WebSVN – ALCASAR – Blame – /web/intercept.php

Rev	Author	Line No.	Line
895	richard	1	<?php
958	franck	2	# $Id: intercept.php 2747 2019-08-02 07:02:47Z rexy $
895	richard	3	#
1249	richard	4	# intercept.php for ALCASAR captive portal
895	richard	5	# Copyright (C) 2003, 2004 Mondru AB.
		6	# Modify by REXY & steweb57
		7	# UI & css style by stephane ERARD
		8	# Help for language translation by B. AUBARD (thanks)
		9
		10	# The contents of this file may be used under the terms of the GNU
		11	# General Public License Version 2, provided that the above copyright
		12	# notice and this permission notice is included in all copies or
		13	# substantial portions of the software.
		14
		15	# Redirects from CoovaChilli (chilli daemon) :
		16	# Response to login:
		17	# success : if login successful
		18	# failed : if login failed
		19	# logoff : if logout successful
		20	# already : if tried to login while already logged in
		21	# notyet : if not logged in yet
		22	# Default : it was not a form request -> client go to login form
		23
		24	/****************************************************************
		25	* GLOBAL FILE PATHS *
		26	*****************************************************************/
2238	tom.houday	27	define('CONF_FILE', '/usr/local/etc/alcasar.conf');
		28	define('DOMAIN_ALLOWED_LIST', '/usr/local/etc/alcasar-uamdomain');
895	richard	29
		30	/****************************************************************
930	richard	31	* FILE reading test *
895	richard	32	*****************************************************************/
2238	tom.houday	33	$conf_files = array(CONF_FILE, DOMAIN_ALLOWED_LIST);
2182	tom.houday	34	foreach ($conf_files as $file) {
		35	if (!file_exists($file)) {
2238	tom.houday	36	exit("Fichier $file non présent");
913	richard	37	}
2182	tom.houday	38	if (!is_readable($file)) {
2238	tom.houday	39	exit("Vous n'avez pas les droits de lecture sur le fichier $file");
913	richard	40	}
		41	}
895	richard	42	/****************************************************************
		43	* Read CONF_FILE *
		44	*****************************************************************/
2182	tom.houday	45	$file_conf = fopen(CONF_FILE, 'r');
		46	if (!$file_conf) {
		47	exit('Error opening the file '.CONF_FILE);
		48	}
		49	while (!feof($file_conf)) {
2238	tom.houday	50	$buffer = fgets($file_conf, 4096);
		51	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
2450	tom.houday	52	$tmp = explode('=', $buffer, 2);
2370	tom.houday	53	$conf[trim($tmp[0])] = trim($tmp[1]);
895	richard	54	}
		55	}
2182	tom.houday	56	fclose($file_conf);
		57
2238	tom.houday	58	$organisme = $conf["ORGANISM"];
895	richard	59
2250	tom.houday	60	// Shared secret used to encrypt password with coova.
930	richard	61	$uamsecret = "";
895	richard	62
2250	tom.houday	63	// URL loaded after success authenticates (let blank for browser defaults)
895	richard	64	$adminurl = "";
		65
2250	tom.houday	66	// Check if the SMS service is enable
2600	tom.houday	67	$service_SMS_status = ($conf['SMS'] === 'on');
2250	tom.houday	68
		69	// Our own path
2409	tom.houday	70	$loginpath = htmlspecialchars($_SERVER['PHP_SELF']);
2378	tom.houday	71	$useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off'));
2409	tom.houday	72	$alcasarpath = (($useHTTPS) ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'];
		73	$statuspath = (($conf['HTTPS_CHILLI'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/status.php';
895	richard	74
2250	tom.houday	75	// Choice of language
895	richard	76	$Language = 'en';
2250	tom.houday	77	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
2182	tom.houday	78	$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
2370	tom.houday	79	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
1452	richard	80	}
2238	tom.houday	81	if ($Language === 'es') { // Spanish
		82	$l_ChilliError = "La autenticación debe ser un éxito a través del servicio de portal cautivo.";
		83	$l_login = "El éxito de la autenticación.<HR>Cierre esta ventana interrumpte la sesion.";
		84	$l_logout = "Conexión de cierre";
		85	$l_loginfailed = "Error de autenticación";
		86	$l_loggingin = "Identificación en el portal cautivo";
		87	$l_loggedcont = "Control de Acceso";
		88	$l_loggedout = "Su sesión se cierra";
		89	$l_user = "Usuario";
		90	$l_password = "Contraseña";
		91	$l_wait = "Por favor, espere un momento ...";
		92	$l_onlinetime = "Tiempo de conexión:";
		93	$l_remainingtime = "Desconexión en:";
		94	$l_encrypted = "La apertura debe usar conexión cifrada";
		95	$l_boutonO = "Autenticación";
		96	$l_boutonF = "Cerrar";
		97	$l_loggedin_stringl1 = "Information System Security";
		98	$l_loggedin_stringl2 = "El portal fue creado reglamentos para garantizar la trazabilidad, la rendición de cuentas y el no repudio de las conexiones.";
		99	$l_loggedin_stringl3 = "Su actividad en la red es registrada, de conformidad con la privacidad.";
		100	$l_loggedin_stringl4 = "Los datos registrados pueden ser capaces de ser operado por una autoridad judicial en el curso de una investigación.";
		101	$l_loggedin_stringl5 = "Estos datos se eliminan automáticamente después de un año.";
2370	tom.houday	102	$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
2238	tom.houday	103	$l_loggedout_string = "Cerrar sesión hizo portal cautivo!";
2702	tom.houday	104	$l_reply_0 = "Nombre de usuario o contraseña incorrectos";
2591	rexy	105	$l_reply_1 = "Su cuota diaria ha sido alcanzada (duración o volumen)";
		106	$l_reply_2 = "Su cuota mensual ha sido alcanzada (duración o volumen)";
2238	tom.houday	107	$l_reply_3 = "You try to connect outside of your allowed timespan";
		108	$l_reply_4 = "your account expired";
		109	$l_reply_5 = "You have reached the maximum number of simultaneous logins";
		110	$l_reply_6 = "Your authorized connexion time has been reached";
		111	$l_online_time = "Tiempo en linea";
		112	$l_remaining_time = "Tiempo restante";
		113	$l_uam_domain = "Sitios web autorizados : ";
		114	$l_autoregistration = "Registo automático";
		115	} else if ($Language === 'pt') { // Portuguese
		116	$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal.";
		117	$l_login = "Sucesso na autenticação.<HR>Matenha esse pop-up apenas minimizado para não interromper a conexão";
		118	$l_logout = "Encerrar conexão";
		119	$l_loginfailed = "Falha na autenticação";
		120	$l_loggingin = "Identificação do portal cativo";
		121	$l_loggedcont = "Controle de acesso";
		122	$l_loggedout = "Sua sessão foi fechada";
		123	$l_user = "Usuário";
		124	$l_password = "Senha";
		125	$l_wait = "Por favor, aguarde um momento ...";
		126	$l_onlinetime = "Tempo de conexão:";
		127	$l_remainingtime = "Desconectado em:";
		128	$l_encrypted = "A conexão com o portal deve ser criptografada";
		129	$l_boutonO = "Autenticação";
		130	$l_boutonF = "Fechar";
		131	$l_loggedin_stringl1 = "Sistema de Informação e segurança";
		132	$l_loggedin_stringl2 = "Este controle foi criado para garantir acesso seguro.";
		133	$l_loggedin_stringl3 = "A autenticação será criptografada em 256 bits, impedindo captura por escâner de rede.";
		134	$l_loggedin_stringl4 = "Sua atividade na Internet será resguardada de acordo com os regulamentos da lei.";
		135	$l_loggedin_stringl5 = "Mantenha o popup da conexão minimizado para não interromper a cessão.";
2370	tom.houday	136	$l_loggedin_stringl6 = "Clique <a href=\"$alcasarpath\">aqui</a> para alterar sua senha, instalar certificado ou sair do portal.";
2238	tom.houday	137	$l_loggedout_string = "desconexão do portal cativo";
2702	tom.houday	138	$l_reply_0 = "Nome de usuário ou senha incorretos";
2591	rexy	139	$l_reply_1 = "Sua cota diária foi alcançada (duração ou volume)";
		140	$l_reply_2 = "Sua cota mensal foi atingida (duração ou volume)";
2238	tom.houday	141	$l_reply_3 = "Você tenta conectar-se fora do seu período de tempo permitido";
		142	$l_reply_4 = "Sua conta expirou";
		143	$l_reply_5 = "Você atingiu o número máximo de logins simultâneos";
		144	$l_reply_6 = "Seu tempo de conexão autorizada finalizou";
		145	$l_online_time = "Tempo Online";
		146	$l_remaining_time = "Tempo restante";
		147	$l_uam_domain = "Sites autorizados : ";
		148	$l_autoregistration = "Registo automático";
		149	} else if ($Language === 'zh') { // Chinese
		150	$l_ChilliError = "验证必须通过强制门户服务";
		151	$l_login = "验证成功<HR>关闭此窗口中断连接";
		152	$l_logout = "关闭连接";
		153	$l_loginfailed = "验证失败";
		154	$l_loggingin = "强制门户身份识别";
		155	$l_loggedcont = "访问控制";
		156	$l_loggedout = "您的连接已关闭";
		157	$l_user = "用户名";
		158	$l_password = "密码";
		159	$l_wait = "请等待 ...";
		160	$l_onlinetime = "连接时间";
		161	$l_remainingtime = "断开连接于";
		162	$l_encrypted = "与门户的连接必须加密";
		163	$l_boutonO = "验证";
		164	$l_boutonF = "关闭";
		165	$l_loggedin_stringl1 = "信息系统安全";
		166	$l_loggedin_stringl2 = "这种控制实施以法定保证可追溯性，可归罪性和连接的不否认性.";
		167	$l_loggedin_stringl3 = "您的网络活动是私密登记的.";
		168	$l_loggedin_stringl4 = "记录的数据能被司法机关在调查中操作使用.";
		169	$l_loggedin_stringl5 = "这些数据将在一年后自动删除.";
2370	tom.houday	170	$l_loggedin_stringl6 = "点击 <a href=\"$alcasarpath\"> 这里 </a> 修改密码或安装浏览器安全证书";
2238	tom.houday	171	$l_loggedout_string = "强制网络门户连接已断开";
2702	tom.houday	172	$l_reply_0 = "用户名或密码无效";
2591	rexy	173	$l_reply_1 = "您的每日配额已达到（持续时间或数量) ";
		174	$l_reply_2 = "已达到每月配额（持续时间或数量）";
2238	tom.houday	175	$l_reply_3 = "您尝试在授权时间以外连接";
		176	$l_reply_4 = "您的账号已过期";
		177	$l_reply_5 = "您已经达到同时连接的最大数量";
		178	$l_reply_6 = "已经到达您的允许连接时间";
		179	$l_online_time = "在线时间";
		180	$l_remaining_time = "剩余时间";
		181	$l_uam_domain = "授权网站 : ";
		182	$l_autoregistration = "短信注册";
2250	tom.houday	183	} else if ($Language === 'ar') { // Arabic
2238	tom.houday	184	$l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة";
		185	$l_login = "إغلاق هذه النافذة يقطع دورة عملك";
		186	$l_logout = "إغلاق الدورة";
		187	$l_loginfailed = "فشل المصادقة";
		188	$l_loggingin = "التعريف على البوابة الأسيرة";
		189	$l_loggedcont = "مراقبة الدخول";
		190	$l_loggedout = "دورتكَ مغلقة";
		191	$l_user = "التعريف";
		192	$l_password = "كلمة السر";
		193	$l_wait = "...إنتظر بعض اللحظات";
		194	$l_onlinetime = ":مدة الإتصال";
		195	$l_remainingtime = ":انقطاع الإتصال في";
		196	$l_encrypted = "يجب تشفير الإتصال بالبوابة";
		197	$l_boutonO = "مصادقة";
		198	$l_boutonF = "أغلق";
		199	$l_loggedin_stringl1 = "سلامة نظم المعلومات";
		200	$l_loggedin_stringl2 = "وُضعت هذه المراقبة للضمان القانوني لتتبع ومساءلة وعدم تنصل الإتصالات";
		201	$l_loggedin_stringl3 = "نشاطك على الشبكة مسجل وفقاً لاحترام الحريات الشخصية";
		202	$l_loggedin_stringl4 = "لا يمكن استغلال البيانات المسجلة إلاّ من قِبل سلطات التحقيق القضائ";
		203	$l_loggedin_stringl5 = "سيتم حدف هذه البيانات تلقائياً بعد سنة من الْيَوْمَ";
2370	tom.houday	204	$l_loggedin_stringl6 = "لتغيير كلمة السر أو شهادة الأمان <a href=\"$alcasarpath\">هنا</a> اضغط ";
2238	tom.houday	205	$l_loggedout_string = "تَمّ قطع الإتصال بالبوابة الأسيرة";
2702	tom.houday	206	$l_reply_0 = "اسم المستخدم أو كلمة المرور غير صالحة";
2591	rexy	207	$l_reply_1 = "تم الوصول إلى حصتك اليومية (المدة أو الحجم)";
		208	$l_reply_2 = "تم الوصول إلى حصتك الشهرية (المدة أو الحجم)";
2238	tom.houday	209	$l_reply_3 = "محاولة اتصال خارج فترتك المأذونة";
		210	$l_reply_4 = "انتهت مدة صلاحية حسابك";
		211	$l_reply_5 = "لقد استكملت العدد الأقصى للإتصالات المتزامنة";
		212	$l_reply_6 = "استكملت مذة الإتصال المسموحة";
		213	$l_online_time = "مذة الإتصال";
		214	$l_remaining_time = "الوقت المتبق";
		215	$l_uam_domain = ":المواقع المسموحة ";
		216	$l_autoregistration = "تسجيل ذاتي (SMS)";
2250	tom.houday	217	} else if ($Language === 'de') { // German
2238	tom.houday	218	$l_ChilliError = "Die Authentifizierung ist erfolgreich durch die Nutzung des Portals erfolgt.";
		219	$l_login = "Erfolgreiche Authentifizierung.<HR>Schlißen dieses fensters unterbricht die sitzung";
		220	$l_logout = "Beenden der Verbindung";
		221	$l_loginfailed = "Authentifizierungsfehler Eigenverbrauch";
		222	$l_loggingin = "Kennzeichnung auf dem Eigenverbrauch";
		223	$l_loggedcont = "Zutrittskontrolle";
		224	$l_loggedout = "Ihre Sitzung ist geschlossen";
		225	$l_user = "Benutzer";
		226	$l_password = "Passwort";
		227	$l_wait = "Bitte warten Sie einen Moment ...";
		228	$l_onlinetime = "Online-Zeit:";
		229	$l_remainingtime = "Abmelden:";
		230	$l_encrypted = "Die Öffnung muß der Anschluß Zahlen";
		231	$l_boutonO = "Authentifizierung";
		232	$l_boutonF = "Schließen";
		233	$l_loggedin_stringl1 = "Information System Security";
		234	$l_loggedin_stringl2 = "Dieses Portal wurde eingerichtet, um ordnungsgemäß die Rückverfolgbarkeit, der Zurechenbarkeit und der Nicht-Anerkennung der Verbindungen.";
		235	$l_loggedin_stringl3 = "Ihre Tätigkeit im Netzwerk registriert ist nach Schutz der Privatsphäre.";
		236	$l_loggedin_stringl4 = "Die gespeicherten Daten nicht pouront genutzt werden, dass von einer Justizbehörde im Rahmen einer Untersuchung.";
		237	$l_loggedin_stringl5 = "Diese Daten werden automatisch gelöscht nach einem Jahr.";
2370	tom.houday	238	$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
2238	tom.houday	239	$l_loggedout_string = "Trennung des Portals erfolgt Gefangener!";
2702	tom.houday	240	$l_reply_0 = "Falscher Benutzername oder falsches Passwort";
2591	rexy	241	$l_reply_1 = "Ihr Tageskontingent wurde erreicht (Dauer oder Volumen)";
		242	$l_reply_2 = "Ihr monatliches Kontingent wurde erreicht (Dauer oder Volumen)";
2238	tom.houday	243	$l_reply_3 = "You try to connect outside of your allowed timespan";
		244	$l_reply_4 = "your account expired";
		245	$l_reply_5 = "You have reached the maximum number of simultaneous logins";
		246	$l_reply_6 = "Your authorized connexion time has been reached";
		247	$l_online_time = "Online-zeit";
		248	$l_remaining_time = "Restzeit";
		249	$l_uam_domain = "Autorisierten websites : ";
		250	$l_autoregistration = "Automatische registrierung";
2250	tom.houday	251	} else if ($Language === 'nl') { // Dutch
2238	tom.houday	252	$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst.";
		253	$l_login = "Succesvolle authenticatie.<HR>Dit venster te sluiten onderbreekt uw sessie.";
		254	$l_logout = "Slotkoers verbinding";
		255	$l_loginfailed = "Authenticatie mislukt";
		256	$l_loggingin = "Identificatie van de captive-portaal";
		257	$l_loggedcont = "toegangscontrole";
		258	$l_loggedout = "Uw sessie is gesloten";
		259	$l_user = "Gebruiker";
		260	$l_password = "Wachtwoord";
		261	$l_wait = "Wacht een moment ...";
		262	$l_onlinetime = "Sluit tijd:";
		263	$l_remainingtime = "Verbreking in:";
		264	$l_encrypted = "De opening moet gebruiken gecodeerde verbinding";
		265	$l_boutonO = "Authenticatie";
		266	$l_boutonF = "Sluiten";
		267	$l_loggedin_stringl1 = "Information System Security";
		268	$l_loggedin_stringl2 = "Het portaal werd opgericht verordeningen om de traceerbaarheid, verantwoordelijkheid en onloochenbaarheid van de verbindingen.";
		269	$l_loggedin_stringl3 = "Uw activiteit op het netwerk is geregistreerd in overeenstemming met de persoonlijke levenssfeer.";
		270	$l_loggedin_stringl4 = "De geregistreerde gegevens kunnen worden kunnen worden bediend door een rechterlijke instantie in de loop van een onderzoek.";
		271	$l_loggedin_stringl5 = "Deze gegevens worden automatisch verwijderd na een jaar.";
2370	tom.houday	272	$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
2238	tom.houday	273	$l_loggedout_string = "Logout gemaakt intern portaal!";
2702	tom.houday	274	$l_reply_0 = "Ongeldige gebruikersnaam of wachtwoord";
2591	rexy	275	$l_reply_1 = "Uw dagelijkse quotum is bereikt (duur of volume)";
		276	$l_reply_2 = "Je maandelijkse quotum is bereikt (duur of volume)";
2238	tom.houday	277	$l_reply_3 = "You try to connect outside of your allowed timespan";
		278	$l_reply_4 = "your account expired";
		279	$l_reply_5 = "You have reached the maximum number of simultaneous logins";
		280	$l_reply_6 = "Your authorized connexion time has been reached";
		281	$l_online_time = "Online tijd";
		282	$l_remaining_time = "Reterende tijd";
		283	$l_uam_domain = "Geautoriseerde website : ";
		284	$l_autoregistration = "Automatische registratie";
2250	tom.houday	285	} else if ($Language === 'fr') { // French
2238	tom.houday	286	$l_ChilliError = "L'authentification doit être réussie sur le portail captif.";
		287	$l_login = "Authentification réussie.<HR>La fermeture de cette fenêtre interrompt votre session.";
		288	$l_logout = "Fermeture de la session";
		289	$l_loginfailed = "Echec d'authentification";
		290	$l_loggingin = "Identification sur le portail captif";
		291	$l_loggedcont = "Contrôle d'accès";
		292	$l_loggedout = "Votre session est fermée";
		293	$l_user = "Identifiant";
		294	$l_password = "Mot de passe";
		295	$l_wait = "Patientez un instant ...";
		296	$l_onlinetime = "Temps de connexion:";
		297	$l_remainingtime = "Deconnexion dans :";
		298	$l_encrypted = "La connexion avec le portail doit être chiffrée";
		299	$l_boutonO = "Authentification";
		300	$l_boutonF = "Fermer";
		301	$l_loggedin_stringl1 = "Sécurité des Systèmes d'Information";
		302	$l_loggedin_stringl2 = "Ce contrôle a été mis en place pour assurer réglementairement la traçabilité, l'imputabilité et la non-répudiation des connexions.";
		303	$l_loggedin_stringl3 = "Votre activité sur le réseau est enregistrée conformément au respect de la vie privée.";
		304	$l_loggedin_stringl4 = "Les données enregistrées ne pourront être exploitées que par une autorité judiciaire dans le cadre d'une enquête.";
		305	$l_loggedin_stringl5 = "Ces données seront automatiquement supprimées au bout d'un an.";
2370	tom.houday	306	$l_loggedin_stringl6 = "Cliquez <a href=\"$alcasarpath\">ici</a> pour changer votre mot de passe ou pour intégrer le certificat de sécurité à votre navigateur";
2238	tom.houday	307	$l_loggedout_string = "Déconnexion du portail captif effectuée !";
2702	tom.houday	308	$l_reply_0 = "Nom d'utilisateur ou mot de passe incorrect";
2591	rexy	309	$l_reply_1 = "Votre quota journalier a été atteint (durée ou volume)";
		310	$l_reply_2 = "Votre quota mensuel a été atteint (durée ou volume)";
2238	tom.houday	311	$l_reply_3 = "Vous tentez de vous connecter en dehors de votre période autorisée";
		312	$l_reply_4 = "Votre compte a expiré";
		313	$l_reply_5 = "Vous avez atteint le nombre maximum de connexions simultanées";
		314	$l_reply_6 = "Votre durée de connexion autorisée a été atteinte";
		315	$l_online_time = "Temps de connexion";
		316	$l_remaining_time = "Temps restant";
		317	$l_uam_domain = "Sites autorisés : ";
		318	$l_autoregistration = "Auto enregistrement (sms)";
		319	} else { // English
		320	$l_ChilliError = "The authentication must be successful through the captive portal service.";
		321	$l_login = "Successful authentication.<HR>Closing this window interrupts your session";
		322	$l_logout = "Closing connection";
		323	$l_loginfailed = "Authentication Failed";
		324	$l_loggingin = "Identification on the captive portal";
		325	$l_loggedcont = "Access Control";
		326	$l_loggedout = "Your session is closed";
		327	$l_user = "User";
		328	$l_password = "Password";
		329	$l_wait = "Please wait a moment ...";
		330	$l_onlinetime = "Connect time:";
		331	$l_remainingtime = "Disconnection in:";
		332	$l_encrypted = "The connection with the portal must be encrypted";
		333	$l_boutonO = "Authentication";
		334	$l_boutonF = "Close";
		335	$l_loggedin_stringl1 = "Information System Security";
		336	$l_loggedin_stringl2 = "That control was set up regulations to ensure traceability, accountability and non-repudiation of connections.";
		337	$l_loggedin_stringl3 = "Your activity on the network is registered in accordance with privacy.";
		338	$l_loggedin_stringl4 = "The recorded data can be able to be operated by a judicial authority in the course of an investigation.";
		339	$l_loggedin_stringl5 = "These data will be automatically deleted after one year.";
2370	tom.houday	340	$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
2238	tom.houday	341	$l_loggedout_string = "Disconnection of the captive portal made";
2702	tom.houday	342	$l_reply_0 = "Incorrect username or password";
2591	rexy	343	$l_reply_1 = "Your daily quota has been reached (duration or volume)";
		344	$l_reply_2 = "Your monthly quota has been reached (duration or volume)";
2238	tom.houday	345	$l_reply_3 = "You try to connect outside of your allowed timespan";
		346	$l_reply_4 = "your account expired";
		347	$l_reply_5 = "You have reached the maximum number of simultaneous logins";
		348	$l_reply_6 = "Your authorized connexion time has been reached";
		349	$l_online_time = "Online time";
		350	$l_remaining_time = "Remaining time";
		351	$l_uam_domain = "Authorized websites : ";
		352	$l_autoregistration = "Auto registration (sms)";
2182	tom.houday	353	}
895	richard	354
2324	tom.houday	355	# If HTTPS not use, tell it's wrong
		356	if (($conf['HTTPS_LOGIN'] === 'on') && ((!isset($_SERVER['HTTPS'])) \|\| (empty($_SERVER['HTTPS'])) \|\| ($_SERVER['HTTPS'] === 'off'))) {
2238	tom.houday	357	// Cleaning the cache
		358	header('Expires: Tue, 01 Jan 2000 00:00:00 GMT');
		359	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
		360	header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
		361	header('Cache-Control: post-check=0, pre-check=0', false);
		362	header('Pragma: no-cache');
2182	tom.houday	363	?>
2238	tom.houday	364	<!DOCTYPE html>
2182	tom.houday	365	<html>
		366	<head>
		367	<meta charset="utf-8">
		368	<title><?= $l_loggedcont ?></title>
		369	</head>
		370	<body style="background-color: white;">
		371	<h1 style="text-align: center;"><?= $l_loginfailed ?></h1>
		372	<center><?= $l_encrypted ?></center>
		373	</body>
		374	</html>
		375	<?php
		376	exit();
895	richard	377	}
		378
		379	# Read form parameters which we care about
1314	richard	380	# avoid the "user as a MAC address" attempts
2378	tom.houday	381	if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
2407	tom.houday	382	$username = htmlspecialchars(trim($_POST['username'])); else $username = '';
2378	tom.houday	383	if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = '';
2370	tom.houday	384	if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
2205	tom.houday	385	if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
		386	// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
		387	// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
2378	tom.houday	388	// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
		389	// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
		390	// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
2205	tom.houday	391	if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
2378	tom.houday	392	// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
		393	// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
895	richard	394
		395	# Read query parameters which we care about
2378	tom.houday	396	if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
		397	// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
2205	tom.houday	398	if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
2378	tom.houday	399	// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
		400	// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
		401	if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
		402	if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
		403	if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
2205	tom.houday	404	if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
895	richard	405
2378	tom.houday	406	// TODO: clean unused query params
		407
		408	$uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN'];
2409	tom.houday	409	if (($conf['HTTPS_CHILLI'] === 'on') && $useHTTPS) {
2378	tom.houday	410	$uamproto = 'https';
		411	$uamport = 3991;
		412	} else {
		413	$uamproto = 'http';
		414	$uamport = 3990;
2239	tom.houday	415	}
		416
895	richard	417	# translation of radius replies
2378	tom.houday	418	if (!empty($reply)) {
		419	switch ($reply) {
2591	rexy	420	case 'Username not found' : $reply = $l_reply_0; break;
2702	tom.houday	421	case 'Login failed' : $reply = $l_reply_0; break;
2205	tom.houday	422	case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1; break;
		423	case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2; break;
		424	case 'You are calling outside your allowed timespan' : $reply = $l_reply_3; break;
		425	case 'Password Has Expired' : $reply = $l_reply_4; break;
		426	case 'You are already logged in - access denied' : $reply = $l_reply_5; break;
		427	case 'Your maximum never usage time has been reached' : $reply = $l_reply_6; break;
2182	tom.houday	428	}
		429	}
895	richard	430
2182	tom.houday	431	// If attempt to login
		432	if ($button === $l_boutonO) {
		433	//correction password length in coova-chilli
		434	//thanks to http://www.stochasticgeometry.ie/2009/09/09/maximum-password-length-in-coova-chilli/
		435	$hexchal = pack('H*', $challenge);
		436	$newchal = pack('H*', md5($hexchal . $uamsecret));
1947	raphael.pi	437
2182	tom.houday	438	// If challenge isn't long enough, repeat it until it is
2238	tom.houday	439	while (strlen($newchal) < strlen($password)) {
2182	tom.houday	440	$newchal .= $newchal;
		441	}
1947	raphael.pi	442
2182	tom.houday	443	$newpwd = pack('a*', $password);
		444	// Encode plain text password with challenge
		445	$pappassword = implode('', unpack('H*', ($newpwd ^ $newchal)));
2238	tom.houday	446
2378	tom.houday	447	header("Location: $uamproto://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl");
2182	tom.houday	448	exit();
895	richard	449	}
		450
		451	switch($res) {
2182	tom.houday	452	case 'success': $result = 1; break; // If login successful
		453	case 'failed': $result = 2; break; // If login failed
		454	case 'logoff': $result = 3; break; // If logout successful
		455	case 'already': $result = 4; break; // If tried to login while already logged in
		456	case 'notyet': $result = 5; break; // If not logged in yet
		457	default: $result = 0; // Default: It was not a form request -> client go to login form
895	richard	458	}
		459
2010	raphael.pi	460	//check if we need to warn user about the imputability logs.
2378	tom.houday	461	if ($result === 1) {
2182	tom.houday	462	if ((is_file('./acc/manager/lib/sql/drivers/mysql/functions.php')) && (is_file('/etc/freeradius-web/config.php'))) {
		463	include_once('/etc/freeradius-web/config.php');
		464	include_once('./acc/manager/lib/sql/drivers/mysql/functions.php');
		465	$link = @da_sql_pconnect($config); // on affiche pas les erreurs
		466	if ($link) {
		467	$user_uid = da_sql_escape_string($link, $_GET['uid']);
2501	tom.houday	468	$sql = "SELECT value FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'";
2182	tom.houday	469	$res = @da_sql_query($link, $config, $sql); // on affiche pas les erreurs
		470	if ($res) {
		471	$row = @da_sql_fetch_array($res, $config);
2501	tom.houday	472	if ($row['value'] === '1') {
		473	$sql = "DELETE FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'";
		474	@da_sql_query($link, $config, $sql);
2370	tom.houday	475	header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs
2182	tom.houday	476	exit();
		477	}
		478	}
		479	}
		480	}
2010	raphael.pi	481	}
		482
2378	tom.houday	483	// By default, redirect to prelogin in order to generate a challenge
		484	if ($result === 0) {
		485	header("Location: $uamproto://$uamip:$uamport/prelogin");
2182	tom.houday	486	exit();
895	richard	487	}
2238	tom.houday	488
		489	// Cleaning the cache
		490	header('Expires: Tue, 01 Jan 2000 00:00:00 GMT');
		491	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
		492	header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
		493	header('Cache-Control: post-check=0, pre-check=0', false);
		494	header('Pragma: no-cache');
2182	tom.houday	495	?>
2238	tom.houday	496	<!DOCTYPE html>
895	richard	497	<html>
		498	<head>
2182	tom.houday	499	<meta charset="utf-8">
		500	<title><?= $l_loggingin ?></title>
		501	<script type="text/javascript">
1346	richard	502	function doOnLoad(result, userurl, redirurl, adminurl, timeleft) {
2283	tom.houday	503	if ((result === 1) \|\| (result === 4)) { // success or already
2201	tom.houday	504	var url;
2182	tom.houday	505	if (adminurl !== '') {
2201	tom.houday	506	url = adminurl;
2182	tom.houday	507	} else if (redirurl !== '') {
2201	tom.houday	508	url = redirurl;
		509	} else if (userurl !== '') {
		510	url = userurl;
1346	richard	511	}
2201	tom.houday	512
		513	if (typeof url !== 'undefined') {
2283	tom.houday	514	var win = window.open('<?= $statuspath ?>', '_blank');
		515
2406	tom.houday	516	if ((win === null) \|\| (typeof win === 'undefined')) { // Pop-up blocked
2283	tom.houday	517	window.location = '<?= $statuspath ?>';
		518	} else {
		519	window.location = url;
2201	tom.houday	520	}
2283	tom.houday	521	} else {
		522	window.location = '<?= $statuspath ?>';
2201	tom.houday	523	}
1346	richard	524	}
2283	tom.houday	525	if ((result === 2) \|\| (result === 3) \|\| result === 5) { // failed or logoff or notyet
2378	tom.houday	526	document.form1.username.focus();
1346	richard	527	}
		528	}
2182	tom.houday	529	</script>
		530	<link rel="stylesheet" href="/css/style_intercept.css" type="text/css">
895	richard	531	</head>
2182	tom.houday	532	<body onLoad="javascript:doOnLoad(<?= $result ?>,'<?= $userurl ?>','<?= $redirurl ?>','<?= $adminurl ?>','<?= $timeleft ?>')">
		533	<center>
		534
2283	tom.houday	535	<?php if ($result === 2 \|\| $result === 3 \|\| $result === 5): // failed or logoff or notyet ?>
2182	tom.houday	536	<div id="logon">
2743	rexy	537	<table id="mobile-logon-header">
		538	<tr>
		539	<td width="20%">
		540	<img id="logo-organ" class="mobile-only" src="/images/organisme.png">
		541	</td>
		542	<td width="60%">
		543	<h1><?= $organisme ?></h1>
		544	<h2><?= $l_loggedcont ?></h2>
		545	<?php if ($result === 2): // failed ?>
		546	<h3 style="text-align: center"><?= $l_loginfailed ?></h3>
		547	<?php if ($reply): // traitement du reply ... ?>
		548	<center><?= $reply ?><br><br></center>
		549	<?php endif; ?>
		550	<?php endif;
		551	if ($userurl === 'http://logout/') $userurl = 'http://www.google.com'; // Avoid cyclic logout
		552	?>
		553	</td>
		554	<td width="20%">
		555	</td>
		556	</tr>
		557	</table>
		558
		559
2182	tom.houday	560	<img id="logo-alcasar" src="/images/logo-alcasar.png">
		561	<form name="form1" method="post" action="<?= $loginpath ?>">
		562	<input type="hidden" name="challenge" value="<?= $challenge ?>">
		563	<input type="hidden" name="userurl" value="<?= $userurl ?>">
		564	<table id="boite-logon">
		565	<tr>
2743	rexy	566	<td class="desktop-only" width="20%" rowspan="4"> <img id="logo-organ" src="/images/organisme.png"></td>
		567	<td class="desktop-only" width="30%" align="right"><?= $l_user ?></td>
2747	rexy	568	<td id="username_input" width="100%" align="center"><input type="text" maxLength="32" name="username" autocomplete="off" placeholder="<?= $l_user ?>"></td>
2182	tom.houday	569	</tr>
		570	<tr>
2743	rexy	571	<td class="desktop-only" align="right"><?= $l_password ?></td>
2747	rexy	572	<td id="password_input" width="100%" align="center"><input maxLength="32" type="password" name="password" autocomplete="off" placeholder="<?= $l_password ?>"></td>
2182	tom.houday	573	<tr>
2743	rexy	574	<td height="23" id="authenticate-button" align="center"><input value="<?= $l_boutonO ?>" type="submit" name="button"></td>
2250	tom.houday	575	<?php if ($service_SMS_status): ?>
		576	<td><a href="autoregistrationinfo.php"><?= $l_autoregistration ?></a></td>
2182	tom.houday	577	<?php endif; ?>
		578	</tr>
		579	</table>
		580	</form>
		581	<table id="boite-info" cellSpacing="0" cellPadding="0" width="80%">
		582	<tr>
		583	<td align="center"><font color="red"><b><?= $l_loggedin_stringl1 ?></b></font></td>
		584	</tr>
		585	<tr>
		586	<td align="left">
		587	<ul>
		588	<li><?= $l_loggedin_stringl2 ?></li>
		589	<li><?= $l_loggedin_stringl4 ?></li>
		590	<li><?= $l_loggedin_stringl3 ?></li>
		591	<li><?= $l_loggedin_stringl5 ?></li>
		592	<li><?= $l_loggedin_stringl6 ?></li>
		593	</ul>
		594	</td>
		595	</tr>
		596	</table>
		597	<?php
		598	// Read the "Domain allowed" file
		599	$tab = file(DOMAIN_ALLOWED_LIST);
		600	if ($tab) { // the file isn't empty
		601	echo '<div id="authorized_domain">'.$l_uam_domain;
		602	foreach ($tab as $line) {
		603	if (trim($line) !== '') { // the line isn't empty
2238	tom.houday	604	$domain_allowed = explode('#', $line);
2182	tom.houday	605	if (trim($domain_allowed[1]) !== '') {
		606	$domain = explode('"', $domain_allowed[0]);
		607	// remove every '.' from the beginning of domain
		608	$domain[1] = ltrim($domain[1], '.');
2184	richard	609	echo '<a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a> ';
2182	tom.houday	610	}
		611	}
		612	}
2186	tom.houday	613	echo '</div>';
895	richard	614	}
2182	tom.houday	615	?>
		616	</div>
		617	<?php endif; ?>
1349	richard	618
2182	tom.houday	619	</center>
895	richard	620	</body>
2182	tom.houday	621	</html>

Subversion Repositories ALCASAR

(root)/web/intercept.php @ 2743 – Rev 2747