/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ 24cbe7a8

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: captiveportal
32			*/
33	5b237745	Scott Ullrich
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-services-captiveportal
36			##\|*NAME=Services: Captive portal page
37			##\|*DESCR=Allow access to the 'Services: Captive portal' page.
38			##\|MATCH=services_captiveportal.php
39			##\|-PRIV
40
41	5633ab30	jim-p	$statusurl = "status_captiveportal.php";
42			$logurl = "diag_logs_auth.php";
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	7ab2b688	Scott Ullrich	require("functions.inc");
46			require("filter.inc");
47			require("shaper.inc");
48			require("captiveportal.inc");
49	5b237745	Scott Ullrich
50	6fde5a1e	Carlos Eduardo Ramos	$pgtitle = array(gettext("Services"),gettext("Captive portal"));
51
52	5b237745	Scott Ullrich	if (!is_array($config['captiveportal'])) {
53			$config['captiveportal'] = array();
54			$config['captiveportal']['page'] = array();
55			$config['captiveportal']['timeout'] = 60;
56			}
57
58			if ($_GET['act'] == "viewhtml") {
59			echo base64_decode($config['captiveportal']['page']['htmltext']);
60			exit;
61			} else if ($_GET['act'] == "viewerrhtml") {
62			echo base64_decode($config['captiveportal']['page']['errtext']);
63			exit;
64	5b87b24e	Ermal	} else if ($_GET['act'] == "viewlogouthtml") {
65			echo base64_decode($config['captiveportal']['page']['logouttext']);
66			exit;
67	5b237745	Scott Ullrich	}
68
69			$pconfig['cinterface'] = $config['captiveportal']['interface'];
70	0bd34ed6	Scott Ullrich	$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
71			$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
72	5b237745	Scott Ullrich	$pconfig['timeout'] = $config['captiveportal']['timeout'];
73			$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
74	03552507	Erik Fonnesbeck	$pconfig['freelogins_count'] = $config['captiveportal']['freelogins_count'];
75			$pconfig['freelogins_resettimeout'] = $config['captiveportal']['freelogins_resettimeout'];
76	e65d1a98	Erik Fonnesbeck	$pconfig['freelogins_updatetimeouts'] = isset($config['captiveportal']['freelogins_updatetimeouts']);
77	5b237745	Scott Ullrich	$pconfig['enable'] = isset($config['captiveportal']['enable']);
78	7faeda46	Scott Ullrich	$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
79	5b237745	Scott Ullrich	$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
80	0bd34ed6	Scott Ullrich	$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
81			$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
82	c980716e	Scott Ullrich	$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
83			$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
84	5b237745	Scott Ullrich	$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
85	8f29b892	Ermal	$pconfig['httpsname'] = $config['captiveportal']['httpsname'];
86	e0f1a8d6	Scott Ullrich	$pconfig['preauthurl'] = strtolower($config['captiveportal']['preauthurl']);
87	5b237745	Scott Ullrich	$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
88	c6e1b0f5	Ermal Lu?i	$pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']);
89	5b237745	Scott Ullrich	$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
90			$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
91	7e587bdb	Scott Ullrich	$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
92			$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
93			$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
94	5b237745	Scott Ullrich	$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
95	0bd34ed6	Scott Ullrich	$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
96	5b237745	Scott Ullrich	$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
97			$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
98	0bd34ed6	Scott Ullrich	$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
99	5b237745	Scott Ullrich	$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
100	0bd34ed6	Scott Ullrich	$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
101	5b237745	Scott Ullrich	$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
102			$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
103	0bd34ed6	Scott Ullrich	$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
104			$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
105	2342bfb0	Ermal Lu?i	$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
106	822b687b	Ermal	$pconfig['radiussrcip_attribute'] = $config['captiveportal']['radiussrcip_attribute'];
107	6ce61a8f	Ermal	$pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']);
108	1c291e64	Ermal	$pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']);
109	d11c1f93	sullrich	$pconfig['radmac_format'] = $config['captiveportal']['radmac_format'];
110	5b237745	Scott Ullrich
111			if ($_POST) {
112
113			unset($input_errors);
114			$pconfig = $_POST;
115
116			/* input validation */
117			if ($_POST['enable']) {
118			$reqdfields = explode(" ", "cinterface");
119	6fde5a1e	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Interface"));
120	a5c0b6c7	Scott Ullrich
121	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
122	a5c0b6c7	Scott Ullrich
123	0bd34ed6	Scott Ullrich	/* make sure no interfaces are bridged */
124	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
125			foreach ($pconfig['cinterface'] as $cpbrif)
126			if (link_interface_to_bridge($cpbrif))
127			$input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif);
128	a5c0b6c7	Scott Ullrich
129	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
130			if (!$_POST['cert'] \|\| !$_POST['key']) {
131	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("Certificate and key must be specified for HTTPS login.");
132	5b237745	Scott Ullrich	} else {
133			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
134	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("This certificate does not appear to be valid.");
135	c6e1b0f5	Ermal Lu?i	if (!strstr($_POST['cacert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cacert'], "END CERTIFICATE"))
136	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("This intermmediate certificate does not appear to be valid.");
137	5b237745	Scott Ullrich	if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
138	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("This key does not appear to be valid.");
139	5b237745	Scott Ullrich	}
140	a5c0b6c7	Scott Ullrich
141	5b237745	Scott Ullrich	if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
142	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login.");
143	5b237745	Scott Ullrich	}
144			}
145			}
146	a5c0b6c7	Scott Ullrich
147	5b237745	Scott Ullrich	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))) {
148	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The timeout must be at least 1 minute.");
149	5b237745	Scott Ullrich	}
150			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
151	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The idle timeout must be at least 1 minute.");
152	5b237745	Scott Ullrich	}
153	03552507	Erik Fonnesbeck	if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) {
154	49f61a1c	Erik Fonnesbeck	$input_errors[] = gettext("The pass-through credit count must be a number or left blank.");
155			} else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) {
156			if (empty($_POST['freelogins_resettimeout']) \|\| !is_numeric($_POST['freelogins_resettimeout']) \|\| ($_POST['freelogins_resettimeout'] <= 0)) {
157			$input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours.");
158			}
159	03552507	Erik Fonnesbeck	}
160	5b237745	Scott Ullrich	if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
161	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']);
162	5b237745	Scott Ullrich	}
163	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
164	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']);
165	0bd34ed6	Scott Ullrich	}
166	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
167	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']);
168	5b237745	Scott Ullrich	}
169	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
170	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']);
171	0bd34ed6	Scott Ullrich	}
172	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
173	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']);
174	0bd34ed6	Scott Ullrich	}
175			if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
176	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The total maximum number of concurrent connections must be between 4 and 100.");
177	0bd34ed6	Scott Ullrich	}
178			$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
179			if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) \|\| ($_POST['maxprocperip'] > $mymaxproc))) {
180	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum.");
181	5b237745	Scott Ullrich	}
182
183			if (!$input_errors) {
184	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
185			$config['captiveportal']['interface'] = implode(",", $_POST['cinterface']);
186	0bd34ed6	Scott Ullrich	$config['captiveportal']['maxproc'] = $_POST['maxproc'];
187			$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
188	5b237745	Scott Ullrich	$config['captiveportal']['timeout'] = $_POST['timeout'];
189			$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
190	03552507	Erik Fonnesbeck	$config['captiveportal']['freelogins_count'] = $_POST['freelogins_count'];
191			$config['captiveportal']['freelogins_resettimeout'] = $_POST['freelogins_resettimeout'];
192			$config['captiveportal']['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false;
193	0bd34ed6	Scott Ullrich	$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
194	7faeda46	Scott Ullrich	$config['captiveportal']['auth_method'] = $_POST['auth_method'];
195	0bd34ed6	Scott Ullrich	$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
196			$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
197			$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
198			$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
199	c980716e	Scott Ullrich	$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
200	0bd34ed6	Scott Ullrich	$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
201	5b237745	Scott Ullrich	$config['captiveportal']['httpsname'] = $_POST['httpsname'];
202	e0f1a8d6	Scott Ullrich	$config['captiveportal']['preauthurl'] = $_POST['preauthurl'];
203	7e587bdb	Scott Ullrich	$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
204			$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
205			$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
206	5b237745	Scott Ullrich	$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
207	c6e1b0f5	Ermal Lu?i	$config['captiveportal']['cacertificate'] = base64_encode($_POST['cacert']);
208	5b237745	Scott Ullrich	$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
209	0bd34ed6	Scott Ullrich	$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
210			$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
211			$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
212	5b237745	Scott Ullrich	$config['captiveportal']['redirurl'] = $_POST['redirurl'];
213			$config['captiveportal']['radiusip'] = $_POST['radiusip'];
214	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
215	5b237745	Scott Ullrich	$config['captiveportal']['radiusport'] = $_POST['radiusport'];
216	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
217	5b237745	Scott Ullrich	$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
218			$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
219	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
220			$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
221	2342bfb0	Ermal Lu?i	$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
222	8aede55b	Ermal	$config['captiveportal']['radiussrcip_attribute'] = $_POST['radiussrcip_attribute'];
223	6ce61a8f	Ermal	$config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
224	1c291e64	Ermal	$config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
225	6ce61a8f	Ermal	$config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
226	a5c0b6c7	Scott Ullrich
227	5b237745	Scott Ullrich	/* file upload? */
228			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
229			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
230	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
231	5b237745	Scott Ullrich	$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
232	5b87b24e	Ermal	if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
233			$config['captiveportal']['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
234	a5c0b6c7	Scott Ullrich
235	5b237745	Scott Ullrich	write_config();
236	a5c0b6c7	Scott Ullrich
237	5b237745	Scott Ullrich	$retval = 0;
238	ea1eac37	Scott Ullrich	$retval = captiveportal_configure();
239
240	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
241	f8b11310	Ermal Lu?i
242	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
243			$pconfig['cinterface'] = implode(",", $_POST['cinterface']);
244	8e9adb53	Ermal
245			filter_configure();
246	5b237745	Scott Ullrich	}
247			}
248	3d4bd975	Scott Ullrich	include("head.inc");
249	5b237745	Scott Ullrich	?>
250	9699028a	Scott Ullrich	<?php include("fbegin.inc"); ?>
251	5b237745	Scott Ullrich	<script language="JavaScript">
252			<!--
253			function enable_change(enable_change) {
254	0bd34ed6	Scott Ullrich	var endis, radius_endis;
255	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
256	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
257	a5c0b6c7	Scott Ullrich
258	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
259	54611f24	Scott Ullrich	//document.iform.maxproc.disabled = endis;
260	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
261	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
262	03552507	Erik Fonnesbeck	document.iform.freelogins_count.disabled = endis;
263			document.iform.freelogins_resettimeout.disabled = endis;
264			document.iform.freelogins_updatetimeouts.disabled = endis;
265	07bd3f83	Scott Ullrich	document.iform.timeout.disabled = endis;
266	f5adee3f	jim-p	document.iform.preauthurl.disabled = endis;
267	07bd3f83	Scott Ullrich	document.iform.redirurl.disabled = endis;
268	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
269			document.iform.radiusip2.disabled = radius_endis;
270			document.iform.radiusport.disabled = radius_endis;
271			document.iform.radiusport2.disabled = radius_endis;
272			document.iform.radiuskey.disabled = radius_endis;
273			document.iform.radiuskey2.disabled = radius_endis;
274	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
275	f5fa7d5e	Ermal Luçi	document.iform.peruserbw.disabled = endis;
276			document.iform.bwdefaultdn.disabled = endis;
277			document.iform.bwdefaultup.disabled = endis;
278	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
279	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
280			document.iform.auth_method[1].disabled = endis;
281			document.iform.auth_method[2].disabled = endis;
282	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
283	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
284	d11c1f93	sullrich	document.iform.radmac_format.disabled = radius_endis;
285	07bd3f83	Scott Ullrich	document.iform.httpsname.disabled = endis;
286			document.iform.cert.disabled = endis;
287	f5adee3f	jim-p	document.iform.cacert.disabled = endis;
288	07bd3f83	Scott Ullrich	document.iform.key.disabled = endis;
289			document.iform.logoutwin_enable.disabled = endis;
290	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
291	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
292			document.iform.radiusvendor.disabled = radius_endis;
293	2342bfb0	Ermal Lu?i	document.iform.radiussession_timeout.disabled = radius_endis;
294	822b687b	Ermal	document.iform.radiussrcip_attribute.disabled = radius_endis;
295	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
296			document.iform.errfile.disabled = endis;
297	5b87b24e	Ermal	document.iform.logoutfile.disabled = endis;
298	a5c0b6c7	Scott Ullrich
299	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
300	a5c0b6c7	Scott Ullrich
301	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
302	a5c0b6c7	Scott Ullrich
303	88adfa28	Warren Baker	var radacct_dis = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
304			document.iform.reauthenticateacct[0].disabled = radacct_dis;
305			document.iform.reauthenticateacct[1].disabled = radacct_dis;
306			document.iform.reauthenticateacct[2].disabled = radacct_dis;
307	5b237745	Scott Ullrich	}
308			//-->
309			</script>
310	93588e1a	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
311	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
312			<?php if ($savemsg) print_info_box($savemsg); ?>
313			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
314			<table width="100%" border="0" cellpadding="0" cellspacing="0">
315	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
316	64b85ffe	Scott Ullrich	<?php
317			$tab_array = array();
318	6fde5a1e	Carlos Eduardo Ramos	$tab_array[] = array(gettext("Captive portal"), true, "services_captiveportal.php");
319			$tab_array[] = array(gettext("Pass-through MAC"), false, "services_captiveportal_mac.php");
320			$tab_array[] = array(gettext("Allowed IP addresses"), false, "services_captiveportal_ip.php");
321	620ac186	Scott Ullrich	$tab_array[] = array(gettext("Allowed Hostnames"), false, "services_captiveportal_hostname.php");
322	6fde5a1e	Carlos Eduardo Ramos	$tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_vouchers.php");
323			$tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php");
324	9592c132	Scott Ullrich	display_top_tabs($tab_array, true);
325	0bd34ed6	Scott Ullrich	?> </td></tr>
326	5b237745	Scott Ullrich	<tr>
327	c980716e	Scott Ullrich	<td class="tabcont">
328			<table width="100%" border="0" cellpadding="6" cellspacing="0">
329	a5c0b6c7	Scott Ullrich	<tr>
330	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
331			<td width="78%" class="vtable">
332			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
333	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable captive portal"); ?> </strong></td>
334	5b237745	Scott Ullrich	</tr>
335	a5c0b6c7	Scott Ullrich	<tr>
336	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interfaces"); ?></td>
337	5b237745	Scott Ullrich	<td width="78%" class="vtable">
338	d823b81c	sullrich	<select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface">
339	af98cced	Scott Ullrich	<?php
340	fbb45bb0	Ermal Luçi	$interfaces = get_configured_interface_with_descr();
341	c980716e	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
342	f8b11310	Ermal Lu?i	<option value="<?=$iface;?>" <?php if (stristr($pconfig['cinterface'], $iface)) echo "selected"; ?>>
343	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
344			</option>
345			<?php endforeach; ?>
346			</select> <br>
347	16457bdd	Renato Botelho	<span class="vexpl"><?=gettext("Select the interface(s) to enable for captive portal."); ?></span></td>
348	5b237745	Scott Ullrich	</tr>
349	4362e48a	Scott Ullrich	<tr>
350	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Maximum concurrent connections"); ?></td>
351	4362e48a	Scott Ullrich	<td class="vtable">
352			<table cellpadding="0" cellspacing="0">
353			<tr>
354	b5c78501	Seth Mos	<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5"
355	6fde5a1e	Carlos Eduardo Ramos	value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client IP address (0 = no limit)"); ?></td>
356	4362e48a	Scott Ullrich	</tr>
357			</table>
358	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in " .
359			"to the captive portal, but rather how many users can load the portal page or authenticate at the same time! " .
360	16457bdd	Renato Botelho	"Default is 4 connections per client IP address, with a total maximum of 16 connections."); ?></td>
361	4362e48a	Scott Ullrich	</tr>
362	5b237745	Scott Ullrich	<tr>
363	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Idle timeout"); ?></td>
364	5b237745	Scott Ullrich	<td class="vtable">
365	b5c78501	Seth Mos	<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
366	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
367	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout."); ?></td>
368	5b237745	Scott Ullrich	</tr>
369	a5c0b6c7	Scott Ullrich	<tr>
370	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Hard timeout"); ?></td>
371	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
372	b5c78501	Seth Mos	<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
373	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
374	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td>
375	5b237745	Scott Ullrich	</tr>
376	03552507	Erik Fonnesbeck	<tr>
377	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td>
378	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
379			<input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>">
380			<?=gettext("per client MAC address (0 or blank = none)"); ?><br>
381			<?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?></td>
382			</tr>
383			<tr>
384	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td>
385	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
386			<input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>">
387			<?=gettext("hours"); ?><br>
388	49f61a1c	Erik Fonnesbeck	<?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?></td>
389	03552507	Erik Fonnesbeck	</tr>
390			<tr>
391	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td>
392	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
393			<input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if($pconfig['freelogins_updatetimeouts']) echo "checked"; ?>>
394			<strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br>
395	49f61a1c	Erik Fonnesbeck	<?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td>
396	03552507	Erik Fonnesbeck	</tr>
397	a5c0b6c7	Scott Ullrich	<tr>
398	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td>
399	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
400	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
401	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable logout popup window"); ?></strong><br>
402	16457bdd	Renato Botelho	<?=gettext("If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs."); ?></td>
403	5b237745	Scott Ullrich	</tr>
404	a00e1d89	Scott Ullrich	<tr>
405			<td valign="top" class="vncell"><?=gettext("Pre-authentication redirect URL"); ?> </td>
406			<td class="vtable">
407			<input name="preauthurl" type="text" class="formfld url" id="preauthurl" size="60" value="<?=htmlspecialchars($pconfig['preauthurl']);?>"><br>
408			<?php printf(gettext("Use this field to set \$PORTAL_REDIRURL\$ variable which can be accessed using your custom captive portal index.php page or error pages."));?>
409			</td>
410			</tr>
411	5b237745	Scott Ullrich	<tr>
412	ecc19349	Scott Ullrich	<td valign="top" class="vncell"><?=gettext("After authentication Redirection URL"); ?></td>
413	5b237745	Scott Ullrich	<td class="vtable">
414	b5c78501	Seth Mos	<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
415	5b237745	Scott Ullrich	<br>
416	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried " .
417	16457bdd	Renato Botelho	"to access after they've authenticated."); ?></td>
418	5b237745	Scott Ullrich	</tr>
419			<tr>
420	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td>
421	0bd34ed6	Scott Ullrich	<td class="vtable">
422			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
423	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable concurrent logins"); ?></strong><br>
424	16457bdd	Renato Botelho	<?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?></td>
425	0bd34ed6	Scott Ullrich	</tr>
426			<tr>
427	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("MAC filtering"); ?> </td>
428	c980716e	Scott Ullrich	<td class="vtable">
429			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
430	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable MAC filtering"); ?></strong><br>
431			<?=gettext("If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in." .
432	16457bdd	Renato Botelho	"This is required when the MAC address of the client cannot be determined (usually because there are routers between"); ?> <?php echo $g['product_name'] ?> <?=gettext("and the clients)."); ?>
433			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used."); ?></td>
434	7e587bdb	Scott Ullrich	</tr>
435			<tr>
436	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Pass-through MAC Auto Entry"); ?></td>
437	6ce61a8f	Ermal	<td class="vtable">
438			<input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>>
439	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic additions"); ?></strong><br>
440	16457bdd	Renato Botelho	<?=gettext("If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again."); ?>
441			<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("Pass-through MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
442			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown."); ?>
443	1c291e64	Ermal	<br/><br/>
444			<input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
445	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic addition with username"); ?></strong><br>
446	16457bdd	Renato Botelho	<?=gettext("If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved."); ?>
447			<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("Pass-through MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
448	1c291e64	Ermal	</td>
449	6ce61a8f	Ermal	</tr>
450			<tr>
451	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td>
452	7e587bdb	Scott Ullrich	<td class="vtable">
453			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
454	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable per-user bandwidth restriction"); ?></strong><br><br>
455	7e587bdb	Scott Ullrich	<table cellpadding="0" cellspacing="0">
456			<tr>
457	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default download"); ?></td>
458			<td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> <?=gettext("Kbit/s"); ?></td>
459	7e587bdb	Scott Ullrich	</tr>
460			<tr>
461	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default upload"); ?></td>
462			<td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> <?=gettext("Kbit/s"); ?></td>
463	7e587bdb	Scott Ullrich	</tr></table>
464			<br>
465	16457bdd	Renato Botelho	<?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> </td>
466	7e587bdb	Scott Ullrich	</tr>
467	a5c0b6c7	Scott Ullrich	<tr>
468	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td>
469	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
470	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
471			<tr>
472	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
473	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("No Authentication"); ?></td>
474	c980716e	Scott Ullrich	</tr>
475			<tr>
476	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
477	58f963d0	Scott Ullrich	<?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td>
478	c980716e	Scott Ullrich	</tr>
479			<tr>
480	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
481	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("RADIUS Authentication"); ?></td>
482	c980716e	Scott Ullrich	</tr><tr>
483			<td> </td>
484			<td> </td>
485			</tr>
486			</table>
487	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
488	a5c0b6c7	Scott Ullrich	<tr>
489	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td>
490	0bd34ed6	Scott Ullrich	</tr>
491			<tr>
492	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
493	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
494	16457bdd	Renato Botelho	<?=gettext("Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against."); ?></td>
495	0bd34ed6	Scott Ullrich	</tr>
496			<tr>
497	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
498	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
499	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to use the default port (1812)."); ?></td>
500	0bd34ed6	Scott Ullrich	</tr>
501			<tr>
502	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
503	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
504	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to not use a RADIUS shared secret (not recommended)."); ?></td>
505	0bd34ed6	Scott Ullrich	</tr>
506	a5c0b6c7	Scott Ullrich	<tr>
507	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
508			</tr>
509			<tr>
510	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td>
511	0bd34ed6	Scott Ullrich	</tr>
512			<tr>
513	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
514	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
515	16457bdd	Renato Botelho	<?=gettext("If you have a second RADIUS server, you can activate it by entering its IP address here."); ?></td>
516	0bd34ed6	Scott Ullrich	</tr>
517			<tr>
518	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
519	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
520	0bd34ed6	Scott Ullrich	</tr>
521			<tr>
522	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
523	0b704a40	Ermal	<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
524	0bd34ed6	Scott Ullrich	</tr>
525			<tr>
526			<td colspan="2" class="list" height="12"></td>
527			</tr>
528	856e58a6	Scott Ullrich	<tr>
529	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Accounting"); ?></td>
530	856e58a6	Scott Ullrich	</tr>
531			<tr>
532			<td class="vncell"> </td>
533			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
534	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("send RADIUS accounting packets"); ?></strong><br>
535	16457bdd	Renato Botelho	<?=gettext("If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server."); ?></td>
536	856e58a6	Scott Ullrich	</tr>
537			<tr>
538	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting port"); ?></td>
539	b5c78501	Seth Mos	<td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
540	16457bdd	Renato Botelho	<?=gettext("Leave blank to use the default port (1813)."); ?></td>
541	856e58a6	Scott Ullrich	</tr>
542			<tr>
543			<td colspan="2" class="list" height="12"></td>
544			</tr>
545			<tr>
546	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Reauthentication"); ?></td>
547	856e58a6	Scott Ullrich	</tr>
548			<tr>
549			<td class="vncell"> </td>
550			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
551	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br>
552			<?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " .
553	16457bdd	Renato Botelho	"logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td>
554	856e58a6	Scott Ullrich	</tr>
555			<tr>
556	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td>
557	856e58a6	Scott Ullrich	<td class="vtable">
558	6fde5a1e	Carlos Eduardo Ramos	<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> <?=gettext("no accounting updates"); ?><br>
559			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> <?=gettext("stop/start accounting"); ?><br>
560			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> <?=gettext("interim update"); ?>
561	856e58a6	Scott Ullrich	</td>
562			</tr>
563			<tr>
564			<td colspan="2" class="list" height="12"></td>
565			</tr>
566	0bd34ed6	Scott Ullrich	<tr>
567	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("RADIUS MAC authentication"); ?></td>
568	0bd34ed6	Scott Ullrich	</tr>
569			<tr>
570			<td class="vncell"> </td>
571			<td class="vtable">
572	6fde5a1e	Carlos Eduardo Ramos	<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br>
573			<?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " .
574	16457bdd	Renato Botelho	"entered below to the RADIUS server."); ?></td>
575	0bd34ed6	Scott Ullrich	</tr>
576			<tr>
577	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell"><?=gettext("Shared secret"); ?></td>
578	b5c78501	Seth Mos	<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
579	0bd34ed6	Scott Ullrich	</tr>
580			<tr>
581			<td colspan="2" class="list" height="12"></td>
582			</tr>
583			<tr>
584	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("RADIUS options"); ?></td>
585	0bd34ed6	Scott Ullrich	</tr>
586	cf0542ac	Scott Ullrich
587	822b687b	Ermal	<tr>
588	d440e668	Chris Buechler	<td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td>
589	822b687b	Ermal	<td>
590			<select name="radiussrcip_attribute" id="radiussrcip_attribute">
591			<?php $iflist = get_configured_interface_with_descr();
592			foreach ($iflist as $ifdesc => $ifdescr) {
593			$ipaddr = get_interface_ip($ifdesc);
594			if (is_ipaddr($ipaddr)) {
595			$selected = "";
596			if ($ipaddr == $pconfig['radiussrcip_attribute'])
597			$ifdesc = "selected";
598			echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n";
599			}
600			}
601	34e9ca60	Ermal	if (is_array($config['virtualip']['vip'])) {
602			foreach ($config['virtualip']['vip'] as $sn) {
603			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
604			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
605			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
606			$len = $end - $start;
607
608			for ($i = 0; $i <= $len; $i++) {
609			$snip = long2ip32($start+$i);
610			echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n";
611			}
612			} else
613			echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n";
614			}
615			}
616	822b687b	Ermal	?>
617			</select><br/>
618	375828d9	Chris Buechler	<?=gettext("Choose the IP to use for calling station attribute."); ?>
619	822b687b	Ermal	</td>
620			</tr>
621
622	0bd34ed6	Scott Ullrich	<tr>
623	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Session-Timeout"); ?></td>
624			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong><?=gettext("Use RADIUS Session-Timeout attributes"); ?></strong><br>
625	16457bdd	Renato Botelho	<?=gettext("When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute."); ?></td>
626	0bd34ed6	Scott Ullrich	</tr>
627	cf0542ac	Scott Ullrich
628	0bd34ed6	Scott Ullrich	<tr>
629	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Type"); ?></td>
630	0bd34ed6	Scott Ullrich	<td class="vtable"><select name="radiusvendor" id="radiusvendor">
631	6fde5a1e	Carlos Eduardo Ramos	<option><?=gettext("default"); ?></option>
632	a5c0b6c7	Scott Ullrich	<?php
633	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
634			foreach ($radiusvendors as $radiusvendor){
635			if ($pconfig['radiusvendor'] == $radiusvendor)
636			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
637			else
638			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
639			}
640			?></select><br>
641	3b7f0f53	Erik Fonnesbeck	<?php printf(gettext("If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and " .
642			"the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = %s's WAN IP address."),
643	16457bdd	Renato Botelho	$g['product_name']);?></td>
644	0bd34ed6	Scott Ullrich	</tr>
645			</table>
646	5b237745	Scott Ullrich	</tr>
647	d11c1f93	sullrich	<tr>
648	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td>
649	d11c1f93	sullrich	<td class="vtable">
650			<select name="radmac_format" id="radmac_format">
651	6fde5a1e	Carlos Eduardo Ramos	<option><?=gettext("default"); ?></option>
652	d11c1f93	sullrich	<?php
653	6fde5a1e	Carlos Eduardo Ramos	$macformats = array(gettext("singledash"),gettext("ietf"),gettext("cisco"),gettext("unformatted"));
654	d11c1f93	sullrich	foreach ($macformats as $macformat) {
655			if ($pconfig['radmac_format'] == $macformat)
656			echo "<option selected value=\"$macformat\">$macformat</option>\n";
657			else
658			echo "<option value=\"$macformat\">$macformat</option>\n";
659			}
660			?>
661			</select></br>
662	60f13e63	Carlos Eduardo Ramos	<?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?>
663	16457bdd	Renato Botelho	<?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br>
664			<?=gettext("default:"); ?> 00:11:22:33:44:55<br>
665			<?=gettext("singledash:"); ?> 001122-334455<br>
666			<?=gettext("ietf:"); ?> 00-11-22-33-44-55<br>
667			<?=gettext("cisco:"); ?> 0011.2233.4455<br>
668			<?=gettext("unformatted:"); ?> 001122334455
669	d11c1f93	sullrich	</tr>
670	5b237745	Scott Ullrich	<tr>
671	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td>
672	5b237745	Scott Ullrich	<td class="vtable">
673	c980716e	Scott Ullrich	<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
674	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable HTTPS login"); ?></strong><br>
675	16457bdd	Renato Botelho	<?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below."); ?></td>
676	5b237745	Scott Ullrich	</tr>
677			<tr>
678	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td>
679	5b237745	Scott Ullrich	<td class="vtable">
680	b5c78501	Seth Mos	<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
681	3b7f0f53	Erik Fonnesbeck	<?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td>
682	5b237745	Scott Ullrich	</tr>
683			<tr>
684	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS certificate"); ?></td>
685	5b237745	Scott Ullrich	<td class="vtable">
686			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
687			<br>
688	16457bdd	Renato Botelho	<?=gettext("Paste a signed certificate in X.509 PEM format here."); ?></td>
689	5b237745	Scott Ullrich	</tr>
690			<tr>
691	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS private key"); ?></td>
692	5b237745	Scott Ullrich	<td class="vtable">
693			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
694			<br>
695	16457bdd	Renato Botelho	<?=gettext("Paste an RSA private key in PEM format here."); ?></td>
696	5b237745	Scott Ullrich	</tr>
697	c6e1b0f5	Ermal Lu?i	<tr>
698	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS intermediate certificate"); ?></td>
699	c6e1b0f5	Ermal Lu?i	<td class="vtable">
700			<textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea>
701			<br>
702	16457bdd	Renato Botelho	<?=gettext("Paste a certificate in X.509 PEM format here."); ?></td>
703	c6e1b0f5	Ermal Lu?i	</tr>
704	a5c0b6c7	Scott Ullrich	<tr>
705	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Portal page contents"); ?></td>
706	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
707	b5c78501	Seth Mos	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
708	16f5fe76	Scott Ullrich	<?php
709			list($host) = explode(":", $_SERVER['HTTP_HOST']);
710			if(isset($config['captiveportal']['httpslogin'])) {
711			$href = "https://$host:8001";
712			} else {
713			$href = "http://$host:8000";
714	a5c0b6c7	Scott Ullrich	}
715	16f5fe76	Scott Ullrich	?>
716	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['htmltext']): ?>
717	6fde5a1e	Carlos Eduardo Ramos	<a href="<?=$href?>" target="_new"><?=gettext("View current page"); ?></a>
718	5b237745	Scott Ullrich	<br>
719			<br>
720			<?php endif; ?>
721	3b7f0f53	Erik Fonnesbeck	<?php
722	16457bdd	Renato Botelho	printf(
723	3b7f0f53	Erik Fonnesbeck	gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' .
724			'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' .
725			'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'),
726	16457bdd	Renato Botelho	""{$PORTAL_ACTION}"",
727			"name="accept"",
728			"name="redirurl"",
729			"value="{$PORTAL_REDIRURL}"",
730			""auth_user"",
731			""auth_pass"",
732			""auth_voucher"");
733			?>
734			<?=gettext("Example code for the form:"); ?><br>
735	5b237745	Scott Ullrich	<br>
736			<tt><form method="post" action="$PORTAL_ACTION$"><br>
737			<input name="auth_user" type="text"><br>
738			<input name="auth_pass" type="password"><br>
739	336e3c1c	Charlie	<input name="auth_voucher" type="text"><br>
740	5b237745	Scott Ullrich	<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
741			<input name="accept" type="submit" value="Continue"><br>
742			</form></tt></td>
743			</tr>
744			<tr>
745	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?><br>
746			<?=gettext("error page"); ?><br>
747			<?=gettext("contents"); ?></td>
748	5b237745	Scott Ullrich	<td class="vtable">
749	b5c78501	Seth Mos	<input name="errfile" type="file" class="formfld file" id="errfile"><br>
750	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['errtext']): ?>
751	6fde5a1e	Carlos Eduardo Ramos	<a href="?act=viewerrhtml" target="_blank"><?=gettext("View current page"); ?></a>
752	5b237745	Scott Ullrich	<br>
753			<br>
754			<?php endif; ?>
755	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " .
756	16457bdd	Renato Botelho	"You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td>
757	5b87b24e	Ermal	</tr>
758			<tr>
759	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout"); ?><br>
760			<?=gettext("page"); ?><br>
761			<?=gettext("contents"); ?></td>
762	5b87b24e	Ermal	<td class="vtable">
763			<input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
764			<?php if ($config['captiveportal']['page']['logouttext']): ?>
765	6fde5a1e	Carlos Eduardo Ramos	<a href="?act=viewlogouthtml" target="_blank"><?=gettext("View current page"); ?></a>
766	5b87b24e	Ermal	<br>
767			<br>
768			<?php endif; ?>
769	a36e98ff	Erik Fonnesbeck	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?></td>
770	5b237745	Scott Ullrich	</tr>
771	a5c0b6c7	Scott Ullrich	<tr>
772	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
773	a5c0b6c7	Scott Ullrich	<td width="78%">
774	6fde5a1e	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)">
775	5b237745	Scott Ullrich	</td>
776			</tr>
777	a5c0b6c7	Scott Ullrich	<tr>
778	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
779	16457bdd	Renato Botelho	<td width="78%"><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br>
780			</strong></span><?=gettext("Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."); ?> </span></td>
781	5b237745	Scott Ullrich	</tr>
782			</table>
783			</td>
784			</tr>
785			</table>
786			</form>
787			<script language="JavaScript">
788			<!--
789			enable_change(false);
790			//-->
791			</script>
792			<?php include("fend.inc"); ?>
793	93588e1a	Scott Dale	</body>
794			</html>

Project

General

Profile

pfSense