1,8 → 1,7 |
<?php |
# $Id$ |
# |
# index.php for ALCASAR |
# by REXY |
# index.php for ALCASAR bu Rexy |
# UI & css style by stephane ERARD |
# The contents of this file may be used under the terms of the GNU |
# General Public License Version 2, provided that the above copyright |
48,39 → 47,37 |
$network_pb = False; |
$cert_add = "http://$hostname/certs"; |
$direct_access = False; |
$display_button_user_not_auth_yet=False; |
$display_menu=False; |
$diagnostic = "can't contact the default router"; |
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; |
$tab = array();$user = array(); |
$connection_history = ""; |
$nb_connection_history = 3; |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
$redirect_link = "http://www.alcasar.net"; |
|
# Retrieve the user info behind the remote ip |
exec ("sudo /usr/sbin/chilli_query list|grep $remote_ip" , $tab); |
$user = explode (" ", $tab[0]); |
|
# cleaning the cache |
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); |
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); |
header("Cache-Control: post-check=0, pre-check=0", false); |
header("Pragma: no-cache"); |
|
|
# Test if it'a direct connexion to ALCASAR |
if (isset($_SERVER['HTTP_HOST']) && (($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR']) || preg_match ("/^alcasar$/", $_SERVER['HTTP_HOST']) || preg_match ("/^$hostname$/", $_SERVER['HTTP_HOST']) || preg_match ("/^$organisme$/", $_SERVER['HTTP_HOST']))) |
{ |
# Test if it's a direct connexion to ALCASAR |
if ((isset($_SERVER['HTTP_HOST'])) && (($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR']) || (preg_match ("/^alcasar$/", $_SERVER['HTTP_HOST'])) || (preg_match ("/^$hostname$/", $_SERVER['HTTP_HOST'])) || (preg_match ("/^$organisme$/", $_SERVER['HTTP_HOST'])))) |
{ |
echo $_SERVER['HTTP_HOST']." / ".$_SERVER['SERVER_ADDR']." / ".$hostname." / ".$organisme; |
$direct_access=True; |
} |
exec("sudo /usr/sbin/ipset del not_auth_yet $remote_ip"); # del user of the ipset "not_auth_yet" to not loop |
} |
# Function to adapt time connexion in seconds to H,M,S |
function secondsToDuration($seconds = null){ |
if ($seconds == null) return ""; |
|
$temp = $seconds % 3600; |
$time[0] = ( $seconds - $temp ) / 3600 ; // hours |
$time[2] = $temp % 60 ; // seconds |
$time[1] = ( $temp - $time[2] ) / 60; // minutes |
|
return $time[0]." h ".$time[1]." m ".$time[2]." s"; |
} |
|
106,66 → 103,28 |
} |
} |
} |
else |
else # user not connected |
{ |
# the user isn't connected and he isn't in the ipset "not_auth_yet" yet |
exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet); |
if(!$direct_access && $ipset_not_auth_yet[0] == '0') |
if(!$direct_access && $ipset_not_auth_yet[0] == '0') # it's an interception |
{ |
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") # if HTTPS, we redirect user to HTTP to flag him (ipset : not_auth_yet) |
{ |
header("Location: http://$_SERVER[HTTP_HOST]"); |
exit; |
} |
|
$display_button_user_not_auth_yet=True; # Display menu for user not_auth_yet, he need to click on 'open connection' to be flagged in the ipset "not_auth_yet" |
$display_menu = True; # Display menu for user not_auth_yet |
$redirect_link = $_SERVER['HTTP_HOST']; |
} |
if(isset($_GET['url'])) #When user clicked to open a connection ... |
if(isset($_GET['url'])) # When user has clicked to open a connection ... |
{ |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" to not loop when redirected |
echo "<script>window.location.href='http://$_GET[url]'</script>"; #we redirect him to his HTTP website (to be intecepted by coova) |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" (DNS requests not intercepted) |
#header('Location: http://www.alcasar.net',TRUE,307); |
header("Location: $redirect_link"); |
exit; |
|
} |
if ((!$direct_access && !$display_button_user_not_auth_yet) || $ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest. |
echo "<script>window.location.reload(true)</script>"; #We force DNS request |
} |
|
|
/* ANCIEN FONCTIONNEMENT : l'utilisateur ne cliquait pas sur le boutton pour etre flaggué + pas d'access au menu index.php avec les boutons |
# the user isn't connected and he isn't in the ipset "not_auth_yet" yet |
exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet); |
if(!$direct_access && $ipset_not_auth_yet[0] == '0') |
{ |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add in the ipset "not_auth_yet" to not loop when redirected |
|
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") |
{ |
header("Location: http://$_SERVER[HTTP_HOST]"); |
} |
else |
{ |
echo "<script>window.location.reload(true)</script>"; # the user web browser need to perform a new DNS request when redirected (as in a "<CTRL>+F5") |
echo "<script>window.location.href='http://$_SERVER[HTTP_HOST]'</script>"; |
} |
exit; |
} |
if(!$direct_access) #If user is already in not_auth_yet |
{ |
echo "<script>window.location.reload(true)</script>"; #We force DNS request |
exit; |
}*/ |
|
|
|
if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest. |
echo "<script>window.location.reload(true)</script>"; # force DNS request |
} |
} |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_access_denied = "ACCÈS REFUSÉ"; |
$l_access_denied = "Contrôle d'accès"; |
$l_access_welcome = "Bienvenue sur ALCASAR"; |
$l_access_unavailable = "ACCÈS INDISPONIBLE"; |
$l_required_domain = "Site WEB demandé"; |
183,17 → 142,7 |
$l_category = "catégorie :"; |
if ((isset ($user[4])) && ($user[4] == "0")) { |
$l_logout_explain = "Aucune session de consultation Internet n'est actuellement ouverte sur votre système."; |
|
if($display_button_user_not_auth_yet) |
{ |
$l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Ouvrir une session Internet</a>"; |
} |
else |
{ |
$l_logout = "<a href=\"http://www.google.com\">Ouvrir une session Internet</a>"; |
} |
|
|
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Ouvrir une session Internet</a>"; |
} |
else { |
if ($user[5] != $user[0]) // authentication exception or not |
216,7 → 165,7 |
$l_acc_sms = "Auto enregistrement par SMS"; |
} |
else if($Language == 'pt'){ |
$l_access_denied = "Acesso negado"; |
$l_access_denied = "Controle de acesso"; |
$l_access_welcome = "Bem-vindo ao Alcasar"; |
$l_access_unavailable = "ACESSO INDISPONÍVEL"; |
$l_required_domain = "Site WEB Obrigatório"; |
233,18 → 182,8 |
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Essa foi uma ajuda complementar</a>"; |
$l_category = "categoria :"; |
if ((isset ($user[4])) && ($user[4] == "0")) { |
$l_logout_explain = "Não há conexão de Internet aberta em seu computador, deseja conectar?"; |
if($display_button_user_not_auth_yet) |
{ |
$l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Abrir uma conexão de Internet</a>"; |
} |
else |
{ |
$l_logout = "<a href=\"http://www.google.com\">Abrir uma conexão de Internet</a>"; |
} |
|
|
|
$l_logout_explain = "Não há conexão de Internet aberta em seu computador, deseja conectar?"; |
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Abrir uma conexão de Internet</a>"; |
} |
else { |
if ($user[5] != $user[0]) // authentication exception or not |
267,7 → 206,7 |
$l_acc_sms = "Auto registration by SMS"; |
} |
else { |
$l_access_denied = "ACCESS DENIED"; |
$l_access_denied = "Access control"; |
$l_access_welcome = "Welcome on ALCASAR"; |
$l_access_unavailable = "ACCESS UNAVAILABLE"; |
$l_required_domain = "Required WEB site"; |
284,17 → 223,8 |
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Complementary help</a>"; |
$l_category = "category :"; |
if ((isset ($user[4])) && ($user[4] == "0")) { |
$l_logout_explain = "No Internet consultation session is actualy open on your system"; |
if($display_button_user_not_auth_yet) |
{ |
$l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Open an Internet session</a>"; |
} |
else |
{ |
$l_logout = "<a href=\"http://www.google.com\">Open an Internet session</a>"; |
} |
|
|
$l_logout_explain = "No Internet consultation session is actualy open on your system"; |
$l_logout = "<a href=\"http://$hostname/index.php?url=$redirect_link\">Open an Internet session</a>"; |
} |
else { |
if ($user[5] != $user[0]) // authentication exception or not |
321,7 → 251,7 |
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny)); |
|
# set the icons |
$img_rep = "http://alcasar/images/"; |
$img_rep = "./images/"; |
$img_organisme = "organisme.png"; |
$img_access = "globe_acces_70.png"; |
$img_connect = "globe_70.png"; |
346,6 → 276,12 |
$img_internet = $img_connect; |
} |
|
# cleaning the cache |
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); |
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); |
header("Cache-Control: post-check=0, pre-check=0", false); |
header("Pragma: no-cache"); |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
355,26 → 291,19 |
<meta http-equiv="Cache-control" content="no-cache"> |
<meta http-equiv="Pragma" content="no-cache"> |
<?php |
if($display_button_user_not_auth_yet) #if user is intercepted (ipset:not_auth_yet), css style is not included properly |
{ |
echo "<style>"; |
include("css/style_intercept.css"); |
echo "</style>"; |
echo "<style>"; |
include("css/style_intercept.css"); |
echo "</style>"; |
?> |
<script type="text/javascript"> |
function valoriserDiv5(param){ |
document.getElementById("box_info").innerHTML = param.innerHTML; |
} |
else |
{ |
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"css/style_intercept.css\">"; |
} |
?> |
<script type="text/javascript"> |
function valoriserDiv5(param){ |
document.getElementById("box_info").innerHTML = param.innerHTML; |
} |
</script> |
</script> |
</head> |
<body onload="valoriserDiv5(text_conn);"> |
<?php |
if ($direct_access || $display_button_user_not_auth_yet){ |
if ($direct_access || $display_menu){ |
echo " |
<div id=\"cadre_titre\" class=\"titre_controle\"> |
<p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>"; |
424,7 → 353,7 |
} |
?> |
<?php |
if ($direct_access || $display_button_user_not_auth_yet){ |
if ($direct_access || $display_menu){ |
echo " <div id=\"box_bienvenue\"> |
$l_welcome |
</div> |