github/openNDS
1
1
Fork 0
mirror of https://github.com/openNDS/openNDS.git synced 2026-01-10 20:37:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

fas-aes: use improved querystring parsing

Browse Source 
Signed-off-by: Rob White <rob@blue-wave.net>
This commit is contained in:
Rob White
2021-01-05 13:27:39 +00:00
parent 4c199f34a4
commit 96c3c4b5ce
1 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
forward_authentication_service/fas-aes/fas-aes.php
View File

@@ -84,23 +84,36 @@ if (isset($_GET['status'])) {
exit(0);
}
if (isset($fas) and isset($iv)) {
$decrypted=openssl_decrypt( base64_decode($fas), $cipher, $key, 0, $iv );
####################################################################################################################################
#
# Decrypt and Parse the querystring
#
# Note: $ndsparamlist is an array of parameter names to parse for.
# Add your own custom parameters to this array as well as to the config file.
# "admin_email" and "location" are examples of custom parameters.
#
####################################################################################################################################
$ndsparamlist=explode(" ", "clientip clientmac gatewayname version hid gatewayaddress gatewaymac authdir originurl clientif admin_email location");
if (isset($_GET['fas']) and isset($_GET['iv'])) {
$string=$_GET['fas'];
$iv=$_GET['iv'];
$decrypted=openssl_decrypt( base64_decode( $string ), $cipher, $key, 0, $iv );
$dec_r=explode(", ",$decrypted);
foreach ($dec_r as $dec) {
list($name,$value)=explode("=",$dec);
if ($name == "clientip") {$clientip=$value;}
if ($name == "clientmac") {$clientmac=$value;}
if ($name == "gatewayname") {$gatewayname=$value;}
if ($name == "hid") {$hid=$value;}
if ($name == "gatewayaddress") {$gatewayaddress=$value;}
if ($name == "gatewaymac") {$gatewaymac=$value;}
if ($name == "authdir") {$authdir=$value;}
if ($name == "originurl") {$originurl=$value;}
if ($name == "clientif") {$clientif=$value;}
foreach ($ndsparamlist as $ndsparm) {
foreach ($dec_r as $dec) {
@list($name,$value)=explode("=",$dec);
if ($name == $ndsparm) {
$$name = $value;
break;
}
}
}
}
####################################################################################################################################
####################################################################################################################################
// Work out the client zone:
$client_zone_r=explode(" ",trim($clientif));