smecontribs/smeserver-coova-chilli
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2120fa2210
smeserver-coova-chilli/root/opt/chilli/cgi-bin/hotspotlogin.cgi

486 lines
15 KiB
Perl
Raw Blame History

#!/usr/bin/perl -w
# chilli - ChilliSpot.org. A Wireless LAN Access Point Controller
# Copyright (C) 2003, 2004 Mondru AB.
#
# The contents of this file may be used under the terms of the GNU
# General Public License Version 2, provided that the above copyright
# notice and this permission notice is included in all copies or
# substantial portions of the software.
# Adapted for SME Server by Daniel B. <daniel@firewall-services.com>
use Digest::MD5 qw(md5 md5_hex md5_base64);
# Import the config
require ('../hotspotlogin-conf.pl');
# detect browser language
$language = $ENV{'HTTP_ACCEPT_LANGUAGE'};
@array = split(',',$language);
foreach $var ( @array )
{
$var = substr($var,0,2);
if($var =~ /^fr$/) { $language = "fr"; last; }
if($var =~ /^en$/) { $language = "en"; last; }
}
if(-e "../lang/hotspotlogin.$language.pl"){
require("../lang/hotspotlogin.$language.pl");
}
else{
require('../lang/hotspotlogin.en.pl');
}
# Login page need https
if (!($ENV{HTTPS} =~ /^on$/)) {
print "Content-type: text/html\n\n
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
<title>$conf{domain}/title>
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
<meta http-equiv=\"Pragma\" content=\"no-cache\">
<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
</head>
<body>
<p>&nbsp;</p><p>&nbsp;</p>
<h2>$lang{loginfailed}</H2><br>
$lang{neddencrypted}</body></html>";
exit(0);
}
$loginpath = $ENV{'SCRIPT_NAME'};
# Make sure that the form parameters are clean
$OK_CHARS='-a-zA-Z0-9_.@&=%!';
$_ = (<STDIN> || '');
s/[^$OK_CHARS]/_/go;
$input = $_;
# Make sure that the get query parameters are clean
$OK_CHARS='-a-zA-Z0-9_.@&=%!';
$_ = $query=$ENV{QUERY_STRING};
s/[^$OK_CHARS]/_/go;
$query = $_;
#Read form parameters which we care about
@array = split('&',$input);
$replyencoded = '';
$username = '';
$password = '';
$challenge = '';
$button = '';
$res = '';
$uamip = '';
$uamport = '';
$userurl = '';
$timeleft = '';
$redirurl = '';
$mac = '';
foreach $var ( @array )
{
@array2 = split('=',$var);
if ($array2[0] =~ /^UserName$/) { $username = $array2[1]; }
if ($array2[0] =~ /^Password$/) { $password = $array2[1]; }
if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; }
if ($array2[0] =~ /^button$/) { $button = $array2[1]; }
if ($array2[0] =~ /^res$/) { $res = $array2[1]; }
if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; }
if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; }
if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; }
if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; }
if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; }
if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; }
# This should be added to 'standard' cgi script also
if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; }
}
#Read query parameters which we care about
@array = split('&',$query);
foreach $var ( @array )
{
@array2 = split('=',$var);
if ($array2[0] =~ /^res$/) { $res = $array2[1]; }
if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; }
if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; }
if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; }
# This should be changed in 'standard' cgi script also
if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; }
if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; }
if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; }
if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; }
if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; }
}
# This should be added to 'standard' cgi script also
$reply = $replyencoded;
$reply =~ s/\+/ /g;
$reply =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
$button =~ s/\+/ /g;
$button =~ s/\_/ /g;
$userurldecode = $userurl;
$userurldecode =~ s/\+/ /g;
$userurldecode =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
$redirurldecode = $redirurl;
$redirurldecode =~ s/\+/ /g;
$redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
# Tim added these two lines:
$username =~ s/\+/ /g;
$username =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
$password =~ s/\+/ /g;
$password =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
# If attempt to login
if (($button =~ $lang{login} || $button =~ $lang{guestbutton})) {
$hexchal = pack "H32", $challenge;
if (defined $conf{uamsecret}) {
$newchal = md5($hexchal, $conf{uamsecret});
}
else {
$newchal = $hexchal;
}
$response = md5_hex("\0", $password, $newchal);
$pappassword = unpack "H32", ($password ^ $newchal);
print "Content-type: text/html\n\n";
print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
<title>$conf{domain}</title>
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
<meta http-equiv=\"Pragma\" content=\"no-cache\">";
if ( (defined $conf{uamsecret}) && (defined $conf{userpassword})) {
print "<meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl\">";
}
else {
print "<meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl\">";
}
print "<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
</head><body>
<center>";
print "<p>&nbsp;</p><p>&nbsp;</p>
<h3>$lang{longgingin}</H3><br>$lang{wait}</center></body></html>";
exit(0);
}
# Default: It was not a form request
$result = 0;
# If login successful
if ($res =~ /^success$/) { $result = 1; }
# If login failed
if ($res =~ /^failed$/) { $result = 2; }
# If logout successful
if ($res =~ /^logoff$/) { $result = 3; }
# If tried to login while already logged in
if ($res =~ /^already$/) { $result = 4; }
# If not logged in yet
if ($res =~ /^notyet$/) { $result = 5; }
# If login from smart client
if ($res =~ /^smartclient$/) { $result = 6; }
# If requested a logging in pop up window
if ($res =~ /^popup1$/) { $result = 11; }
# If requested a success pop up window
if ($res =~ /^popup2$/) { $result = 12; }
# If requested a logout pop up window
if ($res =~ /^popup3$/) { $result = 13; }
# Otherwise it was not a form request
# Send out an error message
if ($result == 0) {
print "Content-type: text/html\n\n
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
<title>$conf{domain}</title>
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
<meta http-equiv=\"Pragma\" content=\"no-cache\">
<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
</head>
<body>
<center>
<p>&nbsp;</p><p>&nbsp;</p>
<h3>$lang{loginfailed}</h3><br>
$lang{chillierror}</center></body></html>";
exit(0);
}
#Generate the output
print "Content-type: text/html\n\n
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
<title>$conf{domain}</title>
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
<meta http-equiv=\"Pragma\" content=\"no-cache\">
<SCRIPT LANGUAGE=\"JavaScript\">
var blur = 0;
var starttime = new Date();
var startclock = starttime.getTime();
var mytimeleft = 0;
var user = \"\";
var password = \"\";
function getCookie(c_name)
{
if (document.cookie.length>0)
{
c_start=document.cookie.indexOf(c_name + \"=\");
if(c_start!=-1)
{
c_start=c_start + c_name.length+1;
c_end=document.cookie.indexOf(\";\",c_start);
if (c_end==-1) c_end=document.cookie.length;
return unescape(document.cookie.substring(c_start,c_end));
}
}
return \"\";
}
function setCookie(c_name,value,expiredays)
{
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie=c_name+ \"=\" +escape(value)+((expiredays==null) ? \"\" : \";expires=\"+exdate.toGMTString());
}
function getCookies()
{
user=getCookie('user');
if(user!=null && user!=\"\")
{
document.form1.UserName.value = user;
document.form1.saveusrpass.checked = true;
}
password=getCookie('password');
if(password!=null && password!=\"\")
{
document.form1.Password.value = password;
}
}
function setCookies()
{
if(!document.form1.saveusrpass.checked)
{
setCookie('user',\"\",365);
setCookie('password',\"\",365);
return;
}
user = document.form1.UserName.value;
password = document.form1.Password.value;
if(user!=null && user!=\"\")
{
if(password!=null && password!=\"\")
{
setCookie('user',user,365);
setCookie('password',password,365);
}
}
}
function doTime() {
window.setTimeout( \"doTime()\", 1000 );
t = new Date();
time = Math.round((t.getTime() - starttime.getTime())/1000);
if (mytimeleft) {
time = mytimeleft - time;
if (time <= 0) {
window.location = \"$loginpath?res=popup3&uamip=$uamip&uamport=$uamport\";
}
}
if (time < 0) time = 0;
hours = (time - (time % 3600)) / 3600;
time = time - (hours * 3600);
mins = (time - (time % 60)) / 60;
secs = time - (mins * 60);
if (hours < 10) hours = \"0\" + hours;
if (mins < 10) mins = \"0\" + mins;
if (secs < 10) secs = \"0\" + secs;
title = \"$lang{onlinetime}: \" + hours + \":\" + mins + \":\" + secs;
if (mytimeleft) {
title = \"$lang{remainingtime}: \" + hours + \":\" + mins + \":\" + secs;
}
if(document.all || document.getElementById){
document.title = title;
}
else {
self.status = title;
}
}
function popUp(URL) {
if (self.name != \"chillispot_popup\") {
chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=310');
}
}
function doOnLoad(result, URL, userurl, redirurl, timeleft) {
if (timeleft) {
mytimeleft = timeleft;
}
if ((result == 1) && (self.name == \"chillispot_popup\")) {
doTime();
}
if ((result == 1) && (self.name != \"chillispot_popup\")) {
chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300');
}
if ((result == 2) || result == 5) {
getCookies();
document.form1.UserName.focus()
}
if ((result == 2) && (self.name != \"chillispot_popup\")) {
chillispot_popup = window.open('', 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=400,height=200');
chillispot_popup.close();
}
if ((result == 12) && (self.name == \"chillispot_popup\")) {
doTime();
if (redirurl) {
window.opener.top.location.href = redirurl;
}
else if (userurl) {
window.opener.top.location.href = userurl;
}
else if (opener.home) {
window.opener.top.location.href.home();
}
else {
window.opener.top.location.href = \"about:home\";
}
self.focus();
blur = 0;
}
if ((result == 13) && (self.name == \"chillispot_popup\")) {
self.focus();
blur = 1;
}
}
function doOnBlur(result) {
if ((result == 12) && (self.name == \"chillispot_popup\")) {
if (blur == 0) {
blur = 1;
self.focus();
}
}
}
function doOnBeforeUnLoad(result) {
if ((result==12) && (self.name=='chillispot_popup')) {
document.location.href=('http://$uamip:$uamport/logoff');
window.close();
}
}
function fillGuestAccess() {
form1.UserName.value = 'guest';
form1.Password.value = 'guest';
}
</script>
<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
</head>
<body onLoad=\"javascript:doOnLoad($result, '$loginpath?res=popup2&uamip=$uamip&uamport=$uamport&userurl=$userurl&redirurl=$redirurl&timeleft=$timeleft&reply=$replyencoded','$userurldecode', '$redirurldecode', '$timeleft')\" onBlur = \"javascript:doOnBlur($result)\" onBeforeUnLoad = \"doOnBeforeUnLoad($result)\"><center>";
# In body onLoad above, after $timeleft, add '&reply=$replyencoded to 'standard' cgi script
if ($result == 2){
print "<p>&nbsp;</p><p>&nbsp;</p><h3>$lang{loginfailed}</h3>";
if ($reply) { print "$reply<br>"; }
}
if ($result == 2 || $result == 5){
print "<p>&nbsp;</p><p>&nbsp;</p>
<form name=\"form1\" method=\"post\" action=\"$loginpath\"\" onSubmit=\"setCookies()\">
<INPUT TYPE=\"hidden\" NAME=\"challenge\" VALUE=\"$challenge\">
<INPUT TYPE=\"hidden\" NAME=\"uamip\" VALUE=\"$uamip\">
<INPUT TYPE=\"hidden\" NAME=\"uamport\" VALUE=\"$uamport\">
<INPUT TYPE=\"hidden\" NAME=\"userurl\" VALUE=\"$userurldecode\">
<INPUT TYPE=\"hidden\" NAME=\"mac\" VALUE=\"$mac\">
<table style=\"width: 570px;\">
<tr>
<td align=\"right\">$lang{username}:</td>
<td><input type=\"text\" name=\"UserName\" size=\"14\" maxlength=\"128\"></td>
</tr>
<tr>
<td align=\"right\">$lang{password}:</td>
<td><input type=\"password\" name=\"Password\" size=\"14\" maxlength=\"128\"></td>
</tr>
<tr>
<td align=\"center\" colspan=\"2\" height=\"23\"><input type=\"submit\" name=\"button\" value=\"$lang{login}\" onClick=\"javascript:popUp('$loginpath?res=popup1&uamip=$uamip&uamport=$uamport&mac=$mac')\"></td></tr>
<tr>
<td align=\"center\" colspan=\"2\">
<input type=\"checkbox\" name=\"saveusrpass\"> $lang{saveuser}";
if($conf{guestaccess}){
print "<tr><td align=\"center\" colspan=\"2\" height=\"23\">$lang{guestdesc}</td></tr><tr><td align=\"center\" colspan=\"2\" height=\"23\"><input type=\"button\" name=\"button_guest\" value=\"$lang{guestbutton}\" onClick=\"javascript:fillGuestAccess()\"></td></tr>";
}
print " </table></form>";
if($lang{loginstring}) { print "<div style=\"width: 90%; height:330px; overflow:auto; padding-right : 12px; align:center;\"><table><td>$lang{loginstring}</td></table></div>"; }
print "</center></body></html>";
}
if ($result == 1){
print "<p>&nbsp;</p><p>&nbsp;</p><h3>$lang{loggedin}</h3><br>";
if ($lang{loggedinstring}) { print "$lang{loggedinstring}<br><br>"; }
if ($reply) { print "$reply</BR></BR>"; }
print "<a href=\"javascript:doOnBeforeUnLoad(12);\">$lang{logout}</a></center></body></html>";
}
if (($result == 4) || ($result == 12)){
print "<p>&nbsp;</p><p>&nbsp;</p><h3>$lang{loggedin}</h3><br>";
if ($lang{loggedinstring}) { print "$lang{loggedinstring}<br><br>"; }
if ($reply) { print "$reply</BR></BR>"; }
print "<a href=\"javascript:doOnBeforeUnLoad(12);\">$lang{logout}</a><br></center></body></html>";
}
if ($result == 11){
print "<p>&nbsp;</p><p>&nbsp;</p><h3>$lang{longgingin}</h3><br>";
print "<br>$lang{wait}</center></body></html>";
}
if (($result == 3) || ($result == 13)){
print "<p>&nbsp;</p><p>&nbsp;</p><h3>$lang{loggedout}</h3><br>";
if ($lang{loggedoutstring}) { print "$lang{loggedoutstring}<br><br>"; }
print "<a href=\"http://$uamip:$uamport/prelogin\">$lang{login}</a></center></body></html>";
}
exit(0);
View Git Blame Copy Permalink