function iptablesUpdateWanUsersChain() { $iptUsers = iptablesGetWanUsers(); $users = iptablesGetDbWanUsers(); $toAdd = array(); $toDelete = array(); // pass 1: identify users to remove from chain foreach ($iptUsers as $user) { if (!in_array($user, $users)) { $toDelete[] = $user; } } // pass 2: identify users to add to chain foreach ($users as $user) { if (!in_array($user, $iptUsers)) { $toAdd[] = $user; } else { // also check for duplicates in chain $count = count(array_keys($iptUsers, $user)); while ($count > 1) { $toDelete[] = $user; $count--; } } } foreach ($toAdd as $user) { iptablesAddWanUser($user[0], $user[1]); } foreach ($toDelete as $user) { iptablesRemoveWanUser($user[0], $user[1]); } }
if (is_null($sessionId)) { // no session, but a matching device record was found, so we're ready to authorise a new session $usedPorts = explode(",", $usedPorts); // first, identify a spare port foreach ($SQUID_WAN_PORTS as $port) { if (!in_array($port, $usedPorts)) { $proxyPort = $port; break; } } if (is_null($proxyPort)) { releaseLock(); exit("No spare WAN ports for this IP address."); } if ($conn->query("insert into wan_sessions (username, serial_number, ip_address, proxy_port, auth_time_utc, expiry_time_utc)\nvalues ('" . $conn->escape_string($username) . "', '" . $conn->escape_string($serialNumber) . "', '{$srcIP}', {$proxyPort}, UTC_TIMESTAMP(), ADDTIME(UTC_TIMESTAMP(), '" . SQUID_WAN_SESSION_DURATION . "'))")) { iptablesAddWanUser($srcIP, $proxyPort); } else { releaseLock(); exit("Error creating session."); } } else { renewWanSession($sessionId, $conn); } releaseLock(); // check that our user is active, and hand out a custom PAC if required $userGroups = getUserGroups($username, true, false); // if $userGroups === FALSE, the user is inactive (or we encountered an LDAP error) if (is_array($userGroups)) { $pacFile = SQUID_ROOT . "/pac.wan.js"; $subs["{PORT}"] = $proxyPort; foreach ($userGroups as $userGroup) {