/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ 6a11423f

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: captiveportal
32			*/
33	5b237745	Scott Ullrich
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-services-captiveportal
36			##\|*NAME=Services: Captive portal page
37			##\|*DESCR=Allow access to the 'Services: Captive portal' page.
38			##\|MATCH=services_captiveportal.php
39			##\|-PRIV
40
41	ccb55b27	Darren Embry	require_once("guiconfig.inc");
42			require_once("functions.inc");
43			require_once("filter.inc");
44			require_once("shaper.inc");
45			require_once("captiveportal.inc");
46	5b237745	Scott Ullrich
47	b4792bf8	Ermal	$cpzone = $_GET['zone'];
48			if (isset($_POST['zone']))
49			$cpzone = $_POST['zone'];
50	6fde5a1e	Carlos Eduardo Ramos
51	287f7e26	Ermal	if (empty($cpzone) \|\| empty($config['captiveportal'][$cpzone])) {
52	060bc78b	Renato Botelho	header("Location: services_captiveportal_zones.php");
53			exit;
54	5b237745	Scott Ullrich	}
55
56	b4792bf8	Ermal	if (!is_array($config['captiveportal']))
57			$config['captiveportal'] = array();
58			$a_cp =& $config['captiveportal'];
59
60			$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']);
61	b32dd0a6	jim-p	$shortcut_section = "captiveportal";
62	b4792bf8	Ermal
63	5b237745	Scott Ullrich	if ($_GET['act'] == "viewhtml") {
64	a636682d	bcyrill	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext'])
65			echo base64_decode($a_cp[$cpzone]['page']['htmltext']);
66	5b237745	Scott Ullrich	exit;
67			} else if ($_GET['act'] == "viewerrhtml") {
68	a636682d	bcyrill	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext'])
69			echo base64_decode($a_cp[$cpzone]['page']['errtext']);
70	5b237745	Scott Ullrich	exit;
71	5b87b24e	Ermal	} else if ($_GET['act'] == "viewlogouthtml") {
72	a636682d	bcyrill	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext'])
73			echo base64_decode($a_cp[$cpzone]['page']['logouttext']);
74	5b87b24e	Ermal	exit;
75	5b237745	Scott Ullrich	}
76
77	36f6ed35	bcyrill	if (!is_array($config['ca']))
78			$config['ca'] = array();
79
80			$a_ca =& $config['ca'];
81
82			if (!is_array($config['cert']))
83			$config['cert'] = array();
84
85			$a_cert =& $config['cert'];
86
87	a636682d	bcyrill	if ($a_cp[$cpzone]) {
88	b4792bf8	Ermal	$pconfig['zoneid'] = $a_cp[$cpzone]['zoneid'];
89			$pconfig['cinterface'] = $a_cp[$cpzone]['interface'];
90			$pconfig['maxproc'] = $a_cp[$cpzone]['maxproc'];
91			$pconfig['maxprocperip'] = $a_cp[$cpzone]['maxprocperip'];
92			$pconfig['timeout'] = $a_cp[$cpzone]['timeout'];
93			$pconfig['idletimeout'] = $a_cp[$cpzone]['idletimeout'];
94			$pconfig['freelogins_count'] = $a_cp[$cpzone]['freelogins_count'];
95			$pconfig['freelogins_resettimeout'] = $a_cp[$cpzone]['freelogins_resettimeout'];
96			$pconfig['freelogins_updatetimeouts'] = isset($a_cp[$cpzone]['freelogins_updatetimeouts']);
97			$pconfig['enable'] = isset($a_cp[$cpzone]['enable']);
98			$pconfig['auth_method'] = $a_cp[$cpzone]['auth_method'];
99	a8cb0038	Renato Botelho	$pconfig['localauth_priv'] = isset($a_cp[$cpzone]['localauth_priv']);
100	b4792bf8	Ermal	$pconfig['radacct_enable'] = isset($a_cp[$cpzone]['radacct_enable']);
101			$pconfig['radmac_enable'] = isset($a_cp[$cpzone]['radmac_enable']);
102			$pconfig['radmac_secret'] = $a_cp[$cpzone]['radmac_secret'];
103			$pconfig['reauthenticate'] = isset($a_cp[$cpzone]['reauthenticate']);
104			$pconfig['reauthenticateacct'] = $a_cp[$cpzone]['reauthenticateacct'];
105			$pconfig['httpslogin_enable'] = isset($a_cp[$cpzone]['httpslogin']);
106			$pconfig['httpsname'] = $a_cp[$cpzone]['httpsname'];
107			$pconfig['preauthurl'] = strtolower($a_cp[$cpzone]['preauthurl']);
108	36f6ed35	bcyrill	$pconfig['certref'] = $a_cp[$cpzone]['certref'];
109	b4792bf8	Ermal	$pconfig['logoutwin_enable'] = isset($a_cp[$cpzone]['logoutwin_enable']);
110			$pconfig['peruserbw'] = isset($a_cp[$cpzone]['peruserbw']);
111			$pconfig['bwdefaultdn'] = $a_cp[$cpzone]['bwdefaultdn'];
112			$pconfig['bwdefaultup'] = $a_cp[$cpzone]['bwdefaultup'];
113			$pconfig['nomacfilter'] = isset($a_cp[$cpzone]['nomacfilter']);
114			$pconfig['noconcurrentlogins'] = isset($a_cp[$cpzone]['noconcurrentlogins']);
115	060bc78b	Renato Botelho	$pconfig['radius_protocol'] = $a_cp[$cpzone]['radius_protocol'];
116	b4792bf8	Ermal	$pconfig['redirurl'] = $a_cp[$cpzone]['redirurl'];
117			$pconfig['radiusip'] = $a_cp[$cpzone]['radiusip'];
118			$pconfig['radiusip2'] = $a_cp[$cpzone]['radiusip2'];
119	ebc0e4b6	Ermal	$pconfig['radiusip3'] = $a_cp[$cpzone]['radiusip3'];
120			$pconfig['radiusip4'] = $a_cp[$cpzone]['radiusip4'];
121	b4792bf8	Ermal	$pconfig['radiusport'] = $a_cp[$cpzone]['radiusport'];
122			$pconfig['radiusport2'] = $a_cp[$cpzone]['radiusport2'];
123	ebc0e4b6	Ermal	$pconfig['radiusport3'] = $a_cp[$cpzone]['radiusport3'];
124			$pconfig['radiusport4'] = $a_cp[$cpzone]['radiusport4'];
125	b4792bf8	Ermal	$pconfig['radiusacctport'] = $a_cp[$cpzone]['radiusacctport'];
126			$pconfig['radiuskey'] = $a_cp[$cpzone]['radiuskey'];
127			$pconfig['radiuskey2'] = $a_cp[$cpzone]['radiuskey2'];
128	ebc0e4b6	Ermal	$pconfig['radiuskey3'] = $a_cp[$cpzone]['radiuskey3'];
129			$pconfig['radiuskey4'] = $a_cp[$cpzone]['radiuskey4'];
130	b4792bf8	Ermal	$pconfig['radiusvendor'] = $a_cp[$cpzone]['radiusvendor'];
131			$pconfig['radiussession_timeout'] = isset($a_cp[$cpzone]['radiussession_timeout']);
132			$pconfig['radiussrcip_attribute'] = $a_cp[$cpzone]['radiussrcip_attribute'];
133			$pconfig['passthrumacadd'] = isset($a_cp[$cpzone]['passthrumacadd']);
134			$pconfig['passthrumacaddusername'] = isset($a_cp[$cpzone]['passthrumacaddusername']);
135			$pconfig['radmac_format'] = $a_cp[$cpzone]['radmac_format'];
136	720498a0	Michael Newton	$pconfig['reverseacct'] = isset($a_cp[$cpzone]['reverseacct']);
137	4cc94535	Michael Newton	$pconfig['radiusnasid'] = $a_cp[$cpzone]['radiusnasid'];
138	b4792bf8	Ermal	$pconfig['page'] = array();
139			if ($a_cp[$cpzone]['page']['htmltext'])
140			$pconfig['page']['htmltext'] = $a_cp[$cpzone]['page']['htmltext'];
141			if ($a_cp[$cpzone]['page']['errtext'])
142			$pconfig['page']['errtext'] = $a_cp[$cpzone]['page']['errtext'];
143			if ($a_cp[$cpzone]['page']['logouttext'])
144			$pconfig['page']['logouttext'] = $a_cp[$cpzone]['page']['logouttext'];
145			}
146	5b237745	Scott Ullrich
147			if ($_POST) {
148
149			unset($input_errors);
150			$pconfig = $_POST;
151
152			/* input validation */
153			if ($_POST['enable']) {
154	b4792bf8	Ermal	$reqdfields = explode(" ", "zone cinterface");
155			$reqdfieldsn = array(gettext("Zone name"), gettext("Interface"));
156	a5c0b6c7	Scott Ullrich
157	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
158	a5c0b6c7	Scott Ullrich
159	b4792bf8	Ermal	/* make sure no interfaces are bridged or used on other zones */
160			if (is_array($_POST['cinterface'])) {
161			foreach ($pconfig['cinterface'] as $cpbrif) {
162	3e4f5a33	jim-p	if (link_interface_to_bridge($cpbrif))
163			$input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif);
164	b4792bf8	Ermal	foreach ($a_cp as $cpkey => $cp) {
165			if ($cpkey != $cpzone \|\| empty($cpzone)) {
166			if (in_array($cpbrif, explode(",", $cp['interface'])))
167			$input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is used already on %s instance."), $cpbrif, $cp['zone']);
168			}
169			}
170			}
171			}
172	a5c0b6c7	Scott Ullrich
173	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
174	060bc78b	Renato Botelho	if (!$_POST['certref']) {
175	36f6ed35	bcyrill	$input_errors[] = gettext("Certificate must be specified for HTTPS login.");
176	5b237745	Scott Ullrich	}
177			if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
178	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login.");
179	5b237745	Scott Ullrich	}
180			}
181			}
182	a5c0b6c7	Scott Ullrich
183	e680b2f9	Renato Botelho	if ($_POST['timeout']) {
184			if (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))
185			$input_errors[] = gettext("The timeout must be at least 1 minute.");
186			else if (isset($config['dhcpd']) && is_array($config['dhcpd'])) {
187			foreach ($config['dhcpd'] as $dhcpd_if => $dhcpd_data) {
188			if (!isset($dhcpd_data['enable']))
189			continue;
190			if (!is_array($_POST['cinterface']) \|\| !in_array($dhcpd_if, $_POST['cinterface']))
191			continue;
192
193			$deftime = 7200; // Default lease time
194			if (isset($dhcpd_data['defaultleasetime']) && is_numeric($dhcpd_data['defaultleasetime']))
195			$deftime = $dhcpd_data['defaultleasetime'];
196
197			if ($_POST['timeout'] > $deftime)
198			$input_errors[] = gettext("Hard timeout must be less or equal Default lease time set on DHCP Server");
199			}
200			}
201	5b237745	Scott Ullrich	}
202			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
203	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The idle timeout must be at least 1 minute.");
204	5b237745	Scott Ullrich	}
205	03552507	Erik Fonnesbeck	if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) {
206	49f61a1c	Erik Fonnesbeck	$input_errors[] = gettext("The pass-through credit count must be a number or left blank.");
207			} else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) {
208			if (empty($_POST['freelogins_resettimeout']) \|\| !is_numeric($_POST['freelogins_resettimeout']) \|\| ($_POST['freelogins_resettimeout'] <= 0)) {
209			$input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours.");
210			}
211	03552507	Erik Fonnesbeck	}
212	5b237745	Scott Ullrich	if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
213	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']);
214	5b237745	Scott Ullrich	}
215	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
216	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']);
217	0bd34ed6	Scott Ullrich	}
218	ebc0e4b6	Ermal	if (($_POST['radiusip3'] && !is_ipaddr($_POST['radiusip3']))) {
219			$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip3']);
220			}
221			if (($_POST['radiusip4'] && !is_ipaddr($_POST['radiusip4']))) {
222			$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip4']);
223			}
224	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
225	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']);
226	5b237745	Scott Ullrich	}
227	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
228	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']);
229	0bd34ed6	Scott Ullrich	}
230	ebc0e4b6	Ermal	if (($_POST['radiusport3'] && !is_port($_POST['radiusport3']))) {
231			$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport3']);
232			}
233			if (($_POST['radiusport4'] && !is_port($_POST['radiusport4']))) {
234			$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport4']);
235			}
236	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
237	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']);
238	0bd34ed6	Scott Ullrich	}
239	b4792bf8	Ermal	if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
240	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum.");
241	5b237745	Scott Ullrich	}
242	89b1c40c	Michael Newton	if (trim($_POST['radiusnasid']) !== "" && !preg_match("/^[\x21-\x7e]{3,253}$/i", trim($_POST['radiusnasid']))) {
243			$input_errors[] = gettext("The NAS-Identifier must be 3-253 characters long and should only contain ASCII characters.");
244			}
245	5b237745	Scott Ullrich
246			if (!$input_errors) {
247	b4792bf8	Ermal	$newcp =& $a_cp[$cpzone];
248			//$newcp['zoneid'] = $a_cp[$cpzone]['zoneid'];
249			if (empty($newcp['zoneid'])) {
250			$newcp['zoneid'] = 8000;
251			foreach ($a_cp as $keycpzone => $cp)
252			if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone)
253			$newcp['zoneid'] += 2; /* Resreve space for SSL config if needed */
254			}
255	13e64b47	Ermal	$oldifaces = explode(",", $newcp['interface']);
256	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
257	b4792bf8	Ermal	$newcp['interface'] = implode(",", $_POST['cinterface']);
258			$newcp['maxproc'] = $_POST['maxproc'];
259			$newcp['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
260			$newcp['timeout'] = $_POST['timeout'];
261			$newcp['idletimeout'] = $_POST['idletimeout'];
262			$newcp['freelogins_count'] = $_POST['freelogins_count'];
263			$newcp['freelogins_resettimeout'] = $_POST['freelogins_resettimeout'];
264			$newcp['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false;
265			if ($_POST['enable'])
266			$newcp['enable'] = true;
267			else
268			unset($newcp['enable']);
269			$newcp['auth_method'] = $_POST['auth_method'];
270	a8cb0038	Renato Botelho	$newcp['localauth_priv'] = isset($_POST['localauth_priv']);
271	b4792bf8	Ermal	$newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
272			$newcp['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
273			$newcp['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
274			$newcp['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
275			$newcp['reauthenticateacct'] = $_POST['reauthenticateacct'];
276	f3bea667	bcyrill	if ($_POST['httpslogin_enable'])
277	20789ec9	bcyrill	$newcp['httpslogin'] = true;
278			else
279			unset($newcp['httpslogin']);
280	b4792bf8	Ermal	$newcp['httpsname'] = $_POST['httpsname'];
281			$newcp['preauthurl'] = $_POST['preauthurl'];
282			$newcp['peruserbw'] = $_POST['peruserbw'] ? true : false;
283			$newcp['bwdefaultdn'] = $_POST['bwdefaultdn'];
284			$newcp['bwdefaultup'] = $_POST['bwdefaultup'];
285	36f6ed35	bcyrill	$newcp['certref'] = $_POST['certref'];
286	b4792bf8	Ermal	$newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
287			$newcp['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
288			$newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
289	060bc78b	Renato Botelho	$newcp['radius_protocol'] = $_POST['radius_protocol'];
290	b4792bf8	Ermal	$newcp['redirurl'] = $_POST['redirurl'];
291	ebc0e4b6	Ermal	if (isset($_POST['radiusip']))
292	13a45484	Cyrill Bannwart	$newcp['radiusip'] = $_POST['radiusip'];
293	ebc0e4b6	Ermal	else
294	5c0d5003	Ermal	unset($newcp['radiusip']);
295	ebc0e4b6	Ermal	if (isset($_POST['radiusip2']))
296	13a45484	Cyrill Bannwart	$newcp['radiusip2'] = $_POST['radiusip2'];
297	ebc0e4b6	Ermal	else
298	13a45484	Cyrill Bannwart	unset($newcp['radiusip2']);
299	ebc0e4b6	Ermal	if (isset($_POST['radiusip3']))
300	13a45484	Cyrill Bannwart	$newcp['radiusip3'] = $_POST['radiusip3'];
301	ebc0e4b6	Ermal	else
302	13a45484	Cyrill Bannwart	unset($newcp['radiusip3']);
303	ebc0e4b6	Ermal	if (isset($_POST['radiusip4']))
304	13a45484	Cyrill Bannwart	$newcp['radiusip4'] = $_POST['radiusip4'];
305	ebc0e4b6	Ermal	else
306	13a45484	Cyrill Bannwart	unset($newcp['radiusip4']);
307	b4792bf8	Ermal	$newcp['radiusport'] = $_POST['radiusport'];
308			$newcp['radiusport2'] = $_POST['radiusport2'];
309	ebc0e4b6	Ermal	if (isset($_POST['radiusport3']))
310	13a45484	Cyrill Bannwart	$newcp['radiusport3'] = $_POST['radiusport3'];
311	ebc0e4b6	Ermal	if (isset($_POST['radiusport4']))
312	13a45484	Cyrill Bannwart	$newcp['radiusport4'] = $_POST['radiusport4'];
313	b4792bf8	Ermal	$newcp['radiusacctport'] = $_POST['radiusacctport'];
314			$newcp['radiuskey'] = $_POST['radiuskey'];
315			$newcp['radiuskey2'] = $_POST['radiuskey2'];
316	ebc0e4b6	Ermal	$newcp['radiuskey3'] = $_POST['radiuskey3'];
317			$newcp['radiuskey4'] = $_POST['radiuskey4'];
318	b4792bf8	Ermal	$newcp['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
319			$newcp['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
320			$newcp['radiussrcip_attribute'] = $_POST['radiussrcip_attribute'];
321			$newcp['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
322			$newcp['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
323			$newcp['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
324	720498a0	Michael Newton	$newcp['reverseacct'] = $_POST['reverseacct'] ? true : false;
325	4cc94535	Michael Newton	$newcp['radiusnasid'] = trim($_POST['radiusnasid']);
326	b4792bf8	Ermal	if (!is_array($newcp['page']))
327			$newcp['page'] = array();
328	a5c0b6c7	Scott Ullrich
329	5b237745	Scott Ullrich	/* file upload? */
330			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
331	b4792bf8	Ermal	$newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
332	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
333	b4792bf8	Ermal	$newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
334	5b87b24e	Ermal	if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
335	b4792bf8	Ermal	$newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
336	a5c0b6c7	Scott Ullrich
337	5b237745	Scott Ullrich	write_config();
338	a5c0b6c7	Scott Ullrich
339	13e64b47	Ermal	/* Clear up unselected interfaces */
340			$newifaces = explode(",", $newcp['interface']);
341			$toremove = array_diff($oldifaces, $newifaces);
342			if (!empty($toremove)) {
343			foreach ($toremove as $removeif) {
344			$removeif = get_real_interface($removeif);
345			mwexec("/usr/local/sbin/ipfw_context -d {$cpzone} -x {$removeif}");
346			}
347			}
348	b4792bf8	Ermal	captiveportal_configure_zone($newcp);
349	13e64b47	Ermal	unset($newcp, $newifaces, $toremove);
350	b4792bf8	Ermal	filter_configure();
351			header("Location: services_captiveportal_zones.php");
352	060bc78b	Renato Botelho	exit;
353	b4792bf8	Ermal	} else {
354	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
355			$pconfig['cinterface'] = implode(",", $_POST['cinterface']);
356	5b237745	Scott Ullrich	}
357			}
358	3d4bd975	Scott Ullrich	include("head.inc");
359	5b237745	Scott Ullrich	?>
360			<script language="JavaScript">
361			<!--
362			function enable_change(enable_change) {
363	0bd34ed6	Scott Ullrich	var endis, radius_endis;
364	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
365	a8cb0038	Renato Botelho	localauth_endis = !((!endis && document.iform.auth_method[1].checked) \|\| enable_change);
366	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
367	36f6ed35	bcyrill	https_endis = !((!endis && document.iform.httpslogin_enable.checked) \|\| enable_change);
368	a5c0b6c7	Scott Ullrich
369	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
370	b4792bf8	Ermal	//document.iform.maxproc.disabled = endis;
371	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
372	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
373	03552507	Erik Fonnesbeck	document.iform.freelogins_count.disabled = endis;
374			document.iform.freelogins_resettimeout.disabled = endis;
375			document.iform.freelogins_updatetimeouts.disabled = endis;
376	07bd3f83	Scott Ullrich	document.iform.timeout.disabled = endis;
377	f5adee3f	jim-p	document.iform.preauthurl.disabled = endis;
378	07bd3f83	Scott Ullrich	document.iform.redirurl.disabled = endis;
379	a8cb0038	Renato Botelho	document.iform.localauth_priv.disabled = localauth_endis;
380	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
381			document.iform.radiusip2.disabled = radius_endis;
382	ebc0e4b6	Ermal	document.iform.radiusip3.disabled = radius_endis;
383			document.iform.radiusip4.disabled = radius_endis;
384	0bd34ed6	Scott Ullrich	document.iform.radiusport.disabled = radius_endis;
385	164a1525	Scott Ullrich	document.iform.radiusport3.disabled = radius_endis;
386			document.iform.radiusport4.disabled = radius_endis;
387	0bd34ed6	Scott Ullrich	document.iform.radiusport2.disabled = radius_endis;
388			document.iform.radiuskey.disabled = radius_endis;
389			document.iform.radiuskey2.disabled = radius_endis;
390	ebc0e4b6	Ermal	document.iform.radiuskey3.disabled = radius_endis;
391			document.iform.radiuskey4.disabled = radius_endis;
392	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
393	f5fa7d5e	Ermal Luçi	document.iform.peruserbw.disabled = endis;
394			document.iform.bwdefaultdn.disabled = endis;
395			document.iform.bwdefaultup.disabled = endis;
396	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
397	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
398			document.iform.auth_method[1].disabled = endis;
399			document.iform.auth_method[2].disabled = endis;
400	b3765f4c	Roberto Nunnari	document.iform.radius_protocol[0].disabled = radius_endis;
401			document.iform.radius_protocol[1].disabled = radius_endis;
402			document.iform.radius_protocol[2].disabled = radius_endis;
403			document.iform.radius_protocol[3].disabled = radius_endis;
404	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
405	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
406	d11c1f93	sullrich	document.iform.radmac_format.disabled = radius_endis;
407	36f6ed35	bcyrill	document.iform.httpsname.disabled = https_endis;
408			document.iform.certref.disabled = https_endis;
409	07bd3f83	Scott Ullrich	document.iform.logoutwin_enable.disabled = endis;
410	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
411	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
412			document.iform.radiusvendor.disabled = radius_endis;
413	2342bfb0	Ermal Lu?i	document.iform.radiussession_timeout.disabled = radius_endis;
414	822b687b	Ermal	document.iform.radiussrcip_attribute.disabled = radius_endis;
415	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
416			document.iform.errfile.disabled = endis;
417	5b87b24e	Ermal	document.iform.logoutfile.disabled = endis;
418	a5c0b6c7	Scott Ullrich
419	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
420	a5c0b6c7	Scott Ullrich
421	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
422	a5c0b6c7	Scott Ullrich
423	88adfa28	Warren Baker	var radacct_dis = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
424			document.iform.reauthenticateacct[0].disabled = radacct_dis;
425			document.iform.reauthenticateacct[1].disabled = radacct_dis;
426			document.iform.reauthenticateacct[2].disabled = radacct_dis;
427	720498a0	Michael Newton	document.iform.reverseacct.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
428	4cc94535	Michael Newton	document.iform.radiusnasid.disabled = radius_endis;
429	5b237745	Scott Ullrich	}
430			//-->
431			</script>
432	93588e1a	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
433	ccb55b27	Darren Embry	<?php include("fbegin.inc"); ?>
434	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
435			<?php if ($savemsg) print_info_box($savemsg); ?>
436			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
437			<table width="100%" border="0" cellpadding="0" cellspacing="0">
438	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
439	64b85ffe	Scott Ullrich	<?php
440			$tab_array = array();
441	b4792bf8	Ermal	$tab_array[] = array(gettext("Captive portal(s)"), true, "services_captiveportal.php?zone={$cpzone}");
442			$tab_array[] = array(gettext("Pass-through MAC"), false, "services_captiveportal_mac.php?zone={$cpzone}");
443			$tab_array[] = array(gettext("Allowed IP addresses"), false, "services_captiveportal_ip.php?zone={$cpzone}");
444	060bc78b	Renato Botelho	$tab_array[] = array(gettext("Allowed Hostnames"), false, "services_captiveportal_hostname.php?zone={$cpzone}");
445	b4792bf8	Ermal	$tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_vouchers.php?zone={$cpzone}");
446			$tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}");
447	9592c132	Scott Ullrich	display_top_tabs($tab_array, true);
448	0bd34ed6	Scott Ullrich	?> </td></tr>
449	5b237745	Scott Ullrich	<tr>
450	c980716e	Scott Ullrich	<td class="tabcont">
451			<table width="100%" border="0" cellpadding="6" cellspacing="0">
452	a5c0b6c7	Scott Ullrich	<tr>
453	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
454			<td width="78%" class="vtable">
455			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
456	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable captive portal"); ?> </strong></td>
457	5b237745	Scott Ullrich	</tr>
458	a5c0b6c7	Scott Ullrich	<tr>
459	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interfaces"); ?></td>
460	5b237745	Scott Ullrich	<td width="78%" class="vtable">
461	d823b81c	sullrich	<select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface">
462	060bc78b	Renato Botelho	<?php
463	fbb45bb0	Ermal Luçi	$interfaces = get_configured_interface_with_descr();
464	17103056	Ermal	$cselected = explode(",", $pconfig['cinterface']);
465	c980716e	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
466	17103056	Ermal	<option value="<?=$iface;?>" <?php if (in_array($iface, $cselected)) echo "selected"; ?>>
467			<?=htmlspecialchars($ifacename);?>
468			</option>
469	5b237745	Scott Ullrich	<?php endforeach; ?>
470			</select> <br>
471	16457bdd	Renato Botelho	<span class="vexpl"><?=gettext("Select the interface(s) to enable for captive portal."); ?></span></td>
472	5b237745	Scott Ullrich	</tr>
473	4362e48a	Scott Ullrich	<tr>
474	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Maximum concurrent connections"); ?></td>
475	4362e48a	Scott Ullrich	<td class="vtable">
476			<table cellpadding="0" cellspacing="0">
477			<tr>
478	b4792bf8	Ermal	<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5" value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client IP address (0 = no limit)"); ?></td>
479	4362e48a	Scott Ullrich	</tr>
480			</table>
481	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in " .
482			"to the captive portal, but rather how many users can load the portal page or authenticate at the same time! " .
483	4dc04853	Ermal	"Possible setting allowed is: minimum 4 connections per client IP address, with a total maximum of 100 connections."); ?></td>
484	4362e48a	Scott Ullrich	</tr>
485	5b237745	Scott Ullrich	<tr>
486	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Idle timeout"); ?></td>
487	5b237745	Scott Ullrich	<td class="vtable">
488	b5c78501	Seth Mos	<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
489	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
490	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout."); ?></td>
491	5b237745	Scott Ullrich	</tr>
492	a5c0b6c7	Scott Ullrich	<tr>
493	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Hard timeout"); ?></td>
494	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
495	b5c78501	Seth Mos	<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
496	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
497	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td>
498	5b237745	Scott Ullrich	</tr>
499	03552507	Erik Fonnesbeck	<tr>
500	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td>
501	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
502			<input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>">
503			<?=gettext("per client MAC address (0 or blank = none)"); ?><br>
504			<?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?></td>
505			</tr>
506			<tr>
507	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td>
508	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
509			<input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>">
510			<?=gettext("hours"); ?><br>
511	49f61a1c	Erik Fonnesbeck	<?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?></td>
512	03552507	Erik Fonnesbeck	</tr>
513			<tr>
514	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td>
515	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
516			<input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if($pconfig['freelogins_updatetimeouts']) echo "checked"; ?>>
517			<strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br>
518	49f61a1c	Erik Fonnesbeck	<?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td>
519	03552507	Erik Fonnesbeck	</tr>
520	a5c0b6c7	Scott Ullrich	<tr>
521	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td>
522	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
523	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
524	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable logout popup window"); ?></strong><br>
525	16457bdd	Renato Botelho	<?=gettext("If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs."); ?></td>
526	5b237745	Scott Ullrich	</tr>
527	a00e1d89	Scott Ullrich	<tr>
528			<td valign="top" class="vncell"><?=gettext("Pre-authentication redirect URL"); ?> </td>
529			<td class="vtable">
530			<input name="preauthurl" type="text" class="formfld url" id="preauthurl" size="60" value="<?=htmlspecialchars($pconfig['preauthurl']);?>"><br>
531	060bc78b	Renato Botelho	<?php printf(gettext("Use this field to set \$PORTAL_REDIRURL\$ variable which can be accessed using your custom captive portal index.php page or error pages."));?>
532	a00e1d89	Scott Ullrich	</td>
533			</tr>
534	5b237745	Scott Ullrich	<tr>
535	ecc19349	Scott Ullrich	<td valign="top" class="vncell"><?=gettext("After authentication Redirection URL"); ?></td>
536	5b237745	Scott Ullrich	<td class="vtable">
537	b5c78501	Seth Mos	<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
538	5b237745	Scott Ullrich	<br>
539	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried " .
540	16457bdd	Renato Botelho	"to access after they've authenticated."); ?></td>
541	5b237745	Scott Ullrich	</tr>
542			<tr>
543	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td>
544	0bd34ed6	Scott Ullrich	<td class="vtable">
545			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
546	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable concurrent logins"); ?></strong><br>
547	16457bdd	Renato Botelho	<?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?></td>
548	0bd34ed6	Scott Ullrich	</tr>
549			<tr>
550	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("MAC filtering"); ?> </td>
551	c980716e	Scott Ullrich	<td class="vtable">
552			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
553	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable MAC filtering"); ?></strong><br>
554			<?=gettext("If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in." .
555	16457bdd	Renato Botelho	"This is required when the MAC address of the client cannot be determined (usually because there are routers between"); ?> <?php echo $g['product_name'] ?> <?=gettext("and the clients)."); ?>
556			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used."); ?></td>
557	7e587bdb	Scott Ullrich	</tr>
558			<tr>
559	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Pass-through MAC Auto Entry"); ?></td>
560	6ce61a8f	Ermal	<td class="vtable">
561			<input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>>
562	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic additions"); ?></strong><br>
563	060bc78b	Renato Botelho	<?=gettext("If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again."); ?>
564	16457bdd	Renato Botelho	<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("Pass-through MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
565			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown."); ?>
566	1c291e64	Ermal	<br/><br/>
567			<input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
568	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic addition with username"); ?></strong><br>
569	16457bdd	Renato Botelho	<?=gettext("If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved."); ?>
570			<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("Pass-through MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
571	1c291e64	Ermal	</td>
572	6ce61a8f	Ermal	</tr>
573			<tr>
574	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td>
575	7e587bdb	Scott Ullrich	<td class="vtable">
576			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
577	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable per-user bandwidth restriction"); ?></strong><br><br>
578	7e587bdb	Scott Ullrich	<table cellpadding="0" cellspacing="0">
579			<tr>
580	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default download"); ?></td>
581			<td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> <?=gettext("Kbit/s"); ?></td>
582	7e587bdb	Scott Ullrich	</tr>
583			<tr>
584	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default upload"); ?></td>
585			<td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> <?=gettext("Kbit/s"); ?></td>
586	7e587bdb	Scott Ullrich	</tr></table>
587			<br>
588	16457bdd	Renato Botelho	<?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> </td>
589	7e587bdb	Scott Ullrich	</tr>
590	a5c0b6c7	Scott Ullrich	<tr>
591	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td>
592	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
593	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
594			<tr>
595	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
596	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("No Authentication"); ?></td>
597	a8cb0038	Renato Botelho	</tr>
598	c980716e	Scott Ullrich	<tr>
599	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
600	58f963d0	Scott Ullrich	<?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td>
601	a8cb0038	Renato Botelho	</tr>
602			</tr><tr>
603			<td> </td>
604			<td> </td>
605			</tr>
606	c980716e	Scott Ullrich	<tr>
607	a8cb0038	Renato Botelho	<td> </td>
608			<td><input name="localauth_priv" type="checkbox" id="localauth_priv" value="yes" onClick="enable_change(false)" <?php if($pconfig['localauth_priv']=="yes") echo "checked"; ?>>
609			<?=gettext("Allow only users/groups with 'Captive portal login' privilege set"); ?></td>
610			</tr><tr>
611	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
612	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("RADIUS Authentication"); ?></td>
613	a8cb0038	Renato Botelho	</tr><tr>
614	c980716e	Scott Ullrich	<td> </td>
615			<td> </td>
616	a8cb0038	Renato Botelho	</tr>
617	b3765f4c	Roberto Nunnari	<td width="22%" valign="top" class="vncell"><?=gettext("Radius Protocol"); ?></td>
618			<td width="78%" class="vtable">
619			<table cellpadding="0" cellspacing="0">
620			<tr>
621			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="PAP" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']!="CHAP_MD5" && $pconfig['radius_protocol']!="MSCHAPv1" && $pconfig['radius_protocol']!="MSCHAPv2") echo "checked"; ?>>
622			<?=gettext("PAP"); ?></td>
623			</tr>
624			<tr>
625			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="CHAP_MD5" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="CHAP_MD5") echo "checked"; ?>>
626			<?=gettext("CHAP_MD5"); ?></td>
627			</tr>
628			<tr>
629			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv1" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv1") echo "checked"; ?>>
630			<?=gettext("MSCHAPv1"); ?></td>
631			</tr>
632			<tr>
633			<td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv2" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv2") echo "checked"; ?>>
634			<?=gettext("MSCHAPv2"); ?></td>
635			</tr><tr>
636			<td> </td>
637			<td> </td>
638			</tr>
639			</table>
640			</tr><tr>
641			<td> </td>
642			<td> </td>
643			</tr>
644			</table>
645	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
646	e12c63db	Darren Embry	<tr>
647			<td colspan="2" valign="top" class="listtopic">Primary Authentication Source</td>
648			</tr>
649			<tr>
650			<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td>
651	0bd34ed6	Scott Ullrich	</tr>
652			<tr>
653	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
654	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
655	16457bdd	Renato Botelho	<?=gettext("Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against."); ?></td>
656	0bd34ed6	Scott Ullrich	</tr>
657			<tr>
658	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
659	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
660	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to use the default port (1812)."); ?></td>
661	0bd34ed6	Scott Ullrich	</tr>
662			<tr>
663	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
664	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
665	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to not use a RADIUS shared secret (not recommended)."); ?></td>
666	0bd34ed6	Scott Ullrich	</tr>
667	a5c0b6c7	Scott Ullrich	<tr>
668	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
669			</tr>
670			<tr>
671	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td>
672	0bd34ed6	Scott Ullrich	</tr>
673			<tr>
674	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
675	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
676	16457bdd	Renato Botelho	<?=gettext("If you have a second RADIUS server, you can activate it by entering its IP address here."); ?></td>
677	0bd34ed6	Scott Ullrich	</tr>
678			<tr>
679	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
680	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
681	0bd34ed6	Scott Ullrich	</tr>
682			<tr>
683	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
684	0b704a40	Ermal	<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
685	0bd34ed6	Scott Ullrich	</tr>
686			<tr>
687			<td colspan="2" class="list" height="12"></td>
688			</tr>
689	ebc0e4b6	Ermal	<tr>
690	e12c63db	Darren Embry	<td colspan="2" valign="top" class="listtopic">Secondary Authentication Source</td>
691			</tr>
692			<tr>
693			<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td>
694	ebc0e4b6	Ermal	</tr>
695			<tr>
696			<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
697			<td class="vtable"><input name="radiusip3" type="text" class="formfld unknown" id="radiusip3" size="20" value="<?=htmlspecialchars($pconfig['radiusip3']);?>"><br>
698	d568e38d	Scott Ullrich	<?=gettext("If you have a third RADIUS server, you can activate it by entering its IP address here."); ?></td>
699	ebc0e4b6	Ermal	</tr>
700			<tr>
701			<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
702			<td class="vtable"><input name="radiusport3" type="text" class="formfld unknown" id="radiusport3" size="5" value="<?=htmlspecialchars($pconfig['radiusport3']);?>"></td>
703			</tr>
704			<tr>
705			<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
706			<td class="vtable"><input name="radiuskey3" type="text" class="formfld unknown" id="radiuskey3" size="16" value="<?=htmlspecialchars($pconfig['radiuskey3']);?>"></td>
707			</tr>
708			<tr>
709			<td colspan="2" class="list" height="12"></td>
710			</tr>
711			<tr>
712	e12c63db	Darren Embry	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td>
713	ebc0e4b6	Ermal	</tr>
714			<tr>
715			<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
716			<td class="vtable"><input name="radiusip4" type="text" class="formfld unknown" id="radiusip4" size="20" value="<?=htmlspecialchars($pconfig['radiusip4']);?>"><br>
717	d568e38d	Scott Ullrich	<?=gettext("If you have a fourth RADIUS server, you can activate it by entering its IP address here."); ?></td>
718	ebc0e4b6	Ermal	</tr>
719			<tr>
720			<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
721			<td class="vtable"><input name="radiusport4" type="text" class="formfld unknown" id="radiusport4" size="5" value="<?=htmlspecialchars($pconfig['radiusport4']);?>"></td>
722			</tr>
723			<tr>
724			<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
725			<td class="vtable"><input name="radiuskey4" type="text" class="formfld unknown" id="radiuskey4" size="16" value="<?=htmlspecialchars($pconfig['radiuskey4']);?>"></td>
726			</tr>
727			<tr>
728			<td colspan="2" class="list" height="12"></td>
729			</tr>
730	e12c63db	Darren Embry	<tr>
731	4cc94535	Michael Newton	<td colspan="2" valign="top" class="listtopic"><?=gettext("Accounting"); ?></td>
732	856e58a6	Scott Ullrich	</tr>
733			<tr>
734			<td class="vncell"> </td>
735			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
736	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("send RADIUS accounting packets"); ?></strong><br>
737	16457bdd	Renato Botelho	<?=gettext("If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server."); ?></td>
738	856e58a6	Scott Ullrich	</tr>
739			<tr>
740	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting port"); ?></td>
741	b5c78501	Seth Mos	<td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
742	16457bdd	Renato Botelho	<?=gettext("Leave blank to use the default port (1813)."); ?></td>
743	856e58a6	Scott Ullrich	</tr>
744			<tr>
745			<td colspan="2" class="list" height="12"></td>
746			</tr>
747			<tr>
748	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td>
749	856e58a6	Scott Ullrich	<td class="vtable">
750	6fde5a1e	Carlos Eduardo Ramos	<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> <?=gettext("no accounting updates"); ?><br>
751			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> <?=gettext("stop/start accounting"); ?><br>
752			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> <?=gettext("interim update"); ?>
753	856e58a6	Scott Ullrich	</td>
754			</tr>
755			<tr>
756			<td colspan="2" class="list" height="12"></td>
757			</tr>
758	0bd34ed6	Scott Ullrich	<tr>
759	d7fe2e7a	Michael Newton	<td colspan="2" valign="top" class="listtopic"><?=gettext("RADIUS options"); ?></td>
760	0bd34ed6	Scott Ullrich	</tr>
761			<tr>
762	d7fe2e7a	Michael Newton	<td class="vncell"><?=gettext("Reauthentication"); ?></td>
763			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
764			<strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br>
765			<?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " .
766			"logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td>
767			</tr>
768			<tr>
769			<td class=""><?=gettext("RADIUS MAC authentication"); ?></td>
770			<td class="">
771	6fde5a1e	Carlos Eduardo Ramos	<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br>
772			<?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " .
773	16457bdd	Renato Botelho	"entered below to the RADIUS server."); ?></td>
774	0bd34ed6	Scott Ullrich	</tr>
775			<tr>
776	d7fe2e7a	Michael Newton	<td class="vncell"><?=gettext("MAC authentication secret"); ?></td>
777	b5c78501	Seth Mos	<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
778	0bd34ed6	Scott Ullrich	</tr>
779	822b687b	Ermal	<tr>
780	d440e668	Chris Buechler	<td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td>
781	720498a0	Michael Newton	<td class="vtable">
782	822b687b	Ermal	<select name="radiussrcip_attribute" id="radiussrcip_attribute">
783			<?php $iflist = get_configured_interface_with_descr();
784			foreach ($iflist as $ifdesc => $ifdescr) {
785			$ipaddr = get_interface_ip($ifdesc);
786			if (is_ipaddr($ipaddr)) {
787			$selected = "";
788	50779708	Ermal	if ($ifdesc == $pconfig['radiussrcip_attribute'])
789	ebc0e4b6	Ermal	$selected= "selected";
790	822b687b	Ermal	echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n";
791			}
792			}
793	34e9ca60	Ermal	if (is_array($config['virtualip']['vip'])) {
794	060bc78b	Renato Botelho	foreach ($config['virtualip']['vip'] as $sn) {
795			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
796			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
797			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
798			$len = $end - $start;
799
800			for ($i = 0; $i <= $len; $i++) {
801			$snip = long2ip32($start+$i);
802			echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n";
803	34e9ca60	Ermal	}
804			} else
805	060bc78b	Renato Botelho	echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n";
806	34e9ca60	Ermal	}
807			}
808	822b687b	Ermal	?>
809			</select><br/>
810	375828d9	Chris Buechler	<?=gettext("Choose the IP to use for calling station attribute."); ?>
811	822b687b	Ermal	</td>
812			</tr>
813
814	0bd34ed6	Scott Ullrich	<tr>
815	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Session-Timeout"); ?></td>
816			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong><?=gettext("Use RADIUS Session-Timeout attributes"); ?></strong><br>
817	16457bdd	Renato Botelho	<?=gettext("When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute."); ?></td>
818	0bd34ed6	Scott Ullrich	</tr>
819	cf0542ac	Scott Ullrich
820	0bd34ed6	Scott Ullrich	<tr>
821	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Type"); ?></td>
822	0bd34ed6	Scott Ullrich	<td class="vtable"><select name="radiusvendor" id="radiusvendor">
823	eafb21b3	Phil Davis	<option value="default"><?php echo gettext("default"); ?></option>
824	a5c0b6c7	Scott Ullrich	<?php
825	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
826			foreach ($radiusvendors as $radiusvendor){
827			if ($pconfig['radiusvendor'] == $radiusvendor)
828			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
829			else
830			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
831			}
832			?></select><br>
833	3b7f0f53	Erik Fonnesbeck	<?php printf(gettext("If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and " .
834			"the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = %s's WAN IP address."),
835	16457bdd	Renato Botelho	$g['product_name']);?></td>
836	0bd34ed6	Scott Ullrich	</tr>
837	720498a0	Michael Newton
838			<tr>
839			<td class="vncell" valign="top"><?=gettext("Accounting Style"); ?></td>
840			<td class="vtable"><input name="reverseacct" type="checkbox" id="reverseacct" value="yes" <?php if ($pconfig['reverseacct']) echo "checked"; ?>><strong><?=gettext("Invert Acct-Input-Octets and Acct-Output-Octets"); ?></strong><br>
841			<?=gettext("When this is enabled, data counts for RADIUS accounting packets will be taken from the client perspective, not the NAS. Acct-Input-Octets will represent download, and Acct-Output-Octets will represent upload."); ?></td>
842			</tr>
843	4cc94535	Michael Newton
844			<tr>
845			<td class="vncell" valign="top"><?=gettext("NAS Identifier"); ?></td>
846	89b1c40c	Michael Newton	<td class="vtable"><input name="radiusnasid" type="text" maxlength="253" class="formfld unknown" id="radiusnasid" value="<?=htmlspecialchars($pconfig['radiusnasid']);?>"/><br/>
847			<?=gettext("Specify a NAS identifier to override the default value") . " (" . php_uname("n") . ")"; ?></td>
848	4cc94535	Michael Newton	</tr>
849	d7fe2e7a	Michael Newton	<tr>
850			<td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td>
851			<td class="vtable">
852			<select name="radmac_format" id="radmac_format">
853			<option value="default"><?php echo gettext("default"); ?></option>
854			<?php
855			$macformats = array("singledash","ietf","cisco","unformatted");
856			foreach ($macformats as $macformat) {
857			if ($pconfig['radmac_format'] == $macformat) {
858			echo "<option selected value=\"$macformat\">",gettext($macformat),"</option>\n";
859			} else {
860			echo "<option value=\"$macformat\">",gettext($macformat),"</option>\n";
861			}
862			}
863			?>
864			</select></br>
865			<?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?>
866			<?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br>
867			<?=gettext("default:"); ?> 00:11:22:33:44:55<br>
868			<?=gettext("singledash:"); ?> 001122-334455<br>
869			<?=gettext("ietf:"); ?> 00-11-22-33-44-55<br>
870			<?=gettext("cisco:"); ?> 0011.2233.4455<br>
871			<?=gettext("unformatted:"); ?> 001122334455
872			</td>
873			</tr>
874	0bd34ed6	Scott Ullrich	</table>
875	5b237745	Scott Ullrich	</tr>
876			<tr>
877	d7fe2e7a	Michael Newton	<td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td>
878			<td class="vtable">
879			<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
880			<strong><?=gettext("Enable HTTPS login"); ?></strong><br>
881			<?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name and certificate must also be specified below."); ?></td>
882	36f6ed35	bcyrill	</tr>
883	5b237745	Scott Ullrich	<tr>
884	d7fe2e7a	Michael Newton	<td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td>
885			<td class="vtable">
886			<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
887			<?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td>
888	36f6ed35	bcyrill	</tr>
889	adca02c4	bcyrill	<tr id="ssl_opts">
890			<td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td>
891			<td width="78%" class="vtable">
892			<?php if (count($a_cert)): ?>
893			<select name="certref" id="certref" class="formselect">
894			<?php
895			foreach($a_cert as $cert):
896			$selected = "";
897			if ($pconfig['certref'] == $cert['refid'])
898			$selected = "selected";
899			?>
900			<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option>
901			<?php endforeach; ?>
902			</select>
903			<?php else: ?>
904			<b><?=gettext("No Certificates defined."); ?></b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
905			<?php endif; ?>
906			</td>
907			</tr>
908	a5c0b6c7	Scott Ullrich	<tr>
909	adca02c4	bcyrill	<td width="22%" valign="top" class="vncell"><?=gettext("Portal page contents"); ?></td>
910			<td width="78%" class="vtable">
911	b5c78501	Seth Mos	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
912	16f5fe76	Scott Ullrich	<?php
913			list($host) = explode(":", $_SERVER['HTTP_HOST']);
914	470d24a3	Darren Embry	$zoneid = $pconfig['zoneid'] ? $pconfig['zoneid'] : 8000;
915	36f6ed35	bcyrill	if ($pconfig['httpslogin_enable']) {
916	470d24a3	Darren Embry	$port = $pconfig['listenporthttps'] ? $pconfig['listenporthttps'] : ($zoneid + 1);
917			$href = "https://{$host}:{$port}";
918	16f5fe76	Scott Ullrich	} else {
919	470d24a3	Darren Embry	$port = $pconfig['listenporthttp'] ? $pconfig['listenporthttp'] : $zoneid;
920			$href = "http://{$host}:{$port}";
921	a5c0b6c7	Scott Ullrich	}
922	16f5fe76	Scott Ullrich	?>
923	b4792bf8	Ermal	<?php if ($pconfig['page']['htmltext']): ?>
924	6fde5a1e	Carlos Eduardo Ramos	<a href="<?=$href?>" target="_new"><?=gettext("View current page"); ?></a>
925	5b237745	Scott Ullrich	<br>
926			<br>
927			<?php endif; ?>
928	3b7f0f53	Erik Fonnesbeck	<?php
929	16457bdd	Renato Botelho	printf(
930	3b7f0f53	Erik Fonnesbeck	gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' .
931			'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' .
932			'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'),
933	16457bdd	Renato Botelho	""{$PORTAL_ACTION}"",
934			"name="accept"",
935			"name="redirurl"",
936			"value="{$PORTAL_REDIRURL}"",
937			""auth_user"",
938			""auth_pass"",
939			""auth_voucher"");
940			?>
941			<?=gettext("Example code for the form:"); ?><br>
942	5b237745	Scott Ullrich	<br>
943			<tt><form method="post" action="$PORTAL_ACTION$"><br>
944			<input name="auth_user" type="text"><br>
945			<input name="auth_pass" type="password"><br>
946	336e3c1c	Charlie	<input name="auth_voucher" type="text"><br>
947	5b237745	Scott Ullrich	<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
948			<input name="accept" type="submit" value="Continue"><br>
949			</form></tt></td>
950			</tr>
951			<tr>
952	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?><br>
953			<?=gettext("error page"); ?><br>
954			<?=gettext("contents"); ?></td>
955	5b237745	Scott Ullrich	<td class="vtable">
956	b5c78501	Seth Mos	<input name="errfile" type="file" class="formfld file" id="errfile"><br>
957	b4792bf8	Ermal	<?php if ($pconfig['page']['errtext']): ?>
958	a636682d	bcyrill	<a href="?zone=<?=$cpzone?>&act=viewerrhtml" target="_blank"><?=gettext("View current page"); ?></a>
959	5b237745	Scott Ullrich	<br>
960			<br>
961			<?php endif; ?>
962	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " .
963	16457bdd	Renato Botelho	"You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td>
964	5b87b24e	Ermal	</tr>
965			<tr>
966	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout"); ?><br>
967			<?=gettext("page"); ?><br>
968			<?=gettext("contents"); ?></td>
969	5b87b24e	Ermal	<td class="vtable">
970			<input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
971	b4792bf8	Ermal	<?php if ($pconfig['page']['logouttext']): ?>
972	a636682d	bcyrill	<a href="?zone=<?=$cpzone?>&act=viewlogouthtml" target="_blank"><?=gettext("View current page"); ?></a>
973	5b87b24e	Ermal	<br>
974			<br>
975			<?php endif; ?>
976	a36e98ff	Erik Fonnesbeck	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?></td>
977	5b237745	Scott Ullrich	</tr>
978	a5c0b6c7	Scott Ullrich	<tr>
979	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
980	a5c0b6c7	Scott Ullrich	<td width="78%">
981	b4792bf8	Ermal	<?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?>
982	6fde5a1e	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)">
983	b4792bf8	Ermal	<a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a>
984	5b237745	Scott Ullrich	</td>
985			</tr>
986	a5c0b6c7	Scott Ullrich	<tr>
987	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
988	16457bdd	Renato Botelho	<td width="78%"><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br>
989			</strong></span><?=gettext("Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."); ?> </span></td>
990	5b237745	Scott Ullrich	</tr>
991			</table>
992			</td>
993			</tr>
994			</table>
995			</form>
996			<script language="JavaScript">
997			<!--
998			enable_change(false);
999			//-->
1000			</script>
1001			<?php include("fend.inc"); ?>
1002	93588e1a	Scott Dale	</body>
1003			</html>

Project

General

Profile

pfSense