/CHANGELOG |
---|
2,6 → 2,10 |
********** ALCASAR CHANGELOG ********** |
-------------------- 3.2.0 -------------------- |
NEWS |
- Enable HTTPS support for the CoovaChilli JSON API (that allow HTTPS for status.php). |
-------------------- 3.1.4 -------------------- |
NEWS |
- Add a link for back to the homepage when the user is disconnected in status.php. |
/alcasar.sh |
---|
1266,6 → 1266,7 |
dns2 $PRIVATE_IP |
uamlisten $PRIVATE_IP |
uamport 3990 |
uamuiport 3991 |
macauth |
macpasswd password |
strictmacauth |
1293,6 → 1294,7 |
sslkeyfile /etc/pki/tls/private/alcasar.key |
sslcertfile /etc/pki/tls/certs/alcasar.crt |
redirssl |
uamuissl |
EOF |
# create files for "DHCP static ip" and "DHCP static ip info". Reserve the second IP address for INTIF (the first one is for tun0) |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers |
/scripts/alcasar-iptables.sh |
---|
301,7 → 301,7 |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p icmp --icmp-type 0 -j ACCEPT # Requête ping # ping request |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport https -j ACCEPT # Pages d'authentification et MCC # authentication pages and MCC |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport http -j ACCEPT # Page d'avertissement filtrage # Filtering warning pages |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 3990 -j ACCEPT # Requêtes de deconnexion usagers # Users logout requests |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 3990:3991 -j ACCEPT # Requêtes de deconnexion usagers # Users logout requests |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport ntp -j ACCEPT # Serveur local de temps # local time server |
# SSHD rules if activate |
/web/index.php |
---|
38,7 → 38,7 |
$buffer = fgets($file_conf, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer); |
$conf[$tmp[0]] = trim($tmp[1]); |
$conf[trim($tmp[0])] = trim($tmp[1]); |
} |
} |
fclose($file_conf); |
45,9 → 45,11 |
$organisme = $conf["ORGANISM"]; |
$hostname = $conf["HOSTNAME"].'.'.$conf["DOMAIN"]; |
$useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off')); |
$network_pb = false; // "alcasar-watchdog.sh" changes this value if a network issue is detected |
$diagnostic = "can't contact the default router"; // "alcasar-watchdog.sh" changes this value if a network issue is detected |
$certCa_link = "http://$hostname/certs/certificat_alcasar_ca.crt"; |
$certCa_link = (($useHTTPS) ? 'https' : 'http')."://$hostname/certs/certificat_alcasar_ca.crt"; |
$logout_link = (($useHTTPS) ? 'https' : 'http').'://'.$hostname.':'.(($useHTTPS) ? 3991 : 3990).'/logoff'; |
$direct_access = false; |
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; |
$connection_history = ''; |
161,8 → 163,8 |
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Ouvrir une session Internet</a>"; |
} else { |
if ($user->username != $user->mac) { // authentication exception or not |
$l_logout_explain = "Ferme la session de l'usager actuellement connecté. <br><br>Utilisateur connecté : <a href=\"http://$hostname:3990/logoff\" title=\"Deconnecter l'utilisateur $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history dernières connexions :$connection_history"; |
$l_logout = "<a href=\"http://$hostname:3990/logoff\">Se déconnecter d'internet</a>"; |
$l_logout_explain = "Ferme la session de l'usager actuellement connecté. <br><br>Utilisateur connecté : <a href=\"$logout_link\" title=\"Deconnecter l'utilisateur $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history dernières connexions :$connection_history"; |
$l_logout = "<a href=\"$logout_link\">Se déconnecter d'internet</a>"; |
} else { |
$l_logout_explain = "Votre système ($user->username) est en exception d'authentication.<br><br>$nb_connection_history dernières connexions :$connection_history"; |
$l_logout = "Information des connexions"; |
208,8 → 210,8 |
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Abrir uma conexão de Internet</a>"; |
} else { |
if ($user->username != $user->mac) { // authentication exception or not |
$l_logout_explain = "Se desejar, feche a conexão do usuário atual conectado.<br> Usuário conectado : <a href=\"http://$hostname:3990/logoff\" title=\"Disconnect user $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history logins últimos :$connection_history"; |
$l_logout = "<a href=\"http://$hostname:3990/logoff\">Sair da Internet</a>"; |
$l_logout_explain = "Se desejar, feche a conexão do usuário atual conectado.<br> Usuário conectado : <a href=\"$logout_link\" title=\"Disconnect user $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history logins últimos :$connection_history"; |
$l_logout = "<a href=\"$logout_link\">Sair da Internet</a>"; |
} else { |
$l_logout_explain = "O sistema ($user->username) detctou exesso de autenticação.<br><br>$nb_connection_history logins últimos :$connection_history"; |
$l_logout = "Informações de conexões"; |
255,8 → 257,8 |
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">打开一个网络进程</a>"; |
} else { |
if ($user->username != $user->mac) { // authentication exception or not |
$l_logout_explain = "关闭当前连接进程。<br> 已连接用户:<a href=\"http://$hostname:3990/logoff\" title=\" $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history 最后连接 :$connection_history"; |
$l_logout = "<a href=\"http://$hostname:3990/logoff\">断开网络</a>"; |
$l_logout_explain = "关闭当前连接进程。<br> 已连接用户:<a href=\"$logout_link\" title=\" $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history 最后连接 :$connection_history"; |
$l_logout = "<a href=\"$logout_link\">断开网络</a>"; |
} else { |
$l_logout_explain = "您的系统($user->username)验证例外<br><br>$nb_connection_history 最后连接: $connection_history"; |
$l_logout = "连接信息"; |
309,9 → 311,9 |
$close_session_text = "إقفال جلسة المستخدم المتصل حاليا"; |
$userlogged_text = "المستخدم متصل"; |
$disconnect_user_text = "قطع الاتصال على المستخدم"; |
$l_logout_explain = "Ferme la session de l'usager actuellement connecté. <br><br>Utilisateur connecté : <a href=\"http://$hostname:3990/logoff\" title=\"Deconnecter l'utilisateur $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history dernières connexions :$connection_history"; |
$l_logout_explain = "Ferme la session de l'usager actuellement connecté. <br><br>Utilisateur connecté : <a href=\"$logout_link\" title=\"Deconnecter l'utilisateur $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history dernières connexions :$connection_history"; |
$logout_internet_text = "قطع الاتصال على الإنترنت"; |
$l_logout = "<a href=\"http://$hostname:3990/logoff\">$logout_internet_text</a>"; |
$l_logout = "<a href=\"$logout_link\">$logout_internet_text</a>"; |
} else { |
$your_system_text = "نظامك"; |
$auth_except_text = "على توثيق استثنائي"; |
370,8 → 372,8 |
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Open an Internet session</a>"; |
} else { |
if ($user->username != $user->mac) { // authentication exception or not |
$l_logout_explain = "Close the session of the user currently connected.<br> User logged-on : <a href=\"http://$hostname:3990/logoff\" title=\"Disconnect user $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history last connections :$connection_history"; |
$l_logout = "<a href=\"http://$hostname:3990/logoff\">Logoff from internet</a>"; |
$l_logout_explain = "Close the session of the user currently connected.<br> User logged-on : <a href=\"$logout_link\" title=\"Disconnect user $user->username\"><b>$user->username</b></a><br><br>$nb_connection_history last connections :$connection_history"; |
$l_logout = "<a href=\"$logout_link\">Logoff from internet</a>"; |
} else { |
$l_logout_explain = "Your system ($user->username) is in exception of authentication.<br><br>$nb_connection_history Last logins :$connection_history"; |
$l_logout = "Connections information"; |
/web/intercept.php |
---|
50,7 → 50,7 |
$buffer = fgets($file_conf, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer); |
$conf[$tmp[0]] = trim($tmp[1]); |
$conf[trim($tmp[0])] = trim($tmp[1]); |
} |
} |
fclose($file_conf); |
68,7 → 68,7 |
// Our own path |
$loginpath = htmlspecialchars($_SERVER['PHP_SELF']); |
$alcasarpath = 'http://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN']; |
$alcasarpath = (($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN']; |
$statuspath = $alcasarpath.'/status.php'; |
// Choice of language |
98,7 → 98,7 |
$l_loggedin_stringl3 = "Su actividad en la red es registrada, de conformidad con la privacidad."; |
$l_loggedin_stringl4 = "Los datos registrados pueden ser capaces de ser operado por una autoridad judicial en el curso de una investigación."; |
$l_loggedin_stringl5 = "Estos datos se eliminan automáticamente después de un año."; |
$l_loggedin_stringl6 = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedout_string = "Cerrar sesión hizo portal cautivo!"; |
$l_reply_1 = "Your daily connexion time has been reached"; |
$l_reply_2 = "Your monthly connexion time has been reached"; |
131,7 → 131,7 |
$l_loggedin_stringl3 = "A autenticação será criptografada em 256 bits, impedindo captura por escâner de rede."; |
$l_loggedin_stringl4 = "Sua atividade na Internet será resguardada de acordo com os regulamentos da lei."; |
$l_loggedin_stringl5 = "Mantenha o popup da conexão minimizado para não interromper a cessão."; |
$l_loggedin_stringl6 = "Clique <a href='$alcasarpath'>aqui</a> para alterar sua senha, instalar certificado ou sair do portal."; |
$l_loggedin_stringl6 = "Clique <a href=\"$alcasarpath\">aqui</a> para alterar sua senha, instalar certificado ou sair do portal."; |
$l_loggedout_string = "desconexão do portal cativo"; |
$l_reply_1 = "Seu tempo de conexão diária foi finalizado"; |
$l_reply_2 = "Seu tempo de conexão mensal foi finalizado"; |
164,7 → 164,7 |
$l_loggedin_stringl3 = "您的网络活动是私密登记的."; |
$l_loggedin_stringl4 = "记录的数据能被司法机关在调查中操作使用."; |
$l_loggedin_stringl5 = "这些数据将在一年后自动删除."; |
$l_loggedin_stringl6 = "点击 <a href='$alcasarpath'> 这里 </a> 修改密码或安装浏览器安全证书"; |
$l_loggedin_stringl6 = "点击 <a href=\"$alcasarpath\"> 这里 </a> 修改密码或安装浏览器安全证书"; |
$l_loggedout_string = "强制网络门户连接已断开"; |
$l_reply_1 = "您已经达到每日连接时间"; |
$l_reply_2 = "您已经达到每月连接时间"; |
197,7 → 197,7 |
$l_loggedin_stringl3 = "نشاطك على الشبكة مسجل وفقاً لاحترام الحريات الشخصية"; |
$l_loggedin_stringl4 = "لا يمكن استغلال البيانات المسجلة إلاّ من قِبل سلطات التحقيق القضائ"; |
$l_loggedin_stringl5 = "سيتم حدف هذه البيانات تلقائياً بعد سنة من الْيَوْمَ"; |
$l_loggedin_stringl6 = "لتغيير كلمة السر أو شهادة الأمان <a href='$alcasarpath'>هنا</a> اضغط "; |
$l_loggedin_stringl6 = "لتغيير كلمة السر أو شهادة الأمان <a href=\"$alcasarpath\">هنا</a> اضغط "; |
$l_loggedout_string = "تَمّ قطع الإتصال بالبوابة الأسيرة"; |
$l_reply_1 = "انتهى وقتك اليومي للإتصال"; |
$l_reply_2 = "انتهى وقتك الشهري للإتصال"; |
230,7 → 230,7 |
$l_loggedin_stringl3 = "Ihre Tätigkeit im Netzwerk registriert ist nach Schutz der Privatsphäre."; |
$l_loggedin_stringl4 = "Die gespeicherten Daten nicht pouront genutzt werden, dass von einer Justizbehörde im Rahmen einer Untersuchung."; |
$l_loggedin_stringl5 = "Diese Daten werden automatisch gelöscht nach einem Jahr."; |
$l_loggedin_stringl6 = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedout_string = "Trennung des Portals erfolgt Gefangener!"; |
$l_reply_1 = "Your daily connexion time has been reached"; |
$l_reply_2 = "Your monthly connexion time has been reached"; |
263,7 → 263,7 |
$l_loggedin_stringl3 = "Uw activiteit op het netwerk is geregistreerd in overeenstemming met de persoonlijke levenssfeer."; |
$l_loggedin_stringl4 = "De geregistreerde gegevens kunnen worden kunnen worden bediend door een rechterlijke instantie in de loop van een onderzoek."; |
$l_loggedin_stringl5 = "Deze gegevens worden automatisch verwijderd na een jaar."; |
$l_loggedin_stringl6 = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedout_string = "Logout gemaakt intern portaal!"; |
$l_reply_1 = "Your daily connexion time has been reached"; |
$l_reply_2 = "Your monthly connexion time has been reached"; |
296,7 → 296,7 |
$l_loggedin_stringl3 = "Votre activité sur le réseau est enregistrée conformément au respect de la vie privée."; |
$l_loggedin_stringl4 = "Les données enregistrées ne pourront être exploitées que par une autorité judiciaire dans le cadre d'une enquête."; |
$l_loggedin_stringl5 = "Ces données seront automatiquement supprimées au bout d'un an."; |
$l_loggedin_stringl6 = "Cliquez <a href='$alcasarpath'>ici</a> pour changer votre mot de passe ou pour intégrer le certificat de sécurité à votre navigateur"; |
$l_loggedin_stringl6 = "Cliquez <a href=\"$alcasarpath\">ici</a> pour changer votre mot de passe ou pour intégrer le certificat de sécurité à votre navigateur"; |
$l_loggedout_string = "Déconnexion du portail captif effectuée !"; |
$l_reply_1 = "Votre durée de connexion journalière a été atteinte"; |
$l_reply_2 = "Votre durée de connexion mensuelle a été atteinte"; |
329,7 → 329,7 |
$l_loggedin_stringl3 = "Your activity on the network is registered in accordance with privacy."; |
$l_loggedin_stringl4 = "The recorded data can be able to be operated by a judicial authority in the course of an investigation."; |
$l_loggedin_stringl5 = "These data will be automatically deleted after one year."; |
$l_loggedin_stringl6 = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedout_string = "Disconnection of the captive portal made"; |
$l_reply_1 = "Your daily connexion time has been reached"; |
$l_reply_2 = "Your monthly connexion time has been reached"; |
459,7 → 459,7 |
//set the fourth bit of filter-id to '0' |
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'"; |
$res = mysqli_multi_query($link,$sql); |
header('Location: https://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs |
header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs |
exit(); |
} |
} |
/web/js/ChilliLibrary.js |
---|
250,7 → 250,7 |
return chilliController.onError('Cannot get challenge'); |
} |
if ( resp.clientSate === chilliController.stateCodes.AUTH ) { |
if ( resp.clientState === chilliController.stateCodes.AUTH ) { |
log('logonStep2: Already connected. Aborting.'); |
return chilliController.onError('Already connected.'); |
} |
/web/js/statusControler.js |
---|
1,6 → 1,4 |
chilliController.interval = 20; |
chilliController.host = "alcasar"; |
chilliController.port = 3990; |
chilliController.onUpdate = updateUI ; |
chilliController.onError = handleError ; |
chilliClock.onTick = function () { } |
/web/status.php |
---|
44,6 → 44,7 |
$connection_history = ''; |
$nb_connection_history = 3; |
$homepage_url = (($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/'; |
$useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off')); |
// Wait for chilli (update its tables) |
sleep(1); // TODO: wait after login only? |
354,6 → 355,11 |
<title>ALCASAR - <?= $organisme ?></title> |
<link type="text/css" href="css/status.css" rel="stylesheet"> |
<script src="js/ChilliLibrary.js"></script> |
<script> |
chilliController.host = '<?= $conf['HOSTNAME'].'.'.$conf['DOMAIN'] ?>'; |
chilliController.port = <?= (($useHTTPS) ? 3991 : 3990) ?>; |
chilliController.ssl = <?= (($useHTTPS) ? 'true' : 'false') ?>; |
</script> |
<script src="js/statusControler.js"></script> |
</head> |
<body> |