function auth_verif() { $tpl = new templates(); $ldap = new clladp(); if ($ldap->IsKerbAuth()) { $external_ad_search = new external_ad_search(); if (!$external_ad_search->CheckUserAuth($_POST["username-logon"], $_POST["username-password"])) { echo $tpl->_ENGINE_parse_body("<center><H2 style='color:red'>{unknown_user}</H2></center>"); return null; } $users = new usersMenus(); $privs = new privileges($_POST["username-logon"]); $privileges_array = $privs->privs; $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $_POST["username-logon"]; $_SESSION["passwd"] = $_POST["username-logon"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; BuildSession($_POST["username-logon"]); echo "<script>YahooWinHide();LoadAjax('BodyContent','miniadm.index.php');</script>\n\t\t"; return; } $u = new user($_POST["username-logon"]); $userPassword = $u->password; if (trim($u->uidNumber) == null) { writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); echo $tpl->_ENGINE_parse_body("<center><H2 style='color:red'>{unknown_user}</H2></center>"); return null; } if (trim($_POST["username-password"]) == trim($userPassword)) { $ldap = new clladp(); $users = new usersMenus(); $privs = new privileges($u->uid); $privileges_array = $privs->privs; $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["privs"] = $privileges_array; $_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"]; $_SESSION["uid"] = $_POST["username-logon"]; $_SESSION["passwd"] = $_POST["username-logon"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; $_SESSION["groupid"] = $ldap->UserGetGroups($_POST["artica_username"], 1); $_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled; $_SESSION["MailboxActive"] = $u->MailboxActive; $_SESSION["ou"] = $u->ou; $_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas); $lang = new articaLang(); writelogs("[{$_POST["username-logon"]}]: Default organization language={$_SESSION["OU_LANG"]}", __FUNCTION__, __FILE__); if (trim($_SESSION["OU_LANG"]) != null) { $_SESSION["detected_lang"] = $_SESSION["OU_LANG"]; setcookie("artica-language", $_SESSION["OU_LANG"], time() + 172800); } else { setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $lang->get_languages(); } echo "<script>\n\t\t\tYahooWinHide();\n\t\t\tLoadAjax('BodyContent','miniadm.index.php');\n\t\t</script>\n\t\t"; return; } else { echo $tpl->_ENGINE_parse_body("<center><H2 style='color:red'>{bdu}</H2></center>"); } }
function parseTemplate_unlock_checkcred() { include_once dirname(__FILE__) . "/ressources/class.sockets.inc"; include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php"; include_once dirname(__FILE__) . "/ressources/class.tcpip.inc"; include_once dirname(__FILE__) . "/ressources/class.user.inc"; include_once dirname(__FILE__) . "/ressources/class.templates.inc"; include_once dirname(__FILE__) . "/ressources/class.users.menus.inc"; include_once dirname(__FILE__) . "/ressources/class.external.ad.inc"; include_once dirname(__FILE__) . "/ressources/class.ldap-extern.inc"; include "ressources/settings.inc"; $sock = new sockets(); $UfdbGuardHTTPAllowNoCreds = intval($sock->GET_INFO("UfdbGuardHTTPAllowNoCreds")); if ($UfdbGuardHTTPAllowNoCreds == 1) { return true; } if ($_POST["nocreds"] == 1) { return true; } $username = $_POST["username"]; $password = trim($_POST["password"]); if ($sock->SQUID_IS_EXTERNAL_LDAP()) { $ldap_extern = new ldap_extern(); if ($ldap_extern->checkcredentials($username, $password)) { return true; } } if (trim(strtolower($username)) == trim(strtolower($_GLOBAL["ldap_admin"]))) { if ($password == trim($_GLOBAL["ldap_password"])) { return true; } } $ldap = new clladp(); if ($ldap->IsKerbAuth()) { $external_ad_search = new external_ad_search(); if ($external_ad_search->CheckUserAuth($username, $password)) { return true; } } $q = new mysql(); $sql = "SELECT `username`,`value`,id FROM radcheck WHERE `username`='{$username}' AND `attribute`='Cleartext-Password' LIMIT 0,1"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); if (!is_numeric($ligne["id"])) { $ligne["id"] = 0; } if (!$q->ok) { writelogs("{$username}:: {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__); } if ($ligne["id"] > 0) { if ($ligne["value"] == $password) { return true; } } $u = new user($username); if (trim($u->uidNumber) != null) { if (trim($password) == trim($u->password)) { return true; } } return false; }
function checklogon($Aspost = false) { include_once dirname(__FILE__) . "/ressources/class.user.inc"; include "ressources/settings.inc"; $username = $_POST["username"]; $_POST["password"] = url_decode_special_tool($_POST["password"]); $password = trim($_POST["password"]); $users = new usersMenus(); if ($users->WEBSTATS_APPLIANCE) { $users->SQUID_INSTALLED = true; } //echo $username."\n$password\n"; if ($password == null) { if ($Aspost) { MainPage("Bad password"); return; } echo "Bad password"; return; } if (trim(strtolower($username)) == trim(strtolower($_GLOBAL["ldap_admin"]))) { $passwordMD = md5(trim($_GLOBAL["ldap_password"])); if ($password == $passwordMD) { $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_GLOBAL["ldap_password"]; $_SESSION["CORP"] = $users->CORP_LICENSE; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes"'; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; $_SESSION["AsWebStatisticsAdministrator"] = true; if ($Aspost) { header("location:miniadm.index.php"); return; } return; } } if ($users->SQUID_INSTALLED) { $q = new mysql_squid_builder(); $passwordMD = md5($password); $sql = "SELECT webfilters_sqitems.gpid AS maingpid\n\t\t\tFROM webfilters_sqacllinks, webfilters_sqgroups, webfilters_sqitems, webfilters_sqacls\n\t\t\tWHERE webfilters_sqacllinks.gpid = webfilters_sqgroups.ID\n\t\t\tAND webfilters_sqacllinks.aclid = webfilters_sqacls.ID\n\t\t\tAND webfilters_sqgroups.ID = webfilters_sqitems.gpid\n\t\t\tAND webfilters_sqacls.enabled =1\n\t\t\tAND webfilters_sqgroups.enabled =1\n\t\t\tAND webfilters_sqitems.enabled =1\n\t\t\tAND webfilters_sqgroups.GroupType = 'dynamic_acls'\n\t\t\tAND webfilters_sqitems.pattern = '{$username}:{$passwordMD}'"; $results = $q->QUERY_SQL($sql); if (!$q->mysql_error) { echo $q->mysql_error; } $CountDerules = mysql_num_rows($results); writelogs("{$username}::webfilters_sqitems:: {$CountDerules} rules", __FUNCTION__, __FILE__, __LINE__); if ($CountDerules > 0) { writelogs("{$username}::webfilters_sqitems:: Building rules....", __FUNCTION__, __FILE__, __LINE__); while ($ligne = mysql_fetch_assoc($results)) { $_SESSION["SQUID_DYNAMIC_ACLS_VIRTUALS"][$ligne["maingpid"]] = true; } $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; $_SESSION["VirtAclUser"] = true; $_SESSION["ou"] = "Proxy Service"; $_SESSION["CORP"] = $users->CORP_LICENSE; setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $username; $_SESSION["privileges"]["ArticaGroupPrivileges"] = array(); BuildSession($username); if ($Aspost) { header("location:miniadm.index.php"); return; } return; } } writelogs("{$username}:: Continue, processing....", __FUNCTION__, __FILE__, __LINE__); $ldap = new clladp(); $IsKerbAuth = $ldap->IsKerbAuth(); writelogs("{$username}:: Is AD -> {$IsKerbAuth}", __FUNCTION__, __FILE__, __LINE__); if ($ldap->IsKerbAuth()) { $external_ad_search = new external_ad_search(); if ($external_ad_search->CheckUserAuth($username, $password)) { $users = new usersMenus(); $privs = new privileges($_POST["username-logon"]); $privileges_array = $privs->privs; $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; $_SESSION["VirtAclUser"] = false; setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $_POST["username-logon"]; $_SESSION["passwd"] = $_POST["username-logon"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; BuildSession($username); if ($Aspost) { header("location:miniadm.index.php"); return; } return; } writelogs("{$username}:: Checks Active Directory failed, continue processing...", __FUNCTION__, __FILE__, __LINE__); } writelogs("{$username}:: Continue, processing....", __FUNCTION__, __FILE__, __LINE__); $q = new mysql(); $sql = "SELECT `username`,`value`,id FROM radcheck WHERE `username`='{$username}' AND `attribute`='Cleartext-Password' LIMIT 0,1"; writelogs("{$username}:: Is a RADIUS users \"{$sql}\"", __FUNCTION__, __FILE__, __LINE__); $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); if (!is_numeric($ligne["id"])) { $ligne["id"] = 0; } if (!$q->ok) { writelogs("{$username}:: {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__); } writelogs("{$username}:: {$password} <> " . md5($ligne["value"]), __FUNCTION__, __FILE__, __LINE__); if ($ligne["id"] > 0) { $checkRadiusPass = false; if (md5($ligne["value"]) == $password) { writelogs("{$username}:: RADIUS Password true for no MD5", __FUNCTION__, __FILE__, __LINE__); $checkRadiusPass = true; } if (md5($ligne["value"]) == $passwordMD) { writelogs("{$username}:: RADIUS Password true for yes MD5", __FUNCTION__, __FILE__, __LINE__); $checkRadiusPass = true; } if ($checkRadiusPass) { writelogs("{$username}:: Authenticated as a RADIUS users id={$ligne["id"]}", __FUNCTION__, __FILE__, __LINE__); $privs = new privileges($_POST["username-logon"], null, $ligne["id"]); $privileges_array = $privs->privs; $_SESSION["CORP"] = $users->CORP_LICENSE; $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; setcookie("mem-logon-user", $username, time() + 172800); $_SESSION["privileges_array"] = $privs->privs; while (list($key, $val) = each($_SESSION["privileges_array"])) { if (!isset($_SESSION[$key])) { $_SESSION[$key] = $val; } } reset($_SESSION["privileges_array"]); $_SESSION["uid"] = $username; $_SESSION["RADIUS_ID"] = $ligne["id"]; BuildSession($username); if ($Aspost) { header("location:miniadm.index.php"); return; } return; } } writelogs("{$username}::Finally Is LOCAL LDAP ? -> {$IsKerbAuth}", __FUNCTION__, __FILE__, __LINE__); $u = new user($username); $tpl = new templates(); $userPassword = $u->password; if (trim($u->uidNumber) == null) { writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); if ($Aspost) { MainPage("Unknown user (" . __LINE__ . ")"); return; } echo "Unknown user (" . __LINE__ . ")"; die; } writelogs("{$username}:: Password match ? Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); if ($Aspost) { if (trim($password) != trim($userPassword)) { writelogs("{$username}:: Password match NO Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); MainPage("Bad password (" . __LINE__ . ")"); return; } } if (!$Aspost) { if (trim($password) != md5(trim($userPassword))) { writelogs("{$username}:: Password match NO Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); writelogs("[{$_POST["username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__); artica_mysql_events("Failed to logon on the management console as user `{$username}` from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security"); if ($Aspost) { MainPage("Bad password (" . __LINE__ . ")"); return; } echo "Error: (" . __LINE__ . ") bad password"; return null; } } writelogs("{$username}:: Password match YES Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); $ldap = new clladp(); $users = new usersMenus(); $_SESSION["CORP"] = $users->CORP_LICENSE; $privs = new privileges($u->uid); $privs->SearchPrivileges(); $privileges_array = $privs->privs; $_SESSION["VirtAclUser"] = false; $_SESSION["privileges_array"] = $privs->privs; $_SESSION["privs"] = $privileges_array; if (isset($privileges_array["ForceLanguageUsers"])) { $_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"]; } $_SESSION["uid"] = $username; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; $_SESSION["groupid"] = $ldap->UserGetGroups($_POST["username"], 1); $_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled; $_SESSION["MailboxActive"] = $u->MailboxActive; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; $_SESSION["ou"] = $u->ou; $_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas); include_once dirname(__FILE__) . "/ressources/class.translate.rights.inc"; $cr = new TranslateRights(null, null); $r = $cr->GetPrivsArray(); while (list($key, $val) = each($r)) { if ($users->{$key}) { $_SESSION[$key] = $users->{$key}; } } if (is_array($_SESSION["privs"])) { $r = $_SESSION["privs"]; while (list($key, $val) = each($r)) { $t[$key] = $val; $_SESSION[$key] = $val; } } if (!isset($_SESSION["OU_LANG"])) { $_SESSION["OU_LANG"] = null; } if (!isset($_SESSION["ASDCHPAdmin"])) { $_SESSION["ASDCHPAdmin"] = false; } if (trim($_SESSION["OU_LANG"]) != null) { $_SESSION["detected_lang"] = $_SESSION["OU_LANG"]; } else { include_once dirname(__FILE__) . "/ressources/class.langages.inc"; $lang = new articaLang(); $_SESSION["detected_lang"] = $lang->get_languages(); } if (isset($GLOBALS["FixedLanguage"])) { $sock = new sockets(); $GLOBALS["FixedLanguage"] = $sock->GET_INFO("FixedLanguage"); } if (trim($GLOBALS["FixedLanguage"]) != null) { $_SESSION["detected_lang"] = $GLOBALS["FixedLanguage"]; } if ($Aspost) { header("location:miniadm.index.php"); return; } }
function check_auth() { if (isset($_POST["USETERMS"])) { setcookie("USETERMS", 1, 3600); } $tpl = new templates(); if ($_POST["debugAuth"] == 1) { $GLOBALS["VERBOSE"] = true; ini_set('display_errors', 1); ini_set('error_reporting', E_ALL); ini_set('error_prepend_string', null); ini_set('error_append_string', null); } $username = $_POST["username"]; $time = time(); if ($username == null) { echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return; } include_once dirname(__FILE__) . '/ressources/class.user.inc'; $sock = new sockets(); $tpl = new templates(); $users = new usersMenus(); $EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth"); if (!is_numeric($EnableKerbAuth)) { $EnableKerbAuth = 0; } $HotSpotConfig = unserialize(base64_decode($sock->GET_INFO("HotSpotConfig"))); if (!isset($HotSpotConfig["FINAL_TIME"])) { $HotSpotConfig["FINAL_TIME"] = 0; } if (!isset($HotSpotConfig["USELDAP"])) { $HotSpotConfig["USELDAP"] = 1; } if (!isset($HotSpotConfig["CACHE_AUTH"])) { $HotSpotConfig["CACHE_AUTH"] = 60; } if (!isset($HotSpotConfig["CACHE_TIME"])) { $HotSpotConfig["CACHE_TIME"] = 120; } if (!isset($HotSpotConfig["USEMYSQL"])) { $HotSpotConfig["USEMYSQL"] = 1; } if (!isset($HotSpotConfig["USEAD"])) { $HotSpotConfig["USEAD"] = 0; } if (!isset($HotSpotConfig["USERAD"])) { $HotSpotConfig["USERAD"] = 0; } if (!is_numeric($HotSpotConfig["USELDAP"])) { $HotSpotConfig["USELDAP"] = 1; } if (!is_numeric($HotSpotConfig["USEMYSQL"])) { $HotSpotConfig["USEMYSQL"] = 1; } if (!is_numeric($HotSpotConfig["CACHE_AUTH"])) { $HotSpotConfig["CACHE_AUTH"] = 60; } if (!is_numeric($HotSpotConfig["CACHE_TIME"])) { $HotSpotConfig["CACHE_TIME"] = 120; } if (!is_numeric($HotSpotConfig["FINAL_TIME"])) { $HotSpotConfig["FINAL_TIME"] = 0; } if (!is_numeric($HotSpotConfig["USERAD"])) { $HotSpotConfig["USERAD"] = 0; } if ($EnableKerbAuth == 0) { $HotSpotConfig["USEAD"] = 0; } if (!$users->CORP_LICENSE) { $HotSpotConfig["USEAD"] = 0; } $CACHE_AUTH = $HotSpotConfig["CACHE_AUTH"]; $username = $_POST["username"]; $password = $_POST["password"]; $passEnc = url_decode_special_tool($_POST["passEnc"]); $md5key = trim($_POST["md5key"]); if ($password == null) { echo "Invalid Password\n"; die; } $array = unserialize(base64_decode($_POST["request"])); $LOGIN = $array["LOGIN"]; $IPADDR = $array["IPADDR"]; $MAC = $array["MAC"]; $HOST = $array["HOST"]; if ($MAC == null) { $MAC = "00:00:00:00:00:00"; } if ($IPADDR == null) { $IPADDR = $_SERVER["REMOTE_ADDR"]; } if ($LOGIN == null) { $LOGIN = $username; } if ($HOST == null) { $HOST = gethostbyaddr($IPADDR); } if ($md5key == null) { $md5key = md5("{$LOGIN}{$IPADDR}{$MAC}{$HOST}"); } $auth = false; if ($HotSpotConfig["USEAD"] == 1) { writelogs("{$username}:: Checks Active Directory..", __FUNCTION__, __FILE__, __LINE__); if ($GLOBALS["VERBOSE"]) { echo "{$username} AUTH = FALSE continue IF AD... (" . __LINE__ . ")\n"; } $external_ad_search = new external_ad_search(); if ($external_ad_search->CheckUserAuth($username, $passEnc)) { writelogs("{$username}:: Checks Active Directory success...", __FUNCTION__, __FILE__, __LINE__); $auth = true; } } if ($HotSpotConfig["USELDAP"] == 1) { if (!$auth) { writelogs("{$username}:: Checks LDAP connection..", __FUNCTION__, __FILE__, __LINE__); $ct = new user($username); if (md5($ct->password) == $password) { writelogs("{$username}:: Checks LDAP connection success...", __FUNCTION__, __FILE__, __LINE__); $auth = true; } } } if ($HotSpotConfig["USERAD"] == 1) { if (!$auth) { writelogs("{$username}:: Checks RADIUS connection..", __FUNCTION__, __FILE__, __LINE__); $RAD_SERVER = $HotSpotConfig["RAD_SERVER"]; $RAD_PORT = $HotSpotConfig["RAD_PORT"]; $RAD_PASSWORD = $HotSpotConfig["RAD_PASSWORD"]; if (!is_numeric($RAD_PORT)) { $RAD_PORT = 1812; } include_once "/usr/share/artica-postfix/ressources/class.radius.auth.inc"; if ($GLOBALS["VERBOSE"]) { echo "RADIUS_AUTHENTICATION -> With ({$username},{$password},{$RAD_SERVER},{$RAD_PORT}) (" . __LINE__ . ")\n"; } $retval = RADIUS_AUTHENTICATION($username, $passEnc, $RAD_SERVER, $RAD_PORT, $RAD_PASSWORD); if ($retval == 2) { writelogs("{$username}:: Checks RADIUS connection success...", __FUNCTION__, __FILE__, __LINE__); $auth = true; } } } $ASUID = false; if ($HotSpotConfig["USEMYSQL"] == 1) { $q = new mysql_squid_builder(); if (!$auth) { writelogs("{$username}:: Checks MySQL connection..", __FUNCTION__, __FILE__, __LINE__); if (!$q->TABLE_EXISTS("hotspot_members")) { $q->CheckTables(); } $sql = "SELECT uid,password,ttl,sessiontime,enabled FROM hotspot_members WHERE uid='{$username}'"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql)); if ($ligne["uid"] != null) { if ($ligne["password"] == $passEnc) { if ($ligne["sessiontime"] > 0) { $CACHE_AUTH = $ligne["sessiontime"]; } if ($ligne["enabled"] == 0) { echo $tpl->javascript_parse_text("{access_to_internet_disabled} ({disabled})"); die; } if (intval($ligne["ttl"]) > 0) { if ($time > $ligne["ttl"]) { echo $tpl->javascript_parse_text("{accesstime_to_internet_expired}"); die; } } writelogs("{$username}:: Checks MySQL connection success..", __FUNCTION__, __FILE__, __LINE__); $auth = true; } } } } writelogs("{$username}:: Result = {$auth}", __FUNCTION__, __FILE__, __LINE__); if (!$auth) { writelogs("{$username}:: Die() authentification failed", __FUNCTION__, __FILE__, __LINE__); echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return; } $q = new mysql_squid_builder(); if (!is_numeric($CACHE_AUTH)) { $CACHE_AUTH = 60; } $finaltime = strtotime("+{$CACHE_AUTH} minutes", $time); $datelogs = date("Y-m-d H:i:s", $finaltime); writelogs("{$username} -> {$HOST} +{$CACHE_AUTH}mn Next checkup time will be {$datelogs} ", __FUNCTION__, __FILE__, __LINE__); if ($LOGIN != null) { $uid = $LOGIN; } else { $uid = $username; } $q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE ipaddr='{$IPADDR}'"); $q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE MAC='{$MAC}'"); $q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE uid='{$uid}'"); $sql = "INSERT IGNORE INTO hotspot_sessions (md5,logintime, maxtime,finaltime,username,uid,MAC,hostname,ipaddr)\n\tVALUES('{$md5key}',{$time},{$finaltime},{$CACHE_AUTH},'{$username}','{$uid}','{$MAC}','{$HOST}','{$IPADDR}')"; writelogs($sql, __FUNCTION__, __FILE__, __LINE__); $q->QUERY_SQL($sql); if (!$q->ok) { writelogs("{$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__); echo $q->mysql_error . "\n{$sql}"; return; } if ($HotSpotConfig["USEMYSQL"] == 1) { if (!$ASUID) { $sql = "INSERT IGNORE INTO hotspot_members (uid,MAC,hostname,ipaddr,enabled) VALUES ('{$uid}','{$MAC}','{$HOST}','{$IPADDR}',1)"; } else { $sql = "UPDATE hotspot_members SET MAC='{$MAC}',hostname='{$HOST}',ipaddr='{$IPADDR}' WHERE uid='{$uid}'"; } $q->QUERY_SQL($sql); } }
function logon() { include "ressources/settings.inc"; include_once 'ressources/class.sockets.inc'; include_once 'ressources/class.ldap.inc'; include_once 'ressources/class.user.inc'; include_once 'ressources/class.langages.inc'; $sock = new sockets(); $tpl = new templates(); $_POST["artica_password"] = url_decode_special($_POST["artica_password"]); writelogs("Testing logon....{$_POST["artica_username"]}", __FUNCTION__, __FILE__, __LINE__); //writelogs("Testing logon.... password:{$_POST["artica_password"]}",__FUNCTION__,__FILE__,__LINE__); $_COOKIE["artica-language"] = $_POST["lang"]; $FileCookyKey = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"]); $sock->SET_INFO($FileCookyKey, $_POST["Changelang"]); if (!isset($GLOBALS["FixedLanguage"])) { $GLOBALS["FixedLanguage"] = $sock->GET_INFO("FixedLanguage"); } $VIA_API = false; if (isset($_POST["VIA_API"])) { $VIA_API = true; } if ($_SESSION["uid"] != null) { if (!$VIA_API) { echo "location:admin.index.php"; return; } } $socks = new sockets(); while (list($index, $value) = each($_SERVER)) { $notice[] = "{$index}:{$value}"; } if ($_GLOBAL["ldap_admin"] == null) { $sock->getFrameWork("services.php?process1-tenir=yes?MyCURLTIMEOUT=120"); include "ressources/settings.inc"; } if ($_GLOBAL["ldap_admin"] == null) { if ($VIA_API) { echo "FALSE"; return; } $tpl = new templates(); echo $tpl->javascript_parse_text("{ldap_username_corrupt_text}"); return null; } $md5submitted = $_POST["artica_password"]; if ($VIA_API) { $md5submitted = md5($_POST["artica_password"]); } $md5Manager = md5(trim($_GLOBAL["ldap_password"])); if (trim($GLOBALS["FixedLanguage"]) != null) { $_POST["lang"] = $GLOBALS["FixedLanguage"]; } $trimed_artica_username = trim(strtolower($_POST["artica_username"])); $trimed_ldap_admin = trim(strtolower($_GLOBAL["ldap_admin"])); writelogs("Manager -> {$trimed_artica_username} ?=== {$trimed_ldap_admin}", _FUNCTION__, __FILE__, __LINE__); if ($trimed_artica_username == $trimed_ldap_admin) { writelogs("Manager: `YES`", __FUNCTION__, __FILE__, __LINE__); if ($md5Manager != $md5submitted) { $tpl = new templates(); //writelogs("Testing logon.... password:{$_POST["artica_password"]}!==\"{$_GLOBAL["ldap_password"]}\"",__FUNCTION__,__FILE__,__LINE__); artica_mysql_events("Failed to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]}", @implode("\n", $notice), "security", "security"); if ($VIA_API) { echo "FALSE"; return; } echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return null; } else { $users = new usersMenus(); artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as SuperAdmin", @implode("\n", $notice), "security", "security"); //session_start(); $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_GLOBAL["ldap_password"]; $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["CORP"] = $users->CORP_LICENSE; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes" [AsArticaMetaAdmin]="yes" '; if ($VIA_API) { writelogs("VIA API = TRUE -> BUILD SESSION", _FUNCTION__, __FILE__, __LINE__); BuildSession($_SESSION["uid"]); echo "TRUE"; return; } $tpl = new templates(); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); writelogs("OK it is a global admin -> location:admin.index.php", _FUNCTION__, __FILE__, __LINE__); echo "location:admin.index.php"; exit; } } $ldap = new clladp(); if ($ldap->IsKerbAuth()) { $userPassword = $_POST["artica_password"]; if (isset($_POST["artica_password_crypted"])) { $userPassword = $_POST["artica_password_crypted"]; include_once dirname(__FILE__) . "/ressources/class.cryptform.inc"; $userPassword = logon_decrypt($userPassword); } writelogs("*** TEST Active Directory user {$_POST["artica_username"]} ****", __FUNCTION__, __FILE__, __LINE__); $external_ad_search = new external_ad_search(); if ($external_ad_search->CheckUserAuth($_POST["artica_username"], $userPassword)) { writelogs("*** TEST Active Directory user {$_POST["artica_username"]} success ****", __FUNCTION__, __FILE__, __LINE__); $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["CORP"] = $users->CORP_LICENSE; $users = new usersMenus(); $privs = new privileges($_POST["artica_username"]); $privileges_array = $privs->privs; DumpPrivileges($_POST["artica_username"], $privileges_array); $users->_TranslateRights($privileges_array, true); setcookie("mem-logon-user", $_POST["artica_username"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $_POST["artica_username"]; BuildSession($_POST["artica_username"]); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } echo "location:admin.index.php"; return; } else { if (is_array($GLOBALS["CLASS_ACTV"])) { while (list($key, $line) = each($GLOBALS["CLASS_ACTV"])) { writelogs("*** Active Directory {$line}", __FUNCTION__, __FILE__, __LINE__); } } } } if (Radius_admins($_POST["artica_username"], $md5submitted)) { writelogs('*** TEST RADIUS USER ****', __FUNCTION__, __FILE__, __LINE__); $tpl = new templates(); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); writelogs("OK it is a global admin -> location:admin.index.php", _FUNCTION__, __FILE__, __LINE__); if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } echo "location:admin.index.php"; exit; } writelogs('This is not Global admin, so test user...', __FUNCTION__, __FILE__, __LINE__); $u = new user($_POST["artica_username"]); $userPassword = $u->password; if (trim($u->uidNumber) == null) { if ($VIA_API) { echo "FALSE"; return; } writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return null; } $tpl = new templates(); if (trim($_POST["artica_password"]) == md5(trim($userPassword))) { BuildSession($u->uid); $ldap = new clladp(); $users = new usersMenus(); $privs = new privileges($u->uid); $privileges_array = $privs->privs; if (trim($FixedLanguage) != null) { $_SESSION["detected_lang"] = $FixedLanguage; } $users->_TranslateRights($privileges_array, true); if (!$users->IfIsAnuser(true)) { if ($VIA_API) { echo "TRUE"; return; } artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); writelogs("[{$_POST["artica_username"]}]: This is not an user =>admin.index.php", __FUNCTION__, __FILE__); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } echo "location:admin.index.php"; return null; } if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } writelogs("[{$_POST["artica_username"]}]: IS AN USER =>../user-backup/logon.php", __FUNCTION__, __FILE__); $array["USERNAME"] = $_POST["artica_username"]; $array["PASSWORD"] = md5($_POST["artica_username"]); $credentials = base64_encode(serialize($array)); artica_mysql_events("Success to redirect on the end-user management console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); echo "location:../miniadm.logon.php?credentials={$credentials}"; return null; exit; } else { if ($VIA_API) { echo "FALSE"; return; } writelogs("[{$_POST["artica_username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__); artica_mysql_events("Failed to logon on the management console as user from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security"); echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return null; } }
function local_ad($username, $password, $params) { include_once dirname(__FILE__) . "/ressources/class.external.ad.inc"; $array["LDAP_SERVER"] = $params["LDAP_SERVER"]; $array["LDAP_PORT"] = $params["LDAP_PORT"]; $array["WINDOWS_DNS_SUFFIX"] = $params["WINDOWS_DNS_SUFFIX"]; $array["DEBUG"] = $GLOBALS["DEBUG"]; Debuglogs("Active Directory : {$params["LDAP_SERVER"]}:{$params["LDAP_PORT"]} Check", __FUNCTION__, __LINE__); $external_ad_search = new external_ad_search(base64_encode(serialize($array))); if ($external_ad_search->CheckUserAuth($username, $password)) { Debuglogs("{$username} : Authenticated...", __FUNCTION__, __LINE__); return true; } Debuglogs("{$username} : FAILED...", __FUNCTION__, __LINE__); }