Location: PHPKode > projects > DaloRADIUS > daloradius-0.9-8/contrib/chilli/portal2/hotspotlogin/hotspotlogin.php
<?php
#
# chilli - ChilliSpot.org. A Wireless LAN Access Point Controller
# Copyright (C) 2003, 2004 Mondru AB.
#
# The contents of this file may be used under the terms of the GNU
# General Public License Version 2, provided that the above copyright
# notice and this permission notice is included in all copies or
# substantial portions of the software.

# Redirects from ChilliSpot daemon:
#
# Redirection when not yet or already authenticated
#   notyet:  ChilliSpot daemon redirects to login page.
#  already: ChilliSpot daemon redirects to success status page.
#
# Response to login:
#   already: Attempt to login when already logged in.
#   failed:  Login failed
#   success: Login succeded
#
# logoff:  Response to a logout
#
#/*
# *********************************************************************************************************
# *
# * Authors:     Liran Tal <hide@address.com>
# *
# * daloRADIUS edition - fixed up variable definition through-out the code
# * as well as parted the code for the sake of modularity and ability to
# * to support templates and languages easier.
# * Copyright (C) Enginx and Liran Tal 2007, 2008
# *
# *********************************************************************************************************
# */

# Shared secret used to encrypt challenge with. Prevents dictionary attacks.
# You should change this to your own shared secret.
$uamsecret = "enginx";

# Uncomment the following line if you want to use ordinary user-password
# for radius authentication. Must be used together with $uamsecret.
$userpassword=1;

# Our own path
$loginpath = $_SERVER['PHP_SELF'];

include('lang/main.php');

/* if SSL was not used show an error */
if (!($_SERVER['HTTPS'] == 'on')) {
	include('hotspotlogin-nonssl.php');
	exit(0);
}

# Read form parameters which we care about
if (isset($_POST['UserName']))    
	$username    = $_POST['UserName'];
elseif (isset($_GET['UserName']))
	$username    = $_GET['UserName'];
else
	$username    = "";


if (isset($_POST['Password']))    
	$password    = $_POST['Password'];
elseif (isset($_GET['Password']))
	$password    = $_GET['Password'];
else
	$password    = "";


if (isset($_POST['challenge']))    
	$challenge    = $_POST['challenge'];
elseif (isset($_GET['challenge']))    
	$challenge    = $_GET['challenge'];
else
	$challenge    = "";


if (isset($_POST['button']))
    $button        = $_POST['button'];
elseif (isset($_GET['button']))
    $button        = $_GET['button'];
else
    $button        = "";


if (isset($_POST['logout']))
    $logout        = $_POST['logout'];
elseif (isset($_GET['logout']))
    $logout        = $_GET['logout'];
else
    $logout        = "";


if (isset($_POST['prelogin']))    
	$prelogin    = $_POST['prelogin'];
elseif (isset($_GET['prelogin']))    
	$prelogin    = $_GET['prelogin'];
else
	$prelogin    = "";


if (isset($_POST['res']))    
	$res        = $_POST['res'];
elseif (isset($_GET['res']))    
	$res        = $_GET['res'];
else
	$res        = "";


if (isset($_POST['uamip']))
    $uamip        = $_POST['uamip'];
elseif (isset($_GET['uamip']))
    $uamip        = $_GET['uamip'];
else
    $uamip        = "";


if (isset($_POST['uamport']))
    $uamport    = $_POST['uamport'];
elseif (isset($_GET['uamport']))
    $uamport    = $_GET['uamport'];
else
    $uamport    = "";


if (isset($_POST['userurl']))
    $userurl    = $_POST['userurl'];
elseif (isset($_GET['userurl']))
    $userurl    = $_GET['userurl'];
else
    $userurl    = "";


if (isset($_POST['timeleft']))
    $timeleft    = $_POST['timeleft'];
elseif (isset($_GET['timeleft']))
    $timeleft    = $_GET['timeleft'];
else
    $timeleft    = "";


if (isset($_POST['redirurl']))
    $redirurl    = $_POST['redirurl'];
elseif (isset($_GET['redirurl']))
    $redirurl    = $_GET['redirurl'];
else
    $redirurl    = "";


(isset($_GET['reply']))      ? $reply        = $_GET['reply']       : $reply = "";


$userurldecode = $userurl;
$redirurldecode = $redirurl;

# If attempt to login
if ($button == 'Login') {
  $hexchal = pack ("H32", $challenge);
  if ($uamsecret) {
    $newchal = pack ("H*", md5($hexchal . $uamsecret));
  } else {
    $newchal = $hexchal;
  }
  $response = md5("\0" . $password . $newchal);
  $newpwd = pack("a32", $password);
  $pappassword = implode ("", unpack("H32", ($newpwd ^ $newchal)));
  echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
  <title>$title</title>
  <meta http-equiv=\"Cache-control\" content=\"no-cache\">
  <meta http-equiv=\"Pragma\" content=\"no-cache\">
  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
  <link href=\"template/css/style.css\" rel=\"stylesheet\" type=\"text/css\" />
  ";
  if (isset($uamsecret) && isset($userpassword)) {
    echo "  <meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&password=$pappassword\">";
  } else {
    echo "  <meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl\">";
  }

	include('template/loggingin.php');

echo "
<!--
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<WISPAccessGatewayParam 
  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
  xsi:noNamespaceSchemaLocation=\"http://www.acmewisp.com/WISPAccessGatewayParam.xsd\">
<AuthenticationReply>
<MessageType>120</MessageType>
<ResponseCode>201</ResponseCode>
";
  if (isset($uamsecret) && isset($userpassword)) {
    echo "<LoginResultsURL>http://$uamip:$uamport/logon?username=$username&password=$pappassword</LoginResultsURL>";
  } else {
    echo "<LoginResultsURL>http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl</LoginResultsURL>";
  }
  echo "</AuthenticationReply> 
</WISPAccessGatewayParam>
-->
</html>
";
    exit(0);
}

switch($res) {
  case 'success':     $result =  1; break; // If login successful
  case 'failed':      $result =  2; break; // If login failed
  case 'logoff':      $result =  3; break; // If logout successful
  case 'already':     $result =  4; break; // If tried to login while already logged in
  case 'notyet':      $result =  5; break; // If not logged in yet
  case 'smartclient': $result =  6; break; // If login from smart client
  case 'popup1':      $result = 11; break; // If requested a logging in pop up window
  case 'popup2':      $result = 12; break; // If requested a success pop up window
  case 'popup3':      $result = 13; break; // If requested a logout pop up window
  default: $result = 0; // Default: It was not a form request
}

/* Otherwise it was not a form request
 * Send out an error message
 */
if ($result == 0) {
	include('hotspotlogin-nonchilli.php');
	exit(0);
}

# Generate the output
#echo "Content-type: text/html\n\n";
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
  <title>$title</title>
  <meta http-equiv=\"Cache-control\" content=\"no-cache\">
  <meta http-equiv=\"Pragma\" content=\"no-cache\">
  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
  <link href=\"template/css/style.css\" rel=\"stylesheet\" type=\"text/css\" />
  <SCRIPT LANGUAGE=\"JavaScript\">
	";
	include('js/hotspotlogin.js');
echo "
  </script>
</head>
<body onLoad=\"javascript:doOnLoad($result, '$loginpath?res=popup2&uamip=$uamip&uamport=$uamport&userurl=$userurl&redirurl=$redirurl&timeleft=$timeleft','$userurldecode', '$redirurldecode', '$timeleft')\" onBlur = 'javascript:doOnBlur($result)' bgColor = '#c0d8f4'>";

if ($result == 2) {
    echo "
  <h1 style=\"text-align: center;\">$h1Failed</h1>";
    if ($reply) {
    echo "<center> $reply </BR></BR></center>";
    }
}

if ($result == 5) {
//	chillispot header - login form
//	echo "<h1 style=\"text-align: center;\">$h1Login</h1>";
}

if ($result == 2 || $result == 5) {
	include('template/loginform-header.php');
	include('template/loginform-login.php');
	include('template/loginform-footer.php');
}

if ($result == 1) {
  echo "
  <h1 style=\"text-align: center;\">$h1Loggedin</h1>";

  if ($reply) { 
      echo "<center> $reply </br></br></center>";
  }

  echo "
  <center>
    <a href=\"http://$uamip:$uamport/logoff\">Logout</a>
  </center>
</body>
</html>";
}

if (($result == 4) || ($result == 12)) {
  echo "
  <h1 style=\"text-align: center;\">$h1Loggedin</h1>
  <center>
    <a href=\"http://$uamip:$uamport/logoff\">$centerLogout</a>
  </center>
  </body>
</html>";
}


if ($result == 11) {
        include('template/loggingin-popup.php');
}


if (($result == 3) || ($result == 13)) {
  echo "
  <h1 style=\"text-align: center;\">$h1Loggedout</h1>
  <center>
    <a href=\"http://$uamip:$uamport/prelogin\">$centerLogin</a>
  </center>
</body>
</html>";
}

exit(0);
?>
Return current item: DaloRADIUS