Created
July 3, 2014 09:56
-
-
Save jackyyf/54c0055393a87802f42a to your computer and use it in GitHub Desktop.
OpenVPN Config Generator!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
error_reporting(0); | |
####################### | |
# General Config. # | |
####################### | |
$keys_tmp_dir = '/home/freenet/keys-tmp'; | |
$keys_dir_prefix = '/home/freenet/keys'; /* Place to store keys. */ | |
$keys_http_path_prefix = 'http://freenet.jackyyf.com/keys'; /* Place to download keys. */ | |
$mysql_host = 'localhost'; /* MySQL Host*/ | |
$mysql_user = 'root'; /* MySQL User */ | |
$mysql_pass = 'meiyoumima'; /* MySQL Password */ | |
$mysql_db = 'test'; /* MySQL Database */ | |
$mysql_table = 'users'; /* MySQL Table to store data. */ | |
$max_name_length = 64; | |
$max_email_length = 40; /* Seems a little short, but openssl.cnf says 40 :( */ | |
$key_country = 'CN'; /* We are in China. */ | |
$key_province = 'SH'; /* We are in ShangHai. */ | |
$key_city = 'ShangHai'; /* We are in ShangHai City. */ | |
$key_org = 'OrzServer'; /* Organization Name. */ | |
$key_org_unit = 'OrzNet'; /* Organization Unit Name. */ | |
$path_to_pkitool = '/etc/openvpn/easy-rsa/2.0/pkitool-fix'; /* Fixed Version of pkitool. */ | |
####################### | |
# Misc Functions. # | |
####################### | |
function error($errstr = '') { | |
$response = array( | |
'error' => 1, | |
'errstr' => $errstr, | |
); | |
echo json_encode($response); | |
exit(0); | |
} | |
function response($httpsrc) { | |
$response = array( | |
'error' => 0, | |
'download' => $httpsrc, | |
); | |
echo json_encode($response); | |
exit(0); | |
} | |
function setenv($key, $value = NULL) { | |
$key = escapeshellcmd($key); | |
if($value === NULL) { | |
return putenv($key); | |
} else { | |
$value = escapeshellcmd($value); | |
return putenv($key . '=' . $value); | |
} | |
} | |
####################### | |
# Initial Check. # | |
####################### | |
header('Content-Type: text/json'); /* Response type is json. */ | |
/* Disable browser cache. */ | |
header('Expires: Tue, 01 Jan 2000 00:00:00 GMT'); | |
header('Last-Modified: ' . gmdate('r')); | |
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); | |
header('Cache-Control: post-check=0, pre-check=0', false); | |
header('Pragma: no-cache'); | |
if (empty($_POST['name'])) { | |
error('Name not found.'); | |
} | |
$key_name = trim($_POST['name']); | |
if (!preg_match('/^[a-zA-Z][0-9a-zA-Z\-_]*$/', $key_name)) { | |
error('Name contains special chars.'); | |
} | |
if (strlen($key_name) > $max_name_length) { | |
error('Name is too long. Max is ' . $max_name_length); | |
} | |
$key_common_name = $key_name; /* Common Name */ | |
if (empty($_POST['mail'])) { | |
error('Email not found.'); | |
} | |
$key_email = trim($_POST['mail']); | |
if (!filter_var($key_email, FILTER_VALIDATE_EMAIL)) { | |
error('Invalid email.'); | |
} | |
if (strlen($key_email) > $max_email_length) { | |
error('Email is too long. Max is ' . $max_email_length); | |
} | |
$mysql = new mysqli($mysql_host, $mysql_user, $mysql_pass, $mysql_db); | |
if ($mysql -> connect_error) { | |
error('Please contact admin: unable to connect to mysql server.'); | |
} | |
$result = $mysql -> query("SELECT id FROM {$mysql_table} WHERE name='{$key_name}' LIMIT 0,1"); | |
if (! $result) { | |
error('Please contact admin: error on mysql query.'); | |
} | |
if ($result -> num_rows) { | |
error('Name already exists.'); | |
} | |
/////////////////////////////////////////////////////////////////////// | |
//////////////// MAIN PART OF THE SCRIPT ///////////////// | |
/////////////////////////////////////////////////////////////////////// | |
/* First, let's put some env variables. */ | |
setenv('KEY_COUNTRY', $key_country); | |
setenv('KEY_PROVINCE', $key_province); | |
setenv('KEY_CITY', $key_city); | |
setenv('KEY_ORG', $key_org); | |
setenv('KEY_OU', $key_org_unit); | |
setenv('KEY_CN', $key_common_name); | |
setenv('KEY_NAME', $key_name); | |
setenv('KEY_EMAIL', $key_email); | |
setenv('KEY_DIR', $keys_tmp_dir); | |
/* Next, Run the tool */ | |
chdir(dirname($path_to_pkitool)); | |
shell_exec($path_to_pkitool . ' ' . $key_name . ' 2>&1'); | |
/* After that, package all things I need */ | |
$zip = new ZipArchive(); | |
if (! $zip -> open($keys_dir_prefix . '/' . $key_name . '.zip', ZipArchive::CREATE)) { | |
error('Please contact admin: unable to open zip archive.'); | |
} | |
if (! $zip -> addFile($keys_tmp_dir . '/client.ovpn', 'freenet.ovpn')) { | |
error('Please contact admin: unable to add files to zip archive.'); | |
} | |
if (! $zip -> addFile($keys_tmp_dir . '/ca.crt', 'ca.crt')) { | |
error('Please contact admin: unable to add files to zip archive.'); | |
} | |
if (! $zip -> addFile($keys_tmp_dir . '/' . $key_name . '.key', 'client.key')) { | |
error('Please contact admin: unable to add files to zip archive.'); | |
} | |
if (! $zip -> addFile($keys_tmp_dir . '/' . $key_name . '.crt', 'client.crt')){ | |
error('Please contact admin: unable to add files to zip archive.'); | |
} | |
if (! $zip -> close()) { | |
error('Please contact admin: unable to write to zip archive.'); | |
} | |
/* All I need is done. Do a little clean-up. */ | |
unlink($keys_tmp_dir . '/' . $key_name . '.key'); | |
unlink($keys_tmp_dir . '/' . $key_name . '.crt'); | |
/* Save to mysql database... */ | |
if (! $mysql -> query("INSERT INTO {$mysql_table} (name) VALUES ('{$key_name}')")) { | |
error('Please contact admin: error on mysql query.'); | |
} | |
/* OK! It's finished. Let's send the result to client! */ | |
response($keys_http_path_prefix . '/' . $key_name . '.zip'); | |
/* Always remember: ENJOY FREENET! */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment