Rev 2743 | Rev 2751 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
Rev | Author | Line No. | Line |
---|---|---|---|
895 | richard | 1 | <?php |
958 | franck | 2 | # $Id: intercept.php 2747 2019-08-02 07:02:47Z rexy $ |
895 | richard | 3 | # |
1249 | richard | 4 | # intercept.php for ALCASAR captive portal |
895 | richard | 5 | # Copyright (C) 2003, 2004 Mondru AB. |
6 | # Modify by REXY & steweb57 |
||
7 | # UI & css style by stephane ERARD |
||
8 | # Help for language translation by B. AUBARD (thanks) |
||
9 | |||
10 | # The contents of this file may be used under the terms of the GNU |
||
11 | # General Public License Version 2, provided that the above copyright |
||
12 | # notice and this permission notice is included in all copies or |
||
13 | # substantial portions of the software. |
||
14 | |||
15 | # Redirects from CoovaChilli (chilli daemon) : |
||
16 | # Response to login: |
||
17 | # success : if login successful |
||
18 | # failed : if login failed |
||
19 | # logoff : if logout successful |
||
20 | # already : if tried to login while already logged in |
||
21 | # notyet : if not logged in yet |
||
22 | # Default : it was not a form request -> client go to login form |
||
23 | |||
24 | /**************************************************************** |
||
25 | * GLOBAL FILE PATHS * |
||
26 | *****************************************************************/ |
||
2238 | tom.houday | 27 | define('CONF_FILE', '/usr/local/etc/alcasar.conf'); |
28 | define('DOMAIN_ALLOWED_LIST', '/usr/local/etc/alcasar-uamdomain'); |
||
895 | richard | 29 | |
30 | /**************************************************************** |
||
930 | richard | 31 | * FILE reading test * |
895 | richard | 32 | *****************************************************************/ |
2238 | tom.houday | 33 | $conf_files = array(CONF_FILE, DOMAIN_ALLOWED_LIST); |
2182 | tom.houday | 34 | foreach ($conf_files as $file) { |
35 | if (!file_exists($file)) { |
||
2238 | tom.houday | 36 | exit("Fichier $file non présent"); |
913 | richard | 37 | } |
2182 | tom.houday | 38 | if (!is_readable($file)) { |
2238 | tom.houday | 39 | exit("Vous n'avez pas les droits de lecture sur le fichier $file"); |
913 | richard | 40 | } |
41 | } |
||
895 | richard | 42 | /**************************************************************** |
43 | * Read CONF_FILE * |
||
44 | *****************************************************************/ |
||
2182 | tom.houday | 45 | $file_conf = fopen(CONF_FILE, 'r'); |
46 | if (!$file_conf) { |
||
47 | exit('Error opening the file '.CONF_FILE); |
||
48 | } |
||
49 | while (!feof($file_conf)) { |
||
2238 | tom.houday | 50 | $buffer = fgets($file_conf, 4096); |
51 | if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
||
2450 | tom.houday | 52 | $tmp = explode('=', $buffer, 2); |
2370 | tom.houday | 53 | $conf[trim($tmp[0])] = trim($tmp[1]); |
895 | richard | 54 | } |
55 | } |
||
2182 | tom.houday | 56 | fclose($file_conf); |
57 | |||
2238 | tom.houday | 58 | $organisme = $conf["ORGANISM"]; |
895 | richard | 59 | |
2250 | tom.houday | 60 | // Shared secret used to encrypt password with coova. |
930 | richard | 61 | $uamsecret = ""; |
895 | richard | 62 | |
2250 | tom.houday | 63 | // URL loaded after success authenticates (let blank for browser defaults) |
895 | richard | 64 | $adminurl = ""; |
65 | |||
2250 | tom.houday | 66 | // Check if the SMS service is enable |
2600 | tom.houday | 67 | $service_SMS_status = ($conf['SMS'] === 'on'); |
2250 | tom.houday | 68 | |
69 | // Our own path |
||
2409 | tom.houday | 70 | $loginpath = htmlspecialchars($_SERVER['PHP_SELF']); |
2378 | tom.houday | 71 | $useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off')); |
2409 | tom.houday | 72 | $alcasarpath = (($useHTTPS) ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN']; |
73 | $statuspath = (($conf['HTTPS_CHILLI'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/status.php'; |
||
895 | richard | 74 | |
2250 | tom.houday | 75 | // Choice of language |
895 | richard | 76 | $Language = 'en'; |
2250 | tom.houday | 77 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
2182 | tom.houday | 78 | $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
2370 | tom.houday | 79 | $Language = strtolower(substr(chop($Langue[0]), 0, 2)); |
1452 | richard | 80 | } |
2238 | tom.houday | 81 | if ($Language === 'es') { // Spanish |
82 | $l_ChilliError = "La autenticación debe ser un éxito a través del servicio de portal cautivo."; |
||
83 | $l_login = "El éxito de la autenticación.<HR>Cierre esta ventana interrumpte la sesion."; |
||
84 | $l_logout = "Conexión de cierre"; |
||
85 | $l_loginfailed = "Error de autenticación"; |
||
86 | $l_loggingin = "Identificación en el portal cautivo"; |
||
87 | $l_loggedcont = "Control de Acceso"; |
||
88 | $l_loggedout = "Su sesión se cierra"; |
||
89 | $l_user = "Usuario"; |
||
90 | $l_password = "Contraseña"; |
||
91 | $l_wait = "Por favor, espere un momento ..."; |
||
92 | $l_onlinetime = "Tiempo de conexión:"; |
||
93 | $l_remainingtime = "Desconexión en:"; |
||
94 | $l_encrypted = "La apertura debe usar conexión cifrada"; |
||
95 | $l_boutonO = "Autenticación"; |
||
96 | $l_boutonF = "Cerrar"; |
||
97 | $l_loggedin_stringl1 = "Information System Security"; |
||
98 | $l_loggedin_stringl2 = "El portal fue creado reglamentos para garantizar la trazabilidad, la rendición de cuentas y el no repudio de las conexiones."; |
||
99 | $l_loggedin_stringl3 = "Su actividad en la red es registrada, de conformidad con la privacidad."; |
||
100 | $l_loggedin_stringl4 = "Los datos registrados pueden ser capaces de ser operado por una autoridad judicial en el curso de una investigación."; |
||
101 | $l_loggedin_stringl5 = "Estos datos se eliminan automáticamente después de un año."; |
||
2370 | tom.houday | 102 | $l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
2238 | tom.houday | 103 | $l_loggedout_string = "Cerrar sesión hizo portal cautivo!"; |
2702 | tom.houday | 104 | $l_reply_0 = "Nombre de usuario o contraseña incorrectos"; |
2591 | rexy | 105 | $l_reply_1 = "Su cuota diaria ha sido alcanzada (duración o volumen)"; |
106 | $l_reply_2 = "Su cuota mensual ha sido alcanzada (duración o volumen)"; |
||
2238 | tom.houday | 107 | $l_reply_3 = "You try to connect outside of your allowed timespan"; |
108 | $l_reply_4 = "your account expired"; |
||
109 | $l_reply_5 = "You have reached the maximum number of simultaneous logins"; |
||
110 | $l_reply_6 = "Your authorized connexion time has been reached"; |
||
111 | $l_online_time = "Tiempo en linea"; |
||
112 | $l_remaining_time = "Tiempo restante"; |
||
113 | $l_uam_domain = "Sitios web autorizados : "; |
||
114 | $l_autoregistration = "Registo automático"; |
||
115 | } else if ($Language === 'pt') { // Portuguese |
||
116 | $l_ChilliError = "A autenticação precisa ser bem sucedida através do portal."; |
||
117 | $l_login = "Sucesso na autenticação.<HR>Matenha esse pop-up apenas minimizado para não interromper a conexão"; |
||
118 | $l_logout = "Encerrar conexão"; |
||
119 | $l_loginfailed = "Falha na autenticação"; |
||
120 | $l_loggingin = "Identificação do portal cativo"; |
||
121 | $l_loggedcont = "Controle de acesso"; |
||
122 | $l_loggedout = "Sua sessão foi fechada"; |
||
123 | $l_user = "Usuário"; |
||
124 | $l_password = "Senha"; |
||
125 | $l_wait = "Por favor, aguarde um momento ..."; |
||
126 | $l_onlinetime = "Tempo de conexão:"; |
||
127 | $l_remainingtime = "Desconectado em:"; |
||
128 | $l_encrypted = "A conexão com o portal deve ser criptografada"; |
||
129 | $l_boutonO = "Autenticação"; |
||
130 | $l_boutonF = "Fechar"; |
||
131 | $l_loggedin_stringl1 = "Sistema de Informação e segurança"; |
||
132 | $l_loggedin_stringl2 = "Este controle foi criado para garantir acesso seguro."; |
||
133 | $l_loggedin_stringl3 = "A autenticação será criptografada em 256 bits, impedindo captura por escâner de rede."; |
||
134 | $l_loggedin_stringl4 = "Sua atividade na Internet será resguardada de acordo com os regulamentos da lei."; |
||
135 | $l_loggedin_stringl5 = "Mantenha o popup da conexão minimizado para não interromper a cessão."; |
||
2370 | tom.houday | 136 | $l_loggedin_stringl6 = "Clique <a href=\"$alcasarpath\">aqui</a> para alterar sua senha, instalar certificado ou sair do portal."; |
2238 | tom.houday | 137 | $l_loggedout_string = "desconexão do portal cativo"; |
2702 | tom.houday | 138 | $l_reply_0 = "Nome de usuário ou senha incorretos"; |
2591 | rexy | 139 | $l_reply_1 = "Sua cota diária foi alcançada (duração ou volume)"; |
140 | $l_reply_2 = "Sua cota mensal foi atingida (duração ou volume)"; |
||
2238 | tom.houday | 141 | $l_reply_3 = "Você tenta conectar-se fora do seu período de tempo permitido"; |
142 | $l_reply_4 = "Sua conta expirou"; |
||
143 | $l_reply_5 = "Você atingiu o número máximo de logins simultâneos"; |
||
144 | $l_reply_6 = "Seu tempo de conexão autorizada finalizou"; |
||
145 | $l_online_time = "Tempo Online"; |
||
146 | $l_remaining_time = "Tempo restante"; |
||
147 | $l_uam_domain = "Sites autorizados : "; |
||
148 | $l_autoregistration = "Registo automático"; |
||
149 | } else if ($Language === 'zh') { // Chinese |
||
150 | $l_ChilliError = "验证必须通过强制门户服务"; |
||
151 | $l_login = "验证成功<HR>关闭此窗口中断连接"; |
||
152 | $l_logout = "关闭连接"; |
||
153 | $l_loginfailed = "验证失败"; |
||
154 | $l_loggingin = "强制门户身份识别"; |
||
155 | $l_loggedcont = "访问控制"; |
||
156 | $l_loggedout = "您的连接已关闭"; |
||
157 | $l_user = "用户名"; |
||
158 | $l_password = "密码"; |
||
159 | $l_wait = "请等待 ..."; |
||
160 | $l_onlinetime = "连接时间"; |
||
161 | $l_remainingtime = "断开连接于"; |
||
162 | $l_encrypted = "与门户的连接必须加密"; |
||
163 | $l_boutonO = "验证"; |
||
164 | $l_boutonF = "关闭"; |
||
165 | $l_loggedin_stringl1 = "信息系统安全"; |
||
166 | $l_loggedin_stringl2 = "这种控制实施以法定保证可追溯性,可归罪性和连接的不否认性."; |
||
167 | $l_loggedin_stringl3 = "您的网络活动是私密登记的."; |
||
168 | $l_loggedin_stringl4 = "记录的数据能被司法机关在调查中操作使用."; |
||
169 | $l_loggedin_stringl5 = "这些数据将在一年后自动删除."; |
||
2370 | tom.houday | 170 | $l_loggedin_stringl6 = "点击 <a href=\"$alcasarpath\"> 这里 </a> 修改密码或安装浏览器安全证书"; |
2238 | tom.houday | 171 | $l_loggedout_string = "强制网络门户连接已断开"; |
2702 | tom.houday | 172 | $l_reply_0 = "用户名或密码无效"; |
2591 | rexy | 173 | $l_reply_1 = "您的每日配额已达到(持续时间或数量) "; |
174 | $l_reply_2 = "已达到每月配额(持续时间或数量)"; |
||
2238 | tom.houday | 175 | $l_reply_3 = "您尝试在授权时间以外连接"; |
176 | $l_reply_4 = "您的账号已过期"; |
||
177 | $l_reply_5 = "您已经达到同时连接的最大数量"; |
||
178 | $l_reply_6 = "已经到达您的允许连接时间"; |
||
179 | $l_online_time = "在线时间"; |
||
180 | $l_remaining_time = "剩余时间"; |
||
181 | $l_uam_domain = "授权网站 : "; |
||
182 | $l_autoregistration = "短信注册"; |
||
2250 | tom.houday | 183 | } else if ($Language === 'ar') { // Arabic |
2238 | tom.houday | 184 | $l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة"; |
185 | $l_login = "إغلاق هذه النافذة يقطع دورة عملك"; |
||
186 | $l_logout = "إغلاق الدورة"; |
||
187 | $l_loginfailed = "فشل المصادقة"; |
||
188 | $l_loggingin = "التعريف على البوابة الأسيرة"; |
||
189 | $l_loggedcont = "مراقبة الدخول"; |
||
190 | $l_loggedout = "دورتكَ مغلقة"; |
||
191 | $l_user = "التعريف"; |
||
192 | $l_password = "كلمة السر"; |
||
193 | $l_wait = "...إنتظر بعض اللحظات"; |
||
194 | $l_onlinetime = ":مدة الإتصال"; |
||
195 | $l_remainingtime = ":انقطاع الإتصال في"; |
||
196 | $l_encrypted = "يجب تشفير الإتصال بالبوابة"; |
||
197 | $l_boutonO = "مصادقة"; |
||
198 | $l_boutonF = "أغلق"; |
||
199 | $l_loggedin_stringl1 = "سلامة نظم المعلومات"; |
||
200 | $l_loggedin_stringl2 = "وُضعت هذه المراقبة للضمان القانوني لتتبع ومساءلة وعدم تنصل الإتصالات"; |
||
201 | $l_loggedin_stringl3 = "نشاطك على الشبكة مسجل وفقاً لاحترام الحريات الشخصية"; |
||
202 | $l_loggedin_stringl4 = "لا يمكن استغلال البيانات المسجلة إلاّ من قِبل سلطات التحقيق القضائ"; |
||
203 | $l_loggedin_stringl5 = "سيتم حدف هذه البيانات تلقائياً بعد سنة من الْيَوْمَ"; |
||
2370 | tom.houday | 204 | $l_loggedin_stringl6 = "لتغيير كلمة السر أو شهادة الأمان <a href=\"$alcasarpath\">هنا</a> اضغط "; |
2238 | tom.houday | 205 | $l_loggedout_string = "تَمّ قطع الإتصال بالبوابة الأسيرة"; |
2702 | tom.houday | 206 | $l_reply_0 = "اسم المستخدم أو كلمة المرور غير صالحة"; |
2591 | rexy | 207 | $l_reply_1 = "تم الوصول إلى حصتك اليومية (المدة أو الحجم)"; |
208 | $l_reply_2 = "تم الوصول إلى حصتك الشهرية (المدة أو الحجم)"; |
||
2238 | tom.houday | 209 | $l_reply_3 = "محاولة اتصال خارج فترتك المأذونة"; |
210 | $l_reply_4 = "انتهت مدة صلاحية حسابك"; |
||
211 | $l_reply_5 = "لقد استكملت العدد الأقصى للإتصالات المتزامنة"; |
||
212 | $l_reply_6 = "استكملت مذة الإتصال المسموحة"; |
||
213 | $l_online_time = "مذة الإتصال"; |
||
214 | $l_remaining_time = "الوقت المتبق"; |
||
215 | $l_uam_domain = ":المواقع المسموحة "; |
||
216 | $l_autoregistration = "تسجيل ذاتي (SMS)"; |
||
2250 | tom.houday | 217 | } else if ($Language === 'de') { // German |
2238 | tom.houday | 218 | $l_ChilliError = "Die Authentifizierung ist erfolgreich durch die Nutzung des Portals erfolgt."; |
219 | $l_login = "Erfolgreiche Authentifizierung.<HR>Schlißen dieses fensters unterbricht die sitzung"; |
||
220 | $l_logout = "Beenden der Verbindung"; |
||
221 | $l_loginfailed = "Authentifizierungsfehler Eigenverbrauch"; |
||
222 | $l_loggingin = "Kennzeichnung auf dem Eigenverbrauch"; |
||
223 | $l_loggedcont = "Zutrittskontrolle"; |
||
224 | $l_loggedout = "Ihre Sitzung ist geschlossen"; |
||
225 | $l_user = "Benutzer"; |
||
226 | $l_password = "Passwort"; |
||
227 | $l_wait = "Bitte warten Sie einen Moment ..."; |
||
228 | $l_onlinetime = "Online-Zeit:"; |
||
229 | $l_remainingtime = "Abmelden:"; |
||
230 | $l_encrypted = "Die Öffnung muß der Anschluß Zahlen"; |
||
231 | $l_boutonO = "Authentifizierung"; |
||
232 | $l_boutonF = "Schließen"; |
||
233 | $l_loggedin_stringl1 = "Information System Security"; |
||
234 | $l_loggedin_stringl2 = "Dieses Portal wurde eingerichtet, um ordnungsgemäß die Rückverfolgbarkeit, der Zurechenbarkeit und der Nicht-Anerkennung der Verbindungen."; |
||
235 | $l_loggedin_stringl3 = "Ihre Tätigkeit im Netzwerk registriert ist nach Schutz der Privatsphäre."; |
||
236 | $l_loggedin_stringl4 = "Die gespeicherten Daten nicht pouront genutzt werden, dass von einer Justizbehörde im Rahmen einer Untersuchung."; |
||
237 | $l_loggedin_stringl5 = "Diese Daten werden automatisch gelöscht nach einem Jahr."; |
||
2370 | tom.houday | 238 | $l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
2238 | tom.houday | 239 | $l_loggedout_string = "Trennung des Portals erfolgt Gefangener!"; |
2702 | tom.houday | 240 | $l_reply_0 = "Falscher Benutzername oder falsches Passwort"; |
2591 | rexy | 241 | $l_reply_1 = "Ihr Tageskontingent wurde erreicht (Dauer oder Volumen)"; |
242 | $l_reply_2 = "Ihr monatliches Kontingent wurde erreicht (Dauer oder Volumen)"; |
||
2238 | tom.houday | 243 | $l_reply_3 = "You try to connect outside of your allowed timespan"; |
244 | $l_reply_4 = "your account expired"; |
||
245 | $l_reply_5 = "You have reached the maximum number of simultaneous logins"; |
||
246 | $l_reply_6 = "Your authorized connexion time has been reached"; |
||
247 | $l_online_time = "Online-zeit"; |
||
248 | $l_remaining_time = "Restzeit"; |
||
249 | $l_uam_domain = "Autorisierten websites : "; |
||
250 | $l_autoregistration = "Automatische registrierung"; |
||
2250 | tom.houday | 251 | } else if ($Language === 'nl') { // Dutch |
2238 | tom.houday | 252 | $l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst."; |
253 | $l_login = "Succesvolle authenticatie.<HR>Dit venster te sluiten onderbreekt uw sessie."; |
||
254 | $l_logout = "Slotkoers verbinding"; |
||
255 | $l_loginfailed = "Authenticatie mislukt"; |
||
256 | $l_loggingin = "Identificatie van de captive-portaal"; |
||
257 | $l_loggedcont = "toegangscontrole"; |
||
258 | $l_loggedout = "Uw sessie is gesloten"; |
||
259 | $l_user = "Gebruiker"; |
||
260 | $l_password = "Wachtwoord"; |
||
261 | $l_wait = "Wacht een moment ..."; |
||
262 | $l_onlinetime = "Sluit tijd:"; |
||
263 | $l_remainingtime = "Verbreking in:"; |
||
264 | $l_encrypted = "De opening moet gebruiken gecodeerde verbinding"; |
||
265 | $l_boutonO = "Authenticatie"; |
||
266 | $l_boutonF = "Sluiten"; |
||
267 | $l_loggedin_stringl1 = "Information System Security"; |
||
268 | $l_loggedin_stringl2 = "Het portaal werd opgericht verordeningen om de traceerbaarheid, verantwoordelijkheid en onloochenbaarheid van de verbindingen."; |
||
269 | $l_loggedin_stringl3 = "Uw activiteit op het netwerk is geregistreerd in overeenstemming met de persoonlijke levenssfeer."; |
||
270 | $l_loggedin_stringl4 = "De geregistreerde gegevens kunnen worden kunnen worden bediend door een rechterlijke instantie in de loop van een onderzoek."; |
||
271 | $l_loggedin_stringl5 = "Deze gegevens worden automatisch verwijderd na een jaar."; |
||
2370 | tom.houday | 272 | $l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
2238 | tom.houday | 273 | $l_loggedout_string = "Logout gemaakt intern portaal!"; |
2702 | tom.houday | 274 | $l_reply_0 = "Ongeldige gebruikersnaam of wachtwoord"; |
2591 | rexy | 275 | $l_reply_1 = "Uw dagelijkse quotum is bereikt (duur of volume)"; |
276 | $l_reply_2 = "Je maandelijkse quotum is bereikt (duur of volume)"; |
||
2238 | tom.houday | 277 | $l_reply_3 = "You try to connect outside of your allowed timespan"; |
278 | $l_reply_4 = "your account expired"; |
||
279 | $l_reply_5 = "You have reached the maximum number of simultaneous logins"; |
||
280 | $l_reply_6 = "Your authorized connexion time has been reached"; |
||
281 | $l_online_time = "Online tijd"; |
||
282 | $l_remaining_time = "Reterende tijd"; |
||
283 | $l_uam_domain = "Geautoriseerde website : "; |
||
284 | $l_autoregistration = "Automatische registratie"; |
||
2250 | tom.houday | 285 | } else if ($Language === 'fr') { // French |
2238 | tom.houday | 286 | $l_ChilliError = "L'authentification doit être réussie sur le portail captif."; |
287 | $l_login = "Authentification réussie.<HR>La fermeture de cette fenêtre interrompt votre session."; |
||
288 | $l_logout = "Fermeture de la session"; |
||
289 | $l_loginfailed = "Echec d'authentification"; |
||
290 | $l_loggingin = "Identification sur le portail captif"; |
||
291 | $l_loggedcont = "Contrôle d'accès"; |
||
292 | $l_loggedout = "Votre session est fermée"; |
||
293 | $l_user = "Identifiant"; |
||
294 | $l_password = "Mot de passe"; |
||
295 | $l_wait = "Patientez un instant ..."; |
||
296 | $l_onlinetime = "Temps de connexion:"; |
||
297 | $l_remainingtime = "Deconnexion dans :"; |
||
298 | $l_encrypted = "La connexion avec le portail doit être chiffrée"; |
||
299 | $l_boutonO = "Authentification"; |
||
300 | $l_boutonF = "Fermer"; |
||
301 | $l_loggedin_stringl1 = "Sécurité des Systèmes d'Information"; |
||
302 | $l_loggedin_stringl2 = "Ce contrôle a été mis en place pour assurer réglementairement la traçabilité, l'imputabilité et la non-répudiation des connexions."; |
||
303 | $l_loggedin_stringl3 = "Votre activité sur le réseau est enregistrée conformément au respect de la vie privée."; |
||
304 | $l_loggedin_stringl4 = "Les données enregistrées ne pourront être exploitées que par une autorité judiciaire dans le cadre d'une enquête."; |
||
305 | $l_loggedin_stringl5 = "Ces données seront automatiquement supprimées au bout d'un an."; |
||
2370 | tom.houday | 306 | $l_loggedin_stringl6 = "Cliquez <a href=\"$alcasarpath\">ici</a> pour changer votre mot de passe ou pour intégrer le certificat de sécurité à votre navigateur"; |
2238 | tom.houday | 307 | $l_loggedout_string = "Déconnexion du portail captif effectuée !"; |
2702 | tom.houday | 308 | $l_reply_0 = "Nom d'utilisateur ou mot de passe incorrect"; |
2591 | rexy | 309 | $l_reply_1 = "Votre quota journalier a été atteint (durée ou volume)"; |
310 | $l_reply_2 = "Votre quota mensuel a été atteint (durée ou volume)"; |
||
2238 | tom.houday | 311 | $l_reply_3 = "Vous tentez de vous connecter en dehors de votre période autorisée"; |
312 | $l_reply_4 = "Votre compte a expiré"; |
||
313 | $l_reply_5 = "Vous avez atteint le nombre maximum de connexions simultanées"; |
||
314 | $l_reply_6 = "Votre durée de connexion autorisée a été atteinte"; |
||
315 | $l_online_time = "Temps de connexion"; |
||
316 | $l_remaining_time = "Temps restant"; |
||
317 | $l_uam_domain = "Sites autorisés : "; |
||
318 | $l_autoregistration = "Auto enregistrement (sms)"; |
||
319 | } else { // English |
||
320 | $l_ChilliError = "The authentication must be successful through the captive portal service."; |
||
321 | $l_login = "Successful authentication.<HR>Closing this window interrupts your session"; |
||
322 | $l_logout = "Closing connection"; |
||
323 | $l_loginfailed = "Authentication Failed"; |
||
324 | $l_loggingin = "Identification on the captive portal"; |
||
325 | $l_loggedcont = "Access Control"; |
||
326 | $l_loggedout = "Your session is closed"; |
||
327 | $l_user = "User"; |
||
328 | $l_password = "Password"; |
||
329 | $l_wait = "Please wait a moment ..."; |
||
330 | $l_onlinetime = "Connect time:"; |
||
331 | $l_remainingtime = "Disconnection in:"; |
||
332 | $l_encrypted = "The connection with the portal must be encrypted"; |
||
333 | $l_boutonO = "Authentication"; |
||
334 | $l_boutonF = "Close"; |
||
335 | $l_loggedin_stringl1 = "Information System Security"; |
||
336 | $l_loggedin_stringl2 = "That control was set up regulations to ensure traceability, accountability and non-repudiation of connections."; |
||
337 | $l_loggedin_stringl3 = "Your activity on the network is registered in accordance with privacy."; |
||
338 | $l_loggedin_stringl4 = "The recorded data can be able to be operated by a judicial authority in the course of an investigation."; |
||
339 | $l_loggedin_stringl5 = "These data will be automatically deleted after one year."; |
||
2370 | tom.houday | 340 | $l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
2238 | tom.houday | 341 | $l_loggedout_string = "Disconnection of the captive portal made"; |
2702 | tom.houday | 342 | $l_reply_0 = "Incorrect username or password"; |
2591 | rexy | 343 | $l_reply_1 = "Your daily quota has been reached (duration or volume)"; |
344 | $l_reply_2 = "Your monthly quota has been reached (duration or volume)"; |
||
2238 | tom.houday | 345 | $l_reply_3 = "You try to connect outside of your allowed timespan"; |
346 | $l_reply_4 = "your account expired"; |
||
347 | $l_reply_5 = "You have reached the maximum number of simultaneous logins"; |
||
348 | $l_reply_6 = "Your authorized connexion time has been reached"; |
||
349 | $l_online_time = "Online time"; |
||
350 | $l_remaining_time = "Remaining time"; |
||
351 | $l_uam_domain = "Authorized websites : "; |
||
352 | $l_autoregistration = "Auto registration (sms)"; |
||
2182 | tom.houday | 353 | } |
895 | richard | 354 | |
2324 | tom.houday | 355 | # If HTTPS not use, tell it's wrong |
356 | if (($conf['HTTPS_LOGIN'] === 'on') && ((!isset($_SERVER['HTTPS'])) || (empty($_SERVER['HTTPS'])) || ($_SERVER['HTTPS'] === 'off'))) { |
||
2238 | tom.houday | 357 | // Cleaning the cache |
358 | header('Expires: Tue, 01 Jan 2000 00:00:00 GMT'); |
||
359 | header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); |
||
360 | header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); |
||
361 | header('Cache-Control: post-check=0, pre-check=0', false); |
||
362 | header('Pragma: no-cache'); |
||
2182 | tom.houday | 363 | ?> |
2238 | tom.houday | 364 | <!DOCTYPE html> |
2182 | tom.houday | 365 | <html> |
366 | <head> |
||
367 | <meta charset="utf-8"> |
||
368 | <title><?= $l_loggedcont ?></title> |
||
369 | </head> |
||
370 | <body style="background-color: white;"> |
||
371 | <h1 style="text-align: center;"><?= $l_loginfailed ?></h1> |
||
372 | <center><?= $l_encrypted ?></center> |
||
373 | </body> |
||
374 | </html> |
||
375 | <?php |
||
376 | exit(); |
||
895 | richard | 377 | } |
378 | |||
379 | # Read form parameters which we care about |
||
1314 | richard | 380 | # avoid the "user as a MAC address" attempts |
2378 | tom.houday | 381 | if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1)) |
2407 | tom.houday | 382 | $username = htmlspecialchars(trim($_POST['username'])); else $username = ''; |
2378 | tom.houday | 383 | if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = ''; |
2370 | tom.houday | 384 | if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = ''; |
2205 | tom.houday | 385 | if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = ''; |
386 | // if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = ''; |
||
387 | // if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = ''; |
||
2378 | tom.houday | 388 | // if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = ''; |
389 | // if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = ''; |
||
390 | // if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = ''; |
||
2205 | tom.houday | 391 | if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = ''; |
2378 | tom.houday | 392 | // if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = ''; |
393 | // if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = ''; |
||
895 | richard | 394 | |
395 | # Read query parameters which we care about |
||
2378 | tom.houday | 396 | if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = ''; |
397 | // if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = ''; |
||
2205 | tom.houday | 398 | if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']); |
2378 | tom.houday | 399 | // if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']); |
400 | // if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']); |
||
401 | if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = ''; |
||
402 | if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = ''; |
||
403 | if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = ''; |
||
2205 | tom.houday | 404 | if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']); |
895 | richard | 405 | |
2378 | tom.houday | 406 | // TODO: clean unused query params |
407 | |||
408 | $uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN']; |
||
2409 | tom.houday | 409 | if (($conf['HTTPS_CHILLI'] === 'on') && $useHTTPS) { |
2378 | tom.houday | 410 | $uamproto = 'https'; |
411 | $uamport = 3991; |
||
412 | } else { |
||
413 | $uamproto = 'http'; |
||
414 | $uamport = 3990; |
||
2239 | tom.houday | 415 | } |
416 | |||
895 | richard | 417 | # translation of radius replies |
2378 | tom.houday | 418 | if (!empty($reply)) { |
419 | switch ($reply) { |
||
2591 | rexy | 420 | case 'Username not found' : $reply = $l_reply_0; break; |
2702 | tom.houday | 421 | case 'Login failed' : $reply = $l_reply_0; break; |
2205 | tom.houday | 422 | case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1; break; |
423 | case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2; break; |
||
424 | case 'You are calling outside your allowed timespan' : $reply = $l_reply_3; break; |
||
425 | case 'Password Has Expired' : $reply = $l_reply_4; break; |
||
426 | case 'You are already logged in - access denied' : $reply = $l_reply_5; break; |
||
427 | case 'Your maximum never usage time has been reached' : $reply = $l_reply_6; break; |
||
2182 | tom.houday | 428 | } |
429 | } |
||
895 | richard | 430 | |
2182 | tom.houday | 431 | // If attempt to login |
432 | if ($button === $l_boutonO) { |
||
433 | //correction password length in coova-chilli |
||
434 | //thanks to http://www.stochasticgeometry.ie/2009/09/09/maximum-password-length-in-coova-chilli/ |
||
435 | $hexchal = pack('H*', $challenge); |
||
436 | $newchal = pack('H*', md5($hexchal . $uamsecret)); |
||
1947 | raphael.pi | 437 | |
2182 | tom.houday | 438 | // If challenge isn't long enough, repeat it until it is |
2238 | tom.houday | 439 | while (strlen($newchal) < strlen($password)) { |
2182 | tom.houday | 440 | $newchal .= $newchal; |
441 | } |
||
1947 | raphael.pi | 442 | |
2182 | tom.houday | 443 | $newpwd = pack('a*', $password); |
444 | // Encode plain text password with challenge |
||
445 | $pappassword = implode('', unpack('H*', ($newpwd ^ $newchal))); |
||
2238 | tom.houday | 446 | |
2378 | tom.houday | 447 | header("Location: $uamproto://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl"); |
2182 | tom.houday | 448 | exit(); |
895 | richard | 449 | } |
450 | |||
451 | switch($res) { |
||
2182 | tom.houday | 452 | case 'success': $result = 1; break; // If login successful |
453 | case 'failed': $result = 2; break; // If login failed |
||
454 | case 'logoff': $result = 3; break; // If logout successful |
||
455 | case 'already': $result = 4; break; // If tried to login while already logged in |
||
456 | case 'notyet': $result = 5; break; // If not logged in yet |
||
457 | default: $result = 0; // Default: It was not a form request -> client go to login form |
||
895 | richard | 458 | } |
459 | |||
2010 | raphael.pi | 460 | //check if we need to warn user about the imputability logs. |
2378 | tom.houday | 461 | if ($result === 1) { |
2182 | tom.houday | 462 | if ((is_file('./acc/manager/lib/sql/drivers/mysql/functions.php')) && (is_file('/etc/freeradius-web/config.php'))) { |
463 | include_once('/etc/freeradius-web/config.php'); |
||
464 | include_once('./acc/manager/lib/sql/drivers/mysql/functions.php'); |
||
465 | $link = @da_sql_pconnect($config); // on affiche pas les erreurs |
||
466 | if ($link) { |
||
467 | $user_uid = da_sql_escape_string($link, $_GET['uid']); |
||
2501 | tom.houday | 468 | $sql = "SELECT value FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'"; |
2182 | tom.houday | 469 | $res = @da_sql_query($link, $config, $sql); // on affiche pas les erreurs |
470 | if ($res) { |
||
471 | $row = @da_sql_fetch_array($res, $config); |
||
2501 | tom.houday | 472 | if ($row['value'] === '1') { |
473 | $sql = "DELETE FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'"; |
||
474 | @da_sql_query($link, $config, $sql); |
||
2370 | tom.houday | 475 | header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs |
2182 | tom.houday | 476 | exit(); |
477 | } |
||
478 | } |
||
479 | } |
||
480 | } |
||
2010 | raphael.pi | 481 | } |
482 | |||
2378 | tom.houday | 483 | // By default, redirect to prelogin in order to generate a challenge |
484 | if ($result === 0) { |
||
485 | header("Location: $uamproto://$uamip:$uamport/prelogin"); |
||
2182 | tom.houday | 486 | exit(); |
895 | richard | 487 | } |
2238 | tom.houday | 488 | |
489 | // Cleaning the cache |
||
490 | header('Expires: Tue, 01 Jan 2000 00:00:00 GMT'); |
||
491 | header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); |
||
492 | header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); |
||
493 | header('Cache-Control: post-check=0, pre-check=0', false); |
||
494 | header('Pragma: no-cache'); |
||
2182 | tom.houday | 495 | ?> |
2238 | tom.houday | 496 | <!DOCTYPE html> |
895 | richard | 497 | <html> |
498 | <head> |
||
2182 | tom.houday | 499 | <meta charset="utf-8"> |
500 | <title><?= $l_loggingin ?></title> |
||
501 | <script type="text/javascript"> |
||
1346 | richard | 502 | function doOnLoad(result, userurl, redirurl, adminurl, timeleft) { |
2283 | tom.houday | 503 | if ((result === 1) || (result === 4)) { // success or already |
2201 | tom.houday | 504 | var url; |
2182 | tom.houday | 505 | if (adminurl !== '') { |
2201 | tom.houday | 506 | url = adminurl; |
2182 | tom.houday | 507 | } else if (redirurl !== '') { |
2201 | tom.houday | 508 | url = redirurl; |
509 | } else if (userurl !== '') { |
||
510 | url = userurl; |
||
1346 | richard | 511 | } |
2201 | tom.houday | 512 | |
513 | if (typeof url !== 'undefined') { |
||
2283 | tom.houday | 514 | var win = window.open('<?= $statuspath ?>', '_blank'); |
515 | |||
2406 | tom.houday | 516 | if ((win === null) || (typeof win === 'undefined')) { // Pop-up blocked |
2283 | tom.houday | 517 | window.location = '<?= $statuspath ?>'; |
518 | } else { |
||
519 | window.location = url; |
||
2201 | tom.houday | 520 | } |
2283 | tom.houday | 521 | } else { |
522 | window.location = '<?= $statuspath ?>'; |
||
2201 | tom.houday | 523 | } |
1346 | richard | 524 | } |
2283 | tom.houday | 525 | if ((result === 2) || (result === 3) || result === 5) { // failed or logoff or notyet |
2378 | tom.houday | 526 | document.form1.username.focus(); |
1346 | richard | 527 | } |
528 | } |
||
2182 | tom.houday | 529 | </script> |
530 | <link rel="stylesheet" href="/css/style_intercept.css" type="text/css"> |
||
895 | richard | 531 | </head> |
2182 | tom.houday | 532 | <body onLoad="javascript:doOnLoad(<?= $result ?>,'<?= $userurl ?>','<?= $redirurl ?>','<?= $adminurl ?>','<?= $timeleft ?>')"> |
533 | <center> |
||
534 | |||
2283 | tom.houday | 535 | <?php if ($result === 2 || $result === 3 || $result === 5): // failed or logoff or notyet ?> |
2182 | tom.houday | 536 | <div id="logon"> |
2743 | rexy | 537 | <table id="mobile-logon-header"> |
538 | <tr> |
||
539 | <td width="20%"> |
||
540 | <img id="logo-organ" class="mobile-only" src="/images/organisme.png"> |
||
541 | </td> |
||
542 | <td width="60%"> |
||
543 | <h1><?= $organisme ?></h1> |
||
544 | <h2><?= $l_loggedcont ?></h2> |
||
545 | <?php if ($result === 2): // failed ?> |
||
546 | <h3 style="text-align: center"><?= $l_loginfailed ?></h3> |
||
547 | <?php if ($reply): // traitement du reply ... ?> |
||
548 | <center><?= $reply ?><br><br></center> |
||
549 | <?php endif; ?> |
||
550 | <?php endif; |
||
551 | if ($userurl === 'http://logout/') $userurl = 'http://www.google.com'; // Avoid cyclic logout |
||
552 | ?> |
||
553 | </td> |
||
554 | <td width="20%"> |
||
555 | </td> |
||
556 | </tr> |
||
557 | </table> |
||
558 | |||
559 | |||
2182 | tom.houday | 560 | <img id="logo-alcasar" src="/images/logo-alcasar.png"> |
561 | <form name="form1" method="post" action="<?= $loginpath ?>"> |
||
562 | <input type="hidden" name="challenge" value="<?= $challenge ?>"> |
||
563 | <input type="hidden" name="userurl" value="<?= $userurl ?>"> |
||
564 | <table id="boite-logon"> |
||
565 | <tr> |
||
2743 | rexy | 566 | <td class="desktop-only" width="20%" rowspan="4"> <img id="logo-organ" src="/images/organisme.png"></td> |
567 | <td class="desktop-only" width="30%" align="right"><?= $l_user ?></td> |
||
2747 | rexy | 568 | <td id="username_input" width="100%" align="center"><input type="text" maxLength="32" name="username" autocomplete="off" placeholder="<?= $l_user ?>"></td> |
2182 | tom.houday | 569 | </tr> |
570 | <tr> |
||
2743 | rexy | 571 | <td class="desktop-only" align="right"><?= $l_password ?></td> |
2747 | rexy | 572 | <td id="password_input" width="100%" align="center"><input maxLength="32" type="password" name="password" autocomplete="off" placeholder="<?= $l_password ?>"></td> |
2182 | tom.houday | 573 | <tr> |
2743 | rexy | 574 | <td height="23" id="authenticate-button" align="center"><input value="<?= $l_boutonO ?>" type="submit" name="button"></td> |
2250 | tom.houday | 575 | <?php if ($service_SMS_status): ?> |
576 | <td><a href="autoregistrationinfo.php"><?= $l_autoregistration ?></a></td> |
||
2182 | tom.houday | 577 | <?php endif; ?> |
578 | </tr> |
||
579 | </table> |
||
580 | </form> |
||
581 | <table id="boite-info" cellSpacing="0" cellPadding="0" width="80%"> |
||
582 | <tr> |
||
583 | <td align="center"><font color="red"><b><?= $l_loggedin_stringl1 ?></b></font></td> |
||
584 | </tr> |
||
585 | <tr> |
||
586 | <td align="left"> |
||
587 | <ul> |
||
588 | <li><?= $l_loggedin_stringl2 ?></li> |
||
589 | <li><?= $l_loggedin_stringl4 ?></li> |
||
590 | <li><?= $l_loggedin_stringl3 ?></li> |
||
591 | <li><?= $l_loggedin_stringl5 ?></li> |
||
592 | <li><?= $l_loggedin_stringl6 ?></li> |
||
593 | </ul> |
||
594 | </td> |
||
595 | </tr> |
||
596 | </table> |
||
597 | <?php |
||
598 | // Read the "Domain allowed" file |
||
599 | $tab = file(DOMAIN_ALLOWED_LIST); |
||
600 | if ($tab) { // the file isn't empty |
||
601 | echo '<div id="authorized_domain">'.$l_uam_domain; |
||
602 | foreach ($tab as $line) { |
||
603 | if (trim($line) !== '') { // the line isn't empty |
||
2238 | tom.houday | 604 | $domain_allowed = explode('#', $line); |
2182 | tom.houday | 605 | if (trim($domain_allowed[1]) !== '') { |
606 | $domain = explode('"', $domain_allowed[0]); |
||
607 | // remove every '.' from the beginning of domain |
||
608 | $domain[1] = ltrim($domain[1], '.'); |
||
2184 | richard | 609 | echo '<a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a> '; |
2182 | tom.houday | 610 | } |
611 | } |
||
612 | } |
||
2186 | tom.houday | 613 | echo '</div>'; |
895 | richard | 614 | } |
2182 | tom.houday | 615 | ?> |
616 | </div> |
||
617 | <?php endif; ?> |
||
1349 | richard | 618 | |
2182 | tom.houday | 619 | </center> |
895 | richard | 620 | </body> |
2182 | tom.houday | 621 | </html> |