WebSVN – ALCASAR – Diff – /web/acc/admin/network.php

 <?php
-# $Id: network.php 2379 2017-08-17 13:03:03Z tom.houdayer $
+# $Id: network.php 2380 2017-08-17 15:59:54Z tom.houdayer $
 // written by steweb57, Rexy & Tom HOUDAYER
 /********************
 *  READ CONF FILES  *
 	$l_yes			= "Oui";
 	$l_no			= "Non";
 	$l_allow_unsecured_login	= "Autoriser les utilisateurs à se connecter de manière non sécurisée (HTTP) :";
 	$l_unsecured_login_warning	= "/!\\ Les identifiants de connexion seront envoyés en clair.";
 	$l_cert_expiration	= "Date d'expiration :";
-	$l_cert_commonname	= "Nom commun:";
+	$l_cert_commonname	= "Nom commun :";
-	$l_cert_organization	= "Organisation:";
+	$l_cert_organization	= "Organisation :";
 	$l_upload_certificate	= "Importer un certificat";
 	$l_le_integration	= "Intégration Let's Encrypt";
 	$l_le_status		= "Status :";
 	$l_disabled		= "Inactif";
 	$l_pending_validation	= "En attente de validation";
 	$l_renew_force		= "Renew (force)";
+}
 $reg_ip      = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/';
 $reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/';
+$reg_mac     = '/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/';
+$reg_host    = '/^[a-zA-Z0-9-_]+$/';
 $choix = (isset($_POST['choix'])) ? $_POST['choix'] : '';
 switch ($choix) {
 	case 'DHCP_On':
 	case 'DHCP_Off':
 		exec('sudo /usr/local/bin/alcasar-dhcp.sh -off');
 		break;
 	case 'new_mac':
+		$new_mac_addr = trim($_POST['add_mac']);
-		if ((!empty(trim($_POST['add_mac']))) && (!empty(trim($_POST['add_ip'])))) {
+		$new_ip_addr  = trim($_POST['add_ip']);
+		if (((!empty($new_mac_addr)) && (preg_match($reg_mac, $new_mac_addr))) && ((!empty($new_ip_addr)) && (preg_match($reg_ip, $new_ip_addr)))) {
 			$tab = file(ETHERS_FILE);
 			if ($tab) { // the file isn't empty
 				$insert = true;
-				$new_mac_addr = trim($_POST['add_mac'], "\x00..\x20");
-				$new_ip_addr  = trim($_POST['add_ip'],  "\x00..\x20");
 				foreach ($tab as $line) { // verify that MAC or IP address doesn't exist
 					$field = explode(' ', $line);
 					$mac_addr = trim($field[0]);
 					$ip_addr  = trim($field[1]);
 					if (strcasecmp($new_mac_addr, $mac_addr) === 0) {
+			}
+		}
 		break;
 	case 'new_host':
+		$add_host = trim($_POST['add_host']);
+		$add_ip   = trim($_POST['add_ip']);
-		if ((!empty(trim($_POST['add_host']))) and (!empty(trim($_POST['add_ip'])))) {
+		if (((!empty($add_host)) && (preg_match($reg_host, $add_host))) && ((!empty($add_ip)) && (preg_match($reg_ip, $add_ip)))) {
 			$tab = file(DNS_LOCAL_FILE);
 			if ($tab) { // the file isn't empty
 				$insert = true;
 				foreach ($tab as $line) { // verify that host or IP address doesn't exist
 					if (preg_match('/^address/', $line)) {
 						$field = explode('/', $line);
 						$host_name = trim($field[1]);
 						$ip_addr   = trim($field[2]);
-						if (strcasecmp(trim($_POST['add_host']), trim($host_name)) === 0) {
+						if (strcasecmp($add_host, $host_name) === 0) {
 							$insert = false;
 							break;
+						}
-						if (strcasecmp(trim($_POST['add_ip']), trim($ip_addr)) === 0) {
+						if (strcmp($add_ip, $ip_addr) === 0) {
 							$insert = false;
 							break;
+						}
+					}
+				}
 				if ($insert) {
-					$line1 = 'address=/'.trim($_POST['add_host']).'/'.trim($_POST['add_ip'])."\n";
+					$line1 = 'address=/'.$add_host.'/'.$add_ip."\n";
-					$explode_ip = explode('.', trim($_POST['add_ip']));
+					$explode_ip = explode('.', $add_ip);
 					$reverse_ip = implode('.', array_reverse($explode_ip));
-					$line2 = 'ptr-record='.$reverse_ip.'.in-addr.arpa,'.trim($_POST['add_host'])."\n";
+					$line2 = 'ptr-record='.$reverse_ip.'.in-addr.arpa,'.$add_host."\n";
 					$pointeur=fopen(DNS_LOCAL_FILE, 'a');
 					fwrite($pointeur, $line1);
 					fwrite($pointeur, $line2);
 					fclose($pointeur);
 					exec('sudo /usr/bin/systemctl restart dnsmasq');
 					exec('sudo /usr/bin/systemctl restart dnsmasq-blacklist');
 					exec('sudo /usr/bin/systemctl restart dnsmasq-whitelist');
-					}
+				}
+			}
+		}
 		break;
 	case 'del_host':
 		foreach ($_POST as $key => $value) {
 			if ($value == 'on') {
-				$dns_local_file = DNS_LOCAL_FILE;
-				exec("/bin/sed -i ".escapeshellarg("/$key/d")." $dns_local_file");
+				exec('/bin/sed -i '.escapeshellarg("\\@^address=/$key/@d;\\@^ptr-record=.*,$key\$@d").' '.DNS_LOCAL_FILE);
 				exec('sudo /usr/bin/systemctl restart dnsmasq');
 				exec('sudo /usr/bin/systemctl restart dnsmasq-blacklist');
 				exec('sudo /usr/bin/systemctl restart dnsmasq-whitelist');
+			}
+		}
 	case 'import_cert':	// Import certificate
 		if (isset($_FILES['key']) && isset($_FILES['crt']) && ($_FILES['key']['error'] == 0) && ($_FILES['crt']['error'] == 0)) {
 			if ($_FILES['key']['size'] <= $maxsize && $_FILES['crt']['size'] <= $maxsize) {
 				if (pathinfo($_FILES['key']['name'])['extension'] == 'key' && pathinfo($_FILES['crt']['name'])['extension'] == 'crt') {
 					$dest = '/tmp/';
-					$scpath = "";
+					$scpath = '';
 					if (isset($_FILES['sc']) && (pathinfo($_FILES['sc']['name'])['extension'] == 'crt')) {
 						$scpath = $dest.'server-chain.crt';
 						move_uploaded_file($_FILES['sc']['tmp_name'], $scpath);
+					}
-					$keypath = $dest."alcasar.key";
+					$keypath = $dest.'alcasar.key';
-					$crtpath = $dest."alcasar.crt";
+					$crtpath = $dest.'alcasar.crt';
 					move_uploaded_file($_FILES['key']['tmp_name'], $keypath);
 					move_uploaded_file($_FILES['crt']['tmp_name'], $crtpath);
 					exec("sudo alcasar-importcert.sh -i $crtpath -k $keypath -c $scpath");
 					if (file_exists($crtpath)) unlink($crtpath);
 					if (file_exists($keypath)) unlink($keypath);

Subversion Repositories ALCASAR

(root)/web/acc/admin/network.php @ 2717 – Rev 2379 → 2380