pfSense

Applied in changeset 00eda3a2eb5fb7e43ba9504c90ad494f41504888.

Is it only for user or pass fixed or also for vouchers?
I ask because im unable to view the changeset :(

Just reviewd it on github, the problem is not fixed for usage with voucher codes!

The Probleme why it wont work for voucher codes is really simple.

On line 143 in /usr/local/captiveportal/index.php is this "} else if ($_POST['accept'] && $_POST['auth_voucher']) {" but when "auth_voucher" is empty you cannot handle this because it jumps to the end of the file and simply executes the "exit;" there. So we ned to check first if voucher-auth is enabled on line 143 and then check if "auth_voucher" is not empty.

But i could not find out how to check if voucher-auth is enabled. I would submit a patch if someone points in the right direction to check if voucher-auth is enabled.

Not able to reproduce a blank page if I revert above changeset.

When I take the following steps:
- set the captive portal to local user / vouchers
- upload a template login page with username, password, and voucher fields
- disable vouchers
- leave username and password blank
- type in a voucher code

I get a screen with username/password boxes and a "Voucher invalid" message.

Yeah i will fix that since already know the fix for it.
Its just that the pages are not updated on enable/disable of voucher or login type.

The patch for this broke the ability to use empty passwords. I opened issue 2377 before I realized the changes were recently made for this one.

Rather than if ($_POST['auth_user'] && $_POST['auth_pass']) the code should test if (isset($_POST['auth_user']) && isset($_POST['auth_pass'])) because empty string evaluates to false.

I am sorry but you can use no authentication for empty passwords.
It works as its expected.