Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2377 → Rev 2378

/web/intercept.php
68,6 → 68,7
 
// Our own path
$loginpath = htmlspecialchars($_SERVER['PHP_SELF']);
$useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off'));
$alcasarpath = (($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'];
$statuspath = $alcasarpath.'/status.php';
 
369,41 → 370,45
 
# Read form parameters which we care about
# avoid the "user as a MAC address" attempts
if ((isset($_POST['UserName'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['UserName']) !== 1))
$username = htmlspecialchars($_POST['UserName']); else $username = '';
if (isset($_POST['Password'])) $password = htmlspecialchars($_POST['Password']); else $password = '';
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
$username = htmlspecialchars($_POST['username']); else $username = '';
if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = '';
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
 
# Read query parameters which we care about
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']);
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
if (isset($_GET['reply'])) $reply = htmlspecialchars($_GET['reply']); else $reply = '';
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']);
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']);
 
// Get required parameters from CoovaChilli config file if missing
if (empty($uamip)) {
$uamip = trim(exec('grep uamlisten /etc/chilli.conf | sed -e "s/uamlisten//"'));
// TODO: clean unused query params
 
$uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN'];
if ($useHTTPS) {
$uamproto = 'https';
$uamport = 3991;
} else {
$uamproto = 'http';
$uamport = 3990;
}
if (empty($uamport)) {
$uamport = trim(exec('grep uamport /etc/chilli.conf | sed -e "s/uamport//"'));
}
 
# translation of radius replies
if (isset($reply)) {
switch (trim($reply)) {
if (!empty($reply)) {
switch ($reply) {
case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1; break;
case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2; break;
case 'You are calling outside your allowed timespan' : $reply = $l_reply_3; break;
429,7 → 434,7
// Encode plain text password with challenge
$pappassword = implode('', unpack('H*', ($newpwd ^ $newchal)));
 
header("Location: http://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl");
header("Location: $uamproto://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl");
exit();
}
 
443,7 → 448,7
}
 
//check if we need to warn user about the imputability logs.
if($result === 1) {
if ($result === 1) {
if ((is_file('./acc/manager/lib/sql/drivers/mysql/functions.php')) && (is_file('/etc/freeradius-web/config.php'))) {
include_once('/etc/freeradius-web/config.php');
include_once('./acc/manager/lib/sql/drivers/mysql/functions.php');
455,7 → 460,7
if ($res) {
$row = @da_sql_fetch_array($res, $config);
$filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
if($filter_id[3] === '1') {
if ($filter_id[3] === '1') {
//set the fourth bit of filter-id to '0'
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
$res = mysqli_multi_query($link,$sql);
467,10 → 472,9
}
}
 
// Otherwise it was not a form request
// Send out an error message
if ($result === 0) { //erreur
header("Location: http://$uamip:$uamport/prelogin");
// By default, redirect to prelogin in order to generate a challenge
if ($result === 0) {
header("Location: $uamproto://$uamip:$uamport/prelogin");
exit();
}
 
511,7 → 515,7
}
}
if ((result === 2) || (result === 3) || result === 5) { // failed or logoff or notyet
document.form1.UserName.focus();
document.form1.username.focus();
}
}
</script>
535,18 → 539,16
<img id="logo-alcasar" src="/images/logo-alcasar.png">
<form name="form1" method="post" action="<?= $loginpath ?>">
<input type="hidden" name="challenge" value="<?= $challenge ?>">
<input type="hidden" name="uamip" value="<?= $uamip ?>">
<input type="hidden" name="uamport" value="<?= $uamport ?>">
<input type="hidden" name="userurl" value="<?= $userurl ?>">
<table id="boite-logon">
<tr>
<td width="20%" rowspan="4"><img id="logo-organ" src="/images/organisme.png"></td>
<td width="30%" align="right"><?= $l_user ?></td>
<td width="50%" align="left"><input type="text" maxLength="32" name="UserName" autocomplete="off"></td>
<td width="50%" align="left"><input type="text" maxLength="32" name="username" autocomplete="off"></td>
</tr>
<tr>
<td align="right"><?= $l_password ?></td>
<td align="left"><input maxLength="32" type="password" name="Password" autocomplete="off"></td>
<td align="left"><input maxLength="32" type="password" name="password" autocomplete="off"></td>
</tr>
<tr>
<td height="23" align="left"><input value="<?= $l_boutonO ?>" type="submit" name="button"></td>