Subversion Repositories ALCASAR

Rev

Rev 2216 | Rev 2252 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2216 Rev 2234
Line 1... Line 1...
1
<?php
1
<?php
2
# $Id: index.php 2216 2017-05-09 20:31:16Z tom.houdayer $
2
# $Id: index.php 2234 2017-05-18 21:20:10Z richard $
3
#
3
#
4
# index.php for ALCASAR by Rexy
4
# index.php for ALCASAR by Rexy
5
# UI & css style by stephane ERARD
5
# UI & css style by stephane ERARD
6
# The contents of this file may be used under the terms of the GNU
6
# The contents of this file may be used under the terms of the GNU
7
# General Public License Version 2, provided that the above copyright
7
# General Public License Version 2, provided that the above copyright
Line 31... Line 31...
31
$file_conf = fopen(CONF_FILE, 'r');
31
$file_conf = fopen(CONF_FILE, 'r');
32
if (!$file_conf) {
32
if (!$file_conf) {
33
	exit('Error opening the file '.CONF_FILE);
33
	exit('Error opening the file '.CONF_FILE);
34
}
34
}
35
while (!feof($file_conf)) {
35
while (!feof($file_conf)) {
36
	$tampon = fgets($file_conf, 4096);
36
	$buffer = fgets($file_conf, 4096);
37
	if ((strpos($tampon, '=') !== false) && (substr($tampon, 0, 1) !== '#')) {
37
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
38
		$tmp = explode('=', $tampon);
38
		$tmp = explode('=', $buffer);
39
		$conf[$tmp[0]] = trim($tmp[1]);
39
		$conf[$tmp[0]] = trim($tmp[1]);
40
	}
40
	}
41
}
41
}
42
fclose($file_conf);
42
fclose($file_conf);
43
 
43
 
44
$organisme = trim($conf["ORGANISM"]);
44
$organisme = $conf["ORGANISM"];
45
$hostname = trim($conf["HOSTNAME"]).'.'.trim($conf["DOMAIN"]);
45
$hostname  = $conf["HOSTNAME"].'.'.$conf["DOMAIN"];
46
$network_pb = False; # "alcasar-watchdog.sh" changes this value if a network issue is detected
46
$network_pb = False; # "alcasar-watchdog.sh" changes this value if a network issue is detected
47
$diagnostic = "can't contact the default router"; # "alcasar-watchdog.sh" changes this value if a network issue is detected
47
$diagnostic = "can't contact the default router"; # "alcasar-watchdog.sh" changes this value if a network issue is detected
48
$cert_add = "http://$hostname/certs";
48
$cert_add = "http://$hostname/certs";
49
$direct_access = False;
49
$direct_access = False;
50
$display_menu=False;
-
 
51
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
50
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
52
$tab = array();$user = array();
51
$tab = array();$user = array();
53
$connection_history =  "";
52
$connection_history =  "";
54
$nb_connection_history = 3;
53
$nb_connection_history = 3;
55
$Language = 'en';
54
$Language = 'en';
Line 64... Line 63...
64
$user = explode (" ", $tab[0]);
63
$user = explode (" ", $tab[0]);
65
 
64
 
66
# Test if it's a direct connexion to ALCASAR
65
# Test if it's a direct connexion to ALCASAR
67
if (isset($_SERVER['HTTP_HOST']) && (($_SERVER['HTTP_HOST'] === $_SERVER['SERVER_ADDR']) || ($_SERVER['HTTP_HOST'] === 'alcasar') || ($_SERVER['HTTP_HOST'] === $hostname) || ($_SERVER['HTTP_HOST'] === $organisme))) {
66
if (isset($_SERVER['HTTP_HOST']) && (($_SERVER['HTTP_HOST'] === $_SERVER['SERVER_ADDR']) || ($_SERVER['HTTP_HOST'] === 'alcasar') || ($_SERVER['HTTP_HOST'] === $hostname) || ($_SERVER['HTTP_HOST'] === $organisme))) {
68
	$direct_access = true;
67
	$direct_access = true;
69
	exec("sudo /usr/sbin/ipset del not_auth_yet $remote_ip"); # del user of the ipset "not_auth_yet" to not loop
-
 
70
}
68
}
71
 
69
 
72
# Function to adapt time connexion in seconds to H,M,S
70
# Function to adapt time connexion in seconds to H,M,S
73
function secondsToDuration($seconds = null){
71
function secondsToDuration($seconds = null){
74
	if ($seconds == null) return "";
72
	if ($seconds == null) return "";
Line 78... Line 76...
78
	$time[1] = ( $temp - $time[2] ) / 60;		// minutes
76
	$time[1] = ( $temp - $time[2] ) / 60;		// minutes
79
	return $time[0]." h ".$time[1]." m ".$time[2]." s";
77
	return $time[0]." h ".$time[1]." m ".$time[2]." s";
80
}
78
}
81
 
79
 
82
# if user need to be warned
80
# if user need to be warned
83
if(isset($_GET['warn']) && isset($_GET['url']))
81
if (isset($_GET['warn']) && isset($_GET['url'])) {
84
{
-
 
85
	$direct_access = False;
82
	$direct_access = false;
86
}
83
}
87
 
84
 
88
if ((isset ($user[4])) && ($user[4] != "0")){ # the user is authenticated
85
if ((isset($user[4])) && ($user[4] != "0")) { # the user is authenticated
89
	if(isset($_GET['redirect'])) # if user has been warned, we redirect him to his website
86
	if (isset($_GET['redirect'])) { # if user has been warned, we redirect him to his website
90
	{
-
 
91
		header('Location: '.$_GET['url'], true, 307);
87
		header('Location: '.$_GET['url'], true, 307);
92
		exit; 
88
		exit();
93
	}
89
	}
-
 
90
 
94
	# we retrieve his three last connections
91
	# we retrieve his three last connections
95
	if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
92
	if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
96
		include_once("/etc/freeradius-web/config.php");
93
		include_once("/etc/freeradius-web/config.php");
97
		include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
94
		include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
98
		$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history";
95
		$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history";
Line 109... Line 106...
109
				$connection_history.="</ul>";
106
				$connection_history.="</ul>";
110
			}
107
			}
111
		}
108
		}
112
	}
109
	}
113
}
110
}
114
else # the user isn't authenticated
111
else { # the user isn't authenticated
115
{
-
 
116
	exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet);
-
 
117
	if(!$direct_access && $ipset_not_auth_yet[0] == '0'){ # it's the first stage of the interception
-
 
118
		$display_menu = True; # Display menu for user not_auth_yet
-
 
119
		if (!isset($_SERVER['HTTPS'])){ # In HTTP, the user is redirected on it's home page. In HTTPS, it's on the default page (see $redirect_link)
-
 
120
			$redirect_link = $_SERVER['HTTP_HOST'];
-
 
121
		}
-
 
122
	}
-
 
123
	if(isset($_GET['url'])){ # it's the second stage (when user has clicked on the button "open a connection")
112
	if (isset($_GET['url'])) { # it's the second stage (when user has clicked on the button "open a connection")
124
		exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" (DNS requests not intercepted)
-
 
125
		$redir = "http://".$_GET['url'];
113
		$redir = 'http://'.$_GET['url'];
126
		header("Location: $redir",TRUE,307);
114
		header("Location: $redir", true, 307);
127
		exit; 
115
		exit(); 
128
	}
-
 
129
	if ($ipset_not_auth_yet[0] == '1'){ # if user not_auth_yet still here (index.php), we force DNS resquest.
-
 
130
		 echo "<script>window.location.reload(true)</script>"; # force DNS request
-
 
131
	}
116
	}
132
}
117
}
133
# Choice of language
118
# Choice of language
134
if($Language == 'fr'){
119
if($Language == 'fr'){
135
	$l_access_denied = "Contrôle d'accès";
120
	$l_access_denied = "Contrôle d'accès";
Line 407... Line 392...
407
	$l_explain_warn_date="has read your connexion logs at ";
392
	$l_explain_warn_date="has read your connexion logs at ";
408
	$l_explain_warn_reason="For this reason : ";
393
	$l_explain_warn_reason="For this reason : ";
409
	$l_uam_domain = "Authorized websites : ";
394
	$l_uam_domain = "Authorized websites : ";
410
}
395
}
411
 
396
 
412
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
397
$l_title   = ($direct_access ? $l_access_welcome     : ($network_pb ? $l_access_unavailable : $l_access_denied));
413
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny));
398
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb     : $l_explain_access_deny));
414
 
399
 
415
# set the icons
400
# set the icons
416
$img_rep = "/images/";
401
$img_rep = "/images/";
417
$img_organisme = "organisme.png";
402
$img_organisme = "organisme.png";
418
$img_access = "globe_acces_70.png";
403
$img_access = "globe_acces_70.png";
Line 443... Line 428...
443
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
428
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
444
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
429
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
445
header("Cache-Control: post-check=0, pre-check=0", false);
430
header("Cache-Control: post-check=0, pre-check=0", false);
446
header("Pragma: no-cache");
431
header("Pragma: no-cache");
447
 
432
 
448
exec("sudo /usr/sbin/ipset list not_filtered | grep $remote_ip | wc -l 2>&1", $ipset_not_filtered);
-
 
449
# if user is in "ipset_not_filtered" then he must refresh its dns cache (we are in the interception process)
-
 
450
if (!$direct_access && !$display_menu && ($ipset_not_filtered[0] == '1') && (!$network_pb) && (!isset($_GET['warn']))) {
-
 
451
	echo '<!doctype html><html><head><script>window.location.reload(true)</script></head><body></body></html>'; # force DNS request
-
 
452
}
-
 
453
 
-
 
454
?>
433
?>
455
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
434
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
456
<html>
435
<html>
457
<head>
436
<head>
458
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
437
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Line 466... Line 445...
466
	}
445
	}
467
	</script>
446
	</script>
468
</head>
447
</head>
469
<body onload="valoriserDiv5(text_conn);">
448
<body onload="valoriserDiv5(text_conn);">
470
<?php
449
<?php
471
if ($direct_access || $display_menu){
450
if ($direct_access){
472
	echo "
451
	echo "
473
	<div id=\"cadre_titre\" class=\"titre_controle\">
452
	<div id=\"cadre_titre\" class=\"titre_controle\">
474
		<p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>";
453
		<p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>";
475
	if ($network_pb) {
454
	if ($network_pb) {
476
		echo "	<span>$l_explain_net_pb</span>";
455
		echo "	<span>$l_explain_net_pb</span>";
Line 497... Line 476...
497
	</div>
476
	</div>
498
		<div id="contenu_acces">
477
		<div id="contenu_acces">
499
			<div id="box_url">
478
			<div id="box_url">
500
				<?php 
479
				<?php 
501
				// Search blacklist categories
480
				// Search blacklist categories
502
				if ((!$direct_access) && (!$display_menu) && (!$network_pb) && (!isset($_GET['warn']))) {
481
				if ((!$direct_access) && (!$network_pb) && (!isset($_GET['warn']))) {
503
					$pattern = str_replace('www.', '', $_SERVER['HTTP_HOST']);
482
					$pattern = str_replace('www.', '', $_SERVER['HTTP_HOST']);
504
					exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/dansguardian/lists/blacklists/*/domains | cut -d'/' -f6", $output);
483
					exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/dansguardian/lists/blacklists/*/domains | cut -d'/' -f6", $output);
505
					$lists = [];
484
					$lists = [];
506
					foreach ($output as $line) {
485
					foreach ($output as $line) {
507
						$lists[] = $line;
486
						$lists[] = $line;
Line 536... Line 515...
536
}
515
}
537
else {
516
else {
538
	$sms_div='';
517
	$sms_div='';
539
	$sms_div_over='';
518
	$sms_div_over='';
540
}
519
}
541
if ($direct_access || $display_menu){
520
if ($direct_access) {
542
	if (!$network_pb){
521
	if (!$network_pb) {
543
	       	echo "
522
		echo "
544
		<div class=\"box_menu\" id=\"box_conn\" onmouseover=\"valoriserDiv5(text_conn);\">
523
		<div class=\"box_menu\" id=\"box_conn\" onmouseover=\"valoriserDiv5(text_conn);\">
545
			<span>$l_logout</span>
524
			<span>$l_logout</span>
546
			<img src=\"$img_rep$img_internet\">
525
			<img src=\"$img_rep$img_internet\">
547
		</div>";
526
		</div>";
548
	}
527
	}
Line 552... Line 531...
552
	$tab = file(DOMAIN_ALLOWED_LIST);
531
	$tab = file(DOMAIN_ALLOWED_LIST);
553
	if ($tab) { // the file isn't empty
532
	if ($tab) { // the file isn't empty
554
		$domainAllowedHtml .= '<p>'.$l_uam_domain.'<br><ul>';
533
		$domainAllowedHtml .= '<p>'.$l_uam_domain.'<br><ul>';
555
		foreach ($tab as $line) {
534
		foreach ($tab as $line) {
556
			if (trim($line) !== '') { // the line isn't empty
535
			if (trim($line) !== '') { // the line isn't empty
557
				$domain_allowed = explode("#", $line);
536
				$domain_allowed = explode('#', $line);
558
				if (trim($domain_allowed[1]) !== '') {
537
				if (trim($domain_allowed[1]) !== '') {
559
					$domain = explode('"', $domain_allowed[0]);
538
					$domain = explode('"', $domain_allowed[0]);
560
					// remove every '.' from the beginning of domain
539
					// remove every '.' from the beginning of domain
561
					$domain[1] = ltrim($domain[1], '.');
540
					$domain[1] = ltrim($domain[1], '.');
562
					$domainAllowedHtml .= '<li><a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a></li>';
541
					$domainAllowedHtml .= '<li><a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a></li>';