| Line 1... |
Line 1... |
| 1 |
<?php
|
1 |
<?php
|
| 2 |
# $Id: index.php 1996 2016-07-18 20:58:49Z richard $
|
2 |
# $Id: index.php 1999 2016-07-19 08:14:38Z richard $
|
| 3 |
#
|
3 |
#
|
| 4 |
# index.php for ALCASAR bu Rexy
|
4 |
# index.php for ALCASAR bu Rexy
|
| 5 |
# UI & css style by stephane ERARD
|
5 |
# UI & css style by stephane ERARD
|
| 6 |
# The contents of this file may be used under the terms of the GNU
|
6 |
# The contents of this file may be used under the terms of the GNU
|
| 7 |
# General Public License Version 2, provided that the above copyright
|
7 |
# General Public License Version 2, provided that the above copyright
|
| Line 55... |
Line 55... |
| 55 |
$nb_connection_history = 3;
|
55 |
$nb_connection_history = 3;
|
| 56 |
$Language = 'en';
|
56 |
$Language = 'en';
|
| 57 |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
|
57 |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
|
| 58 |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
|
58 |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
|
| 59 |
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
|
59 |
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
|
| 60 |
$redirect_link = "www.euronews.com"; # beware !!! HTTP only
|
60 |
$redirect_link = "www.euronews.com"; # Default redirection for HTTPS interception (beware, this website must run in HTTP)
|
| 61 |
|
61 |
|
| 62 |
# Retrieve the user info behind the remote ip
|
62 |
# Retrieve the user info behind the remote ip
|
| 63 |
exec ("sudo /usr/sbin/chilli_query list|grep $remote_ip" , $tab);
|
63 |
exec ("sudo /usr/sbin/chilli_query list|grep $remote_ip" , $tab);
|
| 64 |
$user = explode (" ", $tab[0]);
|
64 |
$user = explode (" ", $tab[0]);
|
| 65 |
|
65 |
|
| Line 106... |
Line 106... |
| 106 |
}
|
106 |
}
|
| 107 |
}
|
107 |
}
|
| 108 |
else # user not connected
|
108 |
else # user not connected
|
| 109 |
{
|
109 |
{
|
| 110 |
exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet);
|
110 |
exec("sudo /usr/sbin/ipset list not_auth_yet | grep $remote_ip | wc -l 2>&1", $ipset_not_auth_yet);
|
| 111 |
if(!$direct_access && $ipset_not_auth_yet[0] == '0') # it's the fist stage of an interception
|
111 |
if(!$direct_access && $ipset_not_auth_yet[0] == '0') # it's the first stage of the interception
|
| 112 |
{
|
112 |
{
|
| 113 |
$display_menu = True; # Display menu for user not_auth_yet
|
113 |
$display_menu = True; # Display menu for user not_auth_yet
|
| - |
|
114 |
if (!isset($_SERVER['HTTPS'])) # In HTTP, the user is redirected on it's home page. In HTTPS, it's on the default page
|
| - |
|
115 |
{
|
| 114 |
$redirect_link = $_SERVER['HTTP_HOST']; # to keep the user URL
|
116 |
$redirect_link = $_SERVER['HTTP_HOST']; # to keep the user URL
|
| - |
|
117 |
}
|
| - |
|
118 |
|
| 115 |
}
|
119 |
}
|
| 116 |
if(isset($_GET['url'])) # it's the second stage (when user has clicked to open a connection ...)
|
120 |
if(isset($_GET['url'])) # it's the second stage (when user has clicked to open a connection ...)
|
| 117 |
{
|
121 |
{
|
| 118 |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" (DNS requests not intercepted)
|
122 |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); # Add user in the ipset "not_auth_yet" (DNS requests not intercepted)
|
| 119 |
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'off') # in HTTP, the user is redirected on it's home page (in HTiTPS, it's on the default page)
|
- |
|
| 120 |
{
|
- |
|
| 121 |
$redirect_link = "http://".$_GET['url'];
|
123 |
$redir = "http://".$_GET['url'];
|
| 122 |
}
|
- |
|
| 123 |
else
|
- |
|
| 124 |
{
|
- |
|
| 125 |
$redirect_link = "http://".$redirect_link;
|
- |
|
| 126 |
}
|
- |
|
| 127 |
header("Location: $redirect_link",TRUE,307);
|
124 |
header("Location: $redir",TRUE,307);
|
| 128 |
exit;
|
125 |
exit;
|
| 129 |
}
|
126 |
}
|
| 130 |
if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest.
|
127 |
if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest.
|
| 131 |
echo "<script>window.location.reload(true)</script>"; # force DNS request
|
128 |
echo "<script>window.location.reload(true)</script>"; # force DNS request
|
| 132 |
}
|
129 |
}
|
| Line 258... |
Line 255... |
| 258 |
|
255 |
|
| 259 |
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
|
256 |
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
|
| 260 |
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny));
|
257 |
$l_explain = ($direct_access ? $l_explain_acc_access : ($network_pb ? $l_explain_net_pb : $l_explain_access_deny));
|
| 261 |
|
258 |
|
| 262 |
# set the icons
|
259 |
# set the icons
|
| 263 |
$img_rep = "./images/";
|
260 |
$img_rep = "/images/";
|
| 264 |
$img_organisme = "organisme.png";
|
261 |
$img_organisme = "organisme.png";
|
| 265 |
$img_access = "globe_acces_70.png";
|
262 |
$img_access = "globe_acces_70.png";
|
| 266 |
$img_connect = "globe_70.png";
|
263 |
$img_connect = "globe_70.png";
|
| 267 |
$img_warning = "globe_warning_70.png";
|
264 |
$img_warning = "globe_warning_70.png";
|
| 268 |
$img_pwd = "cle_ombre.png";
|
265 |
$img_pwd = "cle_ombre.png";
|