Main code dump

6c6dc81e · Imran Hussain · be6a5952 · 6c6dc81e
Commit 6c6dc81e authored May 01, 2018 by Imran Hussain
--- a/public/index.php
+++ b/public/index.php
+<?php
+
+function ip_in_range($ip, $range) {
+	if (strpos($range, '/') == false) {
+		$range .= '/32';
+	}
+	// $range is in IP/CIDR format eg 127.0.0.1/24
+	list($range, $netmask) = explode('/', $range, 2);
+	$ip_decimal = ip2long($ip);
+	$range_decimal = ip2long($range);
+	$wildcard_decimal = pow(2, (32 - $netmask)) - 1;
+	$netmask_decimal = ~ $wildcard_decimal;
+	return (($ip_decimal & $netmask_decimal) == ($range_decimal & $netmask_decimal));
+	}
+
+$ipAddr = $_SERVER['REMOTE_ADDR'];
+
+//var_dump($ipAddr);
+
+if (!ip_in_range($ipAddr, "137.44.10.128/25")){
+	exit("nah mate");
+}
+
+if(isset($_REQUEST['username'])) {
+	$username = $_REQUEST['username'];
+}
+if(isset($_REQUEST['password'])) {
+	$password = $_REQUEST['password'];
+}
+
+include_once("./ldap-auth.php");
+
+$isAuthd = ldapAuth($username, $password);
+
+if ($isAuthd == "sucs"){
+	include_once("./doorkey.php");
+	//curl door
+	$curl = curl_init();
+	curl_setopt($curl, CURLOPT_URL, "http://door.sucs.org/sendstatus.py?text=${username}%20via%20de%20web&timeout=1&fg=0,0,0&bg=128,255,128&unlock=1&key=${doorkey}");
+	curl_exec($curl);
+	curl_close($curl);
+	exit("door unlocked! (probably)");
+}
+
+?>
+
+<form method="post">
+Username: <input type="text" name="username" size="15" /><br />
+Password: <input type="password" name="password" size="15" /><br />
+<input type="submit" value="Unlock Door!" />
+</form>