| 726 |
726 |
* had a chance to iterate over all accounts.
|
| 727 |
727 |
*/
|
| 728 |
728 |
$unsetindexes = array();
|
| 729 |
|
$no_users = count($cpdb);
|
| 730 |
|
for ($i = 0; $i < $no_users; $i++) {
|
|
729 |
foreach ($cpdb as $cpentry) {
|
| 731 |
730 |
|
| 732 |
731 |
$timedout = false;
|
| 733 |
732 |
$term_cause = 1;
|
| 734 |
733 |
|
| 735 |
734 |
/* hard timeout? */
|
| 736 |
735 |
if ($timeout) {
|
| 737 |
|
if ((time() - $cpdb[$i][0]) >= $timeout) {
|
|
736 |
if ((time() - $cpentry[0]) >= $timeout) {
|
| 738 |
737 |
$timedout = true;
|
| 739 |
738 |
$term_cause = 5; // Session-Timeout
|
| 740 |
739 |
}
|
| 741 |
740 |
}
|
| 742 |
741 |
|
| 743 |
742 |
/* Session-Terminate-Time */
|
| 744 |
|
if (!$timedout && !empty($cpdb[$i][9])) {
|
| 745 |
|
if (time() >= $cpdb[$i][9]) {
|
|
743 |
if (!$timedout && !empty($cpentry[9])) {
|
|
744 |
if (time() >= $cpentry[9]) {
|
| 746 |
745 |
$timedout = true;
|
| 747 |
746 |
$term_cause = 5; // Session-Timeout
|
| 748 |
747 |
}
|
| 749 |
748 |
}
|
| 750 |
749 |
|
| 751 |
750 |
/* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */
|
| 752 |
|
$uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout;
|
|
751 |
$uidletimeout = (is_numeric($cpentry[8])) ? $cpentry[8] : $idletimeout;
|
| 753 |
752 |
/* if an idle timeout is specified, get last activity timestamp from ipfw */
|
| 754 |
753 |
if (!$timedout && $uidletimeout) {
|
| 755 |
|
$lastact = captiveportal_get_last_activity($cpdb[$i][2]);
|
|
754 |
$lastact = captiveportal_get_last_activity($cpentry[2]);
|
| 756 |
755 |
/* If the user has logged on but not sent any traffic they will never be logged out.
|
| 757 |
756 |
* We "fix" this by setting lastact to the login timestamp.
|
| 758 |
757 |
*/
|
| 759 |
|
$lastact = $lastact ? $lastact : $cpdb[$i][0];
|
|
758 |
$lastact = $lastact ? $lastact : $cpentry[0];
|
| 760 |
759 |
if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
|
| 761 |
760 |
$timedout = true;
|
| 762 |
761 |
$term_cause = 4; // Idle-Timeout
|
| ... | ... | |
| 765 |
764 |
}
|
| 766 |
765 |
|
| 767 |
766 |
/* if vouchers are configured, activate session timeouts */
|
| 768 |
|
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) {
|
| 769 |
|
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
767 |
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) {
|
|
768 |
if (time() >= ($cpentry[0] + $cpentry[7])) {
|
| 770 |
769 |
$timedout = true;
|
| 771 |
770 |
$term_cause = 5; // Session-Timeout
|
| 772 |
771 |
}
|
| 773 |
772 |
}
|
| 774 |
773 |
|
| 775 |
774 |
/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */
|
| 776 |
|
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) {
|
| 777 |
|
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
775 |
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) {
|
|
776 |
if (time() >= ($cpentry[0] + $cpentry[7])) {
|
| 778 |
777 |
$timedout = true;
|
| 779 |
778 |
$term_cause = 5; // Session-Timeout
|
| 780 |
779 |
}
|
| 781 |
780 |
}
|
| 782 |
781 |
|
| 783 |
782 |
if ($timedout) {
|
| 784 |
|
captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time);
|
| 785 |
|
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT");
|
| 786 |
|
$unsetindexes[] = $cpdb[$i][5];
|
|
783 |
captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time);
|
|
784 |
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT");
|
|
785 |
$unsetindexes[] = $cpentry[5];
|
| 787 |
786 |
}
|
| 788 |
787 |
|
| 789 |
788 |
/* do periodic RADIUS reauthentication? */
|
| ... | ... | |
| 791 |
790 |
if (isset($config['captiveportal']['radacct_enable'])) {
|
| 792 |
791 |
if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
|
| 793 |
792 |
/* stop and restart accounting */
|
| 794 |
|
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
|
| 795 |
|
$cpdb[$i][4], // username
|
| 796 |
|
$cpdb[$i][5], // sessionid
|
| 797 |
|
$cpdb[$i][0], // start time
|
|
793 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
|
794 |
$cpentry[4], // username
|
|
795 |
$cpentry[5], // sessionid
|
|
796 |
$cpentry[0], // start time
|
| 798 |
797 |
$radiusservers,
|
| 799 |
|
$cpdb[$i][2], // clientip
|
| 800 |
|
$cpdb[$i][3], // clientmac
|
|
798 |
$cpentry[2], // clientip
|
|
799 |
$cpentry[3], // clientmac
|
| 801 |
800 |
10); // NAS Request
|
| 802 |
|
exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}");
|
| 803 |
|
exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}");
|
| 804 |
|
RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno
|
| 805 |
|
$cpdb[$i][4], // username
|
| 806 |
|
$cpdb[$i][5], // sessionid
|
|
801 |
exec("/sbin/ipfw table 1 entryzerostats {$cpentry[2]}");
|
|
802 |
exec("/sbin/ipfw table 2 entryzerostats {$cpentry[2]}");
|
|
803 |
RADIUS_ACCOUNTING_START($cpentry[1], // ruleno
|
|
804 |
$cpentry[4], // username
|
|
805 |
$cpentry[5], // sessionid
|
| 807 |
806 |
$radiusservers,
|
| 808 |
|
$cpdb[$i][2], // clientip
|
| 809 |
|
$cpdb[$i][3]); // clientmac
|
|
807 |
$cpentry[2], // clientip
|
|
808 |
$cpentry[3]); // clientmac
|
| 810 |
809 |
} else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
|
| 811 |
|
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
|
| 812 |
|
$cpdb[$i][4], // username
|
| 813 |
|
$cpdb[$i][5], // sessionid
|
| 814 |
|
$cpdb[$i][0], // start time
|
|
810 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
|
811 |
$cpentry[4], // username
|
|
812 |
$cpentry[5], // sessionid
|
|
813 |
$cpentry[0], // start time
|
| 815 |
814 |
$radiusservers,
|
| 816 |
|
$cpdb[$i][2], // clientip
|
| 817 |
|
$cpdb[$i][3], // clientmac
|
|
815 |
$cpentry[2], // clientip
|
|
816 |
$cpentry[3], // clientmac
|
| 818 |
817 |
10, // NAS Request
|
| 819 |
818 |
true); // Interim Updates
|
| 820 |
819 |
}
|
| ... | ... | |
| 822 |
821 |
|
| 823 |
822 |
/* check this user against RADIUS again */
|
| 824 |
823 |
if (isset($config['captiveportal']['reauthenticate'])) {
|
| 825 |
|
$auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username
|
| 826 |
|
base64_decode($cpdb[$i][6]), // password
|
|
824 |
$auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username
|
|
825 |
base64_decode($cpentry[6]), // password
|
| 827 |
826 |
$radiusservers,
|
| 828 |
|
$cpdb[$i][2], // clientip
|
| 829 |
|
$cpdb[$i][3], // clientmac
|
| 830 |
|
$cpdb[$i][1]); // ruleno
|
|
827 |
$cpentry[2], // clientip
|
|
828 |
$cpentry[3], // clientmac
|
|
829 |
$cpentry[1]); // ruleno
|
| 831 |
830 |
if ($auth_list['auth_val'] == 3) {
|
| 832 |
|
captiveportal_disconnect($cpdb[$i], $radiusservers, 17);
|
| 833 |
|
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
|
| 834 |
|
$unsetindexes[] = $cpdb[$i][5];
|
|
831 |
captiveportal_disconnect($cpentry, $radiusservers, 17);
|
|
832 |
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
|
|
833 |
$unsetindexes[] = $cpentry[5];
|
| 835 |
834 |
}
|
| 836 |
835 |
}
|
| 837 |
836 |
}
|