WebSVN – ALCASAR – Diff – /web/intercept.php

 <?php
-# $Id: intercept.php 1269 2013-12-16 23:13:20Z richard $
+# $Id: intercept.php 1314 2014-02-26 15:13:05Z richard $
+#
 # intercept.php for ALCASAR captive portal
 # Copyright (C) 2003, 2004 Mondru AB.
 # Modify by REXY & steweb57
 # UI & css style by stephane ERARD
 </html>";
     exit(0);
+}
 # Read form parameters which we care about
+# avoid the "user as a MAC address" attempts
+if ((isset($_POST['UserName'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/',$_POST['UserName'])!=1)){
-if (isset($_POST['UserName'])){	$username	= $_POST['UserName'];} else {$username="";}
+				$username	= $_POST['UserName'];} else {$username="";}
 if (isset($_POST['Password'])){	$password	= $_POST['Password'];} else {$password="";}
 if (isset($_POST['challenge'])){$challenge	= $_POST['challenge'];} else {$challenge="";}
 if (isset($_POST['button'])){	$button		= $_POST['button'];} else { $button="";}
 //if (isset($_POST['logout'])){	$logout		= $_POST['logout'];} else {$logout="";}
 //if (isset($_POST['prelogin'])){	$prelogin	= $_POST['prelogin'];} else {$prelogin="";}

Subversion Repositories ALCASAR