IF setconsole("hide")
  ENDIF
;
;     NT/95 last logon message - Kixtart 3.62, 3.63, 4.00
;
; (c) scripting@wanadoo.nl - 2000, 2001
;
;     vs 2.02 - program
;
;     1.00  (20000615)     original version.
;                          - special variables:
;                             $logon_server="IT company"
;                             $user_drive="s:"
;                          - special file:
;                             $user_drive+"\logon.lst" (file.attributes: hidden/read-only/system)
;     2.00  (20010401)     - kixtart 2001 beta1 compliancy.
;                          - add user information about output generation.
;                          - add $debug_mode which will not open a messagebox.
;                          - workaround for timingsproblem between writeprofilestring
;                            & setfileattr commands.
;     2.01  (20010701)     - using %tmp% value.
;     2.02  (20011120)     - layout correction.
;
  $prgrm_version="2.02"
  ;
  $time_start=@time
  ;
  $tmp_directory=ExpandEnvironmentVars("%tmp%")
  IF (substr($tmp_directory,len($tmp_directory),1) = "\")
    $tmp_directory=substr($tmp_directory,1,len($tmp_directory)-1)
  ENDIF
  ;
  $cr=CHR(10)
  $lf=CHR(13)
  $eol=$lf ; - $cr+$lf -

; ---------------------------------------------------------------------------
; - site defined settings                                                   -
; ---------------------------------------------------------------------------

  $debug_mode="yes"          ; - no/yes -
  $logon_server="IT company" ; - servername -
  $user_drive="c:"           ; - variable used by calculation of possible missing "$user" value -

; ---------------------------------------------------------------------------
; -                                                                         -
; ---------------------------------------------------------------------------

  IF (@inwin = 1)
    $NT_mode="yes"
  ELSE
    $NT_mode="no"
  ENDIF
  IF (len(@ipaddress0) = 0)
    $offline_mode="yes"
  ELSE
    $offline_mode="no"
  ENDIF

; --------------------------------------------------------------------------
; -                                                                        -
; --------------------------------------------------------------------------

  $domain=""
  $ldomain=""
  IF ($NT_mode = "yes")
    $ikey="HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
    IF (ExistKey($ikey) = 0)
      $domain=ReadValue($ikey, "DefaultDomainName")
    ENDIF
    $ikey="HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
    IF (ExistKey($ikey) = 0)
      $ldomain=ReadValue($ikey, "CachePrimaryDomain")
    ENDIF
  ELSE
    $ikey="HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSNP2\NetworkProvider"
    IF (ExistKey($ikey) = 0)
      $domain=ReadValue($ikey, "AuthenticatingAgent")
    ENDIF
    $ikey="HKEY_LOCAL_MACHINE\Security\Provider"
    IF (ExistKey($ikey) = 0)
      $ldomain=ReadValue($ikey, "Container")
    ENDIF
  ENDIF
  IF (len($domain) = 0)
    IF (len(@ldomain) <> 0)
      $domain=@ldomain
    ELSE
      $domain=@domain
    ENDIF
    IF (len($domain) = 0)
      $domain="~domain" ; - unknown @domain/@ldomain value -
    ENDIF
  ENDIF
  IF (len($ldomain) = 0)
    $ldomain=$domain
  ENDIF
  ;
  break off
  MD $tmp_directory
  IF (@error = 0)
  ENDIF
  IF ($debug_mode <> "yes")
    IF (RedirectOutput("nul",1) = 0)
    ENDIF
  ENDIF
  flushkb

  IF ($NT_mode = "yes")
    $time_stop=@time
    $log_info="Kixtart-LOG "+$prgrm_version+" script started"
    $log_info=$log_info+" for '"+LCASE(@userid)+"'"
    $log_info=$log_info+" ("+$time_start+" - '"+@ipaddress0+"')"
    IF logevent(0, 1, $log_info, "", "Kixtart LOG @kix")
    ENDIF
  ENDIF
  ;
  IF setconsole("hide")
  ENDIF

; --------------------------------------------------------------------------
; - special variables settings                                             -
; --------------------------------------------------------------------------

  $section=substr(@date,1,4)
  IF (@ydayno < 10)
    $section=$section+"00"+@ydayno
  ELSE
    IF (@ydayno < 100)
      $section=$section+"0"+@ydayno
    ELSE
      $section=$section+@ydayno
    ENDIF
  ENDIF
  $key=$section+"_"
  $key=$key+substr(@date,3,2)+substr(@date,6,2)+substr(@date,9,2)
  $key=$key+"_"
  $key=$key+@time
  $key=$key+" "+$domain

  $x=""
  $tmp=""
  $tmp_short=""

  IF (len(@ipaddress0) = 0)
    $offline_mode="yes"
    IF ($NT_mode = "yes")
      $x=$x+"(NT - vs "+$prgrm_version+" - off-line          )"
    ELSE
      $x=$x+"(95 - vs "+$prgrm_version+" - off-line          )"
    ENDIF
  ELSE
    $offline_mode="no"
    IF (len(@lserver) = 0)
      $lserver="~lserver  "
    ELSE
      $lserver=@lserver ; - \\spln99999 -
    ENDIF
    IF (LCASE($domain) = LCASE($ldomain))
      IF ($NT_mode = "yes")
        $x=$x+"(NT - vs "+$prgrm_version+" L $domain $lserver)"
      ELSE
        $x=$x+"(95 - vs "+$prgrm_version+" L $domain $lserver)"
      ENDIF
    ELSE
      IF ($NT_mode = "yes")
        $x=$x+"(NT - vs "+$prgrm_version+" - $domain $lserver)"
      ELSE
        $x=$x+"(95 - vs "+$prgrm_version+" - $domain $lserver)"
      ENDIF
    ENDIF
  ENDIF
  $tmp_short=$x

  IF (len(@ipaddress0) = 15)
    $i=1
    $ip_old=@ipaddress0
    $ip_new=""
    DO
      IF (substr($ip_old,$i,1) <> " ")
        $ip_new=$ip_new+substr($ip_old,$i,1)
      ELSE
        $ip_new=$ip_new+"0"
      ENDIF
      $i=$i+1
    UNTIL ($i > 15)
  ELSE
    $ip_new="xxx.xxx.xxx.xxx"
  ENDIF
  $x=$x+" "+$ip_new

  IF (len(@address) = 0)
    $address="xxxxxxxxxxxx"
  ELSE
    $address=@address
  ENDIF
  $x=$x+" "+$address

  $user=""
  IF ($NT_mode = "yes")
    $ikey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
    IF (ExistKey($ikey) = 0)
      $user=ReadValue($ikey, "DefaultUserName")
    ENDIF
  ELSE
    $ikey="HKEY_LOCAL_MACHINE\System\CurrentControlSet\control"
    IF (ExistKey($ikey) = 0)
      $user=ReadValue($ikey, "Current User")
    ENDIF
  ENDIF
  IF (len($user) = 0)
    $user=@userid
    IF (len($user) = 0)
      $user="~user"
    ENDIF
  ENDIF
  $x=$x+" "+$user
  $tmp_short=$tmp_short+" "+$user

  IF (len(@wksta) = 0)
    $x=$x+" ~wksta"
    $tmp_short=$tmp_short+" ~wksta"
  ELSE
    $x=$x+" "+@wksta
    $tmp_short=$tmp_short+" "+@wksta
  ENDIF
  IF (len(@fullname) = 0)
    IF (len(@comment) = 0)
      $x=$x+" ('~fullname')"
    ELSE
      $x=$x+" ('~fullname'+'"+@comment+"')"
    ENDIF
    $tmp_short=$tmp_short+" '~fullname'"
    $fullname=$user
  ELSE
    IF (len(@comment) = 0)
      $x=$x+" ('@fullname')"
    ELSE
      $x=$x+" ('"+@fullname+"'+'"+@comment+"')"
    ENDIF
    $tmp_short=$tmp_short+" '"+@fullname+"'"
    $fullname=$user
  ENDIF
  ;
  $admin_user="no"
  IF (INGROUP("Administrators") = 1) OR (INGROUP("Administrators") = 2)
    $admin_user="yes"
  ENDIF
  IF (INGROUP("Domain Admins") = 1) OR (INGROUP("Domain Admins") = 2)
    $admin_user="yes"
  ENDIF

  $tmp=$x

; --------------------------------------------------------------------------
; - get last user logon information                                        -
; --------------------------------------------------------------------------

  $last_logon_message="Last logon by '"+$fullname+"' at "+LCASE(@day)+" "+@mdayno+"-"+LCASE(substr(@month,1,3))+"-"+@year+" "+@time
  $last_workstation=  "Location   pc '"+UCASE(@wksta)+"' of domain '"+UCASE($domain)+"'"
  $previous_logon_message="<unknown>"
  $previous_workstation="<unknown>"
  ;
  $filename=$user_drive+"\logon.lst"
  $fileattr="<unknown>"
  $filesize="<unknown>"
  IF (exist($filename) = 1)
    $fileattr=GetFileAttr($filename)
    $filesize=GetFileSize($filename)
    IF (setfileattr($filename, 128) <> 0)
      ? "error @error: @serror"
    ENDIF
    $previous_logon_message=readprofilestring($filename, "last logon", "user")
    $previous_workstation=readprofilestring($filename, "last logon", "workstation")
    del $filename
  ENDIF
  IF ($debug_mode = "yes")
    ? " KIX-LOGON              "+@kix
    ?
    ? " file                   "+$filename
    ? " file attributes        "+$fileattr
    ? " file size              "+$filesize
    ?
    ? " previous_logon_message "+$previous_logon_message
    ? " previous_workstation   "+$previous_workstation
    ?
    ? " last_logon_message     "+$last_logon_message
    ? " last_workstation       "+$last_workstation
  ENDIF
  IF (writeprofilestring($filename, "last logon", "user", $last_logon_message) <> 0)
    ? "error @error: @serror"
  ENDIF
  IF (writeprofilestring($filename, "last logon", "workstation", $last_workstation) <> 0)
    ? "error @error: @serror"
  ENDIF
  IF (exist($filename) = 1)
    IF (setfileattr($filename, 7) <> 0) ; -RHS-
      ? "error @error: @serror"
    ENDIF
  ENDIF
  ;
  IF (exist($filename) = 1)
    IF (len($previous_logon_message) = 0)
      $previous_logon_message="<unknown>"
    ENDIF
  ENDIF
  ;
  IF ($previous_logon_message <> "<unknown>")
    $msg=     "Welcome to "+$logon_server+" network"+$lf
    $msg=$msg+$lf
    $msg=$msg+$lf
    $msg=     "Note: internal systems must be used only for con-"+$lf
    $msg=$msg+"      ducting business, or for purpose authorized"+$lf
    $msg=$msg+"      by management."+$lf
    $msg=$msg+$lf
    $msg=$msg+"Use is subject to audit at any time by management."+$lf
    $msg=$msg+$lf
    $msg=$msg+$lf
    $msg=$msg+$previous_logon_message+$lf
    IF ($admin_user = "yes")
      $msg=$msg+$lf
      $msg=$msg+$previous_workstation
    ENDIF
    ;
    IF ($debug_mode <> "yes")
      IF (MessageBox($msg, $logon_server, 64, 10) <> 0)
      ENDIF
    ENDIF
  ENDIF

; --------------------------------------------------------------------------
; - end                                                                    -
; --------------------------------------------------------------------------

:end_script
  $time_stop=@time
  IF ($NT_mode = "yes")
    $log_info="Kixtart-LOG "+$prgrm_version+" script completed successfully"
    $log_info=$log_info+" for '"+LCASE($user)+"' "+UCASE($domain)
    $log_info=$log_info+" ("+$time_start+" - "+$time_stop+" - '"+$ip_new+"')"
    IF (len($fullname) > 0)
      $log_info=$log_info+"     '"+LCASE($fullname)+"'"
      $log_info=$log_info+"     '"+$previous_logon_message+"'"
      $log_info=$log_info+"     '"+$previous_workstation+"'"
    ENDIF
    ;
    IF logevent(0, 1, $log_info, "", "Kixtart LOG @kix"+"s")
    ENDIF
  ENDIF
  break on
  flushkb