| Line 1... |
Line 1... |
| 1 |
<?php
|
1 |
<?php
|
| 2 |
# $Id: intercept.php 2162 2017-04-06 19:24:56Z tom.houdayer $
|
2 |
# $Id: intercept.php 2163 2017-04-06 19:42:48Z tom.houdayer $
|
| 3 |
#
|
3 |
#
|
| 4 |
# intercept.php for ALCASAR captive portal
|
4 |
# intercept.php for ALCASAR captive portal
|
| 5 |
# Copyright (C) 2003, 2004 Mondru AB.
|
5 |
# Copyright (C) 2003, 2004 Mondru AB.
|
| 6 |
# Modify by REXY & steweb57
|
6 |
# Modify by REXY & steweb57
|
| 7 |
# UI & css style by stephane ERARD
|
7 |
# UI & css style by stephane ERARD
|
| Line 63... |
Line 63... |
| 63 |
|
63 |
|
| 64 |
# URL loaded after success authenticates (let blank for browser defaults)
|
64 |
# URL loaded after success authenticates (let blank for browser defaults)
|
| 65 |
$adminurl = "";
|
65 |
$adminurl = "";
|
| 66 |
|
66 |
|
| 67 |
# Our own path
|
67 |
# Our own path
|
| 68 |
$loginpath = $_SERVER['PHP_SELF'];
|
68 |
$loginpath = htmlspecialchars($_SERVER['PHP_SELF']);
|
| 69 |
$alcasarpath = "http://alcasar.".trim($conf["DOMAIN"]);
|
69 |
$alcasarpath = "http://alcasar.".trim($conf["DOMAIN"]);
|
| 70 |
$statuspath = $alcasarpath."/status.php";
|
70 |
$statuspath = $alcasarpath."/status.php";
|
| 71 |
$debug = false;
|
71 |
$debug = false;
|
| 72 |
|
72 |
|
| 73 |
# Choice of language
|
73 |
# Choice of language
|
| Line 444... |
Line 444... |
| 444 |
if($result == 1)
|
444 |
if($result == 1)
|
| 445 |
{
|
445 |
{
|
| 446 |
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
|
446 |
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
|
| 447 |
include_once("/etc/freeradius-web/config.php");
|
447 |
include_once("/etc/freeradius-web/config.php");
|
| 448 |
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
|
448 |
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
|
| 449 |
$user_url=$_GET['userurl'];
|
- |
|
| 450 |
$user_uid=da_sql_escape_string($_GET['uid']);
|
449 |
$user_uid=da_sql_escape_string($_GET['uid']);
|
| 451 |
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'";
|
450 |
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'";
|
| 452 |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
|
451 |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
|
| 453 |
if ($link){
|
452 |
if ($link){
|
| 454 |
$res = @da_sql_query($link,$config,$sql); // on affiche pas les erreurs
|
453 |
$res = @da_sql_query($link,$config,$sql); // on affiche pas les erreurs
|
| Line 459... |
Line 458... |
| 459 |
if($filter_id[3] == '1')
|
458 |
if($filter_id[3] == '1')
|
| 460 |
{
|
459 |
{
|
| 461 |
#set the fourth bit of filter-id to '0'
|
460 |
#set the fourth bit of filter-id to '0'
|
| 462 |
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
|
461 |
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
|
| 463 |
$res = mysqli_multi_query($link,$sql);
|
462 |
$res = mysqli_multi_query($link,$sql);
|
| - |
|
463 |
$user_url = urlencode($_GET['userurl']);
|
| 464 |
header("Location: http://alcasar/index.php?warn=1&url=$user_url"); //we present to user information about imputability logs
|
464 |
header("Location: http://alcasar/index.php?warn=1&url=$user_url"); //we present to user information about imputability logs
|
| 465 |
exit;
|
465 |
exit;
|
| 466 |
}
|
466 |
}
|
| 467 |
}
|
467 |
}
|
| 468 |
}
|
468 |
}
|