Loading public/index.php +36 −18 Original line number Diff line number Diff line <?php //ini_set('display_errors', 1); //ini_set('display_startup_errors', 1); //error_reporting(E_ALL); $bannedUsers = array("vote","signup","cacti","video"); function ip_in_range($ip, $range) { Loading @@ -24,23 +28,32 @@ if (!ip_in_range($ipAddr, "137.44.10.128/25")){ //exit("nah mate"); } if(isset($_REQUEST['username'])) { $username = strtolower($_REQUEST['username']); $ssoid = $_COOKIE["sucs_sso_id_v1"]; $sso_error = false; $not_logged_in = true; $curlsso = curl_init(); curl_setopt($curlsso, CURLOPT_URL, "https://sso.sucs.org/api/v1/?id=${ssoid}"); curl_setopt($curlsso,CURLOPT_RETURNTRANSFER,TRUE); $sso_result = json_decode(curl_exec($curlsso)); curl_close($curlsso); if (!$sso_result->apistate === "ok") { $sso_error = true; } if(isset($_REQUEST['password'])) { $password = $_REQUEST['password']; if ($sso_result->sucs_username !== null) { $not_logged_in = false; $username = $sso_result->sucs_username; } if ( in_array($username,$bannedUsers) ) { if ($not_logged_in === false && in_array($sso_result->sucs_username,$bannedUsers) ) { $banned = true; //die("u r b&"); } include_once("../ldap-auth.php"); $isAuthd = ldapAuth($username, $password); if ($isAuthd == "sucs" && !$outsider && !$banned) { if ($_POST["unlock"] === "Unlock!" && !$outsider && !$banned) { include_once("../doorkey.php"); //curl door $curl = curl_init(); Loading Loading @@ -77,9 +90,9 @@ if ($isAuthd == "sucs" && !$outsider && !$banned) { <div class="h-100 container justify-content-center text-center"> <div class="h-100 row d-flex justify-content-center align-items-center"> <div class="col-8"> <div class="card mb-4"> <div class="card mb-4 mt-4"> <?php if ($outsider) { if ($outsider || $sso_error) { print(' <div class="card-body"> <h4 class="card-title">❌</h4> Loading @@ -93,7 +106,6 @@ if ($isAuthd == "sucs" && !$outsider && !$banned) { <p>You are banned from the room.</p> </div> '); } elseif ($success) { print(' <div class="card-body"> Loading @@ -101,16 +113,22 @@ if ($isAuthd == "sucs" && !$outsider && !$banned) { <p>Door unlocked!</p> </div> '); } else { } elseif ($not_logged_in) { print(' <div class="card-body"> <h4 class="card-title">🔑</h4> <p>Hi stranger click the button below to login</p> <a href=https://sso.sucs.org/?callbackapp=doorkey&callbackpath=/ class="btn btn-primary">Login!</a> </div> '); } else { print(' <div class="card-body"> <h4 class="card-title">🔑🚪</h4> <p>Hi '.${username}.' click the button below to unlock the door!</p> <form method="post"> <div class="form-group"> <input type="text" name="username" size="15" class="form-control" placeholder="Enter username" /><br /> <input type="password" name="password" size="15" class="form-control" placeholder="Enter password" /><br /> <input type="submit" class="btn btn-primary" value="Unlock Door!" /> <input type="submit" name="unlock" class="btn btn-primary" value="Unlock!" /> </div> </form> </div> Loading Loading
public/index.php +36 −18 Original line number Diff line number Diff line <?php //ini_set('display_errors', 1); //ini_set('display_startup_errors', 1); //error_reporting(E_ALL); $bannedUsers = array("vote","signup","cacti","video"); function ip_in_range($ip, $range) { Loading @@ -24,23 +28,32 @@ if (!ip_in_range($ipAddr, "137.44.10.128/25")){ //exit("nah mate"); } if(isset($_REQUEST['username'])) { $username = strtolower($_REQUEST['username']); $ssoid = $_COOKIE["sucs_sso_id_v1"]; $sso_error = false; $not_logged_in = true; $curlsso = curl_init(); curl_setopt($curlsso, CURLOPT_URL, "https://sso.sucs.org/api/v1/?id=${ssoid}"); curl_setopt($curlsso,CURLOPT_RETURNTRANSFER,TRUE); $sso_result = json_decode(curl_exec($curlsso)); curl_close($curlsso); if (!$sso_result->apistate === "ok") { $sso_error = true; } if(isset($_REQUEST['password'])) { $password = $_REQUEST['password']; if ($sso_result->sucs_username !== null) { $not_logged_in = false; $username = $sso_result->sucs_username; } if ( in_array($username,$bannedUsers) ) { if ($not_logged_in === false && in_array($sso_result->sucs_username,$bannedUsers) ) { $banned = true; //die("u r b&"); } include_once("../ldap-auth.php"); $isAuthd = ldapAuth($username, $password); if ($isAuthd == "sucs" && !$outsider && !$banned) { if ($_POST["unlock"] === "Unlock!" && !$outsider && !$banned) { include_once("../doorkey.php"); //curl door $curl = curl_init(); Loading Loading @@ -77,9 +90,9 @@ if ($isAuthd == "sucs" && !$outsider && !$banned) { <div class="h-100 container justify-content-center text-center"> <div class="h-100 row d-flex justify-content-center align-items-center"> <div class="col-8"> <div class="card mb-4"> <div class="card mb-4 mt-4"> <?php if ($outsider) { if ($outsider || $sso_error) { print(' <div class="card-body"> <h4 class="card-title">❌</h4> Loading @@ -93,7 +106,6 @@ if ($isAuthd == "sucs" && !$outsider && !$banned) { <p>You are banned from the room.</p> </div> '); } elseif ($success) { print(' <div class="card-body"> Loading @@ -101,16 +113,22 @@ if ($isAuthd == "sucs" && !$outsider && !$banned) { <p>Door unlocked!</p> </div> '); } else { } elseif ($not_logged_in) { print(' <div class="card-body"> <h4 class="card-title">🔑</h4> <p>Hi stranger click the button below to login</p> <a href=https://sso.sucs.org/?callbackapp=doorkey&callbackpath=/ class="btn btn-primary">Login!</a> </div> '); } else { print(' <div class="card-body"> <h4 class="card-title">🔑🚪</h4> <p>Hi '.${username}.' click the button below to unlock the door!</p> <form method="post"> <div class="form-group"> <input type="text" name="username" size="15" class="form-control" placeholder="Enter username" /><br /> <input type="password" name="password" size="15" class="form-control" placeholder="Enter password" /><br /> <input type="submit" class="btn btn-primary" value="Unlock Door!" /> <input type="submit" name="unlock" class="btn btn-primary" value="Unlock!" /> </div> </form> </div> Loading
