/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ 7af2fa41

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31	d88c6a9f	Scott Ullrich	$pgtitle = array("Services","Captive portal");
32	5b237745	Scott Ullrich	require("guiconfig.inc");
33
34			if (!is_array($config['captiveportal'])) {
35			$config['captiveportal'] = array();
36			$config['captiveportal']['page'] = array();
37			$config['captiveportal']['timeout'] = 60;
38			}
39
40			if ($_GET['act'] == "viewhtml") {
41			echo base64_decode($config['captiveportal']['page']['htmltext']);
42			exit;
43			} else if ($_GET['act'] == "viewerrhtml") {
44			echo base64_decode($config['captiveportal']['page']['errtext']);
45			exit;
46			}
47
48			$pconfig['cinterface'] = $config['captiveportal']['interface'];
49	0bd34ed6	Scott Ullrich	$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
50			$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
51	5b237745	Scott Ullrich	$pconfig['timeout'] = $config['captiveportal']['timeout'];
52			$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
53			$pconfig['enable'] = isset($config['captiveportal']['enable']);
54	7faeda46	Scott Ullrich	$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
55	5b237745	Scott Ullrich	$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
56	0bd34ed6	Scott Ullrich	$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
57			$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
58	c980716e	Scott Ullrich	$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
59			$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
60	5b237745	Scott Ullrich	$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
61			$pconfig['httpsname'] = $config['captiveportal']['httpsname'];
62			$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
63			$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
64			$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
65	7e587bdb	Scott Ullrich	$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
66			$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
67			$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
68	5b237745	Scott Ullrich	$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
69	0bd34ed6	Scott Ullrich	$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
70	5b237745	Scott Ullrich	$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
71			$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
72	0bd34ed6	Scott Ullrich	$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
73	5b237745	Scott Ullrich	$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
74	0bd34ed6	Scott Ullrich	$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
75	5b237745	Scott Ullrich	$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
76			$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
77	0bd34ed6	Scott Ullrich	$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
78			$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
79	cf0542ac	Scott Ullrich
80			//$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
81	5b237745	Scott Ullrich
82			if ($_POST) {
83
84			unset($input_errors);
85			$pconfig = $_POST;
86
87			/* input validation */
88			if ($_POST['enable']) {
89			$reqdfields = explode(" ", "cinterface");
90			$reqdfieldsn = explode(",", "Interface");
91	a5c0b6c7	Scott Ullrich
92	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
93	a5c0b6c7	Scott Ullrich
94	0bd34ed6	Scott Ullrich	/* make sure no interfaces are bridged */
95			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
96			$coptif = &$config['interfaces']['opt' . $i];
97	d2019622	Scott Ullrich	if (isset($coptif['enable']) && $coptif['bridge'] == $pconfig['cinterface']) {
98	89b09672	Scott Ullrich	$input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";
99			break;
100	0bd34ed6	Scott Ullrich	}
101			}
102	a5c0b6c7	Scott Ullrich
103	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
104			if (!$_POST['cert'] \|\| !$_POST['key']) {
105			$input_errors[] = "Certificate and key must be specified for HTTPS login.";
106			} else {
107			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
108			$input_errors[] = "This certificate does not appear to be valid.";
109			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
110			$input_errors[] = "This key does not appear to be valid.";
111			}
112	a5c0b6c7	Scott Ullrich
113	5b237745	Scott Ullrich	if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
114			$input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
115			}
116			}
117			}
118	a5c0b6c7	Scott Ullrich
119	5b237745	Scott Ullrich	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))) {
120			$input_errors[] = "The timeout must be at least 1 minute.";
121			}
122			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
123			$input_errors[] = "The idle timeout must be at least 1 minute.";
124			}
125			if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
126			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
127			}
128	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
129			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
130			}
131	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
132			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
133			}
134	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
135			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
136			}
137	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
138	0bd34ed6	Scott Ullrich	$input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
139			}
140			if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
141			$input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
142			}
143			$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
144			if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) \|\| ($_POST['maxprocperip'] > $mymaxproc))) {
145			$input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
146	5b237745	Scott Ullrich	}
147
148			if (!$input_errors) {
149			$config['captiveportal']['interface'] = $_POST['cinterface'];
150	0bd34ed6	Scott Ullrich	$config['captiveportal']['maxproc'] = $_POST['maxproc'];
151			$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
152	5b237745	Scott Ullrich	$config['captiveportal']['timeout'] = $_POST['timeout'];
153			$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
154	0bd34ed6	Scott Ullrich	$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
155	7faeda46	Scott Ullrich	$config['captiveportal']['auth_method'] = $_POST['auth_method'];
156	0bd34ed6	Scott Ullrich	$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
157			$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
158			$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
159			$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
160	c980716e	Scott Ullrich	$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
161	0bd34ed6	Scott Ullrich	$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
162	5b237745	Scott Ullrich	$config['captiveportal']['httpsname'] = $_POST['httpsname'];
163	7e587bdb	Scott Ullrich	$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
164			$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
165			$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
166	5b237745	Scott Ullrich	$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
167			$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
168	0bd34ed6	Scott Ullrich	$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
169			$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
170			$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
171	5b237745	Scott Ullrich	$config['captiveportal']['redirurl'] = $_POST['redirurl'];
172			$config['captiveportal']['radiusip'] = $_POST['radiusip'];
173	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
174	5b237745	Scott Ullrich	$config['captiveportal']['radiusport'] = $_POST['radiusport'];
175	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
176	5b237745	Scott Ullrich	$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
177			$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
178	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
179			$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
180	cf0542ac	Scott Ullrich	//$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
181	a5c0b6c7	Scott Ullrich
182	5b237745	Scott Ullrich	/* file upload? */
183			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
184			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
185	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
186	5b237745	Scott Ullrich	$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
187	a5c0b6c7	Scott Ullrich
188	5b237745	Scott Ullrich	write_config();
189	a5c0b6c7	Scott Ullrich
190	5b237745	Scott Ullrich	$retval = 0;
191	ea1eac37	Scott Ullrich
192			config_lock();
193			$retval = captiveportal_configure();
194			config_unlock();
195
196	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
197			}
198			}
199	3d4bd975	Scott Ullrich	include("head.inc");
200	5b237745	Scott Ullrich	?>
201	9699028a	Scott Ullrich	<?php include("fbegin.inc"); ?>
202	5b237745	Scott Ullrich	<script language="JavaScript">
203			<!--
204			function enable_change(enable_change) {
205	0bd34ed6	Scott Ullrich	var endis, radius_endis;
206	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
207	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
208	a5c0b6c7	Scott Ullrich
209	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
210	54611f24	Scott Ullrich	//document.iform.maxproc.disabled = endis;
211	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
212	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
213			document.iform.timeout.disabled = endis;
214			document.iform.redirurl.disabled = endis;
215	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
216			document.iform.radiusip2.disabled = radius_endis;
217			document.iform.radiusport.disabled = radius_endis;
218			document.iform.radiusport2.disabled = radius_endis;
219			document.iform.radiuskey.disabled = radius_endis;
220			document.iform.radiuskey2.disabled = radius_endis;
221	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
222	329069c9	Scott Ullrich	//document.iform.peruserbw.disabled = endis;
223			//document.iform.bwdefaultdn.disabled = endis;
224			//document.iform.bwdefaultup.disabled = endis;
225	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
226	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
227			document.iform.auth_method[1].disabled = endis;
228			document.iform.auth_method[2].disabled = endis;
229	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
230	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
231			document.iform.httpsname.disabled = endis;
232			document.iform.cert.disabled = endis;
233			document.iform.key.disabled = endis;
234			document.iform.logoutwin_enable.disabled = endis;
235	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
236	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
237			document.iform.radiusvendor.disabled = radius_endis;
238	cf0542ac	Scott Ullrich	//document.iform.radiussession_timeout.disabled = radius_endis;
239	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
240			document.iform.errfile.disabled = endis;
241	a5c0b6c7	Scott Ullrich
242	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
243	a5c0b6c7	Scott Ullrich
244	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
245	a5c0b6c7	Scott Ullrich
246	0bd34ed6	Scott Ullrich	var reauthenticate_dis = (radius_endis \|\| !document.iform.reauthenticate.checked) && !enable_change;
247	856e58a6	Scott Ullrich	document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
248			document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
249			document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
250	5b237745	Scott Ullrich	}
251			//-->
252			</script>
253	93588e1a	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
254	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
255			<?php if ($savemsg) print_info_box($savemsg); ?>
256			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
257			<table width="100%" border="0" cellpadding="0" cellspacing="0">
258	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
259	64b85ffe	Scott Ullrich	<?php
260			$tab_array = array();
261			$tab_array[] = array("Captive portal", true, "services_captiveportal.php");
262			$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
263			$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
264	4e9dc150	Scott Ullrich	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
265	3cf0d3f2	Scott Ullrich	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
266	64b85ffe	Scott Ullrich	display_top_tabs($tab_array);
267	0bd34ed6	Scott Ullrich	?> </td></tr>
268	5b237745	Scott Ullrich	<tr>
269	c980716e	Scott Ullrich	<td class="tabcont">
270			<table width="100%" border="0" cellpadding="6" cellspacing="0">
271	a5c0b6c7	Scott Ullrich	<tr>
272	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
273			<td width="78%" class="vtable">
274			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
275			<strong>Enable captive portal </strong></td>
276			</tr>
277	a5c0b6c7	Scott Ullrich	<tr>
278	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
279			<td width="78%" class="vtable">
280	b5c78501	Seth Mos	<select name="cinterface" class="formselect" id="cinterface">
281	af98cced	Scott Ullrich	<?php
282			if($config['interfaces']['lan'])
283			$interfaces = array('lan' => 'LAN');
284			else
285			$interfaces = array();
286	c980716e	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
287			if (isset($config['interfaces']['opt' . $i]['enable']))
288			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
289			}
290			foreach ($interfaces as $iface => $ifacename): ?>
291	a5c0b6c7	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['cinterface']) echo "selected"; ?>>
292	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
293			</option>
294			<?php endforeach; ?>
295			</select> <br>
296			<span class="vexpl">Choose which interface to run the captive portal on.</span></td>
297			</tr>
298	4362e48a	Scott Ullrich	<tr>
299			<td valign="top" class="vncell">Maximum concurrent connections</td>
300			<td class="vtable">
301			<table cellpadding="0" cellspacing="0">
302			<tr>
303	b5c78501	Seth Mos	<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5"
304			value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> per client IP address (0 = no limit)</td>
305	4362e48a	Scott Ullrich	</tr>
306			</table>
307			This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in
308			to the captive portal, but rather how many users can load the portal page or authenticate at the same time!
309			Default is 4 connections per client IP address, with a total maximum of 16 connections.</td>
310			</tr>
311	5b237745	Scott Ullrich	<tr>
312			<td valign="top" class="vncell">Idle timeout</td>
313			<td class="vtable">
314	b5c78501	Seth Mos	<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
315	5b237745	Scott Ullrich	minutes<br>
316			Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
317			</tr>
318	a5c0b6c7	Scott Ullrich	<tr>
319	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Hard timeout</td>
320	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
321	b5c78501	Seth Mos	<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
322	5b237745	Scott Ullrich	minutes<br>
323			Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
324			</tr>
325	a5c0b6c7	Scott Ullrich	<tr>
326	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Logout popup window</td>
327	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
328	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
329			<strong>Enable logout popup window</strong><br>
330	c980716e	Scott Ullrich	If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.</td>
331	5b237745	Scott Ullrich	</tr>
332			<tr>
333			<td valign="top" class="vncell">Redirection URL</td>
334			<td class="vtable">
335	b5c78501	Seth Mos	<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
336	5b237745	Scott Ullrich	<br>
337			If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
338			to access after they've authenticated.</td>
339			</tr>
340			<tr>
341	0bd34ed6	Scott Ullrich	<td valign="top" class="vncell">Concurrent user logins</td>
342			<td class="vtable">
343			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
344			<strong>Disable concurrent logins</strong><br>
345			If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.</td>
346			</tr>
347			<tr>
348	c980716e	Scott Ullrich	<td valign="top" class="vncell">MAC filtering </td>
349			<td class="vtable">
350			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
351			<strong>Disable MAC filtering</strong><br>
352	0bd34ed6	Scott Ullrich	If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.
353	36d0358b	Scott Ullrich	This is required when the MAC address of the client cannot be determined (usually because there are routers between {$g['product_name']} and the clients).
354	0bd34ed6	Scott Ullrich	If this is enabled, RADIUS MAC authentication cannot be used.</td>
355	7e587bdb	Scott Ullrich	</tr>
356	329069c9	Scott Ullrich	<?php
357			/*
358	7e587bdb	Scott Ullrich	<tr>
359			<td valign="top" class="vncell">Per-user bandwidth restriction</td>
360			<td class="vtable">
361			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
362			<strong>Enable per-user bandwidth restriction</strong><br><br>
363			<table cellpadding="0" cellspacing="0">
364			<tr>
365			<td>Default download</td>
366	b5c78501	Seth Mos	<td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> Kbit/s</td>
367	7e587bdb	Scott Ullrich	</tr>
368			<tr>
369			<td>Default upload</td>
370	b5c78501	Seth Mos	<td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> Kbit/s</td>
371	7e587bdb	Scott Ullrich	</tr></table>
372			<br>
373			If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit. You will <strong>need</strong> to enable the traffic shaper for this to be effective.</td>
374			</tr>
375	329069c9	Scott Ullrich	*/
376			?>
377	a5c0b6c7	Scott Ullrich	<tr>
378	c980716e	Scott Ullrich	<td width="22%" valign="top" class="vncell">Authentication</td>
379	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
380	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
381			<tr>
382	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
383	a5c0b6c7	Scott Ullrich	No authentication</td>
384	c980716e	Scott Ullrich	</tr>
385			<tr>
386	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
387	a5c0b6c7	Scott Ullrich	Local <a href="services_captiveportal_users.php">user manager</a></td>
388	c980716e	Scott Ullrich	</tr>
389			<tr>
390	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
391	a5c0b6c7	Scott Ullrich	RADIUS authentication</td>
392	c980716e	Scott Ullrich	</tr><tr>
393			<td> </td>
394			<td> </td>
395			</tr>
396			</table>
397	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
398	a5c0b6c7	Scott Ullrich	<tr>
399	0bd34ed6	Scott Ullrich	<td colspan="2" valign="top" class="optsect_t2">Primary RADIUS server</td>
400			</tr>
401			<tr>
402			<td class="vncell" valign="top">IP address</td>
403	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
404	0bd34ed6	Scott Ullrich	Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.</td>
405			</tr>
406			<tr>
407			<td class="vncell" valign="top">Port</td>
408	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
409	0bd34ed6	Scott Ullrich	Leave this field blank to use the default port (1812).</td>
410			</tr>
411			<tr>
412			<td class="vncell" valign="top">Shared secret  </td>
413	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
414	0bd34ed6	Scott Ullrich	Leave this field blank to not use a RADIUS shared secret (not recommended).</td>
415			</tr>
416	a5c0b6c7	Scott Ullrich	<tr>
417	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
418			</tr>
419			<tr>
420			<td colspan="2" valign="top" class="optsect_t2">Secondary RADIUS server</td>
421			</tr>
422			<tr>
423			<td class="vncell" valign="top">IP address</td>
424	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
425	0bd34ed6	Scott Ullrich	If you have a second RADIUS server, you can activate it by entering its IP address here.</td>
426			</tr>
427			<tr>
428			<td class="vncell" valign="top">Port</td>
429	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
430	0bd34ed6	Scott Ullrich	</tr>
431			<tr>
432			<td class="vncell" valign="top">Shared secret  </td>
433	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16"
434			value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
435	0bd34ed6	Scott Ullrich	</tr>
436			<tr>
437			<td colspan="2" class="list" height="12"></td>
438			</tr>
439	856e58a6	Scott Ullrich	<tr>
440			<td colspan="2" valign="top" class="optsect_t2">Accounting</td>
441			</tr>
442			<tr>
443			<td class="vncell"> </td>
444			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
445			<strong>send RADIUS accounting packets</strong><br>
446			If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
447			</tr>
448			<tr>
449			<td class="vncell" valign="top">Accounting port</td>
450	b5c78501	Seth Mos	<td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
451	856e58a6	Scott Ullrich	Leave blank to use the default port (1813).</td>
452			</tr>
453			<tr>
454			<td colspan="2" class="list" height="12"></td>
455			</tr>
456			<tr>
457			<td colspan="2" valign="top" class="optsect_t2">Reauthentication</td>
458			</tr>
459			<tr>
460			<td class="vncell"> </td>
461			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
462			<strong>Reauthenticate connected users every minute</strong><br>
463			If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is
464			logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.</td>
465			</tr>
466			<tr>
467			<td class="vncell" valign="top">Accounting updates</td>
468			<td class="vtable">
469			<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
470			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
471			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update
472			</td>
473			</tr>
474			<tr>
475			<td colspan="2" class="list" height="12"></td>
476			</tr>
477	0bd34ed6	Scott Ullrich	<tr>
478			<td colspan="2" valign="top" class="optsect_t2">RADIUS MAC authentication</td>
479			</tr>
480			<tr>
481			<td class="vncell"> </td>
482			<td class="vtable">
483			<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong>Enable RADIUS MAC authentication</strong><br>
484			If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password
485			entered below to the RADIUS server.</td>
486			</tr>
487			<tr>
488			<td class="vncell">Shared secret</td>
489	b5c78501	Seth Mos	<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
490	0bd34ed6	Scott Ullrich	</tr>
491			<tr>
492			<td colspan="2" class="list" height="12"></td>
493			</tr>
494			<tr>
495			<td colspan="2" valign="top" class="optsect_t2">RADIUS options</td>
496			</tr>
497	cf0542ac	Scott Ullrich
498			<!--
499	0bd34ed6	Scott Ullrich	<tr>
500			<td class="vncell" valign="top">Session-Timeout</td>
501			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong>Use RADIUS Session-Timeout attributes</strong><br>
502			When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.</td>
503			</tr>
504	cf0542ac	Scott Ullrich	-->
505
506	0bd34ed6	Scott Ullrich	<tr>
507			<td class="vncell" valign="top">Type</td>
508			<td class="vtable"><select name="radiusvendor" id="radiusvendor">
509			<option>default</option>
510	a5c0b6c7	Scott Ullrich	<?php
511	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
512			foreach ($radiusvendors as $radiusvendor){
513			if ($pconfig['radiusvendor'] == $radiusvendor)
514			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
515			else
516			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
517			}
518			?></select><br>
519			If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and
520	36d0358b	Scott Ullrich	the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = {$g['product_name']}'s WAN IP address.</td>
521	0bd34ed6	Scott Ullrich	</tr>
522			</table>
523	5b237745	Scott Ullrich	</tr>
524			<tr>
525			<td valign="top" class="vncell">HTTPS login</td>
526			<td class="vtable">
527	c980716e	Scott Ullrich	<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
528	5b237745	Scott Ullrich	<strong>Enable HTTPS login</strong><br>
529	0bd34ed6	Scott Ullrich	If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.</td>
530	5b237745	Scott Ullrich	</tr>
531			<tr>
532			<td valign="top" class="vncell">HTTPS server name </td>
533			<td class="vtable">
534	b5c78501	Seth Mos	<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
535	94ee7948	Chris Buechler	This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on {$g['product_name']}. </td>
536	5b237745	Scott Ullrich	</tr>
537			<tr>
538			<td valign="top" class="vncell">HTTPS certificate</td>
539			<td class="vtable">
540			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
541			<br>
542	9699028a	Scott Ullrich	Paste a signed certificate in X.509 PEM format here.</td>
543	5b237745	Scott Ullrich	</tr>
544			<tr>
545			<td valign="top" class="vncell">HTTPS private key</td>
546			<td class="vtable">
547			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
548			<br>
549			Paste an RSA private key in PEM format here.</td>
550			</tr>
551	a5c0b6c7	Scott Ullrich	<tr>
552	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Portal page contents</td>
553	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
554	b5c78501	Seth Mos	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
555	16f5fe76	Scott Ullrich	<?php
556			list($host) = explode(":", $_SERVER['HTTP_HOST']);
557			if(isset($config['captiveportal']['httpslogin'])) {
558			$href = "https://$host:8001";
559			} else {
560			$href = "http://$host:8000";
561	a5c0b6c7	Scott Ullrich	}
562	16f5fe76	Scott Ullrich	?>
563	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['htmltext']): ?>
564	a5c0b6c7	Scott Ullrich	<a href="<?=$href?>" target="_new">View current page</a>
565	5b237745	Scott Ullrich	<br>
566			<br>
567			<?php endif; ?>
568			Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$")
569	0bd34ed6	Scott Ullrich	with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$".
570			Include the "auth_user" and "auth_pass" input fields if authentication is enabled, otherwise it will always fail.
571			Example code for the form:<br>
572	5b237745	Scott Ullrich	<br>
573			<tt><form method="post" action="$PORTAL_ACTION$"><br>
574			<input name="auth_user" type="text"><br>
575			<input name="auth_pass" type="password"><br>
576			<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
577			<input name="accept" type="submit" value="Continue"><br>
578			</form></tt></td>
579			</tr>
580			<tr>
581			<td width="22%" valign="top" class="vncell">Authentication<br>
582			error page<br>
583			contents</td>
584			<td class="vtable">
585	b5c78501	Seth Mos	<input name="errfile" type="file" class="formfld file" id="errfile"><br>
586	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['errtext']): ?>
587	a5c0b6c7	Scott Ullrich	<a href="?act=viewerrhtml" target="_blank">View current page</a>
588	5b237745	Scott Ullrich	<br>
589			<br>
590			<?php endif; ?>
591	0bd34ed6	Scott Ullrich	The contents of the HTML file that you upload here are displayed when an authentication error occurs.
592			You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
593	5b237745	Scott Ullrich	</tr>
594	a5c0b6c7	Scott Ullrich	<tr>
595	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
596	a5c0b6c7	Scott Ullrich	<td width="78%">
597			<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
598	5b237745	Scott Ullrich	</td>
599			</tr>
600	a5c0b6c7	Scott Ullrich	<tr>
601	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
602			<td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
603	c980716e	Scott Ullrich	</strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
604	5b237745	Scott Ullrich	</tr>
605			</table>
606			</td>
607			</tr>
608			</table>
609			</form>
610			<script language="JavaScript">
611			<!--
612			enable_change(false);
613			//-->
614			</script>
615			<?php include("fend.inc"); ?>
616	93588e1a	Scott Dale	</body>
617			</html>

Project

General

Profile

pfSense