Revision 3e5c0ab7
Added by Ermal LUÇI over 14 years ago
| etc/inc/captiveportal.inc | ||
|---|---|---|
| 726 | 726 |
* had a chance to iterate over all accounts. |
| 727 | 727 |
*/ |
| 728 | 728 |
$unsetindexes = array(); |
| 729 |
$no_users = count($cpdb); |
|
| 730 |
for ($i = 0; $i < $no_users; $i++) {
|
|
| 729 |
foreach ($cpdb as $cpentry) {
|
|
| 731 | 730 |
|
| 732 | 731 |
$timedout = false; |
| 733 | 732 |
$term_cause = 1; |
| 734 | 733 |
|
| 735 | 734 |
/* hard timeout? */ |
| 736 | 735 |
if ($timeout) {
|
| 737 |
if ((time() - $cpdb[$i][0]) >= $timeout) {
|
|
| 736 |
if ((time() - $cpentry[0]) >= $timeout) {
|
|
| 738 | 737 |
$timedout = true; |
| 739 | 738 |
$term_cause = 5; // Session-Timeout |
| 740 | 739 |
} |
| 741 | 740 |
} |
| 742 | 741 |
|
| 743 | 742 |
/* Session-Terminate-Time */ |
| 744 |
if (!$timedout && !empty($cpdb[$i][9])) {
|
|
| 745 |
if (time() >= $cpdb[$i][9]) {
|
|
| 743 |
if (!$timedout && !empty($cpentry[9])) {
|
|
| 744 |
if (time() >= $cpentry[9]) {
|
|
| 746 | 745 |
$timedout = true; |
| 747 | 746 |
$term_cause = 5; // Session-Timeout |
| 748 | 747 |
} |
| 749 | 748 |
} |
| 750 | 749 |
|
| 751 | 750 |
/* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ |
| 752 |
$uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout;
|
|
| 751 |
$uidletimeout = (is_numeric($cpentry[8])) ? $cpentry[8] : $idletimeout;
|
|
| 753 | 752 |
/* if an idle timeout is specified, get last activity timestamp from ipfw */ |
| 754 | 753 |
if (!$timedout && $uidletimeout) {
|
| 755 |
$lastact = captiveportal_get_last_activity($cpdb[$i][2]);
|
|
| 754 |
$lastact = captiveportal_get_last_activity($cpentry[2]);
|
|
| 756 | 755 |
/* If the user has logged on but not sent any traffic they will never be logged out. |
| 757 | 756 |
* We "fix" this by setting lastact to the login timestamp. |
| 758 | 757 |
*/ |
| 759 |
$lastact = $lastact ? $lastact : $cpdb[$i][0];
|
|
| 758 |
$lastact = $lastact ? $lastact : $cpentry[0];
|
|
| 760 | 759 |
if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
|
| 761 | 760 |
$timedout = true; |
| 762 | 761 |
$term_cause = 4; // Idle-Timeout |
| ... | ... | |
| 765 | 764 |
} |
| 766 | 765 |
|
| 767 | 766 |
/* if vouchers are configured, activate session timeouts */ |
| 768 |
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) {
|
|
| 769 |
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
| 767 |
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) {
|
|
| 768 |
if (time() >= ($cpentry[0] + $cpentry[7])) {
|
|
| 770 | 769 |
$timedout = true; |
| 771 | 770 |
$term_cause = 5; // Session-Timeout |
| 772 | 771 |
} |
| 773 | 772 |
} |
| 774 | 773 |
|
| 775 | 774 |
/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ |
| 776 |
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) {
|
|
| 777 |
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
| 775 |
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) {
|
|
| 776 |
if (time() >= ($cpentry[0] + $cpentry[7])) {
|
|
| 778 | 777 |
$timedout = true; |
| 779 | 778 |
$term_cause = 5; // Session-Timeout |
| 780 | 779 |
} |
| 781 | 780 |
} |
| 782 | 781 |
|
| 783 | 782 |
if ($timedout) {
|
| 784 |
captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time);
|
|
| 785 |
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT");
|
|
| 786 |
$unsetindexes[] = $cpdb[$i][5];
|
|
| 783 |
captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time);
|
|
| 784 |
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT");
|
|
| 785 |
$unsetindexes[] = $cpentry[5];
|
|
| 787 | 786 |
} |
| 788 | 787 |
|
| 789 | 788 |
/* do periodic RADIUS reauthentication? */ |
| ... | ... | |
| 791 | 790 |
if (isset($config['captiveportal']['radacct_enable'])) {
|
| 792 | 791 |
if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
|
| 793 | 792 |
/* stop and restart accounting */ |
| 794 |
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
|
|
| 795 |
$cpdb[$i][4], // username
|
|
| 796 |
$cpdb[$i][5], // sessionid
|
|
| 797 |
$cpdb[$i][0], // start time
|
|
| 793 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
|
| 794 |
$cpentry[4], // username
|
|
| 795 |
$cpentry[5], // sessionid
|
|
| 796 |
$cpentry[0], // start time
|
|
| 798 | 797 |
$radiusservers, |
| 799 |
$cpdb[$i][2], // clientip
|
|
| 800 |
$cpdb[$i][3], // clientmac
|
|
| 798 |
$cpentry[2], // clientip
|
|
| 799 |
$cpentry[3], // clientmac
|
|
| 801 | 800 |
10); // NAS Request |
| 802 |
exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}");
|
|
| 803 |
exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}");
|
|
| 804 |
RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno
|
|
| 805 |
$cpdb[$i][4], // username
|
|
| 806 |
$cpdb[$i][5], // sessionid
|
|
| 801 |
exec("/sbin/ipfw table 1 entryzerostats {$cpentry[2]}");
|
|
| 802 |
exec("/sbin/ipfw table 2 entryzerostats {$cpentry[2]}");
|
|
| 803 |
RADIUS_ACCOUNTING_START($cpentry[1], // ruleno
|
|
| 804 |
$cpentry[4], // username
|
|
| 805 |
$cpentry[5], // sessionid
|
|
| 807 | 806 |
$radiusservers, |
| 808 |
$cpdb[$i][2], // clientip
|
|
| 809 |
$cpdb[$i][3]); // clientmac
|
|
| 807 |
$cpentry[2], // clientip
|
|
| 808 |
$cpentry[3]); // clientmac
|
|
| 810 | 809 |
} else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
|
| 811 |
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
|
|
| 812 |
$cpdb[$i][4], // username
|
|
| 813 |
$cpdb[$i][5], // sessionid
|
|
| 814 |
$cpdb[$i][0], // start time
|
|
| 810 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
|
| 811 |
$cpentry[4], // username
|
|
| 812 |
$cpentry[5], // sessionid
|
|
| 813 |
$cpentry[0], // start time
|
|
| 815 | 814 |
$radiusservers, |
| 816 |
$cpdb[$i][2], // clientip
|
|
| 817 |
$cpdb[$i][3], // clientmac
|
|
| 815 |
$cpentry[2], // clientip
|
|
| 816 |
$cpentry[3], // clientmac
|
|
| 818 | 817 |
10, // NAS Request |
| 819 | 818 |
true); // Interim Updates |
| 820 | 819 |
} |
| ... | ... | |
| 822 | 821 |
|
| 823 | 822 |
/* check this user against RADIUS again */ |
| 824 | 823 |
if (isset($config['captiveportal']['reauthenticate'])) {
|
| 825 |
$auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username
|
|
| 826 |
base64_decode($cpdb[$i][6]), // password
|
|
| 824 |
$auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username
|
|
| 825 |
base64_decode($cpentry[6]), // password
|
|
| 827 | 826 |
$radiusservers, |
| 828 |
$cpdb[$i][2], // clientip
|
|
| 829 |
$cpdb[$i][3], // clientmac
|
|
| 830 |
$cpdb[$i][1]); // ruleno
|
|
| 827 |
$cpentry[2], // clientip
|
|
| 828 |
$cpentry[3], // clientmac
|
|
| 829 |
$cpentry[1]); // ruleno
|
|
| 831 | 830 |
if ($auth_list['auth_val'] == 3) {
|
| 832 |
captiveportal_disconnect($cpdb[$i], $radiusservers, 17);
|
|
| 833 |
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
|
|
| 834 |
$unsetindexes[] = $cpdb[$i][5];
|
|
| 831 |
captiveportal_disconnect($cpentry, $radiusservers, 17);
|
|
| 832 |
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
|
|
| 833 |
$unsetindexes[] = $cpentry[5];
|
|
| 835 | 834 |
} |
| 836 | 835 |
} |
| 837 | 836 |
} |
Also available in: Unified diff
Use foreach here to be sure we do not reference unexisting results.