| 1,8 → 1,7 |
|---|
| <?php |
| # $Id$ |
| # |
| # index.php for ALCASAR |
| # by REXY |
| # index.php for ALCASAR bu Rexy |
| # UI & css style by stephane ERARD |
| # The contents of this file may be used under the terms of the GNU |
| # General Public License Version 2, provided that the above copyright |
| 48,39 → 47,37 |
|---|
| $network_pb = False; |
| $cert_add = "http://$hostname/certs"; |
| $direct_access = False; |
| $display_button_user_not_auth_yet=False; |
| $display_menu=False; |
| $diagnostic = "can't contact the default router"; |
| $remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; |
| $tab = array();$user = array(); |
| $connection_history = ""; |
| $nb_connection_history = 3; |
| $Language = 'en'; |
| if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
| $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
| $Language = strtolower(substr(chop($Langue[0]),0,2)); } |
| $redirect_link = "http://www.alcasar.net"; |
| |
| # Retrieve the user info behind the remote ip |
| exec ("sudo /usr/sbin/chilli_query list|grep $remote_ip" , $tab); |
| $user = explode (" ", $tab[0]); |
| |
| # cleaning the cache |
| header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); |
| header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
| header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); |
| header("Cache-Control: post-check=0, pre-check=0", false); |
| header("Pragma: no-cache"); |
| |
| |
| # Test if it'a direct connexion to ALCASAR |
| if (isset($_SERVER['HTTP_HOST']) && (($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR']) || preg_match ("/^alcasar$/", $_SERVER['HTTP_HOST']) || preg_match ("/^$hostname$/", $_SERVER['HTTP_HOST']) || preg_match ("/^$organisme$/", $_SERVER['HTTP_HOST']))) |
| { |
| # Test if it's a direct connexion to ALCASAR |
| if ((isset($_SERVER['HTTP_HOST'])) && (($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR']) || (preg_match ("/^alcasar$/", $_SERVER['HTTP_HOST'])) || (preg_match ("/^$hostname$/", $_SERVER['HTTP_HOST'])) || (preg_match ("/^$organisme$/", $_SERVER['HTTP_HOST'])))) |
| { |
| echo $_SERVER['HTTP_HOST']." / ".$_SERVER['SERVER_ADDR']." / ".$hostname." / ".$organisme; |
| $direct_access=True; |
| } |
| exec("sudo /usr/sbin/ipset del not_auth_yet $remote_ip"); # del user of the ipset "not_auth_yet" to not loop |
| } |
| # Function to adapt time connexion in seconds to H,M,S |
| function secondsToDuration($seconds = null){ |
| if ($seconds == null) return ""; |
| |
| $temp = $seconds % 3600; |
| $time[0] = ( $seconds - $temp ) / 3600 ; // hours |
| $time[2] = $temp % 60 ; // seconds |
| $time[1] = ( $temp - $time[2] ) / 60; // minutes |
| |
| return $time[0]." h ".$time[1]." m ".$time[2]." s"; |
| } |
| |
| 106,66 → 103,28 |
|---|
| } |
| } |
| } |
| else |
| else # user not connected |
| { |
| # the user isn't connected and he isn't in the ipset "not_auth_yet" yet |
| exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet); |
| if(!$direct_access && $ipset_not_auth_yet[0] == '0') |
| if(!$direct_access && $ipset_not_auth_yet[0] == '0') # it's an interception |
| { |
| if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") # if HTTPS, we redirect user to HTTP to flag him (ipset : not_auth_yet) |
| { |
| header("Location: http://$_SERVER[HTTP_HOST]"); |
| exit; |
| } |
| |
| $display_button_user_not_auth_yet=True; # Display menu for user not_auth_yet, he need to click on 'open connection' to be flagged in the ipset "not_auth_yet" |
| $display_menu = True; # Display menu for user not_auth_yet |
| $redirect_link = $_SERVER['HTTP_HOST']; |
| } |
| if(isset($_GET['url'])) #When user clicked to open a connection ... |
| if(isset($_GET['url'])) # When user has clicked to open a connection ... |
| { |
| exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" to not loop when redirected |
| echo "<script>window.location.href='http://$_GET[url]'</script>"; #we redirect him to his HTTP website (to be intecepted by coova) |
| exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" (DNS requests not intercepted) |
| #header('Location: http://www.alcasar.net',TRUE,307); |
| header("Location: $redirect_link"); |
| exit; |
| |
| } |
| if ((!$direct_access && !$display_button_user_not_auth_yet) || $ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest. |
| echo "<script>window.location.reload(true)</script>"; #We force DNS request |
| } |
| |
| |
| /* ANCIEN FONCTIONNEMENT : l'utilisateur ne cliquait pas sur le boutton pour etre flaggué + pas d'access au menu index.php avec les boutons |
| # the user isn't connected and he isn't in the ipset "not_auth_yet" yet |
| exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet); |
| if(!$direct_access && $ipset_not_auth_yet[0] == '0') |
| { |
| exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add in the ipset "not_auth_yet" to not loop when redirected |
| |
| if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") |
| { |
| header("Location: http://$_SERVER[HTTP_HOST]"); |
| } |
| else |
| { |
| echo "<script>window.location.reload(true)</script>"; # the user web browser need to perform a new DNS request when redirected (as in a "<CTRL>+F5") |
| echo "<script>window.location.href='http://$_SERVER[HTTP_HOST]'</script>"; |
| } |
| exit; |
| } |
| if(!$direct_access) #If user is already in not_auth_yet |
| { |
| echo "<script>window.location.reload(true)</script>"; #We force DNS request |
| exit; |
| }*/ |
| |
| |
| |
| if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest. |
| echo "<script>window.location.reload(true)</script>"; # force DNS request |
| } |
| } |
| # Choice of language |
| $Language = 'en'; |
| if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
| $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
| $Language = strtolower(substr(chop($Langue[0]),0,2)); } |
| if($Language == 'fr'){ |
| $l_access_denied = "ACCÈS REFUSÉ"; |
| $l_access_denied = "Contrôle d'accès"; |
| $l_access_welcome = "Bienvenue sur ALCASAR"; |
| $l_access_unavailable = "ACCÈS INDISPONIBLE"; |
| $l_required_domain = "Site WEB demandé"; |
| 183,17 → 142,7 |
|---|
| $l_category = "catégorie :"; |
| if ((isset ($user[4])) && ($user[4] == "0")) { |
| $l_logout_explain = "Aucune session de consultation Internet n'est actuellement ouverte sur votre système."; |
| |
| if($display_button_user_not_auth_yet) |
| { |
| $l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Ouvrir une session Internet</a>"; |
| } |
| else |
| { |
| $l_logout = "<a href=\"http://www.google.com\">Ouvrir une session Internet</a>"; |
| } |
| |
| |
| $l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Ouvrir une session Internet</a>"; |
| } |
| else { |
| if ($user[5] != $user[0]) // authentication exception or not |
| 216,7 → 165,7 |
|---|
| $l_acc_sms = "Auto enregistrement par SMS"; |
| } |
| else if($Language == 'pt'){ |
| $l_access_denied = "Acesso negado"; |
| $l_access_denied = "Controle de acesso"; |
| $l_access_welcome = "Bem-vindo ao Alcasar"; |
| $l_access_unavailable = "ACESSO INDISPONÍVEL"; |
| $l_required_domain = "Site WEB Obrigatório"; |
| 233,18 → 182,8 |
|---|
| $l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Essa foi uma ajuda complementar</a>"; |
| $l_category = "categoria :"; |
| if ((isset ($user[4])) && ($user[4] == "0")) { |
| $l_logout_explain = "Não há conexão de Internet aberta em seu computador, deseja conectar?"; |
| if($display_button_user_not_auth_yet) |
| { |
| $l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Abrir uma conexão de Internet</a>"; |
| } |
| else |
| { |
| $l_logout = "<a href=\"http://www.google.com\">Abrir uma conexão de Internet</a>"; |
| } |
| |
| |
| |
| $l_logout_explain = "Não há conexão de Internet aberta em seu computador, deseja conectar?"; |
| $l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Abrir uma conexão de Internet</a>"; |
| } |
| else { |
| if ($user[5] != $user[0]) // authentication exception or not |
| 267,7 → 206,7 |
|---|
| $l_acc_sms = "Auto registration by SMS"; |
| } |
| else { |
| $l_access_denied = "ACCESS DENIED"; |
| $l_access_denied = "Access control"; |
| $l_access_welcome = "Welcome on ALCASAR"; |
| $l_access_unavailable = "ACCESS UNAVAILABLE"; |
| $l_required_domain = "Required WEB site"; |
| 284,17 → 223,8 |
|---|
| $l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Complementary help</a>"; |
| $l_category = "category :"; |
| if ((isset ($user[4])) && ($user[4] == "0")) { |
| $l_logout_explain = "No Internet consultation session is actualy open on your system"; |
| if($display_button_user_not_auth_yet) |
| { |
| $l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Open an Internet session</a>"; |
| } |
| else |
| { |
| $l_logout = "<a href=\"http://www.google.com\">Open an Internet session</a>"; |
| } |
| |
| |
| $l_logout_explain = "No Internet consultation session is actualy open on your system"; |
| $l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Open an Internet session</a>"; |
| } |
| else { |
| if ($user[5] != $user[0]) // authentication exception or not |
| 321,7 → 251,7 |
|---|
| $l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny)); |
| |
| # set the icons |
| $img_rep = "http://alcasar/images/"; |
| $img_rep = "./images/"; |
| $img_organisme = "organisme.png"; |
| $img_access = "globe_acces_70.png"; |
| $img_connect = "globe_70.png"; |
| 346,6 → 276,12 |
|---|
| $img_internet = $img_connect; |
| } |
| |
| # cleaning the cache |
| header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); |
| header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
| header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); |
| header("Cache-Control: post-check=0, pre-check=0", false); |
| header("Pragma: no-cache"); |
| ?> |
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
| <html> |
| 355,26 → 291,19 |
|---|
| <meta http-equiv="Cache-control" content="no-cache"> |
| <meta http-equiv="Pragma" content="no-cache"> |
| <?php |
| if($display_button_user_not_auth_yet) #if user is intercepted (ipset:not_auth_yet), css style is not included properly |
| { |
| echo "<style>"; |
| include("css/style_intercept.css"); |
| echo "</style>"; |
| echo "<style>"; |
| include("css/style_intercept.css"); |
| echo "</style>"; |
| ?> |
| <script type="text/javascript"> |
| function valoriserDiv5(param){ |
| document.getElementById("box_info").innerHTML = param.innerHTML; |
| } |
| else |
| { |
| echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"css/style_intercept.css\">"; |
| } |
| ?> |
| <script type="text/javascript"> |
| function valoriserDiv5(param){ |
| document.getElementById("box_info").innerHTML = param.innerHTML; |
| } |
| </script> |
| </script> |
| </head> |
| <body onload="valoriserDiv5(text_conn);"> |
| <?php |
| if ($direct_access || $display_button_user_not_auth_yet){ |
| if ($direct_access || $display_menu){ |
| echo " |
| <div id=\"cadre_titre\" class=\"titre_controle\"> |
| <p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>"; |
| 424,7 → 353,7 |
|---|
| } |
| ?> |
| <?php |
| if ($direct_access || $display_button_user_not_auth_yet){ |
| if ($direct_access || $display_menu){ |
| echo " <div id=\"box_bienvenue\"> |
| $l_welcome |
| </div> |