kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

simplify Chap verify RadiusRest

Browse Source
This commit is contained in:
Ibnu Maksum 2024-08-07 11:10:43 +07:00
parent e5ff8c5675
commit f1a9ad6d63
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
2 changed files with 56 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
radius.php
View File

@ -38,11 +38,30 @@ try {
case 'authenticate': case 'authenticate':
$username = _req('username'); $username = _req('username');
$password = _req('password'); $password = _req('password');
if (empty($username) || empty($password)) { $CHAPassword = _req('CHAPassword');
show_radius_result([ $CHAPchallenge = _req('CHAPchallenge');
"control:Auth-Type" => "Reject", if (!empty($CHAPassword)) {
"reply:Reply-Message" => 'Login invalid' $c = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one();
], 401); //if verified
if (Password::chap_verify($c['password'], $CHAPassword, $CHAPchallenge)) {
$password = $c['password'];
$isVoucher = false;
}else{
// check if voucher
if (Password::chap_verify($username, $CHAPassword, $CHAPchallenge)) {
$isVoucher = true;
$password = $username;
} else {
show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401);
}
}
} else {
if (empty($username) || empty($password)) {
show_radius_result([
"control:Auth-Type" => "Reject",
"reply:Reply-Message" => 'Login invalid......'
], 401);
}
} }
if ($username == $password) { if ($username == $password) {
$d = ORM::for_table('tbl_voucher')->where('code', $username)->find_one(); $d = ORM::for_table('tbl_voucher')->where('code', $username)->find_one();
@ -68,22 +87,24 @@ try {
$username = _req('username'); $username = _req('username');
$password = _req('password'); $password = _req('password');
$isVoucher = ($username == $password); $isVoucher = ($username == $password);
$real = _req('CHAPassword'); $CHAPassword = _req('CHAPassword');
$challenge = _req('CHAPchallenge'); $CHAPchallenge = _req('CHAPchallenge');
if (!empty($real)) { //aktif hanya kalo chappasword ada isinya if (!empty($CHAPassword)) {
$dd = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one(); $c = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one();
$pwd = $dd['password']; //ambil password text //if verified
$challenger = hex2bin(substr($challenge, 2)); //buang 0x if (Password::chap_verify($c['password'], $CHAPassword, $CHAPchallenge)) {
$realr = substr($real, 2); //buang 0x lagi $password = $c['password'];
$chapid = substr($realr, 0, 2); //ambil chap-id dari chap-pass $isVoucher = false;
$chapidr = hex2bin($chapid); //konvert chap-id }else{
$result = $chapidr . $pwd . $challenger; //mix semua // check if voucher
$response = $chapid . md5($result); //enkripsi lagi hasilnya trus di mix sama chap id if (Password::chap_verify($username, $CHAPassword, $CHAPchallenge)) {
if ($response != $realr) { //begal kalo hasil gak sama $isVoucher = true;
show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401); $password = $username;
} else {
show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401);
}
} }
//if ($response == $CHAPr) { echo 'ok betul 100'; }else{ echo 'salah'; } // untuk keperluan debug
//if ($response == $realr) { echo 'ok betul 100'; }else{ echo 'salah'; } // untuk keperluan debug
} else { //kalo chappassword kosong brrti eksekusi yg ini } else { //kalo chappassword kosong brrti eksekusi yg ini
if (empty($username) || empty($password)) { if (empty($username) || empty($password)) {

15
system/autoload/Password.php
View File

@ -32,4 +32,19 @@ class Password
$pass = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz@#!123456789', 8)), 0, 8); $pass = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz@#!123456789', 8)), 0, 8);
return $pass; return $pass;
} }
/**
* verify CHAP password
* @param string $realPassword
* @param string $CHAPassword
* @param string $CHAPChallenge
* @return bool
*/
public static function chap_verify($realPassword, $CHAPassword, $CHAPChallenge){
$CHAPassword = substr($CHAPassword, 2);
$chapid = substr($CHAPassword, 0, 2);
$result = hex2bin($chapid) . $realPassword . hex2bin(substr($CHAPChallenge, 2));
$response = $chapid . md5($result);
return ($response != $CHAPassword);
}
} }