/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ 96652893

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	12ee8fe4	Scott Ullrich	<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			services_captiveportal.php
6			part of m0n0wall (http://m0n0.ch/wall)
7	12ee8fe4	Scott Ullrich
8	9699028a	Scott Ullrich	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
9	5b237745	Scott Ullrich	All rights reserved.
10	12ee8fe4	Scott Ullrich
11	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13	12ee8fe4	Scott Ullrich
14	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16	12ee8fe4	Scott Ullrich
17	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20	12ee8fe4	Scott Ullrich
21	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33			require("guiconfig.inc");
34
35			if (!is_array($config['captiveportal'])) {
36			$config['captiveportal'] = array();
37			$config['captiveportal']['page'] = array();
38			$config['captiveportal']['timeout'] = 60;
39			}
40
41			if ($_GET['act'] == "viewhtml") {
42			echo base64_decode($config['captiveportal']['page']['htmltext']);
43			exit;
44			} else if ($_GET['act'] == "viewerrhtml") {
45			echo base64_decode($config['captiveportal']['page']['errtext']);
46			exit;
47			}
48
49			$pconfig['cinterface'] = $config['captiveportal']['interface'];
50			$pconfig['timeout'] = $config['captiveportal']['timeout'];
51			$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
52			$pconfig['enable'] = isset($config['captiveportal']['enable']);
53	7faeda46	Scott Ullrich	$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
54	5b237745	Scott Ullrich	$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
55			$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
56			$pconfig['httpsname'] = $config['captiveportal']['httpsname'];
57			$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
58			$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
59			$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
60			$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
61	9699028a	Scott Ullrich	$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
62			$pconfig['bwauthmacup'] = $config['captiveportal']['bwauthmacup'];
63			$pconfig['bwauthmacdn'] = $config['captiveportal']['bwauthmacdn'];
64			$pconfig['bwauthipup'] = $config['captiveportal']['bwauthipup'];
65			$pconfig['bwauthipdn'] = $config['captiveportal']['bwauthipdn'];
66			$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
67			$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
68	5b237745	Scott Ullrich	$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
69			$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
70			$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
71			$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
72			$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
73
74			if ($_POST) {
75
76			unset($input_errors);
77			$pconfig = $_POST;
78
79			/* input validation */
80			if ($_POST['enable']) {
81	94bf3916	Scott Ullrich	$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
82
83	5b237745	Scott Ullrich	$reqdfields = explode(" ", "cinterface");
84			$reqdfieldsn = explode(",", "Interface");
85	12ee8fe4	Scott Ullrich
86	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
87	12ee8fe4	Scott Ullrich
88	5b237745	Scott Ullrich	/* make sure no interfaces are bridged */
89			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
90			$coptif = &$config['interfaces']['opt' . $i];
91			if (isset($coptif['enable']) && $coptif['bridge']) {
92	dc1ba275	Scott Ullrich	//$input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";
93			//break;
94	5b237745	Scott Ullrich	}
95			}
96	12ee8fe4	Scott Ullrich
97	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
98			if (!$_POST['cert'] \|\| !$_POST['key']) {
99			$input_errors[] = "Certificate and key must be specified for HTTPS login.";
100			} else {
101			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
102			$input_errors[] = "This certificate does not appear to be valid.";
103			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
104			$input_errors[] = "This key does not appear to be valid.";
105			}
106	12ee8fe4	Scott Ullrich
107	5b237745	Scott Ullrich	if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
108			$input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
109			}
110			}
111			}
112	12ee8fe4	Scott Ullrich
113	5b237745	Scott Ullrich	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))) {
114			$input_errors[] = "The timeout must be at least 1 minute.";
115			}
116			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
117			$input_errors[] = "The idle timeout must be at least 1 minute.";
118			}
119			if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
120			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
121			}
122			if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
123			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
124			}
125			if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
126			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
127			}
128
129			if (!$input_errors) {
130			$config['captiveportal']['interface'] = $_POST['cinterface'];
131			$config['captiveportal']['timeout'] = $_POST['timeout'];
132			$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
133			$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
134	7faeda46	Scott Ullrich	$config['captiveportal']['auth_method'] = $_POST['auth_method'];
135	5b237745	Scott Ullrich	$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
136			$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
137			$config['captiveportal']['httpsname'] = $_POST['httpsname'];
138			$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
139			$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
140			$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
141	9699028a	Scott Ullrich	$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
142			$config['captiveportal']['bwauthmacup'] = $_POST['bwauthmacup'];
143			$config['captiveportal']['bwauthmacdn'] = $_POST['bwauthmacdn'];
144			$config['captiveportal']['bwauthipup'] = $_POST['bwauthipup'];
145			$config['captiveportal']['bwauthipdn'] = $_POST['bwauthipdn'];
146			$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
147			$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
148	5b237745	Scott Ullrich	$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
149			$config['captiveportal']['redirurl'] = $_POST['redirurl'];
150			$config['captiveportal']['radiusip'] = $_POST['radiusip'];
151			$config['captiveportal']['radiusport'] = $_POST['radiusport'];
152			$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
153			$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
154	12ee8fe4	Scott Ullrich
155	5b237745	Scott Ullrich	/* file upload? */
156			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
157			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
158	1d1038ee	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
159	5b237745	Scott Ullrich	$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
160	12ee8fe4	Scott Ullrich
161	5b237745	Scott Ullrich	write_config();
162	12ee8fe4	Scott Ullrich
163	076ebc9f	Scott Ullrich	filter_configure();
164
165	5b237745	Scott Ullrich	$retval = 0;
166			if (!file_exists($d_sysrebootreqd_path)) {
167			config_lock();
168			$retval = captiveportal_configure();
169	13e1ceb4	Scott Ullrich	filter_configure();
170	5b237745	Scott Ullrich	config_unlock();
171			}
172			$savemsg = get_std_save_message($retval);
173			}
174			}
175	ca994a41	Scott Ullrich
176			$pgtitle = "Services: Captive Portal";
177			include("head.inc");
178
179	5b237745	Scott Ullrich	?>
180	12ee8fe4	Scott Ullrich
181			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
182	9699028a	Scott Ullrich	<?php include("fbegin.inc"); ?>
183	74f446e8	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
184	20e1ed7d	Scott Ullrich	<br>
185	5b237745	Scott Ullrich	<script language="JavaScript">
186			<!--
187	7faeda46	Scott Ullrich	function auth_method_change() {
188			if (document.iform.auth_method[0].checked == false) {
189			document.iform.logoutwin_enable.checked = 1;
190			} else {
191			document.iform.logoutwin_enable.checked = 0;
192			}
193	0ac74435	Colin Smith	if (document.iform.auth_method[2].checked == false) {
194			document.iform.radiusip.disabled = 1;
195			document.iform.radiusport.disabled = 1;
196			document.iform.radiuskey.disabled = 1;
197			document.iform.radacct_enable.disabled = 1;
198			document.iform.radiusacctport.disabled = 1;
199			} else {
200			document.iform.radiusip.disabled = 0;
201			document.iform.radiusport.disabled = 0;
202			document.iform.radiuskey.disabled = 0;
203			document.iform.radacct_enable.disabled = 0;
204			document.iform.radiusacctport.disabled = 0;
205			}
206	7faeda46	Scott Ullrich	}
207	0ac74435	Colin Smith
208	9699028a	Scott Ullrich	function radacct_change() {
209			if (document.iform.radacct_enable.checked) {
210	7faeda46	Scott Ullrich	auth_method_change();
211	12ee8fe4	Scott Ullrich	}
212	908ee218	Colin Smith	}
213
214	0ac74435	Colin Smith	function enable_https() {
215			if (document.iform.httpslogin_enable.checked == false) {
216			document.iform.httpsname.disabled = 1;
217			document.iform.cert.disabled = 1;
218			document.iform.key.disabled = 1;
219			} else {
220			document.iform.httpsname.disabled = 0;
221			document.iform.cert.disabled = 0;
222			document.iform.key.disabled = 0;
223			}
224			}
225
226			function enable_peruserbw() {
227			if (document.iform.peruserbw.checked == false) {
228			document.iform.bwauthmacdn.disabled = 1;
229			document.iform.bwauthmacup.disabled = 1;
230			document.iform.bwauthipdn.disabled = 1;
231			document.iform.bwauthipup.disabled = 1;
232			document.iform.bwdefaultdn.disabled = 1;
233			document.iform.bwdefaultup.disabled = 1;
234			} else {
235			document.iform.bwauthmacdn.disabled = 0;
236			document.iform.bwauthmacup.disabled = 0;
237			document.iform.bwauthipdn.disabled = 0;
238			document.iform.bwauthipup.disabled = 0;
239			document.iform.bwdefaultdn.disabled = 0;
240			document.iform.bwdefaultup.disabled = 0;
241			}
242			}
243
244	5b237745	Scott Ullrich	function enable_change(enable_change) {
245	07bd3f83	Scott Ullrich	var endis;
246			endis = !(document.iform.enable.checked \|\| enable_change);
247	12ee8fe4	Scott Ullrich
248	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
249			document.iform.idletimeout.disabled = endis;
250			document.iform.timeout.disabled = endis;
251			document.iform.redirurl.disabled = endis;
252			document.iform.radiusip.disabled = endis;
253			document.iform.radiusport.disabled = endis;
254			document.iform.radiuskey.disabled = endis;
255			document.iform.radacct_enable.disabled = endis;
256	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
257			document.iform.auth_method[1].disabled = endis;
258			document.iform.auth_method[2].disabled = endis;
259	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
260			document.iform.httpsname.disabled = endis;
261			document.iform.cert.disabled = endis;
262			document.iform.key.disabled = endis;
263			document.iform.logoutwin_enable.disabled = endis;
264	02bf540b	Scott Ullrich	//document.iform.nomacfilter.disabled = endis;
265	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
266			document.iform.errfile.disabled = endis;
267	12ee8fe4	Scott Ullrich
268	5b237745	Scott Ullrich	if (enable_change && document.iform.radacct_enable.checked) {
269			document.iform.logoutwin_enable.checked = 1;
270			}
271	7faeda46	Scott Ullrich	if (enable_change && document.iform.auth_method[0].checked == false) {
272			document.iform.logoutwin_enable.checked = 1;
273			}
274	0ac74435	Colin Smith
275			auth_method_change();
276			enable_https();
277
278	5b237745	Scott Ullrich	}
279			//-->
280			</script>
281			<?php if ($input_errors) print_input_errors($input_errors); ?>
282			<?php if ($savemsg) print_info_box($savemsg); ?>
283			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
284			<table width="100%" border="0" cellpadding="0" cellspacing="0">
285	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
286	ca994a41	Scott Ullrich	<?php
287			$tab_array = array();
288			$tab_array[0] = array("Captive portal", true, "services_captiveportal.php");
289			$tab_array[1] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
290			$tab_array[2] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
291			$tab_array[3] = array("Users", false, "services_captiveportal_users.php");
292			display_top_tabs($tab_array);
293			?>
294	5b237745	Scott Ullrich	</td></tr>
295			<tr>
296	d732f186	Bill Marquette	<td>
297			<div id="mainarea">
298			<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
299	12ee8fe4	Scott Ullrich	<tr>
300	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
301			<td width="78%" class="vtable">
302			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
303			<strong>Enable captive portal </strong></td>
304			</tr>
305	12ee8fe4	Scott Ullrich	<tr>
306	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
307			<td width="78%" class="vtable">
308			<select name="cinterface" class="formfld" id="cinterface">
309	8dd5ffdc	Scott Ullrich	<?php
310	2615fed9	Scott Ullrich	$interfaces = array('lan' => 'LAN', 'wan' => 'WAN');
311	4dbc75b9	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
312			if (isset($config['interfaces']['opt' . $i]['enable']))
313			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
314			}
315			foreach ($interfaces as $iface => $ifacename):
316			?>
317	12ee8fe4	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['cinterface']) echo "selected"; ?>>
318	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
319			</option>
320			<?php endforeach; ?>
321			</select> <br>
322			<span class="vexpl">Choose which interface to run the captive portal on.</span></td>
323			</tr>
324			<tr>
325			<td valign="top" class="vncell">Idle timeout</td>
326			<td class="vtable">
327			<input name="idletimeout" type="text" class="formfld" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
328			minutes<br>
329			Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
330			</tr>
331	12ee8fe4	Scott Ullrich	<tr>
332	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Hard timeout</td>
333	12ee8fe4	Scott Ullrich	<td width="78%" class="vtable">
334			<input name="timeout" type="text" class="formfld" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
335	5b237745	Scott Ullrich	minutes<br>
336			Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
337			</tr>
338	12ee8fe4	Scott Ullrich	<tr>
339	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Logout popup window</td>
340	12ee8fe4	Scott Ullrich	<td width="78%" class="vtable">
341	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
342			<strong>Enable logout popup window</strong><br>
343			If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs. When RADIUS accounting is enabled, this option is implied.</td>
344			</tr>
345			<tr>
346			<td valign="top" class="vncell">Redirection URL</td>
347			<td class="vtable">
348			<input name="redirurl" type="text" class="formfld" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
349			<br>
350			If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
351			to access after they've authenticated.</td>
352			</tr>
353			<tr>
354			<td width="22%" valign="top" class="vncell">RADIUS server</td>
355	12ee8fe4	Scott Ullrich	<td width="78%" class="vtable">
356	d0379bd5	Scott Ullrich	<table cellpadding="1" cellspacing="1">
357	7faeda46	Scott Ullrich	<td>No Authentication:  </td>
358			<td><input name="auth_method" type="radio" id="auth_method" value="none" <?php if($pconfig['auth_method']!="local" \|\| $pconfig['auth_method']!="radius") echo "checked"; ?> onClick="auth_method_change()"></td>
359			</tr>
360			<td>Local <a href="services_captiveportal_users.php">Usermanager</a>:  </td>
361			<td><input name="auth_method" type="radio" id="auth_method" value="local" <?php if($pconfig['auth_method']=="local") echo "checked"; ?> onClick="auth_method_change()"></td>
362			</tr>
363			<td>RADIUS Authentication:  </td>
364			<td><input name="auth_method" type="radio" id="auth_method" value="radius" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?> onClick="auth_method_change()"></td>
365			</tr>
366	5b237745	Scott Ullrich	<tr>
367			<td>IP address:</td>
368			<td><input name="radiusip" type="text" class="formfld" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"></td>
369			</tr><tr>
370			<td>Port:</td>
371			<td><input name="radiusport" type="text" class="formfld" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"></td>
372			</tr><tr>
373			<td>Shared secret:  </td>
374			<td><input name="radiuskey" type="text" class="formfld" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"> </td>
375			</tr>
376			<tr>
377			<td>Accounting:  </td>
378			<td><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" <?php if($pconfig['radacct_enable']) echo "checked"; ?> onClick="radacct_change()"></td>
379			</tr>
380			<tr>
381			<td>Accounting port:  </td>
382			<td><input name="radiusacctport" type="text" class="formfld" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"></td>
383			</tr></table>
384			<br>
385			Enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave blank to disable RADIUS authentication. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to the RADIUS server if accounting is enabled (default port is 1813).
386			</tr>
387			<tr>
388			<td valign="top" class="vncell">HTTPS login</td>
389			<td class="vtable">
390	0ac74435	Colin Smith	<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?> onClick="enable_https()">
391	5b237745	Scott Ullrich	<strong>Enable HTTPS login</strong><br>
392			If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. This option only applies when RADIUS authentication is used. A server name, certificate and matching private key must also be specified below.</td>
393			</tr>
394			<tr>
395			<td valign="top" class="vncell">HTTPS server name </td>
396			<td class="vtable">
397			<input name="httpsname" type="text" class="formfld" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
398			This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS. </td>
399			</tr>
400			<tr>
401			<td valign="top" class="vncell">HTTPS certificate</td>
402			<td class="vtable">
403			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
404			<br>
405	9699028a	Scott Ullrich	Paste a signed certificate in X.509 PEM format here.</td>
406	5b237745	Scott Ullrich	</tr>
407			<tr>
408			<td valign="top" class="vncell">HTTPS private key</td>
409			<td class="vtable">
410			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
411			<br>
412			Paste an RSA private key in PEM format here.</td>
413			</tr>
414	12ee8fe4	Scott Ullrich	<tr>
415	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Portal page contents</td>
416	12ee8fe4	Scott Ullrich	<td width="78%" class="vtable">
417	9699028a	Scott Ullrich	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld" id="htmlfile"><br>
418	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['htmltext']): ?>
419	12ee8fe4	Scott Ullrich	<a href="?act=viewhtml" target="_blank">View current page</a>
420	5b237745	Scott Ullrich	<br>
421			<br>
422			<?php endif; ?>
423			Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$")
424	07bd3f83	Scott Ullrich	with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". Include the "auth_user" and "auth_pass" input elements if RADIUS authentication is enabled. If RADIUS is enabled and no "auth_user" is present, authentication will always fail. If RADIUS is not enabled, you can omit both of these input elements. Example code for the form:<br>
425	5b237745	Scott Ullrich	<br>
426			<tt><form method="post" action="$PORTAL_ACTION$"><br>
427			<input name="auth_user" type="text"><br>
428			<input name="auth_pass" type="password"><br>
429			<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
430			<input name="accept" type="submit" value="Continue"><br>
431			</form></tt></td>
432			</tr>
433			<tr>
434			<td width="22%" valign="top" class="vncell">Authentication<br>
435			error page<br>
436			contents</td>
437			<td class="vtable">
438			<input name="errfile" type="file" class="formfld" id="errfile"><br>
439			<?php if ($config['captiveportal']['page']['errtext']): ?>
440	12ee8fe4	Scott Ullrich	<a href="?act=viewerrhtml" target="_blank">View current page</a>
441	5b237745	Scott Ullrich	<br>
442			<br>
443			<?php endif; ?>
444	65052086	Colin Smith	The contents of the HTML file that you upload here are displayed when an authentication error occurs.</td>
445	5b237745	Scott Ullrich	</tr>
446	12ee8fe4	Scott Ullrich	<tr>
447	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
448	12ee8fe4	Scott Ullrich	<td width="78%">
449			<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
450	5b237745	Scott Ullrich	</td>
451			</tr>
452	12ee8fe4	Scott Ullrich	<tr>
453	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
454			<td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
455	c55a8ab9	Holger Bauer	</strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the <a href="services_dhcp.php">DHCP Server</a> on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the <a href="services_dnsmasq.php">DNS Forwarder</a> needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
456	5b237745	Scott Ullrich	</tr>
457			</table>
458	d732f186	Bill Marquette	</div>
459	5b237745	Scott Ullrich	</td>
460			</tr>
461			</table>
462			</form>
463			<script language="JavaScript">
464			<!--
465			enable_change(false);
466			//-->
467			</script>
468			<?php include("fend.inc"); ?>
469	af4aa061	Scott Ullrich	</body>
470	9307495f	John Fleming	</html>

Project

General

Profile

pfSense