Project

General

Profile

Bug #1338 » captiveportal.inc.diff

Thomas NOEL, 03/08/2011 08:21 AM

View differences:

captiveportal.inc 2011-03-08 14:18:37.945679001 +0100
726 726
	 *	had a chance to iterate over all accounts.
727 727
	 */
728 728
	$unsetindexes = array();
729
	$no_users = count($cpdb);
730
	for ($i = 0; $i < $no_users; $i++) {
729
	for ($cpdb as $cpentry) {
731 730

  
732 731
		$timedout = false;
733 732
		$term_cause = 1;
734 733

  
735 734
		/* hard timeout? */
736 735
		if ($timeout) {
737
			if ((time() - $cpdb[$i][0]) >= $timeout) {
736
			if ((time() - $cpentry[0]) >= $timeout) {
738 737
				$timedout = true;
739 738
				$term_cause = 5; // Session-Timeout
740 739
			}
741 740
		}
742 741

  
743 742
		/* Session-Terminate-Time */
744
		if (!$timedout && !empty($cpdb[$i][9])) {
745
			if (time() >= $cpdb[$i][9]) {
743
		if (!$timedout && !empty($cpentry[9])) {
744
			if (time() >= $cpentry[9]) {
746 745
				$timedout = true;
747 746
				$term_cause = 5; // Session-Timeout
748 747
			}
749 748
		}
750 749

  
751 750
		/* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */
752
		$uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout;
751
		$uidletimeout = (is_numeric($cpentry[8])) ? $cpentry[8] : $idletimeout;
753 752
		/* if an idle timeout is specified, get last activity timestamp from ipfw */
754 753
		if (!$timedout && $uidletimeout) {
755
			$lastact = captiveportal_get_last_activity($cpdb[$i][2]);
754
			$lastact = captiveportal_get_last_activity($cpentry[2]);
756 755
			/*	If the user has logged on but not sent any traffic they will never be logged out.
757 756
			 *	We "fix" this by setting lastact to the login timestamp. 
758 757
			 */
759
			$lastact = $lastact ? $lastact : $cpdb[$i][0];
758
			$lastact = $lastact ? $lastact : $cpentry[0];
760 759
			if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
761 760
				$timedout = true;
762 761
				$term_cause = 4; // Idle-Timeout
......
765 764
		}
766 765

  
767 766
		/* if vouchers are configured, activate session timeouts */
768
		if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) {
769
			if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
767
		if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) {
768
			if (time() >= ($cpentry[0] + $cpentry[7])) {
770 769
				$timedout = true;
771 770
				$term_cause = 5; // Session-Timeout
772 771
			}
773 772
		}
774 773

  
775 774
		/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */
776
		if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) {
777
			if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
775
		if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) {
776
			if (time() >= ($cpentry[0] + $cpentry[7])) {
778 777
				$timedout = true;
779 778
				$term_cause = 5; // Session-Timeout
780 779
			}
781 780
		}
782 781

  
783 782
		if ($timedout) {
784
			captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time);
785
			captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT");
786
			$unsetindexes[] = $cpdb[$i][5];
783
			captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time);
784
			captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT");
785
			$unsetindexes[] = $cpentry[5];
787 786
		}
788 787

  
789 788
		/* do periodic RADIUS reauthentication? */
......
791 790
			if (isset($config['captiveportal']['radacct_enable'])) {
792 791
				if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
793 792
					/* stop and restart accounting */
794
					RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
795
						$cpdb[$i][4], // username
796
						$cpdb[$i][5], // sessionid
797
						$cpdb[$i][0], // start time
793
					RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
794
						$cpentry[4], // username
795
						$cpentry[5], // sessionid
796
						$cpentry[0], // start time
798 797
						$radiusservers,
799
						$cpdb[$i][2], // clientip
800
						$cpdb[$i][3], // clientmac
798
						$cpentry[2], // clientip
799
						$cpentry[3], // clientmac
801 800
						10); // NAS Request
802
					exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}");
803
					exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}");
804
					RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno
805
						$cpdb[$i][4], // username
806
						$cpdb[$i][5], // sessionid
801
					exec("/sbin/ipfw table 1 entryzerostats {$cpentry[2]}");
802
					exec("/sbin/ipfw table 2 entryzerostats {$cpentry[2]}");
803
					RADIUS_ACCOUNTING_START($cpentry[1], // ruleno
804
						$cpentry[4], // username
805
						$cpentry[5], // sessionid
807 806
						$radiusservers,
808
						$cpdb[$i][2], // clientip
809
						$cpdb[$i][3]); // clientmac
807
						$cpentry[2], // clientip
808
						$cpentry[3]); // clientmac
810 809
				} else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
811
					RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
812
						$cpdb[$i][4], // username
813
						$cpdb[$i][5], // sessionid
814
						$cpdb[$i][0], // start time
810
					RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
811
						$cpentry[4], // username
812
						$cpentry[5], // sessionid
813
						$cpentry[0], // start time
815 814
						$radiusservers,
816
						$cpdb[$i][2], // clientip
817
						$cpdb[$i][3], // clientmac
815
						$cpentry[2], // clientip
816
						$cpentry[3], // clientmac
818 817
						10, // NAS Request
819 818
						true); // Interim Updates
820 819
				}
......
822 821

  
823 822
			/* check this user against RADIUS again */
824 823
			if (isset($config['captiveportal']['reauthenticate'])) {
825
				$auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username
826
					base64_decode($cpdb[$i][6]), // password
824
				$auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username
825
					base64_decode($cpentry[6]), // password
827 826
					$radiusservers,
828
					$cpdb[$i][2], // clientip
829
					$cpdb[$i][3], // clientmac
830
					$cpdb[$i][1]); // ruleno
827
					$cpentry[2], // clientip
828
					$cpentry[3], // clientmac
829
					$cpentry[1]); // ruleno
831 830
				if ($auth_list['auth_val'] == 3) {
832
					captiveportal_disconnect($cpdb[$i], $radiusservers, 17);
833
					captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
834
					$unsetindexes[] = $cpdb[$i][5];
831
					captiveportal_disconnect($cpentry, $radiusservers, 17);
832
					captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
833
					$unsetindexes[] = $cpentry[5];
835 834
				}
836 835
			}
837 836
		}
(1-1/2)