/src/usr/local/captiveportal/index.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/captiveportal/index.php @ 23ee0868

1	8c1ce6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3	3b832418	bcyrill	$Id$
4			part of m0n0wall (http://m0n0.ch/wall)
5
6	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7			Copyright (C) 2009 Ermal Luçi
8	3b832418	bcyrill	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
9			All rights reserved.
10
11			Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13
14			1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16
17			2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20
21			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31	5b237745	Scott Ullrich	*/
32	f5024891	Scott Ullrich	/*
33			pfSense_MODULE: captiveportal
34			*/
35	5b237745	Scott Ullrich
36	0092b3bd	mgrooms	require_once("auth.inc");
37	65fbb388	Scott Ullrich	require_once("functions.inc");
38	483e6de8	Scott Ullrich	require_once("captiveportal.inc");
39	65fbb388	Scott Ullrich
40	eb15decb	Ermal	$errormsg = "Invalid credentials specified.";
41
42	65fbb388	Scott Ullrich	header("Expires: 0");
43	2ebbb0bc	Jose Luis Duran	header("Cache-Control: no-cache, no-store, must-revalidate");
44	65fbb388	Scott Ullrich	header("Pragma: no-cache");
45	232846a2	Ermal	header("Connection: close");
46	5b237745	Scott Ullrich
47	baec2b00	Ermal	global $cpzone, $cpzoneid;
48	5370146c	Ermal
49	4734474e	Ermal	$cpzone = $_REQUEST['zone'];
50	b4792bf8	Ermal	$cpcfg = $config['captiveportal'][$cpzone];
51	09294e84	Ermal	if (empty($cpcfg)) {
52	762a7b89	Phil Davis	log_error("Submission to captiveportal with unknown parameter zone: " . htmlspecialchars($cpzone));
53	09294e84	Ermal	portal_reply_page($redirurl, "error", $errormsg);
54			ob_flush();
55			return;
56			}
57	b4792bf8	Ermal
58	baec2b00	Ermal	$cpzoneid = $cpcfg['zoneid'];
59
60	362ec35d	Ermal	$orig_host = $_SERVER['HTTP_HOST'];
61	6e895d5f	Ermal	/* NOTE: IE 8/9 is buggy and that is why this is needed */
62	f89afb47	Ermal	$orig_request = trim($_REQUEST['redirurl'], " /");
63	6fa4bdc6	Scott Ullrich	$clientip = $_SERVER['REMOTE_ADDR'];
64	5b237745	Scott Ullrich
65			if (!$clientip) {
66	c9cb32c4	Ermal	/* not good - bail out */
67	12feed15	Ermal	log_error("Zone: {$cpzone} - Captive portal could not determine client's IP address.");
68	c9cb32c4	Ermal	$error_message = "An error occurred. Please check the system logs for more information.";
69			portal_reply_page($redirurl, "error", $errormsg);
70	4a5feb83	Ermal	ob_flush();
71			return;
72	65fbb388	Scott Ullrich	}
73
74	d2ecbddc	jim-p	$cpsession = captiveportal_isip_logged($clientip);
75	de132ae3	bcyrill	$ourhostname = portal_hostname_from_client_ip($clientip);
76	d2ecbddc	jim-p	/* Automatically switching to the logout page requires a custom logout page to be present. */
77			if ((!empty($cpsession)) && (! $_POST['logout_id']) && (!empty($cpcfg['page']['logouttext']))) {
78			/* if client already logged in so show logout page */
79			$protocol = (isset($config['captiveportal'][$cpzone]['httpslogin'])) ? 'https://' : 'http://';
80			$logouturl = "{$protocol}{$ourhostname}/";
81
82			$sessionid = $cpsession['sessionid'];
83			$attributes = array();
84			if (!empty($cpsession['session_timeout']))
85			$attributes['session_timeout'] = $cpsession['session_timeout'];
86			if (!empty($cpsession['session_terminate_time']))
87			$attributes['session_terminate_time'] = $cpsession['session_terminate_time'];
88
89			include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
90			ob_flush();
91			return;
92			} else if ($orig_host != $ourhostname) {
93	3b832418	bcyrill	/* the client thinks it's connected to the desired web server, but instead
94			it's connected to us. Issue a redirect... */
95	de132ae3	bcyrill	$protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://';
96			header("Location: {$protocol}{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}/{$orig_request}"));
97	65fbb388	Scott Ullrich
98	3b832418	bcyrill	ob_flush();
99			return;
100	5b237745	Scott Ullrich	}
101	de132ae3	bcyrill
102	7d61beba	Phil Davis	if (!empty($cpcfg['redirurl'])) {
103	b7ae00c0	bcyrill	$redirurl = $cpcfg['redirurl'];
104	7d61beba	Phil Davis	} else if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
105	adbb495c	Ermal	$redirurl = urldecode($matches[1]);
106	7d61beba	Phil Davis	} else if ($_REQUEST['redirurl']) {
107	adbb495c	Ermal	$redirurl = $_REQUEST['redirurl'];
108	7d61beba	Phil Davis	}
109	65fbb388	Scott Ullrich
110	b7ae00c0	bcyrill	$macfilter = !isset($cpcfg['nomacfilter']);
111			$passthrumac = isset($cpcfg['passthrumacadd']);
112	65fbb388	Scott Ullrich
113	5b237745	Scott Ullrich	/* find MAC address for client */
114	007161dc	Ermal	if ($macfilter \|\| $passthrumac) {
115	0d20a040	Ermal	$tmpres = pfSense_ip_to_mac($clientip);
116			if (!is_array($tmpres)) {
117	3b832418	bcyrill	/* unable to find MAC address - shouldn't happen! - bail out */
118	6c07db48	Phil Davis	captiveportal_logportalauth("unauthenticated", "noclientmac", $clientip, "ERROR");
119	3b832418	bcyrill	echo "An error occurred. Please check the system logs for more information.";
120	12feed15	Ermal	log_error("Zone: {$cpzone} - Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.");
121	3b832418	bcyrill	ob_flush();
122			return;
123	007161dc	Ermal	}
124	0d20a040	Ermal	$clientmac = $tmpres['macaddr'];
125			unset($tmpres);
126	5b237745	Scott Ullrich	}
127
128	65fbb388	Scott Ullrich	/* find out if we need RADIUS + RADIUSMAC or not */
129	b4792bf8	Ermal	if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) {
130	3b832418	bcyrill	$radius_enable = TRUE;
131	7d61beba	Phil Davis	if (isset($cpcfg['radmac_enable'])) {
132	3b832418	bcyrill	$radmac_enable = TRUE;
133	7d61beba	Phil Davis	}
134	65fbb388	Scott Ullrich	}
135	6e865a74	Scott Ullrich
136	ebc0e4b6	Ermal	/* find radius context */
137			$radiusctx = 'first';
138	7d61beba	Phil Davis	if ($_POST['auth_user2']) {
139	ebc0e4b6	Ermal	$radiusctx = 'second';
140	7d61beba	Phil Davis	}
141	ebc0e4b6	Ermal
142	65fbb388	Scott Ullrich	if ($_POST['logout_id']) {
143	532cb894	Ermal	echo <<<EOD
144	1d7ba683	ayvis	<html>
145			<head><title>Disconnecting...</title></head>
146			<body bgcolor="#435370">
147			<span style="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
148			<b>You have been disconnected.</b>
149			</span>
150	91f026b0	ayvis	<script type="text/javascript">
151	5b237745	Scott Ullrich	<!--
152			setTimeout('window.close();',5000) ;
153			-->
154	1d7ba683	ayvis	</script>
155			</body>
156			</html>
157	5b237745	Scott Ullrich
158			EOD;
159	006802ab	Ermal	captiveportal_disconnect_client($_POST['logout_id']);
160	3b832418	bcyrill
161	81ce28d8	Renato Botelho	} else if ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) {
162	6c07db48	Phil Davis	captiveportal_logportalauth($clientmac, $clientmac, $clientip, "Blocked MAC address");
163	7d61beba	Phil Davis	if (!empty($cpcfg['blockedmacsurl'])) {
164	8d5ddc09	Renato Botelho	portal_reply_page($cpcfg['blockedmacsurl'], "redir");
165	7d61beba	Phil Davis	} else {
166	8d5ddc09	Renato Botelho	portal_reply_page($redirurl, "error", "This MAC address has been blocked");
167	7d61beba	Phil Davis	}
168	8d5ddc09	Renato Botelho
169	6c07db48	Phil Davis	} else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac, $clientip, $radiusctx)) {
170	3b832418	bcyrill	/* radius functions handle everything so we exit here since we're done */
171	65fbb388	Scott Ullrich
172	8015e67b	Erik Fonnesbeck	} else if (portal_consume_passthrough_credit($clientmac)) {
173	3b832418	bcyrill	/* allow the client through if it had a pass-through credit for its MAC */
174	6c07db48	Phil Davis	captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT");
175	3b832418	bcyrill	portal_allow($clientip, $clientmac, "unauthenticated");
176	8015e67b	Erik Fonnesbeck
177	89341b50	Chris Buechler	} else if (isset($config['voucher'][$cpzone]['enable']) && $_POST['accept'] && $_POST['auth_voucher']) {
178	3b832418	bcyrill	$voucher = trim($_POST['auth_voucher']);
179			$timecredit = voucher_auth($voucher);
180			// $timecredit contains either a credit in minutes or an error message
181			if ($timecredit > 0) { // voucher is valid. Remaining minutes returned
182			// if multiple vouchers given, use the first as username
183	6c07db48	Phil Davis	$a_vouchers = preg_split("/[\t\n\r ]+/s", $voucher);
184	3b832418	bcyrill	$voucher = $a_vouchers[0];
185	6c07db48	Phil Davis	$attr = array(
186			'voucher' => 1,
187			'session_timeout' => $timecredit*60,
188			'session_terminate_time' => 0);
189			if (portal_allow($clientip, $clientmac, $voucher, null, $attr)) {
190	3b832418	bcyrill	// YES: user is good for $timecredit minutes.
191	6c07db48	Phil Davis	captiveportal_logportalauth($voucher, $clientmac, $clientip, "Voucher login good for $timecredit min.");
192	3b832418	bcyrill	} else {
193	4828d672	Gertjan	portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['descrmsgexpired'] ? $config['voucher'][$cpzone]['descrmsgexpired']: $errormsg);
194	3b832418	bcyrill	}
195			} else if (-1 == $timecredit) { // valid but expired
196	6c07db48	Phil Davis	captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE", "voucher expired");
197	4828d672	Gertjan	portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['descrmsgexpired'] ? $config['voucher'][$cpzone]['descrmsgexpired']: $errormsg);
198	3b832418	bcyrill	} else {
199	6c07db48	Phil Davis	captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE");
200	4828d672	Gertjan	portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['descrmsgnoaccess'] ? $config['voucher'][$cpzone]['descrmsgnoaccess'] : $errormsg);
201	3b832418	bcyrill	}
202	336e3c1c	Charlie
203	65fbb388	Scott Ullrich	} else if ($_POST['accept'] && $radius_enable) {
204	16a0308d	Michael Newton	if (($_POST['auth_user'] && isset($_POST['auth_pass'])) \|\| ($_POST['auth_user2'] && isset($_POST['auth_pass2']))) {
205	3b832418	bcyrill	if (!empty($_POST['auth_user'])) {
206			$user = $_POST['auth_user'];
207			$paswd = $_POST['auth_pass'];
208			} else if (!empty($_POST['auth_user2'])) {
209			$user = $_POST['auth_user2'];
210			$paswd = $_POST['auth_pass2'];
211			}
212	6c07db48	Phil Davis	$auth_list = radius($user, $paswd, $clientip, $clientmac, "USER LOGIN", $radiusctx);
213	3b832418	bcyrill	$type = "error";
214			if (!empty($auth_list['url_redirection'])) {
215			$redirurl = $auth_list['url_redirection'];
216			$type = "redir";
217			}
218
219			if ($auth_list['auth_val'] == 1) {
220	6c07db48	Phil Davis	captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR", $auth_list['error']);
221	3b832418	bcyrill	portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
222			} else if ($auth_list['auth_val'] == 3) {
223	6c07db48	Phil Davis	captiveportal_logportalauth($user, $clientmac, $clientip, "FAILURE", $auth_list['reply_message']);
224	3b832418	bcyrill	portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
225			}
226			} else {
227	7d61beba	Phil Davis	if (!empty($_POST['auth_user'])) {
228	3b832418	bcyrill	$user = $_POST['auth_user'];
229	7d61beba	Phil Davis	} else if (!empty($_POST['auth_user2'])) {
230	3b832418	bcyrill	$user = $_POST['auth_user2'];
231	7d61beba	Phil Davis	} else {
232	3b832418	bcyrill	$user = 'unknown';
233	7d61beba	Phil Davis	}
234	6c07db48	Phil Davis	captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR");
235	3b832418	bcyrill	portal_reply_page($redirurl, "error", $errormsg);
236	814992f7	Ermal	}
237	65fbb388	Scott Ullrich
238	b7ae00c0	bcyrill	} else if ($_POST['accept'] && $cpcfg['auth_method'] == "local") {
239	3b832418	bcyrill	if ($_POST['auth_user'] && $_POST['auth_pass']) {
240			//check against local user manager
241			$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
242	a8cb0038	Renato Botelho
243	7d61beba	Phil Davis	if ($loginok && isset($cpcfg['localauth_priv'])) {
244	a8cb0038	Renato Botelho	$loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login");
245	7d61beba	Phil Davis	}
246	a8cb0038	Renato Botelho
247	6c07db48	Phil Davis	if ($loginok) {
248			captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "LOGIN");
249			portal_allow($clientip, $clientmac, $_POST['auth_user']);
250	3b832418	bcyrill	} else {
251	6c07db48	Phil Davis	captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "FAILURE");
252	3b832418	bcyrill	portal_reply_page($redirurl, "error", $errormsg);
253			}
254	7d61beba	Phil Davis	} else {
255	90477318	Ermal	portal_reply_page($redirurl, "error", $errormsg);
256	7d61beba	Phil Davis	}
257	3b832418	bcyrill
258	b7ae00c0	bcyrill	} else if ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") {
259	6c07db48	Phil Davis	captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT");
260	3b832418	bcyrill	portal_allow($clientip, $clientmac, "unauthenticated");
261
262	65fbb388	Scott Ullrich	} else {
263	3b832418	bcyrill	/* display captive portal page */
264	6c07db48	Phil Davis	portal_reply_page($redirurl, "login", null, $clientmac, $clientip);
265	5b237745	Scott Ullrich	}
266
267	4a5feb83	Ermal	ob_flush();
268	03552507	Erik Fonnesbeck
269	60b66b60	Ermal	?>

Project

General

Profile

pfSense