Pakfire Fixes.
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / webaccess.cgi
1 #!/usr/bin/perl
2
3 #
4 # $Id: webaccess.cgi,v 2.0 2006/01/11 00:00:00 marco.s Exp $
5 #
6
7 use CGI;
8
9 my $swroot = "/var/ipfire";
10 my $apdir = "$swroot/proxy/advanced";
11 my $group_def_file = "$apdir/cre/classrooms";
12 my $svhosts_file = "$apdir/cre/supervisors";
13 my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
14 my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";
15
16 my $banner = "A D V A N C E D   P R O X Y   -   W E B   A C C E S S   M A N A G E R";
17 my %cgiparams;
18 my %mainsettings;
19 my %proxysettings;
20
21 my %acl=();
22 my @group_defs=();
23 my @groups=();
24
25 ### Initialize environment
26 &readhash("${swroot}/main/settings", \%mainsettings);
27 &readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
28 $language = $mainsettings{'LANGUAGE'};
29
30 ### Initialize language
31 if ($language =~ /^(\w+)$/) {$language = $1;}
32 #
33 # Uncomment this to force a certain language:
34 # $language='en';
35 #
36 require "${swroot}/langs/en.pl";
37 require "${swroot}/langs/${language}.pl";
38
39 &getcgihash(\%cgiparams);
40
41 &read_all_groups;
42 &read_acl_groups;
43
44 foreach (@groups)
45 {
46 if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; }
47 if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; }
48 }
49
50 &read_all_groups;
51
52 my $is_supervisor=0;
53
54 if ((-e $svhosts_file) && (!-z $svhosts_file))
55 {
56 open (FILE, $svhosts_file);
57 while (<FILE>)
58 {
59 chomp;
60 if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
61 }
62 close (FILE);
63
64 } else { $is_supervisor=1; }
65
66 if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
67 {
68 if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) ||
69 ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
70 {
71 &write_acl;
72 system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
73 }
74 }
75
76 &read_acl_groups;
77
78 #undef(%cgiparams);
79
80 # -------------------------------------------------------------------
81
82 print <<END
83 Pragma: no-cache
84 Cache-control: no-cache
85 Connection: close
86 Content-type: text/html
87
88 <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
89 <html>
90 <head>
91 <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
92 <title>Advanced Proxy - Web Access Manager</title>
93 <style type='text/css'>
94 a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
95 a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
96 a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
97 a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
98 a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
99 </style>
100 </head>
101 <body bgcolor='#FFFFFF'>
102
103 <center>
104
105 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
106
107 <table width='720' cellspacing='10' cellpadding='5' border='0'>
108
109 <tr>
110 <td bgcolor='#C0C0C0' height='20'></td>
111 </tr>
112
113 <tr>
114 <td bgcolor='#F4F4F4' align='center'>
115 <table width='100%' cellspacing='10' cellpadding='10' border='0'>
116
117 <tr>
118 <td nowrap bgcolor='#FFFFFF' align='center'>
119 <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
120 </td>
121 </tr>
122
123 END
124 ;
125 if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
126 {
127 if (@groups)
128 {
129 print <<END
130 <tr>
131 <td>
132 <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
133 <tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
134 <tr>
135 END
136 ;
137 if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
138 {
139 print <<END
140 <td align='center'>
141 <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font>
142 </td>
143 <td align='center'><input type='password' name='PASSWORD' size='15'></td>
144 END
145 ;
146 }
147 print <<END
148 </tr>
149
150 </table>
151
152 <p>
153
154 END
155 ;
156 foreach (@groups) {
157 if ($is_supervisor)
158 {
159 print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
160 } else {
161 print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
162 }
163 print "<tr>\n";
164 if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
165 {
166 print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
167 } else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
168 if ($is_supervisor)
169 {
170 if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
171 {
172 print "</td><td width='120' align='center'>";
173 print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>";
174 print "</td><td width='16' bgcolor='#D00000'>&nbsp;</td>\n";
175 } else {
176 print "</td><td width='120' align='center'>";
177 print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>";
178 print "</td><td width='16' bgcolor='#00A000'>&nbsp;</td>\n";
179 }
180 }
181 print "</tr>\n";
182 print "</table>\n";
183 print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
184 print "<tr><td></td></tr>\n";
185 print "</table>\n";
186 }
187
188 print <<END
189 </td>
190 </tr>
191 END
192 ;
193 } else {
194 print " <tr>\n";
195 print " <td align='center'>\n";
196 print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n";
197 print " </td>\n";
198 print " </tr>\n";
199 }
200 } else {
201 print " <tr>\n";
202 print " <td align='center'>\n";
203 print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n";
204 print " </td>\n";
205 print " </tr>\n";
206 }
207
208 print <<END
209
210 </table>
211 </td>
212 </tr>
213
214
215 <tr>
216 <td bgcolor='#C0C0C0' align='right'>
217 <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
218 <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
219 <a href='http://www.ipcop.org' target='_blank'>IPCop</a>
220 </font>
221 </td>
222 </tr>
223
224 </table>
225
226 </form>
227
228 </center>
229
230 </body>
231
232 </html>
233 END
234 ;
235
236 # -------------------------------------------------------------------
237
238 sub readhash
239 {
240 my $filename = $_[0];
241 my $hash = $_[1];
242 my ($var, $val);
243
244 if (-e $filename)
245 {
246 open(FILE, $filename) or die "Unable to read file $filename";
247 while (<FILE>)
248 {
249 chop;
250 ($var, $val) = split /=/, $_, 2;
251 if ($var)
252 {
253 $val =~ s/^\'//g;
254 $val =~ s/\'$//g;
255
256 # Untaint variables read from hash
257 $var =~ /([A-Za-z0-9_-]*)/; $var = $1;
258 $val =~ /([\w\W]*)/; $val = $1;
259 $hash->{$var} = $val;
260 }
261 }
262 close FILE;
263 }
264 }
265
266 # -------------------------------------------------------------------
267
268 sub getcgihash
269 {
270 my ($hash, $params) = @_;
271 my $cgi = CGI->new ();
272 return if ($ENV{'REQUEST_METHOD'} ne 'POST');
273 if (!$params->{'wantfile'}) {
274 $CGI::DISABLE_UPLOADS = 1;
275 $CGI::POST_MAX = 512 * 1024;
276 } else {
277 $CGI::POST_MAX = 10 * 1024 * 1024;
278 }
279
280 $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
281 my $referer = $1;
282 $cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
283 my $servername = $1;
284 return if ($referer ne $servername);
285
286 ### Modified for getting multi-vars, split by |
287 %temp = $cgi->Vars();
288 foreach my $key (keys %temp) {
289 $hash->{$key} = $temp{$key};
290 $hash->{$key} =~ s/\0/|/g;
291 $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
292 }
293
294 if (($params->{'wantfile'})&&($params->{'filevar'})) {
295 $hash->{$params->{'filevar'}} = $cgi->upload
296 ($params->{'filevar'});
297 }
298 return;
299 }
300
301 # -------------------------------------------------------------------
302
303 sub read_acl_groups
304 {
305 undef(%acl);
306 open (FILE,"$acl_src_noaccess_ips");
307 my @aclgroups = <FILE>;
308 close (FILE);
309 foreach (@aclgroups)
310 {
311 chomp;
312 if (/^\#/)
313 {
314 s/^\# //;
315 $acl{$_}='on';
316 }
317 }
318 }
319
320 # -------------------------------------------------------------------
321
322 sub read_all_groups
323 {
324 my $grpstr;
325
326 open (FILE,"$group_def_file");
327 @group_defs = <FILE>;
328 close (FILE);
329
330 undef(@groups);
331 foreach (@group_defs)
332 {
333 chomp;
334 if (/^\s*\[.*\]\s*$/)
335 {
336 $grpstr=$_;
337 $grpstr =~ s/^\s*\[\s*//;
338 $grpstr =~ s/\s*\]\s*$//;
339 push(@groups,$grpstr);
340 }
341 }
342 }
343
344 # -------------------------------------------------------------------
345
346 sub write_acl
347 {
348 my $is_blocked=0;
349
350 open (FILE_IPS,">$acl_src_noaccess_ips");
351 open (FILE_MAC,">$acl_src_noaccess_mac");
352 flock (FILE_IPS, 2);
353 flock (FILE_MAC, 2);
354 foreach (@group_defs)
355 {
356 if (/^\s*\[.*\]\s*$/)
357 {
358 s/^\s*\[\s*//;
359 s/\s*\]\s*$//;
360 if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
361 {
362 print FILE_IPS "# $_\n";
363 print FILE_MAC "# $_\n";
364 $is_blocked=1;
365 } else { $is_blocked=0; }
366 } elsif (($is_blocked) && ($_))
367 {
368 s/^\s+//g; s/\s+$//g;
369 /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
370 }
371 }
372
373 close (FILE_IPS);
374 close (FILE_MAC);
375 }
376
377 # -------------------------------------------------------------------