Ejemplo n.º 1
function automacuser($json = false)
    global $Settings;
    // TODO MAC is passed in via uam
    $mac = DatabaseFunctions::getInstance()->latestMacFromIP(remoteip());
    $autoUsername = mactoautousername($mac);
    // Attempt to create user
    $autoCreateGroup = $Settings->getSetting('autocreategroup');
    $autoCreatePassword = $Settings->getSetting('autocreatepassword');
    $groupSettings = $Settings->getGroup($autoCreateGroup);
    /* TODO Set at the group level and not in the radcheck table,
     * requires changes to how DB class works
    if ($autoCreateGroup && strlen($autoUsername) > 0) {
        // Create user
        DatabaseFunctions::getInstance()->createUser($autoUsername, $autoCreatePassword, false, false, '--', $groupSettings[$autoCreateGroup]['ExpireAfter'], $autoCreateGroup, "Auto created account for {$mac} at " . date('Ymd H:i:s'));
        // Users password may not match the autocreatepassword if it's changed.
        // Should we update the users password or get the users password?
        DatabaseFunctions::getInstance()->setUserPassword($autoUsername, $autoCreatePassword);
        // Create CHAP Challenge/Response token
        $challenge = $_GET['challenge'];
        $response = chapchallengeresponse($challenge, $autoCreatePassword);
        $loginURL = uamloginurl($autoUsername, $response);
        if ($json) {
            return json_encode(array('username' => $autoUsername, 'challenge' => $challenge, 'response' => $response));
        } else {
            header("Location: {$loginURL}");
            return false;
    return false;
function validate_form($userDetails, $type = 'User')
    $error = array();
    if ($type == 'User') {
        if (!DatabaseFunctions::getInstance()->checkUniqueUsername($userDetails['Username'])) {
            $error[] = T_("Username already taken");
        if (!$userDetails['Username'] || !$userDetails['Password']) {
            $error[] = T_("Username and Password are both Required");
    if ($type == 'Computer') {
        if (!DatabaseFunctions::getInstance()->checkUniqueUsername($userDetails['mac'])) {
            $error[] = T_("MAC Address already has an account");
        if (!\Grase\Validate::MACAddress($userDetails['mac'])) {
            $error[] = T_("MAC Address not in correct format");
    if (!\Grase\Validate::numericLimit($userDetails['MaxMb']) && $userDetails['MaxMb'] != '') {
        $error[] = sprintf(T_("Invalid value '%s' for 1 Data Limit"), $userDetails['MaxMb']);
    if (!\Grase\Validate::numericLimit($userDetails['Max_Mb']) && $userDetails['Max_Mb'] != 'inherit') {
        $error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $userDetails['Max_Mb']);
    if (!\Grase\Validate::numericLimit($userDetails['MaxTime']) && $userDetails['MaxTime'] != '') {
        $error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $userDetails['MaxTime']);
    if (!\Grase\Validate::numericLimit($userDetails['Max_Time']) && $userDetails['Max_Time'] != 'inherit') {
        $error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $userDetails['Max_Time']);
    if ((is_numeric($userDetails['Max_Mb']) || $userDetails['Max_Mb'] == 'inherit') && is_numeric($userDetails['MaxMb'])) {
        $error[] = T_("Only set one Data limit field");
    if ((is_numeric($userDetails['Max_Time']) || $userDetails['Max_Time'] == 'inherit') && is_numeric($userDetails['MaxTime'])) {
        $error[] = T_("Only set one Time limit field");
    $error[] = validate_group($userDetails['Group']);
    return array_filter($error);
 $nextpage = $paymentplugin->currentPage();
 // Check if payment is complete
 if (!$paymentplugin->isPaymentCompleted()) {
     // Payment isn't completed
     // Check for page submission
     if (isset($_POST['pgformsubmission'])) {
         $nextpage = $paymentplugin->processPage($nextpage);
         // TODO After processing page, again check if payment is complete
 // Page has been processed, we now check if payment is complete and do what we need
 if ($paymentplugin->isPaymentCompleted() && !isset($_SESSION['AccountActivated'])) {
     // Payment completed, display user details, activate user, cleanup
     // Activate the account. It's upto the plugin to display things
     $_SESSION['AccountActivated'] = true;
     // Expire session after 5 minutes to prevent others from seeing saved login details
     // TODO provide link to clear details
     $_SESSION['ExpireSession'] = time() + 300;
     // TODO Store purchase details in database, along with payment details including price and plugin used, and any reciept number
     //print $paymentplugin->getPaymentDetails(); TODO TODO TODO TODO
 // Regardless of payment completion and page processing, we now display the page. If anything is wrong with the processing this page will let us know as the plugin handles which state we are in.
 $pagecontents = $paymentplugin->getPageContents($nextpage);
 echo '<form action="" method="POST"><input type="hidden" name="pgformsubmission" value="1"/>';
 echo $pagecontents;
 // Store state into SESSION
 $_SESSION['paymentGatewayPluginState'] = $paymentplugin->getState();
 // Load payment gateway based on $_SESSION['selectedpaymentgateway']
function assign_vars($templateEngine)
    global $Settings;
    list($fileversions, $application_version) = css_file_version();
    $templateEngine->assign("radmincssversion", $fileversions['radmin.css']);
    $templateEngine->assign("hotspotcssversion", $fileversions['hotspot.css']);
    $templateEngine->assign("grasejsversion", $fileversions['grase.js']);
    $templateEngine->assign("radminjsversion", $fileversions['radmin.js']);
    $templateEngine->assign("application_version", $application_version);
    $templateEngine->assign("Application", APPLICATION_NAME);
    // Setup Menus
    $templateEngine->assign("MenuItems", createmenuitems());
    /*$smarty->assign("Usergroups", usergroups());*/
    // Costs
    //$smarty->assign("CurrencySymbols", currency_symbols());
    $templateEngine->assign("Datacosts", datacosts());
    $templateEngine->assign("GroupDatacosts", datavals());
    $templateEngine->assign("Datavals", datavals());
    $templateEngine->assign("Timecosts", timecosts());
    $templateEngine->assign("GroupTimecosts", timevals());
    $templateEngine->assign("Timevals", timevals());
    $templateEngine->assign("Bandwidthvals", bandwidth_options());
    $templateEngine->assign("Recurtimes", recurtimes());
    // Settings
    $templateEngine->assign("Title", $Settings->getSetting('locationName') . " - " . APPLICATION_NAME);
    $templateEngine->assign("website_name", $Settings->getSetting('websiteName'));
    $templateEngine->assign("website_link", $Settings->getSetting('websiteLink'));
    // Group data for displaying group properties
    $templateEngine->assign("groupdata", DatabaseFunctions::getInstance()->getGroupAttributes());
    $templateEngine->assign("groupsettings", $Settings->getGroup());
    $templateEngine->assign("groups", grouplist());
    // DEMO SITE flag
    // Allow extra things on Demo site (piwik tracking of admin interface)
    $templateEngine->assign("DEMOSITE", $Settings->getSetting('demosite'));
    // Usermin assign vars
    if (function_exists('usermin_assign_vars')) {
# Seemless automatic access based on IP address
# Access through the "IP User" external helper
acl Auth_User external IPUser
acl Staff external UserGroup Staff
acl Ministry external UserGroup Ministry
http_access allow Auth_User !Ministry
http_access deny Banned_Hosts
#http_access allow Ministry !Ministry_Banned_Domains !Ministry_Banned_Regex_Domains
http_access deny Ministry Ministry_Banned_Domains
http_access deny Ministry Ministry_Banned_Regex_Domains
http_access allow Auth_User Ministry
chdir(dirname(__FILE__) . '/../');
$group = trim($argv[1]);
$fp = fopen('php://stdin', 'r');
while ($data = trim(fgets($fp, 4096))) {
    //	echo "$IP ".convertRadacctIPtoUsername($IP)."\n";
    list($Username, $group) = split(" ", $data, 2);
    $usergroup = trim(DatabaseFunctions::getInstance()->getUserGroup($Username));
    if ($usergroup == $group && $usergroup != "") {
        print "OK\n";
    } else {
        //print "OK\n";
        print "ERR message='User Group not permitted to access this site'\n";
    // TODO: Is this debugging? Remove
    file_put_contents("/tmp/usergroup", "{$Username}, {$group}, {$usergroup}\n", FILE_APPEND);

    GRASE Hotspot is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with GRASE Hotspot.  If not, see <http://www.gnu.org/licenses/>.
use Grase\Reports;
$PAGE = 'reports';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
$Reports = new Reports(new DatabaseConnections());
$templateEngine->assign('monthsavailableaccounting', DatabaseFunctions::getInstance()->getMonthsAccountingDataAvailableFor());
// Current month up and down
list($data1, $labels, $assoc1) = $Reports->getThisMonthDownUsageReport();
list($data2, $labels, $assoc2) = $Reports->getThisMonthUpUsageReport();
$templateEngine->assign('thismonthseries', json_encode(array($assoc1, $assoc2)));
$thisMonthUpDown[] = array('Day', 'Downloads', 'Uploads');
foreach ($labels as $id => $label) {
    $thisMonthUpDown[] = array($label, $data1[$id], $data2[$id]);
$templateEngine->assign('thismonthupdownarray', json_encode($thisMonthUpDown));
// All months users usage
$templateEngine->assign('userusagebymontharray', json_encode($Reports->getUsersUsageByMonth()));
// Previous months total usage
list($data, $labels, $assoc) = $Reports->getPreviousMonthsUsageReport();
$templateEngine->assign('previousmonthsseries', json_encode(array($assoc)));
// Users usage - Current Month
    $templateEngine->assign("username", $_GET['username']);
} elseif (isset($_GET['allsessions'])) {
    $sessions = DatabaseFunctions::getInstance()->getRadiusUserSessionsDetails();
    $totalRows = sizeof($sessions);
    $numPerPage = $_GET['items'] ? abs($_GET['items']) : 25;
    // TODO check this is safe
    $page = $_GET['page'] ? abs($_GET['page']) : 0;
    //TODO check this is safe
    $pages = floor($totalRows / $numPerPage);
    if ($page > $pages) {
        $page = $pages;
    $currentStartItem = $page * $numPerPage;
    $displaySessions = array_slice($sessions, $currentStartItem, $numPerPage, true);
    $templateEngine->assign("sessions", $displaySessions);
    $templateEngine->assign("pages", $pages);
    $templateEngine->assign("perpage", $numPerPage);
    $templateEngine->assign("currentpage", $page);
} else {
    $templateEngine->assign("activesessions", DatabaseFunctions::getInstance()->getActiveRadiusSessionsDetails());
    if ($_GET['refresh']) {
        $refresh = clean_int($_GET['refresh']) * 60;
        if ($refresh < 60) {
            $refresh = 60;
        $templateEngine->assign("autorefresh", $refresh);
$templateEngine->assign('usercomments', DatabaseFunctions::getInstance()->getAllUsersComments());
// TODO: Data usage over "forever"
            case "starttime":
                $perlArgs[] = sprintf($startArg, $value);
            case "finishtime":
                $perlArgs[] = sprintf($finishArg, $value);
            case "ipaddress":
                $perlArgs[] = sprintf($IPArg, $value);
    return sprintf($perlCommand, implode(' && ', $perlArgs));
/* Start Page Logic */
if (trim($_GET['acctid']) != '') {
    $session = DatabaseFunctions::getInstance()->getRadiusSessionDetails($_GET['acctid']);
    // Build up components for perl matching command
    $conditions['starttime'] = escapeshellcmd(format_unixtime($session['AcctStartTime']));
    $finishTime = escapeshellcmd(format_unixtime($session['AcctStopTime']));
    if ($finishTime != "0.0.0 0:00:00" && $finishTime != '') {
        $conditions['finishtime'] = $finishTime;
    $conditions['ipaddress'] = escapeshellcmd($session['FramedIPAddress']);
    /* We use a perl command as it's faster and easier to code the
     * matching logic than trying to process the entire log file in PHP */
    $perlCommand = buildPerlCommand($conditions);
    $username = $session['Username'];
    $command = "gunzip -fc /var/log/squid3/access.log*  | {$perlCommand} ";
} else {
    $error = "Invalid Acctid";
    $templateEngine->assign("error", $error);
$PAGE = 'users';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
$users = DatabaseFunctions::getInstance()->getMultipleUsersDetails(DatabaseFunctions::getInstance()->getAllUserNames());
$users_groups = sort_users_into_groups($users);
// TODO: Reports and then no longer sort user list by downloads??
$users_groups['All'] = $users;
// TODO: Group names can't have space in name TODO: Translate all?
$templateEngine->assign("groupdata", DatabaseFunctions::getInstance()->getGroupAttributes());
$templateEngine->assign("users", $users);
$templateEngine->assign("users_groups", $users_groups);
/* Copyright 2008 Timothy White */
require_once 'includes/site.inc.php';
header("Content-Type: text/javascript;");
if ($_GET['username']) {
    $user = DatabaseFunctions::getInstance()->getUserDetails(mysql_real_escape_string($_GET['username']));
    // TODO: sanitize INPUT
    $maxoctets = "";
    $timelimit = "";
    // TODO Show remaining time for hour/day limits
    // TODO Group limits
    if (isset($user['Max-Octets'])) {
        $maxoctets = $user['Max-Octets'];
    if (isset($user['Max-All-Session'])) {
        $timelimit = $user['Max-All-Session'];
    if (isset($user['GroupSettings']['MaxOctets']) && !$maxoctets) {
        $maxoctets = $user['GroupSettings']['MaxOctets'];
    if (isset($user['GroupSettings']['MaxSeconds']) && !$timelimit) {
        $timelimit = $user['GroupSettings']['MaxSeconds'];
    echo $maxoctets;
    echo $timelimit;
$PAGE = 'users';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
$DBF = DatabaseFunctions::getInstance();
if (isset($_GET['user'])) {
    $users = $DBF->getMultipleUsersDetails(array(\Grase\Clean::text($_GET['user'])));
    if (!is_array($users)) {
        $users = array();
    $title = \Grase\Clean::text($_GET['user']) . ' Voucher';
} elseif (isset($_GET['batch'])) {
    $batches = explode(',', $_GET['batch']);
    $users = array();
    foreach ($batches as $batch) {
        $batch = clean_number($batch);
        $usersInBatch = $DBF->getMultipleUsersDetails($Settings->getBatch($batch));
        if (is_array($usersInBatch)) {
            $users = array_merge($users, $usersInBatch);
if (isset($_POST['unexpiresubmit'])) {
    DatabaseFunctions::getInstance()->setUserExpiry($username, expiry_for_group(DatabaseFunctions::getInstance()->getUserGroup($username)));
    $success[] = T_("Expiry updated");
// Delete User
if (isset($_POST['deleteusersubmit'])) {
    // TODO: Check for success
    $success[] = sprintf(T_("User '%s' Deleted"), $username);
    AdminLog::getInstance()->log("User {$username} deleted");
    $templateEngine->assign("error", $error);
    $templateEngine->assign("success", $success);
    require 'display.php';
    // TODO: Recode so don't need die (too many nests?)
$templateEngine->assign("error", $error);
$templateEngine->assign("success", $success);
// if $success we need to reload the info
if (sizeof($success) > 0 || sizeof($error) > 0) {
    $user = DatabaseFunctions::getInstance()->getUserDetails($_GET['username']);
// After potential reload, we can assign it to smarty
$templateEngine->assign("user", $user);
// After all user details are loaded, we can load our warning
if ($user['AccountLock'] == true) {
    $templateEngine->warningMessage(T_('User account is locked and will not be able to login'));
function loadChilliOptions()
    global $multiChilliOptions, $singleChilliOptions;
    // Load all Multi option values from database
    foreach ($multiChilliOptions as $multioption => $attributes) {
        $multiChilliOptions[$multioption]['value'] = DatabaseFunctions::getInstance()->getChilliConfigMulti($multioption);
    // Load all Single option values from database
    foreach ($singleChilliOptions as $singleoption => $attributes) {
        $singleChilliOptions[$singleoption]['value'] = DatabaseFunctions::getInstance()->getChilliConfigSingle($singleoption);
require_once 'includes/usermin_session.inc.php';
if (isset($_GET['history'])) {
    $templateEngine->assign("sessions", DatabaseFunctions::getInstance()->getRadiusUserSessionsDetails($Auth->getUsername()));
} else {
    $error = array();
    if (isset($_POST['changepasswordsubmit'])) {
        $newpass1 = trim($_POST['NewPassword']);
        $newpass2 = trim($_POST['PasswordVerify']);
        // Work on changing password
        if ($newpass1 != $newpass2) {
            $error[] = T_("New Passwords must match");
        } elseif ($newpass1 == '') {
            $error[] = T_("Password must not be blank");
        } else {
            if (DatabaseFunctions::getInstance()->setUserPassword($Auth->getUsername(), $newpass1)) {
                $success[] = T_("Password Changed");
            } else {
                $error[] = T_("Password not updated");
    $templateEngine->assign("error", array_filter($error));
    $templateEngine->assign("success", $success);
    $templateEngine->assign("user", DatabaseFunctions::getInstance()->getUserDetails($Auth->getUsername()));

function checkGroupsBandwidthDropdowns($datavals)
    global $Settings;
    //TODO Remove global
    $bw = explode(' ', $datavals);
    $group_settings = $Settings->getGroup();
    $group_attribs = DatabaseFunctions::getInstance()->getGroupAttributes();
    foreach ($group_settings as $name => $group) {
        if (isset($group_attribs[$name]['BandwidthUpLimit']) && !in_array($group_attribs[$name]['BandwidthUpLimit'], $bw)) {
            $bw[] = $group_attribs[$name]['BandwidthUpLimit'];
        if (isset($group_attribs[$name]['BandwidthDownLimit']) && !in_array($group_attribs[$name]['BandwidthDownLimit'], $bw)) {
            $bw[] = $group_attribs[$name]['BandwidthDownLimit'];
    $bw = trim(implode(" ", $bw));
    return $bw;
            } else {
                // Failed to create. Most likely not a unique username.
                // Try again but only for so long (i.e. all usernames are in use)
                // This really chokes up the logs, maybe don't log this? TODO
                AdminLog::getInstance()->log("Failed to created new user {$username}. Probably duplicate username");
                if ($failedUsers > 20) {
                    AdminLog::getInstance()->log("Too many failed usernames, stopping batch creation");
                    $error[] = sprintf(T_("Too many users failed to create. Batch creation stopped. %s users have been successfully created"), $i);
        // Load up user details of created users for displaying
        $createdUsers = DatabaseFunctions::getInstance()->getMultipleUsersDetails($createdUsernames);
        $templateEngine->assign("createdusers", $createdUsers);
        // Check if we managed to create all users or if batch failed
        if ($failedUsers <= 20) {
            $success[] = T_("Tickets Successfully Created");
            $success[] = "<a target='_tickets' href='export.php?format=html&batch={$batchID}'>" . T_("Print Tickets") . "</a>";
// TODO: make default settings customisable
$user['Max_Mb'] = 'inherit';
$user['Max_Time'] = 'inherit';
$templateEngine->assign("user", $user);
$templateEngine->assign("last_batch", $Settings->getSetting('lastbatch'));
$templateEngine->assign("listbatches", $Settings->listBatches());
require_once 'includes/site.inc.php';
// MySQL call to radacct where IP address matches a session that is current, get username
// Show user details
// Meta refresh to update
$ipaddress = $_SERVER['REMOTE_ADDR'];
$username = DatabaseFunctions::getInstance()->getRadiusUserByCurrentSession($ipaddress);
if ($username != '') {
    $user = DatabaseFunctions::getInstance()->getUserDetails($username);
    $session = DatabaseFunctions::getInstance()->getRadiusSessionDetails(DatabaseFunctions::getInstance()->getRadiusIDCurrentSessionByUser($user['Username']));
    /* Shared code with get_user_limits */
    $maxoctets = "";
    $timelimit = "";
    if (isset($user['Max-Octets'])) {
        $maxoctets = $user['Max-Octets'];
    if (isset($user['Max-All-Session'])) {
        $timelimit = $user['Max-All-Session'];
    if (isset($user['GroupSettings']['MaxOctets']) && !$maxoctets) {
        $maxoctets = $user['GroupSettings']['MaxOctets'];
    if (isset($user['GroupSettings']['MaxSeconds']) && !$timelimit) {
        $timelimit = $user['GroupSettings']['MaxSeconds'];
    /* */
    $user['MaxOctets'] = $maxoctets;
    $user['MaxAllSession'] = $maxtime;
acl Auth_User external IPUser

http_access allow Auth_User
http_access deny Banned_Hosts

chdir(__DIR__ . '/../');
require_once __DIR__ . '/../../../vendor/autoload.php';
$fp = fopen('php://stdin', 'r');
while ($IP = trim(fgets($fp, 4096))) {
    //	echo "$IP ".database_radacct_ip_to_username($IP)."\n";
    // TODO: See about converting this back to DB lookup
    //$username = chilli_ip_to_username($IP);
    $username = DatabaseFunctions::getInstance()->activeSessionUsername($IP);
    if ($username != "ERR" && $username) {
        print "OK user={$username}\n";
    } else {
        //print "OK\n";
        print "ERR\n";
// Old function. Hopefully DatabaseFunctions will do this for us now
function chilli_ip_to_username($IP)
    $current_sessions = `chilli_query list`;
    $current_sessions = split("\n", $current_sessions);
    foreach ($current_sessions as $session) {
        list($MAC_Address, $IP_Address, $InternalState, $SessionID, $AuthenticatedState, $Username, $Duration, $Idle, $URL) = split(" ", $session);
        if ($IP_Address == $IP && $AuthenticatedState == '1') {