API tools faq
paste
Advertisement
Guest User

hotspotlogin.cgi

a guest
Apr 2nd, 2016
252
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.75 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2.  
  3. # chilli - ChilliSpot.org. A Wireless LAN Access Point Controller
  4. # Copyright (C) 2003, 2004 Mondru AB.
  5. #
  6. # The contents of this file may be used under the terms of the GNU
  7. # General Public License Version 2, provided that the above copyright
  8. # notice and this permission notice is included in all copies or
  9. # substantial portions of the software.
  10.  
  11. # Redirects from ChilliSpot daemon:
  12. #
  13. # Redirection when not yet or already authenticated
  14. # notyet: ChilliSpot daemon redirects to login page.
  15. # already: ChilliSpot daemon redirects to success status page.
  16. #
  17. # Response to login:
  18. # already: Attempt to login when already logged in.
  19. # failed: Login failed
  20. # success: Login succeded
  21. #
  22. # logoff: Response to a logout
  23.  
  24.  
  25. # Shared secret used to encrypt challenge with. Prevents dictionary attacks.
  26. # You should change this to your own shared secret.
  27. $uamsecret = "testing123";
  28.  
  29. # Uncomment the following line if you want to use ordinary user-password
  30. # for radius authentication. Must be used together with $uamsecret.
  31. #$userpassword=1;
  32.  
  33. # Our own path
  34. $loginpath = $ENV{'SCRIPT_URL'};
  35.  
  36. use Digest::MD5 qw(md5 md5_hex md5_base64);
  37.  
  38. # Make sure that the form parameters are clean
  39. $OK_CHARS='-a-zA-Z0-9_.@&=%!';
  40. $| = 1;
  41. if ($ENV{'CONTENT_LENGTH'}) {
  42. read (STDIN, $_, $ENV{'CONTENT_LENGTH'});
  43. }
  44. s/[^$OK_CHARS]/_/go;
  45. $input = $_;
  46.  
  47.  
  48. # Make sure that the get query parameters are clean
  49. $OK_CHARS='-a-zA-Z0-9_.@&=%!';
  50. $_ = $query=$ENV{QUERY_STRING};
  51. s/[^$OK_CHARS]/_/go;
  52. $query = $_;
  53.  
  54.  
  55. # If she did not use https tell her that it was wrong.
  56. if (!($ENV{HTTPS} =~ /^on$/)) {
  57. print "Content-type: text/html\n\n
  58. <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
  59. <html>
  60. <head>
  61. <title>ChilliSpot Login Failed</title>
  62. <meta http-equiv=\"Cache-control\" content=\"no-cache\">
  63. <meta http-equiv=\"Pragma\" content=\"no-cache\">
  64. </head>
  65. <body bgColor = '#c0d8f4'>
  66. <h1 style=\"text-align: center;\">ChilliSpot Login Failed</h1>
  67. <center>
  68. Login must use encrypted connection.
  69. </center>
  70. </body>
  71. <!--
  72. <?xml version=\"1.0\" encoding=\"UTF-8\"?>
  73. <WISPAccessGatewayParam
  74. xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
  75. xsi:noNamespaceSchemaLocation=\"http://www.acmewisp.com/WISPAccessGatewayParam.xsd\">
  76. <AuthenticationReply>
  77. <MessageType>120</MessageType>
  78. <ResponseCode>102</ResponseCode>
  79. <ReplyMessage>Login must use encrypted connection</ReplyMessage>
  80. </AuthenticationReply>
  81. </WISPAccessGatewayParam>
  82. -->
  83. </html>
  84. ";
  85. exit(0);
  86. }
  87.  
  88.  
  89. #Read form parameters which we care about
  90. @array = split('&',$input);
  91. foreach $var ( @array )
  92. {
  93. @array2 = split('=',$var);
  94. if ($array2[0] =~ /^UserName$/) { $username = $array2[1]; }
  95. if ($array2[0] =~ /^Password$/) { $password = $array2[1]; }
  96. if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; }
  97. if ($array2[0] =~ /^button$/) { $button = $array2[1]; }
  98. if ($array2[0] =~ /^logout$/) { $logout = $array2[1]; }
  99. if ($array2[0] =~ /^prelogin$/) { $prelogin = $array2[1]; }
  100. if ($array2[0] =~ /^res$/) { $res = $array2[1]; }
  101. if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; }
  102. if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; }
  103. if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; }
  104. if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; }
  105. if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; }
  106. }
  107.  
  108. #Read query parameters which we care about
  109. @array = split('&',$query);
  110. foreach $var ( @array )
  111. {
  112. @array2 = split('=',$var);
  113. if ($array2[0] =~ /^res$/) { $res = $array2[1]; }
  114. if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; }
  115. if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; }
  116. if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; }
  117. if ($array2[0] =~ /^reply$/) { $reply = $array2[1]; }
  118. if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; }
  119. if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; }
  120. if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; }
  121. }
  122.  
  123.  
  124. $reply =~ s/\+/ /g;
  125. $reply =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
  126.  
  127. $userurldecode = $userurl;
  128. $userurldecode =~ s/\+/ /g;
  129. $userurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
  130.  
  131. $redirurldecode = $redirurl;
  132. $redirurldecode =~ s/\+/ /g;
  133. $redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
  134.  
  135. $password =~ s/\+/ /g;
  136. $password =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
  137.  
  138. # If attempt to login
  139. if ($button =~ /^Login$/) {
  140. $hexchal = pack "H32", $challenge;
  141. if (defined $uamsecret) {
  142. $newchal = md5($hexchal, $uamsecret);
  143. }
  144. else {
  145. $newchal = $hexchal;
  146. }
  147. $response = md5_hex("\0", $password, $newchal);
  148. $pappassword = unpack "H32", ($password ^ $newchal);
  149. #sleep 5;
  150. print "Content-type: text/html\n\n";
  151. print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
  152. <html>
  153. <head>
  154. <title>ChilliSpot Login</title>
  155. <meta http-equiv=\"Cache-control\" content=\"no-cache\">
  156. <meta http-equiv=\"Pragma\" content=\"no-cache\">";
  157. if ((defined $uamsecret) && defined($userpassword)) {
  158. print " <meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl\">";
  159. } else {
  160. print " <meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl\">";
  161. }
  162. print "</head>
  163. <body bgColor = '#c0d8f4'>";
  164. print "<h1 style=\"text-align: center;\">Logging in to ChilliSpot</h1>";
  165. print "
  166. <center>
  167. Please wait......
  168. </center>
  169. </body>
  170. <!--
  171. <?xml version=\"1.0\" encoding=\"UTF-8\"?>
  172. <WISPAccessGatewayParam
  173. xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
  174. xsi:noNamespaceSchemaLocation=\"http://www.acmewisp.com/WISPAccessGatewayParam.xsd\">
  175. <AuthenticationReply>
  176. <MessageType>120</MessageType>
  177. <ResponseCode>201</ResponseCode>
  178. ";
  179. if ((defined $uamsecret) && defined($userpassword)) {
  180. print "<LoginResultsURL>http://$uamip:$uamport/logon?username=$username&password=$pappassword</LoginResultsURL>";
  181. } else {
  182. print "<LoginResultsURL>http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl</LoginResultsURL>";
  183. }
  184. print "</AuthenticationReply>
  185. </WISPAccessGatewayParam>
  186. -->
  187. </html>
  188. ";
  189. exit(0);
  190. }
  191.  
  192.  
  193. # Default: It was not a form request
  194. $result = 0;
  195.  
  196. # If login successful
  197. if ($res =~ /^success$/) {
  198. $result = 1;
  199. }
  200.  
  201. # If login failed
  202. if ($res =~ /^failed$/) {
  203. $result = 2;
  204. }
  205.  
  206. # If logout successful
  207. if ($res =~ /^logoff$/) {
  208. $result = 3;
  209. }
  210.  
  211. # If tried to login while already logged in
  212. if ($res =~ /^already$/) {
  213. $result = 4;
  214. }
  215.  
  216. # If not logged in yet
  217. if ($res =~ /^notyet$/) {
  218. $result = 5;
  219. }
  220.  
  221. # If login from smart client
  222. if ($res =~ /^smartclient$/) {
  223. $result = 6;
  224. }
  225.  
  226. # If requested a logging in pop up window
  227. if ($res =~ /^popup1$/) {
  228. $result = 11;
  229. }
  230.  
  231. # If requested a success pop up window
  232. if ($res =~ /^popup2$/) {
  233. $result = 12;
  234. }
  235.  
  236. # If requested a logout pop up window
  237. if ($res =~ /^popup3$/) {
  238. $result = 13;
  239. }
  240.  
  241.  
  242. # Otherwise it was not a form request
  243. # Send out an error message
  244. if ($result == 0) {
  245. print "Content-type: text/html\n\n
  246. <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
  247. <html>
  248. <head>
  249. <title>ChilliSpot Login Failed</title>
  250. <meta http-equiv=\"Cache-control\" content=\"no-cache\">
  251. <meta http-equiv=\"Pragma\" content=\"no-cache\">
  252. </head>
  253. <body bgColor = '#c0d8f4'>
  254. <h1 style=\"text-align: center;\">ChilliSpot Login Failed</h1>
  255. <center>
  256. Login must be performed through ChilliSpot daemon.
  257. </center>
  258. </body>
  259. </html>
  260. ";
  261. exit(0);
  262. }
  263.  
  264. #Generate the output
  265. print "Content-type: text/html\n\n
  266. <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
  267. <html>
  268. <head>
  269. <title>ChilliSpot Login</title>
  270. <meta http-equiv=\"Cache-control\" content=\"no-cache\">
  271. <meta http-equiv=\"Pragma\" content=\"no-cache\">
  272. <SCRIPT LANGUAGE=\"JavaScript\">
  273. var blur = 0;
  274. var starttime = new Date();
  275. var startclock = starttime.getTime();
  276. var mytimeleft = 0;
  277.  
  278. function doTime() {
  279. window.setTimeout( \"doTime()\", 1000 );
  280. t = new Date();
  281. time = Math.round((t.getTime() - starttime.getTime())/1000);
  282. if (mytimeleft) {
  283. time = mytimeleft - time;
  284. if (time <= 0) {
  285. window.location = \"$loginpath?res=popup3&uamip=$uamip&uamport=$uamport\";
  286. }
  287. }
  288. if (time < 0) time = 0;
  289. hours = (time - (time % 3600)) / 3600;
  290. time = time - (hours * 3600);
  291. mins = (time - (time % 60)) / 60;
  292. secs = time - (mins * 60);
  293. if (hours < 10) hours = \"0\" + hours;
  294. if (mins < 10) mins = \"0\" + mins;
  295. if (secs < 10) secs = \"0\" + secs;
  296. title = \"Online time: \" + hours + \":\" + mins + \":\" + secs;
  297. if (mytimeleft) {
  298. title = \"Remaining time: \" + hours + \":\" + mins + \":\" + secs;
  299. }
  300. if(document.all || document.getElementById){
  301. document.title = title;
  302. }
  303. else {
  304. self.status = title;
  305. }
  306. }
  307.  
  308. function popUp(URL) {
  309. if (self.name != \"chillispot_popup\") {
  310. chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=375');
  311. }
  312. }
  313.  
  314. function doOnLoad(result, URL, userurl, redirurl, timeleft) {
  315. if (timeleft) {
  316. mytimeleft = timeleft;
  317. }
  318. if ((result == 1) && (self.name == \"chillispot_popup\")) {
  319. doTime();
  320. }
  321. if ((result == 1) && (self.name != \"chillispot_popup\")) {
  322. chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=375');
  323. }
  324. if ((result == 2) || result == 5) {
  325. document.form1.UserName.focus()
  326. }
  327. if ((result == 2) && (self.name != \"chillispot_popup\")) {
  328. chillispot_popup = window.open('', 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=400,height=200');
  329. chillispot_popup.close();
  330. }
  331. if ((result == 12) && (self.name == \"chillispot_popup\")) {
  332. doTime();
  333. if (redirurl) {
  334. opener.location = redirurl;
  335. }
  336. else if (userurl) {
  337. opener.location = userurl;
  338. }
  339. else if (opener.home) {
  340. opener.home();
  341. }
  342. else {
  343. opener.location = \"about:home\";
  344. }
  345. self.focus();
  346. blur = 0;
  347. }
  348. if ((result == 13) && (self.name == \"chillispot_popup\")) {
  349. self.focus();
  350. blur = 1;
  351. }
  352. }
  353.  
  354. function doOnBlur(result) {
  355. if ((result == 12) && (self.name == \"chillispot_popup\")) {
  356. if (blur == 0) {
  357. blur = 1;
  358. self.focus();
  359. }
  360. }
  361. }
  362. </script>
  363. </head>
  364. <body onLoad=\"javascript:doOnLoad($result, '$loginpath?res=popup2&uamip=$uamip&uamport=$uamport&userurl=$userurl&redirurl=$redirurl&timeleft=$timeleft','$userurldecode', '$redirurldecode', '$timeleft')\" onBlur = \"javascript:doOnBlur($result)\" bgColor = '#c0d8f4'>";
  365.  
  366.  
  367. # if (!window.opener) {
  368. # document.bgColor = '#c0d8f4';
  369. # }
  370.  
  371. #print "THE INPUT: $input";
  372. #foreach $key (sort (keys %ENV)) {
  373. # print $key, ' = ', $ENV{$key}, "<br>\n";
  374. #}
  375.  
  376. if ($result == 2) {
  377. print "
  378. <h1 style=\"text-align: center;\">ChilliSpot Login Failed</h1>";
  379. if ($reply) {
  380. print "<center> $reply </BR></BR></center>";
  381. }
  382. }
  383.  
  384. if ($result == 5) {
  385. print "
  386. <h1 style=\"text-align: center;\">ChilliSpot Login</h1>";
  387. }
  388.  
  389. if ($result == 2 || $result == 5) {
  390. print "
  391. <form name=\"form1\" method=\"post\" action=\"$loginpath\">
  392. <INPUT TYPE=\"hidden\" NAME=\"challenge\" VALUE=\"$challenge\">
  393. <INPUT TYPE=\"hidden\" NAME=\"uamip\" VALUE=\"$uamip\">
  394. <INPUT TYPE=\"hidden\" NAME=\"uamport\" VALUE=\"$uamport\">
  395. <INPUT TYPE=\"hidden\" NAME=\"userurl\" VALUE=\"$userurldecode\">
  396. <center>
  397. <table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" style=\"width: 217px;\">
  398. <tbody>
  399. <tr>
  400. <td align=\"right\">Username:</td>
  401. <td><input STYLE=\"font-family: Arial\" type=\"text\" name=\"UserName\" size=\"20\" maxlength=\"128\"></td>
  402. </tr>
  403. <tr>
  404. <td align=\"right\">Password:</td>
  405. <td><input STYLE=\"font-family: Arial\" type=\"password\" name=\"Password\" size=\"20\" maxlength=\"128\"></td>
  406. </tr>
  407. <tr>
  408. <td align=\"center\" colspan=\"2\" height=\"23\"><input type=\"submit\" name=\"button\" value=\"Login\" onClick=\"javascript:popUp('$loginpath?res=popup1&uamip=$uamip&uamport=$uamport')\"></td>
  409. </tr>
  410. </tbody>
  411. </table>
  412. </center>
  413. </form>
  414. </body>
  415. </html>";
  416. }
  417.  
  418. if ($result == 1) {
  419. print "
  420. <h1 style=\"text-align: center;\">Logged in to ChilliSpot</h1>";
  421.  
  422. if ($reply) {
  423. print "<center> $reply </BR></BR></center>";
  424. }
  425.  
  426. print "
  427. <center>
  428. <a href=\"http://$uamip:$uamport/logoff\">Logout</a>
  429. </center>
  430. </body>
  431. </html>";
  432. }
  433.  
  434. if (($result == 4) || ($result == 12)) {
  435. print "
  436. <h1 style=\"text-align: center;\">Logged in to ChilliSpot</h1>
  437. <center>
  438. <a href=\"http://$uamip:$uamport/logoff\">Logout</a>
  439. </center>
  440. </body>
  441. </html>";
  442. }
  443.  
  444.  
  445. if ($result == 11) {
  446. print "<h1 style=\"text-align: center;\">Logging in to ChilliSpot</h1>";
  447. print "
  448. <center>
  449. Please wait......
  450. </center>
  451. </body>
  452. </html>";
  453. }
  454.  
  455.  
  456. if (($result == 3) || ($result == 13)) {
  457. print "
  458. <h1 style=\"text-align: center;\">Logged out from ChilliSpot</h1>
  459. <center>
  460. <a href=\"http://$uamip:$uamport/prelogin\">Login</a>
  461. </center>
  462. </body>
  463. </html>";
  464. }
  465.  
  466.  
  467. exit(0);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!