Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2297 → Rev 2299

/web/acc/admin/bl_categories_help.php
178,16 → 178,16
{
 
$filtre = $liste == "bl" ? $bl_categorie_domain_file : $wl_categorie_domain_file;
exec("head -n 15 $filtre | cut -d '/' -f2", $resultat);
exec("head -n 15 ".escapeshellarg($filtre)." | cut -d '/' -f2", $resultat);
}
elseif($titre == "ip")
{
$filtre = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file;
exec("head -n 15 $filtre | cut -d ' ' -f3", $resultat);
exec("head -n 15 ".escapeshellarg($filtre)." | cut -d ' ' -f3", $resultat);
}
else
{
exec("head -n 15 $filtre", $resultat);
exec("head -n 15 ".escapeshellarg($filtre), $resultat);
}
for($i=0; $i<count($resultat); $i++)
echo $resultat[$i]."<br/>";
/web/acc/admin/bl_filter.php
55,6 → 55,7
}
function echo_ip_file ($filename)
{
$filename = escapeshellarg($filename);
exec("cat $filename | cut -d ' ' -f3", $resultat);
for($i=0; $i<exec("wc -l $filename"); $i++)
{
264,20 → 265,20
$action=$_POST[$fichier];
if($action == $l_remove) //delete
{
exec("/bin/sed -i \"/^$fichier$/d\" $bl_categories_enabled");
exec("/bin/sed -i \"/$fichier$/d\" $bl_categories");
exec("rm -rf $dir_blacklist$fichier");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $bl_categories_enabled");
exec("/bin/sed -i ".escapeshellarg("/$fichier$/d")." $bl_categories");
exec("rm -rf $dir_blacklist".escapeshellarg($fichier));
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_disable) //disable
{
exec("/bin/sed -i \"/^$fichier$/d\" $bl_categories_enabled");
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $bl_categories_enabled");
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_enable) //enable
{
file_put_contents ($bl_categories_enabled, $fichier."\n", FILE_APPEND);
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
}
}
287,19 → 288,19
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/dansguardian/list/blacklist/ossi-bl-XXXXXXXX
if((!empty($file_name)) && (!file_exists($dest_dir)))
{
exec ("mkdir $dest_dir");
exec("mkdir ".escapeshellarg($dest_dir));
$file=$_FILES['fichier_ip']['tmp_name'];
exec("/usr/bin/dos2unix $file $file");
exec("/usr/bin/dos2unix ".escapeshellarg($file));
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains")) // copy in the file "domains" (containing @ip & domain names (like over Toulouse categories))
{
touch ($dest_dir."/urls"); // create the URL file even if it isn't used
file_put_contents ($bl_categories, $dest_dir."\n", FILE_APPEND); # add to the categories list
file_put_contents ($bl_categories_enabled, "ossi-bl-".$file_name."\n", FILE_APPEND); //Enabled by default
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
else
{
exec("rm -rf $dest_dir");
exec("rm -rf ".escapeshellarg($dest_dir));
echo $l_error_upload;
}
}
345,9 → 346,9
<?php
echo "<center>";
// total number of IP, DNS & URLs
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'");
$nbUrl = exec ("for file in `find /etc/dansguardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb");
$nbIp = exec ("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'");
$nbDomainNames = exec("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'");
$nbUrl = exec("for file in `find /etc/dansguardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb");
$nbIp = exec("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'");
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>";
echo "$l_bl_categories</center></td></tr>";
//read & display all BL categories (checked or not)
/web/acc/admin/network.php
224,18 → 224,18
/*******************************************
* Read ALCASAR_CONF_FILE Before *
********************************************/
$ouvre=fopen(CONF_FILE,"r");
if ($ouvre){
while (!feof ($ouvre))
{
$tampon = fgets($ouvre, 4096);
if (strpos($tampon,"=")!==false){
$tmp = explode("=",$tampon);
$conf[$tmp[0]] = $tmp[1];
}
$file_conf = fopen(CONF_FILE, 'r');
if (!$file_conf) {
exit('Error opening the file '.CONF_FILE);
}
while (!feof($file_conf)) {
$buffer = fgets($file_conf, 4096);
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
$tmp = explode('=', $buffer);
$conf[trim($tmp[0])] = trim($tmp[1]);
}
fclose($ouvre);
}
fclose($file_conf);
if(isset($_POST['dns1']) && preg_match($reg_ip,$_POST['dns1']))
{
273,18 → 273,18
/*******************************************
* Read ALCASAR_CONF_FILE Updated *
********************************************/
$ouvre=fopen(CONF_FILE,"r");
if ($ouvre){
while (!feof ($ouvre))
{
$tampon = fgets($ouvre, 4096);
if (strpos($tampon,"=")!==false){
$tmp = explode("=",$tampon);
$conf[$tmp[0]] = $tmp[1];
}
$file_conf = fopen(CONF_FILE, 'r');
if (!$file_conf) {
exit('Error opening the file '.CONF_FILE);
}
while (!feof($file_conf)) {
$buffer = fgets($file_conf, 4096);
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
$tmp = explode('=', $buffer);
$conf[trim($tmp[0])] = trim($tmp[1]);
}
fclose($ouvre);
}
fclose($file_conf);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- written by steweb57 & rexy -->
/web/acc/admin/network2.php
7,7 → 7,7
echo "<tr><th>$l_mac_address<th>$l_ip_address<th>Info<th>$l_del</tr>";
// Read the "ether" file
$intif = $conf["INTIF"];
exec ("sudo /sbin/ip link show $intif", $output);
exec("sudo /sbin/ip link show ".escapeshellarg($intif), $output);
$detail = explode (" " , $output[1]);
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5]));
unset ($output);unset ($detail);
/web/acc/admin/services.php
94,17 → 94,17
//fonction pour faire une action (start,stop,restart) sur un service
function serviceExec($service, $action){
if (($action == "start")||($action == "stop")||($action == "restart")){
exec("sudo /usr/bin/systemctl $action $service",$retval, $retstatus);
exec("sudo /usr/bin/systemctl $action ".escapeshellarg($service), $retval, $retstatus);
if ($service == "sshd"){
if ($action == "start"){
exec("sudo /usr/bin/systemctl enable $service");
exec("sudo /usr/bin/systemctl enable ".escapeshellarg($service));
file_put_contents(CONF_FILE, str_replace('SSH=off', 'SSH=on', file_get_contents(CONF_FILE)));
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
exec("sudo /usr/local/bin/alcasar-iptables.sh");
}
if ($action == "stop"){
exec("sudo /usr/bin/systemctl disable $service");
exec("sudo /usr/bin/systemctl disable ".escapeshellarg($service));
file_put_contents(CONF_FILE, str_replace('SSH=on', 'SSH=off', file_get_contents(CONF_FILE)));
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
exec("sudo /usr/local/bin/alcasar-iptables.sh");
}
}
return $retstatus;
116,7 → 116,7
//(en fonction de la présence d'un mot clé dans la valeur de status)
function checkServiceStatus($service){
$response = false;
exec("sudo /usr/bin/systemctl is-active $service.service",$retval);
exec("sudo /usr/bin/systemctl is-active ".escapeshellarg("$service.service"), $retval);
foreach( $retval as $val ) {
if ($val == "active"){
$response = true;
/web/acc/admin/update_ldap.php
125,14 → 125,19
* Redémarage des service *
*********************************************************/
 
if ($auth_enable == "1"){
if ($auth_enable == "1") {
if (!preg_match('/^[A-Za-z0-9_\-\.]+$/', $ldap_server)) {
exit('Invalid LDAP server.');
}
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=off', 'LDAP=on', file_get_contents(ALCASAR_CONF_FILE)));
exec("sudo sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ALCASAR_CONF_FILE");}
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ALCASAR_CONF_FILE");
}
else {
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=on', 'LDAP=off', file_get_contents(ALCASAR_CONF_FILE)));
exec("sudo sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ALCASAR_CONF_FILE");}
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
exec ("sudo /usr/bin/systemctl restart radiusd");
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ALCASAR_CONF_FILE");
}
exec("sudo /usr/local/bin/alcasar-iptables.sh");
exec("sudo /usr/bin/systemctl restart radiusd");
 
/****************************************************************
* Redirection vers la page de configuration LDAP *
140,4 → 145,3
 
header('Location:ldap.php?update=ok');
exit();
?>
/web/acc/admin/wl_filter.php
55,6 → 55,7
}
function echo_ip_file ($filename)
{
$filename = escapeshellarg($filename);
exec("cat $filename | cut -d ' ' -f3", $resultat);
for($i=0; $i<exec("wc -l $filename"); $i++)
{
222,19 → 223,19
$action=$_POST[$fichier];
if($action == $l_remove) //delete
{
exec("/bin/sed -i \"/^$fichier$/d\" $wl_categories_enabled");
exec("rm -rf $dir_blacklist$fichier");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $wl_categories_enabled");
exec("rm -rf .".escapeshellarg("$dir_blacklist$fichier"));
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_disable) //disable
{
exec("/bin/sed -i \"/^$fichier$/d\" $wl_categories_enabled");
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $wl_categories_enabled");
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_enable) //enable
{
file_put_contents ($wl_categories_enabled, $fichier."/n", FILE_APPEND);
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
file_put_contents($wl_categories_enabled, $fichier."/n", FILE_APPEND);
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
}
}
244,7 → 245,7
if(!empty($file_name))
{
$dest_dir = $dir_blacklist."ossi-wl-".$file_name;
exec ("mkdir $dest_dir");
exec("mkdir ".escapeshellarg($dest_dir));
$file=$_FILES['fichier_ip']['tmp_name'];
exec("/usr/bin/dos2unix $file $file");
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains"))
256,7 → 257,7
}
else
{
exec("rm -rf $dest_dir");
exec("rm -rf ".escapeshellarg($dest_dir));
echo $l_error_upload;
}
}
274,9 → 275,9
<?php
echo "<center>";
// total number of IP, DNS & URLs
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-wl/* | tail -n 1 | awk '{print $1}'");
$nbDomainNames = exec("wc -l /usr/local/share/dnsmasq-wl/* | tail -n 1 | awk '{print $1}'");
$nbUrl = "0";
$nbIp = exec ("wc -l /usr/local/share/iptables-wl/* | tail -n 1 | awk '{print $1}'");
$nbIp = exec("wc -l /usr/local/share/iptables-wl/* | tail -n 1 | awk '{print $1}'");
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>";
echo "$l_wl_categories</center></td></tr>";
//read & display all WL categories (checked or not)
/web/acc/backup/log_generation.php
102,16 → 102,16
switch($_POST['submit'])
{
case 'query_all':
exec("sudo alcasar-generate_log.sh '$password'");
exec("sudo alcasar-generate_log.sh ".escapeshellarg($password));
break;
case 'query_range':
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec'];
$date2_selected= $_POST['stop-year'].'-'.$_POST['stop-month'].'-'.$_POST['stop-day'].' '.$_POST['stop-hour'].':'.$_POST['stop-min'].':'.$_POST['stop-sec'];
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected' '$date2_selected' ");
exec("sudo alcasar-generate_log.sh ".escapeshellarg($password)." ".escapeshellarg($date1_selected)." ".escapeshellarg($date2_selected));
break;
case 'query_simple':
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec'];
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected'");
exec("sudo alcasar-generate_log.sh ".escapeshellarg($password)." ".escapeshellarg($date1_selected));
break;
}
/web/acc/manager/htdocs/activity.php
22,19 → 22,20
exit("Can't read the file ".$file);}
}
#retrieve IP_address of ALCASAR
$alcasar_conf_file="/usr/local/etc/alcasar.conf";
$ouvre=fopen("$alcasar_conf_file","r");
if ($ouvre){
while (!feof ($ouvre))
{
$tampon = fgets($ouvre, 4096);
if (strpos($tampon,"=")!==false){
$tmp = explode("=",$tampon);
$conf[$tmp[0]] = $tmp[1];
}
$alcasar_conf_file = '/usr/local/etc/alcasar.conf';
$file_conf = fopen($alcasar_conf_file, 'r');
if (!$file_conf) {
exit('Error opening the file '.$alcasar_conf_file);
}
while (!feof($file_conf)) {
$buffer = fgets($file_conf, 4096);
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
$tmp = explode('=', $buffer);
$conf[trim($tmp[0])] = trim($tmp[1]);
}
}
fclose($ouvre);
fclose($file_conf);
 
$tmp = explode("/",$conf["PRIVATE_IP"]);
$intif = $conf["INTIF"];
$private_ip=$tmp[0];
78,16 → 79,16
if (isset($_POST['action'])){
switch ($_POST['action']){
case "$l_disconnect" :
exec ("sudo /usr/sbin/chilli_query logout $_POST[mac_addr]");
unset ($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
break;
case "$l_dissociate" :
exec ("sudo /usr/sbin/chilli_query dhcp-release $_POST[mac_addr]");
unset ($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query dhcp-release ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
break;
case "$l_connect" :
exec ("sudo /usr/sbin/chilli_query authorize mac $_POST[mac_addr]");
unset ($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
break;
}
}
103,7 → 104,7
<th>$l_action</th>
</tr>";
$output = array(); $detail = array(); $nb_ligne = 0;
exec ("sudo /sbin/ip link show $intif", $output); // retrieve ALCASAR MAC address
exec("sudo /sbin/ip link show ".escapeshellarg($intif), $output); // retrieve ALCASAR MAC address
$detail = explode (" " , $output[1]);
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5]));
unset ($output);unset ($detail);
/web/acc/manager/htdocs/autoregistration.php
479,7 → 479,7
{
if(preg_match('#^\+#',$num))
{
exec("sudo $script --replace_numero_alcasar $num");
exec("sudo $script --replace_numero_alcasar ".escapeshellarg($num));
header('Location: autoregistration.php');
}
else
501,7 → 501,7
{
if(is_numeric($pin))
{
exec("sudo $script --replace_pin $pin");
exec("sudo $script --replace_pin ".escapeshellarg($pin));
header('Location: autoregistration.php');
}
else
524,7 → 524,7
{
if(is_numeric($nb_ban_temp))
{
exec("sudo $script --replace_try_ban $nb_ban_temp");
exec("sudo $script --replace_try_ban ".escapeshellarg($nb_ban_temp));
header('Location: autoregistration.php');
}
else
547,7 → 547,7
{
if(is_numeric($time_account))
{
exec("sudo $script --replace_time_account $time_account");
exec("sudo $script --replace_time_account ".escapeshellarg($time_account));
header('Location: autoregistration.php');
}
else
569,7 → 569,7
{
if(is_numeric($time_perm))
{
exec("sudo $script --replace_time_perm $time_perm");
exec("sudo $script --replace_time_perm ".escapeshellarg($time_perm));
header('Location: autoregistration.php');
}
else
587,8 → 587,8
if(isset($_GET['num_select'])){
$numero=$_GET['num_select'];
 
$add_mac=exec("sudo /usr/sbin/chilli_query list | grep $numero | cut -d ' ' -f1");
exec("sudo /usr/sbin/chilli_query logout $add_mac");
$add_mac=exec("sudo /usr/sbin/chilli_query list | grep ".escapeshellarg($numero)." | cut -d ' ' -f1");
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($add_mac));
 
exec("sudo $script --unlock_num $numero");
header('Location: autoregistration.php');
597,7 → 597,7
# Edition etat pays
if(isset($_GET['country_select'])){
$country=utf8_decode($_GET['country_select']);
exec("sudo $script --change_country $country");
exec("sudo $script --change_country ".escapeshellarg($country));
exec("sudo $script --change_country_filter advance");
header('Location: autoregistration.php');
}
613,7 → 613,7
exec("sudo $script --change_country_dis_all");
$array_ue = array("Allemagne","Autriche","Belgique","Bulgarie","Chypre","Croatie","Danemark","Espagne","Estonie","Finlande","France","Grece","Hongrie","Irlande","Italie","Lettonie","Lituanie","Luxembourg","Malte","Pays-Bas"," Pologne","Portugal","Republique Tcheque","Roumanie","Angleterre","Slovaquie","Slovenie","Suede");
foreach ($array_ue as $pays){
exec("sudo $script --change_country $pays");
exec("sudo $script --change_country ".escapeshellarg($pays));
}
exec("sudo $script --change_country_filter ue");
/web/acc/manager/htdocs/clear_opensessions.php
68,7 → 68,7
if ($clear_sessions == 1)
{
# close active sessions
exec ("sudo /usr/local/bin/alcasar-logout.sh $login");
exec("sudo /usr/local/bin/alcasar-logout.sh ".escapeshellarg($login));
# delete open accounting sessions
$now = time();
$today_now = date("Y-m-d H:i:s",$now);
103,11 → 103,11
 
# Count of chilli open sessions (for coova-chilli)
$open_chilli_sessions = 0;
exec ("sudo /usr/sbin/chilli_query list|cut -d\" \" -f5,6|grep $login|grep ^1|wc -l" , $open_chilli_sessions);
exec("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5,6 | grep ".escapeshellarg($login)." | grep ^1 | wc -l" , $open_chilli_sessions);
 
?>
<form method=post>
<input type=hidden name=login value=<?php print $login ?>>
<input type=hidden name=login value="<?= $login ?>">
<input type=hidden name=clear_sessions value="0">
<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top>
<tr>
/web/acc/manager/htdocs/user_edit.php
134,8 → 134,8
include("../lib/defaults.php");
}
# Disconnecting user for re-authentication
$mac=exec("sudo /usr/sbin/chilli_query list | grep \" $login \" | awk '{print $1}'");
exec("sudo /usr/sbin/chilli_query logout $mac");
$mac=exec("sudo /usr/sbin/chilli_query list | grep ".escapeshellarg(" $login ")." | awk '{print $1}'");
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($mac));
}
else{
if (is_file("../lib/$config[general_lib_type]/group_info.php"))
143,8 → 143,8
# Disconnecting all users from the selected group for re-authentication
if (isset($group_members)){
foreach ($group_members as $g_member => $member){
$mac=exec("sudo /usr/sbin/chilli_query list | grep \" $member \" | awk '{print $1}'");
exec("sudo /usr/sbin/chilli_query logout $mac");
$mac=exec("sudo /usr/sbin/chilli_query list | grep ".escapeshellarg(" $member ")." | awk '{print $1}'");
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($mac));
}
}
}
/web/acc/manager/lib/sql/create_user.php
24,14 → 24,14
$output = array();
if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:|\-]?){6}/', $login))
{
exec ("sudo chilli_query list | grep $login | cut -d' ' -f2", $output);
exec("sudo chilli_query list | grep ".escapeshellarg($login)." | cut -d' ' -f2", $output);
//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false )
{
exec ("sudo chilli_query dhcp-release $login"); //dhcp-down
exec("sudo chilli_query dhcp-release ".escapeshellarg($login)); //dhcp-down
}
}
unset ($output);
unset($output);
 
 
/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/