function check_login_pass($username, $password)
{
require "/usr/share/php-radius/radius_authentication.inc.php";
$retval = RADIUS_AUTHENTICATION($username, $password);
switch ($retval) {
case 2:
/* 2 -> Access-Accept */
return TRUE;
break;
case 3:
/* 3 -> Access-Reject */
echo "login incorrect";
break;
default:
echo "temporally failure or other error";
break;
}
return FALSE;
}
function radius_authenticate($user, $password)
{
global $HTTP_COOKIE_VARS;
global $REMOTE_ADDR;
if (($db = dba_open("/tmp/radiuscache", "c", "ndbm")) == FALSE) {
echo "Couldn't open /tmp/radiuscache<br>\n";
}
$cookie = $HTTP_COOKIE_VARS["radius_test"];
if ($cookie != "") {
$lastid = dba_fetch($cookie . "_id", $db);
$laston = dba_fetch($cookie . "_laston", $db);
$lasthost = dba_fetch($cookie . "_fromip", $db);
$lastuserid = dba_fetch($cookie . "_userid", $db);
}
//
// Sanity checking
//
if ($cookie == "" || $lastid == "" || $laston == 0 || $laston < time() - 15 * 60 || $lasthost != $REMOTE_ADDR || $lastuserid != $user) {
// 2 -> Access-Accept
// 3 -> Access-Reject
if (($retval = RADIUS_AUTHENTICATION($user, $password)) == 2) {
if ($cookie == "") {
$cookie = md5(uniqid(rand()));
}
setcookie("radius_test", $cookie);
dba_replace($cookie . "_id", $cookie, $db);
dba_replace($cookie . "_userid", $user, $db);
dba_replace($cookie . "_fromip", $REMOTE_ADDR, $db);
dba_replace($cookie . "_laston", time(), $db);
}
} else {
setcookie("radius_test", $cookie);
dba_replace($cookie . "_laston", time(), $db);
$retval = 2;
}
dba_close($db);
return $retval == 2;
}
function check_radius($params, $username, $password)
{
$RAD_SERVER = $params["RAD_SERVER"];
$RAD_PORT = $params["RAD_PORT"];
$RAD_PASSWORD = $params["RAD_PASSWORD"];
$retval = RADIUS_AUTHENTICATION($username, $password, $RAD_SERVER, $RAD_PORT, $RAD_PASSWORD);
WLOG("[AUTH]: {$RAD_SERVER}:{$RAD_PORT} return {$retval}\n");
if ($retval == 2) {
return true;
}
return false;
}
function check_auth()
{
if (isset($_POST["USETERMS"])) {
setcookie("USETERMS", 1, 3600);
}
$tpl = new templates();
if ($_POST["debugAuth"] == 1) {
$GLOBALS["VERBOSE"] = true;
ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);
ini_set('error_prepend_string', null);
ini_set('error_append_string', null);
}
$username = $_POST["username"];
$time = time();
if ($username == null) {
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return;
}
include_once dirname(__FILE__) . '/ressources/class.user.inc';
$sock = new sockets();
$tpl = new templates();
$users = new usersMenus();
$EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
if (!is_numeric($EnableKerbAuth)) {
$EnableKerbAuth = 0;
}
$HotSpotConfig = unserialize(base64_decode($sock->GET_INFO("HotSpotConfig")));
if (!isset($HotSpotConfig["FINAL_TIME"])) {
$HotSpotConfig["FINAL_TIME"] = 0;
}
if (!isset($HotSpotConfig["USELDAP"])) {
$HotSpotConfig["USELDAP"] = 1;
}
if (!isset($HotSpotConfig["CACHE_AUTH"])) {
$HotSpotConfig["CACHE_AUTH"] = 60;
}
if (!isset($HotSpotConfig["CACHE_TIME"])) {
$HotSpotConfig["CACHE_TIME"] = 120;
}
if (!isset($HotSpotConfig["USEMYSQL"])) {
$HotSpotConfig["USEMYSQL"] = 1;
}
if (!isset($HotSpotConfig["USEAD"])) {
$HotSpotConfig["USEAD"] = 0;
}
if (!isset($HotSpotConfig["USERAD"])) {
$HotSpotConfig["USERAD"] = 0;
}
if (!is_numeric($HotSpotConfig["USELDAP"])) {
$HotSpotConfig["USELDAP"] = 1;
}
if (!is_numeric($HotSpotConfig["USEMYSQL"])) {
$HotSpotConfig["USEMYSQL"] = 1;
}
if (!is_numeric($HotSpotConfig["CACHE_AUTH"])) {
$HotSpotConfig["CACHE_AUTH"] = 60;
}
if (!is_numeric($HotSpotConfig["CACHE_TIME"])) {
$HotSpotConfig["CACHE_TIME"] = 120;
}
if (!is_numeric($HotSpotConfig["FINAL_TIME"])) {
$HotSpotConfig["FINAL_TIME"] = 0;
}
if (!is_numeric($HotSpotConfig["USERAD"])) {
$HotSpotConfig["USERAD"] = 0;
}
if ($EnableKerbAuth == 0) {
$HotSpotConfig["USEAD"] = 0;
}
if (!$users->CORP_LICENSE) {
$HotSpotConfig["USEAD"] = 0;
}
$CACHE_AUTH = $HotSpotConfig["CACHE_AUTH"];
$username = $_POST["username"];
$password = $_POST["password"];
$passEnc = url_decode_special_tool($_POST["passEnc"]);
$md5key = trim($_POST["md5key"]);
if ($password == null) {
echo "Invalid Password\n";
die;
}
$array = unserialize(base64_decode($_POST["request"]));
$LOGIN = $array["LOGIN"];
$IPADDR = $array["IPADDR"];
$MAC = $array["MAC"];
$HOST = $array["HOST"];
if ($MAC == null) {
$MAC = "00:00:00:00:00:00";
}
if ($IPADDR == null) {
$IPADDR = $_SERVER["REMOTE_ADDR"];
}
if ($LOGIN == null) {
$LOGIN = $username;
}
if ($HOST == null) {
$HOST = gethostbyaddr($IPADDR);
}
if ($md5key == null) {
$md5key = md5("{$LOGIN}{$IPADDR}{$MAC}{$HOST}");
}
$auth = false;
if ($HotSpotConfig["USEAD"] == 1) {
writelogs("{$username}:: Checks Active Directory..", __FUNCTION__, __FILE__, __LINE__);
if ($GLOBALS["VERBOSE"]) {
echo "{$username} AUTH = FALSE continue IF AD... (" . __LINE__ . ")\n";
}
$external_ad_search = new external_ad_search();
if ($external_ad_search->CheckUserAuth($username, $passEnc)) {
writelogs("{$username}:: Checks Active Directory success...", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
if ($HotSpotConfig["USELDAP"] == 1) {
if (!$auth) {
writelogs("{$username}:: Checks LDAP connection..", __FUNCTION__, __FILE__, __LINE__);
$ct = new user($username);
if (md5($ct->password) == $password) {
writelogs("{$username}:: Checks LDAP connection success...", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
}
if ($HotSpotConfig["USERAD"] == 1) {
if (!$auth) {
writelogs("{$username}:: Checks RADIUS connection..", __FUNCTION__, __FILE__, __LINE__);
$RAD_SERVER = $HotSpotConfig["RAD_SERVER"];
$RAD_PORT = $HotSpotConfig["RAD_PORT"];
$RAD_PASSWORD = $HotSpotConfig["RAD_PASSWORD"];
if (!is_numeric($RAD_PORT)) {
$RAD_PORT = 1812;
}
include_once "/usr/share/artica-postfix/ressources/class.radius.auth.inc";
if ($GLOBALS["VERBOSE"]) {
echo "RADIUS_AUTHENTICATION -> With ({$username},{$password},{$RAD_SERVER},{$RAD_PORT}) (" . __LINE__ . ")\n";
}
$retval = RADIUS_AUTHENTICATION($username, $passEnc, $RAD_SERVER, $RAD_PORT, $RAD_PASSWORD);
if ($retval == 2) {
writelogs("{$username}:: Checks RADIUS connection success...", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
}
$ASUID = false;
if ($HotSpotConfig["USEMYSQL"] == 1) {
$q = new mysql_squid_builder();
if (!$auth) {
writelogs("{$username}:: Checks MySQL connection..", __FUNCTION__, __FILE__, __LINE__);
if (!$q->TABLE_EXISTS("hotspot_members")) {
$q->CheckTables();
}
$sql = "SELECT uid,password,ttl,sessiontime,enabled FROM hotspot_members WHERE uid='{$username}'";
$ligne = mysql_fetch_array($q->QUERY_SQL($sql));
if ($ligne["uid"] != null) {
if ($ligne["password"] == $passEnc) {
if ($ligne["sessiontime"] > 0) {
$CACHE_AUTH = $ligne["sessiontime"];
}
if ($ligne["enabled"] == 0) {
echo $tpl->javascript_parse_text("{access_to_internet_disabled} ({disabled})");
die;
}
if (intval($ligne["ttl"]) > 0) {
if ($time > $ligne["ttl"]) {
echo $tpl->javascript_parse_text("{accesstime_to_internet_expired}");
die;
}
}
writelogs("{$username}:: Checks MySQL connection success..", __FUNCTION__, __FILE__, __LINE__);
$auth = true;
}
}
}
}
writelogs("{$username}:: Result = {$auth}", __FUNCTION__, __FILE__, __LINE__);
if (!$auth) {
writelogs("{$username}:: Die() authentification failed", __FUNCTION__, __FILE__, __LINE__);
echo $tpl->javascript_parse_text("{wrong_password_or_username}");
return;
}
$q = new mysql_squid_builder();
if (!is_numeric($CACHE_AUTH)) {
$CACHE_AUTH = 60;
}
$finaltime = strtotime("+{$CACHE_AUTH} minutes", $time);
$datelogs = date("Y-m-d H:i:s", $finaltime);
writelogs("{$username} -> {$HOST} +{$CACHE_AUTH}mn Next checkup time will be {$datelogs} ", __FUNCTION__, __FILE__, __LINE__);
if ($LOGIN != null) {
$uid = $LOGIN;
} else {
$uid = $username;
}
$q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE ipaddr='{$IPADDR}'");
$q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE MAC='{$MAC}'");
$q->QUERY_SQL("DELETE FROM hotspot_sessions WHERE uid='{$uid}'");
$sql = "INSERT IGNORE INTO hotspot_sessions (md5,logintime, maxtime,finaltime,username,uid,MAC,hostname,ipaddr)\n\tVALUES('{$md5key}',{$time},{$finaltime},{$CACHE_AUTH},'{$username}','{$uid}','{$MAC}','{$HOST}','{$IPADDR}')";
writelogs($sql, __FUNCTION__, __FILE__, __LINE__);
$q->QUERY_SQL($sql);
if (!$q->ok) {
writelogs("{$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__);
echo $q->mysql_error . "\n{$sql}";
return;
}
if ($HotSpotConfig["USEMYSQL"] == 1) {
if (!$ASUID) {
$sql = "INSERT IGNORE INTO hotspot_members (uid,MAC,hostname,ipaddr,enabled) VALUES ('{$uid}','{$MAC}','{$HOST}','{$IPADDR}',1)";
} else {
$sql = "UPDATE hotspot_members SET MAC='{$MAC}',hostname='{$HOST}',ipaddr='{$IPADDR}' WHERE uid='{$uid}'";
}
$q->QUERY_SQL($sql);
}
}