Validate A MAC Address and strip separator (#164)

Validate A MAC Address and strip separator
lirantal · May 11, 2020 · 909ec0a · 909ec0a
1 parent bfd9132
commit 909ec0a
Showing 1 changed file with 19 additions and 12 deletions.
diff --git a/mng-new.php b/mng-new.php
@@ -460,20 +460,27 @@ function addAttributes($dbSocket, $username) {
 				}
 
 		   } elseif ($authType == "macAuth") {
-
-				// insert username/password
-				$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id,Username,Attribute,op,Value) ".
+
+				$macaddress = preg_replace("/:|\.|\-/", "", trim($macaddress));
+
+				if (preg_match('/[a-fA-F0-9]/', $macaddress) == 1 && strlen($macaddress) == 12){
+					// insert username/password
+					$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id,Username,Attribute,op,Value) ".
 						" VALUES (0, '".$dbSocket->escapeSimple($macaddress)."', 'Auth-Type', ':=', 'Accept')";
-				$res = $dbSocket->query($sql);
-				$logDebugSQL .= $sql . "\n";
+					$res = $dbSocket->query($sql);
+					$logDebugSQL .= $sql . "\n";
 
-				addGroups($dbSocket, $macaddress, $group_macaddress);
-				addUserInfo($dbSocket, $macaddress);
-                                addUserBillInfo($dbSocket, $username);
-				addAttributes($dbSocket, $macaddress);
-
-				$successMsg = "Added to database new mac auth user: <b> $macaddress </b>";
-				$logAction .= "Successfully added new mac auth user [$macaddress] on page: ";
+					addGroups($dbSocket, $macaddress, $group_macaddress);
+					addUserInfo($dbSocket, $macaddress);
+                                	addUserBillInfo($dbSocket, $username);
+					addAttributes($dbSocket, $macaddress);
+
+					$successMsg = "Added to database new mac auth user: <b> $macaddress </b>";
+					$logAction .= "Successfully added new mac auth user [$macaddress] on page: ";
+				} else { 
+					$failureMsg = "Invalid Mac address format: <b> $username </b>";
+					$logAction .= "Failed adding new user invalid mac address format [$username] on page: ";
+				}
 
 		   } elseif ($authType == "pincodeAuth") {