28,8 → 28,6 |
} |
fclose($file_conf); |
|
$csrf_key = ""; |
$csrf_token = hash('sha256', $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'].$_SERVER['REQUEST_URI'].$csrf_key); |
$tmp = explode("/",$conf["PRIVATE_IP"]); |
$private_ip=$tmp[0]; |
$intif = $conf["INTIF"]; |
115,8 → 113,8 |
} |
|
if (isset($_POST['action'])){ |
$mac= trim($_POST['mac_addr']); |
if ((filter_var($mac, FILTER_VALIDATE_MAC) !== false) && (trim($_POST['post_csrf_token']) == $csrf_token)){ |
if (filter_var(trim($_POST['mac_addr']), FILTER_VALIDATE_MAC) !== false){ |
$mac= trim($_POST['mac_addr']); |
switch ($_POST['action']){ |
case "$l_disconnect" : |
exec("sudo /usr/sbin/chilli_query logout ".$mac); |
142,7 → 140,6 |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &'); |
break; |
} |
|
} |
unset($_POST['mac_addr']); |
} |
226,7 → 223,6 |
echo "</td><td>"; |
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; |
echo "<input type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">"; |
echo "<input type=\"hidden\" name=\"post_csrf_token\" value=\"$csrf_token\">"; |
if($IoT_capture == "on"){ |
if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON"){ |
echo "<input type=\"submit\" onClick=\"document.getElementById('ldoverlay').style.display='block';\" name=\"action\" value=\"$l_stop_capture_disconnect\">"; |
251,7 → 247,6 |
echo "<td>"; |
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; |
echo "<input type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">"; |
echo "<input type=\"hidden\" name=\"post_csrf_token\" value=\"$csrf_token\">"; |
echo "<input type=\"submit\" onClick=\"document.getElementById('ldoverlay').style.display='block';\" name=\"action\" value=\"$l_disconnect\">"; |
echo "</form></td>"; |
} |
269,7 → 264,6 |
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; |
# Dissociate user (... or other) who is not connected yet |
echo "<input type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">"; |
echo "<input type=\"hidden\" name=\"post_csrf_token\" value=\"$csrf_token\">"; |
exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info", $mac_in_ether_file); |
if (empty($mac_in_ether_file[1])){ |
echo "<input type=\"submit\" onClick=\"document.getElementById('ldoverlay').style.display='block';\" name=\"action\" value=\"$l_dissociate\">"; // Dissociate only MAC not in ether file (dhcp) |