| Line 1... |
Line 1... |
| 1 |
<?php
|
1 |
<?php
|
| 2 |
# $Id: intercept.php 3227 2024-10-08 09:35:31Z rexy $
|
2 |
# $Id: intercept.php 3228 2024-10-22 11:59:33Z rexy $
|
| 3 |
#
|
3 |
#
|
| 4 |
# intercept.php for ALCASAR captive portal
|
4 |
# intercept.php for ALCASAR captive portal
|
| 5 |
# by Rexy & steweb57
|
5 |
# by Rexy & steweb57
|
| 6 |
# UI & css style by Stéphane ERARD & Alexandre VEZIN
|
6 |
# UI & css style by Stéphane ERARD & Alexandre VEZIN
|
| 7 |
# Help for language translation by B. AUBARD (thanks)
|
7 |
# Help for language translation by B. AUBARD (thanks)
|
| Line 364... |
Line 364... |
| 364 |
}
|
364 |
}
|
| 365 |
|
365 |
|
| 366 |
# Read form parameters which we care about
|
366 |
# Read form parameters which we care about
|
| 367 |
# avoid the "user as a MAC address" attempts
|
367 |
# avoid the "user as a MAC address" attempts
|
| 368 |
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
|
368 |
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
|
| 369 |
$username = htmlspecialchars(trim($_POST['username'])); else $username = '';
|
369 |
$username = htmlspecialchars(trim($_POST['username'])); else $username = '';
|
| 370 |
if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = '';
|
370 |
if (isset($_POST['password'])) $password = $_POST['password']; else $password = '';
|
| 371 |
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
|
371 |
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
|
| 372 |
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
|
372 |
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
|
| 373 |
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
|
373 |
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
|
| 374 |
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
|
374 |
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
|
| 375 |
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
|
375 |
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
|
| 376 |
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
|
376 |
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
|
| 377 |
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
|
377 |
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
|
| 378 |
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
|
378 |
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
|
| 379 |
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
|
379 |
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
|
| 380 |
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
|
380 |
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
|
| 381 |
|
381 |
|
| 382 |
# Read query parameters which we care about
|
382 |
# Read query parameters which we care about
|
| 383 |
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
|
383 |
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
|
| 384 |
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
|
384 |
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
|
| 385 |
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
|
385 |
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
|
| 386 |
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
|
386 |
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
|
| 387 |
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
|
387 |
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
|
| 388 |
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
|
388 |
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
|
| 389 |
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
|
389 |
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
|
| 390 |
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
|
390 |
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
|
| 391 |
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
|
391 |
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
|
| 392 |
|
392 |
|
| 393 |
// TODO: clean unused query params
|
393 |
// TODO: clean unused query params
|
| 394 |
|
394 |
|
| 395 |
$uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN'];
|
395 |
$uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN'];
|