WebSVN – ALCASAR – Diff – /web/index.php

 <?php
-# $Id: index.php 1988 2016-07-13 14:16:37Z raphael.pion $
+# $Id: index.php 1989 2016-07-14 13:38:53Z raphael.pion $
+#
 # index.php for ALCASAR
 # by REXY
 # UI & css style by stephane ERARD
 # The contents of this file may be used under the terms of the GNU
 $domainname = trim($conf["DOMAIN"]);
 $hostname = "alcasar.".$domainname;
 $network_pb = False;
 $cert_add = "http://$hostname/certs";
 $direct_access = False;
+$display_button_user_not_auth_yet=False;
 $diagnostic = "can't contact the default router";
 $remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
 $tab = array();$user = array();
 $connection_history =  "";
 $nb_connection_history = 3;
+{
 	# the user isn't connected and he isn't in the ipset "not_auth_yet" yet
 	exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet);
 	if(!$direct_access && $ipset_not_auth_yet[0] == '0')
+	{
+		if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") # if HTTPS, we redirect user to HTTP to flag him (ipset : not_auth_yet)
+		{
+			header("Location: http://$_SERVER[HTTP_HOST]");
+			exit;
+		}
+		$display_button_user_not_auth_yet=True; # Display menu for user not_auth_yet, he need to click on 'open connection' to be flagged in the ipset "not_auth_yet"
+	}
+	if(isset($_GET['url'])) #When user clicked to open a connection ...
+	{
+		exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" to not loop when redirected
+	        echo "<script>window.location.href='http://$_GET[url]'</script>"; #we redirect him to his HTTP website (to be intecepted by coova)
+		exit;
+	}
+	if ((!$direct_access && !$display_button_user_not_auth_yet) || $ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest.
+		 echo "<script>window.location.reload(true)</script>"; #We force DNS request
+	}
+	/* ANCIEN FONCTIONNEMENT : l'utilisateur ne cliquait pas sur le boutton pour etre flaggué + pas d'access au menu index.php avec les boutons
+	# the user isn't connected and he isn't in the ipset "not_auth_yet" yet
+	exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet);
+	if(!$direct_access && $ipset_not_auth_yet[0] == '0')
+	{
 		exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add in the ipset "not_auth_yet" to not loop when redirected
 	        if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on")
+	        {
 	                header("Location: http://$_SERVER[HTTP_HOST]");
+	        }
 	        else
 	                echo "<script>window.location.reload(true)</script>"; # the user web browser need to perform a new DNS request when redirected (as in a "<CTRL>+F5")
 	                echo "<script>window.location.href='http://$_SERVER[HTTP_HOST]'</script>";
+	        }
 	        exit;
+	}
+	if(!$direct_access) #If user is already in not_auth_yet
+        {
+                echo "<script>window.location.reload(true)</script>"; #We force DNS request
+                exit;
+        }*/
+}
 # Choice of language
 $Language = 'en';
 if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
   $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
   $Language = strtolower(substr(chop($Langue[0]),0,2)); }
   $l_certif_explain = "Permet l'&eacute;change de donn&eacute;es s&eacute;curis&eacute;es entre votre station de consultation et le portail captif ALCASAR.<BR>Si ce certificat n'est pas enregistr&eacute; sur votre station de consultation, il est possible que des alertes de s&eacute;curit&eacute;s soient &eacute;mises par votre navigateur.<br><br>";
   $l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Aide complémentaire</a>";
   $l_category = "catégorie :";
 if ((isset ($user[4])) && ($user[4] == "0")) {
 	  $l_logout_explain = "Aucune session de consultation Internet n'est actuellement ouverte sur votre syst&egrave;me.";
+	  if($display_button_user_not_auth_yet)
+	  {
+		  $l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Ouvrir une session Internet</a>";
+	  }
+	  else
+	  {
-	  $l_logout = "<a href=\"http://www.google.com\">Ouvrir une session Internet</a>";
+		  $l_logout = "<a href=\"http://www.google.com\">Ouvrir une session Internet</a>";
+	  }
+	}
   else {
 	  if ($user[5] != $user[0]) // authentication exception or not
   $l_certif_explain = "O certificado Permiti a troca de dados seguro entre seu computador e o portal Alcasar.<BR>Se este certificado não estiver incorporado no seu computador, alguns alertas de segurança deverá aparecer no navegador.<br><br>";
   $l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Essa foi uma ajuda complementar</a>";
   $l_category = "categoria :";
 if ((isset ($user[4])) && ($user[4] == "0")) {
 	  $l_logout_explain = "Não há conexão de Internet aberta em seu computador, deseja conectar?";
+	  if($display_button_user_not_auth_yet)
+	  {
+		  $l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Abrir uma conexão de Internet</a>";
+	  }
+	  else
+	  {
-	  $l_logout = "<a href=\"http://www.google.com\">Abrir uma conexão de Internet</a>";
+		  $l_logout = "<a href=\"http://www.google.com\">Abrir uma conexão de Internet</a>";
+	  }
+	}
   else {
 	  if ($user[5] != $user[0]) // authentication exception or not
   $l_certif_explain = "Allow secure data exchange between your computer and ALCASAR portal.<BR>If this certificate isn't incorporated in your computer, some security alerts should appear in your browser.<br><br>";
   $l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Complementary help</a>";
   $l_category = "category :";
 if ((isset ($user[4])) && ($user[4] == "0")) {
 	  $l_logout_explain = "No Internet consultation session is actualy open on your system";
+	  if($display_button_user_not_auth_yet)
+	  {
+		  $l_logout = "<a href=\"http://alcasar/index.php?url=$_SERVER[HTTP_HOST]\">Open an Internet session</a>";
+	  }
+	  else
+	  {
-		$l_logout = "<a href=\"http://www.google.com\">Open an Internet session</a>";
+		  $l_logout = "<a href=\"http://www.google.com\">Open an Internet session</a>";
+	  }
+	}
   else {
 	  if ($user[5] != $user[0]) // authentication exception or not
 $l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
 $l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny));
 # set the icons
-$img_rep = "images/";
+$img_rep = "http://alcasar/images/";
 $img_organisme = "organisme.png";
 $img_access = "globe_acces_70.png";
 $img_connect = "globe_70.png";
 $img_warning = "globe_warning_70.png";
 $img_pwd = "cle_ombre.png";
 	<head>
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 	<title>ALCASAR - <?php echo $l_title; ?></title>
 	<meta http-equiv="Cache-control" content="no-cache">
 	<meta http-equiv="Pragma" content="no-cache">
+<?php
+	if($display_button_user_not_auth_yet) #if user is intercepted (ipset:not_auth_yet), css style is not included properly
+	{
+		echo "<style>";
+		include("css/style_intercept.css");
+		echo "</style>";
+	}
+	else
+	{
-	<link rel="stylesheet" type="text/css" href="css/style_intercept.css">
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"css/style_intercept.css\">";
+	}
+?>
 	<script type="text/javascript">
 		function valoriserDiv5(param){
 			document.getElementById("box_info").innerHTML = param.innerHTML;
+		}
 	</script>
 </head>
 <body onload="valoriserDiv5(text_conn);">
 <?php
-if ($direct_access){
+if ($direct_access || $display_button_user_not_auth_yet){
 	echo "
 		<div id=\"cadre_titre\" class=\"titre_controle\">
 			<p id=\"acces_controle\" class=\"titre_controle\">$l_title</p>";
 	if ($network_pb) {
 		echo "	<span>$l_explain_net_pb</span>";
 			<div id=\"cadre_titre\" class=\"titre_refus\">
 				<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>";
+	}
 ?>
 			<div id="boite_logo">
-				<img src="images/organisme.png">
+				<img src="<?php echo "$img_rep$img_organisme"; ?>">
 			</div>
 		</div>
 		<div id="contenu_acces">
 			<div id="box_url">
 <?php
 $sms_div='';
 $sms_div_over='';
+}
 ?>
 <?php
-if ($direct_access){
+if ($direct_access || $display_button_user_not_auth_yet){
 	echo "	<div id=\"box_bienvenue\">
 				$l_welcome
 			</div>
 			<div class=\"box_menu\" id=\"box_conn\" onmouseover=\"valoriserDiv5(text_conn);\">
 				<span>$l_logout</span>
 			</div>
 			$sms_div_over
 			<div id=\"box_info\">
 			</div>";
+	}
-	else {
+else {
 		echo "
 			<div id=\"box_refuse\">
 				<img src=\"$img_rep$img_false\">
 				<p>$l_explain</p>
 			</div>
 				<a href="https://<?php echo $hostname; ?>/acc/"><img src=<?php echo $img_rep.''.$img_adm; ?>></a>
 			</div>
 		</div>
 	</body>
 </html>

Subversion Repositories ALCASAR

(root)/web/index.php @ 2805 – Rev 1988 → 1989