function auth_verif()
{
$tpl = new templates();
$ldap = new clladp();
if ($ldap->IsKerbAuth()) {
$external_ad_search = new external_ad_search();
if (!$external_ad_search->CheckUserAuth($_POST["username-logon"], $_POST["username-password"])) {
echo $tpl->_ENGINE_parse_body("<center><H2 style='color:red'>{unknown_user}</H2></center>");
return null;
}
$users = new usersMenus();
$privs = new privileges($_POST["username-logon"]);
$privileges_array = $privs->privs;
$_SESSION["InterfaceType"] = "{ARTICA_MINIADM}";
setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800);
$_SESSION["privileges_array"] = $privs->privs;
$_SESSION["uid"] = $_POST["username-logon"];
$_SESSION["passwd"] = $_POST["username-logon"];
$_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content;
BuildSession($_POST["username-logon"]);
echo "<script>YahooWinHide();LoadAjax('BodyContent','miniadm.index.php');</script>\n\t\t";
return;
}
$u = new user($_POST["username-logon"]);
$userPassword = $u->password;
if (trim($u->uidNumber) == null) {
writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__);
echo $tpl->_ENGINE_parse_body("<center><H2 style='color:red'>{unknown_user}</H2></center>");
return null;
}
if (trim($_POST["username-password"]) == trim($userPassword)) {
$ldap = new clladp();
$users = new usersMenus();
$privs = new privileges($u->uid);
$privileges_array = $privs->privs;
$_SESSION["InterfaceType"] = "{ARTICA_MINIADM}";
setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800);
$_SESSION["privileges_array"] = $privs->privs;
$_SESSION["privs"] = $privileges_array;
$_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"];
$_SESSION["uid"] = $_POST["username-logon"];
$_SESSION["passwd"] = $_POST["username-logon"];
$_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content;
$_SESSION["groupid"] = $ldap->UserGetGroups($_POST["artica_username"], 1);
$_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled;
$_SESSION["MailboxActive"] = $u->MailboxActive;
$_SESSION["ou"] = $u->ou;
$_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas);
$lang = new articaLang();
writelogs("[{$_POST["username-logon"]}]: Default organization language={$_SESSION["OU_LANG"]}", __FUNCTION__, __FILE__);
if (trim($_SESSION["OU_LANG"]) != null) {
$_SESSION["detected_lang"] = $_SESSION["OU_LANG"];
setcookie("artica-language", $_SESSION["OU_LANG"], time() + 172800);
} else {
setcookie("artica-language", $_POST["lang"], time() + 172800);
$_SESSION["detected_lang"] = $lang->get_languages();
}
echo "<script>\n\t\t\tYahooWinHide();\n\t\t\tLoadAjax('BodyContent','miniadm.index.php');\n\t\t</script>\n\t\t";
return;
} else {
echo $tpl->_ENGINE_parse_body("<center><H2 style='color:red'>{bdu}</H2></center>");
}
}
function parseTemplate_unlock_checkcred()
{
include_once dirname(__FILE__) . "/ressources/class.sockets.inc";
include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php";
include_once dirname(__FILE__) . "/ressources/class.tcpip.inc";
include_once dirname(__FILE__) . "/ressources/class.user.inc";
include_once dirname(__FILE__) . "/ressources/class.templates.inc";
include_once dirname(__FILE__) . "/ressources/class.users.menus.inc";
include_once dirname(__FILE__) . "/ressources/class.external.ad.inc";
include_once dirname(__FILE__) . "/ressources/class.ldap-extern.inc";
include "ressources/settings.inc";
$sock = new sockets();
$UfdbGuardHTTPAllowNoCreds = intval($sock->GET_INFO("UfdbGuardHTTPAllowNoCreds"));
if ($UfdbGuardHTTPAllowNoCreds == 1) {
return true;
}
if ($_POST["nocreds"] == 1) {
return true;
}
$username = $_POST["username"];
$password = trim($_POST["password"]);
if ($sock->SQUID_IS_EXTERNAL_LDAP()) {
$ldap_extern = new ldap_extern();
if ($ldap_extern->checkcredentials($username, $password)) {
return true;
}
}
if (trim(strtolower($username)) == trim(strtolower($_GLOBAL["ldap_admin"]))) {
if ($password == trim($_GLOBAL["ldap_password"])) {
return true;
}
}
$ldap = new clladp();
if ($ldap->IsKerbAuth()) {
$external_ad_search = new external_ad_search();
if ($external_ad_search->CheckUserAuth($username, $password)) {
return true;
}
}
$q = new mysql();
$sql = "SELECT `username`,`value`,id FROM radcheck WHERE `username`='{$username}' AND `attribute`='Cleartext-Password' LIMIT 0,1";
$ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup"));
if (!is_numeric($ligne["id"])) {
$ligne["id"] = 0;
}
if (!$q->ok) {
writelogs("{$username}:: {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__);
}
if ($ligne["id"] > 0) {
if ($ligne["value"] == $password) {
return true;
}
}
$u = new user($username);
if (trim($u->uidNumber) != null) {
if (trim($password) == trim($u->password)) {
return true;
}
}
return false;
}
function checklogon($Aspost = false)
{
include_once dirname(__FILE__) . "/ressources/class.user.inc";
include "ressources/settings.inc";
$username = $_POST["username"];
$_POST["password"] = url_decode_special_tool($_POST["password"]);
$password = trim($_POST["password"]);
$users = new usersMenus();
if ($users->WEBSTATS_APPLIANCE) {
$users->SQUID_INSTALLED = true;
}
//echo $username."\n$password\n";
if ($password == null) {
if ($Aspost) {
MainPage("Bad password");
return;
}
echo "Bad password";
return;
}
if (trim(strtolower($username)) == trim(strtolower($_GLOBAL["ldap_admin"]))) {
$passwordMD = md5(trim($_GLOBAL["ldap_password"]));
if ($password == $passwordMD) {
$_SESSION["uid"] = '-100';
$_SESSION["groupid"] = '-100';
$_SESSION["passwd"] = $_GLOBAL["ldap_password"];
$_SESSION["CORP"] = $users->CORP_LICENSE;
$_SESSION["privileges"]["ArticaGroupPrivileges"] = '
[AllowAddGroup]="yes"
[AllowAddUsers]="yes"
[AllowChangeKav]="yes"
[AllowChangeKas]="yes"
[AllowChangeUserPassword]="yes"
[AllowEditAliases]="yes"
[AllowEditAsWbl]="yes"
[AsSystemAdministrator]="yes"
[AsPostfixAdministrator]="yes"
[AsArticaAdministrator]="yes"';
$_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}";
$_SESSION["AsWebStatisticsAdministrator"] = true;
if ($Aspost) {
header("location:miniadm.index.php");
return;
}
return;
}
}
if ($users->SQUID_INSTALLED) {
$q = new mysql_squid_builder();
$passwordMD = md5($password);
$sql = "SELECT webfilters_sqitems.gpid AS maingpid\n\t\t\tFROM webfilters_sqacllinks, webfilters_sqgroups, webfilters_sqitems, webfilters_sqacls\n\t\t\tWHERE webfilters_sqacllinks.gpid = webfilters_sqgroups.ID\n\t\t\tAND webfilters_sqacllinks.aclid = webfilters_sqacls.ID\n\t\t\tAND webfilters_sqgroups.ID = webfilters_sqitems.gpid\n\t\t\tAND webfilters_sqacls.enabled =1\n\t\t\tAND webfilters_sqgroups.enabled =1\n\t\t\tAND webfilters_sqitems.enabled =1\n\t\t\tAND webfilters_sqgroups.GroupType = 'dynamic_acls'\n\t\t\tAND webfilters_sqitems.pattern = '{$username}:{$passwordMD}'";
$results = $q->QUERY_SQL($sql);
if (!$q->mysql_error) {
echo $q->mysql_error;
}
$CountDerules = mysql_num_rows($results);
writelogs("{$username}::webfilters_sqitems:: {$CountDerules} rules", __FUNCTION__, __FILE__, __LINE__);
if ($CountDerules > 0) {
writelogs("{$username}::webfilters_sqitems:: Building rules....", __FUNCTION__, __FILE__, __LINE__);
while ($ligne = mysql_fetch_assoc($results)) {
$_SESSION["SQUID_DYNAMIC_ACLS_VIRTUALS"][$ligne["maingpid"]] = true;
}
$_SESSION["InterfaceType"] = "{ARTICA_MINIADM}";
$_SESSION["VirtAclUser"] = true;
$_SESSION["ou"] = "Proxy Service";
$_SESSION["CORP"] = $users->CORP_LICENSE;
setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800);
$_SESSION["privileges_array"] = $privs->privs;
$_SESSION["uid"] = $username;
$_SESSION["privileges"]["ArticaGroupPrivileges"] = array();
BuildSession($username);
if ($Aspost) {
header("location:miniadm.index.php");
return;
}
return;
}
}
writelogs("{$username}:: Continue, processing....", __FUNCTION__, __FILE__, __LINE__);
$ldap = new clladp();
$IsKerbAuth = $ldap->IsKerbAuth();
writelogs("{$username}:: Is AD -> {$IsKerbAuth}", __FUNCTION__, __FILE__, __LINE__);
if ($ldap->IsKerbAuth()) {
$external_ad_search = new external_ad_search();
if ($external_ad_search->CheckUserAuth($username, $password)) {
$users = new usersMenus();
$privs = new privileges($_POST["username-logon"]);
$privileges_array = $privs->privs;
$_SESSION["InterfaceType"] = "{ARTICA_MINIADM}";
$_SESSION["VirtAclUser"] = false;
setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800);
$_SESSION["privileges_array"] = $privs->privs;
$_SESSION["uid"] = $_POST["username-logon"];
$_SESSION["passwd"] = $_POST["username-logon"];
$_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content;
BuildSession($username);
if ($Aspost) {
header("location:miniadm.index.php");
return;
}
return;
}
writelogs("{$username}:: Checks Active Directory failed, continue processing...", __FUNCTION__, __FILE__, __LINE__);
}
writelogs("{$username}:: Continue, processing....", __FUNCTION__, __FILE__, __LINE__);
$q = new mysql();
$sql = "SELECT `username`,`value`,id FROM radcheck WHERE `username`='{$username}' AND `attribute`='Cleartext-Password' LIMIT 0,1";
writelogs("{$username}:: Is a RADIUS users \"{$sql}\"", __FUNCTION__, __FILE__, __LINE__);
$ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup"));
if (!is_numeric($ligne["id"])) {
$ligne["id"] = 0;
}
if (!$q->ok) {
writelogs("{$username}:: {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__);
}
writelogs("{$username}:: {$password} <> " . md5($ligne["value"]), __FUNCTION__, __FILE__, __LINE__);
if ($ligne["id"] > 0) {
$checkRadiusPass = false;
if (md5($ligne["value"]) == $password) {
writelogs("{$username}:: RADIUS Password true for no MD5", __FUNCTION__, __FILE__, __LINE__);
$checkRadiusPass = true;
}
if (md5($ligne["value"]) == $passwordMD) {
writelogs("{$username}:: RADIUS Password true for yes MD5", __FUNCTION__, __FILE__, __LINE__);
$checkRadiusPass = true;
}
if ($checkRadiusPass) {
writelogs("{$username}:: Authenticated as a RADIUS users id={$ligne["id"]}", __FUNCTION__, __FILE__, __LINE__);
$privs = new privileges($_POST["username-logon"], null, $ligne["id"]);
$privileges_array = $privs->privs;
$_SESSION["CORP"] = $users->CORP_LICENSE;
$_SESSION["InterfaceType"] = "{ARTICA_MINIADM}";
setcookie("mem-logon-user", $username, time() + 172800);
$_SESSION["privileges_array"] = $privs->privs;
while (list($key, $val) = each($_SESSION["privileges_array"])) {
if (!isset($_SESSION[$key])) {
$_SESSION[$key] = $val;
}
}
reset($_SESSION["privileges_array"]);
$_SESSION["uid"] = $username;
$_SESSION["RADIUS_ID"] = $ligne["id"];
BuildSession($username);
if ($Aspost) {
header("location:miniadm.index.php");
return;
}
return;
}
}
writelogs("{$username}::Finally Is LOCAL LDAP ? -> {$IsKerbAuth}", __FUNCTION__, __FILE__, __LINE__);
$u = new user($username);
$tpl = new templates();
$userPassword = $u->password;
if (trim($u->uidNumber) == null) {
writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__);
if ($Aspost) {
MainPage("Unknown user (" . __LINE__ . ")");
return;
}
echo "Unknown user (" . __LINE__ . ")";
die;
}
writelogs("{$username}:: Password match ? Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__);
if ($Aspost) {
if (trim($password) != trim($userPassword)) {
writelogs("{$username}:: Password match NO Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__);
MainPage("Bad password (" . __LINE__ . ")");
return;
}
}
if (!$Aspost) {
if (trim($password) != md5(trim($userPassword))) {
writelogs("{$username}:: Password match NO Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__);
writelogs("[{$_POST["username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__);
artica_mysql_events("Failed to logon on the management console as user `{$username}` from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security");
if ($Aspost) {
MainPage("Bad password (" . __LINE__ . ")");
return;
}
echo "Error: (" . __LINE__ . ") bad password";
return null;
}
}
writelogs("{$username}:: Password match YES Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__);
$ldap = new clladp();
$users = new usersMenus();
$_SESSION["CORP"] = $users->CORP_LICENSE;
$privs = new privileges($u->uid);
$privs->SearchPrivileges();
$privileges_array = $privs->privs;
$_SESSION["VirtAclUser"] = false;
$_SESSION["privileges_array"] = $privs->privs;
$_SESSION["privs"] = $privileges_array;
if (isset($privileges_array["ForceLanguageUsers"])) {
$_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"];
}
$_SESSION["uid"] = $username;
$_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content;
$_SESSION["groupid"] = $ldap->UserGetGroups($_POST["username"], 1);
$_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled;
$_SESSION["MailboxActive"] = $u->MailboxActive;
$_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}";
$_SESSION["ou"] = $u->ou;
$_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas);
include_once dirname(__FILE__) . "/ressources/class.translate.rights.inc";
$cr = new TranslateRights(null, null);
$r = $cr->GetPrivsArray();
while (list($key, $val) = each($r)) {
if ($users->{$key}) {
$_SESSION[$key] = $users->{$key};
}
}
if (is_array($_SESSION["privs"])) {
$r = $_SESSION["privs"];
while (list($key, $val) = each($r)) {
$t[$key] = $val;
$_SESSION[$key] = $val;
}
}
if (!isset($_SESSION["OU_LANG"])) {
$_SESSION["OU_LANG"] = null;
}
if (!isset($_SESSION["ASDCHPAdmin"])) {
$_SESSION["ASDCHPAdmin"] = false;
}
if (trim($_SESSION["OU_LANG"]) != null) {
$_SESSION["detected_lang"] = $_SESSION["OU_LANG"];
} else {
include_once dirname(__FILE__) . "/ressources/class.langages.inc";
$lang = new articaLang();
$_SESSION["detected_lang"] = $lang->get_languages();
}
if (isset($GLOBALS["FixedLanguage"])) {
$sock = new sockets();
$GLOBALS["FixedLanguage"] = $sock->GET_INFO("FixedLanguage");
}
if (trim($GLOBALS["FixedLanguage"]) != null) {
$_SESSION["detected_lang"] = $GLOBALS["FixedLanguage"];
}
if ($Aspost) {
header("location:miniadm.index.php");
return;
}
}
function check_auth()
{
if (isset($_POST["USETERMS"])) {
setcookie("USETERMS", 1, 3600);
}
$tpl = new templates();
if ($_POST["debugAuth"] == 1) {
$GLOBALS["VERBOSE"] = true;
ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);
ini_set('error_prepend_string', null);
ini_set('error_append_string', null);
}
$username = $_POST["username"];
$time = time();
if ($username == null) {
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return;
}
include_once dirname(__FILE__) . '/ressources/class.user.inc';
$sock = new sockets();
$tpl = new templates();
$users = new usersMenus();
$EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
if (!is_numeric($EnableKerbAuth)) {
$EnableKerbAuth = 0;
}
$HotSpotConfig = unserialize(base64_decode($sock->GET_INFO("HotSpotConfig")));
if (!isset($HotSpotConfig["FINAL_TIME"])) {
$HotSpotConfig["FINAL_TIME"] = 0;
}
if (!isset($HotSpotConfig["USELDAP"])) {
$HotSpotConfig["USELDAP"] = 1;
}
if (!isset($HotSpotConfig["CACHE_AUTH"])) {
$HotSpotConfig["CACHE_AUTH"] = 60;
}
if (!isset($HotSpotConfig["CACHE_TIME"])) {
$HotSpotConfig["CACHE_TIME"] = 120;
}
if (!isset($HotSpotConfig["USEMYSQL"])) {
$HotSpotConfig["USEMYSQL"] = 1;
}
if (!isset($HotSpotConfig["USEAD"])) {
$HotSpotConfig["USEAD"] = 0;
}
if (!isset($HotSpotConfig["USERAD"])) {
$HotSpotConfig["USERAD"] = 0;
}
if (!is_numeric($HotSpotConfig["USELDAP"])) {
$HotSpotConfig["USELDAP"] = 1;
}
if (!is_numeric($HotSpotConfig["USEMYSQL"])) {
$HotSpotConfig["USEMYSQL"] = 1;
}
if (!is_numeric($HotSpotConfig["CACHE_AUTH"])) {
$HotSpotConfig["CACHE_AUTH"] = 60;
}
if (!is_numeric($HotSpotConfig["CACHE_TIME"])) {
$HotSpotConfig["CACHE_TIME"] = 120;
}
if (!is_numeric($HotSpotConfig["FINAL_TIME"])) {
$HotSpotConfig["FINAL_TIME"] = 0;
}
if (!is_numeric($HotSpotConfig["USERAD"])) {
$HotSpotConfig["USERAD"] = 0;
}
if ($EnableKerbAuth == 0) {
$HotSpotConfig["USEAD"] = 0;
}
if (!$users->CORP_LICENSE) {
$HotSpotConfig["USEAD"] = 0;
}
$CACHE_AUTH = $HotSpotConfig["CACHE_AUTH"];
$username = $_POST["username"];
$password = $_POST["password"];
$passEnc = url_decode_special_tool($_POST["passEnc"]);
$md5key = trim($_POST["md5key"]);
if ($password == null) {
echo "Invalid Password\n";
die;
}
$array = unserialize(base64_decode($_POST["request"]));
$LOGIN = $array["LOGIN"];
$IPADDR = $array["IPADDR"];
$MAC = $array["MAC"];
$HOST = $array["HOST"];
if ($MAC == null) {
$MAC = "00:00:00:00:00:00";
}
if ($IPADDR == null) {
$IPADDR = $_SERVER["REMOTE_ADDR"];
}
if ($LOGIN == null) {
$LOGIN = $username;
}
if ($HOST == null) {
$HOST = gethostbyaddr($IPADDR);
}
if ($md5key == null) {
$md5key = md5("{$LOGIN}{$IPADDR}{$MAC}{$HOST}");
}
$auth = false;
if ($HotSpotConfig["USEAD"] == 1) {
writelogs("{$username}:: Checks Active Directory..", __FUNCTION__, __FILE__, __LINE__);
if ($GLOBALS["VERBOSE"]) {
echo "{$username} AUTH = FALSE continue IF AD... (" . __LINE__ . ")\n";
}
$external_ad_search = new external_ad_search();
if ($external_ad_search->CheckUserAuth($username, $passEnc)) {
writelogs("{$username}:: Checks Active Directory success...", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
if ($HotSpotConfig["USELDAP"] == 1) {
if (!$auth) {
writelogs("{$username}:: Checks LDAP connection..", __FUNCTION__, __FILE__, __LINE__);
$ct = new user($username);
if (md5($ct->password) == $password) {
writelogs("{$username}:: Checks LDAP connection success...", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
}
if ($HotSpotConfig["USERAD"] == 1) {
if (!$auth) {
writelogs("{$username}:: Checks RADIUS connection..", __FUNCTION__, __FILE__, __LINE__);
$RAD_SERVER = $HotSpotConfig["RAD_SERVER"];
$RAD_PORT = $HotSpotConfig["RAD_PORT"];
$RAD_PASSWORD = $HotSpotConfig["RAD_PASSWORD"];
if (!is_numeric($RAD_PORT)) {
$RAD_PORT = 1812;
}
include_once "/usr/share/artica-postfix/ressources/class.radius.auth.inc";
if ($GLOBALS["VERBOSE"]) {
echo "RADIUS_AUTHENTICATION -> With ({$username},{$password},{$RAD_SERVER},{$RAD_PORT}) (" . __LINE__ . ")\n";
}
$retval = RADIUS_AUTHENTICATION($username, $passEnc, $RAD_SERVER, $RAD_PORT, $RAD_PASSWORD);
if ($retval == 2) {
writelogs("{$username}:: Checks RADIUS connection success...", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
}
$ASUID = false;
if ($HotSpotConfig["USEMYSQL"] == 1) {
$q = new mysql_squid_builder();
if (!$auth) {
writelogs("{$username}:: Checks MySQL connection..", __FUNCTION__, __FILE__, __LINE__);
if (!$q->TABLE_EXISTS("hotspot_members")) {
$q->CheckTables();
}
$sql = "SELECT uid,password,ttl,sessiontime,enabled FROM hotspot_members WHERE uid='{$username}'";
$ligne = mysql_fetch_array($q->QUERY_SQL($sql));
if ($ligne["uid"] != null) {
if ($ligne["password"] == $passEnc) {
if ($ligne["sessiontime"] > 0) {
$CACHE_AUTH = $ligne["sessiontime"];
}
if ($ligne["enabled"] == 0) {
echo $tpl->javascript_parse_text("{access_to_internet_disabled} ({disabled})");
die;
}
if (intval($ligne["ttl"]) > 0) {
if ($time > $ligne["ttl"]) {
echo $tpl->javascript_parse_text("{accesstime_to_internet_expired}");
die;
}
}
writelogs("{$username}:: Checks MySQL connection success..", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
}
}
writelogs("{$username}:: Result = {$auth}", __FUNCTION__, __FILE__, __LINE__);
if (!$auth) {
writelogs("{$username}:: Die() authentification failed", __FUNCTION__, __FILE__, __LINE__);
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return;
}
$q = new mysql_squid_builder();
if (!is_numeric($CACHE_AUTH)) {
$CACHE_AUTH = 60;
}
$finaltime = strtotime("+{$CACHE_AUTH} minutes", $time);
$datelogs = date("Y-m-d H:i:s", $finaltime);
writelogs("{$username} -> {$HOST} +{$CACHE_AUTH}mn Next checkup time will be {$datelogs} ", __FUNCTION__, __FILE__, __LINE__);
if ($LOGIN != null) {
$uid = $LOGIN;
} else {
$uid = $username;
}
$q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE ipaddr='{$IPADDR}'");
$q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE MAC='{$MAC}'");
$q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE uid='{$uid}'");
$sql = "INSERT IGNORE INTO hotspot_sessions (md5,logintime, maxtime,finaltime,username,uid,MAC,hostname,ipaddr)\n\tVALUES('{$md5key}',{$time},{$finaltime},{$CACHE_AUTH},'{$username}','{$uid}','{$MAC}','{$HOST}','{$IPADDR}')";
writelogs($sql, __FUNCTION__, __FILE__, __LINE__);
$q->QUERY_SQL($sql);
if (!$q->ok) {
writelogs("{$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__);
echo $q->mysql_error . "\n{$sql}";
return;
}
if ($HotSpotConfig["USEMYSQL"] == 1) {
if (!$ASUID) {
$sql = "INSERT IGNORE INTO hotspot_members (uid,MAC,hostname,ipaddr,enabled) VALUES ('{$uid}','{$MAC}','{$HOST}','{$IPADDR}',1)";
} else {
$sql = "UPDATE hotspot_members SET MAC='{$MAC}',hostname='{$HOST}',ipaddr='{$IPADDR}' WHERE uid='{$uid}'";
}
$q->QUERY_SQL($sql);
}
}
function logon()
{
include "ressources/settings.inc";
include_once 'ressources/class.sockets.inc';
include_once 'ressources/class.ldap.inc';
include_once 'ressources/class.user.inc';
include_once 'ressources/class.langages.inc';
$sock = new sockets();
$tpl = new templates();
$_POST["artica_password"] = url_decode_special($_POST["artica_password"]);
writelogs("Testing logon....{$_POST["artica_username"]}", __FUNCTION__, __FILE__, __LINE__);
//writelogs("Testing logon.... password:{$_POST["artica_password"]}",__FUNCTION__,__FILE__,__LINE__);
$_COOKIE["artica-language"] = $_POST["lang"];
$FileCookyKey = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"]);
$sock->SET_INFO($FileCookyKey, $_POST["Changelang"]);
if (!isset($GLOBALS["FixedLanguage"])) {
$GLOBALS["FixedLanguage"] = $sock->GET_INFO("FixedLanguage");
}
$VIA_API = false;
if (isset($_POST["VIA_API"])) {
$VIA_API = true;
}
if ($_SESSION["uid"] != null) {
if (!$VIA_API) {
echo "location:admin.index.php";
return;
}
}
$socks = new sockets();
while (list($index, $value) = each($_SERVER)) {
$notice[] = "{$index}:{$value}";
}
if ($_GLOBAL["ldap_admin"] == null) {
$sock->getFrameWork("services.php?process1-tenir=yes?MyCURLTIMEOUT=120");
include "ressources/settings.inc";
}
if ($_GLOBAL["ldap_admin"] == null) {
if ($VIA_API) {
echo "FALSE";
return;
}
$tpl = new templates();
echo $tpl->javascript_parse_text("{ldap_username_corrupt_text}");
return null;
}
$md5submitted = $_POST["artica_password"];
if ($VIA_API) {
$md5submitted = md5($_POST["artica_password"]);
}
$md5Manager = md5(trim($_GLOBAL["ldap_password"]));
if (trim($GLOBALS["FixedLanguage"]) != null) {
$_POST["lang"] = $GLOBALS["FixedLanguage"];
}
$trimed_artica_username = trim(strtolower($_POST["artica_username"]));
$trimed_ldap_admin = trim(strtolower($_GLOBAL["ldap_admin"]));
writelogs("Manager -> {$trimed_artica_username} ?=== {$trimed_ldap_admin}", _FUNCTION__, __FILE__, __LINE__);
if ($trimed_artica_username == $trimed_ldap_admin) {
writelogs("Manager: `YES`", __FUNCTION__, __FILE__, __LINE__);
if ($md5Manager != $md5submitted) {
$tpl = new templates();
//writelogs("Testing logon.... password:{$_POST["artica_password"]}!==\"{$_GLOBAL["ldap_password"]}\"",__FUNCTION__,__FILE__,__LINE__);
artica_mysql_events("Failed to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]}", @implode("\n", $notice), "security", "security");
if ($VIA_API) {
echo "FALSE";
return;
}
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return null;
} else {
$users = new usersMenus();
artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as SuperAdmin", @implode("\n", $notice), "security", "security");
//session_start();
$_SESSION["uid"] = '-100';
$_SESSION["groupid"] = '-100';
$_SESSION["passwd"] = $_GLOBAL["ldap_password"];
$_SESSION["MINIADM"] = false;
setcookie("MINIADM", "No", time() + 1000);
$_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}";
setcookie("artica-language", $_POST["lang"], time() + 172800);
$_SESSION["detected_lang"] = $_POST["lang"];
$_SESSION["CORP"] = $users->CORP_LICENSE;
$_SESSION["privileges"]["ArticaGroupPrivileges"] = '
[AllowAddGroup]="yes"
[AllowAddUsers]="yes"
[AllowChangeKav]="yes"
[AllowChangeKas]="yes"
[AllowChangeUserPassword]="yes"
[AllowEditAliases]="yes"
[AllowEditAsWbl]="yes"
[AsSystemAdministrator]="yes"
[AsPostfixAdministrator]="yes"
[AsArticaAdministrator]="yes"
[AsArticaMetaAdmin]="yes"
';
if ($VIA_API) {
writelogs("VIA API = TRUE -> BUILD SESSION", _FUNCTION__, __FILE__, __LINE__);
BuildSession($_SESSION["uid"]);
echo "TRUE";
return;
}
$tpl = new templates();
$sock->getFrameWork("squid.php?clean-catz-cache=yes");
writelogs("OK it is a global admin -> location:admin.index.php", _FUNCTION__, __FILE__, __LINE__);
echo "location:admin.index.php";
exit;
}
}
$ldap = new clladp();
if ($ldap->IsKerbAuth()) {
$userPassword = $_POST["artica_password"];
if (isset($_POST["artica_password_crypted"])) {
$userPassword = $_POST["artica_password_crypted"];
include_once dirname(__FILE__) . "/ressources/class.cryptform.inc";
$userPassword = logon_decrypt($userPassword);
}
writelogs("*** TEST Active Directory user {$_POST["artica_username"]} ****", __FUNCTION__, __FILE__, __LINE__);
$external_ad_search = new external_ad_search();
if ($external_ad_search->CheckUserAuth($_POST["artica_username"], $userPassword)) {
writelogs("*** TEST Active Directory user {$_POST["artica_username"]} success ****", __FUNCTION__, __FILE__, __LINE__);
$_SESSION["MINIADM"] = false;
setcookie("MINIADM", "No", time() + 1000);
$_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}";
setcookie("artica-language", $_POST["lang"], time() + 172800);
$_SESSION["detected_lang"] = $_POST["lang"];
$_SESSION["CORP"] = $users->CORP_LICENSE;
$users = new usersMenus();
$privs = new privileges($_POST["artica_username"]);
$privileges_array = $privs->privs;
DumpPrivileges($_POST["artica_username"], $privileges_array);
$users->_TranslateRights($privileges_array, true);
setcookie("mem-logon-user", $_POST["artica_username"], time() + 172800);
$_SESSION["privileges_array"] = $privs->privs;
$_SESSION["uid"] = $_POST["artica_username"];
BuildSession($_POST["artica_username"]);
$sock->getFrameWork("squid.php?clean-catz-cache=yes");
$_SESSION["MINIADM"] = false;
setcookie("MINIADM", "No", time() + 1000);
if ($VIA_API) {
BuildSession($_SESSION["uid"]);
echo "TRUE";
return;
}
echo "location:admin.index.php";
return;
} else {
if (is_array($GLOBALS["CLASS_ACTV"])) {
while (list($key, $line) = each($GLOBALS["CLASS_ACTV"])) {
writelogs("*** Active Directory {$line}", __FUNCTION__, __FILE__, __LINE__);
}
}
}
}
if (Radius_admins($_POST["artica_username"], $md5submitted)) {
writelogs('*** TEST RADIUS USER ****', __FUNCTION__, __FILE__, __LINE__);
$tpl = new templates();
$sock->getFrameWork("squid.php?clean-catz-cache=yes");
writelogs("OK it is a global admin -> location:admin.index.php", _FUNCTION__, __FILE__, __LINE__);
if ($VIA_API) {
BuildSession($_SESSION["uid"]);
echo "TRUE";
return;
}
echo "location:admin.index.php";
exit;
}
writelogs('This is not Global admin, so test user...', __FUNCTION__, __FILE__, __LINE__);
$u = new user($_POST["artica_username"]);
$userPassword = $u->password;
if (trim($u->uidNumber) == null) {
if ($VIA_API) {
echo "FALSE";
return;
}
writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__);
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return null;
}
$tpl = new templates();
if (trim($_POST["artica_password"]) == md5(trim($userPassword))) {
BuildSession($u->uid);
$ldap = new clladp();
$users = new usersMenus();
$privs = new privileges($u->uid);
$privileges_array = $privs->privs;
if (trim($FixedLanguage) != null) {
$_SESSION["detected_lang"] = $FixedLanguage;
}
$users->_TranslateRights($privileges_array, true);
if (!$users->IfIsAnuser(true)) {
if ($VIA_API) {
echo "TRUE";
return;
}
artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security");
writelogs("[{$_POST["artica_username"]}]: This is not an user =>admin.index.php", __FUNCTION__, __FILE__);
$sock->getFrameWork("squid.php?clean-catz-cache=yes");
$_SESSION["MINIADM"] = false;
setcookie("MINIADM", "No", time() + 1000);
if ($VIA_API) {
BuildSession($_SESSION["uid"]);
echo "TRUE";
return;
}
echo "location:admin.index.php";
return null;
}
if ($VIA_API) {
BuildSession($_SESSION["uid"]);
echo "TRUE";
return;
}
writelogs("[{$_POST["artica_username"]}]: IS AN USER =>../user-backup/logon.php", __FUNCTION__, __FILE__);
$array["USERNAME"] = $_POST["artica_username"];
$array["PASSWORD"] = md5($_POST["artica_username"]);
$credentials = base64_encode(serialize($array));
artica_mysql_events("Success to redirect on the end-user management console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security");
echo "location:../miniadm.logon.php?credentials={$credentials}";
return null;
exit;
} else {
if ($VIA_API) {
echo "FALSE";
return;
}
writelogs("[{$_POST["artica_username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__);
artica_mysql_events("Failed to logon on the management console as user from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security");
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return null;
}
}
function local_ad($username, $password, $params)
{
include_once dirname(__FILE__) . "/ressources/class.external.ad.inc";
$array["LDAP_SERVER"] = $params["LDAP_SERVER"];
$array["LDAP_PORT"] = $params["LDAP_PORT"];
$array["WINDOWS_DNS_SUFFIX"] = $params["WINDOWS_DNS_SUFFIX"];
$array["DEBUG"] = $GLOBALS["DEBUG"];
Debuglogs("Active Directory : {$params["LDAP_SERVER"]}:{$params["LDAP_PORT"]} Check", __FUNCTION__, __LINE__);
$external_ad_search = new external_ad_search(base64_encode(serialize($array)));
if ($external_ad_search->CheckUserAuth($username, $password)) {
Debuglogs("{$username} : Authenticated...", __FUNCTION__, __LINE__);
return true;
}
Debuglogs("{$username} : FAILED...", __FUNCTION__, __LINE__);
}
