WebSVN – ALCASAR – Diff – /web/intercept.php

 /****************************************************************
 *                       GLOBAL FILE PATHS                       *
 *****************************************************************/
 define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
+define ("DOMAIN_ALLOWED_LIST", "/usr/local/etc/alcasar-uamdomain");
 /****************************************************************
 *                               FILE TEST                       *
 *****************************************************************/
 //Test de présence et des droits en lecture des fichiers de configuration.
+}
 if (!is_readable(CONF_FILE)){
         exit("Vous n'avez pas les droits de lecture sur le fichier ".CONF_FILE);
+}
+//Test de présence de domaine ou IP accessibles sans authentificaion
+$conf_files=array(DOMAIN_ALLOWED_LIST);
+foreach ($conf_files as $file){
+        if (!file_exists($file)){
+                exit("Fichier ".$file." non présent");
+        }
+        if (!is_readable($file)){
+                exit("Vous n'avez pas les droits de lecture sur le fichier ".$file);
+        }
+}
 /****************************************************************
 *                       Read CONF_FILE                          *
 *****************************************************************/
 $ouvre=fopen(CONF_FILE,"r");
 if ($ouvre){
 fclose($ouvre);
 $organisme = $conf["ORGANISM"];
 # Shared secret used to encrypt challenge with radius.
-$uamsecret = "";
+$uamsecret = "ZHoGm7No";
 # URL loaded after success authenticates (let blank for browser defaults)
 $adminurl = "";
 # Our own path
 $loginpath      = $_SERVER['PHP_SELF'];
 $alcasarpath = "http://alcasar";
 $statuspath = $alcasarpath."/status.php";
 $debug          = false;
+# Domain and url allowed without authentication
+$domain_allowed_list="/usr/local/etc/alcasar-uamdomain";
+$url_allowed_list="/usr/local/etc/alcasar-uamallowed";
 # Choice of language
 $Language = 'en';
 if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
   $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
   $l_reply_4 = "your account expired";
   $l_reply_5 = "You have reached the maximum number of simultaneous logins";
   $l_reply_6 = "Your authorized connexion time has been reached";
   $l_online_time = "Tiempo en linea";
   $l_remaining_time = "Tiempo restante";
+  $l_uam_domain = "acceso directo : ";}
+else if ($Language == 'pt'){
+  $l_ChilliError        = "A autenticação deve ser bem sucedido através do serviço de portal cativo.";
+  $l_login              = "Sucesso na autenticação.<HR>Não feche essa janela para não interromper a conexão";
+  $l_logout             = "Fechando a conexão";
+  $l_loginfailed        = "Falha na autenticação";
-}
+  $l_loggingin          = "Identificação do portal cativo";
+  $l_loggedcont         = "Access Control";
+  $l_loggedout          = "Sua conexão foi fechada";
+  $l_user               = "Usuário";
+  $l_password           = "Senha";
+  $l_wait               = "Por favor, aguarde um momento ...";
+  $l_onlinetime         = "Tempo de conexão:";
+  $l_remainingtime      = "Desconectado em:";
+  $l_encrypted          = "A conexão com o portal deve ser criptografada";
+  $l_boutonO            = "Autenticação";
+  $l_boutonF            = "Fechar";
+  $l_loggedin_stringl1 = "Sistema de Segurança da Informação";
+  $l_loggedin_stringl2 = "Esse controle foi criado para seguir dentro dos regulamentos vingentes da lei";
+  $l_loggedin_stringl3 = "Por isto suas atividades na rede serão registradas de acordo com seus acessos, mas garantindo ainda sua privacidade.";
+  $l_loggedin_stringl4 = "Os dados gravados só serão capaz de ser operado por uma autoridade judicial no decorrer de uma investigação.";
+  $l_loggedin_stringl5 = "Esses dados serão automaticamente excluídos depois de um ano.";
+  $l_loggedin_stringl6 = "Clique <a href='$alcasarpath'>aqui</a> para alterar sua senha Sair do portal cativo.";
+  $l_loggedout_string = "desconexão do portal cativo fez";
+  $l_reply_1 = "Your daily connexion time has been reached";
+  $l_reply_2 = "Seu tempo de conexão mensal foi finalizado";
+  $l_reply_3 = "Você tenta conectar-se fora do seu período de tempo permitido";
+  $l_reply_4 = "Sua conta expirou";
+  $l_reply_5 = "Você atingiu o número máximo de logins simultâneos";
+  $l_reply_6 = "Seu tempo de conexão autorizada finalizou";
+  $l_online_time = "Tempo Online";
+  $l_remaining_time = "Tempo restante";
+  $l_uam_domain = "acesso directo : ";}
 else if($Language == 'de'){
   $l_ChilliError        = "Die Authentifizierung ist erfolgreich durch die Nutzung des Portals erfolgt.";
   $l_login              = "Erfolgreiche Authentifizierung.<HR>Schlißen dieses fensters unterbricht die sitzung";
   $l_logout             = "Beenden der Verbindung";
   $l_loginfailed        = "Authentifizierungsfehler Eigenverbrauch";
   $l_reply_4 = "your account expired";
   $l_reply_5 = "You have reached the maximum number of simultaneous logins";
   $l_reply_6 = "Your authorized connexion time has been reached";
   $l_online_time = "Online-zeit";
   $l_remaining_time = "Restzeit";
-}
+  $l_uam_domain = "accès direkten : ";}
 else if($Language == 'nl'){
   $l_ChilliError        = "De authenticatie moet een succes worden via de captive portal dienst.";
   $l_login              = "Succesvolle authenticatie.<HR>Dit venster te sluiten onderbreekt uw sessie.";
   $l_logout             = "Slotkoers verbinding";
   $l_loginfailed        = "Authenticatie mislukt";
   $l_reply_4 = "your account expired";
   $l_reply_5 = "You have reached the maximum number of simultaneous logins";
   $l_reply_6 = "Your authorized connexion time has been reached";
   $l_online_time = "Online tijd";
   $l_remaining_time = "Reterende tijd";
-}
+  $l_uam_domain = "Direct access : ";}
 else if($Language == 'fr'){
   $l_ChilliError        = "L'authentification doit &ecirc;tre r&eacute;ussie au travers du service du portail captif.";
   $l_login              = "Authentification r&eacute;ussie.<HR>La fermeture de cette fenêtre interrompt votre session.";
   $l_logout             = "Fermeture de la session";
   $l_loginfailed        = "Echec d'authentification";
   $l_reply_4 = "Votre compte a expir&eacute";
   $l_reply_5 = "Vous avez atteint le nombre maximum de connexions simultan&eacute;es";
   $l_reply_6 = "Votre dur&eacute;e de connexion autoris&eacute;e a &eacute;t&eacute; atteinte";
   $l_online_time = "Temps de connexion";
   $l_remaining_time = "Temps restant";
-}
+  $l_uam_domain = "Acc&egrave;s dirrect : ";}
 else{
   $l_ChilliError        = "The authentication must be successful through the captive portal service.";
   $l_login              = "Successful authentication.<HR>Closing this window interrupts your session";
   $l_logout             = "Closing connection";
   $l_loginfailed        = "Authentication Failed";
   $l_loggedin_stringl2 = "That control was set up regulations to ensure traceability, accountability and non-repudiation of connections.";
   $l_loggedin_stringl3 = "Your activity on the network is registered in accordance with privacy.";
   $l_loggedin_stringl4 = "The recorded data can be able to be operated by a judicial authority in the course of an investigation.";
   $l_loggedin_stringl5 = "These data will be automatically deleted after one year.";
   $l_loggedin_stringl6 = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser";
-  $l_loggedout_string = "Logout made captive portal!";
+  $l_loggedout_string = "Disconnection of the captive portal made";
   $l_reply_1 = "Your daily connexion time has been reached";
   $l_reply_2 = "Your monthly connexion time has been reached";
   $l_reply_3 = "You try to connect outside of your allowed timespan";
   $l_reply_4 = "your account expired";
   $l_reply_5 = "You have reached the maximum number of simultaneous logins";
   $l_reply_6 = "Your authorized connexion time has been reached";
   $l_online_time = "Online time";
   $l_remaining_time = "Remaining time";
-}
+  $l_uam_domain = "Direct access : ";}
 # If https not use, tell it's wrong
 if (!(isset($_SERVER['HTTPS'])&&($_SERVER['HTTPS'] == 'on'))) {
 echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
 <html>
                                                 <LI>$l_loggedin_stringl5</LI>
                                                 <LI>$l_loggedin_stringl6</LI>
                                         </ul>
                                 </td>
                         </tr>
-                </table>
+                </table>";
+// Read the "Domain alowed" file
+$tab=file(DOMAIN_ALLOWED_LIST);
+if ($tab)  # the file isn't empty
+        {
+        echo "<div id=\"authorized_domain\"><li>$l_uam_domain</li>";
+        foreach ($tab as $line)
+                {
+                if (trim($line) != '') # the line isn't empty
+                {
+                        $domain_allowed=explode("#", $line);
+                        $uamdomain=trim($domain_allowed[0],"#");
+                        $domain=explode("\"", $uamdomain);
+                        if ((isset($domain_allowed[1])) && (trim($domain_allowed[1]) != '')){
+                                echo "<li><a href=\"http://".trim($domain[1])."\">".trim($domain_allowed[1])."</a></li>";
+                        }
+                        else echo"<li><a href=\"http://".trim($domain[1])."\">".trim($domain[1])."</a></li>";
+                        }
+                }
+                echo "</div>";
+        }
+echo "
   </form>
   </div>
   </center>
 </body>
 </html>";

Subversion Repositories ALCASAR

(root)/web/intercept.php – Rev 897 → 913