WebSVN – ALCASAR – Diff – /web/intercept.php

 <?php
-# $Id: intercept.php 2201 2017-05-05 20:05:47Z tom.houdayer $
+# $Id: intercept.php 2205 2017-05-06 14:07:27Z tom.houdayer $
+#
 # intercept.php for ALCASAR captive portal
 # Copyright (C) 2003, 2004 Mondru AB.
 # Modify by REXY & steweb57
 # UI & css style by stephane ERARD
 	exit();
+}
 # Read form parameters which we care about
 # avoid the "user as a MAC address" attempts
-if ((isset($_POST['UserName'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['UserName']) !== 1)) {
+if ((isset($_POST['UserName'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['UserName']) !== 1))
-				$username	= $_POST['UserName'];}	else {$username="";}
+				$username	= htmlspecialchars($_POST['UserName']);		else $username = '';
-if (isset($_POST['Password'])){	$password	= $_POST['Password'];}	else {$password="";}
+if (isset($_POST['Password']))	$password	= htmlspecialchars($_POST['Password']);		else $password = '';
-if (isset($_POST['challenge'])){$challenge	= $_POST['challenge'];}	else {$challenge="";}
+if (isset($_POST['challenge']))$challenge	= htmlspecialchars($_POST['challenge']);	else $challenge = '';
-if (isset($_POST['button'])){	$button		= $_POST['button'];}	else {$button="";}
+if (isset($_POST['button']))	$button		= htmlspecialchars($_POST['button']);		else $button = '';
-// if (isset($_POST['logout'])){	$logout		= $_POST['logout'];}	else {$logout="";}
+// if (isset($_POST['logout']))	$logout		= htmlspecialchars($_POST['logout']);		else $logout = '';
-// if (isset($_POST['prelogin'])){	$prelogin	= $_POST['prelogin'];}	else {$prelogin="";}
+// if (isset($_POST['prelogin']))	$prelogin	= htmlspecialchars($_POST['prelogin']);		else $prelogin = '';
-if (isset($_POST['res'])){	$res		= $_POST['res'];}	else {$res="";}
+if (isset($_POST['res']))	$res		= htmlspecialchars($_POST['res']);		else $res = '';
-if (isset($_POST['uamip'])){	$uamip		= $_POST['uamip'];}	else {$uamip="";}
+if (isset($_POST['uamip']))	$uamip		= htmlspecialchars($_POST['uamip']);		else $uamip = '';
-if (isset($_POST['uamport'])){	$uamport	= $_POST['uamport'];}	else {$uamport="";}
+if (isset($_POST['uamport']))	$uamport	= htmlspecialchars($_POST['uamport']);		else $uamport = '';
-if (isset($_POST['userurl'])){	$userurl	= $_POST['userurl'];}	else {$userurl="";}
+if (isset($_POST['userurl']))	$userurl	= htmlspecialchars($_POST['userurl']);		else $userurl = '';
-if (isset($_POST['timeleft'])){	$timeleft	= $_POST['timeleft'];}	else {$timeleft="";}
+if (isset($_POST['timeleft']))	$timeleft	= htmlspecialchars($_POST['timeleft']);		else $timeleft = '';
-if (isset($_POST['redirurl'])){	$redirurl	= $_POST['redirurl'];}	else {$redirurl="";}
+if (isset($_POST['redirurl']))	$redirurl	= htmlspecialchars($_POST['redirurl']);		else $redirurl = '';
 # Read query parameters which we care about
-if (isset($_GET['res']))	$res		= $_GET['res'];
+if (isset($_GET['res']))	$res		= htmlspecialchars($_GET['res']);
-if (isset($_GET['challenge']))	$challenge	= $_GET['challenge'];
+if (isset($_GET['challenge']))	$challenge	= htmlspecialchars($_GET['challenge']);
-if (isset($_GET['uamip']))	$uamip		= $_GET['uamip'];
+if (isset($_GET['uamip']))	$uamip		= htmlspecialchars($_GET['uamip']);
-if (isset($_GET['uamport']))	$uamport	= $_GET['uamport'];
+if (isset($_GET['uamport']))	$uamport	= htmlspecialchars($_GET['uamport']);
-if (isset($_GET['reply'])){	$reply		= $_GET['reply'];}	else {$reply="";}
+if (isset($_GET['reply']))	$reply		= htmlspecialchars($_GET['reply']);		else $reply = '';
-if (isset($_GET['userurl']))	$userurl	= $_GET['userurl'];
+if (isset($_GET['userurl']))	$userurl	= htmlspecialchars($_GET['userurl']);
-if (isset($_GET['timeleft']))	$timeleft	= $_GET['timeleft'];
+if (isset($_GET['timeleft']))	$timeleft	= htmlspecialchars($_GET['timeleft']);
-if (isset($_GET['redirurl']))	$redirurl	= $_GET['redirurl'];
+if (isset($_GET['redirurl']))	$redirurl	= htmlspecialchars($_GET['redirurl']);
 # translation of radius replies
 if (isset($reply)) {
-	switch (trim ($reply)) {
+	switch (trim($reply)) {
-		case 'Your maximum daily usage time has been reached'	: $reply = $l_reply_1 ; break;
+		case 'Your maximum daily usage time has been reached'	: $reply = $l_reply_1; break;
-		case 'Your maximum monthly usage time has been reached'	: $reply = $l_reply_2 ; break;
+		case 'Your maximum monthly usage time has been reached'	: $reply = $l_reply_2; break;
-		case 'You are calling outside your allowed timespan'	: $reply = $l_reply_3 ; break;
+		case 'You are calling outside your allowed timespan'	: $reply = $l_reply_3; break;
-		case 'Password Has Expired'				: $reply = $l_reply_4 ; break;
+		case 'Password Has Expired'				: $reply = $l_reply_4; break;
-		case 'You are already logged in - access denied'	: $reply = $l_reply_5 ; break;
+		case 'You are already logged in - access denied'	: $reply = $l_reply_5; break;
-		case 'Your maximum never usage time has been reached'	: $reply = $l_reply_6 ; break;
+		case 'Your maximum never usage time has been reached'	: $reply = $l_reply_6; break;
+	}
+}
 // If attempt to login
 if ($button === $l_boutonO) {

Subversion Repositories ALCASAR

(root)/web/intercept.php – Rev 2201 → 2205