net-auth.php

<?php
  // net-auth.php 
  // This is a simple implementation of a script that 
  // receives HTTP requests that have been redirected 
  // by a controller configured with "Firewall-Friendly
  // External Captive Portal" support enabled.
  // This script is responsible for collecting critical  
  // information from the redirection, such as the   
  // session token, and for constructing the login page 
  // for the user. The script reads the VNS attribute
  // from the redirected request so that the script can 
  // display it on the login page.   
  //
  // The script expects the controller to sign the 
  // redirection response. The script validates the
  // signature. If the signature is valid, it displays
  // the login page. Otherwise, it displays an error page.    
  //  
  // Assumptions 
  // =========== 
  // 1. The controller is configured to include its IP address 
  //    and port in the redirection URL.  
  // 2. The controller is configured to sign its redirection
  //    responses using the Amazon S3 version 4 signature
  //    algorithm (as of May 2014). 
  // 3. The controller is configured to include the VNS in its
  // redirection response.
  // 4. This application assumes that the Identity & Shared Key
  // key pairs that it is allowed to use are stored in an associative
  // array. It also assumes that some configuration options such
  // as the 'service' and 'region' are stored in another associative
  // array. Real applications might retrieve this information from
  // a database or configuration file.

  require_once("ffecp_config.php");
  require_once("crypt_aws_s4.php");
  require_once("common_utilities.php");

  // Mainline processing starts here. Utilities are defined after
  // the mainline.
  // 1. Verify that the request has all necessary fields
  // and a valid signature.
  $rc = SimpleAws::verifyAwsUrlSignature(getURL($_SERVER),
   $awsKeyPairs);
  if (SimpleAws::AWS4_ERROR_NONE != $rc) {
      printError(SimpleAws::getAwsError($rc));
      exit;
  }
  // Determines which controller interface to interact with
  if(isset($_REQUEST['hwc_ip']) && isset($_REQUEST['hwc_port'])) {
    //BM IP address and port is enabled
    $hwc_ip = trim($_REQUEST['hwc_ip']);
    $hwc_port = trim($_REQUEST['hwc_port']);
  } else {
    // The controller has not been configured as expected. It did not
    // include its address and port on the redirection URL. This is
    // easy to fix but all this program can do is report the error.
    printError("Controller must be configured to include its IP " .
    "address & port in the request.");
    exit;
  }
  // Collect the data required by the login page and
  // subsequent authentication.
  $dest = isset($_REQUEST['dest']) ? $_REQUEST['dest'] : "";
  $bssid = isset($_REQUEST['bssid']) ? $_REQUEST['bssid'] : "";
  $wlan = isset($_REQUEST['wlan']) ? $_REQUEST['wlan'] : "";
  $vns = isset($_REQUEST['vns']) ? $_REQUEST['vns'] : "";
  $mu_mac = isset($_REQUEST['mac']) ? $_REQUEST['mac'] : "";
  $ap_name = isset($_REQUEST['ap']) ? $_REQUEST['ap'] : "";
  $token = isset($_REQUEST['token']) ? $_REQUEST['token'] : "";
  if(!tokenCheck($token)) {
  	printError("Error: <span style='color:red'>Failed to process the request: incorrect token.</span>");
  	exit;
  } else if(isset($hwc_port) && !is_numeric($hwc_port)) {
  	printError("Error: <span style='color:red'>Failed to process the request: incorrect port.</span>");
  	exit;
  }else if($mu_mac && !macCheck($mu_mac)) {
  	printError("Error: <span style='color:red'>Failed to process the request: incorrect client MAC address.</span>");
  	exit;
  } else if(!empty($wlan) && !is_numeric($wlan)) {
  	printError("Error: <span style='color:red'>Failed to process the request: incorrect WLAN.</span>");
  	exit;
  }
   //escape the parameters
  $dest =convertUrlParam($dest);
  $bssid = convertUrlParam($bssid);
  $vns = convertUrlParam($vns);
  $ap_name = convertUrlParam($ap_name);
  // 3. Compose the login page and send it to the user. The page
  // is used to store session data. This could have been
  // stored in the user session variable or in cookies.
  print compose_login_page($hwc_ip, $hwc_port, $token, $dest,
           $wlan, $vns, $bssid, $mu_mac, $ap_name);
    // 4. And exit. This script is finished executing.
  exit;
  // End of mainline
  // A function that reconstructs the URL that the
  // station was trying to Get, from the variables
  // generated by the PHP runtime.
  function getURL($data) {
    $ssl = (!empty($data['HTTPS']) && $data['HTTPS'] == 'on') ? true:false;
    $protocol = $ssl ? "https" : "http";
    $port = $data['SERVER_PORT'];
    $port = ((!$ssl && $port=='80') || ($ssl && $port=='443')) ? '' :
   ':'.$port;
    $host = isset($data['HTTP_HOST']) ? $data['HTTP_HOST'] :
   $data['SERVER_NAME'] . $port;
    return $protocol . '://' . $host . $data['REQUEST_URI'];
  }
  // This function generates a basic login page containing a form
  // that allows the user to submit credentials back to this
  // server. The page displays the name of the VNS (service) that the user
  // is associated to. 
  // A real login page normally has more content. This routine
  // highlights the critical aspects of composing a login page so
  // that when the user submits credentials, all the information
  // that is necessary to manage the user's session is on the page.
  function compose_login_page($hwc_ip, $hwc_port, $token, $dest,
          $wlan, $vns, $bssid, $mu_mac, $ap_name)
   {
     $template = "<!DOCTYPE html>
 <html>
 <head>
   <meta charset=\"ISO-8859-1\">
   <title>Please Login</title>
 </head>
 <body>
   <form id=\"Login\" name=\"Login\" method=\"post\" action=\"login.php\">
     <table border='0' width='800' height='310' cellpadding='0'
       cellspacing='0'>
       <tr>
         <td colspan=\"3\" height=\"100\">&nbsp;</td>
       </tr>
       <tr>
         <td width='260' height='1' border='0'/>
         <td width='300' height='65'>
           Please login to use '$vns' network.</td>
         <td width='240' rowspan='5'>&nbsp;</td>
       </tr>
       <tr>
         <td align=\"right\"><b>User Name&nbsp;&nbsp;</b>
         </td>
         <td height=\"28\">
           <input type=\"text\" autocomplete=\"off\"
             id=\"userid\" name=\"userid\"
 tabindex=\"1\">
         </td>
       </tr>
       <tr>
         <td align=\"right\"><b>Password&nbsp;&nbsp;</b>
         </td>
         <td height=\"28\"><input type=\"password\"
 autocomplete=\"off\"
           id=\"passwd\" name=\"passwd\" tabindex=\"2\">
         </td>
       </tr>
       <tr>
         <td><br>
         </td>
         <td height=\"33\" valign=\"bottom\"><input
 type=\"submit\"
           style=\"width: 100px\" value=\"Login\"
 tabindex=\"3\">
         </td>
       </tr>
     </table>
     <input type=\"hidden\" name=\"hwc_ip\" id=\"hwc_ip\"
 value=\"$hwc_ip\"/>
     <input type=\"hidden\" name=\"hwc_port\" id=\"hwc_port\"
 value=\"$hwc_port\"/>
     <input type=\"hidden\" name=\"token\" id=\"token\"
 value=\"$token\"/>
     <input type=\"hidden\" name=\"dest\" id=\"dest\"
 value=\"http://$dest\" />
     <input type=\"hidden\" name=\"wlan\" id=\"wlan\"
 value=\"$wlan\" />
     <input type=\"hidden\" name=\"mu_mac\" id=\"mu_mac\"
 value=\"$mu_mac\" />
     <input type=\"hidden\" name=\"bssid\" id=\"bssid\"
 value=\"$bssid\" />
     <input type=\"hidden\" name=\"ap\" id=\"ap\"
 value=\"$ap_name\" />
   </form>
 </body>
 </html>";
     return $template;
   }
 ?>