예제 #1
0
function check_login_pass($username, $password)
{
    require "/usr/share/php-radius/radius_authentication.inc.php";
    $retval = RADIUS_AUTHENTICATION($username, $password);
    switch ($retval) {
        case 2:
            /* 2 -> Access-Accept */
            return TRUE;
            break;
        case 3:
            /* 3 -> Access-Reject */
            echo "login incorrect";
            break;
        default:
            echo "temporally failure or other error";
            break;
    }
    return FALSE;
}
예제 #2
0
파일: radius.php 프로젝트: nicolnx/norad
function radius_authenticate($user, $password)
{
    global $HTTP_COOKIE_VARS;
    global $REMOTE_ADDR;
    if (($db = dba_open("/tmp/radiuscache", "c", "ndbm")) == FALSE) {
        echo "Couldn't open /tmp/radiuscache<br>\n";
    }
    $cookie = $HTTP_COOKIE_VARS["radius_test"];
    if ($cookie != "") {
        $lastid = dba_fetch($cookie . "_id", $db);
        $laston = dba_fetch($cookie . "_laston", $db);
        $lasthost = dba_fetch($cookie . "_fromip", $db);
        $lastuserid = dba_fetch($cookie . "_userid", $db);
    }
    //
    // Sanity checking
    //
    if ($cookie == "" || $lastid == "" || $laston == 0 || $laston < time() - 15 * 60 || $lasthost != $REMOTE_ADDR || $lastuserid != $user) {
        // 2 -> Access-Accept
        // 3 -> Access-Reject
        if (($retval = RADIUS_AUTHENTICATION($user, $password)) == 2) {
            if ($cookie == "") {
                $cookie = md5(uniqid(rand()));
            }
            setcookie("radius_test", $cookie);
            dba_replace($cookie . "_id", $cookie, $db);
            dba_replace($cookie . "_userid", $user, $db);
            dba_replace($cookie . "_fromip", $REMOTE_ADDR, $db);
            dba_replace($cookie . "_laston", time(), $db);
        }
    } else {
        setcookie("radius_test", $cookie);
        dba_replace($cookie . "_laston", time(), $db);
        $retval = 2;
    }
    dba_close($db);
    return $retval == 2;
}
예제 #3
0
function check_radius($params, $username, $password)
{
    $RAD_SERVER = $params["RAD_SERVER"];
    $RAD_PORT = $params["RAD_PORT"];
    $RAD_PASSWORD = $params["RAD_PASSWORD"];
    $retval = RADIUS_AUTHENTICATION($username, $password, $RAD_SERVER, $RAD_PORT, $RAD_PASSWORD);
    WLOG("[AUTH]: {$RAD_SERVER}:{$RAD_PORT} return {$retval}\n");
    if ($retval == 2) {
        return true;
    }
    return false;
}
예제 #4
0
function check_auth()
{
    if (isset($_POST["USETERMS"])) {
        setcookie("USETERMS", 1, 3600);
    }
    $tpl = new templates();
    if ($_POST["debugAuth"] == 1) {
        $GLOBALS["VERBOSE"] = true;
        ini_set('display_errors', 1);
        ini_set('error_reporting', E_ALL);
        ini_set('error_prepend_string', null);
        ini_set('error_append_string', null);
    }
    $username = $_POST["username"];
    $time = time();
    if ($username == null) {
        echo $tpl->javascript_parse_text("{wrong_password_or_username}");
        return;
    }
    include_once dirname(__FILE__) . '/ressources/class.user.inc';
    $sock = new sockets();
    $tpl = new templates();
    $users = new usersMenus();
    $EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
    if (!is_numeric($EnableKerbAuth)) {
        $EnableKerbAuth = 0;
    }
    $HotSpotConfig = unserialize(base64_decode($sock->GET_INFO("HotSpotConfig")));
    if (!isset($HotSpotConfig["FINAL_TIME"])) {
        $HotSpotConfig["FINAL_TIME"] = 0;
    }
    if (!isset($HotSpotConfig["USELDAP"])) {
        $HotSpotConfig["USELDAP"] = 1;
    }
    if (!isset($HotSpotConfig["CACHE_AUTH"])) {
        $HotSpotConfig["CACHE_AUTH"] = 60;
    }
    if (!isset($HotSpotConfig["CACHE_TIME"])) {
        $HotSpotConfig["CACHE_TIME"] = 120;
    }
    if (!isset($HotSpotConfig["USEMYSQL"])) {
        $HotSpotConfig["USEMYSQL"] = 1;
    }
    if (!isset($HotSpotConfig["USEAD"])) {
        $HotSpotConfig["USEAD"] = 0;
    }
    if (!isset($HotSpotConfig["USERAD"])) {
        $HotSpotConfig["USERAD"] = 0;
    }
    if (!is_numeric($HotSpotConfig["USELDAP"])) {
        $HotSpotConfig["USELDAP"] = 1;
    }
    if (!is_numeric($HotSpotConfig["USEMYSQL"])) {
        $HotSpotConfig["USEMYSQL"] = 1;
    }
    if (!is_numeric($HotSpotConfig["CACHE_AUTH"])) {
        $HotSpotConfig["CACHE_AUTH"] = 60;
    }
    if (!is_numeric($HotSpotConfig["CACHE_TIME"])) {
        $HotSpotConfig["CACHE_TIME"] = 120;
    }
    if (!is_numeric($HotSpotConfig["FINAL_TIME"])) {
        $HotSpotConfig["FINAL_TIME"] = 0;
    }
    if (!is_numeric($HotSpotConfig["USERAD"])) {
        $HotSpotConfig["USERAD"] = 0;
    }
    if ($EnableKerbAuth == 0) {
        $HotSpotConfig["USEAD"] = 0;
    }
    if (!$users->CORP_LICENSE) {
        $HotSpotConfig["USEAD"] = 0;
    }
    $CACHE_AUTH = $HotSpotConfig["CACHE_AUTH"];
    $username = $_POST["username"];
    $password = $_POST["password"];
    $passEnc = url_decode_special_tool($_POST["passEnc"]);
    $md5key = trim($_POST["md5key"]);
    if ($password == null) {
        echo "Invalid Password\n";
        die;
    }
    $array = unserialize(base64_decode($_POST["request"]));
    $LOGIN = $array["LOGIN"];
    $IPADDR = $array["IPADDR"];
    $MAC = $array["MAC"];
    $HOST = $array["HOST"];
    if ($MAC == null) {
        $MAC = "00:00:00:00:00:00";
    }
    if ($IPADDR == null) {
        $IPADDR = $_SERVER["REMOTE_ADDR"];
    }
    if ($LOGIN == null) {
        $LOGIN = $username;
    }
    if ($HOST == null) {
        $HOST = gethostbyaddr($IPADDR);
    }
    if ($md5key == null) {
        $md5key = md5("{$LOGIN}{$IPADDR}{$MAC}{$HOST}");
    }
    $auth = false;
    if ($HotSpotConfig["USEAD"] == 1) {
        writelogs("{$username}:: Checks Active Directory..", __FUNCTION__, __FILE__, __LINE__);
        if ($GLOBALS["VERBOSE"]) {
            echo "{$username} AUTH = FALSE continue IF AD... (" . __LINE__ . ")\n";
        }
        $external_ad_search = new external_ad_search();
        if ($external_ad_search->CheckUserAuth($username, $passEnc)) {
            writelogs("{$username}:: Checks Active Directory success...", __FUNCTION__, __FILE__, __LINE__);
            $auth = true;
        }
    }
    if ($HotSpotConfig["USELDAP"] == 1) {
        if (!$auth) {
            writelogs("{$username}:: Checks LDAP connection..", __FUNCTION__, __FILE__, __LINE__);
            $ct = new user($username);
            if (md5($ct->password) == $password) {
                writelogs("{$username}:: Checks LDAP connection success...", __FUNCTION__, __FILE__, __LINE__);
                $auth = true;
            }
        }
    }
    if ($HotSpotConfig["USERAD"] == 1) {
        if (!$auth) {
            writelogs("{$username}:: Checks RADIUS connection..", __FUNCTION__, __FILE__, __LINE__);
            $RAD_SERVER = $HotSpotConfig["RAD_SERVER"];
            $RAD_PORT = $HotSpotConfig["RAD_PORT"];
            $RAD_PASSWORD = $HotSpotConfig["RAD_PASSWORD"];
            if (!is_numeric($RAD_PORT)) {
                $RAD_PORT = 1812;
            }
            include_once "/usr/share/artica-postfix/ressources/class.radius.auth.inc";
            if ($GLOBALS["VERBOSE"]) {
                echo "RADIUS_AUTHENTICATION -> With ({$username},{$password},{$RAD_SERVER},{$RAD_PORT}) (" . __LINE__ . ")\n";
            }
            $retval = RADIUS_AUTHENTICATION($username, $passEnc, $RAD_SERVER, $RAD_PORT, $RAD_PASSWORD);
            if ($retval == 2) {
                writelogs("{$username}:: Checks RADIUS connection success...", __FUNCTION__, __FILE__, __LINE__);
                $auth = true;
            }
        }
    }
    $ASUID = false;
    if ($HotSpotConfig["USEMYSQL"] == 1) {
        $q = new mysql_squid_builder();
        if (!$auth) {
            writelogs("{$username}:: Checks MySQL connection..", __FUNCTION__, __FILE__, __LINE__);
            if (!$q->TABLE_EXISTS("hotspot_members")) {
                $q->CheckTables();
            }
            $sql = "SELECT uid,password,ttl,sessiontime,enabled FROM hotspot_members WHERE uid='{$username}'";
            $ligne = mysql_fetch_array($q->QUERY_SQL($sql));
            if ($ligne["uid"] != null) {
                if ($ligne["password"] == $passEnc) {
                    if ($ligne["sessiontime"] > 0) {
                        $CACHE_AUTH = $ligne["sessiontime"];
                    }
                    if ($ligne["enabled"] == 0) {
                        echo $tpl->javascript_parse_text("{access_to_internet_disabled} ({disabled})");
                        die;
                    }
                    if (intval($ligne["ttl"]) > 0) {
                        if ($time > $ligne["ttl"]) {
                            echo $tpl->javascript_parse_text("{accesstime_to_internet_expired}");
                            die;
                        }
                    }
                    writelogs("{$username}:: Checks MySQL connection success..", __FUNCTION__, __FILE__, __LINE__);
                    $auth = true;
                }
            }
        }
    }
    writelogs("{$username}:: Result = {$auth}", __FUNCTION__, __FILE__, __LINE__);
    if (!$auth) {
        writelogs("{$username}:: Die() authentification failed", __FUNCTION__, __FILE__, __LINE__);
        echo $tpl->javascript_parse_text("{wrong_password_or_username}");
        return;
    }
    $q = new mysql_squid_builder();
    if (!is_numeric($CACHE_AUTH)) {
        $CACHE_AUTH = 60;
    }
    $finaltime = strtotime("+{$CACHE_AUTH} minutes", $time);
    $datelogs = date("Y-m-d H:i:s", $finaltime);
    writelogs("{$username} -> {$HOST} +{$CACHE_AUTH}mn Next checkup time will be {$datelogs} ", __FUNCTION__, __FILE__, __LINE__);
    if ($LOGIN != null) {
        $uid = $LOGIN;
    } else {
        $uid = $username;
    }
    $q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE ipaddr='{$IPADDR}'");
    $q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE MAC='{$MAC}'");
    $q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE uid='{$uid}'");
    $sql = "INSERT IGNORE INTO hotspot_sessions (md5,logintime, maxtime,finaltime,username,uid,MAC,hostname,ipaddr)\n\tVALUES('{$md5key}',{$time},{$finaltime},{$CACHE_AUTH},'{$username}','{$uid}','{$MAC}','{$HOST}','{$IPADDR}')";
    writelogs($sql, __FUNCTION__, __FILE__, __LINE__);
    $q->QUERY_SQL($sql);
    if (!$q->ok) {
        writelogs("{$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__);
        echo $q->mysql_error . "\n{$sql}";
        return;
    }
    if ($HotSpotConfig["USEMYSQL"] == 1) {
        if (!$ASUID) {
            $sql = "INSERT IGNORE INTO hotspot_members (uid,MAC,hostname,ipaddr,enabled) VALUES ('{$uid}','{$MAC}','{$HOST}','{$IPADDR}',1)";
        } else {
            $sql = "UPDATE hotspot_members SET MAC='{$MAC}',hostname='{$HOST}',ipaddr='{$IPADDR}' WHERE uid='{$uid}'";
        }
        $q->QUERY_SQL($sql);
    }
}