/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ 5721595b

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: captiveportal
32			*/
33	5b237745	Scott Ullrich
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-services-captiveportal
36			##\|*NAME=Services: Captive portal page
37			##\|*DESCR=Allow access to the 'Services: Captive portal' page.
38			##\|MATCH=services_captiveportal.php
39			##\|-PRIV
40
41	ccb55b27	Darren Embry	require_once("functions.inc");
42			require_once("filter.inc");
43			require_once("shaper.inc");
44			require_once("captiveportal.inc");
45	5b237745	Scott Ullrich
46	aa87cf11	Renato Botelho	if (substr($_GET['act'], 0, 3) == "get")
47			$nocsrf = true;
48
49			require_once("guiconfig.inc");
50
51	baec2b00	Ermal	global $cpzone;
52			global $cpzoneid;
53
54			$cpzoneid = 1; /* Just a default */
55	b4792bf8	Ermal	$cpzone = $_GET['zone'];
56			if (isset($_POST['zone']))
57			$cpzone = $_POST['zone'];
58	6fde5a1e	Carlos Eduardo Ramos
59	287f7e26	Ermal	if (empty($cpzone) \|\| empty($config['captiveportal'][$cpzone])) {
60	060bc78b	Renato Botelho	header("Location: services_captiveportal_zones.php");
61			exit;
62	5b237745	Scott Ullrich	}
63
64	b4792bf8	Ermal	if (!is_array($config['captiveportal']))
65			$config['captiveportal'] = array();
66			$a_cp =& $config['captiveportal'];
67
68			$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']);
69	b32dd0a6	jim-p	$shortcut_section = "captiveportal";
70	b4792bf8	Ermal
71	5b237745	Scott Ullrich	if ($_GET['act'] == "viewhtml") {
72	a636682d	bcyrill	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext'])
73			echo base64_decode($a_cp[$cpzone]['page']['htmltext']);
74	5b237745	Scott Ullrich	exit;
75	aa87cf11	Renato Botelho	} else if ($_GET['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
76			$file_data = base64_decode($a_cp[$cpzone]['page']['htmltext']);
77			$file_size = strlen($file_data);
78
79			header("Content-Type: text/html");
80			header("Content-Disposition: attachment; filename=portal.html");
81			header("Content-Length: $file_size");
82			echo $file_data;
83
84	92603e27	Renato Botelho	exit;
85			} else if ($_GET['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
86			unset($a_cp[$cpzone]['page']['htmltext']);
87			write_config(sprintf(gettext("Captive Portal: zone %s: Restore default portal page"), $cpzone));
88			header("Location: services_captiveportal.php?zone={$cpzone}");
89	aa87cf11	Renato Botelho	exit;
90	5b237745	Scott Ullrich	} else if ($_GET['act'] == "viewerrhtml") {
91	a636682d	bcyrill	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext'])
92			echo base64_decode($a_cp[$cpzone]['page']['errtext']);
93	5b237745	Scott Ullrich	exit;
94	aa87cf11	Renato Botelho	} else if ($_GET['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
95			$file_data = base64_decode($a_cp[$cpzone]['page']['errtext']);
96			$file_size = strlen($file_data);
97
98			header("Content-Type: text/html");
99			header("Content-Disposition: attachment; filename=err.html");
100			header("Content-Length: $file_size");
101			echo $file_data;
102
103	92603e27	Renato Botelho	exit;
104			} else if ($_GET['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
105			unset($a_cp[$cpzone]['page']['errtext']);
106			write_config(sprintf(gettext("Captive Portal: zone %s: Restore default error page"), $cpzone));
107			header("Location: services_captiveportal.php?zone={$cpzone}");
108	aa87cf11	Renato Botelho	exit;
109	5b87b24e	Ermal	} else if ($_GET['act'] == "viewlogouthtml") {
110	a636682d	bcyrill	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext'])
111			echo base64_decode($a_cp[$cpzone]['page']['logouttext']);
112	5b87b24e	Ermal	exit;
113	aa87cf11	Renato Botelho	} else if ($_GET['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
114			$file_data = base64_decode($a_cp[$cpzone]['page']['logouttext']);
115			$file_size = strlen($file_data);
116
117			header("Content-Type: text/html");
118			header("Content-Disposition: attachment; filename=logout.html");
119			header("Content-Length: $file_size");
120			echo $file_data;
121
122	92603e27	Renato Botelho	exit;
123			} else if ($_GET['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
124			unset($a_cp[$cpzone]['page']['logouttext']);
125			write_config(sprintf(gettext("Captive Portal: zone %s: Restore default logout page"), $cpzone));
126			header("Location: services_captiveportal.php?zone={$cpzone}");
127	aa87cf11	Renato Botelho	exit;
128	5b237745	Scott Ullrich	}
129
130	36f6ed35	bcyrill	if (!is_array($config['ca']))
131			$config['ca'] = array();
132
133			$a_ca =& $config['ca'];
134
135			if (!is_array($config['cert']))
136			$config['cert'] = array();
137
138			$a_cert =& $config['cert'];
139
140	a636682d	bcyrill	if ($a_cp[$cpzone]) {
141	baec2b00	Ermal	$cpzoneid = $pconfig['zoneid'] = $a_cp[$cpzone]['zoneid'];
142	b4792bf8	Ermal	$pconfig['cinterface'] = $a_cp[$cpzone]['interface'];
143			$pconfig['maxproc'] = $a_cp[$cpzone]['maxproc'];
144			$pconfig['maxprocperip'] = $a_cp[$cpzone]['maxprocperip'];
145			$pconfig['timeout'] = $a_cp[$cpzone]['timeout'];
146			$pconfig['idletimeout'] = $a_cp[$cpzone]['idletimeout'];
147			$pconfig['freelogins_count'] = $a_cp[$cpzone]['freelogins_count'];
148			$pconfig['freelogins_resettimeout'] = $a_cp[$cpzone]['freelogins_resettimeout'];
149			$pconfig['freelogins_updatetimeouts'] = isset($a_cp[$cpzone]['freelogins_updatetimeouts']);
150			$pconfig['enable'] = isset($a_cp[$cpzone]['enable']);
151			$pconfig['auth_method'] = $a_cp[$cpzone]['auth_method'];
152	a8cb0038	Renato Botelho	$pconfig['localauth_priv'] = isset($a_cp[$cpzone]['localauth_priv']);
153	b4792bf8	Ermal	$pconfig['radacct_enable'] = isset($a_cp[$cpzone]['radacct_enable']);
154			$pconfig['radmac_enable'] = isset($a_cp[$cpzone]['radmac_enable']);
155			$pconfig['radmac_secret'] = $a_cp[$cpzone]['radmac_secret'];
156			$pconfig['reauthenticate'] = isset($a_cp[$cpzone]['reauthenticate']);
157			$pconfig['reauthenticateacct'] = $a_cp[$cpzone]['reauthenticateacct'];
158			$pconfig['httpslogin_enable'] = isset($a_cp[$cpzone]['httpslogin']);
159			$pconfig['httpsname'] = $a_cp[$cpzone]['httpsname'];
160			$pconfig['preauthurl'] = strtolower($a_cp[$cpzone]['preauthurl']);
161	2f1548d6	Renato Botelho	$pconfig['blockedmacsurl'] = strtolower($a_cp[$cpzone]['blockedmacsurl']);
162	36f6ed35	bcyrill	$pconfig['certref'] = $a_cp[$cpzone]['certref'];
163	b4792bf8	Ermal	$pconfig['logoutwin_enable'] = isset($a_cp[$cpzone]['logoutwin_enable']);
164			$pconfig['peruserbw'] = isset($a_cp[$cpzone]['peruserbw']);
165			$pconfig['bwdefaultdn'] = $a_cp[$cpzone]['bwdefaultdn'];
166			$pconfig['bwdefaultup'] = $a_cp[$cpzone]['bwdefaultup'];
167			$pconfig['nomacfilter'] = isset($a_cp[$cpzone]['nomacfilter']);
168			$pconfig['noconcurrentlogins'] = isset($a_cp[$cpzone]['noconcurrentlogins']);
169	060bc78b	Renato Botelho	$pconfig['radius_protocol'] = $a_cp[$cpzone]['radius_protocol'];
170	b4792bf8	Ermal	$pconfig['redirurl'] = $a_cp[$cpzone]['redirurl'];
171			$pconfig['radiusip'] = $a_cp[$cpzone]['radiusip'];
172			$pconfig['radiusip2'] = $a_cp[$cpzone]['radiusip2'];
173	ebc0e4b6	Ermal	$pconfig['radiusip3'] = $a_cp[$cpzone]['radiusip3'];
174			$pconfig['radiusip4'] = $a_cp[$cpzone]['radiusip4'];
175	b4792bf8	Ermal	$pconfig['radiusport'] = $a_cp[$cpzone]['radiusport'];
176			$pconfig['radiusport2'] = $a_cp[$cpzone]['radiusport2'];
177	ebc0e4b6	Ermal	$pconfig['radiusport3'] = $a_cp[$cpzone]['radiusport3'];
178			$pconfig['radiusport4'] = $a_cp[$cpzone]['radiusport4'];
179	b4792bf8	Ermal	$pconfig['radiusacctport'] = $a_cp[$cpzone]['radiusacctport'];
180			$pconfig['radiuskey'] = $a_cp[$cpzone]['radiuskey'];
181			$pconfig['radiuskey2'] = $a_cp[$cpzone]['radiuskey2'];
182	ebc0e4b6	Ermal	$pconfig['radiuskey3'] = $a_cp[$cpzone]['radiuskey3'];
183			$pconfig['radiuskey4'] = $a_cp[$cpzone]['radiuskey4'];
184	b4792bf8	Ermal	$pconfig['radiusvendor'] = $a_cp[$cpzone]['radiusvendor'];
185			$pconfig['radiussession_timeout'] = isset($a_cp[$cpzone]['radiussession_timeout']);
186			$pconfig['radiussrcip_attribute'] = $a_cp[$cpzone]['radiussrcip_attribute'];
187			$pconfig['passthrumacadd'] = isset($a_cp[$cpzone]['passthrumacadd']);
188			$pconfig['passthrumacaddusername'] = isset($a_cp[$cpzone]['passthrumacaddusername']);
189			$pconfig['radmac_format'] = $a_cp[$cpzone]['radmac_format'];
190	720498a0	Michael Newton	$pconfig['reverseacct'] = isset($a_cp[$cpzone]['reverseacct']);
191	4cc94535	Michael Newton	$pconfig['radiusnasid'] = $a_cp[$cpzone]['radiusnasid'];
192	b4792bf8	Ermal	$pconfig['page'] = array();
193			if ($a_cp[$cpzone]['page']['htmltext'])
194			$pconfig['page']['htmltext'] = $a_cp[$cpzone]['page']['htmltext'];
195			if ($a_cp[$cpzone]['page']['errtext'])
196			$pconfig['page']['errtext'] = $a_cp[$cpzone]['page']['errtext'];
197			if ($a_cp[$cpzone]['page']['logouttext'])
198			$pconfig['page']['logouttext'] = $a_cp[$cpzone]['page']['logouttext'];
199			}
200	5b237745	Scott Ullrich
201			if ($_POST) {
202
203			unset($input_errors);
204			$pconfig = $_POST;
205
206			/* input validation */
207			if ($_POST['enable']) {
208	b4792bf8	Ermal	$reqdfields = explode(" ", "zone cinterface");
209			$reqdfieldsn = array(gettext("Zone name"), gettext("Interface"));
210	a5c0b6c7	Scott Ullrich
211	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
212	a5c0b6c7	Scott Ullrich
213	b4792bf8	Ermal	/* make sure no interfaces are bridged or used on other zones */
214			if (is_array($_POST['cinterface'])) {
215			foreach ($pconfig['cinterface'] as $cpbrif) {
216	3e4f5a33	jim-p	if (link_interface_to_bridge($cpbrif))
217			$input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif);
218	b4792bf8	Ermal	foreach ($a_cp as $cpkey => $cp) {
219			if ($cpkey != $cpzone \|\| empty($cpzone)) {
220			if (in_array($cpbrif, explode(",", $cp['interface'])))
221			$input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is used already on %s instance."), $cpbrif, $cp['zone']);
222			}
223			}
224			}
225			}
226	a5c0b6c7	Scott Ullrich
227	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
228	060bc78b	Renato Botelho	if (!$_POST['certref']) {
229	36f6ed35	bcyrill	$input_errors[] = gettext("Certificate must be specified for HTTPS login.");
230	5b237745	Scott Ullrich	}
231			if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
232	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login.");
233	5b237745	Scott Ullrich	}
234			}
235			}
236	a5c0b6c7	Scott Ullrich
237	e680b2f9	Renato Botelho	if ($_POST['timeout']) {
238			if (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))
239			$input_errors[] = gettext("The timeout must be at least 1 minute.");
240			else if (isset($config['dhcpd']) && is_array($config['dhcpd'])) {
241			foreach ($config['dhcpd'] as $dhcpd_if => $dhcpd_data) {
242			if (!isset($dhcpd_data['enable']))
243			continue;
244			if (!is_array($_POST['cinterface']) \|\| !in_array($dhcpd_if, $_POST['cinterface']))
245			continue;
246
247			$deftime = 7200; // Default lease time
248			if (isset($dhcpd_data['defaultleasetime']) && is_numeric($dhcpd_data['defaultleasetime']))
249			$deftime = $dhcpd_data['defaultleasetime'];
250
251			if ($_POST['timeout'] > $deftime)
252			$input_errors[] = gettext("Hard timeout must be less or equal Default lease time set on DHCP Server");
253			}
254			}
255	5b237745	Scott Ullrich	}
256			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
257	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The idle timeout must be at least 1 minute.");
258	5b237745	Scott Ullrich	}
259	03552507	Erik Fonnesbeck	if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) {
260	49f61a1c	Erik Fonnesbeck	$input_errors[] = gettext("The pass-through credit count must be a number or left blank.");
261			} else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) {
262			if (empty($_POST['freelogins_resettimeout']) \|\| !is_numeric($_POST['freelogins_resettimeout']) \|\| ($_POST['freelogins_resettimeout'] <= 0)) {
263			$input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours.");
264			}
265	03552507	Erik Fonnesbeck	}
266	5b237745	Scott Ullrich	if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
267	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']);
268	5b237745	Scott Ullrich	}
269	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
270	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']);
271	0bd34ed6	Scott Ullrich	}
272	ebc0e4b6	Ermal	if (($_POST['radiusip3'] && !is_ipaddr($_POST['radiusip3']))) {
273			$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip3']);
274			}
275			if (($_POST['radiusip4'] && !is_ipaddr($_POST['radiusip4']))) {
276			$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip4']);
277			}
278	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
279	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']);
280	5b237745	Scott Ullrich	}
281	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
282	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']);
283	0bd34ed6	Scott Ullrich	}
284	ebc0e4b6	Ermal	if (($_POST['radiusport3'] && !is_port($_POST['radiusport3']))) {
285			$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport3']);
286			}
287			if (($_POST['radiusport4'] && !is_port($_POST['radiusport4']))) {
288			$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport4']);
289			}
290	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
291	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']);
292	0bd34ed6	Scott Ullrich	}
293	b4792bf8	Ermal	if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
294	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum.");
295	5b237745	Scott Ullrich	}
296	89b1c40c	Michael Newton	if (trim($_POST['radiusnasid']) !== "" && !preg_match("/^[\x21-\x7e]{3,253}$/i", trim($_POST['radiusnasid']))) {
297			$input_errors[] = gettext("The NAS-Identifier must be 3-253 characters long and should only contain ASCII characters.");
298			}
299	5b237745	Scott Ullrich
300			if (!$input_errors) {
301	b4792bf8	Ermal	$newcp =& $a_cp[$cpzone];
302			//$newcp['zoneid'] = $a_cp[$cpzone]['zoneid'];
303			if (empty($newcp['zoneid'])) {
304	1122705e	Ermal	$newcp['zoneid'] = 2;
305	baec2b00	Ermal	foreach ($a_cp as $keycpzone => $cp) {
306	b4792bf8	Ermal	if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone)
307			$newcp['zoneid'] += 2; /* Resreve space for SSL config if needed */
308	baec2b00	Ermal	}
309			$cpzoneid = $newcp['zoneid'];
310	b4792bf8	Ermal	}
311	13e64b47	Ermal	$oldifaces = explode(",", $newcp['interface']);
312	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
313	b4792bf8	Ermal	$newcp['interface'] = implode(",", $_POST['cinterface']);
314			$newcp['maxproc'] = $_POST['maxproc'];
315			$newcp['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
316			$newcp['timeout'] = $_POST['timeout'];
317			$newcp['idletimeout'] = $_POST['idletimeout'];
318			$newcp['freelogins_count'] = $_POST['freelogins_count'];
319			$newcp['freelogins_resettimeout'] = $_POST['freelogins_resettimeout'];
320			$newcp['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false;
321			if ($_POST['enable'])
322			$newcp['enable'] = true;
323			else
324			unset($newcp['enable']);
325			$newcp['auth_method'] = $_POST['auth_method'];
326	a8cb0038	Renato Botelho	$newcp['localauth_priv'] = isset($_POST['localauth_priv']);
327	b4792bf8	Ermal	$newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
328			$newcp['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
329			$newcp['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
330			$newcp['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
331			$newcp['reauthenticateacct'] = $_POST['reauthenticateacct'];
332	f3bea667	bcyrill	if ($_POST['httpslogin_enable'])
333	20789ec9	bcyrill	$newcp['httpslogin'] = true;
334			else
335			unset($newcp['httpslogin']);
336	b4792bf8	Ermal	$newcp['httpsname'] = $_POST['httpsname'];
337			$newcp['preauthurl'] = $_POST['preauthurl'];
338	2f1548d6	Renato Botelho	$newcp['blockedmacsurl'] = $_POST['blockedmacsurl'];
339	b4792bf8	Ermal	$newcp['peruserbw'] = $_POST['peruserbw'] ? true : false;
340			$newcp['bwdefaultdn'] = $_POST['bwdefaultdn'];
341			$newcp['bwdefaultup'] = $_POST['bwdefaultup'];
342	36f6ed35	bcyrill	$newcp['certref'] = $_POST['certref'];
343	b4792bf8	Ermal	$newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
344			$newcp['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
345			$newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
346	060bc78b	Renato Botelho	$newcp['radius_protocol'] = $_POST['radius_protocol'];
347	b4792bf8	Ermal	$newcp['redirurl'] = $_POST['redirurl'];
348	ebc0e4b6	Ermal	if (isset($_POST['radiusip']))
349	13a45484	Cyrill Bannwart	$newcp['radiusip'] = $_POST['radiusip'];
350	ebc0e4b6	Ermal	else
351	5c0d5003	Ermal	unset($newcp['radiusip']);
352	ebc0e4b6	Ermal	if (isset($_POST['radiusip2']))
353	13a45484	Cyrill Bannwart	$newcp['radiusip2'] = $_POST['radiusip2'];
354	ebc0e4b6	Ermal	else
355	13a45484	Cyrill Bannwart	unset($newcp['radiusip2']);
356	ebc0e4b6	Ermal	if (isset($_POST['radiusip3']))
357	13a45484	Cyrill Bannwart	$newcp['radiusip3'] = $_POST['radiusip3'];
358	ebc0e4b6	Ermal	else
359	13a45484	Cyrill Bannwart	unset($newcp['radiusip3']);
360	ebc0e4b6	Ermal	if (isset($_POST['radiusip4']))
361	13a45484	Cyrill Bannwart	$newcp['radiusip4'] = $_POST['radiusip4'];
362	ebc0e4b6	Ermal	else
363	13a45484	Cyrill Bannwart	unset($newcp['radiusip4']);
364	b4792bf8	Ermal	$newcp['radiusport'] = $_POST['radiusport'];
365			$newcp['radiusport2'] = $_POST['radiusport2'];
366	ebc0e4b6	Ermal	if (isset($_POST['radiusport3']))
367	13a45484	Cyrill Bannwart	$newcp['radiusport3'] = $_POST['radiusport3'];
368	ebc0e4b6	Ermal	if (isset($_POST['radiusport4']))
369	13a45484	Cyrill Bannwart	$newcp['radiusport4'] = $_POST['radiusport4'];
370	b4792bf8	Ermal	$newcp['radiusacctport'] = $_POST['radiusacctport'];
371			$newcp['radiuskey'] = $_POST['radiuskey'];
372			$newcp['radiuskey2'] = $_POST['radiuskey2'];
373	ebc0e4b6	Ermal	$newcp['radiuskey3'] = $_POST['radiuskey3'];
374			$newcp['radiuskey4'] = $_POST['radiuskey4'];
375	b4792bf8	Ermal	$newcp['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
376			$newcp['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
377			$newcp['radiussrcip_attribute'] = $_POST['radiussrcip_attribute'];
378			$newcp['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
379			$newcp['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
380			$newcp['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
381	720498a0	Michael Newton	$newcp['reverseacct'] = $_POST['reverseacct'] ? true : false;
382	4cc94535	Michael Newton	$newcp['radiusnasid'] = trim($_POST['radiusnasid']);
383	b4792bf8	Ermal	if (!is_array($newcp['page']))
384			$newcp['page'] = array();
385	a5c0b6c7	Scott Ullrich
386	5b237745	Scott Ullrich	/* file upload? */
387			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
388	b4792bf8	Ermal	$newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
389	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
390	b4792bf8	Ermal	$newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
391	5b87b24e	Ermal	if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
392	b4792bf8	Ermal	$newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
393	a5c0b6c7	Scott Ullrich
394	5b237745	Scott Ullrich	write_config();
395	a5c0b6c7	Scott Ullrich
396	13e64b47	Ermal	/* Clear up unselected interfaces */
397			$newifaces = explode(",", $newcp['interface']);
398			$toremove = array_diff($oldifaces, $newifaces);
399			if (!empty($toremove)) {
400			foreach ($toremove as $removeif) {
401			$removeif = get_real_interface($removeif);
402	baec2b00	Ermal	mwexec("/usr/local/sbin/ipfw zone {$cpzone} mdel {$removeif}");
403	13e64b47	Ermal	}
404			}
405	b4792bf8	Ermal	captiveportal_configure_zone($newcp);
406	13e64b47	Ermal	unset($newcp, $newifaces, $toremove);
407	b4792bf8	Ermal	filter_configure();
408			header("Location: services_captiveportal_zones.php");
409	060bc78b	Renato Botelho	exit;
410	b4792bf8	Ermal	} else {
411	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
412			$pconfig['cinterface'] = implode(",", $_POST['cinterface']);
413	5b237745	Scott Ullrich	}
414			}
415	3d4bd975	Scott Ullrich	include("head.inc");
416	5b237745	Scott Ullrich	?>
417			<script language="JavaScript">
418			<!--
419			function enable_change(enable_change) {
420	0bd34ed6	Scott Ullrich	var endis, radius_endis;
421	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
422	a8cb0038	Renato Botelho	localauth_endis = !((!endis && document.iform.auth_method[1].checked) \|\| enable_change);
423	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
424	36f6ed35	bcyrill	https_endis = !((!endis && document.iform.httpslogin_enable.checked) \|\| enable_change);
425	a5c0b6c7	Scott Ullrich
426	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
427	b4792bf8	Ermal	//document.iform.maxproc.disabled = endis;
428	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
429	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
430	03552507	Erik Fonnesbeck	document.iform.freelogins_count.disabled = endis;
431			document.iform.freelogins_resettimeout.disabled = endis;
432			document.iform.freelogins_updatetimeouts.disabled = endis;
433	07bd3f83	Scott Ullrich	document.iform.timeout.disabled = endis;
434	f5adee3f	jim-p	document.iform.preauthurl.disabled = endis;
435	2f1548d6	Renato Botelho	document.iform.blockedmacsurl.disabled = endis;
436	07bd3f83	Scott Ullrich	document.iform.redirurl.disabled = endis;
437	a8cb0038	Renato Botelho	document.iform.localauth_priv.disabled = localauth_endis;
438	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
439			document.iform.radiusip2.disabled = radius_endis;
440	ebc0e4b6	Ermal	document.iform.radiusip3.disabled = radius_endis;
441			document.iform.radiusip4.disabled = radius_endis;
442	0bd34ed6	Scott Ullrich	document.iform.radiusport.disabled = radius_endis;
443	164a1525	Scott Ullrich	document.iform.radiusport3.disabled = radius_endis;
444			document.iform.radiusport4.disabled = radius_endis;
445	0bd34ed6	Scott Ullrich	document.iform.radiusport2.disabled = radius_endis;
446			document.iform.radiuskey.disabled = radius_endis;
447			document.iform.radiuskey2.disabled = radius_endis;
448	ebc0e4b6	Ermal	document.iform.radiuskey3.disabled = radius_endis;
449			document.iform.radiuskey4.disabled = radius_endis;
450	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
451	f5fa7d5e	Ermal Luçi	document.iform.peruserbw.disabled = endis;
452			document.iform.bwdefaultdn.disabled = endis;
453			document.iform.bwdefaultup.disabled = endis;
454	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
455	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
456			document.iform.auth_method[1].disabled = endis;
457			document.iform.auth_method[2].disabled = endis;
458	b3765f4c	Roberto Nunnari	document.iform.radius_protocol[0].disabled = radius_endis;
459			document.iform.radius_protocol[1].disabled = radius_endis;
460			document.iform.radius_protocol[2].disabled = radius_endis;
461			document.iform.radius_protocol[3].disabled = radius_endis;
462	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
463	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
464	d11c1f93	sullrich	document.iform.radmac_format.disabled = radius_endis;
465	36f6ed35	bcyrill	document.iform.httpsname.disabled = https_endis;
466			document.iform.certref.disabled = https_endis;
467	07bd3f83	Scott Ullrich	document.iform.logoutwin_enable.disabled = endis;
468	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
469	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
470			document.iform.radiusvendor.disabled = radius_endis;
471	2342bfb0	Ermal Lu?i	document.iform.radiussession_timeout.disabled = radius_endis;
472	822b687b	Ermal	document.iform.radiussrcip_attribute.disabled = radius_endis;
473	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
474			document.iform.errfile.disabled = endis;
475	5b87b24e	Ermal	document.iform.logoutfile.disabled = endis;
476	a5c0b6c7	Scott Ullrich
477	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
478	a5c0b6c7	Scott Ullrich
479	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
480	a5c0b6c7	Scott Ullrich
481	88adfa28	Warren Baker	var radacct_dis = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
482			document.iform.reauthenticateacct[0].disabled = radacct_dis;
483			document.iform.reauthenticateacct[1].disabled = radacct_dis;
484			document.iform.reauthenticateacct[2].disabled = radacct_dis;
485	720498a0	Michael Newton	document.iform.reverseacct.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
486	4cc94535	Michael Newton	document.iform.radiusnasid.disabled = radius_endis;
487	5b237745	Scott Ullrich	}
488			//-->
489			</script>
490	93588e1a	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
491	ccb55b27	Darren Embry	<?php include("fbegin.inc"); ?>
492	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
493			<?php if ($savemsg) print_info_box($savemsg); ?>
494			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
495			<table width="100%" border="0" cellpadding="0" cellspacing="0">
496	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
497	64b85ffe	Scott Ullrich	<?php
498			$tab_array = array();
499	b4792bf8	Ermal	$tab_array[] = array(gettext("Captive portal(s)"), true, "services_captiveportal.php?zone={$cpzone}");
500	ed8899b5	Renato Botelho	$tab_array[] = array(gettext("MAC"), false, "services_captiveportal_mac.php?zone={$cpzone}");
501	b4792bf8	Ermal	$tab_array[] = array(gettext("Allowed IP addresses"), false, "services_captiveportal_ip.php?zone={$cpzone}");
502	060bc78b	Renato Botelho	$tab_array[] = array(gettext("Allowed Hostnames"), false, "services_captiveportal_hostname.php?zone={$cpzone}");
503	b4792bf8	Ermal	$tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_vouchers.php?zone={$cpzone}");
504			$tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}");
505	9592c132	Scott Ullrich	display_top_tabs($tab_array, true);
506	0bd34ed6	Scott Ullrich	?> </td></tr>
507	5b237745	Scott Ullrich	<tr>
508	c980716e	Scott Ullrich	<td class="tabcont">
509			<table width="100%" border="0" cellpadding="6" cellspacing="0">
510	a5c0b6c7	Scott Ullrich	<tr>
511	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
512			<td width="78%" class="vtable">
513			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
514	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable captive portal"); ?> </strong></td>
515	5b237745	Scott Ullrich	</tr>
516	a5c0b6c7	Scott Ullrich	<tr>
517	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interfaces"); ?></td>
518	5b237745	Scott Ullrich	<td width="78%" class="vtable">
519	d823b81c	sullrich	<select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface">
520	060bc78b	Renato Botelho	<?php
521	fbb45bb0	Ermal Luçi	$interfaces = get_configured_interface_with_descr();
522	17103056	Ermal	$cselected = explode(",", $pconfig['cinterface']);
523	c980716e	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
524	17103056	Ermal	<option value="<?=$iface;?>" <?php if (in_array($iface, $cselected)) echo "selected"; ?>>
525			<?=htmlspecialchars($ifacename);?>
526			</option>
527	5b237745	Scott Ullrich	<?php endforeach; ?>
528			</select> <br>
529	16457bdd	Renato Botelho	<span class="vexpl"><?=gettext("Select the interface(s) to enable for captive portal."); ?></span></td>
530	5b237745	Scott Ullrich	</tr>
531	4362e48a	Scott Ullrich	<tr>
532	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Maximum concurrent connections"); ?></td>
533	4362e48a	Scott Ullrich	<td class="vtable">
534			<table cellpadding="0" cellspacing="0">
535			<tr>
536	b4792bf8	Ermal	<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5" value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client IP address (0 = no limit)"); ?></td>
537	4362e48a	Scott Ullrich	</tr>
538			</table>
539	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in " .
540			"to the captive portal, but rather how many users can load the portal page or authenticate at the same time! " .
541	4dc04853	Ermal	"Possible setting allowed is: minimum 4 connections per client IP address, with a total maximum of 100 connections."); ?></td>
542	4362e48a	Scott Ullrich	</tr>
543	5b237745	Scott Ullrich	<tr>
544	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Idle timeout"); ?></td>
545	5b237745	Scott Ullrich	<td class="vtable">
546	b5c78501	Seth Mos	<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
547	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
548	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout."); ?></td>
549	5b237745	Scott Ullrich	</tr>
550	a5c0b6c7	Scott Ullrich	<tr>
551	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Hard timeout"); ?></td>
552	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
553	b5c78501	Seth Mos	<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
554	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
555	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td>
556	5b237745	Scott Ullrich	</tr>
557	03552507	Erik Fonnesbeck	<tr>
558	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td>
559	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
560			<input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>">
561			<?=gettext("per client MAC address (0 or blank = none)"); ?><br>
562			<?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?></td>
563			</tr>
564			<tr>
565	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td>
566	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
567			<input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>">
568			<?=gettext("hours"); ?><br>
569	49f61a1c	Erik Fonnesbeck	<?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?></td>
570	03552507	Erik Fonnesbeck	</tr>
571			<tr>
572	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td>
573	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
574			<input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if($pconfig['freelogins_updatetimeouts']) echo "checked"; ?>>
575			<strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br>
576	49f61a1c	Erik Fonnesbeck	<?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td>
577	03552507	Erik Fonnesbeck	</tr>
578	a5c0b6c7	Scott Ullrich	<tr>
579	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td>
580	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
581	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
582	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable logout popup window"); ?></strong><br>
583	16457bdd	Renato Botelho	<?=gettext("If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs."); ?></td>
584	5b237745	Scott Ullrich	</tr>
585	a00e1d89	Scott Ullrich	<tr>
586			<td valign="top" class="vncell"><?=gettext("Pre-authentication redirect URL"); ?> </td>
587			<td class="vtable">
588			<input name="preauthurl" type="text" class="formfld url" id="preauthurl" size="60" value="<?=htmlspecialchars($pconfig['preauthurl']);?>"><br>
589	060bc78b	Renato Botelho	<?php printf(gettext("Use this field to set \$PORTAL_REDIRURL\$ variable which can be accessed using your custom captive portal index.php page or error pages."));?>
590	a00e1d89	Scott Ullrich	</td>
591			</tr>
592	5b237745	Scott Ullrich	<tr>
593	ecc19349	Scott Ullrich	<td valign="top" class="vncell"><?=gettext("After authentication Redirection URL"); ?></td>
594	5b237745	Scott Ullrich	<td class="vtable">
595	b5c78501	Seth Mos	<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
596	5b237745	Scott Ullrich	<br>
597	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried " .
598	16457bdd	Renato Botelho	"to access after they've authenticated."); ?></td>
599	5b237745	Scott Ullrich	</tr>
600	2f1548d6	Renato Botelho	<tr>
601			<td valign="top" class="vncell"><?=gettext("Blocked MAC address redirect URL"); ?> </td>
602			<td class="vtable">
603			<input name="blockedmacsurl" type="text" class="formfld url" id="blockedmacsurl" size="60" value="<?=htmlspecialchars($pconfig['blockedmacsurl']);?>"><br>
604			<?php printf(gettext("If you provide a URL here, MAC addresses set to be blocked will be redirect to that URL when attempt to access anything."));?>
605			</td>
606			</tr>
607	5b237745	Scott Ullrich	<tr>
608	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td>
609	0bd34ed6	Scott Ullrich	<td class="vtable">
610			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
611	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable concurrent logins"); ?></strong><br>
612	16457bdd	Renato Botelho	<?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?></td>
613	0bd34ed6	Scott Ullrich	</tr>
614			<tr>
615	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("MAC filtering"); ?> </td>
616	c980716e	Scott Ullrich	<td class="vtable">
617			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
618	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable MAC filtering"); ?></strong><br>
619			<?=gettext("If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in." .
620	16457bdd	Renato Botelho	"This is required when the MAC address of the client cannot be determined (usually because there are routers between"); ?> <?php echo $g['product_name'] ?> <?=gettext("and the clients)."); ?>
621			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used."); ?></td>
622	7e587bdb	Scott Ullrich	</tr>
623			<tr>
624	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Pass-through MAC Auto Entry"); ?></td>
625	6ce61a8f	Ermal	<td class="vtable">
626			<input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>>
627	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic additions"); ?></strong><br>
628	060bc78b	Renato Botelho	<?=gettext("If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again."); ?>
629	ed8899b5	Renato Botelho	<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
630	16457bdd	Renato Botelho	<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown."); ?>
631	1c291e64	Ermal	<br/><br/>
632			<input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
633	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic addition with username"); ?></strong><br>
634	16457bdd	Renato Botelho	<?=gettext("If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved."); ?>
635	ed8899b5	Renato Botelho	<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
636	1c291e64	Ermal	</td>
637	6ce61a8f	Ermal	</tr>
638			<tr>
639	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td>
640	7e587bdb	Scott Ullrich	<td class="vtable">
641			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
642	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable per-user bandwidth restriction"); ?></strong><br><br>
643	7e587bdb	Scott Ullrich	<table cellpadding="0" cellspacing="0">
644			<tr>
645	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default download"); ?></td>
646			<td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> <?=gettext("Kbit/s"); ?></td>
647	7e587bdb	Scott Ullrich	</tr>
648			<tr>
649	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default upload"); ?></td>
650			<td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> <?=gettext("Kbit/s"); ?></td>
651	7e587bdb	Scott Ullrich	</tr></table>
652			<br>
653	16457bdd	Renato Botelho	<?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> </td>
654	7e587bdb	Scott Ullrich	</tr>
655	a5c0b6c7	Scott Ullrich	<tr>
656	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td>
657	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
658	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
659			<tr>
660	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
661	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("No Authentication"); ?></td>
662	a8cb0038	Renato Botelho	</tr>
663	c980716e	Scott Ullrich	<tr>
664	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
665	58f963d0	Scott Ullrich	<?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td>
666	a8cb0038	Renato Botelho	</tr>
667			</tr><tr>
668			<td> </td>
669			<td> </td>
670			</tr>
671	c980716e	Scott Ullrich	<tr>
672	a8cb0038	Renato Botelho	<td> </td>
673			<td><input name="localauth_priv" type="checkbox" id="localauth_priv" value="yes" onClick="enable_change(false)" <?php if($pconfig['localauth_priv']=="yes") echo "checked"; ?>>
674			<?=gettext("Allow only users/groups with 'Captive portal login' privilege set"); ?></td>
675			</tr><tr>
676	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
677	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("RADIUS Authentication"); ?></td>
678	a8cb0038	Renato Botelho	</tr><tr>
679	c980716e	Scott Ullrich	<td> </td>
680			<td> </td>
681	a8cb0038	Renato Botelho	</tr>
682	b3765f4c	Roberto Nunnari	<td width="22%" valign="top" class="vncell"><?=gettext("Radius Protocol"); ?></td>
683			<td width="78%" class="vtable">
684			<table cellpadding="0" cellspacing="0">
685			<tr>
686			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="PAP" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']!="CHAP_MD5" && $pconfig['radius_protocol']!="MSCHAPv1" && $pconfig['radius_protocol']!="MSCHAPv2") echo "checked"; ?>>
687			<?=gettext("PAP"); ?></td>
688			</tr>
689			<tr>
690			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="CHAP_MD5" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="CHAP_MD5") echo "checked"; ?>>
691			<?=gettext("CHAP_MD5"); ?></td>
692			</tr>
693			<tr>
694			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv1" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv1") echo "checked"; ?>>
695			<?=gettext("MSCHAPv1"); ?></td>
696			</tr>
697			<tr>
698			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv2" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv2") echo "checked"; ?>>
699			<?=gettext("MSCHAPv2"); ?></td>
700			</tr><tr>
701			<td> </td>
702			<td> </td>
703			</tr>
704			</table>
705			</tr><tr>
706			<td> </td>
707			<td> </td>
708			</tr>
709			</table>
710	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
711	e12c63db	Darren Embry	<tr>
712			<td colspan="2" valign="top" class="listtopic">Primary Authentication Source</td>
713			</tr>
714			<tr>
715			<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td>
716	0bd34ed6	Scott Ullrich	</tr>
717			<tr>
718	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
719	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
720	16457bdd	Renato Botelho	<?=gettext("Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against."); ?></td>
721	0bd34ed6	Scott Ullrich	</tr>
722			<tr>
723	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
724	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
725	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to use the default port (1812)."); ?></td>
726	0bd34ed6	Scott Ullrich	</tr>
727			<tr>
728	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
729	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
730	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to not use a RADIUS shared secret (not recommended)."); ?></td>
731	0bd34ed6	Scott Ullrich	</tr>
732	a5c0b6c7	Scott Ullrich	<tr>
733	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
734			</tr>
735			<tr>
736	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td>
737	0bd34ed6	Scott Ullrich	</tr>
738			<tr>
739	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
740	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
741	16457bdd	Renato Botelho	<?=gettext("If you have a second RADIUS server, you can activate it by entering its IP address here."); ?></td>
742	0bd34ed6	Scott Ullrich	</tr>
743			<tr>
744	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
745	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
746	0bd34ed6	Scott Ullrich	</tr>
747			<tr>
748	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
749	0b704a40	Ermal	<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
750	0bd34ed6	Scott Ullrich	</tr>
751			<tr>
752			<td colspan="2" class="list" height="12"></td>
753			</tr>
754	ebc0e4b6	Ermal	<tr>
755	e12c63db	Darren Embry	<td colspan="2" valign="top" class="listtopic">Secondary Authentication Source</td>
756			</tr>
757			<tr>
758			<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td>
759	ebc0e4b6	Ermal	</tr>
760			<tr>
761			<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
762			<td class="vtable"><input name="radiusip3" type="text" class="formfld unknown" id="radiusip3" size="20" value="<?=htmlspecialchars($pconfig['radiusip3']);?>"><br>
763	d568e38d	Scott Ullrich	<?=gettext("If you have a third RADIUS server, you can activate it by entering its IP address here."); ?></td>
764	ebc0e4b6	Ermal	</tr>
765			<tr>
766			<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
767			<td class="vtable"><input name="radiusport3" type="text" class="formfld unknown" id="radiusport3" size="5" value="<?=htmlspecialchars($pconfig['radiusport3']);?>"></td>
768			</tr>
769			<tr>
770			<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
771			<td class="vtable"><input name="radiuskey3" type="text" class="formfld unknown" id="radiuskey3" size="16" value="<?=htmlspecialchars($pconfig['radiuskey3']);?>"></td>
772			</tr>
773			<tr>
774			<td colspan="2" class="list" height="12"></td>
775			</tr>
776			<tr>
777	e12c63db	Darren Embry	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td>
778	ebc0e4b6	Ermal	</tr>
779			<tr>
780			<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
781			<td class="vtable"><input name="radiusip4" type="text" class="formfld unknown" id="radiusip4" size="20" value="<?=htmlspecialchars($pconfig['radiusip4']);?>"><br>
782	d568e38d	Scott Ullrich	<?=gettext("If you have a fourth RADIUS server, you can activate it by entering its IP address here."); ?></td>
783	ebc0e4b6	Ermal	</tr>
784			<tr>
785			<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
786			<td class="vtable"><input name="radiusport4" type="text" class="formfld unknown" id="radiusport4" size="5" value="<?=htmlspecialchars($pconfig['radiusport4']);?>"></td>
787			</tr>
788			<tr>
789			<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
790			<td class="vtable"><input name="radiuskey4" type="text" class="formfld unknown" id="radiuskey4" size="16" value="<?=htmlspecialchars($pconfig['radiuskey4']);?>"></td>
791			</tr>
792			<tr>
793			<td colspan="2" class="list" height="12"></td>
794			</tr>
795	e12c63db	Darren Embry	<tr>
796	4cc94535	Michael Newton	<td colspan="2" valign="top" class="listtopic"><?=gettext("Accounting"); ?></td>
797	856e58a6	Scott Ullrich	</tr>
798			<tr>
799			<td class="vncell"> </td>
800			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
801	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("send RADIUS accounting packets"); ?></strong><br>
802	16457bdd	Renato Botelho	<?=gettext("If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server."); ?></td>
803	856e58a6	Scott Ullrich	</tr>
804			<tr>
805	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting port"); ?></td>
806	b5c78501	Seth Mos	<td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
807	16457bdd	Renato Botelho	<?=gettext("Leave blank to use the default port (1813)."); ?></td>
808	856e58a6	Scott Ullrich	</tr>
809			<tr>
810			<td colspan="2" class="list" height="12"></td>
811			</tr>
812			<tr>
813	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td>
814	856e58a6	Scott Ullrich	<td class="vtable">
815	6fde5a1e	Carlos Eduardo Ramos	<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> <?=gettext("no accounting updates"); ?><br>
816			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> <?=gettext("stop/start accounting"); ?><br>
817			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> <?=gettext("interim update"); ?>
818	856e58a6	Scott Ullrich	</td>
819			</tr>
820			<tr>
821			<td colspan="2" class="list" height="12"></td>
822			</tr>
823	0bd34ed6	Scott Ullrich	<tr>
824	d7fe2e7a	Michael Newton	<td colspan="2" valign="top" class="listtopic"><?=gettext("RADIUS options"); ?></td>
825	0bd34ed6	Scott Ullrich	</tr>
826			<tr>
827	d7fe2e7a	Michael Newton	<td class="vncell"><?=gettext("Reauthentication"); ?></td>
828			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
829			<strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br>
830			<?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " .
831			"logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td>
832			</tr>
833			<tr>
834			<td class=""><?=gettext("RADIUS MAC authentication"); ?></td>
835			<td class="">
836	6fde5a1e	Carlos Eduardo Ramos	<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br>
837			<?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " .
838	16457bdd	Renato Botelho	"entered below to the RADIUS server."); ?></td>
839	0bd34ed6	Scott Ullrich	</tr>
840			<tr>
841	d7fe2e7a	Michael Newton	<td class="vncell"><?=gettext("MAC authentication secret"); ?></td>
842	b5c78501	Seth Mos	<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
843	0bd34ed6	Scott Ullrich	</tr>
844	822b687b	Ermal	<tr>
845	d440e668	Chris Buechler	<td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td>
846	720498a0	Michael Newton	<td class="vtable">
847	822b687b	Ermal	<select name="radiussrcip_attribute" id="radiussrcip_attribute">
848			<?php $iflist = get_configured_interface_with_descr();
849			foreach ($iflist as $ifdesc => $ifdescr) {
850			$ipaddr = get_interface_ip($ifdesc);
851			if (is_ipaddr($ipaddr)) {
852			$selected = "";
853	50779708	Ermal	if ($ifdesc == $pconfig['radiussrcip_attribute'])
854	ebc0e4b6	Ermal	$selected= "selected";
855	822b687b	Ermal	echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n";
856			}
857			}
858	34e9ca60	Ermal	if (is_array($config['virtualip']['vip'])) {
859	060bc78b	Renato Botelho	foreach ($config['virtualip']['vip'] as $sn) {
860			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
861			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
862			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
863			$len = $end - $start;
864
865			for ($i = 0; $i <= $len; $i++) {
866			$snip = long2ip32($start+$i);
867			echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n";
868	34e9ca60	Ermal	}
869			} else
870	060bc78b	Renato Botelho	echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n";
871	34e9ca60	Ermal	}
872			}
873	822b687b	Ermal	?>
874			</select><br/>
875	375828d9	Chris Buechler	<?=gettext("Choose the IP to use for calling station attribute."); ?>
876	822b687b	Ermal	</td>
877			</tr>
878
879	0bd34ed6	Scott Ullrich	<tr>
880	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Session-Timeout"); ?></td>
881			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong><?=gettext("Use RADIUS Session-Timeout attributes"); ?></strong><br>
882	16457bdd	Renato Botelho	<?=gettext("When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute."); ?></td>
883	0bd34ed6	Scott Ullrich	</tr>
884	cf0542ac	Scott Ullrich
885	0bd34ed6	Scott Ullrich	<tr>
886	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Type"); ?></td>
887	0bd34ed6	Scott Ullrich	<td class="vtable"><select name="radiusvendor" id="radiusvendor">
888	eafb21b3	Phil Davis	<option value="default"><?php echo gettext("default"); ?></option>
889	a5c0b6c7	Scott Ullrich	<?php
890	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
891			foreach ($radiusvendors as $radiusvendor){
892			if ($pconfig['radiusvendor'] == $radiusvendor)
893			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
894			else
895			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
896			}
897			?></select><br>
898	3b7f0f53	Erik Fonnesbeck	<?php printf(gettext("If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and " .
899			"the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = %s's WAN IP address."),
900	16457bdd	Renato Botelho	$g['product_name']);?></td>
901	0bd34ed6	Scott Ullrich	</tr>
902	720498a0	Michael Newton
903			<tr>
904			<td class="vncell" valign="top"><?=gettext("Accounting Style"); ?></td>
905			<td class="vtable"><input name="reverseacct" type="checkbox" id="reverseacct" value="yes" <?php if ($pconfig['reverseacct']) echo "checked"; ?>><strong><?=gettext("Invert Acct-Input-Octets and Acct-Output-Octets"); ?></strong><br>
906			<?=gettext("When this is enabled, data counts for RADIUS accounting packets will be taken from the client perspective, not the NAS. Acct-Input-Octets will represent download, and Acct-Output-Octets will represent upload."); ?></td>
907			</tr>
908	4cc94535	Michael Newton
909			<tr>
910			<td class="vncell" valign="top"><?=gettext("NAS Identifier"); ?></td>
911	89b1c40c	Michael Newton	<td class="vtable"><input name="radiusnasid" type="text" maxlength="253" class="formfld unknown" id="radiusnasid" value="<?=htmlspecialchars($pconfig['radiusnasid']);?>"/><br/>
912			<?=gettext("Specify a NAS identifier to override the default value") . " (" . php_uname("n") . ")"; ?></td>
913	4cc94535	Michael Newton	</tr>
914	d7fe2e7a	Michael Newton	<tr>
915			<td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td>
916			<td class="vtable">
917			<select name="radmac_format" id="radmac_format">
918			<option value="default"><?php echo gettext("default"); ?></option>
919			<?php
920			$macformats = array("singledash","ietf","cisco","unformatted");
921			foreach ($macformats as $macformat) {
922			if ($pconfig['radmac_format'] == $macformat) {
923			echo "<option selected value=\"$macformat\">",gettext($macformat),"</option>\n";
924			} else {
925			echo "<option value=\"$macformat\">",gettext($macformat),"</option>\n";
926			}
927			}
928			?>
929			</select></br>
930			<?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?>
931			<?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br>
932			<?=gettext("default:"); ?> 00:11:22:33:44:55<br>
933			<?=gettext("singledash:"); ?> 001122-334455<br>
934			<?=gettext("ietf:"); ?> 00-11-22-33-44-55<br>
935			<?=gettext("cisco:"); ?> 0011.2233.4455<br>
936			<?=gettext("unformatted:"); ?> 001122334455
937			</td>
938			</tr>
939	0bd34ed6	Scott Ullrich	</table>
940	5b237745	Scott Ullrich	</tr>
941			<tr>
942	d7fe2e7a	Michael Newton	<td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td>
943			<td class="vtable">
944			<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
945			<strong><?=gettext("Enable HTTPS login"); ?></strong><br>
946			<?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name and certificate must also be specified below."); ?></td>
947	36f6ed35	bcyrill	</tr>
948	5b237745	Scott Ullrich	<tr>
949	d7fe2e7a	Michael Newton	<td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td>
950			<td class="vtable">
951			<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
952			<?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td>
953	36f6ed35	bcyrill	</tr>
954	adca02c4	bcyrill	<tr id="ssl_opts">
955			<td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td>
956			<td width="78%" class="vtable">
957			<?php if (count($a_cert)): ?>
958			<select name="certref" id="certref" class="formselect">
959			<?php
960			foreach($a_cert as $cert):
961			$selected = "";
962			if ($pconfig['certref'] == $cert['refid'])
963			$selected = "selected";
964			?>
965			<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option>
966			<?php endforeach; ?>
967			</select>
968			<?php else: ?>
969			<b><?=gettext("No Certificates defined."); ?></b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
970			<?php endif; ?>
971			</td>
972			</tr>
973	a5c0b6c7	Scott Ullrich	<tr>
974	adca02c4	bcyrill	<td width="22%" valign="top" class="vncell"><?=gettext("Portal page contents"); ?></td>
975			<td width="78%" class="vtable">
976	b5c78501	Seth Mos	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
977	16f5fe76	Scott Ullrich	<?php
978			list($host) = explode(":", $_SERVER['HTTP_HOST']);
979	470d24a3	Darren Embry	$zoneid = $pconfig['zoneid'] ? $pconfig['zoneid'] : 8000;
980	36f6ed35	bcyrill	if ($pconfig['httpslogin_enable']) {
981	470d24a3	Darren Embry	$port = $pconfig['listenporthttps'] ? $pconfig['listenporthttps'] : ($zoneid + 1);
982			$href = "https://{$host}:{$port}";
983	16f5fe76	Scott Ullrich	} else {
984	470d24a3	Darren Embry	$port = $pconfig['listenporthttp'] ? $pconfig['listenporthttp'] : $zoneid;
985			$href = "http://{$host}:{$port}";
986	a5c0b6c7	Scott Ullrich	}
987	16f5fe76	Scott Ullrich	?>
988	b4792bf8	Ermal	<?php if ($pconfig['page']['htmltext']): ?>
989	6fde5a1e	Carlos Eduardo Ramos	<a href="<?=$href?>" target="_new"><?=gettext("View current page"); ?></a>
990	aa87cf11	Renato Botelho	<br />
991			<a href="?zone=<?=$cpzone?>&act=gethtmlhtml" target="_blank"><?=gettext("Download current page"); ?></a>
992	92603e27	Renato Botelho	<br />
993			<a href="?zone=<?=$cpzone?>&act=delhtmlhtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank">
994			<?=gettext("Restore default portal page"); ?>
995			</a>
996	5b237745	Scott Ullrich	<br>
997			<br>
998			<?php endif; ?>
999	3b7f0f53	Erik Fonnesbeck	<?php
1000	16457bdd	Renato Botelho	printf(
1001	3b7f0f53	Erik Fonnesbeck	gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' .
1002			'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' .
1003			'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'),
1004	16457bdd	Renato Botelho	""{$PORTAL_ACTION}"",
1005			"name="accept"",
1006			"name="redirurl"",
1007			"value="{$PORTAL_REDIRURL}"",
1008			""auth_user"",
1009			""auth_pass"",
1010			""auth_voucher"");
1011			?>
1012			<?=gettext("Example code for the form:"); ?><br>
1013	5b237745	Scott Ullrich	<br>
1014			<tt><form method="post" action="$PORTAL_ACTION$"><br>
1015			<input name="auth_user" type="text"><br>
1016			<input name="auth_pass" type="password"><br>
1017	336e3c1c	Charlie	<input name="auth_voucher" type="text"><br>
1018	5b237745	Scott Ullrich	<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
1019			<input name="accept" type="submit" value="Continue"><br>
1020			</form></tt></td>
1021			</tr>
1022			<tr>
1023	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?><br>
1024			<?=gettext("error page"); ?><br>
1025			<?=gettext("contents"); ?></td>
1026	5b237745	Scott Ullrich	<td class="vtable">
1027	b5c78501	Seth Mos	<input name="errfile" type="file" class="formfld file" id="errfile"><br>
1028	b4792bf8	Ermal	<?php if ($pconfig['page']['errtext']): ?>
1029	a636682d	bcyrill	<a href="?zone=<?=$cpzone?>&act=viewerrhtml" target="_blank"><?=gettext("View current page"); ?></a>
1030	aa87cf11	Renato Botelho	<br />
1031			<a href="?zone=<?=$cpzone?>&act=geterrhtml" target="_blank"><?=gettext("Download current page"); ?></a>
1032	92603e27	Renato Botelho	<br />
1033			<a href="?zone=<?=$cpzone?>&act=delerrhtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank">
1034			<?=gettext("Restore default error page"); ?>
1035			</a>
1036	5b237745	Scott Ullrich	<br>
1037			<br>
1038			<?php endif; ?>
1039	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " .
1040	16457bdd	Renato Botelho	"You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td>
1041	5b87b24e	Ermal	</tr>
1042			<tr>
1043	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout"); ?><br>
1044			<?=gettext("page"); ?><br>
1045			<?=gettext("contents"); ?></td>
1046	5b87b24e	Ermal	<td class="vtable">
1047			<input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
1048	b4792bf8	Ermal	<?php if ($pconfig['page']['logouttext']): ?>
1049	a636682d	bcyrill	<a href="?zone=<?=$cpzone?>&act=viewlogouthtml" target="_blank"><?=gettext("View current page"); ?></a>
1050	aa87cf11	Renato Botelho	<br />
1051			<a href="?zone=<?=$cpzone?>&act=getlogouthtml" target="_blank"><?=gettext("Download current page"); ?></a>
1052	92603e27	Renato Botelho	<br />
1053			<a href="?zone=<?=$cpzone?>&act=dellogouthtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank">
1054			<?=gettext("Restore default logout page"); ?>
1055			</a>
1056	5b87b24e	Ermal	<br>
1057			<br>
1058			<?php endif; ?>
1059	a36e98ff	Erik Fonnesbeck	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?></td>
1060	5b237745	Scott Ullrich	</tr>
1061	a5c0b6c7	Scott Ullrich	<tr>
1062	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
1063	a5c0b6c7	Scott Ullrich	<td width="78%">
1064	e41ec584	Renato Botelho	<?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?>
1065	6fde5a1e	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)">
1066	b4792bf8	Ermal	<a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a>
1067	5b237745	Scott Ullrich	</td>
1068			</tr>
1069	a5c0b6c7	Scott Ullrich	<tr>
1070	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
1071	16457bdd	Renato Botelho	<td width="78%"><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br>
1072			</strong></span><?=gettext("Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."); ?> </span></td>
1073	5b237745	Scott Ullrich	</tr>
1074			</table>
1075			</td>
1076			</tr>
1077			</table>
1078			</form>
1079			<script language="JavaScript">
1080			<!--
1081			enable_change(false);
1082			//-->
1083			</script>
1084			<?php include("fend.inc"); ?>
1085	93588e1a	Scott Dale	</body>
1086			</html>

Project

General

Profile

pfSense