Subversion Repositories ALCASAR

<?php

# $Id: network.php 3132 2023-04-26 17:14:33Z rexy $

// written by steweb57, Rexy, Tom HOUDAYER & Pierre RIVAULT

/********************

*  READ CONF FILES  *

*********************/

define('CONF_FILE', '/usr/local/etc/alcasar.conf');

define('ETHERS_FILE', '/usr/local/etc/alcasar-ethers');

define('ETHERS_INFO_FILE', '/usr/local/etc/alcasar-ethers-info');

define('DNS_LOCAL_FILE', '/etc/hosts');

define('LETS_ENCRYPT_FILE', '/usr/local/etc/alcasar-letsencrypt');

define('TEMP_FILE', '/tmp/alcasar.conf.temp');

$conf_files = [CONF_FILE, ETHERS_FILE, ETHERS_INFO_FILE, DNS_LOCAL_FILE, LETS_ENCRYPT_FILE];

// Files reading test

foreach ($conf_files as $file) {

	if (!file_exists($file)) {

		exit("Requested file $file isn't present");

	}

	if (!is_readable($file)) {

		exit("Can't read the file $file");

	}

}

// Read ALCASAR CONF_FILE

$file_conf = fopen(CONF_FILE, 'r');

if (!$file_conf) {

	exit('Error opening the file '.CONF_FILE);

}

while (!feof($file_conf)) {

	$buffer = fgets($file_conf, 4096);

	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {

		$tmp = explode('=', $buffer, 2);

		$conf[trim($tmp[0])] = trim($tmp[1]);

	}

}

fclose($file_conf);

// Choice of language

$Language = 'en';

if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {

	$Langue	  = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);

	$Language = strtolower(substr(chop($Langue[0]), 0, 2));

}

if ($Language === 'fr') {

	$l_network_title	= "Configuration réseau";

	$l_internet_legend	= "INTERNET";

	$l_ip_mask		= "Masque";

	$l_ip_router		= "Routeur";

	$l_ip_public		= "Adresse IP publique";

	$l_ip_dns1		= "DNS n°1";

	$l_ip_dns2		= "DNS n°2";

	$l_dhcp_title		= "Service DHCP";

	$l_dhcp_state		= "Mode actuel";

	$l_DHCP_on		= "actif";

	$l_DHCP_off		= "inactif";

	$l_DHCP_off_explain	= "/!\\ Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation).";

	$l_static_dhcp_title	= "Réservation d'adresses IP statiques (DHCP)";

	$l_mac_address		= "Adresse MAC";

	$l_ip_address		= "Adresse IP";

	$l_host_name		= "Nom d'hôte";

	$l_del			= "Supprimer de la liste";

	$l_add_to_list		= "Ajouter";

	$l_apply		= "Appliquer les changements";

	$l_local_dns		= "Résolution local de nom (DNS)";

	$l_import_cert		= "Import de certificat";

	$l_private_key		= "Clé privée (.key) :";

	$l_certificate		= "Certificat (.crt ou .cer) :";

	$l_server_chain		= "Chaîne de certification (.crt, .cer ou .pem) :";

	$l_default_cert		= "Revenir au certificat d'origine :";

	$l_import		= "Importer";

	$l_current_certificate  = "Certificat actuel";

	$l_validated		= "Validé par :";

	$l_empty		= "Vide";

	$l_yes			= "Oui";

	$l_no			= "Non";

	$l_ssl_title		= "Chiffrer les flux d'authentification entre les utilisateurs et ALCASAR";

	$l_ssh_title		= "SSH";

	$l_ssh_port			= "Port";

	$l_ssh_from			= "IP autorisée";

	$l_ssh_wan_activate	= "Activer SSH côté WAN";

	$l_ssh_lan_activate	= "Activer SSH côté LAN";

	$l_all_ip			= "Pour autoriser toutes les @IP sources: 0.0.0.0";

	$l_interlan_title	= "Autoriser l'accès au réseau situé entre ALCASAR et le routeur d'accès à Internet";

	$l_cert_expiration	= "Date d'expiration :";

	$l_cert_commonname	= "Nom commun :";

	$l_cert_organization	= "Organisation :";

	$l_upload_certificate	= "Importer un certificat officiel";

	$l_le_integration	= "Intégrer un certificat Let's Encrypt";

	$l_le_status		= "Status :";

	$l_disabled		= "Inactif";

	$l_pending_validation	= "En attente de validation";

	$l_enabled		= "Actif";

	$l_le_email		= "Email :";

	$l_le_domain_name	= "Nom de domaine :";

	$l_send			= "Envoyer";

	$l_le_ask_on		= "Demandé le :";

	$l_le_dns_entry_txt	= "Entrée DNS TXT :";

	$l_le_challenge		= "Challenge :";

	$l_recheck		= "Revérifier";

	$l_cancel		= "Annuler";

	$l_le_api		= "API :";

	$l_le_next_renewal	= "Prochain renouvellement :";

	$l_renew		= "Renouveller";

	$l_renew_force		= "Renouveller (forcer)";

	$l_previous_LE_cert	= "Revenir au certificat Let's Encrypt :";

	$l_gw_weight    = "Poids";

	$l_error        = "Erreur";

	$l_error_bad_ip = "Ceci n'est pas une adresse IP valide";

	$l_error_bad_ip_CIDR = "Ceci n'est pas une adresse CIDR valide";

	$l_error_bad_ip_port = "Ceci n'est pas une adresse IP + port valide";

	$l_error_weight = "Ceci n'est pas un poids valide";

    $l_change_successful = "Changement effectué avec succès";

} else if ($Language === 'es') {

	$l_network_title	= "Configuración de Red";

	$l_internet_legend	= "INTERNET";

	$l_ip_mask		= "Máscara";

	$l_ip_router		= "Router";

	$l_ip_public		= "IP Pública";

	$l_ip_dns1		= "DNS n°1";

	$l_ip_dns2		= "DNS n°2";

	$l_dhcp_title		= "Servicio DHCP";

	$l_dhcp_state		= "Modo actual";

	$l_DHCP_on		= "activado";

	$l_DHCP_off		= "desactivado";

	$l_DHCP_off_explain	= "/!\\ Antes de desactivar el servidor DHCP, debe escribir los parámetros externos de DHCP en el archivo de configuración (consulte la Documentación";

	$l_static_dhcp_title	= "Reserva de direcciones IP estáticas (DHCP)";

	$l_mac_address		= "Dirección MAC";

	$l_ip_address		= "Dirección IP";

	$l_host_name		= "Nombre de Host";

	$l_del			= "Borrar de la lista";

	$l_add_to_list		= "Agregar";

	$l_apply		= "Aplicar cambios";

	$l_local_dns		= "Resolución de Nombres Local (DNS)";

	$l_import_cert		= "Importar Certificado";

	$l_private_key		= "Clave Privada (.key) :";

	$l_certificate		= "Certificado (.crt) :";

	$l_server_chain		= "Cadena completa (de ser necesario: .crt) :";

	$l_default_cert		= "Volverl al certificado por defecto";

	$l_import		= "Importar";

	$l_current_certificate  = "Certificado en uso";

	$l_validated		= "Validado por :";

	$l_empty		= "Vacío";

	$l_yes			= "Si";

	$l_no			= "No";

	$l_ssl_title		= "La autenticación de cifrado fluye entre usuarios y ALCASAR";

	$l_ssh_title		= "SSH";

	$l_ssh_port			= "Puerto";

	$l_ssh_from			= "IP autorizada";

	$l_ssh_wan_activate	= "Activar SSH en el lado WAN";

	$l_ssh_lan_activate	= "Activar SSH en el lado LAN";

	$l_all_ip			= "Para permitir todas las @IP de origen : 0.0.0.0";

	$l_interlan_title = "Permitir el acceso a la red entre ALCASAR y el router de acceso a Internet";

	$l_cert_expiration	= "Fecha de vencimiento:";

	$l_cert_commonname	= "Common name:";

	$l_cert_organization	= "Organización:";

	$l_upload_certificate	= "Importar un certificado";

	$l_le_integration	= "Integración con Let's Encrypt";

	$l_le_status		= "Estado:";

	$l_disabled		= "Desactivado";

	$l_pending_validation	= "Validación pendiente";

	$l_enabled		= "Activado";

	$l_le_email		= "Email:";

	$l_le_domain_name	= "Nombre de dominio:";

	$l_send			= "Enviar";

	$l_le_ask_on		= "Preguntar el:";

	$l_le_dns_entry_txt	= "Entrada DNS TXT:";

	$l_le_challenge		= "Desafío:";

	$l_recheck		= "Verificar";

	$l_cancel		= "Cancelar";

	$l_le_api		= "API:";

	$l_le_next_renewal	= "Siguiente renovación:";

	$l_renew		= "Renovar";

	$l_renew_force		= "Renovar (forzado)";

	$l_previous_LE_cert	= "Volver al certificado de Let's Encrypt :";

    $l_gw_weight	= "Peso";

    $l_error		= "Error";

    $l_error_bad_ip	= "Esta no es una dirección IP válida";

    $l_error_bad_ip_CIDR	= "Esta no es una dirección CIDR válida";

    $l_error_bad_ip_port	= "Esto no es una dirección IP + puerto válidos";

    $l_error_weight	= "Esto no es un peso válido";

    $l_change_successful	= "Cambio completado con éxito";

} else {

	$l_network_title	= "Network configuration";

	$l_internet_legend	= "INTERNET";

	$l_ip_mask		= "Mask";

	$l_ip_router		= "Router";

	$l_ip_public		= "Public IP address";

	$l_ip_dns1		= "DNS n°1";

	$l_ip_dns2		= "DNS n°2";

	$l_dhcp_title		= "DHCP service";

	$l_dhcp_state		= "Current mode";

	$l_DHCP_on		= "enabled";

	$l_DHCP_off		= "disabled";

	$l_DHCP_off_explain	= "/!\\ Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)";

	$l_static_dhcp_title	= "Static IP addresses reservation (DHCP)";

	$l_mac_address		= "MAC address";

	$l_ip_address		= "IP address";

	$l_host_name		= "Host name";

	$l_del			= "Delete from list";

	$l_add_to_list		= "Add";

	$l_apply		= "Apply changes";

	$l_local_dns		= "Local name resolution (DNS";

	$l_import_cert		= "Certificate import";

	$l_private_key		= "Private key (.key) :";

	$l_certificate		= "Certificate (.crt or .cer) :";

	$l_server_chain		= "Server-chain (.crt, .cer or .pem) :";

	$l_default_cert		= "Back to default certificate :";

	$l_import		= "Import";

	$l_current_certificate  = "Current certificate";

	$l_validated		= "Validated by :";

	$l_empty		= "Empty";

	$l_yes			= "Yes";

	$l_no			= "No";

	$l_ssl_title		= "Cipher authentication flows between users and ALCASAR";

	$l_ssh_title		= "SSH";

	$l_ssh_port			= "Port";

	$l_ssh_from			= "Authorized IP";

	$l_ssh_wan_activate	= "Activate SSH on WAN side";

	$l_ssh_lan_activate	= "Activate SSH on LAN side";

	$l_all_ip			= "To allow all source IP addresses: 0.0.0.0";

	$l_interlan_title = "Authorize access to the network located between ALCASAR and Internet broadband router";

	$l_cert_expiration	= "Expiration date:";

	$l_cert_commonname	= "Common name:";

	$l_cert_organization	= "Organization:";

	$l_upload_certificate	= "Import an officlal certificate";

	$l_le_integration	= "Integrate a Let's Encrypt certificate";

	$l_le_status		= "Status:";

	$l_disabled		= "Disabled";

	$l_pending_validation	= "Pending validation";

	$l_enabled		= "Enabled";

	$l_le_email		= "Email:";

	$l_le_domain_name	= "Domain name:";

	$l_send			= "Send";

	$l_le_ask_on		= "Ask on:";

	$l_le_dns_entry_txt	= "DNS TXT entry:";

	$l_le_challenge		= "Challenge:";

	$l_recheck		= "Recheck";

	$l_cancel		= "Cancel";

	$l_le_api		= "API:";

	$l_le_next_renewal	= "Next renewal:";

	$l_renew		= "Renew";

	$l_renew_force		= "Renew (force)";

	$l_previous_LE_cert	= "Back to the Let's Encrypt certificate :";

    $l_gw_weight = "Weight";

    $l_error        = "Error";

    $l_error_bad_ip = "This is not a valid IP";

    $l_error_bad_ip_CIDR = "This is not a valid CIDR IP";

    $l_error_bad_ip_port = "This is not a valid IP + port";

    $l_error_weight = "This is not a valid weight";

    $l_change_successful = "Network updated successfully";

}

$reg_ip      = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/';

$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/';

$reg_ip_port = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\:([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))$/';

$reg_mac     = '/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/';

$reg_host    = '/^[a-zA-Z0-9-_]+$/';

$reg_weight  = '/^[0-9]*$/';

$ext_conf_error = false;

$choix = (isset($_POST['choix'])) ? $_POST['choix'] : '';

switch ($choix) {

	case 'DHCP_On':

		exec('sudo /usr/local/bin/alcasar-dhcp.sh -on');

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'DHCP_Off':

		exec('sudo /usr/local/bin/alcasar-dhcp.sh -off');

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'new_mac':

		$new_mac_addr = trim($_POST['add_mac']);

		$new_ip_addr  = trim($_POST['add_ip']);

		if (((!empty($new_mac_addr)) && (preg_match($reg_mac, $new_mac_addr))) && ((!empty($new_ip_addr)) && (preg_match($reg_ip, $new_ip_addr)))) {

			$tab = file(ETHERS_FILE);

			if ($tab) { // the file isn't empty

				$insert = true;

				foreach ($tab as $line) { // verify that MAC or IP address doesn't exist

					$field = explode(' ', $line);

					$mac_addr = trim($field[0]);

					$ip_addr  = trim($field[1]);

					if (strcasecmp($new_mac_addr, $mac_addr) === 0) {

						$insert = false;

						break;

					}

					if (strcasecmp($new_ip_addr, $ip_addr) === 0) {

						$insert = false;

						break;

					}

				}

				if ($insert) {

					$line = $new_mac_addr . ' ' . $new_ip_addr . "\n";

					$pointeur = fopen(ETHERS_FILE, 'a');

					fwrite($pointeur, $line);

					fclose($pointeur);

					$pointeur = fopen(ETHERS_INFO_FILE, 'a');

					$line = "$new_mac_addr $new_ip_addr #" . trim($_POST['info'],"\x00..\x20") . "\n";

					fwrite($pointeur, $line);

					fclose($pointeur);

					exec('sudo /usr/bin/systemctl reload chilli');

				}

			}

		}

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'del_mac':

		foreach ($_POST as $key => $value) {

			if ($value == 'on') {

				$ether_file = ETHERS_FILE;

				$ether_file_info = ETHERS_INFO_FILE;

				exec("/bin/sed -i ".escapeshellarg("/^$key/d")." $ether_file");

				exec("/bin/sed -i ".escapeshellarg("/^$key/d")." $ether_file_info");

				exec('sudo /usr/bin/systemctl reload chilli');

			}

		}

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'new_host':

		$add_host = trim($_POST['add_host']);

		$add_ip   = trim($_POST['add_ip']);

		if (((!empty($add_host)) && (preg_match($reg_host, $add_host))) && ((!empty($add_ip)) && (preg_match($reg_ip, $add_ip)))) {

			$tab = file(DNS_LOCAL_FILE);

			if ($tab) { // the file isn't empty

				$insert = true;

				foreach ($tab as $line) { // verify that host or IP address doesn't exist

					if (preg_match('/^\d+/', $line)) {

						$field = preg_split("/\s+/",$line);

						$ip_addr = $field[0];

						$host_name = trim($field[1]);

						if (strcasecmp($add_host, $host_name) === 0) {

							$insert = false;

							break;

						}

					}

				}

				if ($insert) {

					exec("sudo /usr/local/bin/alcasar-dns-local.sh --add $add_ip $add_host");

				}

			}

		}

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'del_host':

		foreach ($_POST as $key => $value) {

			if ($value == 'on') {

				$del_host = explode ("|", $key);

				$del_ip = str_replace("_",".",$del_host[0]);

				exec("sudo /usr/local/bin/alcasar-dns-local.sh --del $del_ip $del_host[1]");

			}

		}

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'set_default_cert':

		exec('sudo alcasar-importcert.sh -d');

		break;

	case 'set_last_LE_cert':

		exec('sudo alcasar-letsencrypt.sh --install-cert');

		break;

	case 'import_cert':	// Import certificate

		$maxsize = 100000;

		if (isset($_FILES['key']) && isset($_FILES['crt']) && ($_FILES['key']['error'] == 0) && ($_FILES['crt']['error'] == 0)) {

			if ($_FILES['key']['size'] <= $maxsize && $_FILES['crt']['size'] <= $maxsize) {

				if (pathinfo($_FILES['key']['name'])['extension'] == 'key' && ((pathinfo($_FILES['crt']['name'])['extension'] == 'crt') || (pathinfo($_FILES['crt']['name'])['extension'] == 'cer'))) {

					$dest = '/tmp/';

					$scpath = '';

					if (isset($_FILES['sc']) && ((pathinfo($_FILES['sc']['name'])['extension'] == 'crt') || (pathinfo($_FILES['sc']['name'])['extension'] == 'cer') || (pathinfo($_FILES['sc']['name']['extension'] == 'pem')))){

						$scpath = $dest.'server-chain.pem';

						move_uploaded_file($_FILES['sc']['tmp_name'], $scpath);

					}

					$keypath = $dest.'alcasar.key';

					$crtpath = $dest.'alcasar.crt';

					move_uploaded_file($_FILES['key']['tmp_name'], $keypath);

					move_uploaded_file($_FILES['crt']['tmp_name'], $crtpath);

					exec("sudo alcasar-importcert.sh -i $crtpath -k $keypath -c $scpath");

					if (file_exists($crtpath)) unlink($crtpath);

					if (file_exists($keypath)) unlink($keypath);

					if (file_exists($scpath))  unlink($scpath);

				}

			}

		}

		break;

	case 'enable_lan_ssh': // Activate SSH on LAN

		if (isset($_POST['sshlan'])) {

			exec('sudo /usr/local/bin/alcasar-ssh.sh --on -l -p'.escapeshellarg($_POST["ssh_port"]).' -i'.escapeshellarg($_POST["ssh_from"]),$output,$exitCode);

			if($exitCode === 1){

				echo("<html><script>if(!alert(`$l_error_bad_ip_port`)){window.location.href = window.location.href;}</script></html>");

			}else{

				header('Location: '.$_SERVER['PHP_SELF']);

			}

		} else{

			exec('sudo /usr/local/bin/alcasar-ssh.sh --off -l');

			header('Location: '.$_SERVER['PHP_SELF']);

		}

		exit();	

	case 'enable_wan_ssh': // Activate SSH on WAN

		if (isset($_POST['togglessh'])) {

			exec('sudo /usr/local/bin/alcasar-ssh.sh --on -w -p'.escapeshellarg($_POST["ssh_port"]).' -i'.escapeshellarg($_POST["ssh_from"]),$output,$exitCode);

			if($exitCode === 1){

				echo("<html><script>if(!alert(`$l_error_bad_ip_port`)){window.location.href = window.location.href;}</script></html>");

			}else{

				header('Location: '.$_SERVER['PHP_SELF']);

			}

		} else{

			exec('sudo /usr/local/bin/alcasar-ssh.sh --off -w');

			header('Location: '.$_SERVER['PHP_SELF']);

		}

		exit();

	case 'https_login':	// Set HTTPS login status

		if (isset($_POST['https_login']))	 {

			exec('sudo /usr/local/bin/alcasar-https.sh --on');

		} else {

			exec('sudo /usr/local/bin/alcasar-https.sh --off');

		}

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

	case 'interlan':

		if (isset($_POST['interlan']))	 {

			exec('/bin/sed -i "s/^INTERLAN=.*/INTERLAN=on/g" '.CONF_FILE);

		} else {

			exec('/bin/sed -i "s/^INTERLAN=.*/INTERLAN=off/g" '.CONF_FILE);

		}

		exec('sudo /usr/local/bin/alcasar-iptables.sh');

		header('Location: '.$_SERVER['PHP_SELF']);

		exit();

}

// Network changes

if ($choix === 'network_change') {

    exec('sudo /usr/local/bin/alcasar-network.sh --save');

	$modification_network = false;

	$modification_dns = false;

	$modification_proxy = false;

	$ext_conf_error_list = [];

	copy(CONF_FILE, TEMP_FILE);

	if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1'])) {

	    if (!preg_match($reg_ip, $_POST['dns1'])) {

            $ext_conf_error = true;

            $ext_conf_error_list[] = $l_error.': '.$l_ip_dns1.': '.$l_error_bad_ip;

        }

		file_put_contents(TEMP_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(TEMP_FILE)));

		$modification_dns = true;

	}

	if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2'])) {

	    if (!preg_match($reg_ip, $_POST['dns2'])) {

            $ext_conf_error = true;

            $ext_conf_error_list[] = $l_error.': '.$l_ip_dns2.': '.$l_error_bad_ip;

        }

		file_put_contents(TEMP_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(TEMP_FILE)));

		$modification_dns = true;

	}

    if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP'])) {

        if (!preg_match($reg_ip_cidr, $_POST['ip_private'])) {

            $ext_conf_error = true;

            $ext_conf_error_list[] = $l_error.': '.$l_ip_address.' LAN: '.$l_error_bad_ip_CIDR;

        }

        file_put_contents(TEMP_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(TEMP_FILE)));

        $modification_network = true;

    }

	if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP'])) {

	    if (!preg_match($reg_ip_cidr, $_POST['ip_public'])) {

            $ext_conf_error = true;

            $ext_conf_error_list[] = $l_error.': '.$l_ip_address.' WAN: '.$l_error_bad_ip_CIDR;

        }

		file_put_contents(TEMP_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(TEMP_FILE)));

		$modification_network = true;

	}

    if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW'])) {

        if (!preg_match($reg_ip, $_POST['ip_gw'])) {

            $ext_conf_error = true;

            $ext_conf_error_list[] = $l_error.': '.$l_ip_router.' 1: '.$l_error_bad_ip;

        }

        file_put_contents(TEMP_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(TEMP_FILE)));

        $modification_network = true;

    }

    if (isset($_POST['enable_proxy']) && $_POST['enable_proxy'] == 'P_Enabled')

    {

        if ($conf['PROXY'] !== 'On')

        {

            file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=On', file_get_contents(TEMP_FILE)));

            $modification_proxy = true;

        }

        if (isset($_POST['proxy']) && (trim($_POST['proxy']) !== $conf['PROXY_IP'])) {

            if (!preg_match($reg_ip_port, $_POST['proxy'])) {

                $ext_conf_error = true;

                $ext_conf_error_list[] = $l_error.': Proxy: '.$l_error_bad_ip_port;

            }

            file_put_contents(TEMP_FILE, str_replace('PROXY_IP='.$conf['PROXY_IP'], 'PROXY_IP='.trim($_POST['proxy']), file_get_contents(TEMP_FILE)));

            $modification_proxy = true;

        }

        if ($conf['MULTIWAN'] !== 'off')

        {

            file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=off', file_get_contents(TEMP_FILE)));

            $modification_network = true;

        }

    }

    else

    {

        //set multiwan value to off and delete every "WANx=" line

        if ($_POST['gw_count'] === "1" && $conf['MULTIWAN'] !== 'off')

        {

            file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=off', file_get_contents(TEMP_FILE)));

            $temp = 1;

            while (isset($conf['WAN'.$temp]))

            {

                file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE)));

                $temp++;

            }

            $modification_network = true;

        }

        if ($_POST['gw_count'] !== "1")

        {

            $changed = false;

            //testing the existence of a change in the routing configuration

            exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nb_gw);

            if ($_POST['gw_count'] == ($nb_gw[0] + 1))

            {

                if ($_POST['weight'] !== $conf['PUBLIC_WEIGHT']) {

                    $changed = true;

                }

                else {

                    for($i=1;$i<$_POST['gw_count'];$i++)

                    {

                        if( '"'.$_POST['ip_gw_'.$i].','.$_POST['weight_'.$i].'"' != $conf['WAN'.$i])

                        {

                            $changed = true;

                            break;

                        }

                    }

                }

            }

            else

            {

                $changed = true;

            }

            if ($changed == true)

            {

                //deleting all the old lines containing "WANx="

                $temp = 1;

                while (isset($conf['WAN'.$temp]))

                {

                    file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE)));

                    $temp++;

                }

                //setting back the line "WAN1=" which will be our base

                if (!preg_match($reg_weight, $_POST['weight'])) {

                    $ext_conf_error = true;

                    $ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' 1: '.$l_error_weight;

                }

                file_put_contents(TEMP_FILE, str_replace('PUBLIC_WEIGHT='.$conf['PUBLIC_WEIGHT'], 'PUBLIC_WEIGHT='.(($_POST['weight'] !== '')?$_POST['weight']:1), file_get_contents(TEMP_FILE)));

                //Set Multiwan status

                file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], "MULTIWAN=on\nWAN1=", file_get_contents(TEMP_FILE)));

                //Adding the correct number of "WANx=" lines, numbered

                for($i=2;$i<$_POST['gw_count'];$i++)

                {

                    file_put_contents(TEMP_FILE, str_replace('WAN'.($i-1).'=', 'WAN'.($i-1)."=\nWAN".$i.'=', file_get_contents(TEMP_FILE)));

                }

                //Adding the content

                for($i=1;$i<$_POST['gw_count'];$i++)

                {

                    if (!preg_match($reg_ip, $_POST['ip_gw_'.$i])) {

                        $ext_conf_error = true;

                        $ext_conf_error_list[] = $l_error.': '.$l_ip_router.' '.($i+1).': '.$l_error_bad_ip;

                    }

                    if (!preg_match($reg_weight, $_POST['weight_'.$i])) {

                        $ext_conf_error = true;

                        $ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' '.($i+1).': '.$l_error_weight;

                    }

                    file_put_contents(TEMP_FILE, str_replace('WAN'.$i.'=', 'WAN'.$i.'="'.$_POST['ip_gw_'.$i].','.(($_POST['weight_'.$i] === "0" || $_POST['weight_'.$i] === "")?"1":$_POST['weight_'.$i]).'"', file_get_contents(TEMP_FILE)));

                }

                $modification_network = true;

            }

        }

        //set proxy value to off

        if ($conf['PROXY'] !== 'Off')

        {

            file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=Off', file_get_contents(TEMP_FILE)));

            if($_POST['gw_count'] !== "1" && $conf['MULTIWAN'] !== 'on') {

                file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=on', file_get_contents(TEMP_FILE)));

                $modification_network = true;

            }

            $modification_proxy = true;

        }

    }

    //if no errors are detected

    if ($ext_conf_error == false) {

        copy(TEMP_FILE, CONF_FILE);

        //DNS values modification, several services needs to be reloading, reloads the full server.

        if ($modification_dns) {

            exec('sudo /usr/local/bin/alcasar-conf.sh -apply');

        }

        //External network modifications, no service reloading

        if ($modification_network) {

            exec('sudo /usr/local/bin/alcasar-network.sh');

            exec('sudo /usr/local/bin/alcasar-iptables.sh');

        }

        //If only the proxy has been modified, only the firewall needs a change

        else if ($modification_proxy) {

            exec('sudo /usr/local/bin/alcasar-iptables.sh');

        }

    }

    unlink(TEMP_FILE);

	// Read CONF_FILE updated

	$file_conf = fopen(CONF_FILE, 'r');

	if (!$file_conf) {

		exit('Error opening the file '.CONF_FILE);

	}

	while (!feof($file_conf)) {

		$buffer = fgets($file_conf, 4096);

		if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {

			$tmp = explode('=', $buffer, 2);

			$conf[trim($tmp[0])] = trim($tmp[1]);

		}

	}

	fclose($file_conf);

}

// Let's Encrypt actions

if ($choix === 'le_issueCert') {

	// TODO: check ndd & mail format

	$email      = $_POST['email'];

	$domainName = $_POST['domainname'];

	exec('sudo /usr/local/bin/alcasar-letsencrypt.sh --issue --email '.escapeshellarg($email).' --domain '.escapeshellarg($domainName), $output, $exitCode);

	$cmdResponse = implode("<br>\n", $output);

}

if ($choix === 'le_renewCert') {

	if ((isset($_POST['recheck'])) && ((!empty($_POST['recheck'])) || (!empty($_POST['recheck_force'])))) {

		$forceOpt = (!empty($_POST['recheck_force'])) ? ' --force' : '';

		exec('sudo /usr/local/bin/alcasar-letsencrypt.sh --renew' . $forceOpt, $output, $exitCode);

		$cmdResponse = implode("<br>\n", $output);

	} else if ((isset($_POST['cancel'])) && (!empty($_POST['cancel']))) {

		file_put_contents(LETS_ENCRYPT_FILE, preg_replace('/challenge=.*/','challenge=', file_get_contents(LETS_ENCRYPT_FILE)));

		file_put_contents(LETS_ENCRYPT_FILE, preg_replace('/domainRequest=.*/','domainRequest=', file_get_contents(LETS_ENCRYPT_FILE)));

	}

}

// Read Let's Encrypt configuration file

$file_conf_LE = fopen(LETS_ENCRYPT_FILE, 'r');

if (!$file_conf_LE) {

	exit('Error opening the file '.LETS_ENCRYPT_FILE);

}

while (!feof($file_conf_LE)) {

	$buffer = fgets($file_conf_LE, 4096);

	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {

		$tmp = explode('=', $buffer, 2);

		$LE_conf[trim($tmp[0])] = trim($tmp[1]);

	}

}

fclose($file_conf_LE);

// Fonction de test de connectivité internet

function internetTest() {

	$host = 'www.google.fr'; # Google Test

	$port = '80';

	if (! $sock = @fsockopen($host, $port, $num, $error, 5)) {

		return false;

	} else {

		fclose($sock);

		return true;

	}

}

$internet_connected = InternetTest();

if ($internet_connected) {

	$ch = curl_init('https://api.ipify.org/');

	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

	$internet_publicIP = curl_exec($ch);

	curl_close($ch);

} else {

	$internet_publicIP = '-.-.-.-';

}

// Network interfaces, will be use later for multiple LAN interfaces

$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['INTIF']];

exec("ip -o link show | awk -F': ' '{print $2}' | sed '/^" . implode('\\|', $interfacesIgnored) . "$/d'", $interfacesAvailable);

//retreive gateway(s) parameters

$gateways = [

	(object) [

		'gateway'   => $conf['GW'],

        'weight'    => $conf['PUBLIC_WEIGHT']

	]

];

exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nbIfaces);

if ($nbIfaces > 0)

{

    for ($i = 1; $i <= $nbIfaces[0]; $i++) {

        exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $1 }'", $temp_gw);

        exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $2 }'", $temp_weight);

        $gateways[] = (object) [

            'gateway'   => $temp_gw[0],

            'weight'    => $temp_weight[0]

        ];

        $temp_gw = "";

        $temp_weight = "";

    }

}

//retreive internal networks parameters

$internalNetworks = [

	(object) [

		'interface' => $conf['INTIF'],

		'ip'        => $conf['PRIVATE_IP']

	]

];

?>

<!DOCTYPE HTML>

<html>

<head>

	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

	<title><?= $l_network_title ?></title>

	<link rel="stylesheet" href="/css/acc.css" type="text/css">

	<script src="/js/jquery.min.js"></script>

	<script src="/js/jquery.connections.js"></script>

	<script type="text/javascript">

	function MAC_Control(formulaire){

		// MAC control (upper case and '-' separator)

		var regex_mac = /^([0-9a-fA-F]{2}(-|:)){5}[0-9a-fA-F]{2}$/;

		if (regex_mac.test(document.forms[formulaire].add_mac.value)){

			document.forms[formulaire].add_mac.value = document.forms[formulaire].add_mac.value.toUpperCase().replace(/:/g, '-');

			return true;

		} else {

			alert('Invalid MAC address');

			return false;

		}

	}

	</script>

	<style>

		.network-configurator {

			width: 100%;

		}

		.network-configurator > * {

			display: inline-block;

			vertical-align: top;

			text-align: center;

		}

		.network-configurator > .internet, .network-configurator > .alcasar {

			width: 20%;

		}

		.network-configurator > .externals, .network-configurator > .internals {

			width: 30%;

		}

		.network-configurator .actions {

            position: absolute;

			background-color: #ddd;

			padding: 0 2px;

		}

		.network-configurator .actions a {

			text-decoration: none;

		}

		.network-configurator .actions a:hover {

			font-weight: bold;

		}

		.network-configurator .actions-externals {

			right: 0;

			border-radius: 5px;

            position: relative;

            text-decoration: none;

		}

		.network-configurator > .alcasar .actions-internals {

			bottom: 0;

			right: 0;

			border-radius: 5px 0;

		}

		.network-configurator .actions-network {

			right: 0;

			border-radius: 5px;

            position: relative;

            text-decoration: none;

		}

		.network-configurator .network-box {

			display: inline-block;

			min-height: 100px;

			margin: 5px;

			padding: 3px;

			text-align: left;

			background-color: #f7f3ef;

			position: relative;

			border-radius: 5px;

			border: 2px solid grey;

		}

		.network-configurator .network-connector {

			display: inline-block;

			position: absolute;

			top: 50%;

			margin-top: -5px;

			margin-left: -5px;

			width: 10px;

			height: 10px;

			border-radius: 5px;

			background-color: black;

		}

		.network-configurator .network-connector[data-connector-direction="left"] {

			border-radius: 5px 0 0 5px;

		}

		.network-configurator .network-connector[data-connector-direction="right"] {

			border-radius: 0 5px 5px 0;

		}

		.network-configurator div[data-network-type] {

			position: relative;

		}

	</style>

	<script>

	$(document).ready(function () {

        setTimeout(function(){$("#change_success").fadeOut('normal');}, 10000);

	    //Will be used later for multiple LAN interfaces

		let interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>;

		const wireStyles = { available: { border: '5px double green' } };

		// Add gateway

		$('.network-configurator').on('click', '.add-external-network', function (event) {

			event.preventDefault();

			ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));

			$('.network-configurator .externals .network-box #ext_gateways').append(' \

			            <div id="ip_routeur_' + ifaces_count + '" data-info_type="gateway" data-number="'+ ifaces_count +'">\

                        <label for="ext_gateway_' + ifaces_count + '"><?= $l_ip_router.' ' ?></label><span class="gw_number">'+ (ifaces_count + 1) +'</span> <input style="width:100px" type="text" name="ip_gw_' + ifaces_count + '" id="ext_gateway_' + ifaces_count + '" value="" /> \

                        <label for="ext_weight_'+ ifaces_count +'"><?= $l_gw_weight ?></label> <input style="width:20px" type="text" name="weight_' + ifaces_count + '" id="ext_weight_'+ ifaces_count +'" value="0"/> \

                        <div class="actions actions-network" style="display:inline-block; width:11px"><a href="#" style="display:block; text-align:center" class="remove-network" title="Supprimer ce réseau">-</a></div><br></div> ');

            ifaces_count++;

            document.getElementById("gw_count").setAttribute('value', ifaces_count);

            updateGatewayView();

            $('div.network-connector[data-connector-network]').connections('update');

		});

		// Add internal network

		$('.network-configurator').on('click', '.add-internal-network', function (event) {

			event.preventDefault();

			$('.network-configurator .internals').append(' \

					<div data-network-type="internal"> \

						<div class="network-connector" data-connector-network="internal" data-connector-direction="left"></div> \

						<div class="network-box"> \

							<div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> \

							<label for="int_interface_X"><?= 'Interface' ?></label> <select name="interface" id="int_interface_X" disabled><option value=""></option></select><br> \

							<label for="int_ip_X"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_private" id="int_ip_X" value="" /><br> \

						</div> \

					</div>');

			addWire($('div[data-network-type="internal"]:last'));

		});

		// Remove gateway

		$('.network-box').on('click', '.remove-network', function (event) {

			event.preventDefault();

			$(this).parent().parent().fadeOut(200, function() {

			    $(this).remove();

				//update network numbers

                $('div[data-info_type="gateway"]').each(function (index, value) {

                    updateGatewayNumbers($(this), index);

                });

                ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));

                document.getElementById("gw_count").setAttribute('value', (ifaces_count - 1));

                updateGatewayView();

                $('div.network-connector[data-connector-network]').connections('update');

			});

		});

		//proxy enabled or disabled

		$('.network-configurator').on('click', '.enable_proxy', function(event){

		    if ($(this).is(':checked'))

            {

                document.getElementById("add_external").setAttribute('hidden', 'true');

                document.getElementById("ext_proxy").removeAttribute('disabled');

                $('div[id="ip_routeur_0"]').children('span').html('');

                $('div[data-info_type="gateway"]').each(function(index, value) {

                    if ($(this).attr('data-number') !== "0")

                    {

                        $(this).attr('hidden', 'true');

                    }

                    else

                    {

                        $(this).children('input[id="ext_weight_0"]').attr('hidden', 'true');

                        $(this).children('label[for="ext_weight_0"]').attr('hidden', 'true');

                        $(this).children('div[class="actions actions-network"]').css('display', 'none');

                    }

                });

            }

            else

            {

                document.getElementById("add_external").removeAttribute('hidden');

                document.getElementById("ext_proxy").setAttribute('disabled', 'true');

                $('div[id="ip_routeur_0"]').children('span').html('1');

                $('div[data-info_type="gateway"]').each(function(index, value) {

                    if ($(this).attr('data-number') !== "0")

                    {

                        $(this).removeAttr('hidden');

                    }

                    else

                    {

                        $(this).children('input[id="ext_weight_0"]').removeAttr('hidden');

                        $(this).children('label[for="ext_weight_0"]').removeAttr('hidden');

                        $(this).children('div[class="actions actions-network"]').css('display', 'inline-block');

                    }

                });

                updateGatewayView();

            }

            $('div.network-connector[data-connector-network]').connections('update');

        });

		//Add a wire between two connectors

		const addWire = function (network) {

			const networkType = network.data('networkType');

			if (networkType === 'external') {

                $().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: network.children('div.network-connector[data-connector-network="internet"]'), css: wireStyles.available, within: network });

                $().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: network.children('div.network-connector[data-connector-network="external"]'), css: wireStyles.available, within: network });

            } else if (networkType === 'internal') {

				$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: network.children('div.network-connector[data-connector-network="internal"]'), css: wireStyles.available, within: network });

			}

		};

		//reindex the gateway numbers when a gateway is deleted

		const updateGatewayNumbers = function(gateway, number) {

		    old_number = gateway.attr('data-number');

            gateway.attr('data-number', number);

            gateway.attr('id', 'ip_routeur_'+number);

            if (number === 0)

            {

                gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw');

                gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight');

            }

            else

            {

                gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw_'+number);

                gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight_'+number);

            }

            gateway.children('label[for="ext_gateway_'+old_number+'"]').attr('for', 'ext_gateway_'+number);

            gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('id', 'ext_gateway_'+number);

            gateway.children('label[for="ext_weight_'+old_number+'"]').attr('for', 'ext_weight_'+number);

            gateway.children('input[id="ext_weight_'+old_number+'"]').attr('id', 'ext_weight_'+number);

            gateway.children('span[class="gw_number"]').html((number+1)+' ');

        };

		//hide the delete button and the weight field when there is only one gateway (or when there is a proxy)

		const updateGatewayView = function() {

            ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));

            if (ifaces_count === 1)

            {

                $('div#ip_routeur_0').children('input[id="ext_weight_0"]').attr('hidden', 'true');

                $('div#ip_routeur_0').children('label[for="ext_weight_0"]').attr('hidden', 'true');

                $('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'none');

            }

            else

            {

                $('div#ip_routeur_0').children('input[id="ext_weight_0"]').removeAttr('hidden');

                $('div#ip_routeur_0').children('label[for="ext_weight_0"]').removeAttr('hidden');