API tools faq
paste
Advertisement
Guest User

Intercept with facebook

a guest
Aug 28th, 2017
53
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 17.45 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //////// CREATIONS DES VARIABLES ET ACCES A LA CONFIG /////////
  3. $header_add=$body_add=$body_complement=null;
  4. define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
  5. define ("DOMAIN_ALLOWED_LIST", "/usr/local/etc/alcasar-uamdomain");
  6. $conf_files=array(CONF_FILE,DOMAIN_ALLOWED_LIST);
  7. foreach ($conf_files as $file){
  8.     if (!file_exists($file)){
  9.         exit("File ".$file." unknown");
  10.     }
  11.     if (!is_readable($file)){
  12.         exit("You don't have read rights on the file ".$file);
  13.     }
  14. }
  15. $ouvre=fopen(CONF_FILE,"r");
  16. if ($ouvre){
  17.     while (!feof ($ouvre)){
  18.         $tampon = fgets($ouvre, 4096);
  19.         if (strpos($tampon,"=")!==false){
  20.             $tmp = explode("=",$tampon);
  21.             $conf[$tmp[0]] = $tmp[1];
  22.         }
  23.     }
  24. }else{
  25.     exit("Error opening the file ".CONF_FILE);
  26. }
  27. fclose($ouvre);
  28.  
  29. # Shared secret used to encrypt password with coova.
  30. $uamsecret = "1OtuNWxS";
  31. # URL loaded after success authenticates (let blank for browser defaults)
  32. $adminurl = "";
  33. # Our own path
  34. $loginpath  = $_SERVER['PHP_SELF'];
  35. $alcasarpath    = "http://".trim($conf["HOSTNAME"]).".".trim($conf["DOMAIN"]);
  36. $statuspath = $alcasarpath."/status.php";
  37.  
  38.  
  39. $organisme = trim($conf["ORGANISM"]);
  40. $domainname = trim($conf["DOMAIN"]);
  41. $hostname = "connexion.".$domainname;
  42. $diagnostic = " GATEWAY UNREACHABLE [ERR 22]"; # "alcasar-watchdog.sh" changes this value if a network issue is detected
  43. $cert_add = "http://$hostname/certs";
  44. $direct_access = False;
  45. $display_menu=False;
  46. $remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
  47. $tab = array();
  48. $user = array();
  49.  
  50. $network_pb = False; # "alcasar-watchdog.sh" changes this value if a network issue is detected
  51. $debug      = true;
  52. // DEBUG RULES
  53. $organisme="MA COMPAGNIE";
  54. //
  55. $img_rep = "./images/";
  56. $img_organisme = "organisme.png";
  57.  
  58. $Language = 'fr';
  59. if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
  60.     $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
  61.     $Language = strtolower(substr(chop($Langue[0]),0,2));
  62. }
  63. (isset($_GET['lang'])) ? $Language=htmlentities($_GET['lang']) : null;
  64. switch ($Language) {
  65.     case 'en':
  66.         $l_title_part="Connection";
  67.         $l_title="{$organisme} :: {$l_title_part}";
  68.         $l_intro_title=$l_title_part;
  69.         // $l_intro="We provide you an wifi's internet access, you must accept the terms of use below for continue.";
  70.         $l_button_confirm="I'm agree with terms and I want to continue to the internet";
  71.         $l_facebook_local="en_GB";
  72.         $l_welcome="Welcome";
  73.         $l_explain="You show this page because you tried to browse an internet address.";
  74.         $l_error="Error";
  75.         $l_network_pb="The gateway isn't reachable, the internet network seems not work.";
  76.         $l_create_wait="<h2>Account create currently process</h2>Please wait, this action could take some minutes</br>. Try internet acces later. If you can't browse, please disconnect and reconnect to our network";
  77.         // INTERCEPT SPECIFIC VARS
  78.         $l_ChilliError  = "The authentication must be successful through the captive portal service.";
  79.         $l_login        = "Successful authentication.<HR>Closing this window interrupts your session";
  80.         $l_logout       = "Closing connection";
  81.         $l_loginfailed  = "Authentication Failed";
  82.         $l_loggingin        = "Identification on the captive portal";
  83.         $l_loggedcont       = "Access Control";
  84.         $l_loggedout        = "Your session is closed";
  85.         $l_user     = "User";
  86.         $l_password     = "Password";
  87.         $l_wait     = "Please wait a moment ...";
  88.         $l_onlinetime       = "Connect time:";
  89.         $l_remainingtime    = "Disconnection in:";
  90.         $l_encrypted        = "The connection with the portal must be encrypted";
  91.         $l_boutonO      = "Authentication";
  92.         $l_boutonF      = "Close";
  93.         $l_loggedin_stringl1    = "Information System Security";
  94.         $l_loggedin_stringl2    = "That control was set up regulations to ensure traceability, accountability and non-repudiation of connections.";
  95.         $l_loggedin_stringl3    = "Your activity on the network is registered in accordance with privacy.";
  96.         $l_loggedin_stringl4    = "The recorded data can be able to be operated by a judicial authority in the course of an investigation.";
  97.         $l_loggedin_stringl5    = "These data will be automatically deleted after one year.";
  98.         $l_loggedin_stringl6    = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser";
  99.         $l_loggedout_string = "Disconnection of the captive portal made";
  100.         $l_reply_1      = "Your daily connexion time has been reached";
  101.         $l_reply_2      = "Your monthly connexion time has been reached";
  102.         $l_reply_3      = "You try to connect outside of your allowed timespan";
  103.         $l_reply_4      = "your account expired";
  104.         $l_reply_5      = "You have reached the maximum number of simultaneous logins";
  105.         $l_reply_6      = "Your authorized connexion time has been reached";
  106.         $l_online_time  = "Online time";
  107.         $l_remaining_time   = "Remaining time";
  108.         $l_uam_domain       = "Authorized websites : ";
  109.         break;
  110.    
  111.     default:
  112.         $l_title_part="Connexion";
  113.         $l_title="{$organisme} :: {$l_title_part}";
  114.         $l_intro_title=$l_title_part;
  115.         // $l_intro="Nous mettons &agrave; votre disposition un acc&egrave;s internet wifi, pour poursuivre vous devez accepter les conditions d'utilisation ci-dessous.";
  116.         $l_button_confirm="J'accepte les conditions et souhaite poursuivre sur internet";
  117.         $l_facebook_local="fr_FR";
  118.         $l_welcome="Bienvenue";
  119.         $l_explain="Cette page s'affiche car vous avez essay&eacute; d'aller sur internet.";
  120.         $l_error="Erreur";
  121.         $l_network_pb="La connexion internet ne semble pas fonctionner, le service n'est pas disponible.";
  122.         $l_create_wait="<h2>Cr&eacute;ation de votre acc&egrave;s en cours.</h2>Cette action peux prendre plusieurs minutes.<br/> Merci de faire une nouvelle navigation plus tard. Si vous n'arrivez pas a aller sur internet, coupez et rallumez votre wifi.";
  123.         // INTERCEPT SPECIFIC VARS
  124.         $l_ChilliError  = "L'authentification doit &ecirc;tre r&eacute;ussie sur le portail captif.";
  125.         $l_login        = "Authentification réussie.<HR>La fermeture de cette fenêtre interrompt votre session.";
  126.         $l_logout       = "Fermeture de la session";
  127.         $l_loginfailed  = "Echec d'authentification";
  128.         $l_loggingin        = "Identification sur le portail captif";
  129.         $l_loggedcont       = "Contrôle d'acc&egrave;s";
  130.         $l_loggedout        = "Votre session est ferm&eacute;e";
  131.         $l_user     = "Identifiant";
  132.         $l_password     = "Mot de passe";
  133.         $l_wait     = "Patientez un instant ...";
  134.         $l_onlinetime       = "Temps de connexion:";
  135.         $l_remainingtime    = "Deconnexion dans :";
  136.         $l_encrypted        = "La connexion avec le portail n'est pas s&eacute;curis&eacute;";
  137.         $l_boutonO      = "Authentification";
  138.         $l_boutonF      = "Fermer";
  139.         $l_loggedin_stringl1    = "S&eacute;curit&eacute; des Syst&egrave;mes d'Information";
  140.         $l_loggedin_stringl2    = "Ce contrôle a &eacute;t&eacute; mis en place pour assurer r&eacute;glementairement la traçabilit&eacute;, l'imputabilit&eacute; et la non-r&eacute;pudiation des connexions.";
  141.         $l_loggedin_stringl3    = "Votre activit&eacute; sur le r&eacute;seau est enregistr&eacute;e conform&eacute;ment au respect de la vie priv&eacute;e.";
  142.         $l_loggedin_stringl4    = "Les donn&eacute;es enregistr&eacute;es ne pourront être exploit&eacute;es que par une autorit&eacute; judiciaire dans le cadre d'une enqu&ecirc;te.";
  143.         $l_loggedin_stringl5    = "Ces donn&eacute;es seront automatiquement supprim&eacute;es au bout d'un an.";
  144.         $l_loggedin_stringl6    = "Cliquez <a href='$alcasarpath'>ici</a> pour changer votre mot de passe ou pour int&eacute;grer le certificat de s&eacute;curit&eacute; &agrave; votre navigateur";
  145.         $l_loggedout_string = "D&eacute;connexion du portail captif effectu&eacute;e !";
  146.         $l_reply_1      = "Votre dur&eacute;e de connexion journalière a &eacute;t&eacute; atteinte";
  147.         $l_reply_2      = "Votre dur&eacute;e de connexion mensuelle a &eacute;t&eacute; atteinte";
  148.         $l_reply_3      = "Vous tentez de vous connecter en dehors de votre période autoris&eacute;e";
  149.         $l_reply_4      = "Votre compte a expir&eacute;";
  150.         $l_reply_5      = "Vous avez atteint le nombre maximum de connexions simultan&eacute;es";
  151.         $l_reply_6      = "Votre durée de connexion autoris&eacute;e a été atteinte";
  152.         $l_online_time  = "Temps de connexion";
  153.         $l_remaining_time   = "Temps restant";
  154.         $l_uam_domain       = "Sites autoris&eacute;s : ";
  155.         break;
  156. }
  157. /////////////////// EXECUTION DES CONTROLES //////////////////
  158. // Read form parameters which we care about
  159. $username=(isset($_POST['UserName']) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/',$_POST['UserName'])!=1)) ? $_POST['UserName'] : ""; // Interdire la connexion en tapant l'adresse MAC
  160. $password=(isset($_POST['Password'])) ? $_POST['Password'] : "";
  161. $challenge=(isset($_POST['challenge'])) ? $_POST['challenge'] : (isset($_GET['challenge'])) ? $_GET['challenge'] : "";
  162. $button=(isset($_POST['button'])) ? $_POST['button'] : "";
  163. //if (isset($_POST['logout'])){ $logout     = $_POST['logout'];} else {$logout="";}
  164. //if (isset($_POST['prelogin'])){   $prelogin   = $_POST['prelogin'];} else {$prelogin="";}
  165. $res = (isset($_POST['res'])) ? $_POST['res'] : (isset($_GET['res'])) ? $_GET['res'] : "";
  166. $uamip = (isset($_POST['uamip'])) ? $_POST['uamip'] : (isset($_GET['uamip'])) ? $_GET['uamip'] : "";
  167. $uamip = (isset($_POST['uamip'])) ? $_POST['uamip'] : (isset($_GET['uamip'])) ? $_GET['uamip'] : "";
  168. $uamport = (isset($_POST['uamport'])) ? $_POST['uamport'] : (isset($_GET['uamport'])) ? $_GET['uamport'] : "";
  169. $userurl = (isset($_POST['userurl'])) ? $_POST['userurl'] : (isset($_GET['userurl'])) ? $_GET['userurl'] : "";
  170. ($userurl == "http://logout/") ? $userurl="http://www.monsite.fr" : null; //Empecher de cycle de logout
  171. $timeleft = (isset($_POST['timeleft'])) ? $_POST['timeleft'] : (isset($_GET['timeleft'])) ? $_GET['timeleft'] : "";
  172. $redirurl = (isset($_POST['redirurl'])) ? $_POST['redirurl'] : (isset($_GET['redirurl'])) ? $_GET['redirurl'] : "";
  173. $reply =(isset($_GET['reply'])) ? $_GET['reply'] : "";
  174. // Commencer seulement si la connexion est ok
  175. if(!$network_pb){
  176.     // HTTPS ONLY
  177.     if(!(isset($_SERVER['HTTPS'])&&($_SERVER['HTTPS'] == 'on'))){
  178.         $body_add.=$l_encrypted;
  179.         $page_type="erreur";
  180.     }
  181.     // translation of radius replies
  182.     if (isset($reply)){
  183.         switch(trim($reply)) {
  184.             case 'Your maximum daily usage time has been reached' : $reply = $l_reply_1 ; break;
  185.             case 'Your maximum monthly usage time has been reached' : $reply = $l_reply_2 ; break;
  186.             case 'You are calling outside your allowed timespan' : $reply = $l_reply_3 ; break;
  187.             case 'Password Has Expired' : $reply =  $l_reply_4 ; break;
  188.             case 'You are already logged in - access denied' : $reply = $l_reply_5 ; break;
  189.             case 'Your maximum never usage time has been reached' : $reply = $l_reply_6 ; break;
  190.         }
  191.     }
  192.     # If attempt to login
  193.     if("$button" == "$l_boutonO"){
  194.         #correction password length in coova-chilli
  195.         #thanks to http://www.stochasticgeometry.ie/2009/09/09/maximum-password-length-in-coova-chilli/
  196.         $hexchal = pack ("H*", $challenge);
  197.         $newchal = pack ("H*", md5($hexchal . $uamsecret));
  198.      
  199.         # If challenge isn't long enough, repeat it until it is
  200.         while (strlen($newchal) < strlen($password)){
  201.             $newchal .= $newchal;
  202.         }
  203.         $response = md5("\0" . $password . $newchal);
  204.         $newpwd = pack("a*", $password);
  205.         # Encode plain text password with challenge
  206.         $pappassword = implode ("", unpack("H*", ($newpwd ^ $newchal)));
  207.         $header_add.="<meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl\">";
  208.         $body_add.="$l_wait";
  209.         $page_type="normal";
  210.     }
  211.     switch($res) {
  212.       case 'success':     $result =  1; break; // If login successful
  213.       case 'failed': // Login failed, user not exist
  214.         $result =  2;
  215.         $page_type="erreur";
  216.         $body_add.="<h3>$l_loginfailed</h3>";
  217.             if($reply){ // traitement de la réponse
  218.                 $body_add.="<center> $reply <br /><br /></center>";
  219.             }
  220.         break;
  221.       case 'logoff':      $result =  3; break; // If logout successful
  222.       case 'already':     $result =  4; break; // If tried to login while already logged in
  223.       case 'notyet':      $result =  5; break; // If not logged in yet
  224.       default: // Default: It was not a form request -> client autocreate
  225.         if(!$debug)
  226.             include_once('auto.php');
  227.         $result = 0;
  228.     }
  229.     switch($result){
  230.         case 0: // not a form
  231.         case 5: // not yet auth
  232.             $body_complement="onLoad=\"javascript:doOnLoad($result,'$userurl','$redirurl','$adminurl','$timeleft')\"";
  233.             $body_add.=$l_create_wait;
  234.             include_once('auto.php');
  235.         break;
  236.         case 1: // auth ok
  237.             if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
  238.                 include_once("/etc/freeradius-web/config.php");
  239.                 include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
  240.                 $user_url=$_GET['userurl'];
  241.                 $user_uid=$_GET['uid'];
  242.                 $sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'";
  243.                 $link = @da_sql_pconnect($config); // on n'affiche pas les erreurs
  244.                 if ($link){
  245.                     $res = @da_sql_query($link,$config,$sql); // on n'affiche pas les erreurs
  246.                     if ($res){
  247.                         while(($row = @da_sql_fetch_array($res,$config))){
  248.                             if ($row['attribute'] == "Filter-Id") $filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
  249.                         }
  250.                         if($filter_id[3] == '1'){
  251.                             #set the fourth bit of filter-id to '0'
  252.                             $sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
  253.                             $res = mysqli_multi_query($link,$sql);
  254.                             /*
  255.                             ////////////////// NOT INFORM IMPUTABILITY LOG //////////////////
  256.                             header("Location: http://$hostname/index.php?warn=1&url=$user_url");   //we present to user information about imputability logs
  257.                             exit;
  258.                             */
  259.                         }
  260.                     }
  261.                 }
  262.             }  
  263.         break;
  264.         case 2:
  265.         break;
  266.         case 3:
  267.         break;
  268.         case 4:
  269.         break;
  270.     }
  271. }
  272. else{
  273.     $page_type="erreur";
  274.     $body_add.=$l_network_pb;
  275. }
  276. //
  277. $content="<!DOCTYPE HTML>\n";
  278. $content.="<html lang=\"{$Language}\">\n";
  279. $content.="\t<head>\n";
  280. $content.="<style>body{ font-size:13px;}</style>";
  281. $content.="\t\t<title>{$l_title}</title>\n";
  282. $content.="\t\t<meta name=\"exploitant\" content=\"{$organisme}\" />\n";
  283. $content.="\t\t<meta charset=\"UTF-8\" />\n";
  284. $content.="\t\t<meta name=\"viewport\" content=\"width=950px\">\n";
  285. $content.="<script type=\"text/javascript\" language=\"JavaScript\">
  286.         alcasar_popup = null;
  287.         function popUp(URL) {
  288.             if (self.name != \"alcasar_popup\") {
  289.                 alcasar_popup = window.open(URL, 'alcasar_popup', 'width=500,height=460,directories=no,resizable=no,scrollbars=yes,location=no,toolbar=no,statusbar=no,menubar=no');
  290.             }
  291.         }
  292.         function doOnLoad(result, userurl, redirurl, adminurl, timeleft) {
  293.             if ((result == 1)||(result == 4)) { //success or already
  294.                 //window.location = userurl;
  295.                 if (alcasar_popup != null) alcasar_popup.focus();
  296.                 if (adminurl != ''){
  297.                     window.location = adminurl;
  298.                 } else if (redirurl != '') {
  299.                     window.location = redirurl;
  300.                     } else if (userurl != '') {
  301.                         window.location = userurl;
  302.                     } else {
  303.                     window.home();
  304.                 }
  305.             }
  306.             if ((result == 2) || (result == 3) || result == 5) { //failed or logoff or notyet
  307.                 if (alcasar_popup != null) alcasar_popup.close();
  308.                 document.form1.UserName.focus();
  309.             }
  310.         }
  311.         </script>";
  312. $content.=$header_add;
  313. $content.="\t</head>\n";
  314. $content.="\t<body style=\"background: rgb(220,220,220);\" {$body_complement}>\n";
  315. $content.="\t\t<div style=\"width: 900px; margin-left: auto; margin-right: auto;\">\n";
  316. $content.="\t\t\t<div style=\"background: rgba(255,255,255,1); height:100px; padding: 10px 10px 10px 10px;\">\n";
  317. $content.="\t\t\t\t<div style=\"display:block; float:left; vertical-align:middle;\"><img src=\"$img_rep$img_organisme\" alt=\"logo: {$organisme}\" style=\"height: 100px; display:inline-block;\"/></div>\n";
  318. $content.="\t\t\t\t<div style=\"display:inline-block; float:right; font-size: 36px; color:rgb(100,100,100); line-height:100px; text-align:center; width:400px;\">{$l_intro_title}</div>\n";
  319. $content.="\t\t\t\t<div style=\"clear:both;\"></div>\n";
  320. $content.="\t\t\t</div>\n";
  321. $content.="\t\t\t<div style=\"background: rgba(255,255,255,1); margin-top: 8px; padding:2px; text-align:center; font-size:15px; color:rgb(150,25,20); font-weight:bold;\">$l_explain</div>\n";
  322. $content.="\t\t\t<div style=\"background: rgba(255,255,255,1); margin-top: 8px;\">\n";
  323. $content.="\t\t\t\t<table style=\"padding:0;\"><tr style=\"vertical-align: top;\">\n";
  324. $content.="\t\t\t\t\t<td style=\"padding:0; padding-left:5px; width:440px; height:450px;\">";
  325. switch($page_type){
  326.     case 'erreur':
  327.         $content.="<h2 style=\"font-weight: bold; color:rgb(150,25,20);\">{$l_error}</h2>";
  328.     break;
  329.     case 'normal':
  330.         $content.="";
  331.     default:
  332.        
  333. }
  334. $content.=$body_add;
  335. $content.="</td>";
  336. $content.="\t\t\t\t\t<td style=\"padding:0;\">";
  337. if(!$network_pb)
  338.     $content.="<iframe src=\"https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FMA_COMPAGNIE%2F&tabs=timeline&width=450&height=500&small_header=true&adapt_container_width=true&hide_cover=false&show_facepile=false&locale={$l_facebook_local}\" width=\"450px\" height=\"500\" style=\"border:none;overflow:hidden\" scrolling=\"no\" frameborder=\"0\" allowTransparency=\"true\"></iframe>";
  339. $content.="</td>\n";
  340. $content.="\t\t\t\t</table>\n";
  341. $content.="\t\t\t</div>\n";
  342. $content.="\t\t</div>\n";
  343. $content.="\t</body>\n";
  344. $content.="</html>";
  345. echo $content;
  346. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!