function build()
{
$sock = new sockets();
$unix = new unix();
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort");
$ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort");
$ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort");
$ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort");
$ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL");
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$EnableArticaHotSpotCAS = $sock->GET_INFO("EnableArticaHotSpotCAS");
if (!is_numeric($EnableArticaHotSpotCAS)) {
$EnableArticaHotSpotCAS = 0;
}
$HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
if ($ArticaHotSpotPort == 0) {
$ArticaHotSpotPort = rand(38000, 64000);
$sock->SET_INFO("ArticaHotSpotPort", $ArticaHotSpotPort);
}
if ($ArticaSSLHotSpotPort == 0) {
$ArticaSSLHotSpotPort = rand(38500, 64000);
$sock->SET_INFO("ArticaSSLHotSpotPort", $ArticaSSLHotSpotPort);
}
if ($ArticaHotSpotInterface == null) {
$ArticaHotSpotInterface = "eth0";
}
if (!is_numeric($ArticaSplashHotSpotPort)) {
$ArticaSplashHotSpotPort = 16080;
}
if (!is_numeric($ArticaSplashHotSpotPortSSL)) {
$ArticaSplashHotSpotPortSSL = 16443;
}
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
$GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr;
$time = time();
$suffixTables = "-m comment --comment \"ArticaHotSpot-{$time}\"";
$q = new mysql_squid_builder();
$ipClass = new IP();
$iptables = $unix->find_program("iptables");
defaults_ports();
$f[] = ebtables_rules();
if ($GLOBALS["EBTABLES"]) {
$GLOBALS["MARKHTTP"] = null;
$GLOBALS["MARKHTTPS"] = null;
}
if (!$GLOBALS["EBTABLES"]) {
$f[] = "{$iptables} -t mangle -N internet -m comment --comment ArticaHotSpot-{$time}";
$f[] = "{$iptables} -t mangle -N internssl -m comment --comment ArticaHotSpot-{$time}";
$f[] = "{$iptables} -t mangle -A internet -j MARK --set-mark 99 -m comment --comment ArticaHotSpot-{$time}";
$f[] = "{$iptables} -t mangle -A internssl -j MARK --set-mark 98 -m comment --comment ArticaHotSpot-{$time}";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} C.A.S : {$EnableArticaHotSpotCAS}\n";
}
$Squid_http_address = "127.0.0.1:{$ArticaHotSpotPort}";
$webserver_http_address = "{$ipaddr}:{$ArticaSplashHotSpotPort}";
$c = 0;
if ($EnableArticaHotSpotCAS == 1) {
$ArticaHotSpotCASHost = $sock->GET_INFO("ArticaHotSpotCASHost");
$ArticaHotSpotCASPort = $sock->GET_INFO("ArticaHotSpotCASPort");
$f[] = whitelist_destination($ArticaHotSpotCASHost);
}
$sql = "SELECT * FROM `hotspot_whitelist`";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n";
}
return;
}
$Total = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} whitelisted websites\n";
}
while ($ligne = mysql_fetch_assoc($results)) {
$f[] = whitelist_webserver($ligne["ipaddr"], $ligne["port"], $ligne["ssl"]);
}
$sql = "SELECT * FROM `hotspot_networks` WHERE hotspoted=0";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n";
}
return;
}
$Total = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} whitelisted\n";
}
while ($ligne = mysql_fetch_assoc($results)) {
$pattern = $ligne["pattern"];
if ($ipClass->IsvalidMAC($pattern)) {
$c++;
$f[] = redirect_mac_to_proxy($pattern);
continue;
}
if ($ipClass->isIPAddressOrRange($pattern)) {
$c++;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Whitelist IP: {$pattern} {$ArticaHotSpotPort}/{$ArticaSSLHotSpotPort}\n";
}
$f[] = redirect_ip_to_proxy($pattern);
continue;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Unkown `{$pattern}`\n";
}
}
$sql = "SELECT * FROM `hotspot_networks` WHERE hotspoted=1";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n";
}
return;
}
$Total = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} hotspoted\n";
}
while ($ligne = mysql_fetch_assoc($results)) {
$pattern = $ligne["pattern"];
$restrict_web = $ligne["restrict_web"];
if ($ipClass->IsvalidMAC($pattern)) {
$c++;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} hostpot MAC: {$pattern} {$ipaddr}:{$ArticaSplashHotSpotPort}/{$ipaddr}:{$ArticaSplashHotSpotPortSSL}\n";
}
$f[] = redirect_mac_to_splash($pattern, $restrict_web);
continue;
}
if ($ipClass->isIPAddressOrRange($pattern)) {
$c++;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} hostpot IP: {$pattern} {$ipaddr}:{$ArticaSplashHotSpotPort} - {$ipaddr}:{$ArticaSplashHotSpotPortSSL}\n";
}
$f[] = redirect_ip_to_splash($pattern, $restrict_web);
continue;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Unkown `{$pattern}`\n";
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$c} rule(s)\n";
}
if ($c == 0) {
$f[] = redirect_ip_to_splash("0.0.0.0/0");
}
$f[] = "{$iptables} -t nat -A POSTROUTING -j MASQUERADE {$suffixTables}";
@file_put_contents("/etc/artica-postfix/hotspot.conf", @implode("\n", $f));
}
function iptables_rules()
{
$squid = new squidbee();
$unix = new unix();
$sock = new sockets();
$SquidBinIpaddr = trim($sock->GET_INFO("SquidBinIpaddr"));
if ($SquidBinIpaddr == null) {
$SquidBinIpaddr = "0.0.0.0";
}
$UseTProxyMode = intval($sock->GET_INFO("UseTProxyMode"));
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$ssl_port = $squid->get_ssl_port();
if (!is_numeric($squid->listen_port)) {
$squid->listen_port = 3128;
}
$listen_ssl_port = $squid->listen_port + 1;
$SSL_BUMP = $squid->SSL_BUMP;
$iptables = $unix->find_program("iptables");
$GLOBALS["IPTABLESBIN"] = $iptables;
$sysctl = $unix->find_program("sysctl");
$ips = $unix->ifconfig_interfaces_list();
$KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects");
if (!is_numeric($KernelSendRedirects)) {
$KernelSendRedirects = 1;
}
if (!is_numeric($EnableArticaHotSpot)) {
$EnableArticaHotSpot = 0;
}
$EnableNatProxy = intval($sock->GET_INFO("EnableNatProxy"));
$NatProxyServer = $sock->GET_INFO("NatProxyServer");
$NatProxyPort = intval($sock->GET_INFO("NatProxyPort"));
echo "Starting......: " . date("H:i:s") . " Squid iptables Rules: UseTProxyMode.....:{$UseTProxyMode}\n";
if ($UseTProxyMode == 1) {
disable_transparent();
iptables_wccp_delete_all();
$php = $unix->LOCATE_PHP5_BIN();
echo "Starting......: " . date("H:i:s") . " Squid running Tproxy Mode\n";
system("{$php} /usr/share/artica-postfix/exec.squid.tproxy.php");
echo "Starting......: " . date("H:i:s") . " Squid running TProxy script...\n";
shell_exec("/etc/init.d/tproxy start");
return;
}
$php = $unix->LOCATE_PHP5_BIN();
$GLOBALS["echobin"] = $unix->find_program("echo");
$MARKLOG = "-m comment --comment \"ArticaSquidTransparent\"";
$sh = array();
$sh[] = script_startfile();
build_progress("Creating rules...", 35);
$sh[] = "{$GLOBALS["echobin"]} \"Patching kernel\"";
$sh[] = "{$sysctl} -w net.ipv4.ip_forward=1 2>&1";
$sh[] = "{$sysctl} -w net.ipv4.conf.default.send_redirects={$KernelSendRedirects} 2>&1";
$sh[] = "{$sysctl} -w net.ipv4.conf.all.send_redirects={$KernelSendRedirects} 2>&1";
if (is_file("/proc/sys/net/ipv4/conf/eth0/send_redirects")) {
$sh[] = "{$sysctl} -w net.ipv4.conf.eth0.send_redirects={$KernelSendRedirects} 2>&1";
}
$sh[] = "{$php} /usr/share/artica-postfix/exec.squid.transparent.delete.php || true";
$sh[] = ebtables_rules();
$sh[] = "{$GLOBALS["echobin"]} \"Enable rules\"";
$sh[] = "{$iptables} -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT {$MARKLOG} || true";
if (!$GLOBALS["EBTABLES"]) {
$sh[] = "{$GLOBALS["echobin"]} \"Add internetT dictionary\"";
$sh[] = "{$iptables} -t mangle -N internetT {$MARKLOG} || true";
$sh[] = "{$GLOBALS["echobin"]} \"Add internsslT dictionary\"";
$sh[] = "{$iptables} -t mangle -N internsslT {$MARKLOG} || true";
$sh[] = "{$GLOBALS["echobin"]} \"Add mangle MARK 97 for internsslT\"";
$sh[] = "{$iptables} -t mangle -A internsslT -j MARK --set-mark 97 {$MARKLOG} || true";
$sh[] = "{$GLOBALS["echobin"]} \"Add mangle MARK 96 for internetT\"";
$sh[] = "{$iptables} -t mangle -A internetT -j MARK --set-mark 96 {$MARKLOG} || true";
}
$sh[] = "{$iptables} -t nat -A OUTPUT --match owner --uid-owner squid -p tcp -j ACCEPT {$MARKLOG}";
$sh[] = "{$iptables} -t nat -A OUTPUT --match owner --uid-owner squid -p tcp -j ACCEPT {$MARKLOG}";
$sh[] = "{$iptables} -t nat -I POSTROUTING -p tcp --dport 80 -j MASQUERADE {$MARKLOG}";
$sh[] = "{$iptables} -t nat -I POSTROUTING -p tcp --dport 443 -j MASQUERADE {$MARKLOG}";
$sql = "SELECT * FROM transparent_networks WHERE `enabled`=1 ORDER BY zOrder";
$q = new mysql_squid_builder();
$results = $q->QUERY_SQL($sql);
while ($ligne = mysql_fetch_assoc($results)) {
$transparent = $ligne["transparent"];
$block = $ligne["block"];
if ($ligne["destination_port"] == 0) {
$ligne["destination_port"] = 80;
if ($ligne["ssl"] == 1) {
$ligne["destination_port"] == 443;
}
}
if ($ligne["destination_port"] == 443) {
$ligne["ssl"] = 1;
}
if ($ligne["destination_port"] == 80) {
$ligne["ssl"] = 0;
}
if ($block == 1) {
$sh[] = pattern_to_www($ligne);
continue;
}
if ($transparent == 0) {
$sh[] = pattern_to_direct($ligne);
continue;
}
$sh[] = pattern_to_proxy($ligne, $squid->listen_port, $ssl_port);
}
if ($EnableNatProxy == 1) {
$sh[] = "{$iptables} -t nat -I PREROUTING -s {$NatProxyServer}/32 -p tcp -m tcp --dport 80 {$MARKLOG} -j RETURN";
$sh[] = "{$iptables} -t nat -I PREROUTING -s {$NatProxyServer}/32 -p tcp -m tcp --dport 443 {$MARKLOG} -j RETURN";
}
$sh[] = ChildsProxys();
$sh[] = script_endfile();
build_progress("Writing script...", 45);
@file_put_contents("/etc/init.d/tproxy", @implode("\n", $sh));
build_progress("Installing script...", 48);
script_install();
}
