Subversion Repositories ALCASAR

Rev

Rev 2216 | Rev 2250 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2216 Rev 2234
Line 1... Line 1...
1 
<?php
 1 
<?php
2 
# $Id: index.php 2216 2017-05-09 20:31:16Z tom.houdayer $
 2 
# $Id: index.php 2234 2017-05-18 21:20:10Z richard $
3 
#
 3 
#
4 
# index.php for ALCASAR by Rexy
 4 
# index.php for ALCASAR by Rexy
5 
# UI & css style by stephane ERARD
 5 
# UI & css style by stephane ERARD
6 
# The contents of this file may be used under the terms of the GNU
 6 
# The contents of this file may be used under the terms of the GNU
7 
# General Public License Version 2, provided that the above copyright
 7 
# General Public License Version 2, provided that the above copyright
Line 31... Line 31...
31 
$file_conf = fopen(CONF_FILE, 'r');
 31 
$file_conf = fopen(CONF_FILE, 'r');
32 
if (!$file_conf) {
 32 
if (!$file_conf) {
33 
	exit('Error opening the file '.CONF_FILE);
 33 
	exit('Error opening the file '.CONF_FILE);
34 
}
 34 
}
35 
while (!feof($file_conf)) {
 35 
while (!feof($file_conf)) {
36 
	$tampon = fgets($file_conf, 4096);
 36 
	$buffer = fgets($file_conf, 4096);
37 
	if ((strpos($tampon, '=') !== false) && (substr($tampon, 0, 1) !== '#')) {
 37 
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
38 
		$tmp = explode('=', $tampon);
 38 
		$tmp = explode('=', $buffer);
39 
		$conf[$tmp[0]] = trim($tmp[1]);
 39 
		$conf[$tmp[0]] = trim($tmp[1]);
40 
	}
 40 
	}
41 
}
 41 
}
42 
fclose($file_conf);
 42 
fclose($file_conf);
43 
 
 43 
 
44 
$organisme = trim($conf["ORGANISM"]);
 44 
$organisme = $conf["ORGANISM"];
45 
$hostname = trim($conf["HOSTNAME"]).'.'.trim($conf["DOMAIN"]);
 45 
$hostname  = $conf["HOSTNAME"].'.'.$conf["DOMAIN"];
46 
$network_pb = False; # "alcasar-watchdog.sh" changes this value if a network issue is detected
 46 
$network_pb = False; # "alcasar-watchdog.sh" changes this value if a network issue is detected
47 
$diagnostic = "can't contact the default router"; # "alcasar-watchdog.sh" changes this value if a network issue is detected
 47 
$diagnostic = "can't contact the default router"; # "alcasar-watchdog.sh" changes this value if a network issue is detected
48 
$cert_add = "http://$hostname/certs";
 48 
$cert_add = "http://$hostname/certs";
49 
$direct_access = False;
 49 
$direct_access = False;
50 
$display_menu=False;
 - 
 
51 
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
 50 
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
52 
$tab = array();$user = array();
 51 
$tab = array();$user = array();
53 
$connection_history =  "";
 52 
$connection_history =  "";
54 
$nb_connection_history = 3;
 53 
$nb_connection_history = 3;
55 
$Language = 'en';
 54 
$Language = 'en';
Line 64... Line 63...
64 
$user = explode (" ", $tab[0]);
 63 
$user = explode (" ", $tab[0]);
65 
 
 64 
 
66 
# Test if it's a direct connexion to ALCASAR
 65 
# Test if it's a direct connexion to ALCASAR
67 
if (isset($_SERVER['HTTP_HOST']) && (($_SERVER['HTTP_HOST'] === $_SERVER['SERVER_ADDR']) || ($_SERVER['HTTP_HOST'] === 'alcasar') || ($_SERVER['HTTP_HOST'] === $hostname) || ($_SERVER['HTTP_HOST'] === $organisme))) {
 66 
if (isset($_SERVER['HTTP_HOST']) && (($_SERVER['HTTP_HOST'] === $_SERVER['SERVER_ADDR']) || ($_SERVER['HTTP_HOST'] === 'alcasar') || ($_SERVER['HTTP_HOST'] === $hostname) || ($_SERVER['HTTP_HOST'] === $organisme))) {
68 
	$direct_access = true;
 67 
	$direct_access = true;
69 
	exec("sudo /usr/sbin/ipset del not_auth_yet $remote_ip"); # del user of the ipset "not_auth_yet" to not loop
 - 
 
70 
}
 68 
}
71 
 
 69 
 
72 
# Function to adapt time connexion in seconds to H,M,S
 70 
# Function to adapt time connexion in seconds to H,M,S
73 
function secondsToDuration($seconds = null){
 71 
function secondsToDuration($seconds = null){
74 
	if ($seconds == null) return "";
 72 
	if ($seconds == null) return "";
Line 78... Line 76...
78 
	$time[1] = ( $temp - $time[2] ) / 60;		// minutes
 76 
	$time[1] = ( $temp - $time[2] ) / 60;		// minutes
79 
	return $time[0]." h ".$time[1]." m ".$time[2]." s";
 77 
	return $time[0]." h ".$time[1]." m ".$time[2]." s";
80 
}
 78 
}
81 
 
 79 
 
82 
# if user need to be warned
 80 
# if user need to be warned
83 
if(isset($_GET['warn']) && isset($_GET['url']))
 81 
if (isset($_GET['warn']) && isset($_GET['url'])) {
84 
{
 - 
 
85 
	$direct_access = False;
 82 
	$direct_access = false;
86 
}
 83 
}
87 
 
 84 
 
88 
if ((isset ($user[4])) && ($user[4] != "0")){ # the user is authenticated
 85 
if ((isset($user[4])) && ($user[4] != "0")) { # the user is authenticated
89 
	if(isset($_GET['redirect'])) # if user has been warned, we redirect him to his website
 86 
	if (isset($_GET['redirect'])) { # if user has been warned, we redirect him to his website
90 
	{
 - 
 
91 
		header('Location: '.$_GET['url'], true, 307);
 87 
		header('Location: '.$_GET['url'], true, 307);
92 
		exit;
88 
		exit();
93 
	}
 89 
	}
- 
 
 90 
 
94 
	# we retrieve his three last connections
 91 
	# we retrieve his three last connections
95 
	if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
 92 
	if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
96 
		include_once("/etc/freeradius-web/config.php");
 93 
		include_once("/etc/freeradius-web/config.php");
97 
		include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
 94 
		include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
98 
		$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history";
 95 
		$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history";
Line 109... Line 106...
109 
				$connection_history.="</ul>";
 106 
				$connection_history.="</ul>";
110 
			}
 107 
			}
111 
		}
 108 
		}
112 
	}
 109 
	}
113 
}
 110 
}
114 
else # the user isn't authenticated
 111 
else { # the user isn't authenticated
115 
{
 - 
 
116 
	exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet);
 - 
 
117 
	if(!$direct_access && $ipset_not_auth_yet[0] == '0'){ # it's the first stage of the interception
 - 
 
118 
		$display_menu = True; # Display menu for user not_auth_yet
 - 
 
119 
		if (!isset($_SERVER['HTTPS'])){ # In HTTP, the user is redirected on it's home page. In HTTPS, it's on the default page (see $redirect_link)
 - 
 
120 
			$redirect_link = $_SERVER['HTTP_HOST'];
 - 
 
121 
		}
 - 
 
122 
	}
 - 
 
123 
	if(isset($_GET['url'])){ # it's the second stage (when user has clicked on the button "open a connection")
 112 
	if (isset($_GET['url'])) { # it's the second stage (when user has clicked on the button "open a connection")
124 
		exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" (DNS requests not intercepted)
 - 
 
125 
		$redir = "http://".$_GET['url'];
 113 
		$redir = 'http://'.$_GET['url'];
126 
		header("Location: $redir",TRUE,307);
 114 
		header("Location: $redir", true, 307);
127 
		exit;
115 
		exit();
128 
	}
 - 
 
129 
	if ($ipset_not_auth_yet[0] == '1'){ # if user not_auth_yet still here (index.php), we force DNS resquest.
 - 
 
130 
		 echo "<script>window.location.reload(true)</script>"; # force DNS request
 - 
 
131 
	}
 116 
	}
132 
}
 117 
}
133 
# Choice of language
 118 
# Choice of language
134 
if($Language == 'fr'){
 119 
if($Language == 'fr'){
135 
	$l_access_denied = "Contrôle d'accès";
 120 
	$l_access_denied = "Contrôle d'accès";
Line 407... Line 392...
407 
	$l_explain_warn_date="has read your connexion logs at ";
 392 
	$l_explain_warn_date="has read your connexion logs at ";
408 
	$l_explain_warn_reason="For this reason : ";
 393 
	$l_explain_warn_reason="For this reason : ";
409 
	$l_uam_domain = "Authorized websites : ";
 394 
	$l_uam_domain = "Authorized websites : ";
410 
}
 395 
}
411 
 
 396 
 
412 
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
 397 
$l_title   = ($direct_access ? $l_access_welcome     : ($network_pb ? $l_access_unavailable : $l_access_denied));
413 
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny));
 398 
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb     : $l_explain_access_deny));
414 
 
 399 
 
415 
# set the icons
 400 
# set the icons
416 
$img_rep = "/images/";
 401 
$img_rep = "/images/";
417 
$img_organisme = "organisme.png";
 402 
$img_organisme = "organisme.png";
418 
$img_access = "globe_acces_70.png";
 403 
$img_access = "globe_acces_70.png";
Line 443... Line 428...
443 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
 428 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
444 
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
 429 
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
445 
header("Cache-Control: post-check=0, pre-check=0", false);
 430 
header("Cache-Control: post-check=0, pre-check=0", false);
446 
header("Pragma: no-cache");
 431 
header("Pragma: no-cache");
447 
 
 432 
 
448 
exec("sudo /usr/sbin/ipset list not_filtered | grep $remote_ip | wc -l 2>&1", $ipset_not_filtered);
 - 
 
449 
# if user is in "ipset_not_filtered" then he must refresh its dns cache (we are in the interception process)
 - 
 
450 
if (!$direct_access && !$display_menu && ($ipset_not_filtered[0] == '1') && (!$network_pb) && (!isset($_GET['warn']))) {
 - 
 
451 
	echo '<!doctype html><html><head><script>window.location.reload(true)</script></head><body></body></html>'; # force DNS request
 - 
 
452 
}
 - 
 
453 
 
 - 
 
454 
?>
 433 
?>
455 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 434 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
456 
<html>
 435 
<html>
457 
<head>
 436 
<head>
458 
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 437 
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Line 466... Line 445...
466 
	}
 445 
	}
467 
	</script>
 446 
	</script>
468 
</head>
 447 
</head>
469 
<body onload="valoriserDiv5(text_conn);">
 448 
<body onload="valoriserDiv5(text_conn);">
470 
<?php
 449 
<?php
471 
if ($direct_access || $display_menu){
 450 
if ($direct_access){
472 
	echo "
 451 
	echo "
473 
	<div id=\"cadre_titre\" class=\"titre_controle\">
 452 
	<div id=\"cadre_titre\" class=\"titre_controle\">
474 
		<p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>";
 453 
		<p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>";
475 
	if ($network_pb) {
 454 
	if ($network_pb) {
476 
		echo "	<span>$l_explain_net_pb</span>";
 455 
		echo "	<span>$l_explain_net_pb</span>";
Line 497... Line 476...
497 
	</div>
 476 
	</div>
498 
		<div id="contenu_acces">
 477 
		<div id="contenu_acces">
499 
			<div id="box_url">
 478 
			<div id="box_url">
500 
				<?php
479 
				<?php
501 
				// Search blacklist categories
 480 
				// Search blacklist categories
502 
				if ((!$direct_access) && (!$display_menu) && (!$network_pb) && (!isset($_GET['warn']))) {
 481 
				if ((!$direct_access) && (!$network_pb) && (!isset($_GET['warn']))) {
503 
					$pattern = str_replace('www.', '', $_SERVER['HTTP_HOST']);
 482 
					$pattern = str_replace('www.', '', $_SERVER['HTTP_HOST']);
504 
					exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/dansguardian/lists/blacklists/*/domains | cut -d'/' -f6", $output);
 483 
					exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/dansguardian/lists/blacklists/*/domains | cut -d'/' -f6", $output);
505 
					$lists = [];
 484 
					$lists = [];
506 
					foreach ($output as $line) {
 485 
					foreach ($output as $line) {
507 
						$lists[] = $line;
 486 
						$lists[] = $line;
Line 536... Line 515...
536 
}
 515 
}
537 
else {
 516 
else {
538 
	$sms_div='';
 517 
	$sms_div='';
539 
	$sms_div_over='';
 518 
	$sms_div_over='';
540 
}
 519 
}
541 
if ($direct_access || $display_menu){
 520 
if ($direct_access) {
542 
	if (!$network_pb){
 521 
	if (!$network_pb) {
543 
	       	echo "
 522 
		echo "
544 
		<div class=\"box_menu\" id=\"box_conn\" onmouseover=\"valoriserDiv5(text_conn);\">
 523 
		<div class=\"box_menu\" id=\"box_conn\" onmouseover=\"valoriserDiv5(text_conn);\">
545 
			<span>$l_logout</span>
 524 
			<span>$l_logout</span>
546 
			<img src=\"$img_rep$img_internet\">
 525 
			<img src=\"$img_rep$img_internet\">
547 
		</div>";
 526 
		</div>";
548 
	}
 527 
	}
Line 552... Line 531...
552 
	$tab = file(DOMAIN_ALLOWED_LIST);
 531 
	$tab = file(DOMAIN_ALLOWED_LIST);
553 
	if ($tab) { // the file isn't empty
 532 
	if ($tab) { // the file isn't empty
554 
		$domainAllowedHtml .= '<p>'.$l_uam_domain.'<br><ul>';
 533 
		$domainAllowedHtml .= '<p>'.$l_uam_domain.'<br><ul>';
555 
		foreach ($tab as $line) {
 534 
		foreach ($tab as $line) {
556 
			if (trim($line) !== '') { // the line isn't empty
 535 
			if (trim($line) !== '') { // the line isn't empty
557 
				$domain_allowed = explode("#", $line);
 536 
				$domain_allowed = explode('#', $line);
558 
				if (trim($domain_allowed[1]) !== '') {
 537 
				if (trim($domain_allowed[1]) !== '') {
559 
					$domain = explode('"', $domain_allowed[0]);
 538 
					$domain = explode('"', $domain_allowed[0]);
560 
					// remove every '.' from the beginning of domain
 539 
					// remove every '.' from the beginning of domain
561 
					$domain[1] = ltrim($domain[1], '.');
 540 
					$domain[1] = ltrim($domain[1], '.');
562 
					$domainAllowedHtml .= '<li><a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a></li>';
 541 
					$domainAllowedHtml .= '<li><a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a></li>';