// We create the batch first, then add users to it (prevents us having unattached users if the batch dies for some reason)
$batchID = $Settings->nextBatchID();
$Settings->saveBatch($batchID, array(), $Auth->getUsername(), \Grase\Clean::text($_POST['Comment']));
$Settings->setSetting('lastbatch', $batchID);
$failedUsers = 0;
for ($i = 0; $i < $user['numberoftickets']; $i++) {
// Creating lots of users at once could timeout a script. Maybe add a set_time_limit(1) on each loop?
if ($Settings->getSetting('simpleUsername')) {
$username = \Grase\Util::randomLowercase($Settings->getSetting('usernameLength'));
} else {
$username = \Grase\Util::randomUsername($Settings->getSetting('usernameLength'));
}
if ($Settings->getSetting('numericPassword')) {
$password = \Grase\Util::randomNumericPassword($Settings->getSetting('passwordLength'));
} else {
$password = \Grase\Util::randomPassword($Settings->getSetting('passwordLength'));
}
// Attempt to create user. Will error if it's not a unique username
if (DatabaseFunctions::getInstance()->createUser($username, $password, $MaxMb, $MaxTime, expiry_for_group($group, $groupSettings), $groupSettings[$group]['ExpireAfter'], \Grase\Clean::text($_POST['Group']), \Grase\Clean::text($_POST['Comment']))) {
AdminLog::getInstance()->log("Created new user {$username}");
$Settings->addUserToBatch($batchID, $username);
$createdUsernames[] = $username;
} else {
// Failed to create. Most likely not a unique username.
// Try again but only for so long (i.e. all usernames are in use)
$i--;
// This really chokes up the logs, maybe don't log this? TODO
AdminLog::getInstance()->log("Failed to created new user {$username}. Probably duplicate username");
$failedUsers++;
if ($failedUsers > 20) {
AdminLog::getInstance()->log("Too many failed usernames, stopping batch creation");
} elseif ($_FILES['newlogo']['size'] > 50960) {
$error = "Logo too big";
} else {
// TODO: test if jpg or png
// TODO: test if jpeg/jpg/png extension otherwise browser doesn't know type
//print "Attempting to test if png";
if (exif_imagetype($_FILES['newlogo']['tmp_name']) != IMAGETYPE_PNG) {
$error = "Logo is not a png";
} else {
// TODO: don't overwrite logo.X, upload to logo dir and remember name to add to css/html
//print "Attempting to move file";
if (move_uploaded_file($_FILES['newlogo']['tmp_name'], '/usr/share/grase/www/images/logo.png')) {
$error = false;
$success = "Logo Updated (you may need to refresh your browser to see the change)";
AdminLog::getInstance()->log("New Logo Uploaded");
} else {
$error = "Unable to save new logo to server";
}
}
}
} else {
$error = \Grase\Util::fileUploadErrorCodeToMessage($_FILES['newlogo']['error']);
}
}
if ($error) {
$templateEngine->assign("error", array($error));
}
if ($success) {
$templateEngine->assign("success", array($success));
}
$templateEngine->displayPage('uploadlogo.tpl');
public function setUserDatalimit($username, $limitmb)
{
$datalimitoctets = $limitmb * 1024 * 1024;
$fields = array('Username' => array('value' => $username, 'key' => true), 'Attribute' => array('value' => 'Max-Octets', 'key' => true), 'op' => array('value' => ':='), 'Value' => array('value' => \Grase\Util::bigIntVal($datalimitoctets)));
$result = $this->db->replace('radcheck', $fields);
if (PEAR::isError($result)) {
\Grase\ErrorHandling::fatalDatabaseError(T_('Setting User Datalimit Query Failed: '), $result);
}
return $result;
}
$templateEngine->assign('selectedvoucher', $_SESSION['selectedvoucher']);
$templateEngine->display('wizard_confirmselection.tpl');
break;
case 'paymentpage':
//TODO Create user account and lock it here, so it's ready for the plugin to do with as needed (i.e. send details)
//var_dump($_SESSION);
//var_dump($_POST);
//var_dump($vouchers);
if (!isset($_SESSION['PendingAccount'])) {
/* Create our locked random user */
$MaxMb = $vouchers[$_SESSION['selectedvoucher']]['MaxMb'];
$MaxTime = $vouchers[$_SESSION['selectedvoucher']]['MaxTime'];
$Expiry = expiry_for_group($vouchers[$_SESSION['selectedvoucher']]['VoucherGroup']);
$Comment = $_SESSION['selectedvoucher'] . " Voucher purchased " . date();
$Username = \Grase\Util::randomUsername(5);
$Password = \Grase\Util::randomPassword(6);
// TODO Maybe set expiry to a few days so if payment isn't valid then we expire soon, and after sucessful payment we update expiry?
DatabaseFunctions::getInstance()->createUser($Username, $Password, $MaxMb, $MaxTime, $Expiry, false, $vouchers[$_SESSION['selectedvoucher']]['VoucherGroup'], $Comment);
// Lock user account
DatabaseFunctions::getInstance()->lockUser($Username, T_('Account Pending Payment and Activation'));
// Store user account in session
$_SESSION['PendingAccount'] = array('Username' => $Username, 'Password' => $Password);
}
/* */
require_once 'paymentgateways/PaymentGatewayPlugin.class.php';
if (!is_file('paymentgateways/' . $paymentgateways[$_SESSION['selectedpaymentgateway']]['pluginfile'])) {
die('Invalid payment plugin<br/><form action="" method="POST"><input type="hidden" name="pgformsubmission" value="1"/><input name="restartwizard" type="submit" value="Restart Wizard"/>');
}
// TODO Clean up and make error detection lots lots better
require_once 'paymentgateways/' . $paymentgateways[$_SESSION['selectedpaymentgateway']]['pluginfile'];
// Recreate object each time
public function setVoucher($attributes)
{
if (isset($attributes['MaxMb'])) {
$attributes['MaxOctets'] = Util::bigIntVal($attributes['MaxMb'] * 1024 * 1024);
unset($attributes['MaxMb']);
}
if (isset($attributes['MaxTime'])) {
$attributes['MaxSeconds'] = $attributes['MaxTime'] * 60;
unset($attributes['MaxTime']);
}
$attributes['VoucherType'] = 0;
if ($attributes['InitVoucher']) {
$attributes['VoucherType'] = 1 | $attributes['VoucherType'];
}
if ($attributes['TopupVoucher']) {
$attributes['VoucherType'] = 2 | $attributes['VoucherType'];
}
$fields = array('VoucherName' => $attributes['VoucherName'], 'VoucherLabel' => $attributes['VoucherLabel'], 'VoucherPrice' => $attributes['VoucherPrice'] + 0, 'VoucherGroup' => $attributes['VoucherGroup'], 'MaxOctets' => @$attributes['MaxOctets'], 'MaxSeconds' => @$attributes['MaxSeconds'], 'Description' => @$attributes['Description'], 'VoucherType' => $attributes['VoucherType']);
$query = $this->radmin->prepare("INSERT INTO vouchers\n (VoucherName, VoucherLabel, VoucherPrice, VoucherGroup,\n MaxOctets, MaxSeconds, Description, VoucherType)\n VALUES\n (:VoucherName, :VoucherLabel, :VoucherPrice, :VoucherGroup,\n :MaxOctets, :MaxSeconds, :Description, :VoucherType)\n ON DUPLICATE KEY UPDATE\n VoucherLabel = :VoucherLabel,\n VoucherPrice = :VoucherPrice,\n VoucherGroup = :VoucherGroup,\n MaxOctets = :MaxOctets,\n MaxSeconds = :MaxSeconds,\n Description = :Description,\n VoucherType =:VoucherType");
$result = $query->execute($fields);
if ($result === false) {
ErrorHandling::fatalDatabaseError(T_('Adding Voucher query failed: '), $result);
}
\AdminLog::getInstance()->log("Voucher " . $attributes['VoucherName'] . "\n updated settings");
return $result;
}
private function createAutocreatePassword()
{
// Create the autocreatepassword setting, with a random string if it
// doesn't already exist
// Check that setting doesn't already exist as changing an existing
// password will lock users out
if (!$this->Settings->getSetting("autocreatepassword")) {
$this->Settings->setSetting("autocreatepassword", Util::randomPassword(20));
$this->rowsUpdated++;
}
}
function bandwidth_options()
{
global $Settings;
// kbits/second
$kbits_options = explode(" ", $Settings->getSetting('kBitOptions'));
$options[''] = '';
foreach ($kbits_options as $kbits) {
$bits = $kbits * 1024;
$kbytes = $kbits / 8;
$mbmin = round($kbytes * 60 / 1024, 2);
$label = \Grase\Util::formatBits($bits) . " ({$kbytes} kbytes/sec, {$mbmin} MiB/min)";
$options["{$kbits}"] = $label;
}
return $options;
}
You should have received a copy of the GNU General Public License
along with GRASE Hotspot. If not, see <http://www.gnu.org/licenses/>.
*/
$PAGE = 'netconfig';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
$error = array();
$success = array();
// Options for Chilli Config that can be more than 1
$multiNetworkOptions = array('dnsservers' => array("label" => T_("DNS Servers"), "description" => T_("IP Addresses of DNS Servers. All clients will use the gateway as the DNS server which will use the\n addresses listed here to do DNS lookups. Dnsmasq WILL NOT get default servers from DHCP or /etc/resolv.conf\n and will default to OpenDNS Family Shield"), "type" => "ip"), 'bogusnx' => array("label" => T_("Bogus NXDOMAIN"), "description" => T_("IP Addresses of Bogus NXDOMAIN returns. All DNS replies that contain these ip address will be transformed\n into a NXDOMAIN result"), "type" => "ip"));
// Options for Chilli Config that can only be one
$singleNetworkOptions = array('lanipaddress' => array("label" => T_("LAN IP Address"), "description" => T_("The server IP address that is used on the LAN side (Coova-Chilli) of the network. This will be the gateway\n address for all clients, as well as the DNS server the clients access. For default Squid config this should\n be a private ip address."), "type" => "ip", "required" => "true"), 'networkmask' => array("label" => T_("LAN Network Mask"), "description" => T_("Network mask to use for clients network. (i.e. 255.255.255.0). DHCP range and network address will be\n calculated from this and the LAN IP Address."), "type" => "ip", "required" => "true"), 'opendnsbogusnxdomain' => array("label" => T_("Bogus NXDOMAIN (OpenDNS)"), "description" => T_("Some DNS Providers return bogus NXDOMAIN to redirect you to their search engine. Block the bogus ip's and\n return a real NXDOMAIN for OpenDNS."), "type" => "bool"));
$wanif = array(\Grase\Util::getNetworkWANIF());
$lanifs = \Grase\Util::getAvailableLANIFS($wanif[0]);
// Options for Chilli Config that can only be one but selected from a list
$selectNetworkOptions = array('lanif' => array("label" => T_("LAN Network Interface"), "description" => T_("The Network Interface that is connected to the LAN of the Hotspot (the side the clients connect to)"), "type" => "string", "required" => "true", "options" => $lanifs), 'wanif' => array("label" => T_("WAN Network Interface"), "description" => T_("The Network Interface that is connected to the WAN of the Hotspot (the side the internet is connected to)"), "type" => "string", "required" => "true", "options" => $wanif));
loadNetworkOptions();
if (isset($_POST['submit'])) {
$networkOptions = array();
foreach ($singleNetworkOptions as $singleOption => $attributes) {
switch ($attributes['type']) {
case "string":
$postValue = trim(\Grase\Clean::text($_POST[$singleOption]));
break;
case "int":
$postValue = trim(clean_int($_POST[$singleOption]));
break;
case "number":
$postValue = trim(clean_number($_POST[$singleOption]));
GRASE Hotspot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GRASE Hotspot. If not, see <http://www.gnu.org/licenses/>.
*/
$PAGE = 'sessions';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
if (isset($_POST['logout_mac'])) {
// Logout a specific MAC address
if (\Grase\Util::logoutChilliSession($_POST['logout_mac'])) {
$templateEngine->successMessage(T_("Logged out: ") . Grase\Clean::text($_POST['logout_mac']));
} else {
$templateEngine->errorMessage(T_("Unable to find active session for: ") . Grase\Clean::text($_POST['logout_mac']));
}
}
if (isset($_GET['username'])) {
$templateEngine->assign("sessions", DatabaseFunctions::getInstance()->getRadiusUserSessionsDetails($_GET['username']));
$templateEngine->assign("username", $_GET['username']);
} elseif (isset($_GET['allsessions'])) {
$sessions = DatabaseFunctions::getInstance()->getRadiusUserSessionsDetails();
$totalRows = sizeof($sessions);
$numPerPage = $_GET['items'] ? abs($_GET['items']) : 25;
// TODO check this is safe
$page = $_GET['page'] ? abs($_GET['page']) : 0;
//TODO check this is safe
function clean_int($number)
{
if (!is_numeric(clean_number($number))) {
return clean_number($number);
}
return \Grase\Util::bigIntVal(clean_number($number));
//ereg_replace("[^0-9]", "", \Grase\Clean::text($number));
}
function tallyHTTPTraffic($size)
{
global $HTTPTrafficSize, $formatHTTPTrafficSize;
$HTTPTrafficSize = $HTTPTrafficSize + $size;
$formatHTTPTrafficSize = \Grase\Util::formatBytes($HTTPTrafficSize);
}
<?php
/* Copyright 2014 Timothy White */
/* This file is part of GRASE Hotspot.
http://grasehotspot.org/
GRASE Hotspot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GRASE Hotspot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GRASE Hotspot. If not, see <http://www.gnu.org/licenses/>.
*/
$PAGE = 'dhcpleases';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
$leases = \Grase\Util::getChilliLeases();
$templateEngine->assign("chilliSessions", $leases['sessions']);
$templateEngine->assign('usercomments', DatabaseFunctions::getInstance()->getAllUsersComments());
$templateEngine->displayPage('dhcpleases.tpl');
