$conf{domain}/title> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\"> <link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" /> </head> <body> <p> </p><p> </p> <h2>$lang{loginfailed}</H2><br> $lang{neddencrypted}</body></html>"; exit(0); } $loginpath = $ENV{'SCRIPT_NAME'}; # Make sure that the form parameters are clean $OK_CHARS='-a-zA-Z0-9_.@&=%!'; $_ = (<STDIN> || ''); s/[^$OK_CHARS]/_/go; $input = $_; # Make sure that the get query parameters are clean $OK_CHARS='-a-zA-Z0-9_.@&=%!'; $_ = $query=$ENV{QUERY_STRING}; s/[^$OK_CHARS]/_/go; $query = $_; #Read form parameters which we care about @array = split('&',$input); $replyencoded = ''; $username = ''; $password = ''; $challenge = ''; $button = ''; $res = ''; $uamip = ''; $uamport = ''; $userurl = ''; $timeleft = ''; $redirurl = ''; $mac = ''; foreach $var ( @array ) { @array2 = split('=',$var); if ($array2[0] =~ /^UserName$/) { $username = $array2[1]; } if ($array2[0] =~ /^Password$/) { $password = $array2[1]; } if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; } if ($array2[0] =~ /^button$/) { $button = $array2[1]; } if ($array2[0] =~ /^res$/) { $res = $array2[1]; } if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; } if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; } if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; } if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; } if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; } if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; } # This should be added to 'standard' cgi script also if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; } } #Read query parameters which we care about @array = split('&',$query); foreach $var ( @array ) { @array2 = split('=',$var); if ($array2[0] =~ /^res$/) { $res = $array2[1]; } if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; } if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; } if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; } # This should be changed in 'standard' cgi script also if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; } if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; } if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; } if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; } if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; } } # This should be added to 'standard' cgi script also $reply = $replyencoded; $reply =~ s/\+/ /g; $reply =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $button =~ s/\+/ /g; $button =~ s/\_/ /g; $userurldecode = $userurl; $userurldecode =~ s/\+/ /g; $userurldecode =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $redirurldecode = $redirurl; $redirurldecode =~ s/\+/ /g; $redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; # Tim added these two lines: $username =~ s/\+/ /g; $username =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $password =~ s/\+/ /g; $password =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; # If attempt to login if (($button =~ $lang{login} || $button =~ $lang{guestbutton})) { $hexchal = pack "H32", $challenge; if (defined $conf{uamsecret}) { $newchal = md5($hexchal, $conf{uamsecret}); } else { $newchal = $hexchal; } $response = md5_hex("\0", $password, $newchal); $pappassword = unpack "H32", ($password ^ $newchal); print "Content-type: text/html\n\n"; print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html> <head> <title>$conf{domain}

#!/usr/bin/perl -w # chilli - ChilliSpot.org. A Wireless LAN Access Point Controller # Copyright (C) 2003, 2004 Mondru AB. # # The contents of this file may be used under the terms of the GNU # General Public License Version 2, provided that the above copyright # notice and this permission notice is included in all copies or # substantial portions of the software. # Adapted for SME Server by Daniel B. use Digest::MD5 qw(md5 md5_hex md5_base64); # Import the config require ('../hotspotlogin-conf.pl'); # detect browser language $language = $ENV{'HTTP_ACCEPT_LANGUAGE'}; @array = split(',',$language); foreach $var ( @array ) { $var = substr($var,0,2); if($var =~ /^fr$/) { $language = "fr"; last; } if($var =~ /^en$/) { $language = "en"; last; } } if(-e "../lang/hotspotlogin.$language.pl"){ require("../lang/hotspotlogin.$language.pl"); } else{ require('../lang/hotspotlogin.en.pl'); } # Login page need https if (!($ENV{HTTPS} =~ /^on$/)) { print "Content-type: text/html\n\n $conf{domain}/title> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\"> <link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" /> </head> <body> <p> </p><p> </p> <h2>$lang{loginfailed}</H2><br> $lang{neddencrypted}</body></html>"; exit(0); } $loginpath = $ENV{'SCRIPT_NAME'}; # Make sure that the form parameters are clean $OK_CHARS='-a-zA-Z0-9_.@&=%!'; $_ = (<STDIN> || ''); s/[^$OK_CHARS]/_/go; $input = $_; # Make sure that the get query parameters are clean $OK_CHARS='-a-zA-Z0-9_.@&=%!'; $_ = $query=$ENV{QUERY_STRING}; s/[^$OK_CHARS]/_/go; $query = $_; #Read form parameters which we care about @array = split('&',$input); $replyencoded = ''; $username = ''; $password = ''; $challenge = ''; $button = ''; $res = ''; $uamip = ''; $uamport = ''; $userurl = ''; $timeleft = ''; $redirurl = ''; $mac = ''; foreach $var ( @array ) { @array2 = split('=',$var); if ($array2[0] =~ /^UserName$/) { $username = $array2[1]; } if ($array2[0] =~ /^Password$/) { $password = $array2[1]; } if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; } if ($array2[0] =~ /^button$/) { $button = $array2[1]; } if ($array2[0] =~ /^res$/) { $res = $array2[1]; } if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; } if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; } if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; } if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; } if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; } if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; } # This should be added to 'standard' cgi script also if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; } } #Read query parameters which we care about @array = split('&',$query); foreach $var ( @array ) { @array2 = split('=',$var); if ($array2[0] =~ /^res$/) { $res = $array2[1]; } if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; } if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; } if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; } # This should be changed in 'standard' cgi script also if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; } if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; } if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; } if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; } if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; } } # This should be added to 'standard' cgi script also $reply = $replyencoded; $reply =~ s/\+/ /g; $reply =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $button =~ s/\+/ /g; $button =~ s/\_/ /g; $userurldecode = $userurl; $userurldecode =~ s/\+/ /g; $userurldecode =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $redirurldecode = $redirurl; $redirurldecode =~ s/\+/ /g; $redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; # Tim added these two lines: $username =~ s/\+/ /g; $username =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $password =~ s/\+/ /g; $password =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; # If attempt to login if (($button =~ $lang{login} || $button =~ $lang{guestbutton})) { $hexchal = pack "H32", $challenge; if (defined $conf{uamsecret}) { $newchal = md5($hexchal, $conf{uamsecret}); } else { $newchal = $hexchal; } $response = md5_hex("\0", $password, $newchal); $pappassword = unpack "H32", ($password ^ $newchal); print "Content-type: text/html\n\n"; print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html> <head> <title>$conf{domain} "; if ( (defined $conf{uamsecret}) && (defined $conf{userpassword})) { print ""; } else { print ""; } print " "; print "

$lang{longgingin}

$lang{wait}"; exit(0); } # Default: It was not a form request $result = 0; # If login successful if ($res =~ /^success$/) { $result = 1; } # If login failed if ($res =~ /^failed$/) { $result = 2; } # If logout successful if ($res =~ /^logoff$/) { $result = 3; } # If tried to login while already logged in if ($res =~ /^already$/) { $result = 4; } # If not logged in yet if ($res =~ /^notyet$/) { $result = 5; } # If login from smart client if ($res =~ /^smartclient$/) { $result = 6; } # If requested a logging in pop up window if ($res =~ /^popup1$/) { $result = 11; } # If requested a success pop up window if ($res =~ /^popup2$/) { $result = 12; } # If requested a logout pop up window if ($res =~ /^popup3$/) { $result = 13; } # Otherwise it was not a form request # Send out an error message if ($result == 0) { print "Content-type: text/html\n\n $conf{domain}

$lang{loginfailed}

$lang{chillierror}"; exit(0); } #Generate the output print "Content-type: text/html\n\n $conf{domain} "; # In body onLoad above, after $timeleft, add '&reply=$replyencoded to 'standard' cgi script if ($result == 2){ print "

$lang{loginfailed}

"; if ($reply) { print "$reply
"; } } if ($result == 2 || $result == 5){ print "

"; if($lang{loginstring}) { print "

$lang{loginstring}

"; } print ""; } if ($result == 1){ print "

$lang{loggedin}

"; if ($lang{loggedinstring}) { print "$lang{loggedinstring}

"; } if ($reply) { print "$reply

"; } print "$lang{logout}"; } if (($result == 4) || ($result == 12)){ print "

$lang{loggedin}

"; if ($lang{loggedinstring}) { print "$lang{loggedinstring}

"; } if ($reply) { print "$reply

"; } print "$lang{logout}
"; } if ($result == 11){ print "

$lang{longgingin}

"; print "
$lang{wait}"; } if (($result == 3) || ($result == 13)){ print "

$lang{loggedout}

"; if ($lang{loggedoutstring}) { print "$lang{loggedoutstring}

"; } print "$lang{login}"; } exit(0);

$lang{username}:
$lang{password}:

$lang{saveuser}"; if($conf{guestaccess}){ print "
$lang{guestdesc}