/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ 1a8bf19a

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: captiveportal
32			*/
33	5b237745	Scott Ullrich
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-services-captiveportal
36			##\|*NAME=Services: Captive portal page
37			##\|*DESCR=Allow access to the 'Services: Captive portal' page.
38			##\|MATCH=services_captiveportal.php
39			##\|-PRIV
40
41	d88c6a9f	Scott Ullrich	$pgtitle = array("Services","Captive portal");
42	5633ab30	jim-p	$statusurl = "status_captiveportal.php";
43			$logurl = "diag_logs_auth.php";
44
45	5b237745	Scott Ullrich	require("guiconfig.inc");
46	7ab2b688	Scott Ullrich	require("functions.inc");
47			require("filter.inc");
48			require("shaper.inc");
49			require("captiveportal.inc");
50	5b237745	Scott Ullrich
51			if (!is_array($config['captiveportal'])) {
52			$config['captiveportal'] = array();
53			$config['captiveportal']['page'] = array();
54			$config['captiveportal']['timeout'] = 60;
55			}
56
57			if ($_GET['act'] == "viewhtml") {
58			echo base64_decode($config['captiveportal']['page']['htmltext']);
59			exit;
60			} else if ($_GET['act'] == "viewerrhtml") {
61			echo base64_decode($config['captiveportal']['page']['errtext']);
62			exit;
63	5b87b24e	Ermal	} else if ($_GET['act'] == "viewlogouthtml") {
64			echo base64_decode($config['captiveportal']['page']['logouttext']);
65			exit;
66	5b237745	Scott Ullrich	}
67
68			$pconfig['cinterface'] = $config['captiveportal']['interface'];
69	0bd34ed6	Scott Ullrich	$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
70			$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
71	5b237745	Scott Ullrich	$pconfig['timeout'] = $config['captiveportal']['timeout'];
72			$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
73			$pconfig['enable'] = isset($config['captiveportal']['enable']);
74	7faeda46	Scott Ullrich	$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
75	5b237745	Scott Ullrich	$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
76	0bd34ed6	Scott Ullrich	$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
77			$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
78	c980716e	Scott Ullrich	$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
79			$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
80	5b237745	Scott Ullrich	$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
81	1d622048	Scott Ullrich	$pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']);
82	5b237745	Scott Ullrich	$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
83	c6e1b0f5	Ermal Lu?i	$pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']);
84	5b237745	Scott Ullrich	$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
85			$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
86	7e587bdb	Scott Ullrich	$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
87			$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
88			$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
89	5b237745	Scott Ullrich	$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
90	0bd34ed6	Scott Ullrich	$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
91	5b237745	Scott Ullrich	$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
92			$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
93	0bd34ed6	Scott Ullrich	$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
94	5b237745	Scott Ullrich	$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
95	0bd34ed6	Scott Ullrich	$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
96	5b237745	Scott Ullrich	$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
97			$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
98	0bd34ed6	Scott Ullrich	$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
99			$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
100	2342bfb0	Ermal Lu?i	$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
101	822b687b	Ermal	$pconfig['radiussrcip_attribute'] = $config['captiveportal']['radiussrcip_attribute'];
102	6ce61a8f	Ermal	$pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']);
103	1c291e64	Ermal	$pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']);
104	d11c1f93	sullrich	$pconfig['radmac_format'] = $config['captiveportal']['radmac_format'];
105	5b237745	Scott Ullrich
106			if ($_POST) {
107
108			unset($input_errors);
109			$pconfig = $_POST;
110
111			/* input validation */
112			if ($_POST['enable']) {
113			$reqdfields = explode(" ", "cinterface");
114			$reqdfieldsn = explode(",", "Interface");
115	a5c0b6c7	Scott Ullrich
116	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
117	a5c0b6c7	Scott Ullrich
118	0bd34ed6	Scott Ullrich	/* make sure no interfaces are bridged */
119	97edea16	Ermal Lu?i	foreach ($pconfig['cinterface'] as $cpbrif)
120			if (link_interface_to_bridge($cpbrif))
121			$input_errors[] = "The captive portal cannot be used on interface {$cpbrif} since it is part of a bridge.";
122	a5c0b6c7	Scott Ullrich
123	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
124			if (!$_POST['cert'] \|\| !$_POST['key']) {
125			$input_errors[] = "Certificate and key must be specified for HTTPS login.";
126			} else {
127			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
128			$input_errors[] = "This certificate does not appear to be valid.";
129	c6e1b0f5	Ermal Lu?i	if (!strstr($_POST['cacert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cacert'], "END CERTIFICATE"))
130			$input_errors[] = "This intermmediate certificate does not appear to be valid.";
131	5b237745	Scott Ullrich	if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
132			$input_errors[] = "This key does not appear to be valid.";
133			}
134	a5c0b6c7	Scott Ullrich
135	5b237745	Scott Ullrich	if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
136			$input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
137			}
138			}
139			}
140	a5c0b6c7	Scott Ullrich
141	5b237745	Scott Ullrich	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))) {
142			$input_errors[] = "The timeout must be at least 1 minute.";
143			}
144			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
145			$input_errors[] = "The idle timeout must be at least 1 minute.";
146			}
147			if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
148			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
149			}
150	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
151			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
152			}
153	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
154			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
155			}
156	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
157			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
158			}
159	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
160	0bd34ed6	Scott Ullrich	$input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
161			}
162			if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
163			$input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
164			}
165			$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
166			if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) \|\| ($_POST['maxprocperip'] > $mymaxproc))) {
167			$input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
168	5b237745	Scott Ullrich	}
169
170			if (!$input_errors) {
171	f8b11310	Ermal Lu?i	$config['captiveportal']['interface'] = implode(",", $_POST['cinterface']);
172	0bd34ed6	Scott Ullrich	$config['captiveportal']['maxproc'] = $_POST['maxproc'];
173			$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
174	5b237745	Scott Ullrich	$config['captiveportal']['timeout'] = $_POST['timeout'];
175			$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
176	0bd34ed6	Scott Ullrich	$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
177	7faeda46	Scott Ullrich	$config['captiveportal']['auth_method'] = $_POST['auth_method'];
178	0bd34ed6	Scott Ullrich	$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
179			$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
180			$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
181			$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
182	c980716e	Scott Ullrich	$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
183	0bd34ed6	Scott Ullrich	$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
184	5b237745	Scott Ullrich	$config['captiveportal']['httpsname'] = $_POST['httpsname'];
185	7e587bdb	Scott Ullrich	$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
186			$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
187			$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
188	5b237745	Scott Ullrich	$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
189	c6e1b0f5	Ermal Lu?i	$config['captiveportal']['cacertificate'] = base64_encode($_POST['cacert']);
190	5b237745	Scott Ullrich	$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
191	0bd34ed6	Scott Ullrich	$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
192			$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
193			$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
194	5b237745	Scott Ullrich	$config['captiveportal']['redirurl'] = $_POST['redirurl'];
195			$config['captiveportal']['radiusip'] = $_POST['radiusip'];
196	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
197	5b237745	Scott Ullrich	$config['captiveportal']['radiusport'] = $_POST['radiusport'];
198	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
199	5b237745	Scott Ullrich	$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
200			$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
201	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
202			$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
203	2342bfb0	Ermal Lu?i	$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
204	8aede55b	Ermal	$config['captiveportal']['radiussrcip_attribute'] = $_POST['radiussrcip_attribute'];
205	6ce61a8f	Ermal	$config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
206	1c291e64	Ermal	$config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
207	6ce61a8f	Ermal	$config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
208	a5c0b6c7	Scott Ullrich
209	5b237745	Scott Ullrich	/* file upload? */
210			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
211			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
212	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
213	5b237745	Scott Ullrich	$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
214	5b87b24e	Ermal	if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
215			$config['captiveportal']['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
216	a5c0b6c7	Scott Ullrich
217	5b237745	Scott Ullrich	write_config();
218	a5c0b6c7	Scott Ullrich
219	5b237745	Scott Ullrich	$retval = 0;
220	ea1eac37	Scott Ullrich	$retval = captiveportal_configure();
221
222	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
223	f8b11310	Ermal Lu?i
224			$pconfig['cinterface'] = implode(",", $_POST['cinterface']);
225	5b237745	Scott Ullrich	}
226			}
227	3d4bd975	Scott Ullrich	include("head.inc");
228	5b237745	Scott Ullrich	?>
229	9699028a	Scott Ullrich	<?php include("fbegin.inc"); ?>
230	5b237745	Scott Ullrich	<script language="JavaScript">
231			<!--
232			function enable_change(enable_change) {
233	0bd34ed6	Scott Ullrich	var endis, radius_endis;
234	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
235	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
236	a5c0b6c7	Scott Ullrich
237	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
238	54611f24	Scott Ullrich	//document.iform.maxproc.disabled = endis;
239	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
240	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
241			document.iform.timeout.disabled = endis;
242			document.iform.redirurl.disabled = endis;
243	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
244			document.iform.radiusip2.disabled = radius_endis;
245			document.iform.radiusport.disabled = radius_endis;
246			document.iform.radiusport2.disabled = radius_endis;
247			document.iform.radiuskey.disabled = radius_endis;
248			document.iform.radiuskey2.disabled = radius_endis;
249	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
250	f5fa7d5e	Ermal Luçi	document.iform.peruserbw.disabled = endis;
251			document.iform.bwdefaultdn.disabled = endis;
252			document.iform.bwdefaultup.disabled = endis;
253	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
254	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
255			document.iform.auth_method[1].disabled = endis;
256			document.iform.auth_method[2].disabled = endis;
257	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
258	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
259	d11c1f93	sullrich	document.iform.radmac_format.disabled = radius_endis;
260	07bd3f83	Scott Ullrich	document.iform.httpsname.disabled = endis;
261			document.iform.cert.disabled = endis;
262			document.iform.key.disabled = endis;
263			document.iform.logoutwin_enable.disabled = endis;
264	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
265	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
266			document.iform.radiusvendor.disabled = radius_endis;
267	2342bfb0	Ermal Lu?i	document.iform.radiussession_timeout.disabled = radius_endis;
268	822b687b	Ermal	document.iform.radiussrcip_attribute.disabled = radius_endis;
269	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
270			document.iform.errfile.disabled = endis;
271	5b87b24e	Ermal	document.iform.logoutfile.disabled = endis;
272	a5c0b6c7	Scott Ullrich
273	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
274	a5c0b6c7	Scott Ullrich
275	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
276	a5c0b6c7	Scott Ullrich
277	0bd34ed6	Scott Ullrich	var reauthenticate_dis = (radius_endis \|\| !document.iform.reauthenticate.checked) && !enable_change;
278	856e58a6	Scott Ullrich	document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
279			document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
280			document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
281	5b237745	Scott Ullrich	}
282			//-->
283			</script>
284	93588e1a	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
285	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
286			<?php if ($savemsg) print_info_box($savemsg); ?>
287			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
288			<table width="100%" border="0" cellpadding="0" cellspacing="0">
289	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
290	64b85ffe	Scott Ullrich	<?php
291			$tab_array = array();
292			$tab_array[] = array("Captive portal", true, "services_captiveportal.php");
293			$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
294			$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
295	336e3c1c	Charlie	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
296	3cf0d3f2	Scott Ullrich	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
297	64b85ffe	Scott Ullrich	display_top_tabs($tab_array);
298	0bd34ed6	Scott Ullrich	?> </td></tr>
299	5b237745	Scott Ullrich	<tr>
300	c980716e	Scott Ullrich	<td class="tabcont">
301			<table width="100%" border="0" cellpadding="6" cellspacing="0">
302	a5c0b6c7	Scott Ullrich	<tr>
303	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
304			<td width="78%" class="vtable">
305			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
306			<strong>Enable captive portal </strong></td>
307			</tr>
308	a5c0b6c7	Scott Ullrich	<tr>
309	687b5432	Chris Buechler	<td width="22%" valign="top" class="vncellreq">Interfaces</td>
310	5b237745	Scott Ullrich	<td width="78%" class="vtable">
311	d823b81c	sullrich	<select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface">
312	af98cced	Scott Ullrich	<?php
313	fbb45bb0	Ermal Luçi	$interfaces = get_configured_interface_with_descr();
314	c980716e	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
315	f8b11310	Ermal Lu?i	<option value="<?=$iface;?>" <?php if (stristr($pconfig['cinterface'], $iface)) echo "selected"; ?>>
316	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
317			</option>
318			<?php endforeach; ?>
319			</select> <br>
320	687b5432	Chris Buechler	<span class="vexpl">Select the interface(s) to enable for captive portal.</span></td>
321	5b237745	Scott Ullrich	</tr>
322	4362e48a	Scott Ullrich	<tr>
323			<td valign="top" class="vncell">Maximum concurrent connections</td>
324			<td class="vtable">
325			<table cellpadding="0" cellspacing="0">
326			<tr>
327	b5c78501	Seth Mos	<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5"
328			value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> per client IP address (0 = no limit)</td>
329	4362e48a	Scott Ullrich	</tr>
330			</table>
331			This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in
332			to the captive portal, but rather how many users can load the portal page or authenticate at the same time!
333			Default is 4 connections per client IP address, with a total maximum of 16 connections.</td>
334			</tr>
335	5b237745	Scott Ullrich	<tr>
336			<td valign="top" class="vncell">Idle timeout</td>
337			<td class="vtable">
338	b5c78501	Seth Mos	<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
339	5b237745	Scott Ullrich	minutes<br>
340			Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
341			</tr>
342	a5c0b6c7	Scott Ullrich	<tr>
343	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Hard timeout</td>
344	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
345	b5c78501	Seth Mos	<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
346	5b237745	Scott Ullrich	minutes<br>
347			Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
348			</tr>
349	a5c0b6c7	Scott Ullrich	<tr>
350	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Logout popup window</td>
351	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
352	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
353			<strong>Enable logout popup window</strong><br>
354	c980716e	Scott Ullrich	If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.</td>
355	5b237745	Scott Ullrich	</tr>
356			<tr>
357			<td valign="top" class="vncell">Redirection URL</td>
358			<td class="vtable">
359	b5c78501	Seth Mos	<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
360	5b237745	Scott Ullrich	<br>
361			If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
362			to access after they've authenticated.</td>
363			</tr>
364			<tr>
365	0bd34ed6	Scott Ullrich	<td valign="top" class="vncell">Concurrent user logins</td>
366			<td class="vtable">
367			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
368			<strong>Disable concurrent logins</strong><br>
369			If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.</td>
370			</tr>
371			<tr>
372	c980716e	Scott Ullrich	<td valign="top" class="vncell">MAC filtering </td>
373			<td class="vtable">
374			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
375			<strong>Disable MAC filtering</strong><br>
376	0bd34ed6	Scott Ullrich	If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.
377	d835d6b8	Chris Buechler	This is required when the MAC address of the client cannot be determined (usually because there are routers between <?php echo $g['product_name'] ?> and the clients).
378	0bd34ed6	Scott Ullrich	If this is enabled, RADIUS MAC authentication cannot be used.</td>
379	7e587bdb	Scott Ullrich	</tr>
380			<tr>
381	687b5432	Chris Buechler	<td valign="top" class="vncell">Pass-through MAC Auto Entry</td>
382	6ce61a8f	Ermal	<td class="vtable">
383			<input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>>
384	687b5432	Chris Buechler	<strong>Enable Pass-through MAC automatic additions</strong><br>
385			If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again.
386			To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it.
387	1c291e64	Ermal	If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.
388			<br/><br/>
389			<input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
390			<strong>Enable Pass-through MAC automatic addition with username</strong><br>
391			If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved.
392			To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it.
393			</td>
394	6ce61a8f	Ermal	</tr>
395			<tr>
396	7e587bdb	Scott Ullrich	<td valign="top" class="vncell">Per-user bandwidth restriction</td>
397			<td class="vtable">
398			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
399			<strong>Enable per-user bandwidth restriction</strong><br><br>
400			<table cellpadding="0" cellspacing="0">
401			<tr>
402			<td>Default download</td>
403	b5c78501	Seth Mos	<td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> Kbit/s</td>
404	7e587bdb	Scott Ullrich	</tr>
405			<tr>
406			<td>Default upload</td>
407	b5c78501	Seth Mos	<td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> Kbit/s</td>
408	7e587bdb	Scott Ullrich	</tr></table>
409			<br>
410	f5fa7d5e	Ermal Luçi	If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit. </td>
411	7e587bdb	Scott Ullrich	</tr>
412	a5c0b6c7	Scott Ullrich	<tr>
413	c980716e	Scott Ullrich	<td width="22%" valign="top" class="vncell">Authentication</td>
414	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
415	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
416			<tr>
417	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
418	0092b3bd	mgrooms	No Authentication</td>
419	c980716e	Scott Ullrich	</tr>
420			<tr>
421	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
422	0092b3bd	mgrooms	Local <a href="system_usermanager.php">User Manager</a></td>
423	c980716e	Scott Ullrich	</tr>
424			<tr>
425	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
426	0092b3bd	mgrooms	RADIUS Authentication</td>
427	c980716e	Scott Ullrich	</tr><tr>
428			<td> </td>
429			<td> </td>
430			</tr>
431			</table>
432	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
433	a5c0b6c7	Scott Ullrich	<tr>
434	0bd34ed6	Scott Ullrich	<td colspan="2" valign="top" class="optsect_t2">Primary RADIUS server</td>
435			</tr>
436			<tr>
437			<td class="vncell" valign="top">IP address</td>
438	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
439	0bd34ed6	Scott Ullrich	Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.</td>
440			</tr>
441			<tr>
442			<td class="vncell" valign="top">Port</td>
443	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
444	0bd34ed6	Scott Ullrich	Leave this field blank to use the default port (1812).</td>
445			</tr>
446			<tr>
447			<td class="vncell" valign="top">Shared secret  </td>
448	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
449	0bd34ed6	Scott Ullrich	Leave this field blank to not use a RADIUS shared secret (not recommended).</td>
450			</tr>
451	a5c0b6c7	Scott Ullrich	<tr>
452	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
453			</tr>
454			<tr>
455			<td colspan="2" valign="top" class="optsect_t2">Secondary RADIUS server</td>
456			</tr>
457			<tr>
458			<td class="vncell" valign="top">IP address</td>
459	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
460	0bd34ed6	Scott Ullrich	If you have a second RADIUS server, you can activate it by entering its IP address here.</td>
461			</tr>
462			<tr>
463			<td class="vncell" valign="top">Port</td>
464	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
465	0bd34ed6	Scott Ullrich	</tr>
466			<tr>
467			<td class="vncell" valign="top">Shared secret  </td>
468	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16"
469			value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
470	0bd34ed6	Scott Ullrich	</tr>
471			<tr>
472			<td colspan="2" class="list" height="12"></td>
473			</tr>
474	856e58a6	Scott Ullrich	<tr>
475			<td colspan="2" valign="top" class="optsect_t2">Accounting</td>
476			</tr>
477			<tr>
478			<td class="vncell"> </td>
479			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
480			<strong>send RADIUS accounting packets</strong><br>
481			If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
482			</tr>
483			<tr>
484			<td class="vncell" valign="top">Accounting port</td>
485	b5c78501	Seth Mos	<td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
486	856e58a6	Scott Ullrich	Leave blank to use the default port (1813).</td>
487			</tr>
488			<tr>
489			<td colspan="2" class="list" height="12"></td>
490			</tr>
491			<tr>
492			<td colspan="2" valign="top" class="optsect_t2">Reauthentication</td>
493			</tr>
494			<tr>
495			<td class="vncell"> </td>
496			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
497			<strong>Reauthenticate connected users every minute</strong><br>
498			If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is
499			logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.</td>
500			</tr>
501			<tr>
502			<td class="vncell" valign="top">Accounting updates</td>
503			<td class="vtable">
504			<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
505			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
506			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update
507			</td>
508			</tr>
509			<tr>
510			<td colspan="2" class="list" height="12"></td>
511			</tr>
512	0bd34ed6	Scott Ullrich	<tr>
513			<td colspan="2" valign="top" class="optsect_t2">RADIUS MAC authentication</td>
514			</tr>
515			<tr>
516			<td class="vncell"> </td>
517			<td class="vtable">
518			<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong>Enable RADIUS MAC authentication</strong><br>
519			If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password
520			entered below to the RADIUS server.</td>
521			</tr>
522			<tr>
523			<td class="vncell">Shared secret</td>
524	b5c78501	Seth Mos	<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
525	0bd34ed6	Scott Ullrich	</tr>
526			<tr>
527			<td colspan="2" class="list" height="12"></td>
528			</tr>
529			<tr>
530			<td colspan="2" valign="top" class="optsect_t2">RADIUS options</td>
531			</tr>
532	cf0542ac	Scott Ullrich
533	822b687b	Ermal	<tr>
534			<td class="vncell" valign="top">Radius ip attribute</td>
535			<td>
536			<select name="radiussrcip_attribute" id="radiussrcip_attribute">
537			<?php $iflist = get_configured_interface_with_descr();
538			foreach ($iflist as $ifdesc => $ifdescr) {
539			$ipaddr = get_interface_ip($ifdesc);
540			if (is_ipaddr($ipaddr)) {
541			$selected = "";
542			if ($ipaddr == $pconfig['radiussrcip_attribute'])
543			$ifdesc = "selected";
544			echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n";
545			}
546			}
547	34e9ca60	Ermal	if (is_array($config['virtualip']['vip'])) {
548			foreach ($config['virtualip']['vip'] as $sn) {
549			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
550			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
551			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
552			$len = $end - $start;
553
554			for ($i = 0; $i <= $len; $i++) {
555			$snip = long2ip32($start+$i);
556			echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n";
557			}
558			} else
559			echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n";
560			}
561			}
562	822b687b	Ermal	?>
563			</select><br/>
564			Choose the ip to use for calling station attribute.
565			</td>
566			</tr>
567
568	0bd34ed6	Scott Ullrich	<tr>
569			<td class="vncell" valign="top">Session-Timeout</td>
570			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong>Use RADIUS Session-Timeout attributes</strong><br>
571			When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.</td>
572			</tr>
573	cf0542ac	Scott Ullrich
574	0bd34ed6	Scott Ullrich	<tr>
575			<td class="vncell" valign="top">Type</td>
576			<td class="vtable"><select name="radiusvendor" id="radiusvendor">
577			<option>default</option>
578	a5c0b6c7	Scott Ullrich	<?php
579	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
580			foreach ($radiusvendors as $radiusvendor){
581			if ($pconfig['radiusvendor'] == $radiusvendor)
582			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
583			else
584			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
585			}
586			?></select><br>
587			If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and
588	687b5432	Chris Buechler	the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td>
589	0bd34ed6	Scott Ullrich	</tr>
590			</table>
591	5b237745	Scott Ullrich	</tr>
592	d11c1f93	sullrich	<tr>
593			<td class="vncell" valign="top">MAC address format</td>
594			<td class="vtable">
595			<select name="radmac_format" id="radmac_format">
596			<option>default</option>
597			<?php
598			$macformats = array("singledash","ietf","cisco","unformatted");
599			foreach ($macformats as $macformat) {
600			if ($pconfig['radmac_format'] == $macformat)
601			echo "<option selected value=\"$macformat\">$macformat</option>\n";
602			else
603			echo "<option value=\"$macformat\">$macformat</option>\n";
604			}
605			?>
606			</select></br>
607			This option changes the MAC address format used in the whole RADIUS system. Change this if you also
608			need to change the username format for RADIUS MAC authentication.<br>
609			default: 00:11:22:33:44:55<br>
610			singledash: 001122-334455<br>
611			ietf: 00-11-22-33-44-55<br>
612			cisco: 0011.2233.4455<br>
613			unformatted: 001122334455
614			</tr>
615	5b237745	Scott Ullrich	<tr>
616			<td valign="top" class="vncell">HTTPS login</td>
617			<td class="vtable">
618	c980716e	Scott Ullrich	<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
619	5b237745	Scott Ullrich	<strong>Enable HTTPS login</strong><br>
620	0bd34ed6	Scott Ullrich	If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.</td>
621	5b237745	Scott Ullrich	</tr>
622			<tr>
623			<td valign="top" class="vncell">HTTPS server name </td>
624			<td class="vtable">
625	b5c78501	Seth Mos	<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
626	5fca0583	Scott Ullrich	This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on <?=$g['product_name']?>. </td>
627	5b237745	Scott Ullrich	</tr>
628			<tr>
629			<td valign="top" class="vncell">HTTPS certificate</td>
630			<td class="vtable">
631			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
632			<br>
633	9699028a	Scott Ullrich	Paste a signed certificate in X.509 PEM format here.</td>
634	5b237745	Scott Ullrich	</tr>
635			<tr>
636			<td valign="top" class="vncell">HTTPS private key</td>
637			<td class="vtable">
638			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
639			<br>
640			Paste an RSA private key in PEM format here.</td>
641			</tr>
642	c6e1b0f5	Ermal Lu?i	<tr>
643	687b5432	Chris Buechler	<td valign="top" class="vncell">HTTPS intermediate certificate</td>
644	c6e1b0f5	Ermal Lu?i	<td class="vtable">
645			<textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea>
646			<br>
647			Paste a certificate in X.509 PEM format here.</td>
648			</tr>
649	a5c0b6c7	Scott Ullrich	<tr>
650	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Portal page contents</td>
651	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
652	b5c78501	Seth Mos	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
653	16f5fe76	Scott Ullrich	<?php
654			list($host) = explode(":", $_SERVER['HTTP_HOST']);
655			if(isset($config['captiveportal']['httpslogin'])) {
656			$href = "https://$host:8001";
657			} else {
658			$href = "http://$host:8000";
659	a5c0b6c7	Scott Ullrich	}
660	16f5fe76	Scott Ullrich	?>
661	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['htmltext']): ?>
662	a5c0b6c7	Scott Ullrich	<a href="<?=$href?>" target="_new">View current page</a>
663	5b237745	Scott Ullrich	<br>
664			<br>
665			<?php endif; ?>
666	eb2c4175	Scott Ullrich	Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$")
667	0bd34ed6	Scott Ullrich	with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$".
668	336e3c1c	Charlie	Include the "auth_user" and "auth_pass" and/or "auth_voucher" input fields if authentication is enabled, otherwise it will always fail.
669	0bd34ed6	Scott Ullrich	Example code for the form:<br>
670	5b237745	Scott Ullrich	<br>
671			<tt><form method="post" action="$PORTAL_ACTION$"><br>
672			<input name="auth_user" type="text"><br>
673			<input name="auth_pass" type="password"><br>
674	336e3c1c	Charlie	<input name="auth_voucher" type="text"><br>
675	5b237745	Scott Ullrich	<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
676			<input name="accept" type="submit" value="Continue"><br>
677			</form></tt></td>
678			</tr>
679			<tr>
680			<td width="22%" valign="top" class="vncell">Authentication<br>
681			error page<br>
682			contents</td>
683			<td class="vtable">
684	b5c78501	Seth Mos	<input name="errfile" type="file" class="formfld file" id="errfile"><br>
685	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['errtext']): ?>
686	a5c0b6c7	Scott Ullrich	<a href="?act=viewerrhtml" target="_blank">View current page</a>
687	5b237745	Scott Ullrich	<br>
688			<br>
689			<?php endif; ?>
690	eb2c4175	Scott Ullrich	The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs.
691	5b87b24e	Ermal	You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
692			</tr>
693			<tr>
694			<td width="22%" valign="top" class="vncell">Logout<br>
695			page<br>
696			contents</td>
697			<td class="vtable">
698			<input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
699			<?php if ($config['captiveportal']['page']['logouttext']): ?>
700			<a href="?act=viewlogouthtml" target="_blank">View current page</a>
701			<br>
702			<br>
703			<?php endif; ?>
704			The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs.
705	0bd34ed6	Scott Ullrich	You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
706	5b237745	Scott Ullrich	</tr>
707	a5c0b6c7	Scott Ullrich	<tr>
708	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
709	a5c0b6c7	Scott Ullrich	<td width="78%">
710			<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
711	5b237745	Scott Ullrich	</td>
712			</tr>
713	a5c0b6c7	Scott Ullrich	<tr>
714	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
715			<td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
716	c980716e	Scott Ullrich	</strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
717	5b237745	Scott Ullrich	</tr>
718			</table>
719			</td>
720			</tr>
721			</table>
722			</form>
723			<script language="JavaScript">
724			<!--
725			enable_change(false);
726			//-->
727			</script>
728			<?php include("fend.inc"); ?>
729	93588e1a	Scott Dale	</body>
730			</html>

Project

General

Profile

pfSense