28,6 → 28,8 |
} |
fclose($file_conf); |
|
$csrf_key = ""; |
$csrf_token = hash('sha256', $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'].$_SERVER['REQUEST_URI'].$csrf_key); |
$tmp = explode("/",$conf["PRIVATE_IP"]); |
$private_ip=$tmp[0]; |
$intif = $conf["INTIF"]; |
113,8 → 115,8 |
} |
|
if (isset($_POST['action'])){ |
if (filter_var(trim($_POST['mac_addr']), FILTER_VALIDATE_MAC) !== false){ |
$mac= trim($_POST['mac_addr']); |
$mac= trim($_POST['mac_addr']); |
if ((filter_var($mac, FILTER_VALIDATE_MAC) !== false) && (trim($_POST['post_csrf_token']) == $csrf_token)){ |
switch ($_POST['action']){ |
case "$l_disconnect" : |
exec("sudo /usr/sbin/chilli_query logout ".$mac); |
140,6 → 142,7 |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &'); |
break; |
} |
|
} |
unset($_POST['mac_addr']); |
} |
223,6 → 226,7 |
echo "</td><td>"; |
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; |
echo "<input type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">"; |
echo "<input type=\"hidden\" name=\"post_csrf_token\" value=\"$csrf_token\">"; |
if($IoT_capture == "on"){ |
if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON"){ |
echo "<input type=\"submit\" onClick=\"document.getElementById('ldoverlay').style.display='block';\" name=\"action\" value=\"$l_stop_capture_disconnect\">"; |
247,6 → 251,7 |
echo "<td>"; |
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; |
echo "<input type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">"; |
echo "<input type=\"hidden\" name=\"post_csrf_token\" value=\"$csrf_token\">"; |
echo "<input type=\"submit\" onClick=\"document.getElementById('ldoverlay').style.display='block';\" name=\"action\" value=\"$l_disconnect\">"; |
echo "</form></td>"; |
} |
264,6 → 269,7 |
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; |
# Dissociate user (... or other) who is not connected yet |
echo "<input type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">"; |
echo "<input type=\"hidden\" name=\"post_csrf_token\" value=\"$csrf_token\">"; |
exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info", $mac_in_ether_file); |
if (empty($mac_in_ether_file[1])){ |
echo "<input type=\"submit\" onClick=\"document.getElementById('ldoverlay').style.display='block';\" name=\"action\" value=\"$l_dissociate\">"; // Dissociate only MAC not in ether file (dhcp) |