| 12 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/**
|
|
|
4 |
Copyright (c) 2025, Daily Data, Inc.
|
|
|
5 |
|
|
|
6 |
Redistribution and use in source and binary forms, with or without modification,
|
|
|
7 |
are permitted provided that the following conditions are met:
|
|
|
8 |
|
|
|
9 |
Redistributions of source code must retain the above copyright notice, this
|
|
|
10 |
list of conditions and the following disclaimer.
|
|
|
11 |
Redistributions in binary form must reproduce the above copyright notice,
|
|
|
12 |
this list of conditions and the following disclaimer in the documentation
|
|
|
13 |
and/or other materials provided with the distribution.
|
|
|
14 |
|
|
|
15 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
|
16 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
17 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
18 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
|
19 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
|
20 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
21 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
|
|
22 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
23 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
|
|
24 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
25 |
|
|
|
26 |
PHP script which reads tab delimited file users.csv (defined in $csvFile). Users
|
|
|
27 |
are presented with a username and password box and a router selector.
|
|
|
28 |
When processed, will read data file and determine if the credentials match any line
|
|
|
29 |
and, if so, display a QR Code suitable for scanning with one time password program.
|
|
|
30 |
|
|
|
31 |
Assumes csv file and qr image created by processOPNSense.pl.
|
|
|
32 |
|
|
|
33 |
Version 1.0.0 RWR 2025-09-21
|
|
|
34 |
Initial Release
|
|
|
35 |
|
|
|
36 |
*/
|
|
|
37 |
|
|
|
38 |
// Define the path to the CSV file
|
|
|
39 |
$csvFile = 'users.csv';
|
|
|
40 |
// name of image file
|
|
|
41 |
$imageFileName = '';
|
|
|
42 |
// topt code
|
|
|
43 |
$code = '';
|
|
|
44 |
function csvToArray( $csvFile, $delimiter = "\t" ) {
|
|
|
45 |
// Initialize an array to hold the data
|
|
|
46 |
$dataArray = [];
|
|
|
47 |
|
|
|
48 |
// Open the CSV file for reading
|
|
|
49 |
if (($handle = fopen($csvFile, 'r')) !== FALSE) {
|
|
|
50 |
// Get the headers from the first row
|
|
|
51 |
$headers = fgetcsv($handle, 1000, $delimiter);
|
|
|
52 |
|
|
|
53 |
// Loop through each row in the CSV
|
|
|
54 |
while (($data = fgetcsv($handle, 1000, $delimiter)) !== FALSE) {
|
|
|
55 |
// Combine headers with data to create an associative array
|
|
|
56 |
$rowData = array_combine($headers, $data);
|
|
|
57 |
// Add the associative array to the main data array
|
|
|
58 |
$dataArray[] = $rowData;
|
|
|
59 |
}
|
|
|
60 |
fclose($handle);
|
|
|
61 |
} else {
|
|
|
62 |
echo "Could not open the CSV file for reading.";
|
|
|
63 |
}
|
|
|
64 |
return $dataArray;
|
|
|
65 |
}
|
|
|
66 |
|
|
|
67 |
// Check if the form is submitted
|
|
|
68 |
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
|
69 |
// Get the username and password from the form
|
|
|
70 |
$username = $_POST['username'];
|
|
|
71 |
$password = $_POST['password'];
|
|
|
72 |
$router = $_POST['router'];
|
|
|
73 |
|
|
|
74 |
$users = csvToArray( $csvFile, "\t" );
|
|
|
75 |
if ( $users ) {
|
|
|
76 |
$isValidUser = false;
|
|
|
77 |
foreach ( $users as $key => $data ) {
|
|
|
78 |
if ( $data['name'] === $username && $data['router'] === $router ) {
|
|
|
79 |
if ( password_verify( $password, $data['password'] ) ) {
|
|
|
80 |
$code = $data['otp'];
|
|
|
81 |
$imageFileName = $data['filename'];
|
|
|
82 |
$isValidUser = true;
|
|
|
83 |
}
|
|
|
84 |
break;
|
|
|
85 |
}
|
|
|
86 |
}
|
|
|
87 |
if ( ! $isValidUser )
|
|
|
88 |
echo "<h1>Password wrong, or invalid user $username for router $router</h1>";
|
|
|
89 |
} else {
|
|
|
90 |
echo '<h1>Could not open the CSV file.</h1>';
|
|
|
91 |
}
|
|
|
92 |
}
|
|
|
93 |
?>
|
|
|
94 |
|
|
|
95 |
<!DOCTYPE html>
|
|
|
96 |
<html lang="en">
|
|
|
97 |
<head>
|
|
|
98 |
<meta charset="UTF-8">
|
|
|
99 |
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
100 |
<title>Get QR Code</title>
|
|
|
101 |
</head>
|
|
|
102 |
<body>
|
|
|
103 |
<?php
|
|
|
104 |
if ( ! empty( $imageFileName ) && ! empty( $code ) ) {
|
|
|
105 |
echo "<div style='text-align: center;'>";
|
|
|
106 |
echo "<img src='$imageFileName' alt='$code'>";
|
|
|
107 |
echo "<br />Your code for $router is<br /><b>$code</b>";
|
|
|
108 |
echo '</div>';
|
|
|
109 |
}
|
|
|
110 |
?>
|
|
|
111 |
|
|
|
112 |
<form method="POST" action="">
|
|
|
113 |
<label for="username">Username:</label>
|
|
|
114 |
<input type="text" id="username" name="username" required>
|
|
|
115 |
<br>
|
|
|
116 |
<label for="password">Password:</label>
|
|
|
117 |
<input type="password" id="password" name="password" required>
|
|
|
118 |
<br>
|
|
|
119 |
<label for="router">Router:</label>
|
|
|
120 |
<select name="router" id="router">
|
|
|
121 |
<?php
|
|
|
122 |
// gets a list of all routers listed in $csvFile into array $routers
|
|
|
123 |
exec( "tail -n+2 $csvFile | cut -f1 | sort | uniq | sort", $routers );
|
|
|
124 |
#die( "<pre>" . print_r( $routers, true) . "</pre>" );
|
|
|
125 |
foreach ( $routers as $index => $name ) {
|
|
|
126 |
print "<option value='$name'>$name</option>\n";
|
|
|
127 |
}
|
|
|
128 |
?>
|
|
|
129 |
</select>
|
|
|
130 |
<br>
|
|
|
131 |
<input type="submit" value="Login">
|
|
|
132 |
</form>
|
|
|
133 |
</body>
|
|
|
134 |
</html>
|