Initial revision
This commit is contained in:
commit
9a9c62f3cf
43 changed files with 2472 additions and 0 deletions
7
AUTHORS
Normal file
7
AUTHORS
Normal file
|
@ -0,0 +1,7 @@
|
|||
Credits
|
||||
-------
|
||||
|
||||
Anriot Alexandre <aanriot@evolix.fr> http://www.atlantilde.com/
|
||||
Colpart Gregory <reg@evolix.fr> http://www.gcolpart.com/
|
||||
Dubois Sébastien <seb@evolix.fr> http://morpheus.evolix.net/
|
||||
Evolix <info@evolix.fr> http://www.evolix.fr/
|
340
LICENSE
Normal file
340
LICENSE
Normal file
|
@ -0,0 +1,340 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Library General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
60
Makefile
Normal file
60
Makefile
Normal file
|
@ -0,0 +1,60 @@
|
|||
# $Id$
|
||||
#
|
||||
# Makefile pour Evoauth
|
||||
|
||||
VERSION= 0.5
|
||||
SRC= ./
|
||||
WWWDIR= /var/www/htdocs
|
||||
BINDIR= /usr/local/share
|
||||
DOCDIR= /usr/local/share/doc
|
||||
NAME= evoauth
|
||||
TAR= tar
|
||||
|
||||
install:all
|
||||
all: web tools help msg
|
||||
|
||||
web:
|
||||
$(INSTALL) -d -m 0755 $(WWWDIR)/$(NAME)/{,includes,images}
|
||||
$(INSTALL) -m 0644 htdocs/*.php $(WWWDIR)/$(NAME)
|
||||
$(INSTALL) -m 0644 htdocs/includes/*.php $(WWWDIR)/$(NAME)/includes
|
||||
$(INSTALL) -m 0664 htdocs/accueil.txt $(WWWDIR)/$(NAME)/htdocs
|
||||
$(INSTALL) -m 0644 htdocs/images/*.* $(WWWDIR)/$(NAME)/images
|
||||
$(INSTALL) -m 0644 htdocs/favicon.ico $(WWWDIR)/$(NAME)
|
||||
|
||||
tools: module
|
||||
$(INSTALL) -d -m 0755 $(BINDIR)/$(NAME)
|
||||
$(INSTALL) -d -m 0774 /etc/evoauth
|
||||
$(INSTALL) -m 0770 admin/Evoauth.pl $(BINDIR)/$(NAME)
|
||||
$(INSTALL) -m 0644 evoauth.conf /etc/evoauth
|
||||
|
||||
module:
|
||||
cd admin/ && \
|
||||
perl Makefile.PL && \
|
||||
make && \
|
||||
make test && \
|
||||
make install && \
|
||||
make clean
|
||||
|
||||
help:
|
||||
$(INSTALL) -d -m 0755 $(DOCDIR)/$(NAME)
|
||||
$(INSTALL) -m 0644 AUTHORS LICENSE README TODO $(DOCDIR)/$(NAME)
|
||||
$(INSTALL) -d -m 0755 $(DOCDIR)/$(NAME)/install
|
||||
$(INSTALL) -m 0644 install/* $(DOCDIR)/$(NAME)/install
|
||||
$(INSTALL) -m 0664 install/evoauth.log $(BINDIR)/$(NAME)
|
||||
|
||||
msg:
|
||||
@echo
|
||||
@echo Felicitations. Evoauth est a present installe.
|
||||
@echo ----------------------------------------------
|
||||
@echo
|
||||
@echo Consultez $(DOCDIR)/$(NAME) et $(DOCDIR)/$(NAME)/install
|
||||
@echo pour plus d'informations.
|
||||
@echo
|
||||
|
||||
deinstall:
|
||||
rm -rf $(BINDIR)/$(NAME)
|
||||
rm -rf $(DOCDIR)/$(NAME)
|
||||
rm -rf $(WWWDIR)/$(NAME)
|
||||
|
||||
rm -rf /usr/libdata/perl5/Evoauth/
|
||||
cat /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/Evoauth/.packlist | xargs sudo rm -rf
|
84
README
Normal file
84
README
Normal file
|
@ -0,0 +1,84 @@
|
|||
Fonctionnement d'EvoAuth
|
||||
------------------------
|
||||
|
||||
1 - Partie WEB et utilisateur
|
||||
-----------------------------
|
||||
|
||||
Voici le déroulement d'une connexion authentifiée sur le logiciel
|
||||
Evoauth.
|
||||
|
||||
L'utilisateur saisit ses identifiants (login et mot de passe) et
|
||||
parvient à une page sur laquelle il est authentifié. Il peut :
|
||||
|
||||
- activer son accès : son adresse ip est récupérée et indexée dans
|
||||
un fichier historique. une règle d'autorisation est chargée dans le
|
||||
firewall et l'utilisateur reste connecté jusqu'à ce que la pop-up
|
||||
soit fermée ou que sa connexion se termine (un script annexe
|
||||
supprimera des connexions actives).
|
||||
l'utilisateur peut consulter son crédit restant, celui-ci est
|
||||
mis à jour chaque minute.
|
||||
|
||||
- changer son mot de passe : l'utilisateur est invité à saisir
|
||||
à deux reprises son nouveau mot de passe, sur une page dédiée
|
||||
|
||||
- se déconnecter
|
||||
|
||||
|
||||
2 - Partie WEB et administrateur
|
||||
--------------------------------
|
||||
|
||||
Celui-ci possède toutes les possibilités précédemment évoquées, mais
|
||||
peut également procéder à l'administration du logiciel :
|
||||
|
||||
- ajout d'un compte utilisateur
|
||||
|
||||
Le compte d'administration par défaut est :
|
||||
|
||||
login : admin
|
||||
pass : ...
|
||||
|
||||
- suppression d'un ou plusieurs compte(s) utilisateur
|
||||
|
||||
- déconnexion d'utilisateurs
|
||||
|
||||
- désactivation d'utilisateurs
|
||||
|
||||
- expulsion d'un utilisateur, et ce de façon provisoire
|
||||
|
||||
- changement du texte de bienvenue de l'utilisateur
|
||||
|
||||
|
||||
3 - Suivis de l'activité
|
||||
------------------------
|
||||
|
||||
Lorsqu'une personne se connecte, se déconnecte ou est automatiquement
|
||||
supprimée, un email est envoyé à l'administrateur evoauth (email
|
||||
précisée dans le fichier de configuration). Il est ainsi possible
|
||||
d'avoir un contrôle complet de l'activité.
|
||||
|
||||
Un journal de l'activité (connexion, déconnexion, suppression d'ip) est
|
||||
également disponible dans /usr/local/share/evoauth/evoauth.log.
|
||||
|
||||
|
||||
4 - Maintenance
|
||||
---------------
|
||||
|
||||
Le script perl "Evoauth.pl" doit être ajouté à la crontab (vous
|
||||
pouvez pour celà vous inspirer du fichier crontab.sample) et permet de
|
||||
supprimer du fichier de status les adresses ip des utilisateurs qui ne
|
||||
sont plus connectées.
|
||||
|
||||
Il travaille par défaut sur une durée de 2 minutes.
|
||||
|
||||
Ce script gère également l'initialisation du firewall, lors de
|
||||
l'installation du logiciel, ainsi que la réinitialisation et l'arrêt.
|
||||
|
||||
|
||||
5 - Arborescence par defaut
|
||||
---------------------------
|
||||
|
||||
/etc/evoauth/evoauth.conf : fichier de configuration (regles)
|
||||
/var/www/evoauth/{,images,includes} : interface web
|
||||
/var/www/evoauth/accueil.txt : texte d'accueil
|
||||
/usr/local/share/evoauth : interface d'administration
|
||||
/usr/local/share/doc/evoauth : documentation, licence
|
9
TODO
Normal file
9
TODO
Normal file
|
@ -0,0 +1,9 @@
|
|||
Todo
|
||||
----
|
||||
|
||||
* gestion des groupes
|
||||
* filtre : voir les utilisateurs connectés
|
||||
* durée de validité pour les tickets (date de création)
|
||||
* adresses MAC (spoofing, une seule connexion etc.)
|
||||
* interception http
|
||||
* securite : solution plus elegante et sure que de lancer un "sudo" pour executer le script
|
6
admin/Changes
Normal file
6
admin/Changes
Normal file
|
@ -0,0 +1,6 @@
|
|||
Revision history for Perl extension Evoauth::Admin.
|
||||
|
||||
0.01 Sat Sep 10 23:50:18 2005
|
||||
- original version; created by h2xs 1.9 with options
|
||||
-X -n Evoauth::Admin
|
||||
|
44
admin/Evoauth.pl
Normal file
44
admin/Evoauth.pl
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
package main;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Getopt::Std;
|
||||
|
||||
use Evoauth::Admin;
|
||||
use Evoauth::Functions;
|
||||
use Evoauth::Iptables;
|
||||
|
||||
$SIG{INT} = $SIG{TERM} = $SIG{KILL} = "";
|
||||
|
||||
# choix des options
|
||||
my %options=();
|
||||
getopts("icsrd:a:",\%options);
|
||||
|
||||
if (defined $options{a})
|
||||
{ &Evoauth::Iptables::Alter(1, $options{a}); }
|
||||
elsif (defined $options{d})
|
||||
{ &Evoauth::Iptables::Alter(3, $options{d});}
|
||||
elsif (defined $options{c})
|
||||
{ &Evoauth::Iptables::Alter(2); }
|
||||
elsif (defined $options{i})
|
||||
{ &Evoauth::Iptables::Control(1); }
|
||||
elsif (defined $options{s})
|
||||
{ &Evoauth::Iptables::Control(2); }
|
||||
elsif (defined $options{r})
|
||||
{ &Evoauth::Iptables::Control(3); }
|
||||
else
|
||||
{ &Usage; }
|
||||
|
||||
sub Usage() {
|
||||
print "\nusage :\n";
|
||||
print "-i : initialisation du logiciel\n";
|
||||
print "-s : arrêt du logiciel\n";
|
||||
print "-r : redémarrage du logiciel\n";
|
||||
print "-a ip : ajout d'une ip a la base\n";
|
||||
print "-d ip : suppression d'une ip a la base\n";
|
||||
print "-c : vérification des bases de connexion\n";
|
||||
print "-h : aide\n";
|
||||
exit;
|
||||
}
|
9
admin/MANIFEST
Normal file
9
admin/MANIFEST
Normal file
|
@ -0,0 +1,9 @@
|
|||
Changes
|
||||
Makefile.PL
|
||||
MANIFEST
|
||||
README
|
||||
t/Evoauth-Admin.t
|
||||
lib/Evoauth/Admin.pm
|
||||
lib/Evoauth/Functions.pm
|
||||
lib/Evoauth/Iptables.pm
|
||||
META.yml Module meta-data (added by MakeMaker)
|
10
admin/META.yml
Normal file
10
admin/META.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
# http://module-build.sourceforge.net/META-spec.html
|
||||
#XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
|
||||
name: evoauth
|
||||
version: 0.5
|
||||
version_from:
|
||||
installdirs: site
|
||||
requires:
|
||||
|
||||
distribution_type: module
|
||||
generated_by: ExtUtils::MakeMaker version 6.17
|
20
admin/Makefile.PL
Normal file
20
admin/Makefile.PL
Normal file
|
@ -0,0 +1,20 @@
|
|||
use ExtUtils::MakeMaker;
|
||||
|
||||
$NAME = "Evoauth";
|
||||
$DISTNAME = "evoauth";
|
||||
|
||||
my @clean = qw( *~ *.old );
|
||||
|
||||
WriteMakefile(
|
||||
VERSION => "0.5",
|
||||
DISTNAME => $DISTNAME,
|
||||
NAME => $NAME,
|
||||
dist => {
|
||||
COMPRESS => 'gzip -9f',
|
||||
SUFFIX => '.tar.gz',
|
||||
DIST_DEFAULT => 'all tardist',
|
||||
},
|
||||
clean => {
|
||||
FILES => join( " ", @clean )
|
||||
}
|
||||
);
|
33
admin/README
Normal file
33
admin/README
Normal file
|
@ -0,0 +1,33 @@
|
|||
Evoauth-Admin version 0.04
|
||||
==========================
|
||||
|
||||
Evoauth::Admin est utilise afin de gerer la liste des personnes connectees au logiciel.
|
||||
|
||||
INSTALLATION
|
||||
|
||||
To install this module type the following:
|
||||
|
||||
perl Makefile.PL
|
||||
make
|
||||
make test
|
||||
make install
|
||||
|
||||
DEPENDENCIES
|
||||
|
||||
This module requires these other modules and libraries:
|
||||
|
||||
DBI
|
||||
DBD::Mysql
|
||||
MIME::Lite
|
||||
|
||||
COPYRIGHT AND LICENCE
|
||||
|
||||
Licence GPL
|
||||
|
||||
Copyright (C) 2005 by Evolix
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.6 or,
|
||||
at your option, any later version of Perl 5 you may have available.
|
||||
|
||||
|
62
admin/lib/Evoauth/Admin.pm
Normal file
62
admin/lib/Evoauth/Admin.pm
Normal file
|
@ -0,0 +1,62 @@
|
|||
package Evoauth::Admin;
|
||||
|
||||
use 5.008006;
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
require Exporter;
|
||||
use AutoLoader qw(AUTOLOAD);
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
|
||||
our %EXPORT_TAGS = ( 'all' => [ qw(
|
||||
|
||||
) ] );
|
||||
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
||||
our @EXPORT = qw(
|
||||
|
||||
);
|
||||
|
||||
our $VERSION = '0.4';
|
||||
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Evoauth::Admin - Admin
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Evoauth::Admin;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Fonctions d'administration d'Evoauth.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
...
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
...
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Alexandre Anriot, E<lt>aanriot@evolix.fr<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Alexandre Anriot
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.6 or,
|
||||
at your option, any later version of Perl 5 you may have available.
|
||||
|
||||
|
||||
=cut
|
||||
|
106
admin/lib/Evoauth/Functions.pm
Normal file
106
admin/lib/Evoauth/Functions.pm
Normal file
|
@ -0,0 +1,106 @@
|
|||
package Evoauth::Functions;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Config::Tiny;
|
||||
use DBI;
|
||||
use MIME::Lite;
|
||||
|
||||
# Renvoit la date courrante
|
||||
sub Date() {
|
||||
my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
|
||||
localtime(time);
|
||||
|
||||
$year += 1900;
|
||||
my $temps = "$mday/$mon/$year - $hour:$min:$sec";
|
||||
|
||||
return $temps;
|
||||
}
|
||||
|
||||
# Envoit un mail
|
||||
sub Mail() {
|
||||
my ($event, $ip) = @_;
|
||||
my $temps = Date();
|
||||
|
||||
# paramètres de connexion
|
||||
my $Config = Config::Tiny->read( '/etc/evoauth/evoauth.conf' );
|
||||
my $db = $Config->{bdd}->{db};
|
||||
my $username = $Config->{bdd}->{username};
|
||||
my $userpass = $Config->{bdd}->{userpass};
|
||||
|
||||
# connexion
|
||||
my $dbh = DBI->connect( $db, $username, $userpass )
|
||||
&& &Log("La connexion a réussie.") ||
|
||||
&Log("La connexion a échoué : $DBI::errstr");
|
||||
|
||||
# récupération du login correspondant à l'ip
|
||||
my $sql = "SELECT login FROM users where ip = '".$ip."'";
|
||||
|
||||
my $sth = $dbh->prepare($sql);;
|
||||
$sth->execute();
|
||||
|
||||
my $login;
|
||||
$sth->bind_columns(undef, \$login) && $sth->fetch();
|
||||
|
||||
my $msg = new MIME::Lite
|
||||
From => 'evoauth@shaktiware.fr',
|
||||
To => 'aanriot@nerim.net',
|
||||
Subject => $event,
|
||||
Type => 'TEXT',
|
||||
Data => "$temps : $event de $login ($ip).";
|
||||
|
||||
$msg -> send && &Log("Un mail a été envoyé.");
|
||||
$dbh->disconnect();
|
||||
}
|
||||
|
||||
# Ecrit dans le journal
|
||||
sub Log() {
|
||||
my $file = "/usr/local/share/evoauth/evoauth.log";
|
||||
my $message = shift;
|
||||
my $temps = &Date;
|
||||
|
||||
open(LOG, ">> $file") or
|
||||
die "L'ouverture du journal evoauth.log a échoué: $!.\n";
|
||||
|
||||
print LOG "$temps $message\n";
|
||||
|
||||
close(LOG);
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Evoauth::Functions - Fonctions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Evoauth::Functions;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Fonctions d'administration d'Evoauth.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
...
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
...
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Alexandre Anriot, E<lt>aanriot@evolix.fr<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Alexandre Anriot
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.6 or,
|
||||
at your option, any later version of Perl 5 you may have available.
|
||||
|
||||
|
||||
=cut
|
241
admin/lib/Evoauth/Iptables.pm
Normal file
241
admin/lib/Evoauth/Iptables.pm
Normal file
|
@ -0,0 +1,241 @@
|
|||
package Evoauth::Iptables;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Config::Tiny;
|
||||
use Evoauth::Functions;
|
||||
|
||||
my $Config = Config::Tiny->read( '/etc/evoauth/evoauth.conf' );
|
||||
|
||||
# Paramètres de configuration
|
||||
my $activation = $Config->{control}->{enable};
|
||||
my $timetorem = $Config->{control}->{timetorem};
|
||||
|
||||
# Connexion à la base de données
|
||||
my $db = $Config->{bdd}->{db};
|
||||
my $username = $Config->{bdd}->{username};
|
||||
my $userpass = $Config->{bdd}->{userpass};
|
||||
|
||||
my $dbh = DBI->connect( $db, $username, $userpass )
|
||||
&& &Evoauth::Functions::Log("La connexion a réussie.") ||
|
||||
&Evoauth::Functions::Log("La connexion a échoué : $DBI::errstr");
|
||||
|
||||
# Règles
|
||||
our %conf;
|
||||
my $cpt = 1;
|
||||
|
||||
while ($cpt <= 4) {
|
||||
$conf{"rule".$cpt} = $Config->{rules}->{"rule".$cpt};
|
||||
$cpt++;
|
||||
}
|
||||
|
||||
sub Alter() {
|
||||
my $action = shift;
|
||||
my $ip = shift;
|
||||
|
||||
# ajout
|
||||
if ($action == 1) {
|
||||
system("/sbin/iptables -I EVOAUTH -s $ip -j ACCEPT > /dev/null") &&
|
||||
&Evoauth::Functions::Log("Ajout de $ip aux connectés.") &&
|
||||
&Evoauth::Functions::Mail("Connexion", $ip);
|
||||
}
|
||||
|
||||
# verification
|
||||
elsif ($action == 2) {
|
||||
&check_iptables;
|
||||
&check_timestamp;
|
||||
}
|
||||
|
||||
# suppression
|
||||
else {
|
||||
my $sql = qq{ UPDATE users set statut = 0 where ip = '$ip' };
|
||||
my $sth = $dbh->prepare($sql);
|
||||
|
||||
system("/sbin/iptables -D EVOAUTH -s $ip -j ACCEPT") &&
|
||||
$sth->execute() &&
|
||||
$sth->finish() &&
|
||||
&Evoauth::Functions::Log("$ip [supprimee]") &&
|
||||
&Evoauth::Functions::Mail("Déconnexion", $ip);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
sub check_iptables() {
|
||||
my ($ip, @ips);
|
||||
|
||||
&Evoauth::Functions::Log("Suppression des règles obsolètes dans iptables.");
|
||||
|
||||
# obtention de la liste des ips
|
||||
system("/sbin/iptables -L EVOAUTH -n |grep ACCEPT |awk '{ print \$4 }' > /tmp/ips.txt");
|
||||
|
||||
# on ouvre le fichier des ips
|
||||
open(IPS, "/tmp/ips.txt") || &ecriture("L'ouverture des IPs a échoué.");
|
||||
@ips = <IPS>;
|
||||
close(IPS);
|
||||
|
||||
foreach $ip (@ips)
|
||||
{
|
||||
chomp $ip;
|
||||
|
||||
my $sql = "SELECT statut FROM users where ip = '".$ip."'";
|
||||
my $sth = $dbh->prepare( $sql );
|
||||
$sth->execute();
|
||||
|
||||
my $statut;
|
||||
$sth->bind_columns(undef, \$statut);
|
||||
|
||||
$sth->fetch();
|
||||
|
||||
if ($statut != 1) {
|
||||
&Evoauth::Functions::Log("$ip [supprimée]\n");
|
||||
&Evoauth::Functions::Mail("Suppression", $ip);
|
||||
&delet($ip);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub check_timestamp() {
|
||||
&Evoauth::Functions::Log("Suppression des règles obsolètes dans iptables.");
|
||||
|
||||
# on travaille sur tous les utilisateurs présents
|
||||
my $sql = "SELECT * FROM users";
|
||||
my $sth = $dbh->prepare($sql);
|
||||
$sth->execute();
|
||||
|
||||
my($id, $login, $pass, $groupe, $utype, $credit, $ip, $statut,
|
||||
$actif, $firstcon, $lastupdate, $kick);
|
||||
|
||||
$sth->bind_columns(undef, \$id, \$login, \$pass, \$groupe,
|
||||
\$utype, \$credit, \$ip, \$statut, \$actif, \$firstcon,
|
||||
\$lastupdate, \$kick);
|
||||
|
||||
my ($newtime, $oldtime);
|
||||
|
||||
&Evoauth::Functions::Log("Vérification de la base.");
|
||||
|
||||
my $cpt; #compteur
|
||||
while ($sth->fetch() && $sth != 0)
|
||||
{
|
||||
if ($statut == 1)
|
||||
{
|
||||
$newtime = time();
|
||||
$oldtime = $lastupdate;
|
||||
|
||||
my $timestamp = $newtime - $oldtime;
|
||||
if ($timestamp > $conf{timetorem})
|
||||
{
|
||||
# dernière connexion est < 1 min -> suppresion
|
||||
&delet($ip) && &Evoauth::Functions::Log("$ip [supprimée]") &&
|
||||
&Evoauth::Functions::Mail("Suppression", $ip);
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
# sinon conservation
|
||||
&Evoauth::Functions::Log("$ip [conservée]");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$sth->finish();
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub Control() {
|
||||
my $action = shift;
|
||||
my ( @tmp1, @tmp2, $key, $value );
|
||||
|
||||
# start
|
||||
if ($action == 1) {
|
||||
while ( ($key, $value) = each(%conf) ) {
|
||||
@tmp1 = split (/\t/, $value);
|
||||
system("/sbin/iptables -t nat -A PREROUTING -p $tmp1[2] -i ppp0 --dport $tmp1[1] -j DNAT --to $tmp1[0]:$tmp1[1]");
|
||||
}
|
||||
|
||||
&Evoauth::Functions::Log("1 - Regles de PREROUTING charges");
|
||||
|
||||
system("/sbin/iptables -N EVOAUTH") &&
|
||||
system("/sbin/iptables -A EVOAUTH -j DROP");
|
||||
|
||||
&Evoauth::Functions::Log("2 - Tables crées");
|
||||
|
||||
while ( ($key, $value) = each(%conf) ) {
|
||||
@tmp2 = split (/\t/, $value);
|
||||
system("/sbin/iptables -A FORWARD -p $tmp2[2] -i ppp0 -o eth0 --dport $tmp2[1] -j EVOAUTH");
|
||||
}
|
||||
|
||||
&Evoauth::Functions::Log("3 - Règles chargées");
|
||||
|
||||
&Evoauth::Functions::Log("Evoauth vient de démarrer.");
|
||||
}
|
||||
|
||||
# arret
|
||||
elsif ($action == 2) {
|
||||
system("/sbin/iptables -F EVOAUTH") &&
|
||||
&Evoauth::Functions::Log("1 - Flush de la table EVOAUTH");
|
||||
|
||||
my @tmp3;
|
||||
|
||||
while ( ($key, $value) = each(%conf) ) {
|
||||
@tmp3 = split $value;
|
||||
system("/sbin/iptables -D FORWARD -p $tmp3[2] -i ppp0 -o eth0 --dport $tmp3[1] -j EVOAUTH");
|
||||
system("/sbin/iptables -t nat -D PREROUTING -p $tmp3[2] -i ppp0 --dport $tmp3[1] -j DNAT --to $tmp3[0]:$tmp3[1]");
|
||||
}
|
||||
|
||||
&Evoauth::Functions::Log("2 - Annulation FORWARD + PREROUTING");
|
||||
|
||||
system("/sbin/iptables -X EVOAUTH") &&
|
||||
&Evoauth::Functions::Log("3 - Suppression de la table EVOAUTH");
|
||||
|
||||
&Evoauth::Functions::Log("Evoauth vient de s'arreter.");
|
||||
}
|
||||
|
||||
# restart
|
||||
else {
|
||||
&stop() &&
|
||||
&start() &&
|
||||
&Evoauth::Functions::Log("Evoauth vient de redémarrer.");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Evoauth::Iptables - Firewall
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Evoauth::Iptables;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Fonctions d'administration d'Evoauth.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
...
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
...
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Alexandre Anriot, E<lt>aanriot@evolix.fr<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Alexandre Anriot
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.6 or,
|
||||
at your option, any later version of Perl 5 you may have available.
|
||||
|
||||
|
||||
=cut
|
15
admin/t/Evoauth-Admin.t
Normal file
15
admin/t/Evoauth-Admin.t
Normal file
|
@ -0,0 +1,15 @@
|
|||
# Before `make install' is performed this script should be runnable with
|
||||
# `make test'. After `make install' it should work as `perl Evoauth-Admin.t'
|
||||
|
||||
#########################
|
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use Test::More tests => 1;
|
||||
BEGIN { use_ok('Evoauth::Admin') };
|
||||
|
||||
#########################
|
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
16
evoauth.conf
Normal file
16
evoauth.conf
Normal file
|
@ -0,0 +1,16 @@
|
|||
[control]
|
||||
# Crontab activée ?
|
||||
enable = 1
|
||||
timetorem = 70
|
||||
|
||||
[rules]
|
||||
rule1 = 192.168.1.104 1494 tcp
|
||||
rule2 = 192.168.1.110 3000 tcp
|
||||
rule3 = 192.168.1.4 5631 tcp
|
||||
rule4 = 192.168.1.4 5632 udp
|
||||
|
||||
[bdd]
|
||||
bddtype = mysql
|
||||
db = DBI:mysql:evoauth032005:localhost
|
||||
username = evoauth_user
|
||||
userpass = DofWebr2
|
10
htdocs/accueil.txt
Normal file
10
htdocs/accueil.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
Vous avez accès aux services suivants :
|
||||
|
||||
<ul>
|
||||
<li>CITRIX
|
||||
<li>PCAnywhere
|
||||
<li>Mantis
|
||||
</ul>
|
||||
|
||||
Pour activer votre accès, vérifier que votre navigateur autorise les pop-ups
|
||||
pour cette adresse et cliquer sur <i>Activation de votre accès</i>.
|
69
htdocs/activation.php
Normal file
69
htdocs/activation.php
Normal file
|
@ -0,0 +1,69 @@
|
|||
<?
|
||||
|
||||
require_once "includes/config.php";
|
||||
require_once "includes/database.php";
|
||||
require_once "includes/fonctions.php";
|
||||
|
||||
session_name(EVOAUTH_PHPSESSION);
|
||||
session_start();
|
||||
|
||||
$statut = getstatut($_SESSION['login']);
|
||||
|
||||
// chargement des règles
|
||||
if ($statut == "0")
|
||||
{
|
||||
loadrules();
|
||||
}
|
||||
|
||||
// sollicitation en étant déjà connecté
|
||||
elseif ($statut == "1")
|
||||
{
|
||||
echo '<html><body>';
|
||||
// echo '<meta HTTP-EQUIV=Refresh CONTENT="3; URL="'.$portail.'">';
|
||||
echo '</head><body>';
|
||||
echo '<p>Vous êtes connecté...';
|
||||
echo '<p>Pour revenir à l\'accueil tout en restant connecté, cliquez <a href="membre.php">ici</a>.';
|
||||
// echo '<p>Pour vous déconnecter, cliquez <a href="fin.php">ici</a>.';
|
||||
echo '</body></html>';
|
||||
}
|
||||
|
||||
// accès non autorisé
|
||||
else
|
||||
{
|
||||
kick("Accès non autorisé.");
|
||||
}
|
||||
|
||||
// chargement des règles concernées
|
||||
function loadrules()
|
||||
{
|
||||
// activation des règles de firewall
|
||||
// system("sudo /usr/local/evoauth/bin/evoauth_fw.pl -a ".$_SESSION['ip']." -m".$_SESSION['mac']);
|
||||
system("sudo /usr/local/evoauth/bin/evoauth_fw.pl -a ".$_SESSION['ip']);
|
||||
|
||||
// verrouillage
|
||||
update_statut($_SESSION['login'], "1");
|
||||
|
||||
// lancement de la popup
|
||||
popup();
|
||||
}
|
||||
|
||||
// lancement de la popup de connexion
|
||||
function popup()
|
||||
{
|
||||
global $height;
|
||||
global $width;
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<script>
|
||||
window.open('popup_debut.php', 'connexion', 'height=<?=$height?>, width=<?=$width?>, toolbar=no, menubar=no, scrollbars=no, resizable=no, status=no')
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<p>Vous êtes connecté.</p>
|
||||
<p>Pour revenir à l'accueil tout en restant connecté, cliquez <a href="membre.php">ici</a>.
|
||||
</body>
|
||||
</html>
|
||||
<?
|
||||
}
|
||||
?>
|
553
htdocs/edit.php
Normal file
553
htdocs/edit.php
Normal file
|
@ -0,0 +1,553 @@
|
|||
<?php
|
||||
|
||||
require_once "includes/config.php";
|
||||
require "includes/database.php";
|
||||
require "includes/fonctions.php";
|
||||
|
||||
session_name(EVOAUTH_PHPSESSION);
|
||||
session_start ();
|
||||
|
||||
$mode = $_GET['mode'];
|
||||
$flag = $_GET['flag'];
|
||||
|
||||
// accès OK
|
||||
if (isset($_SESSION['login']))
|
||||
{
|
||||
if (!empty($_POST))
|
||||
{
|
||||
if (isset($_POST['ajout']))
|
||||
{
|
||||
$mode = "add";
|
||||
$flag = 0;
|
||||
}
|
||||
|
||||
elseif (isset($_POST['suppression']))
|
||||
{
|
||||
$mode = "suppression";
|
||||
$flag = 1;
|
||||
}
|
||||
|
||||
elseif (isset($_POST['activation']))
|
||||
{
|
||||
$mode = "activation";
|
||||
$flag = 1;
|
||||
}
|
||||
|
||||
elseif (isset($_POST['desactivation']))
|
||||
{
|
||||
$mode = "desactivation";
|
||||
$flag = 1;
|
||||
}
|
||||
|
||||
elseif (isset($_POST['kick']))
|
||||
{
|
||||
$mode = "kick";
|
||||
$flag = 1;
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/* mode changement du mot de passe utilisateur */
|
||||
|
||||
if ($mode == "pass" && $flag == 1)
|
||||
{
|
||||
if ($_POST['pass1'] == $_POST['pass2'])
|
||||
{
|
||||
// mise à jour du pass
|
||||
$newpass = md5($_POST['pass1']);
|
||||
update_pass($newpass);
|
||||
|
||||
// changement effectué, on redirige vers la page d'accueil
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo 'Le changement de mot de passe a été effectué.';
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
// le changement a échoué
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo 'Le changement a échoué.';
|
||||
}
|
||||
} /* fin mode changement du mot de passe utilisateur */
|
||||
|
||||
|
||||
|
||||
/* mode ajout d'un utilisateur */
|
||||
|
||||
elseif ($mode == "add" && $flag == 1 && $_SESSION['login'] == "admin")
|
||||
{
|
||||
// l'utilisateur a créer existe déjà
|
||||
$resultat = seek_for_user($_POST['newlogin']);
|
||||
|
||||
if ($resultat == 1)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo 'L\'utilisateur existe déjà.';
|
||||
}
|
||||
|
||||
// les 2 mots de passe saisis sont différents
|
||||
elseif ($_POST['pass1'] != $_POST['pass2'])
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo 'Les mots de passe sont différents.';
|
||||
}
|
||||
|
||||
// le nouvel utilisateur a un crédit nul
|
||||
elseif ($_POST['utype'] == 1 && $_POST['credit'] == 0)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo 'Crédit nul impossible.';
|
||||
}
|
||||
|
||||
// tout est OK, on peut ajouter l'utilisateur
|
||||
else
|
||||
{
|
||||
// création des paramètres
|
||||
$newlogin = $_POST['newlogin'];
|
||||
$newpass = md5($_POST['pass1']);
|
||||
(defined($_POST['newgroup'])) ? $newgroup=$_POST['newgroup'] : $newgroup="general";
|
||||
|
||||
if ($_POST['utype'] == 0)
|
||||
$newutype="0";
|
||||
elseif ($_POST['utype'] == 1)
|
||||
$newutype="1";
|
||||
else
|
||||
$newutype="0";
|
||||
|
||||
$newcredit = $_POST['credit'];
|
||||
|
||||
// ajout proprement dit
|
||||
$resultat = add_user($newlogin, $newpass, $newgroup, $newutype, $newcredit);
|
||||
|
||||
if ($resultat)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=add">';
|
||||
echo 'L\'ajout de l\'utilisateur a réussi.';
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo 'L\'Ajout de l\'utilisateur a échoué.';
|
||||
}
|
||||
}
|
||||
} /* fin mode ajout d'un utilisateur */
|
||||
|
||||
|
||||
|
||||
/* mode suppression */
|
||||
|
||||
elseif ($mode == "suppression" && $flag == 1 && $_SESSION['login'] == "admin")
|
||||
{
|
||||
if (!empty($_POST['coche']))
|
||||
{
|
||||
foreach ($_POST['coche'] as $coche)
|
||||
{
|
||||
$connexion = connexion();
|
||||
|
||||
$requete= "delete from users where id='$coche'";
|
||||
$resultat =mysql_query($requete, $connexion);
|
||||
|
||||
if ($resultat == 1)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "La suppression a été correctement effectuée. <br>";
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo "La suppression a échouée: ".mysql_error()."<br>";
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "Aucun utilisateur à supprimer. <br>";
|
||||
}
|
||||
} /* mode suppresion */
|
||||
|
||||
|
||||
|
||||
/* mode activation */
|
||||
|
||||
elseif ($mode == "activation" && $flag == 1 && $_SESSION['login'] == "admin")
|
||||
{
|
||||
if (!empty($_POST['coche']))
|
||||
{
|
||||
foreach ($_POST['coche'] as $coche)
|
||||
{
|
||||
$connexion = connexion();
|
||||
|
||||
$requete= "update users set actif = 1 where id='$coche'";
|
||||
$resultat =mysql_query($requete, $connexion);
|
||||
|
||||
if ($resultat == 1)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "L'activation a été correctement effectuée. <br>";
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo "L'activation a échouée: ".mysql_error()."<br>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "Aucun utilisateur à activer. <br>";
|
||||
}
|
||||
} /* fin mode activation */
|
||||
|
||||
|
||||
|
||||
/* mode desactivation */
|
||||
|
||||
elseif ($mode == "desactivation" && $flag == 1 && $_SESSION['login'] == "admin")
|
||||
{
|
||||
if (!empty($_POST['coche']))
|
||||
{
|
||||
foreach ($_POST['coche'] as $coche)
|
||||
{
|
||||
$connexion = connexion();
|
||||
|
||||
$requete= "update users set actif = 0 where id='$coche'";
|
||||
$resultat =mysql_query($requete, $connexion);
|
||||
|
||||
if ($resultat == 1)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "La désactivation a été correctement effectuée. <br>";
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=membre.php">';
|
||||
echo "La désactivation a échouée: ".mysql_error()."<br>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "Aucun utilisateur à désactiver. <br>";
|
||||
}
|
||||
} /* fin mode desactivation */
|
||||
|
||||
|
||||
|
||||
/* mode kick */
|
||||
|
||||
elseif ($mode == "kick" && $flag == 1 && $_SESSION['login'] == "admin")
|
||||
{
|
||||
if (!empty($_POST['coche']))
|
||||
{
|
||||
foreach ($_POST['coche'] as $coche)
|
||||
{
|
||||
$connexion = connexion();
|
||||
|
||||
$requete= "select ip from users where id='$coche' and statut='1'";
|
||||
$resultat = mysql_fetch_row(mysql_query ($requete, $connexion));
|
||||
|
||||
// l'utilisateur
|
||||
if ($resultat == 0)
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "L'utilisateur n'est pas connecté.<br>";
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
$ip = current($resultat);
|
||||
|
||||
// désactivation de l'utilisateur dans le firewall
|
||||
system("/usr/bin/sudo /usr/local/evoauth/bin/evoauth_fw.pl -d $ip");
|
||||
|
||||
// variable nécessaire pour interdir le prochain refresh
|
||||
setkick($ip, "1");
|
||||
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "L'utilisateur a été kické.<br>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
echo '<meta http-equiv="refresh" content="3;URL=edit.php?mode=listing">';
|
||||
echo "Aucun utilisateur à kicker. <br>";
|
||||
}
|
||||
} /* fin mode kick */
|
||||
|
||||
|
||||
/* mode accueil */
|
||||
|
||||
elseif ($mode == accueil)
|
||||
{
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<link rel="StyleSheet" href="style.css" type="text/css">
|
||||
<title>Intranet <?=$title;?></title>
|
||||
</head>
|
||||
<body>
|
||||
<p align="center"><img src="images/<?=$pic;?>"></p>
|
||||
<br>
|
||||
<?
|
||||
// relecture de la page et enregistrement
|
||||
if ($flag == 1) {
|
||||
if (!$file = fopen("accueil.txt", "w")) {
|
||||
echo "Echec de l'ouverture du texte d'accueil (accueil.txt)";
|
||||
}
|
||||
|
||||
$text = $_POST["acc"];
|
||||
fputs($file, $text);
|
||||
fclose($file);
|
||||
}
|
||||
|
||||
|
||||
// on ouvre accueil.txt
|
||||
if (!$file = fopen("accueil.txt", "r")) {
|
||||
echo "Echec de l'ouverture du texte d'accueil (accueil.txt)";
|
||||
}
|
||||
|
||||
else {
|
||||
// on parcourt accueil.txt
|
||||
while (!feof($file))
|
||||
{
|
||||
$accueil .= fgets($file, 255);
|
||||
}
|
||||
}
|
||||
?>
|
||||
<p align="center">Modifier le texte d'accueil</p>
|
||||
<form action="edit.php?mode=accueil&flag=1" method="post">
|
||||
<table align="center">
|
||||
<tr>
|
||||
<td>Votre texte :</td>
|
||||
<td>
|
||||
<textarea name="acc" rows="10" cols="80" wrap="PHYSICAL">
|
||||
<?=$accueil?>
|
||||
</textarea>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2" align="center"><input type="submit" name="submit" value="Mise a jour"></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<p align="center"><br><br>
|
||||
<a href="membre.php">Accueil</a>
|
||||
<a href="index.php">Déconnexion</a>
|
||||
</body>
|
||||
</html>
|
||||
<?
|
||||
|
||||
fclose($file);
|
||||
} /* fin mode accueil */
|
||||
|
||||
|
||||
/* mode normal de visualisation */
|
||||
|
||||
else
|
||||
{
|
||||
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<link rel="StyleSheet" href="style.css" type="text/css">
|
||||
<title>Intranet <?=$title;?></title>
|
||||
</head>
|
||||
<body>
|
||||
<p align="center"><img src="images/<?=$pic;?>"></p>
|
||||
<br>
|
||||
<?
|
||||
if ($mode == "pass" && $_SESSION['login'] != "admin")
|
||||
{
|
||||
?>
|
||||
<p align="center">Changer votre mot de passe</p>
|
||||
<form action="edit.php?mode=pass&flag=1" method="post">
|
||||
<table align="center">
|
||||
<tr>
|
||||
<td>Login :</td>
|
||||
<td><?=$_SESSION['login']?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Nouveau mot de passe :</td>
|
||||
<td><input type="password" name="pass1" style="background:red;color:yellow"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Confirmation :</td>
|
||||
<td><input type="password" name="pass2" style="background:red;color:yellow"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2" align="center"><input type="submit" name="submit" value="Mise à jour"></td>
|
||||
</tr>
|
||||
<?
|
||||
}
|
||||
|
||||
// ajout d'utilisateur si la personnes est admin
|
||||
elseif ($mode == "add" && $_SESSION['login'] == "admin")
|
||||
{
|
||||
?>
|
||||
<p align="center">Ajouter un utilisateur</p>
|
||||
<form method="post" action="edit.php?mode=add&flag=1">
|
||||
<table align="center">
|
||||
<tr>
|
||||
<td>Login :</td>
|
||||
<td><input type="text" name="newlogin"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Groupe :</td>
|
||||
<td><input type= |