Line 1... |
Line 1... |
1 |
<?php
|
1 |
<?php
|
2 |
# $Id: intercept.php 2370 2017-08-09 23:20:58Z tom.houdayer $
|
2 |
# $Id: intercept.php 2378 2017-08-16 20:11:31Z tom.houdayer $
|
3 |
#
|
3 |
#
|
4 |
# intercept.php for ALCASAR captive portal
|
4 |
# intercept.php for ALCASAR captive portal
|
5 |
# Copyright (C) 2003, 2004 Mondru AB.
|
5 |
# Copyright (C) 2003, 2004 Mondru AB.
|
6 |
# Modify by REXY & steweb57
|
6 |
# Modify by REXY & steweb57
|
7 |
# UI & css style by stephane ERARD
|
7 |
# UI & css style by stephane ERARD
|
Line 66... |
Line 66... |
66 |
// Check if the SMS service is enable
|
66 |
// Check if the SMS service is enable
|
67 |
$service_SMS_status = false;
|
67 |
$service_SMS_status = false;
|
68 |
|
68 |
|
69 |
// Our own path
|
69 |
// Our own path
|
70 |
$loginpath = htmlspecialchars($_SERVER['PHP_SELF']);
|
70 |
$loginpath = htmlspecialchars($_SERVER['PHP_SELF']);
|
- |
|
71 |
$useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off'));
|
71 |
$alcasarpath = (($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'];
|
72 |
$alcasarpath = (($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'];
|
72 |
$statuspath = $alcasarpath.'/status.php';
|
73 |
$statuspath = $alcasarpath.'/status.php';
|
73 |
|
74 |
|
74 |
// Choice of language
|
75 |
// Choice of language
|
75 |
$Language = 'en';
|
76 |
$Language = 'en';
|
Line 367... |
Line 368... |
367 |
exit();
|
368 |
exit();
|
368 |
}
|
369 |
}
|
369 |
|
370 |
|
370 |
# Read form parameters which we care about
|
371 |
# Read form parameters which we care about
|
371 |
# avoid the "user as a MAC address" attempts
|
372 |
# avoid the "user as a MAC address" attempts
|
372 |
if ((isset($_POST['UserName'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['UserName']) !== 1))
|
373 |
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
|
373 |
$username = htmlspecialchars($_POST['UserName']); else $username = '';
|
374 |
$username = htmlspecialchars($_POST['username']); else $username = '';
|
374 |
if (isset($_POST['Password'])) $password = htmlspecialchars($_POST['Password']); else $password = '';
|
375 |
if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = '';
|
375 |
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
|
376 |
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
|
376 |
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
|
377 |
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
|
377 |
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
|
378 |
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
|
378 |
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
|
379 |
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
|
379 |
if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
|
380 |
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
|
380 |
if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
|
381 |
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
|
381 |
if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
|
382 |
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
|
382 |
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
|
383 |
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
|
383 |
if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
|
384 |
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
|
384 |
if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
|
385 |
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
|
385 |
|
386 |
|
386 |
# Read query parameters which we care about
|
387 |
# Read query parameters which we care about
|
387 |
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']);
|
388 |
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
|
- |
|
389 |
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
|
388 |
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
|
390 |
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
|
389 |
if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
|
391 |
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
|
390 |
if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
|
392 |
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
|
- |
|
393 |
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
|
391 |
if (isset($_GET['reply'])) $reply = htmlspecialchars($_GET['reply']); else $reply = '';
|
394 |
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
|
- |
|
395 |
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
|
392 |
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
|
396 |
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
|
393 |
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']);
|
- |
|
394 |
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']);
|
- |
|
395 |
|
397 |
|
- |
|
398 |
// TODO: clean unused query params
|
- |
|
399 |
|
396 |
// Get required parameters from CoovaChilli config file if missing
|
400 |
$uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN'];
|
397 |
if (empty($uamip)) {
|
401 |
if ($useHTTPS) {
|
398 |
$uamip = trim(exec('grep uamlisten /etc/chilli.conf | sed -e "s/uamlisten//"'));
|
402 |
$uamproto = 'https';
|
- |
|
403 |
$uamport = 3991;
|
399 |
}
|
404 |
} else {
|
400 |
if (empty($uamport)) {
|
405 |
$uamproto = 'http';
|
401 |
$uamport = trim(exec('grep uamport /etc/chilli.conf | sed -e "s/uamport//"'));
|
406 |
$uamport = 3990;
|
402 |
}
|
407 |
}
|
403 |
|
408 |
|
404 |
# translation of radius replies
|
409 |
# translation of radius replies
|
405 |
if (isset($reply)) {
|
410 |
if (!empty($reply)) {
|
406 |
switch (trim($reply)) {
|
411 |
switch ($reply) {
|
407 |
case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1; break;
|
412 |
case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1; break;
|
408 |
case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2; break;
|
413 |
case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2; break;
|
409 |
case 'You are calling outside your allowed timespan' : $reply = $l_reply_3; break;
|
414 |
case 'You are calling outside your allowed timespan' : $reply = $l_reply_3; break;
|
410 |
case 'Password Has Expired' : $reply = $l_reply_4; break;
|
415 |
case 'Password Has Expired' : $reply = $l_reply_4; break;
|
411 |
case 'You are already logged in - access denied' : $reply = $l_reply_5; break;
|
416 |
case 'You are already logged in - access denied' : $reply = $l_reply_5; break;
|
Line 427... |
Line 432... |
427 |
|
432 |
|
428 |
$newpwd = pack('a*', $password);
|
433 |
$newpwd = pack('a*', $password);
|
429 |
// Encode plain text password with challenge
|
434 |
// Encode plain text password with challenge
|
430 |
$pappassword = implode('', unpack('H*', ($newpwd ^ $newchal)));
|
435 |
$pappassword = implode('', unpack('H*', ($newpwd ^ $newchal)));
|
431 |
|
436 |
|
432 |
header("Location: http://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl");
|
437 |
header("Location: $uamproto://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl");
|
433 |
exit();
|
438 |
exit();
|
434 |
}
|
439 |
}
|
435 |
|
440 |
|
436 |
switch($res) {
|
441 |
switch($res) {
|
437 |
case 'success': $result = 1; break; // If login successful
|
442 |
case 'success': $result = 1; break; // If login successful
|
Line 441... |
Line 446... |
441 |
case 'notyet': $result = 5; break; // If not logged in yet
|
446 |
case 'notyet': $result = 5; break; // If not logged in yet
|
442 |
default: $result = 0; // Default: It was not a form request -> client go to login form
|
447 |
default: $result = 0; // Default: It was not a form request -> client go to login form
|
443 |
}
|
448 |
}
|
444 |
|
449 |
|
445 |
//check if we need to warn user about the imputability logs.
|
450 |
//check if we need to warn user about the imputability logs.
|
446 |
if($result === 1) {
|
451 |
if ($result === 1) {
|
447 |
if ((is_file('./acc/manager/lib/sql/drivers/mysql/functions.php')) && (is_file('/etc/freeradius-web/config.php'))) {
|
452 |
if ((is_file('./acc/manager/lib/sql/drivers/mysql/functions.php')) && (is_file('/etc/freeradius-web/config.php'))) {
|
448 |
include_once('/etc/freeradius-web/config.php');
|
453 |
include_once('/etc/freeradius-web/config.php');
|
449 |
include_once('./acc/manager/lib/sql/drivers/mysql/functions.php');
|
454 |
include_once('./acc/manager/lib/sql/drivers/mysql/functions.php');
|
450 |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
|
455 |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
|
451 |
if ($link) {
|
456 |
if ($link) {
|
Line 453... |
Line 458... |
453 |
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid' AND attribute='Filter-Id'";
|
458 |
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid' AND attribute='Filter-Id'";
|
454 |
$res = @da_sql_query($link, $config, $sql); // on affiche pas les erreurs
|
459 |
$res = @da_sql_query($link, $config, $sql); // on affiche pas les erreurs
|
455 |
if ($res) {
|
460 |
if ($res) {
|
456 |
$row = @da_sql_fetch_array($res, $config);
|
461 |
$row = @da_sql_fetch_array($res, $config);
|
457 |
$filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
|
462 |
$filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
|
458 |
if($filter_id[3] === '1') {
|
463 |
if ($filter_id[3] === '1') {
|
459 |
//set the fourth bit of filter-id to '0'
|
464 |
//set the fourth bit of filter-id to '0'
|
460 |
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
|
465 |
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
|
461 |
$res = mysqli_multi_query($link,$sql);
|
466 |
$res = mysqli_multi_query($link,$sql);
|
462 |
header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs
|
467 |
header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs
|
463 |
exit();
|
468 |
exit();
|
Line 465... |
Line 470... |
465 |
}
|
470 |
}
|
466 |
}
|
471 |
}
|
467 |
}
|
472 |
}
|
468 |
}
|
473 |
}
|
469 |
|
474 |
|
470 |
// Otherwise it was not a form request
|
475 |
// By default, redirect to prelogin in order to generate a challenge
|
471 |
// Send out an error message
|
- |
|
472 |
if ($result === 0) { //erreur
|
476 |
if ($result === 0) {
|
473 |
header("Location: http://$uamip:$uamport/prelogin");
|
477 |
header("Location: $uamproto://$uamip:$uamport/prelogin");
|
474 |
exit();
|
478 |
exit();
|
475 |
}
|
479 |
}
|
476 |
|
480 |
|
477 |
// Cleaning the cache
|
481 |
// Cleaning the cache
|
478 |
header('Expires: Tue, 01 Jan 2000 00:00:00 GMT');
|
482 |
header('Expires: Tue, 01 Jan 2000 00:00:00 GMT');
|
Line 509... |
Line 513... |
509 |
} else {
|
513 |
} else {
|
510 |
window.location = '<?= $statuspath ?>';
|
514 |
window.location = '<?= $statuspath ?>';
|
511 |
}
|
515 |
}
|
512 |
}
|
516 |
}
|
513 |
if ((result === 2) || (result === 3) || result === 5) { // failed or logoff or notyet
|
517 |
if ((result === 2) || (result === 3) || result === 5) { // failed or logoff or notyet
|
514 |
document.form1.UserName.focus();
|
518 |
document.form1.username.focus();
|
515 |
}
|
519 |
}
|
516 |
}
|
520 |
}
|
517 |
</script>
|
521 |
</script>
|
518 |
<link rel="stylesheet" href="/css/style_intercept.css" type="text/css">
|
522 |
<link rel="stylesheet" href="/css/style_intercept.css" type="text/css">
|
519 |
</head>
|
523 |
</head>
|
Line 533... |
Line 537... |
533 |
if ($userurl === 'http://logout/') $userurl = 'http://www.google.com'; // Avoid cyclic logout
|
537 |
if ($userurl === 'http://logout/') $userurl = 'http://www.google.com'; // Avoid cyclic logout
|
534 |
?>
|
538 |
?>
|
535 |
<img id="logo-alcasar" src="/images/logo-alcasar.png">
|
539 |
<img id="logo-alcasar" src="/images/logo-alcasar.png">
|
536 |
<form name="form1" method="post" action="<?= $loginpath ?>">
|
540 |
<form name="form1" method="post" action="<?= $loginpath ?>">
|
537 |
<input type="hidden" name="challenge" value="<?= $challenge ?>">
|
541 |
<input type="hidden" name="challenge" value="<?= $challenge ?>">
|
538 |
<input type="hidden" name="uamip" value="<?= $uamip ?>">
|
- |
|
539 |
<input type="hidden" name="uamport" value="<?= $uamport ?>">
|
- |
|
540 |
<input type="hidden" name="userurl" value="<?= $userurl ?>">
|
542 |
<input type="hidden" name="userurl" value="<?= $userurl ?>">
|
541 |
<table id="boite-logon">
|
543 |
<table id="boite-logon">
|
542 |
<tr>
|
544 |
<tr>
|
543 |
<td width="20%" rowspan="4"><img id="logo-organ" src="/images/organisme.png"></td>
|
545 |
<td width="20%" rowspan="4"><img id="logo-organ" src="/images/organisme.png"></td>
|
544 |
<td width="30%" align="right"><?= $l_user ?></td>
|
546 |
<td width="30%" align="right"><?= $l_user ?></td>
|
545 |
<td width="50%" align="left"><input type="text" maxLength="32" name="UserName" autocomplete="off"></td>
|
547 |
<td width="50%" align="left"><input type="text" maxLength="32" name="username" autocomplete="off"></td>
|
546 |
</tr>
|
548 |
</tr>
|
547 |
<tr>
|
549 |
<tr>
|
548 |
<td align="right"><?= $l_password ?></td>
|
550 |
<td align="right"><?= $l_password ?></td>
|
549 |
<td align="left"><input maxLength="32" type="password" name="Password" autocomplete="off"></td>
|
551 |
<td align="left"><input maxLength="32" type="password" name="password" autocomplete="off"></td>
|
550 |
</tr>
|
552 |
</tr>
|
551 |
<tr>
|
553 |
<tr>
|
552 |
<td height="23" align="left"><input value="<?= $l_boutonO ?>" type="submit" name="button"></td>
|
554 |
<td height="23" align="left"><input value="<?= $l_boutonO ?>" type="submit" name="button"></td>
|
553 |
<?php if ($service_SMS_status): ?>
|
555 |
<?php if ($service_SMS_status): ?>
|
554 |
<td><a href="autoregistrationinfo.php"><?= $l_autoregistration ?></a></td>
|
556 |
<td><a href="autoregistrationinfo.php"><?= $l_autoregistration ?></a></td>
|