diff --git a/radius.php b/radius.php index 2a3d2847..e822fe16 100644 --- a/radius.php +++ b/radius.php @@ -38,11 +38,30 @@ try { case 'authenticate': $username = _req('username'); $password = _req('password'); - if (empty($username) || empty($password)) { - show_radius_result([ - "control:Auth-Type" => "Reject", - "reply:Reply-Message" => 'Login invalid' - ], 401); + $CHAPassword = _req('CHAPassword'); + $CHAPchallenge = _req('CHAPchallenge'); + if (!empty($CHAPassword)) { + $c = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one(); + //if verified + if (Password::chap_verify($c['password'], $CHAPassword, $CHAPchallenge)) { + $password = $c['password']; + $isVoucher = false; + }else{ + // check if voucher + if (Password::chap_verify($username, $CHAPassword, $CHAPchallenge)) { + $isVoucher = true; + $password = $username; + } else { + show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401); + } + } + } else { + if (empty($username) || empty($password)) { + show_radius_result([ + "control:Auth-Type" => "Reject", + "reply:Reply-Message" => 'Login invalid......' + ], 401); + } } if ($username == $password) { $d = ORM::for_table('tbl_voucher')->where('code', $username)->find_one(); @@ -68,22 +87,24 @@ try { $username = _req('username'); $password = _req('password'); $isVoucher = ($username == $password); - $real = _req('CHAPassword'); - $challenge = _req('CHAPchallenge'); - if (!empty($real)) { //aktif hanya kalo chappasword ada isinya - $dd = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one(); - $pwd = $dd['password']; //ambil password text - $challenger = hex2bin(substr($challenge, 2)); //buang 0x - $realr = substr($real, 2); //buang 0x lagi - $chapid = substr($realr, 0, 2); //ambil chap-id dari chap-pass - $chapidr = hex2bin($chapid); //konvert chap-id - $result = $chapidr . $pwd . $challenger; //mix semua - $response = $chapid . md5($result); //enkripsi lagi hasilnya trus di mix sama chap id - if ($response != $realr) { //begal kalo hasil gak sama - show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401); + $CHAPassword = _req('CHAPassword'); + $CHAPchallenge = _req('CHAPchallenge'); + if (!empty($CHAPassword)) { + $c = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one(); + //if verified + if (Password::chap_verify($c['password'], $CHAPassword, $CHAPchallenge)) { + $password = $c['password']; + $isVoucher = false; + }else{ + // check if voucher + if (Password::chap_verify($username, $CHAPassword, $CHAPchallenge)) { + $isVoucher = true; + $password = $username; + } else { + show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401); + } } - - //if ($response == $realr) { echo 'ok betul 100'; }else{ echo 'salah'; } // untuk keperluan debug + //if ($response == $CHAPr) { echo 'ok betul 100'; }else{ echo 'salah'; } // untuk keperluan debug } else { //kalo chappassword kosong brrti eksekusi yg ini if (empty($username) || empty($password)) { diff --git a/system/autoload/Password.php b/system/autoload/Password.php index 989e27b9..81692ae8 100644 --- a/system/autoload/Password.php +++ b/system/autoload/Password.php @@ -32,4 +32,19 @@ class Password $pass = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz@#!123456789', 8)), 0, 8); return $pass; } + + /** + * verify CHAP password + * @param string $realPassword + * @param string $CHAPassword + * @param string $CHAPChallenge + * @return bool + */ + public static function chap_verify($realPassword, $CHAPassword, $CHAPChallenge){ + $CHAPassword = substr($CHAPassword, 2); + $chapid = substr($CHAPassword, 0, 2); + $result = hex2bin($chapid) . $realPassword . hex2bin(substr($CHAPChallenge, 2)); + $response = $chapid . md5($result); + return ($response != $CHAPassword); + } }