Changeset 207

Show
Ignore:
Timestamp:
08/28/04 17:12:54 (9 years ago)
Author:
benoitg
Message:

2004-08-28 Benoit Gr�goire <bock@…>

  • Primitive network status available form the index page
  • Administrative security is implemented.
Location:
trunk/wifidog-auth
Files:
2 added
5 modified

Legend:

Unmodified
Added
Removed

  • trunk/wifidog-auth/ChangeLog

    r206 r207  
    11# $Header$ 
     22004-08-28 Benoit Gr�goire  <bock@step.polymtl.ca> 
     3        * Primitive network status available form the index page 
     4        * Administrative security is implemented. 
     5 
    262004-08-28 Benoit Gr�goire  <bock@step.polymtl.ca> 
    37        * Fix big gaping security hole in login page (password would be ignored if the username was used to login) 

  • trunk/wifidog-auth/wifidog/admin/import_user_database.php

    r206 r207  
    2626require_once BASEPATH.'include/common.php'; 
    2727require_once BASEPATH.'classes/Style.php'; 
     28require_once BASEPATH.'classes/Security.php'; 
     29$security=new Security(); 
     30$security->requireAdmin(); 
    2831 
    2932/** Affiche les informations sur le fichier envoy� par le client 
     
    105108                } 
    106109               
    107               echo "<p class=info>Generating temporary user from:  $original_username; Checking duplicates</p>\n"; 
     110              echo "<p class=info>Generating temporary user from:  $original_username; Checking internal duplicates</p>\n"; 
    108111              $username_modified_because_of=null; 
    109112              $username=$original_username; 
     
    160163              $import_user[$username]['reject_reason'] .= "<p class=error>"._('Sorry, the user must have a email adress.')."</p>\n";null; 
    161164            } 
    162            
    163           $username_str = $db->EscapeString($username); 
    164           $db->ExecSqlUniqueRes("SELECT user_id FROM users WHERE user_id='$username_str'", $user_info_username, false); 
    165           if($user_info_username!=null) 
    166             { 
    167               $import_user[$username]['is_rejected']=true; 
    168               $import_user[$username]['reject_reason'] .= "<p class=error>"._('Sorry, a user account already exists with the username: ')."$username</p>\n"; 
     165          else 
     166            { 
     167              $username_str = $db->EscapeString($username); 
     168              $db->ExecSqlUniqueRes("SELECT user_id FROM users WHERE user_id='$username_str'", $user_info_username, false); 
     169              if($user_info_username!=null) 
     170                { 
     171                  $import_user[$username]['is_rejected']=true; 
     172                  $import_user[$username]['reject_reason'] .= "<p class=error>"._('Sorry, a user account already exists with the username: ')."$username</p>\n"; 
     173                } 
    169174            } 
    170175           

  • trunk/wifidog-auth/wifidog/admin/user_log.php

    r194 r207  
    2626require_once BASEPATH.'include/common.php'; 
    2727require_once BASEPATH.'classes/SmartyWifidog.php'; 
     28require_once BASEPATH.'classes/Security.php'; 
     29$security=new Security(); 
     30$security->requireAdmin(); 
    2831 
    2932$smarty = new SmartyWifidog; 

  • trunk/wifidog-auth/wifidog/index.php

    r204 r207  
    2929$style = new Style(); 
    3030echo $style->GetHeader(HOTSPOT_NETWORK_NAME.' authentication server'); 
     31    echo "<div class=content>\n"; 
    3132 
     33$row = null; 
     34//$db->ExecSqlUniqueRes("SELECT COUNT(user_id), account_status FROM users GROUP BY account_status", $row, true); 
     35$db->ExecSqlUniqueRes("SELECT COUNT(user_id) FROM users WHERE account_status = ".ACCOUNT_STATUS_ALLOWED, $row, false); 
     36$num_valid_users=$row['count']; 
     37$row = null; 
     38$db->ExecSqlUniqueRes("SELECT COUNT(user_id) FROM ( SELECT DISTINCT user_id FROM connections " . 
     39             "WHERE token_status='" . TOKEN_INUSE . "') AS online_users"              
     40             ,$row, false); 
     41$num_online_users=$row['count']; 
     42 
     43         
    3244    echo "<h1>Wifidog authentication server for ". HOTSPOT_NETWORK_NAME ."</h1>\n"; 
     45echo "<p>"._("The network currently has ").$num_valid_users._(" valid users.")." ".$num_online_users._(" user are currently online")."</p>\n"; 
    3346    echo "<ul>\n"; 
    3447    echo "<li><a href='".BASE_SSL_PATH."login/index.php?gw_id=default&gw_address=127.0.0.1&gw_port=80'>Login (demo)</a></li>\n"; 
     
    3750    echo "<li><a href='".BASE_SSL_PATH."admin/index.php'>Administration</a></li>\n"; 
    3851    echo "</ul>\n"; 
     52    echo "</div>\n";     
    3953 
    4054echo $style->GetFooter(); 

  • trunk/wifidog-auth/wifidog/login/index.php

    r206 r207  
    2828require_once BASEPATH.'classes/SmartyWifidog.php'; 
    2929require_once (BASEPATH.'include/user_management_menu.php'); 
     30require_once BASEPATH.'classes/Security.php'; 
    3031 
    3132$login_successfull = false; 
     
    3637if (isset($_REQUEST['user']) && isset($_REQUEST['pass']))  
    3738  { 
     39    $security = new Security(); 
    3840    $previous_username = $db->EscapeString($_REQUEST['user']); 
    39  $previous_password = $_REQUEST['pass']; 
     41    $previous_password = $_REQUEST['pass']; 
    4042    $user = $db->EscapeString($_REQUEST['user']); 
    4143    $password_hash = get_password_hash($_REQUEST['pass']); 
     
    5658         
    5759        $login_successfull=true; 
     60        $security->login($user, $password_hash); 
    5861        header("Location: http://" . $_REQUEST['gw_address'] . ":" . $_REQUEST['gw_port'] . "/wifidog/auth?token=$token"); 
    5962      }