Rev 2600 | Rev 2743 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log
<?php
# $Id: intercept.php 2702 2019-03-05 21:55:14Z tom.houdayer $
#
# intercept.php for ALCASAR captive portal
# Copyright (C) 2003, 2004 Mondru AB.
# Modify by REXY & steweb57
# UI & css style by stephane ERARD
# Help for language translation by B. AUBARD (thanks)
# The contents of this file may be used under the terms of the GNU
# General Public License Version 2, provided that the above copyright
# notice and this permission notice is included in all copies or
# substantial portions of the software.
# Redirects from CoovaChilli (chilli daemon) :
# Response to login:
# success : if login successful
# failed : if login failed
# logoff : if logout successful
# already : if tried to login while already logged in
# notyet : if not logged in yet
# Default : it was not a form request -> client go to login form
/****************************************************************
* GLOBAL FILE PATHS *
*****************************************************************/
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
define('DOMAIN_ALLOWED_LIST', '/usr/local/etc/alcasar-uamdomain');
/****************************************************************
* FILE reading test *
*****************************************************************/
$conf_files = array(CONF_FILE, DOMAIN_ALLOWED_LIST);
foreach ($conf_files as $file) {
if (!file_exists($file)) {
exit("Fichier $file non présent");
}
if (!is_readable($file)) {
exit("Vous n'avez pas les droits de lecture sur le fichier $file");
}
}
/****************************************************************
* Read CONF_FILE *
*****************************************************************/
$file_conf = fopen(CONF_FILE, 'r');
if (!$file_conf) {
exit('Error opening the file '.CONF_FILE);
}
while (!feof($file_conf)) {
$buffer = fgets($file_conf, 4096);
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
$tmp = explode('=', $buffer, 2);
$conf[trim($tmp[0])] = trim($tmp[1]);
}
}
fclose($file_conf);
$organisme = $conf["ORGANISM"];
// Shared secret used to encrypt password with coova.
$uamsecret = "";
// URL loaded after success authenticates (let blank for browser defaults)
$adminurl = "";
// Check if the SMS service is enable
$service_SMS_status = ($conf['SMS'] === 'on');
// Our own path
$loginpath = htmlspecialchars($_SERVER['PHP_SELF']);
$useHTTPS = ((isset($_SERVER['HTTPS'])) && (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off'));
$alcasarpath = (($useHTTPS) ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'];
$statuspath = (($conf['HTTPS_CHILLI'] === 'on') ? 'https' : 'http' ).'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/status.php';
// Choice of language
$Language = 'en';
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]), 0, 2));
}
if ($Language === 'es') { // Spanish
$l_ChilliError = "La autenticación debe ser un éxito a través del servicio de portal cautivo.";
$l_login = "El éxito de la autenticación.<HR>Cierre esta ventana interrumpte la sesion.";
$l_logout = "Conexión de cierre";
$l_loginfailed = "Error de autenticación";
$l_loggingin = "Identificación en el portal cautivo";
$l_loggedcont = "Control de Acceso";
$l_loggedout = "Su sesión se cierra";
$l_user = "Usuario";
$l_password = "Contraseña";
$l_wait = "Por favor, espere un momento ...";
$l_onlinetime = "Tiempo de conexión:";
$l_remainingtime = "Desconexión en:";
$l_encrypted = "La apertura debe usar conexión cifrada";
$l_boutonO = "Autenticación";
$l_boutonF = "Cerrar";
$l_loggedin_stringl1 = "Information System Security";
$l_loggedin_stringl2 = "El portal fue creado reglamentos para garantizar la trazabilidad, la rendición de cuentas y el no repudio de las conexiones.";
$l_loggedin_stringl3 = "Su actividad en la red es registrada, de conformidad con la privacidad.";
$l_loggedin_stringl4 = "Los datos registrados pueden ser capaces de ser operado por una autoridad judicial en el curso de una investigación.";
$l_loggedin_stringl5 = "Estos datos se eliminan automáticamente después de un año.";
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
$l_loggedout_string = "Cerrar sesión hizo portal cautivo!";
$l_reply_0 = "Nombre de usuario o contraseña incorrectos";
$l_reply_1 = "Su cuota diaria ha sido alcanzada (duración o volumen)";
$l_reply_2 = "Su cuota mensual ha sido alcanzada (duración o volumen)";
$l_reply_3 = "You try to connect outside of your allowed timespan";
$l_reply_4 = "your account expired";
$l_reply_5 = "You have reached the maximum number of simultaneous logins";
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Tiempo en linea";
$l_remaining_time = "Tiempo restante";
$l_uam_domain = "Sitios web autorizados : ";
$l_autoregistration = "Registo automático";
} else if ($Language === 'pt') { // Portuguese
$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal.";
$l_login = "Sucesso na autenticação.<HR>Matenha esse pop-up apenas minimizado para não interromper a conexão";
$l_logout = "Encerrar conexão";
$l_loginfailed = "Falha na autenticação";
$l_loggingin = "Identificação do portal cativo";
$l_loggedcont = "Controle de acesso";
$l_loggedout = "Sua sessão foi fechada";
$l_user = "Usuário";
$l_password = "Senha";
$l_wait = "Por favor, aguarde um momento ...";
$l_onlinetime = "Tempo de conexão:";
$l_remainingtime = "Desconectado em:";
$l_encrypted = "A conexão com o portal deve ser criptografada";
$l_boutonO = "Autenticação";
$l_boutonF = "Fechar";
$l_loggedin_stringl1 = "Sistema de Informação e segurança";
$l_loggedin_stringl2 = "Este controle foi criado para garantir acesso seguro.";
$l_loggedin_stringl3 = "A autenticação será criptografada em 256 bits, impedindo captura por escâner de rede.";
$l_loggedin_stringl4 = "Sua atividade na Internet será resguardada de acordo com os regulamentos da lei.";
$l_loggedin_stringl5 = "Mantenha o popup da conexão minimizado para não interromper a cessão.";
$l_loggedin_stringl6 = "Clique <a href=\"$alcasarpath\">aqui</a> para alterar sua senha, instalar certificado ou sair do portal.";
$l_loggedout_string = "desconexão do portal cativo";
$l_reply_0 = "Nome de usuário ou senha incorretos";
$l_reply_1 = "Sua cota diária foi alcançada (duração ou volume)";
$l_reply_2 = "Sua cota mensal foi atingida (duração ou volume)";
$l_reply_3 = "Você tenta conectar-se fora do seu período de tempo permitido";
$l_reply_4 = "Sua conta expirou";
$l_reply_5 = "Você atingiu o número máximo de logins simultâneos";
$l_reply_6 = "Seu tempo de conexão autorizada finalizou";
$l_online_time = "Tempo Online";
$l_remaining_time = "Tempo restante";
$l_uam_domain = "Sites autorizados : ";
$l_autoregistration = "Registo automático";
} else if ($Language === 'zh') { // Chinese
$l_ChilliError = "验证必须通过强制门户服务";
$l_login = "验证成功<HR>关闭此窗口中断连接";
$l_logout = "关闭连接";
$l_loginfailed = "验证失败";
$l_loggingin = "强制门户身份识别";
$l_loggedcont = "访问控制";
$l_loggedout = "您的连接已关闭";
$l_user = "用户名";
$l_password = "密码";
$l_wait = "请等待 ...";
$l_onlinetime = "连接时间";
$l_remainingtime = "断开连接于";
$l_encrypted = "与门户的连接必须加密";
$l_boutonO = "验证";
$l_boutonF = "关闭";
$l_loggedin_stringl1 = "信息系统安全";
$l_loggedin_stringl2 = "这种控制实施以法定保证可追溯性,可归罪性和连接的不否认性.";
$l_loggedin_stringl3 = "您的网络活动是私密登记的.";
$l_loggedin_stringl4 = "记录的数据能被司法机关在调查中操作使用.";
$l_loggedin_stringl5 = "这些数据将在一年后自动删除.";
$l_loggedin_stringl6 = "点击 <a href=\"$alcasarpath\"> 这里 </a> 修改密码或安装浏览器安全证书";
$l_loggedout_string = "强制网络门户连接已断开";
$l_reply_0 = "用户名或密码无效";
$l_reply_1 = "您的每日配额已达到(持续时间或数量) ";
$l_reply_2 = "已达到每月配额(持续时间或数量)";
$l_reply_3 = "您尝试在授权时间以外连接";
$l_reply_4 = "您的账号已过期";
$l_reply_5 = "您已经达到同时连接的最大数量";
$l_reply_6 = "已经到达您的允许连接时间";
$l_online_time = "在线时间";
$l_remaining_time = "剩余时间";
$l_uam_domain = "授权网站 : ";
$l_autoregistration = "短信注册";
} else if ($Language === 'ar') { // Arabic
$l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة";
$l_login = "إغلاق هذه النافذة يقطع دورة عملك";
$l_logout = "إغلاق الدورة";
$l_loginfailed = "فشل المصادقة";
$l_loggingin = "التعريف على البوابة الأسيرة";
$l_loggedcont = "مراقبة الدخول";
$l_loggedout = "دورتكَ مغلقة";
$l_user = "التعريف";
$l_password = "كلمة السر";
$l_wait = "...إنتظر بعض اللحظات";
$l_onlinetime = ":مدة الإتصال";
$l_remainingtime = ":انقطاع الإتصال في";
$l_encrypted = "يجب تشفير الإتصال بالبوابة";
$l_boutonO = "مصادقة";
$l_boutonF = "أغلق";
$l_loggedin_stringl1 = "سلامة نظم المعلومات";
$l_loggedin_stringl2 = "وُضعت هذه المراقبة للضمان القانوني لتتبع ومساءلة وعدم تنصل الإتصالات";
$l_loggedin_stringl3 = "نشاطك على الشبكة مسجل وفقاً لاحترام الحريات الشخصية";
$l_loggedin_stringl4 = "لا يمكن استغلال البيانات المسجلة إلاّ من قِبل سلطات التحقيق القضائ";
$l_loggedin_stringl5 = "سيتم حدف هذه البيانات تلقائياً بعد سنة من الْيَوْمَ";
$l_loggedin_stringl6 = "لتغيير كلمة السر أو شهادة الأمان <a href=\"$alcasarpath\">هنا</a> اضغط ";
$l_loggedout_string = "تَمّ قطع الإتصال بالبوابة الأسيرة";
$l_reply_0 = "اسم المستخدم أو كلمة المرور غير صالحة";
$l_reply_1 = "تم الوصول إلى حصتك اليومية (المدة أو الحجم)";
$l_reply_2 = "تم الوصول إلى حصتك الشهرية (المدة أو الحجم)";
$l_reply_3 = "محاولة اتصال خارج فترتك المأذونة";
$l_reply_4 = "انتهت مدة صلاحية حسابك";
$l_reply_5 = "لقد استكملت العدد الأقصى للإتصالات المتزامنة";
$l_reply_6 = "استكملت مذة الإتصال المسموحة";
$l_online_time = "مذة الإتصال";
$l_remaining_time = "الوقت المتبق";
$l_uam_domain = ":المواقع المسموحة ";
$l_autoregistration = "تسجيل ذاتي (SMS)";
} else if ($Language === 'de') { // German
$l_ChilliError = "Die Authentifizierung ist erfolgreich durch die Nutzung des Portals erfolgt.";
$l_login = "Erfolgreiche Authentifizierung.<HR>Schlißen dieses fensters unterbricht die sitzung";
$l_logout = "Beenden der Verbindung";
$l_loginfailed = "Authentifizierungsfehler Eigenverbrauch";
$l_loggingin = "Kennzeichnung auf dem Eigenverbrauch";
$l_loggedcont = "Zutrittskontrolle";
$l_loggedout = "Ihre Sitzung ist geschlossen";
$l_user = "Benutzer";
$l_password = "Passwort";
$l_wait = "Bitte warten Sie einen Moment ...";
$l_onlinetime = "Online-Zeit:";
$l_remainingtime = "Abmelden:";
$l_encrypted = "Die Öffnung muß der Anschluß Zahlen";
$l_boutonO = "Authentifizierung";
$l_boutonF = "Schließen";
$l_loggedin_stringl1 = "Information System Security";
$l_loggedin_stringl2 = "Dieses Portal wurde eingerichtet, um ordnungsgemäß die Rückverfolgbarkeit, der Zurechenbarkeit und der Nicht-Anerkennung der Verbindungen.";
$l_loggedin_stringl3 = "Ihre Tätigkeit im Netzwerk registriert ist nach Schutz der Privatsphäre.";
$l_loggedin_stringl4 = "Die gespeicherten Daten nicht pouront genutzt werden, dass von einer Justizbehörde im Rahmen einer Untersuchung.";
$l_loggedin_stringl5 = "Diese Daten werden automatisch gelöscht nach einem Jahr.";
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
$l_loggedout_string = "Trennung des Portals erfolgt Gefangener!";
$l_reply_0 = "Falscher Benutzername oder falsches Passwort";
$l_reply_1 = "Ihr Tageskontingent wurde erreicht (Dauer oder Volumen)";
$l_reply_2 = "Ihr monatliches Kontingent wurde erreicht (Dauer oder Volumen)";
$l_reply_3 = "You try to connect outside of your allowed timespan";
$l_reply_4 = "your account expired";
$l_reply_5 = "You have reached the maximum number of simultaneous logins";
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online-zeit";
$l_remaining_time = "Restzeit";
$l_uam_domain = "Autorisierten websites : ";
$l_autoregistration = "Automatische registrierung";
} else if ($Language === 'nl') { // Dutch
$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst.";
$l_login = "Succesvolle authenticatie.<HR>Dit venster te sluiten onderbreekt uw sessie.";
$l_logout = "Slotkoers verbinding";
$l_loginfailed = "Authenticatie mislukt";
$l_loggingin = "Identificatie van de captive-portaal";
$l_loggedcont = "toegangscontrole";
$l_loggedout = "Uw sessie is gesloten";
$l_user = "Gebruiker";
$l_password = "Wachtwoord";
$l_wait = "Wacht een moment ...";
$l_onlinetime = "Sluit tijd:";
$l_remainingtime = "Verbreking in:";
$l_encrypted = "De opening moet gebruiken gecodeerde verbinding";
$l_boutonO = "Authenticatie";
$l_boutonF = "Sluiten";
$l_loggedin_stringl1 = "Information System Security";
$l_loggedin_stringl2 = "Het portaal werd opgericht verordeningen om de traceerbaarheid, verantwoordelijkheid en onloochenbaarheid van de verbindingen.";
$l_loggedin_stringl3 = "Uw activiteit op het netwerk is geregistreerd in overeenstemming met de persoonlijke levenssfeer.";
$l_loggedin_stringl4 = "De geregistreerde gegevens kunnen worden kunnen worden bediend door een rechterlijke instantie in de loop van een onderzoek.";
$l_loggedin_stringl5 = "Deze gegevens worden automatisch verwijderd na een jaar.";
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
$l_loggedout_string = "Logout gemaakt intern portaal!";
$l_reply_0 = "Ongeldige gebruikersnaam of wachtwoord";
$l_reply_1 = "Uw dagelijkse quotum is bereikt (duur of volume)";
$l_reply_2 = "Je maandelijkse quotum is bereikt (duur of volume)";
$l_reply_3 = "You try to connect outside of your allowed timespan";
$l_reply_4 = "your account expired";
$l_reply_5 = "You have reached the maximum number of simultaneous logins";
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online tijd";
$l_remaining_time = "Reterende tijd";
$l_uam_domain = "Geautoriseerde website : ";
$l_autoregistration = "Automatische registratie";
} else if ($Language === 'fr') { // French
$l_ChilliError = "L'authentification doit être réussie sur le portail captif.";
$l_login = "Authentification réussie.<HR>La fermeture de cette fenêtre interrompt votre session.";
$l_logout = "Fermeture de la session";
$l_loginfailed = "Echec d'authentification";
$l_loggingin = "Identification sur le portail captif";
$l_loggedcont = "Contrôle d'accès";
$l_loggedout = "Votre session est fermée";
$l_user = "Identifiant";
$l_password = "Mot de passe";
$l_wait = "Patientez un instant ...";
$l_onlinetime = "Temps de connexion:";
$l_remainingtime = "Deconnexion dans :";
$l_encrypted = "La connexion avec le portail doit être chiffrée";
$l_boutonO = "Authentification";
$l_boutonF = "Fermer";
$l_loggedin_stringl1 = "Sécurité des Systèmes d'Information";
$l_loggedin_stringl2 = "Ce contrôle a été mis en place pour assurer réglementairement la traçabilité, l'imputabilité et la non-répudiation des connexions.";
$l_loggedin_stringl3 = "Votre activité sur le réseau est enregistrée conformément au respect de la vie privée.";
$l_loggedin_stringl4 = "Les données enregistrées ne pourront être exploitées que par une autorité judiciaire dans le cadre d'une enquête.";
$l_loggedin_stringl5 = "Ces données seront automatiquement supprimées au bout d'un an.";
$l_loggedin_stringl6 = "Cliquez <a href=\"$alcasarpath\">ici</a> pour changer votre mot de passe ou pour intégrer le certificat de sécurité à votre navigateur";
$l_loggedout_string = "Déconnexion du portail captif effectuée !";
$l_reply_0 = "Nom d'utilisateur ou mot de passe incorrect";
$l_reply_1 = "Votre quota journalier a été atteint (durée ou volume)";
$l_reply_2 = "Votre quota mensuel a été atteint (durée ou volume)";
$l_reply_3 = "Vous tentez de vous connecter en dehors de votre période autorisée";
$l_reply_4 = "Votre compte a expiré";
$l_reply_5 = "Vous avez atteint le nombre maximum de connexions simultanées";
$l_reply_6 = "Votre durée de connexion autorisée a été atteinte";
$l_online_time = "Temps de connexion";
$l_remaining_time = "Temps restant";
$l_uam_domain = "Sites autorisés : ";
$l_autoregistration = "Auto enregistrement (sms)";
} else { // English
$l_ChilliError = "The authentication must be successful through the captive portal service.";
$l_login = "Successful authentication.<HR>Closing this window interrupts your session";
$l_logout = "Closing connection";
$l_loginfailed = "Authentication Failed";
$l_loggingin = "Identification on the captive portal";
$l_loggedcont = "Access Control";
$l_loggedout = "Your session is closed";
$l_user = "User";
$l_password = "Password";
$l_wait = "Please wait a moment ...";
$l_onlinetime = "Connect time:";
$l_remainingtime = "Disconnection in:";
$l_encrypted = "The connection with the portal must be encrypted";
$l_boutonO = "Authentication";
$l_boutonF = "Close";
$l_loggedin_stringl1 = "Information System Security";
$l_loggedin_stringl2 = "That control was set up regulations to ensure traceability, accountability and non-repudiation of connections.";
$l_loggedin_stringl3 = "Your activity on the network is registered in accordance with privacy.";
$l_loggedin_stringl4 = "The recorded data can be able to be operated by a judicial authority in the course of an investigation.";
$l_loggedin_stringl5 = "These data will be automatically deleted after one year.";
$l_loggedin_stringl6 = "Click <a href=\"$alcasarpath\">here</a> to change your password or to integrate the security certificate in your browser";
$l_loggedout_string = "Disconnection of the captive portal made";
$l_reply_0 = "Incorrect username or password";
$l_reply_1 = "Your daily quota has been reached (duration or volume)";
$l_reply_2 = "Your monthly quota has been reached (duration or volume)";
$l_reply_3 = "You try to connect outside of your allowed timespan";
$l_reply_4 = "your account expired";
$l_reply_5 = "You have reached the maximum number of simultaneous logins";
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online time";
$l_remaining_time = "Remaining time";
$l_uam_domain = "Authorized websites : ";
$l_autoregistration = "Auto registration (sms)";
}
# If HTTPS not use, tell it's wrong
if (($conf['HTTPS_LOGIN'] === 'on') && ((!isset($_SERVER['HTTPS'])) || (empty($_SERVER['HTTPS'])) || ($_SERVER['HTTPS'] === 'off'))) {
// Cleaning the cache
header('Expires: Tue, 01 Jan 2000 00:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title><?= $l_loggedcont ?></title>
</head>
<body style="background-color: white;">
<h1 style="text-align: center;"><?= $l_loginfailed ?></h1>
<center><?= $l_encrypted ?></center>
</body>
</html>
<?php
exit();
}
# Read form parameters which we care about
# avoid the "user as a MAC address" attempts
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
$username = htmlspecialchars(trim($_POST['username'])); else $username = '';
if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = '';
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
# Read query parameters which we care about
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
// TODO: clean unused query params
$uamip = $conf['HOSTNAME'].'.'.$conf['DOMAIN'];
if (($conf['HTTPS_CHILLI'] === 'on') && $useHTTPS) {
$uamproto = 'https';
$uamport = 3991;
} else {
$uamproto = 'http';
$uamport = 3990;
}
# translation of radius replies
if (!empty($reply)) {
switch ($reply) {
case 'Username not found' : $reply = $l_reply_0; break;
case 'Login failed' : $reply = $l_reply_0; break;
case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1; break;
case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2; break;
case 'You are calling outside your allowed timespan' : $reply = $l_reply_3; break;
case 'Password Has Expired' : $reply = $l_reply_4; break;
case 'You are already logged in - access denied' : $reply = $l_reply_5; break;
case 'Your maximum never usage time has been reached' : $reply = $l_reply_6; break;
}
}
// If attempt to login
if ($button === $l_boutonO) {
//correction password length in coova-chilli
//thanks to http://www.stochasticgeometry.ie/2009/09/09/maximum-password-length-in-coova-chilli/
$hexchal = pack('H*', $challenge);
$newchal = pack('H*', md5($hexchal . $uamsecret));
// If challenge isn't long enough, repeat it until it is
while (strlen($newchal) < strlen($password)) {
$newchal .= $newchal;
}
$newpwd = pack('a*', $password);
// Encode plain text password with challenge
$pappassword = implode('', unpack('H*', ($newpwd ^ $newchal)));
header("Location: $uamproto://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl");
exit();
}
switch($res) {
case 'success': $result = 1; break; // If login successful
case 'failed': $result = 2; break; // If login failed
case 'logoff': $result = 3; break; // If logout successful
case 'already': $result = 4; break; // If tried to login while already logged in
case 'notyet': $result = 5; break; // If not logged in yet
default: $result = 0; // Default: It was not a form request -> client go to login form
}
//check if we need to warn user about the imputability logs.
if ($result === 1) {
if ((is_file('./acc/manager/lib/sql/drivers/mysql/functions.php')) && (is_file('/etc/freeradius-web/config.php'))) {
include_once('/etc/freeradius-web/config.php');
include_once('./acc/manager/lib/sql/drivers/mysql/functions.php');
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
if ($link) {
$user_uid = da_sql_escape_string($link, $_GET['uid']);
$sql = "SELECT value FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'";
$res = @da_sql_query($link, $config, $sql); // on affiche pas les erreurs
if ($res) {
$row = @da_sql_fetch_array($res, $config);
if ($row['value'] === '1') {
$sql = "DELETE FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'";
@da_sql_query($link, $config, $sql);
header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs
exit();
}
}
}
}
}
// By default, redirect to prelogin in order to generate a challenge
if ($result === 0) {
header("Location: $uamproto://$uamip:$uamport/prelogin");
exit();
}
// Cleaning the cache
header('Expires: Tue, 01 Jan 2000 00:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title><?= $l_loggingin ?></title>
<script type="text/javascript">
function doOnLoad(result, userurl, redirurl, adminurl, timeleft) {
if ((result === 1) || (result === 4)) { // success or already
var url;
if (adminurl !== '') {
url = adminurl;
} else if (redirurl !== '') {
url = redirurl;
} else if (userurl !== '') {
url = userurl;
}
if (typeof url !== 'undefined') {
var win = window.open('<?= $statuspath ?>', '_blank');
if ((win === null) || (typeof win === 'undefined')) { // Pop-up blocked
window.location = '<?= $statuspath ?>';
} else {
window.location = url;
}
} else {
window.location = '<?= $statuspath ?>';
}
}
if ((result === 2) || (result === 3) || result === 5) { // failed or logoff or notyet
document.form1.username.focus();
}
}
</script>
<link rel="stylesheet" href="/css/style_intercept.css" type="text/css">
</head>
<body onLoad="javascript:doOnLoad(<?= $result ?>,'<?= $userurl ?>','<?= $redirurl ?>','<?= $adminurl ?>','<?= $timeleft ?>')">
<center>
<?php if ($result === 2 || $result === 3 || $result === 5): // failed or logoff or notyet ?>
<div id="logon">
<h1><?= $organisme ?></h1>
<h2><?= $l_loggedcont ?></h2>
<?php if ($result === 2): // failed ?>
<h3><?= $l_loginfailed ?></h3>
<?php if ($reply): // traitement du reply ... ?>
<center><?= $reply ?><br><br></center>
<?php endif; ?>
<?php endif;
if ($userurl === 'http://logout/') $userurl = 'http://www.google.com'; // Avoid cyclic logout
?>
<img id="logo-alcasar" src="/images/logo-alcasar.png">
<form name="form1" method="post" action="<?= $loginpath ?>">
<input type="hidden" name="challenge" value="<?= $challenge ?>">
<input type="hidden" name="userurl" value="<?= $userurl ?>">
<table id="boite-logon">
<tr>
<td width="20%" rowspan="4"><img id="logo-organ" src="/images/organisme.png"></td>
<td width="30%" align="right"><?= $l_user ?></td>
<td width="50%" align="left"><input type="text" maxLength="32" name="username" autocomplete="off"></td>
</tr>
<tr>
<td align="right"><?= $l_password ?></td>
<td align="left"><input maxLength="32" type="password" name="password" autocomplete="off"></td>
</tr>
<tr>
<td height="23" align="left"><input value="<?= $l_boutonO ?>" type="submit" name="button"></td>
<?php if ($service_SMS_status): ?>
<td><a href="autoregistrationinfo.php"><?= $l_autoregistration ?></a></td>
<?php endif; ?>
</tr>
</table>
</form>
<table id="boite-info" cellSpacing="0" cellPadding="0" width="80%">
<tr>
<td align="center"><font color="red"><b><?= $l_loggedin_stringl1 ?></b></font></td>
</tr>
<tr>
<td align="left">
<ul>
<li><?= $l_loggedin_stringl2 ?></li>
<li><?= $l_loggedin_stringl4 ?></li>
<li><?= $l_loggedin_stringl3 ?></li>
<li><?= $l_loggedin_stringl5 ?></li>
<li><?= $l_loggedin_stringl6 ?></li>
</ul>
</td>
</tr>
</table>
<?php
// Read the "Domain allowed" file
$tab = file(DOMAIN_ALLOWED_LIST);
if ($tab) { // the file isn't empty
echo '<div id="authorized_domain">'.$l_uam_domain;
foreach ($tab as $line) {
if (trim($line) !== '') { // the line isn't empty
$domain_allowed = explode('#', $line);
if (trim($domain_allowed[1]) !== '') {
$domain = explode('"', $domain_allowed[0]);
// remove every '.' from the beginning of domain
$domain[1] = ltrim($domain[1], '.');
echo '<a href="http://'.trim($domain[1]).'">'.trim($domain_allowed[1]).'</a> ';
}
}
}
echo '</div>';
}
?>
</div>
<?php endif; ?>
</center>
</body>
</html>