[PATCH] Added support for tracking timestamp of names linked by IP

[Izzy Blacklock <izzyb@xxxxxxxxxxxxxxx>]

The timestamp of the connect times is now recorded in its original
string and epoch seconds.
The names linked by ip are now flagged in the IP links list at the
bottom of the report.
**username** less then 5 min between connections
*username* between 5 min and 10 min between connections

It only checks the last connections for each user currently.
This will help identify links that aren't simply someone got the same ip
---
 report | 108 ++++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 68 insertions(+), 40 deletions(-)
 mode change 100644 => 100755 report

diff --git a/report b/report
old mode 100644
new mode 100755
index 0787940..b75a4b8
--- a/report
+++ b/report
@@ -25,46 +25,61 @@ sub debug {
 	if ($verbose >= $level) { print "$msg\n"; }
 }
 
-# 
+# location of local modules
 use lib './';
 
+# Date string to epock used in init_ip_xref
+use Date::Parse;
+
 my ($ipTable, $nameTable) = init_ip_xref();
 
 while (my $username = shift) {  #param 1 should be the name of a user to generate a report from.
-		my $dbFile = '/var/www/botnow/botnow.db';
-		my $dbh = connectdb($dbFile);
-		if (!defined($dbh))  {
-			die "failed to connect to $dbFile";
-		}
-		my $stmt=qq{select * from bnc join irc on (bnc.ircid = irc.id) where username is ?};
-		my $sth=$dbh->prepare($stmt);
-		$sth->execute($username) or die "execution failed: $dbh->errstr()"; 
-		while (my $row=$sth->fetchrow_hashref) {
-			my $dossier =qq{
-		Username: $row->{username}
-		Email Address: $row->{email}
-		$row->{hostmask}
-		$row->{ctcpversion}
-		$row->{ctcptime}
-		Registration Date: $row->{date}
-		};
-			print $dossier;
-			print "Same Email [" 
-				. join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where email = ?\,undef,$row->{email})})
-				. "]\n";
-			print "Same Date ["
-				. join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where date = ?\,undef,$row->{date})})
-				. "]\n";
-			print "Same Hostmask ["
-				. join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where hostmask = ?\,undef,$row->{hostmask})})
-				. "]\n";
-			print Dumper($row);
-			print "Frequency of connections from: \n" . Dumper($nameTable->{$username});
-			print "Other Users connecting from: \n";
-			foreach(keys(%{$nameTable->{$username}})) {
-				print "$_ =>[" . join (', ', keys(%{$ipTable->{$_}})) . "]\n";
+	my $dbFile = '/var/www/botnow/botnow.db';
+	my $dbh = connectdb($dbFile);
+	if (!defined($dbh))  {
+		die "failed to connect to $dbFile";
+	}
+	my $stmt=qq{select * from bnc join irc on (bnc.ircid = irc.id) where username is ?};
+	my $sth=$dbh->prepare($stmt);
+	$sth->execute($username) or die "execution failed: $dbh->errstr()"; 
+	while (my $row=$sth->fetchrow_hashref) {
+		my $dossier =qq{
+Username: $row->{username}
+Email Address: $row->{email}
+$row->{hostmask}
+$row->{ctcpversion}
+$row->{ctcptime}
+Registration Date: $row->{date}
+	};
+		print $dossier;
+		print "Same Email [" 
+			. join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where email = ?\,undef,$row->{email})})
+			. "]\n";
+		print "Same Date ["
+			. join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where date = ?\,undef,$row->{date})})
+			. "]\n";
+		print "Same Hostmask ["
+			. join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where hostmask = ?\,undef,$row->{hostmask})})
+			. "]\n";
+		print Dumper($row);
+		print "Frequency of connections from: \n" . Dumper($nameTable->{$username});
+		print "Other Users connecting from: \n";
+		foreach my $ip (keys(%{$nameTable->{$username}})) {
+			my $thisLastConnect = @{ $nameTable->{ $row->{username} }->{$ip}->{epoch} }[-1];
+			print "$ip =>[";
+			foreach my $link (keys(%{ $ipTable->{$ip} })) {
+				my $linkLastConnect = @{ $nameTable->{$link}->{$ip}->{epoch} }[-1];
+				if (abs($thisLastConnect - $linkLastConnect) < 300) { # les then 5 min
+					print "**$link**, ";
+				} elsif (abs($thisLastConnect - $linkLastConnect) < 600) { # less then 10 min
+					print "*$link*, ";
+				} else {
+					print "$link, ";
+				}
 			}
+			print "]\n";
 		}
+	}
 }
 
 
@@ -97,23 +112,36 @@ sub init_ip_xref {
 	my $usernames2ip={};
 	open my $zncLog, '<', '/home/znc/home/znc/.znc/moddata/adminlog/znc.log' or die "Can't open znc log file";
 	while (my $line = <$zncLog>) {
-			if( $line =~/.*\[(.*)\] connected to ZNC from (.*)/) {
-					my $name=$1;
-					my $ip=$2;
+			if( $line =~/\[(.*)\].*\[(.*)\] connected to ZNC from (.*)/) {
+					my $timestamp=$1;
+					my $name=$2;
+					my $ip=$3;
 					if (!defined($ip2usernames->{$ip})) {
 						$ip2usernames->{$ip} = {};
 					}
 					if (!defined($ip2usernames->{$name})) {
-						$ip2usernames->{$ip}->{$name}=0;
+						$ip2usernames->{$ip}->{$name}={};
+						$ip2usernames->{$ip}->{$name}->{count}=0;
+						$ip2usernames->{$ip}->{$name}->{timestamps}=[];
+						$ip2usernames->{$ip}->{$name}->{epoch}=[];
+
 					}
-					$ip2usernames->{$ip}->{$name}++;
+					$ip2usernames->{$ip}->{$name}->{count}++;
+					push (@{$ip2usernames->{$ip}->{$name}->{timestamps}}, $timestamp);
+					push (@{$ip2usernames->{$ip}->{$name}->{epoch}}, str2time($timestamp));
+
 					if (!defined($usernames2ip->{$name})) {
 						$usernames2ip->{$name}={};
 					}
 					if (!defined($usernames2ip->{$name}->{$ip})) {
-						$usernames2ip->{$name}->{$ip}=0;
+						$usernames2ip->{$name}->{$ip}={};
+						$usernames2ip->{$name}->{$ip}->{count}=0;
+						$usernames2ip->{$name}->{$ip}->{timestamps}=[];
+						$usernames2ip->{$name}->{$ip}->{epoch}=[];
 					}
-					$usernames2ip->{$name}->{$ip}++;
+					$usernames2ip->{$name}->{$ip}->{count}++;
+					push (@{$usernames2ip->{$name}->{$ip}->{timestamps}}, $timestamp);
+					push (@{$usernames2ip->{$name}->{$ip}->{epoch}}, str2time($timestamp));
 			}
 	}
 	close $zncLog;
-- 
2.37.3