$queryString = "nossl=1";
if ($_SERVER["QUERY_STRING"]) {
$queryString .= "&" . $_SERVER["QUERY_STRING"];
}
header("Location: http://{$_SERVER[SERVER_NAME]}{$_SERVER[PHP_SELF]}?{$queryString}");
exit;
}
}
// force population of ARP table
if ($pingFirst) {
shell_exec("ping -c 1 {$srcIP}");
}
$arp = shell_exec(SQUID_ARP_PATH . " -n {$srcIP}");
$matches = array();
if (preg_match("/(([0-9a-f]{1,2}:){5}[0-9a-f]{1,2})/i", $arp, $matches)) {
$mac = sanitiseMac($matches[0]);
} else {
exit("Unable to determine your hardware address. Are you on the right network?");
}
// now, check for a device record or active session in the database
$conn = new mysqli(SQUID_DB_SERVER, SQUID_DB_USERNAME, SQUID_DB_PASSWORD, SQUID_DB_NAME);
if (mysqli_connect_error()) {
exit("Unable to connect to session database. " . mysqli_connect_error());
}
$servers = is_array($SQUID_PM_DB) ? array_keys($SQUID_PM_DB) : array();
// device records take priority over transient sessions
$rs = $conn->query("select username from user_devices where mac_address = '{$mac}' and " . ($servers ? "(server_name in ('" . implode("', '", $servers) . "') or server_name is null)" : "server_name is null"));
if ($rs && ($row = $rs->fetch_row())) {
$loggedIn = true;
$deviceRegistered = true;
$un = $row[0];
function iptablesRemoveUserDevice($mac, $proxyEnforced = true, $preSanitised = false)
{
if (!$preSanitised) {
$mac = sanitiseMac($mac);
}
$chain = $proxyEnforced ? SQUID_IPTABLES_USER_DEVICES_CHAIN : SQUID_IPTABLES_NO_PROXY_CHAIN;
// as above
shell_exec(SQUID_IPTABLES_PATH . " -t filter -D {$chain} -m mac --mac-source {$mac} -j ACCEPT");
}