Remove redundant copies of getNasIP(), it should fix #3234
Merge pull request #556 from tuyan/c8b07434e3a1c9ae905c2e6cbef6f8fb25e3db00
Fix calculation of accounting gigawords.
Fixed PHP_INT_MAX not being 2^32 for accounting gigawords.
Implement privilege for allowing login through CP
- The feature is optional, on by default for new zones, off for current ones when upgrading
It should fix #1010
Use unset to free resources now that php does not use exit on CP
allow empty CP password to be sent to RADIUS server
Merge #237 manually whitout the GUI option for specifying interim interval. It will read now this attribute if present in a reply and use it. Fixes #1492
Make sure this is in global scope
Validate the cpzone parameter passed that it actually is a valid zone
Revert "There should be always a zone given from lighty to us so try to get that first"
This reverts commit 497d0b192f8e065ec3b4d1d94764b51c924a89b8.
There should be always a zone given from lighty to us so try to get that first
Update to master
Add portal_hostname_from_client_ip function
Update usr/local/captiveportal/index.php
Remove redundant code fragment
Get back to trim() and strip / from left/right but when redirecting properly create the redirurl var
Use rtrim to avoid issues
Add square brackets around IPv6 addresses
only trim the / if it is alone
only trim the / at the end of the redirurl
always use the shortcut cpcfg variable
Correctly retrieve the mac address
Do not exit from php rather return to not have to refork again from the manager
Switch all the actions(pipe create/table modify/get mac address) during fast path of CP to pfSense modules ones.
Simplify logic
Only try to get mac if the its required
Put fix for IE 8/9 url handling bug
Revert "Make mac_format aware of multiple Captiveportal instances"
This reverts commit 54df925b9ea447bdd10f88a886e2ef11d44c3059.
Make mac_format aware of multiple Captiveportal instances
Ensure there is a '.' between hostname and domain. Partially fixes #2454
fix vouchers
implement #2407: create config option for captive portal listening port
correct hostname variable, and use FQDN
possible fix for Bug #2311: Wrong redirection URL (from http -> https) missing colon char
Remove unused code
fix for: Captive Portal Login dies on empty input
Not actually tested because CP doesn't work right now.
http://redmine.pfsense.org/issues/1874
Should be preg_split instead of explode
Correct the Called-Station-Id attribute setting to be the consistent on authentication packets
Correct the Called-Station-Id attribute setting to be the same on STOP/START packets
The function split() is replaced by the function explode(). Starting with PHP 5.3 this is deprecated and with version 6 gone.Replacing it surpresses all the warnings
- Added support for MSCHAPv2, MSCHAPv1 and CHAP_MD5 to captive portal- Corrected bug in javascript funtion enable_change(enable_change)
Fixes #1874. Correctly error out when the user or the pass is not posted during login of CP.
Add support for multiple radius server to be used during authentication
Add the multi instance CP to master branch. This allows to define CP with different properties on different interfaces.
Plug a security risk on CP where a user can login by submitting a special request
Fix redirurl collection so after login the user can be redirected correctly
Fixes #1618. Always convert the NAS_PORT value to int in php and pass the attribute type during encoding to guarantee that it is encoded as an integer.
Use the availble constant on php for this and also the right value that comes with it since PHP never supported u_int. There is a bug open still on PHP about bcmod but some more info is needed.
ipfw is not referenced here.
Move all functions from index.php for captiveportal.inc
Handle PORTAL_REDIRURL variable
Ticket #836 Ticket #1194 and http://forum.pfsense.org/index.php/topic,32175.msg166263.html#msg166263 suggest that now that CP actions are quite fast its better to send the logout data before actually disconnecting the client.
Ticket #1013. Force NAS_PORT to be of type integer to avoid it being interpreted as char and generate wrong radius packet.
Ticket #1128. Ooops pass the right parameter to unlock.
Nuke trailing carriage returns
Make the CP locking more granular and make use correctly of exclusive/shared locks where appripriate. This speeds up CP login process.
Ticket #868. Add Connection: close to the header to be proxy friendly. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for reference.
Separate this control structure from the one before it, change the order, and rename the function.
Add an option for allowing clients to pass through the captive portal a limited number of times before requiring login.
Restore this code so the redirect after logging into the captive portal will work again. Ticket #918
Do not overwrite the redirurl parameter already taken care of.
Remove ORIGINAL_PORTAL_IP option. Never did get it working correctly.
Fixes #821. Force usage of configured redirurl when one has been configured.
clarify text
Pull in RADIUS reply messages for logout page.
Use the configured src ip attribute choosen for accounting too.
Show even VIP's in the list. This is copied from nat code and probably should be generalized.
Do not assume WAN as the default interface to get the ip from for the calling station id. Instead add a select box(list) to choose the interface(ip) to send to radius.
Provide a default error message on error pages if there is none provided by other means.
Add forgotten newlines.
Do not overwrite previous rules.
Free ipfw ruleno so it can be reused. Propperly delete passthrough mac entries that are not used.
Use correct array to iterate.
Use REQUEST to hanle both POST/GET.
Make the logout page configurable like the other pages. The only difference is that this page/code will be treated as a .php page so it may contain internal php CP variables referenced.
Provide an error message to the call.
Some configurations want to be able to ask users about replacing their existing mac during auto mac passthrough logins if they change equipment. Allow this in the backend by requiring the user to need posting a replacemacpassthru field with the post. Also add the possibility to send back with a portal_reply_page generated page the username and password posted.
Add the username to the auto added mac passthrough entry. Add an option to services->captiveportal page to activate/deactivate the auto-saving of username with the auto added mac passthrough.
Do comparions as meant not assignment. Pointy-hat: Myself
Actually send the wan ip address as calledstationid as advertised on captiveportal configuration page. The same fix was previously done to radius authentication code.
Use url_redirection even on successful login case if present. Add a redir functionality to portal_reply_page to keep the code centralized.
Actually use the radius WISPr(4) attribute 'url_redirection' when present.
Actually match the description and send the wan interface ip as Called-Station-Id on default settings.
Actually use the radius WISPr(4) attribute 'url_redirection' if present.
Do not allow nonstop redirects to self
Move get_include_contents function to pfsense-utils.inc
Allow php code to be included in the primary captive portal page. Add new ORIGINAL_PORTAL_IP post item which will be experimenting with a master mutli voucher setup.
Add a global declaration.
Improve/correct the passthrumac rules when this option is enabled.
Ticket #565. Correct deleting passthru mac entries. revert back to always allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page.
fix up text
Warn the user when we cannot get the MAC address on pass through auto add case. Also when a user does a logout through clicking the logout form exit after showing sending info on logout successful.
Use tables of ipfw for passthrough mac entries. This makes it scale way better than previously. Fix multiple entries on adding mac through entries automatically after login for the same user. The changes allow even pass through mac to be controlled from the Status->Captiveportal. Use serialize/unserialize on some files that keep temporary information to speed up calculations. Really allow mac passthrough to follow radius rules or time out rules when present.
Add a new option which allows the admin user to configure CP so that it automatically enters an MAC passthru entry. The MAC is taken from login details and has to be removed manually. Also do improvements on rules handling and pipes. Add some optmizations. Teach the GUI/backend on ip/mac passthrough to configure a bw limit for this entries.
Ticket #483. Load the bcmath extension dynamically through PEAR for Radius accounting.
Rework includes/require. This saves about 4 megabytes.Simplify get_memory(). Tested on mips/i386
fix typos
fix typo