -44,27 +42,50 @@
 #include "stg/tariff.h"
 #include "stg/tariffs.h"
 #include "stg/admin.h"
-#include "user_impl.h"
-#include "settings_impl.h"
-#include "stg_timer.h"
+
+#include <algorithm>
+#include <functional>
+
+#include <cassert>
+#include <cstdlib>
+#include <cmath>
+
+#include <pthread.h>
+#include <unistd.h> // access
+
+namespace
+{
+
+std::string dirsToString(const bool * dirs)
+{
+std::string res;
+for (size_t i = 0; i < DIR_NUM; i++)
+    res += dirs[i] ? '1' : '0';
+return res;
+}
+
+void dirsFromBits(bool * dirs, uint32_t bits)
+{
+for (size_t i = 0; i < DIR_NUM; i++)
+    dirs[i] = bits & (1 << i);
+}
+
+}
 
 #ifdef USE_ABSTRACT_SETTINGS
 USER_IMPL::USER_IMPL(const SETTINGS * s,
            const STORE * st,
            const TARIFFS * t,
            const ADMIN * a,
-           const USERS * u)
-    : USER(),
-      users(u),
-      property(s->GetScriptsDir()),
+           const USERS * u,
+           const SERVICES & svcs)
+    : users(u),
+      property(*s),
       WriteServLog(GetStgLogger()),
       lastScanMessages(0),
-      login(),
       id(0),
       __connected(0),
       connected(__connected),
-      enabledDirs(),
-      userIDGenerator(),
       __currIP(0),
       currIP(__currIP),
       lastIPForDisconnect(0),
@@ -73,11 +94,9 @@ USER_IMPL::USER_IMPL(const SETTINGS * s,
       store(st),
       tariffs(t),
       tariff(NULL),
-      traffStat(),
-      traffStatSaved(),
+      m_services(svcs),
       settings(s),
-      authorizedBy(),
-      messages(),
+      authorizedModificationTime(0),
       deleted(false),
       lastWriteStat(0),
       lastWriteDetailedStat(0),
@@ -115,49 +134,30 @@ USER_IMPL::USER_IMPL(const SETTINGS * s,
       userdata7(property.userdata7),
       userdata8(property.userdata8),
       userdata9(property.userdata9),
-      sessionUpload(),
-      sessionDownload(),
+      sessionUploadModTime(stgTime),
+      sessionDownloadModTime(stgTime),
       passiveNotifier(this),
+      disabledNotifier(this),
       tariffNotifier(this),
       cashNotifier(this),
-      ipNotifier(this),
-      mutex(),
-      errorStr()
+      ipNotifier(this)
 {
-password = "*_EMPTY_PASSWORD_*";
-tariffName = NO_TARIFF_NAME;
-ips = StrToIPS("*");
-lastWriteStat = stgTime + random() % settings->GetStatWritePeriod();
-lastWriteDetailedStat = stgTime;
-
-property.tariffName.AddBeforeNotifier(&tariffNotifier);
-property.passive.AddBeforeNotifier(&passiveNotifier);
-property.disabled.AddAfterNotifier(&disabledNotifier);
-property.cash.AddBeforeNotifier(&cashNotifier);
-ips.AddAfterNotifier(&ipNotifier);
-
-pthread_mutexattr_t attr;
-pthread_mutexattr_init(&attr);
-pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
-pthread_mutex_init(&mutex, &attr);
+Init();
 }
 #else
 USER_IMPL::USER_IMPL(const SETTINGS_IMPL * s,
                      const STORE * st,
                      const TARIFFS * t,
                      const ADMIN * a,
-                     const USERS * u)
-    : USER(),
-      users(u),
-      property(s->GetScriptsDir()),
+                     const USERS * u,
+                     const SERVICES & svcs)
+    : users(u),
+      property(*s),
       WriteServLog(GetStgLogger()),
       lastScanMessages(0),
-      login(),
       id(0),
       __connected(0),
       connected(__connected),
-      enabledDirs(),
-      userIDGenerator(),
       __currIP(0),
       currIP(__currIP),
       lastIPForDisconnect(0),
@@ -166,11 +166,9 @@ USER_IMPL::USER_IMPL(const SETTINGS_IMPL * s,
       store(st),
       tariffs(t),
       tariff(NULL),
-      traffStat(),
-      traffStatSaved(),
+      m_services(svcs),
       settings(s),
-      authorizedBy(),
-      messages(),
+      authorizedModificationTime(0),
       deleted(false),
       lastWriteStat(0),
       lastWriteDetailedStat(0),
@@ -208,18 +206,23 @@ USER_IMPL::USER_IMPL(const SETTINGS_IMPL * s,
       userdata7(property.userdata7),
       userdata8(property.userdata8),
       userdata9(property.userdata9),
-      sessionUpload(),
-      sessionDownload(),
+      sessionUploadModTime(stgTime),
+      sessionDownloadModTime(stgTime),
       passiveNotifier(this),
       disabledNotifier(this),
       tariffNotifier(this),
       cashNotifier(this),
-      ipNotifier(this),
-      mutex(),
-      errorStr()
+      ipNotifier(this)
+{
+Init();
+}
+#endif
+//-----------------------------------------------------------------------------
+void USER_IMPL::Init()
 {
 password = "*_EMPTY_PASSWORD_*";
 tariffName = NO_TARIFF_NAME;
+tariff = tariffs->FindByName(tariffName);
 ips = StrToIPS("*");
 lastWriteStat = stgTime + random() % settings->GetStatWritePeriod();
 lastWriteDetailedStat = stgTime;
@@ -235,19 +238,17 @@ pthread_mutexattr_init(&attr);
 pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
 pthread_mutex_init(&mutex, &attr);
 }
-#endif
 //-----------------------------------------------------------------------------
 USER_IMPL::USER_IMPL(const USER_IMPL & u)
     : USER(),
       users(u.users),
-      property(u.settings->GetScriptsDir()),
+      property(*u.settings),
       WriteServLog(GetStgLogger()),
       lastScanMessages(0),
       login(u.login),
       id(u.id),
       __connected(0),
       connected(__connected),
-      enabledDirs(),
       userIDGenerator(u.userIDGenerator),
       __currIP(u.__currIP),
       currIP(__currIP),
@@ -257,10 +258,11 @@ USER_IMPL::USER_IMPL(const USER_IMPL & u)
       store(u.store),
       tariffs(u.tariffs),
       tariff(u.tariff),
+      m_services(u.m_services),
       traffStat(u.traffStat),
       traffStatSaved(u.traffStatSaved),
       settings(u.settings),
-      authorizedBy(),
+      authorizedModificationTime(u.authorizedModificationTime),
       messages(u.messages),
       deleted(u.deleted),
       lastWriteStat(u.lastWriteStat),
@@ -301,13 +303,13 @@ USER_IMPL::USER_IMPL(const USER_IMPL & u)
       userdata9(property.userdata9),
       sessionUpload(),
       sessionDownload(),
+      sessionUploadModTime(stgTime),
+      sessionDownloadModTime(stgTime),
       passiveNotifier(this),
       disabledNotifier(this),
       tariffNotifier(this),
       cashNotifier(this),
-      ipNotifier(this),
-      mutex(),
-      errorStr()
+      ipNotifier(this)
 {
 if (&u == this)
     return;
@@ -335,9 +337,9 @@ property.cash.DelBeforeNotifier(&cashNotifier);
 pthread_mutex_destroy(&mutex);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::SetLogin(string const & l)
+void USER_IMPL::SetLogin(const std::string & l)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 assert(login.empty() && "Login is already set");
 login = l;
 id = userIDGenerator.GetNextID();
@@ -345,7 +347,7 @@ id = userIDGenerator.GetNextID();
 //-----------------------------------------------------------------------------
 int USER_IMPL::ReadConf()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 USER_CONF conf;
 
 if (store->RestoreUserConf(&conf, login))
@@ -393,7 +395,7 @@ return 0;
 //-----------------------------------------------------------------------------
 int USER_IMPL::ReadStat()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 USER_STAT stat;
 
 if (store->RestoreUserStat(&stat, login))
@@ -412,7 +414,7 @@ return 0;
 //-----------------------------------------------------------------------------
 int USER_IMPL::WriteConf()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 USER_CONF conf(property.GetConf());
 
 printfd(__FILE__, "USER::WriteConf()\n");
@@ -431,7 +433,7 @@ return 0;
 //-----------------------------------------------------------------------------
 int USER_IMPL::WriteStat()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 USER_STAT stat(property.GetStat());
 
 if (store->SaveUserStat(stat, login))
@@ -450,7 +452,7 @@ return 0;
 //-----------------------------------------------------------------------------
 int USER_IMPL::WriteMonthStat()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 time_t tt = stgTime - 3600;
 struct tm t1;
 localtime_r(&tt, &t1);
@@ -470,13 +472,19 @@ return 0;
 //-----------------------------------------------------------------------------
 int USER_IMPL::Authorize(uint32_t ip, uint32_t dirs, const AUTH * auth)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 /*
  *  Authorize user. It only means that user will be authorized. Nothing more.
  *  User can be connected or disconnected while authorized.
  *  Example: user is authorized but disconnected due to 0 money or blocking
  */
 
+/*
+ * TODO: in fact "authorization" means allowing access to a service. What we
+ * call "authorization" here, int STG, is "authentication". So this should be
+ * fixed in future.
+ */
+
 /*
  * Prevent double authorization by identical authorizers
  */
@@ -486,16 +494,13 @@ if (authorizedBy.find(auth) != authorizedBy.end())
 if (!ip)
     return -1;
 
-for (int i = 0; i < DIR_NUM; i++)
-    {
-    enabledDirs[i] = dirs & (1 << i);
-    }
+dirsFromBits(enabledDirs, dirs);
 
 if (!authorizedBy.empty())
     {
     if (currIP != ip)
         {
-        //  We are already authorized, but with different IP address
+        // We are already authorized, but with different IP address
         errorStr = "User " + login + " already authorized with IP address " + inet_ntostring(ip);
         return -1;
         }
@@ -503,11 +508,11 @@ if (!authorizedBy.empty())
     USER * u = NULL;
     if (!users->FindByIPIdx(ip, &u))
         {
-        //  Address is already present in IP-index
-        //  If it's not our IP - throw an error
+        // Address presents in IP-index.
+        // If it's not our IP - report it.
         if (u != this)
             {
-            errorStr = "IP address " + inet_ntostring(ip) + " already in use";
+            errorStr = "IP address " + inet_ntostring(ip) + " is already in use";
             return -1;
             }
         }
@@ -516,8 +521,8 @@ else
     {
     if (users->IsIPInIndex(ip))
         {
-        //  Address is already present in IP-index
-        errorStr = "IP address " + inet_ntostring(ip) + " already in use";
+        // Address is already present in IP-index.
+        errorStr = "IP address " + inet_ntostring(ip) + " is already in use";
         return -1;
         }
 
@@ -529,11 +534,13 @@ else
     else
         {
         printfd(__FILE__, " user %s: ips = %s\n", login.c_str(), ips.ConstData().GetIpStr().c_str());
-        errorStr = "IP address " + inet_ntostring(ip) + " not belong user " + login;
+        errorStr = "IP address " + inet_ntostring(ip) + " does not belong to user " + login;
         return -1;
         }
     }
 
+if (authorizedBy.empty())
+    authorizedModificationTime = stgTime;
 authorizedBy.insert(auth);
 
 ScanMessage();
@@ -541,60 +548,75 @@ ScanMessage();
 return 0;
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::Unauthorize(const AUTH * auth)
+void USER_IMPL::Unauthorize(const AUTH * auth, const std::string & reason)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 /*
  *  Authorizer tries to unauthorize user, that was not authorized by it
  */
 if (!authorizedBy.erase(auth))
     return;
 
+authorizedModificationTime = stgTime;
+
 if (authorizedBy.empty())
     {
+    lastDisconnectReason = reason;
     lastIPForDisconnect = currIP;
     currIP = 0; // DelUser in traffcounter
+    if (connected)
+        Disconnect(false, "not authorized");
     return;
     }
 }
 //-----------------------------------------------------------------------------
 bool USER_IMPL::IsAuthorizedBy(const AUTH * auth) const
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-//  Is this user authorized by specified authorizer?
+STG_LOCKER lock(&mutex);
+// Is this user authorized by specified authorizer?
 return authorizedBy.find(auth) != authorizedBy.end();
 }
 //-----------------------------------------------------------------------------
+std::vector<std::string> USER_IMPL::GetAuthorizers() const
+{
+    STG_LOCKER lock(&mutex);
+    std::vector<std::string> list;
+    std::transform(authorizedBy.begin(), authorizedBy.end(), std::back_inserter(list), std::mem_fun(&AUTH::GetVersion));
+    return list;
+}
+//-----------------------------------------------------------------------------
 void USER_IMPL::Connect(bool fakeConnect)
 {
 /*
- *  Connect user to Internet. This function is differ from Authorize() !!!
+ * Connect user to Internet. This function is differ from Authorize() !!!
  */
 
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (!fakeConnect)
     {
-    string scriptOnConnect = settings->GetScriptsDir() + "/OnConnect";
+    std::string scriptOnConnect = settings->GetScriptsDir() + "/OnConnect";
 
     if (access(scriptOnConnect.c_str(), X_OK) == 0)
         {
-        char dirsStr[DIR_NUM + 1];
-        dirsStr[DIR_NUM] = 0;
-        for (int i = 0; i < DIR_NUM; i++)
-            {
-            dirsStr[i] = enabledDirs[i] ? '1' : '0';
-            }
+        std::string dirs = dirsToString(enabledDirs);
 
-        string scriptOnConnectParams;
+        std::string scriptOnConnectParams;
         strprintf(&scriptOnConnectParams,
-                "%s \"%s\" \"%s\" \"%f\" \"%d\" \"%s\"",
-                scriptOnConnect.c_str(),
-                login.c_str(),
-                inet_ntostring(currIP).c_str(),
-                (double)cash,
-                id,
-                dirsStr);
+                  "%s \"%s\" \"%s\" \"%f\" \"%d\" \"%s\"",
+                  scriptOnConnect.c_str(),
+                  login.c_str(),
+                  inet_ntostring(currIP).c_str(),
+                  cash.ConstData(),
+                  id,
+                  dirs.c_str());
+
+        std::vector<std::string>::const_iterator it(settings->GetScriptParams().begin());
+        while (it != settings->GetScriptParams().end())
+            {
+            scriptOnConnectParams += " \"" + GetParamValue(it->c_str()) + "\"";
+            ++it;
+            }
 
         ScriptExec(scriptOnConnectParams.c_str());
         }
@@ -606,7 +628,7 @@ if (!fakeConnect)
     connected = true;
     }
 
-if (store->WriteUserConnect(login, currIP))
+if (!settings->GetDisableSessionLog() && store->WriteUserConnect(login, currIP))
     {
     WriteServLog("Cannot write connect for user %s.", login.c_str());
     WriteServLog("%s", store->GetStrError().c_str());
@@ -622,7 +644,7 @@ void USER_IMPL::Disconnect(bool fakeDisconnect, const std::string & reason)
  *  Disconnect user from Internet. This function is differ from UnAuthorize() !!!
  */
 
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (!lastIPForDisconnect)
     {
@@ -632,26 +654,29 @@ if (!lastIPForDisconnect)
 
 if (!fakeDisconnect)
     {
-    string scriptOnDisonnect = settings->GetScriptsDir() + "/OnDisconnect";
+    lastDisconnectReason = reason;
+    std::string scriptOnDisonnect = settings->GetScriptsDir() + "/OnDisconnect";
 
     if (access(scriptOnDisonnect.c_str(), X_OK) == 0)
         {
-        char dirsStr[DIR_NUM + 1];
-        dirsStr[DIR_NUM] = 0;
-        for (int i = 0; i < DIR_NUM; i++)
-            {
-            dirsStr[i] = enabledDirs[i] ? '1' : '0';
-            }
+        std::string dirs = dirsToString(enabledDirs);
 
-        string scriptOnDisonnectParams;
+        std::string scriptOnDisonnectParams;
         strprintf(&scriptOnDisonnectParams,
                 "%s \"%s\" \"%s\" \"%f\" \"%d\" \"%s\"",
                 scriptOnDisonnect.c_str(),
                 login.c_str(),
                 inet_ntostring(lastIPForDisconnect).c_str(),
-                (double)cash,
+                cash.ConstData(),
                 id,
-                dirsStr);
+                dirs.c_str());
+
+        std::vector<std::string>::const_iterator it(settings->GetScriptParams().begin());
+        while (it != settings->GetScriptParams().end())
+            {
+            scriptOnDisonnectParams += " \"" + GetParamValue(it->c_str()) + "\"";
+            ++it;
+            }
 
         ScriptExec(scriptOnDisonnectParams.c_str());
         }
@@ -663,7 +688,12 @@ if (!fakeDisconnect)
     connected = false;
     }
 
-if (store->WriteUserDisconnect(login, up, down, sessionUpload, sessionDownload, cash, freeMb, reason))
+std::string reasonMessage(reason);
+if (!lastDisconnectReason.empty())
+    reasonMessage += ": " + lastDisconnectReason;
+
+if (!settings->GetDisableSessionLog() && store->WriteUserDisconnect(login, up, down, sessionUpload, sessionDownload,
+                                                                    cash, freeMb, reasonMessage))
     {
     WriteServLog("Cannot write disconnect for user %s.", login.c_str());
     WriteServLog("%s", store->GetStrError().c_str());
@@ -672,52 +702,15 @@ if (store->WriteUserDisconnect(login, up, down, sessionUpload, sessionDownload,
 if (!fakeDisconnect)
     lastIPForDisconnect = 0;
 
-DIR_TRAFF zeroSesssion;
-
-sessionUpload = zeroSesssion;
-sessionDownload = zeroSesssion;
-}
-//-----------------------------------------------------------------------------
-void USER_IMPL::PrintUser() const
-{
-//return;
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-cout << "============================================================" << endl;
-cout << "id=" << id << endl;
-cout << "login=" << login << endl;
-cout << "password=" << password << endl;
-cout << "passive=" << passive << endl;
-cout << "disabled=" << disabled << endl;
-cout << "disabledDetailStat=" << disabledDetailStat << endl;
-cout << "alwaysOnline=" << alwaysOnline << endl;
-cout << "tariffName=" << tariffName << endl;
-cout << "address=" << address << endl;
-cout << "phone=" << phone << endl;
-cout << "email=" << email << endl;
-cout << "note=" << note << endl;
-cout << "realName=" <<realName << endl;
-cout << "group=" << group << endl;
-cout << "credit=" << credit << endl;
-cout << "nextTariff=" << nextTariff << endl;
-cout << "userdata0" << userdata0 << endl;
-cout << "userdata1" << userdata1 << endl;
-cout << "creditExpire=" << creditExpire << endl;
-cout << "ips=" << ips << endl;
-cout << "------------------------" << endl;
-cout << "up=" << up << endl;
-cout << "down=" << down << endl;
-cout << "cash=" << cash << endl;
-cout << "freeMb=" << freeMb << endl;
-cout << "lastCashAdd=" << lastCashAdd << endl;
-cout << "lastCashAddTime=" << lastCashAddTime << endl;
-cout << "passiveTime=" << passiveTime << endl;
-cout << "lastActivityTime=" << lastActivityTime << endl;
-cout << "============================================================" << endl;
+sessionUpload.Reset();
+sessionDownload.Reset();
+sessionUploadModTime = stgTime;
+sessionDownloadModTime = stgTime;
 }
 //-----------------------------------------------------------------------------
 void USER_IMPL::Run()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (stgTime > static_cast<time_t>(lastWriteStat + settings->GetStatWritePeriod()))
     {
@@ -743,13 +736,11 @@ if (passive.ConstData()
 if (!authorizedBy.empty())
     {
     if (connected)
-        {
         property.Stat().lastActivityTime = stgTime;
-        }
+
     if (!connected && IsInetable())
-        {
         Connect();
-        }
+
     if (connected && !IsInetable())
         {
         if (disabled)
@@ -769,17 +760,14 @@ if (!authorizedBy.empty())
 else
     {
     if (connected)
-        {
         Disconnect(false, "not authorized");
-        }
     }
 
 }
 //-----------------------------------------------------------------------------
 void USER_IMPL::UpdatePingTime(time_t t)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-//printfd(__FILE__, "UpdatePingTime(%d) %s\n", t, login.c_str());
+STG_LOCKER lock(&mutex);
 if (t)
     pingTime = t;
 else
@@ -788,8 +776,6 @@ else
 //-----------------------------------------------------------------------------
 bool USER_IMPL::IsInetable()
 {
-//STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-
 if (disabled || passive)
     return false;
 
@@ -800,21 +786,14 @@ if (settings->GetFreeMbAllowInet())
     }
 
 if (settings->GetShowFeeInCash() || tariff == NULL)
-    {
     return (cash >= -credit);
-    }
 
 return (cash - tariff->GetFee() >= -credit);
 }
 //-----------------------------------------------------------------------------
-string USER_IMPL::GetEnabledDirs()
+std::string USER_IMPL::GetEnabledDirs() const
 {
-//STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-
-string dirs = "";
-for(int i = 0; i < DIR_NUM; i++)
-    dirs += enabledDirs[i] ? "1" : "0";
-return dirs;
+return dirsToString(enabledDirs);
 }
 //-----------------------------------------------------------------------------
 #ifdef TRAFF_STAT_WITH_PORTS
@@ -823,7 +802,7 @@ void USER_IMPL::AddTraffStatU(int dir, uint32_t ip, uint16_t port, uint32_t len)
 void USER_IMPL::AddTraffStatU(int dir, uint32_t ip, uint32_t len)
 #endif
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (!connected || tariff == NULL)
     return;
@@ -837,10 +816,10 @@ int64_t threshold = tariff->GetThreshold(dir) * 1024 * 1024;
 dt[dir] += len;
 
 int tt = tariff->GetTraffType();
-if (tt == TRAFF_UP ||
-    tt == TRAFF_UP_DOWN ||
+if (tt == TARIFF::TRAFF_UP ||
+    tt == TARIFF::TRAFF_UP_DOWN ||
     // Check NEW traff data
-    (tt == TRAFF_MAX && dt[dir] > down.ConstData()[dir]))
+    (tt == TARIFF::TRAFF_MAX && dt[dir] > down.ConstData()[dir]))
     {
     double dc = 0;
     if (traff < threshold &&
@@ -881,6 +860,7 @@ if (tt == TRAFF_UP ||
 
 up = dt;
 sessionUpload[dir] += len;
+sessionUploadModTime = stgTime;
 
 //Add detailed stat
 
@@ -894,13 +874,13 @@ IP_DIR_PAIR idp(ip, dir, port);
 IP_DIR_PAIR idp(ip, dir);
 #endif
 
-map<IP_DIR_PAIR, STAT_NODE>::iterator lb;
+std::map<IP_DIR_PAIR, STAT_NODE>::iterator lb;
 lb = traffStat.lower_bound(idp);
 if (lb == traffStat.end() || lb->first != idp)
     {
     traffStat.insert(lb,
-                     pair<IP_DIR_PAIR, STAT_NODE>(idp,
-                                                  STAT_NODE(len, 0, cost)));
+                     std::make_pair(idp,
+                                    STAT_NODE(len, 0, cost)));
     }
 else
     {
@@ -915,7 +895,7 @@ void USER_IMPL::AddTraffStatD(int dir, uint32_t ip, uint16_t port, uint32_t len)
 void USER_IMPL::AddTraffStatD(int dir, uint32_t ip, uint32_t len)
 #endif
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (!connected || tariff == NULL)
     return;
@@ -929,10 +909,10 @@ int64_t threshold = tariff->GetThreshold(dir) * 1024 * 1024;
 dt[dir] += len;
 
 int tt = tariff->GetTraffType();
-if (tt == TRAFF_DOWN ||
-    tt == TRAFF_UP_DOWN ||
+if (tt == TARIFF::TRAFF_DOWN ||
+    tt == TARIFF::TRAFF_UP_DOWN ||
     // Check NEW traff data
-    (tt == TRAFF_MAX && up.ConstData()[dir] <= dt[dir]))
+    (tt == TARIFF::TRAFF_MAX && up.ConstData()[dir] <= dt[dir]))
     {
     double dc = 0;
     if (traff < threshold &&
@@ -972,6 +952,7 @@ if (tt == TRAFF_DOWN ||
 
 down = dt;
 sessionDownload[dir] += len;
+sessionDownloadModTime = stgTime;
 
 //Add detailed stat
 
@@ -985,13 +966,13 @@ IP_DIR_PAIR idp(ip, dir, port);
 IP_DIR_PAIR idp(ip, dir);
 #endif
 
-map<IP_DIR_PAIR, STAT_NODE>::iterator lb;
+std::map<IP_DIR_PAIR, STAT_NODE>::iterator lb;
 lb = traffStat.lower_bound(idp);
 if (lb == traffStat.end() || lb->first != idp)
     {
     traffStat.insert(lb,
-                     pair<IP_DIR_PAIR, STAT_NODE>(idp,
-                                                  STAT_NODE(0, len, cost)));
+                     std::make_pair(idp,
+                                    STAT_NODE(0, len, cost)));
     }
 else
     {
@@ -1000,67 +981,63 @@ else
     }
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::AddCurrIPBeforeNotifier(PROPERTY_NOTIFIER_BASE<uint32_t> * n)
+void USER_IMPL::AddCurrIPBeforeNotifier(CURR_IP_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-currIP.AddBeforeNotifier(n);
+STG_LOCKER lock(&mutex);
+currIP.AddBeforeNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::DelCurrIPBeforeNotifier(PROPERTY_NOTIFIER_BASE<uint32_t> * n)
+void USER_IMPL::DelCurrIPBeforeNotifier(const CURR_IP_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-currIP.DelBeforeNotifier(n);
+STG_LOCKER lock(&mutex);
+currIP.DelBeforeNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::AddCurrIPAfterNotifier(PROPERTY_NOTIFIER_BASE<uint32_t> * n)
+void USER_IMPL::AddCurrIPAfterNotifier(CURR_IP_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-currIP.AddAfterNotifier(n);
+STG_LOCKER lock(&mutex);
+currIP.AddAfterNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::DelCurrIPAfterNotifier(PROPERTY_NOTIFIER_BASE<uint32_t> * n)
+void USER_IMPL::DelCurrIPAfterNotifier(const CURR_IP_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-currIP.DelAfterNotifier(n);
+STG_LOCKER lock(&mutex);
+currIP.DelAfterNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::AddConnectedBeforeNotifier(PROPERTY_NOTIFIER_BASE<bool> * n)
+void USER_IMPL::AddConnectedBeforeNotifier(CONNECTED_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-connected.AddBeforeNotifier(n);
+STG_LOCKER lock(&mutex);
+connected.AddBeforeNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::DelConnectedBeforeNotifier(PROPERTY_NOTIFIER_BASE<bool> * n)
+void USER_IMPL::DelConnectedBeforeNotifier(const CONNECTED_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-connected.DelBeforeNotifier(n);
+STG_LOCKER lock(&mutex);
+connected.DelBeforeNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::AddConnectedAfterNotifier(PROPERTY_NOTIFIER_BASE<bool> * n)
+void USER_IMPL::AddConnectedAfterNotifier(CONNECTED_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-connected.AddAfterNotifier(n);
+STG_LOCKER lock(&mutex);
+connected.AddAfterNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
-void USER_IMPL::DelConnectedAfterNotifier(PROPERTY_NOTIFIER_BASE<bool> * n)
+void USER_IMPL::DelConnectedAfterNotifier(const CONNECTED_NOTIFIER * notifier)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-connected.DelAfterNotifier(n);
+STG_LOCKER lock(&mutex);
+connected.DelAfterNotifier(notifier);
 }
 //-----------------------------------------------------------------------------
 void USER_IMPL::OnAdd()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
-string scriptOnAdd = settings->GetScriptsDir() + "/OnUserAdd";
+std::string scriptOnAdd = settings->GetScriptsDir() + "/OnUserAdd";
 
 if (access(scriptOnAdd.c_str(), X_OK) == 0)
     {
-    string scriptOnAddParams;
-    strprintf(&scriptOnAddParams,
-            "%s \"%s\"",
-            scriptOnAdd.c_str(),
-            login.c_str());
+    std::string scriptOnAddParams = scriptOnAdd + " \"" + login + "\"";
 
     ScriptExec(scriptOnAddParams.c_str());
     }
@@ -1072,17 +1049,13 @@ else
 //-----------------------------------------------------------------------------
 void USER_IMPL::OnDelete()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
-string scriptOnDel = settings->GetScriptsDir() + "/OnUserDel";
+std::string scriptOnDel = settings->GetScriptsDir() + "/OnUserDel";
 
 if (access(scriptOnDel.c_str(), X_OK) == 0)
     {
-    string scriptOnDelParams;
-    strprintf(&scriptOnDelParams,
-            "%s \"%s\"",
-            scriptOnDel.c_str(),
-            login.c_str());
+    std::string scriptOnDelParams = scriptOnDel + " \"" + login + "\"";
 
     ScriptExec(scriptOnDelParams.c_str());
     }
@@ -1113,7 +1086,7 @@ if (!traffStatSaved.second.empty())
 TRAFF_STAT ts;
 
     {
-    STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+    STG_LOCKER lock(&mutex);
     ts.swap(traffStat);
     }
 
@@ -1129,7 +1102,7 @@ if (ts.size() && !disabledDetailStat)
         if (!hard)
             {
             printfd(__FILE__, "USER::WriteDetailStat() - pushing detail stat to queue\n");
-            STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+            STG_LOCKER lock(&mutex);
             traffStatSaved.second.swap(ts);
             traffStatSaved.first = lastWriteDetailedStat;
             }
@@ -1142,7 +1115,7 @@ return 0;
 //-----------------------------------------------------------------------------
 double USER_IMPL::GetPassiveTimePart() const
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 static int daysInMonth[12] =
 {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
@@ -1159,30 +1132,31 @@ if (tms.tm_year % 4 == 0 && tms.tm_mon == 1)
     secMonth += 24 * 3600;
     }
 
-int dt = secMonth - passiveTime;
+time_t dt = secMonth - passiveTime;
 
 if (dt < 0)
     dt = 0;
 
-return double(dt) / (secMonth);
+return static_cast<double>(dt) / secMonth;
 }
 //-----------------------------------------------------------------------------
 void USER_IMPL::SetPassiveTimeAsNewUser()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 time_t t = stgTime;
 struct tm tm;
 localtime_r(&t, &tm);
 int daysCurrMon = DaysInCurrentMonth();
-double pt = (tm.tm_mday - 1) / (double)daysCurrMon;
+double pt = tm.tm_mday - 1;
+pt /= daysCurrMon;
 
-passiveTime = (time_t)(pt * 24 * 3600 * daysCurrMon);
+passiveTime = static_cast<time_t>(pt * 24 * 3600 * daysCurrMon);
 }
 //-----------------------------------------------------------------------------
 void USER_IMPL::MidnightResetSessionStat()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (connected)
     {
@@ -1193,29 +1167,23 @@ if (connected)
 //-----------------------------------------------------------------------------
 void USER_IMPL::ProcessNewMonth()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 //  Reset traff
 if (connected)
-    {
     Disconnect(true, "fake");
-    }
-DIR_TRAFF zeroTarff;
 
 WriteMonthStat();
 
-up = zeroTarff;
-down = zeroTarff;
+property.Stat().monthUp.Reset();
+property.Stat().monthDown.Reset();
 
 if (connected)
-    {
     Connect(true);
-    }
 
 //  Set new tariff
 if (nextTariff.ConstData() != "")
     {
-    const TARIFF * nt;
-    nt = tariffs->FindByName(nextTariff);
+    const TARIFF * nt = tariffs->FindByName(nextTariff);
     if (nt == NULL)
         {
         WriteServLog("Cannot change tariff for user %s. Tariff %s not exist.",
@@ -1223,8 +1191,17 @@ if (nextTariff.ConstData() != "")
         }
     else
         {
-        property.tariffName.Set(nextTariff, sysAdmin, login, store);
-        //tariff = nt;
+        std::string message = tariff->TariffChangeIsAllowed(*nt, stgTime);
+        if (message.empty())
+            {
+            property.tariffName.Set(nextTariff, sysAdmin, login, store);
+            }
+        else
+            {
+            WriteServLog("Tariff change is prohibited for user %s. %s",
+                         login.c_str(),
+                         message.c_str());
+            }
         }
     ResetNextTariff();
     WriteConf();
@@ -1233,14 +1210,17 @@ if (nextTariff.ConstData() != "")
 //-----------------------------------------------------------------------------
 void USER_IMPL::ProcessDayFeeSpread()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (passive.ConstData() || tariff == NULL)
     return;
 
+if (tariff->GetPeriod() != TARIFF::MONTH)
+    return;
+
 double fee = tariff->GetFee() / DaysInCurrentMonth();
 
-if (fee == 0.0)
+if (std::fabs(fee) < 1.0e-3)
     return;
 
 double c = cash;
@@ -1267,11 +1247,14 @@ ResetPassiveTime();
 //-----------------------------------------------------------------------------
 void USER_IMPL::ProcessDayFee()
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (tariff == NULL)
     return;
 
+if (tariff->GetPeriod() != TARIFF::MONTH)
+    return;
+
 double passiveTimePart = 1.0;
 if (!settings->GetFullFee())
     {
@@ -1289,7 +1272,7 @@ double fee = tariff->GetFee() * passiveTimePart;
 
 ResetPassiveTime();
 
-if (fee == 0.0)
+if (std::fabs(fee) < 1.0e-3)
     {
     SetPrepaidTraff();
     return;
@@ -1333,6 +1316,39 @@ switch (settings->GetFeeChargeType())
     }
 }
 //-----------------------------------------------------------------------------
+void USER_IMPL::ProcessDailyFee()
+{
+STG_LOCKER lock(&mutex);
+
+if (passive.ConstData() || tariff == NULL)
+    return;
+
+if (tariff->GetPeriod() != TARIFF::DAY)
+    return;
+
+double fee = tariff->GetFee();
+
+if (fee == 0.0)
+    return;
+
+double c = cash;
+switch (settings->GetFeeChargeType())
+    {
+    case 0:
+        property.cash.Set(c - fee, sysAdmin, login, store, "Subscriber fee charge");
+        break;
+    case 1:
+        if (c + credit >= 0)
+            property.cash.Set(c - fee, sysAdmin, login, store, "Subscriber fee charge");
+        break;
+    case 2:
+        if (c + credit >= fee)
+            property.cash.Set(c - fee, sysAdmin, login, store, "Subscriber fee charge");
+        break;
+    }
+ResetPassiveTime();
+}
+//-----------------------------------------------------------------------------
 void USER_IMPL::SetPrepaidTraff()
 {
 if (tariff != NULL)
@@ -1341,7 +1357,7 @@ if (tariff != NULL)
 //-----------------------------------------------------------------------------
 int USER_IMPL::AddMessage(STG_MSG * msg)
 {
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
 
 if (SendMessage(*msg))
     {
@@ -1361,9 +1377,9 @@ else
         msg->header.repeat--;
         #ifndef DEBUG
         //TODO: gcc v. 4.x generate ICE on x86_64
-        msg->header.lastSendTime = time(NULL);
+        msg->header.lastSendTime = static_cast<int>(time(NULL));
         #else
-        msg->header.lastSendTime = stgTime;
+        msg->header.lastSendTime = static_cast<int>(stgTime);
         #endif
         if (store->AddMessage(msg, login))
             {
@@ -1382,7 +1398,7 @@ int USER_IMPL::SendMessage(STG_MSG & msg) const
 {
 // No lock `cause we are already locked from caller
 int ret = -1;
-set<const AUTH*>::iterator it(authorizedBy.begin());
+std::set<const AUTH*>::iterator it(authorizedBy.begin());
 while (it != authorizedBy.end())
     {
     if (!(*it++)->SendMessage(msg, currIP))
@@ -1392,9 +1408,9 @@ if (!ret)
     {
 #ifndef DEBUG
     //TODO: gcc v. 4.x generate ICE on x86_64
-    msg.header.lastSendTime = time(NULL);
+    msg.header.lastSendTime = static_cast<int>(time(NULL));
 #else
-    msg.header.lastSendTime = stgTime;
+    msg.header.lastSendTime = static_cast<int>(stgTime);
 #endif
     msg.header.repeat--;
     }
@@ -1455,6 +1471,28 @@ while (it != messages.end())
     }
 }
 //-----------------------------------------------------------------------------
+std::string USER_IMPL::GetParamValue(const std::string & name) const
+{
+    std::string lowerName = ToLower(name);
+    if (lowerName == "id")
+        {
+        std::ostringstream stream;
+        stream << id;
+        return stream.str();
+        }
+    if (lowerName == "login")       return login;
+    if (lowerName == "currip")      return currIP.ToString();
+    if (lowerName == "enableddirs") return GetEnabledDirs();
+    if (lowerName == "tariff")      return property.tariffName;
+    if (property.Exists(lowerName))
+        return property.GetPropertyValue(lowerName);
+    else
+        {
+        WriteServLog("User’s parameter '%s' does not exist.", name.c_str());
+        return "";
+        }
+}
+//-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
 void CHG_PASSIVE_NOTIFIER::Notify(const int & oldPassive, const int & newPassive)
@@ -1470,25 +1508,25 @@ if (newPassive && !oldPassive && user->tariff != NULL)
 void CHG_DISABLED_NOTIFIER::Notify(const int & oldValue, const int & newValue)
 {
 if (oldValue && !newValue && user->GetConnected())
-    {
     user->Disconnect(false, "disabled");
-    }
 else if (!oldValue && newValue && user->IsInetable())
-    {
     user->Connect(false);
-    }
-
 }
 //-----------------------------------------------------------------------------
-void CHG_TARIFF_NOTIFIER::Notify(const string &, const string & newTariff)
+void CHG_TARIFF_NOTIFIER::Notify(const std::string &, const std::string & newTariff)
 {
+STG_LOCKER lock(&user->mutex);
 if (user->settings->GetReconnectOnTariffChange() && user->connected)
     user->Disconnect(false, "Change tariff");
 user->tariff = user->tariffs->FindByName(newTariff);
 if (user->settings->GetReconnectOnTariffChange() &&
     !user->authorizedBy.empty() &&
     user->IsInetable())
+    {
+    // This notifier gets called *before* changing the tariff, and in Connect we want to see new tariff name.
+    user->property.Conf().tariffName = newTariff;
     user->Connect(false);
+    }
 }
 //-----------------------------------------------------------------------------
 void CHG_CASH_NOTIFIER::Notify(const double & oldCash, const double & newCash)
@@ -1499,10 +1537,9 @@ user->lastCashAdd = newCash - oldCash;
 //-----------------------------------------------------------------------------
 void CHG_IPS_NOTIFIER::Notify(const USER_IPS & from, const USER_IPS & to)
 {
-    printfd(__FILE__, "Change IP from '%s' to '%s'\n", from.GetIpStr().c_str(), to.GetIpStr().c_str());
-    if (user->connected)
-        user->Disconnect(false, "Change IP");
-    if (!user->authorizedBy.empty() && user->IsInetable())
-        user->Connect(false);
+printfd(__FILE__, "Change IP from '%s' to '%s'\n", from.GetIpStr().c_str(), to.GetIpStr().c_str());
+if (user->connected)
+    user->Disconnect(false, "Change IP");
+if (!user->authorizedBy.empty() && user->IsInetable())
+    user->Connect(false);
 }
-//-----------------------------------------------------------------------------