Project

General

Profile

Download (20 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
    $Id$
4
    part of m0n0wall (http://m0n0.ch/wall)
5

    
6
    Copyrigth (C) 2009	    Ermal Lu?i
7
    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
8
    All rights reserved.
9

    
10
    Redistribution and use in source and binary forms, with or without
11
    modification, are permitted provided that the following conditions are met:
12

    
13
    1. Redistributions of source code must retain the above copyright notice,
14
       this list of conditions and the following disclaimer.
15

    
16
    2. Redistributions in binary form must reproduce the above copyright
17
       notice, this list of conditions and the following disclaimer in the
18
       documentation and/or other materials provided with the distribution.
19

    
20
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
    POSSIBILITY OF SUCH DAMAGE.
30
*/
31
/*
32
	pfSense_BUILDER_BINARIES:	/sbin/ipfw	
33
	pfSense_MODULE:	captiveportal
34
*/
35

    
36
require_once("auth.inc");
37
require_once("functions.inc");
38
require_once("captiveportal.inc");
39

    
40
$errormsg = "Invalid credentials specified.";
41

    
42
header("Expires: 0");
43
header("Cache-Control: no-store, no-cache, must-revalidate");
44
header("Cache-Control: post-check=0, pre-check=0", false);
45
header("Pragma: no-cache");
46

    
47
$orig_host = $_ENV['HTTP_HOST'];
48
$orig_request = $_REQUEST['redirurl'];
49
$clientip = $_SERVER['REMOTE_ADDR'];
50

    
51
if (!$clientip) {
52
	/* not good - bail out */
53
	log_error("Captive portal could not determine client's IP address.");
54
	$error_message = "An error occurred.  Please check the system logs for more information.";
55
	portal_reply_page($redirurl, "error", $errormsg);
56
	exit;
57
}
58

    
59
if (isset($config['captiveportal']['httpslogin']))
60
    $ourhostname = $config['captiveportal']['httpsname'] . ":8001";
61
else {
62
    $ifip = portal_ip_from_client_ip($clientip);
63
    if (!$ifip)
64
    	$ourhostname = $config['system']['hostname'] . ":8000";
65
    else
66
    	$ourhostname = "{$ifip}:8000";
67
}
68

    
69
if ($orig_host != $ourhostname) {
70
    /* the client thinks it's connected to the desired web server, but instead
71
       it's connected to us. Issue a redirect... */
72

    
73
    if (isset($config['captiveportal']['httpslogin']))
74
        header("Location: https://{$ourhostname}/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
75
    else
76
        header("Location: http://{$ourhostname}/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
77

    
78
    exit;
79
}
80
if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
81
    $redirurl = urldecode($matches[1]);
82
if ($_POST['redirurl'])
83
    $redirurl = $_POST['redirurl'];
84
if (!empty($config['captiveportal']['redirurl']))
85
	$redirurl = $config['captiveportal']['redirurl'];
86

    
87
$macfilter = !isset($config['captiveportal']['nomacfilter']);
88
$passthrumac = isset($config['captiveportal']['passthrumacadd']);
89

    
90
/* find MAC address for client */
91
$clientmac = arp_get_mac_by_ip($clientip);
92
if (!$clientmac && ($macfilter || $passthrumac)) {
93
    /* unable to find MAC address - shouldn't happen! - bail out */
94
    captiveportal_logportalauth("unauthenticated","noclientmac",$clientip,"ERROR");
95
    echo "An error occurred.  Please check the system logs for more information.";
96
    log_error("Captive portal could not determine client's MAC address.  Disable MAC address filtering in captive portal if you do not need this functionality.");
97
    exit;
98
}
99

    
100
/* find out if we need RADIUS + RADIUSMAC or not */
101
if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
102
    $radius_enable = TRUE;
103
    if (isset($config['captiveportal']['radmac_enable']))
104
        $radmac_enable = TRUE;
105
}
106

    
107
if ($_POST['logout_id']) {
108
    disconnect_client($_POST['logout_id']);
109
    echo <<<EOD
110
<HTML>
111
<HEAD><TITLE>Disconnecting...</TITLE></HEAD>
112
<BODY BGCOLOR="#435370">
113
<SPAN STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
114
<B>You have been disconnected.</B>
115
</SPAN>
116
<SCRIPT LANGUAGE="JavaScript">
117
<!--
118
setTimeout('window.close();',5000) ;
119
-->
120
</SCRIPT>
121
</BODY>
122
</HTML>
123

    
124
EOD;
125
exit;
126
} else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) {
127
    /* radius functions handle everything so we exit here since we're done */
128
    exit;
129

    
130
} else if ($_POST['accept'] && $_POST['auth_voucher']) {
131

    
132
    $voucher = trim($_POST['auth_voucher']);
133
    $timecredit = voucher_auth($voucher);
134
    // $timecredit contains either a credit in minutes or an error message
135
    if ($timecredit > 0) {  // voucher is valid. Remaining minutes returned
136
        // if multiple vouchers given, use the first as username
137
        $a_vouchers = split("[\t\n\r ]+",$voucher);
138
        $voucher = $a_vouchers[0];
139
        $attr = array( 'voucher' => 1,
140
                'session_timeout' => $timecredit*60,
141
                'session_terminate_time' => 0);
142
        if (portal_allow($clientip, $clientmac,$voucher,null,$attr)) {
143

    
144
            // YES: user is good for $timecredit minutes.
145
            captiveportal_logportalauth($voucher,$clientmac,$clientip,"Voucher login good for $timecredit min.");
146
        } else {
147
            portal_reply_page($redirurl, "error", $config['voucher']['msgexpired'] ? $config['voucher']['msgexpired']: $errormsg);
148
        }
149
    } else if (-1 == $timecredit) {  // valid but expired
150
        captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE","voucher expired");
151
        portal_reply_page($redirurl, "error", $config['voucher']['msgexpired'] ? $config['voucher']['msgexpired']: $errormsg);
152
    } else {
153
        captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE");
154
        portal_reply_page($redirurl, "error", $config['voucher']['msgnoaccess'] ? $config['voucher']['msgnoaccess'] : $errormsg);
155
    }
156

    
157
} else if ($_POST['accept'] && $radius_enable) {
158

    
159
    if ($_POST['auth_user'] && $_POST['auth_pass']) {
160
        $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
161
	$type = "error";
162
	if (!empty($auth_list['url_redirection'])) {
163
		$redirurl = $auth_list['url_redirection'];
164
		$type = "redir";
165
	}
166

    
167
        if ($auth_list['auth_val'] == 1) {
168
            captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
169
 	    portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
170
        }
171
        else if ($auth_list['auth_val'] == 3) {
172
            captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
173
            portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
174
        }
175
    } else {
176
        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
177
        portal_reply_page($redirurl, "error", $errormsg);
178
    }
179

    
180
} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
181

    
182
	//check against local user manager
183
	$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
184
    if ($loginok){
185
        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
186
        portal_allow($clientip, $clientmac,$_POST['auth_user']);
187
    } else {
188
        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
189
        portal_reply_page($redirurl, "error", $errormsg);
190
    }
191
} else if ($_POST['accept'] && $clientip) {
192
    captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
193
    portal_allow($clientip, $clientmac, "unauthenticated");
194
} else {
195
    /* display captive portal page */
196
    portal_reply_page($redirurl, "login",null,$clientmac,$clientip);
197
}
198

    
199
exit;
200

    
201
function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) {
202
	global $g, $config;
203

    
204
	/* Get captive portal layout */
205
	if ($type == "redir") {
206
		header("Location: {$redirurl}");
207
		return;
208
	} else if ($type == "login")
209
		$htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html");
210
	else
211
		$htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html");
212

    
213
	/* substitute other variables */
214
	if (isset($config['captiveportal']['httpslogin'])) {
215
		$htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
216
		$htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
217
	} else {
218
		$ifip = portal_ip_from_client_ip($clientip);
219
		if (!$ifip)
220
			$ourhostname = $config['system']['hostname'] . ":8000";
221
		else
222
			$ourhostname = "{$ifip}:8000";
223
		$htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext);
224
		$htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext);
225
	}
226

    
227
	$htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext);
228
	$htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext);
229
	$htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext);
230
	$htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext);
231

    
232
	// Special handling case for captive portal master page so that it can be ran 
233
	// through the PHP interpreter using the include method above.  We convert the
234
	// $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out.
235
	$htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext);
236
	$htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext);
237
	$htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext);
238
	$htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext);
239
	$htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext);
240
	$htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext);
241

    
242
    echo $htmltext;
243
}
244

    
245
function portal_mac_radius($clientmac,$clientip) {
246
    global $config ;
247

    
248
    $radmac_secret = $config['captiveportal']['radmac_secret'];
249

    
250
    /* authentication against the radius server */
251
    $username = mac_format($clientmac);
252
    $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
253
    if ($auth_list['auth_val'] == 2)
254
        return TRUE;
255
    if (!empty($auth_list['url_redirection']))
256
	portal_reply_page($auth_list['url_redirection'], "redir");
257

    
258
    return FALSE;
259
}
260

    
261
function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null)  {
262

    
263
	global $redirurl, $g, $config, $type, $passthrumac, $_POST;
264

    
265
	/* See if a ruleno is passed, if not start locking the sessions because this means there isn't one atm */
266
	$captiveshouldunlock = false;
267
	if ($ruleno == null) {
268
		$cplock = lock('captiveportal');
269
		$captiveshouldunlock = true;
270
		$ruleno = captiveportal_get_next_ipfw_ruleno();
271
	}
272

    
273
	/* if the pool is empty, return appropriate message and exit */
274
	if (is_null($ruleno)) {
275
		portal_reply_page($redirurl, "error", "System reached maximum login capacity");
276
		log_error("WARNING!  Captive portal has reached maximum login capacity");
277
		if ($captiveshouldunlock == true)
278
		unlock($cplock);
279
		exit;
280
	}
281

    
282
	// Ensure we create an array if we are missing attributes
283
	if (!is_array($attributes))
284
		$attributes = array();
285

    
286
	/* read in client database */
287
	$cpdb = captiveportal_read_db();
288

    
289
	$radiusservers = captiveportal_get_radius_servers();
290

    
291
	if ($attributes['voucher'])
292
		$remaining_time = $attributes['session_timeout'];
293

    
294
	$writecfg = false;
295
	/* Find an existing session */
296
	if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
297
		if (isset($config['captiveportal']['passthrumacadd'])) {
298
			$mac = captiveportal_passthrumac_findbyname($username);
299
			if (!empty($mac)) {
300
				if ($_POST['replacemacpassthru']) {
301
					foreach ($config['captiveportal']['passthrumac'] as $idx => $macent) {
302
						if ($macent['mac'] == $mac['mac']) {
303
							$macrules = "";
304
							$ruleno = captiveportal_get_ipfw_passthru_ruleno($mac['mac']);
305
                                			if ($ruleno) {
306
								captiveportal_free_ipfw_ruleno($ruleno, true);
307
                                        			$macrules .= "delete {$ruleno}\n";
308
								++$ruleno;
309
                                        			$macrules .= "delete {$ruleno}\n";
310
                                			}
311
							unset($config['captiveportal']['passthrumac'][$idx]);
312
							$mac['mac'] = $clientmac;
313
							$config['captiveportal']['passthrumac'][] = $mac;
314
							$macrules .= captiveportal_passthrumac_configure_entry($mac);
315
							file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
316
							mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
317
							$writecfg = true;
318
							$sessionid = true;
319
							break;
320
						}
321
					}
322
                                } else {
323
					portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.",
324
						$clientmac, $clientip, $username, $password);
325
					exit;
326
				}
327
			}
328
		}
329
	}
330

    
331
	$nousers = count($cpdb);
332
	for ($i = 0; $i < $nousers; $i++) {
333
		/* on the same ip */
334
		if($cpdb[$i][2] == $clientip) {
335
			captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION");
336
			$sessionid = $cpdb[$i][5];
337
			break;
338
		}
339
		elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpdb[$i][4] == $username)) {
340
			// user logged in with an active voucher. Check for how long and calculate 
341
			// how much time we can give him (voucher credit - used time)
342
			$remaining_time = $cpdb[$i][0] + $cpdb[$i][7] - time();
343
			if ($remaining_time < 0)    // just in case. 
344
				$remaining_time = 0;
345

    
346
			/* This user was already logged in so we disconnect the old one */
347
			captiveportal_disconnect($cpdb[$i],$radiusservers,13);
348
			captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
349
			unset($cpdb[$i]);
350
			break;
351
		}
352
		elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) {
353
			/* on the same username */
354
			if (strcasecmp($cpdb[$i][4], $username) == 0) {
355
				/* This user was already logged in so we disconnect the old one */
356
				captiveportal_disconnect($cpdb[$i],$radiusservers,13);
357
				captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
358
				unset($cpdb[$i]);
359
				break;
360
			}
361
		}
362
	}
363

    
364
	if ($attributes['voucher'] && $remaining_time <= 0) {
365
		unlock($cplock);
366
		return 0;       // voucher already used and no time left
367
	}
368

    
369
	if (!isset($sessionid)) {
370

    
371
		/* generate unique session ID */
372
		$tod = gettimeofday();
373
		$sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
374

    
375
		/* Add rules for traffic shaping
376
		 * We don't need to add extra rules since traffic will pass due to the following kernel option
377
		 * net.inet.ip.fw.one_pass: 1
378
		 */
379
		$peruserbw = isset($config['captiveportal']['peruserbw']);
380

    
381
		$bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup'];
382
		$bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn'];
383

    
384
		if ($passthrumac) {
385
			$mac = array();
386
			$mac['mac'] = $clientmac;
387
			if (isset($config['captiveportal']['passthrumacaddusername']))
388
				$mac['username'] = $username;
389
			$mac['descr'] =  "Auto added pass-through MAC for user {$username}";
390
			if (!empty($bw_up))
391
				$mac['bw_up'] = $bw_up;
392
			if (!empty($bw_down))
393
				$mac['bw_down'] = $bw_down;
394
			if (!is_array($config['captiveportal']['passthrumac']))
395
				$config['captiveportal']['passthrumac'] = array();
396
			$config['captiveportal']['passthrumac'][] = $mac;
397
			$macrules = captiveportal_passthrumac_configure_entry($mac);
398
			file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
399
			mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
400
			$writecfg = true;
401
		} else {
402

    
403
			if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
404
				$bw_up_pipeno = $ruleno + 20000;
405
				//$bw_up /= 1000; // Scale to Kbit/s
406
				mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
407

    
408
				if (!isset($config['captiveportal']['nomacfilter']))
409
					mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
410
				else
411
					mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
412
			} else {
413
				if (!isset($config['captiveportal']['nomacfilter']))
414
					mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}");
415
				else
416
					mwexec("/sbin/ipfw table 1 add {$clientip}");
417
			}
418
			if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
419
				$bw_down_pipeno = $ruleno + 20001;
420
				//$bw_down /= 1000; // Scale to Kbit/s
421
				mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
422

    
423
				if (!isset($config['captiveportal']['nomacfilter']))
424
					mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
425
				else
426
					mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
427
			} else {
428
				if (!isset($config['captiveportal']['nomacfilter']))
429
					mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}");
430
				else
431
					mwexec("/sbin/ipfw table 2 add {$clientip}");
432
			}
433

    
434
			if ($attributes['voucher'])
435
				$attributes['session_timeout'] = $remaining_time;
436

    
437
			/* encode password in Base64 just in case it contains commas */
438
			$bpassword = base64_encode($password);
439
			$cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
440
				$attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']);
441

    
442
			if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) {
443
				$acct_val = RADIUS_ACCOUNTING_START($ruleno,
444
                                		$username, $sessionid, $radiusservers, $clientip, $clientmac);
445

    
446
				if ($acct_val == 1)
447
					captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED");
448
			}
449

    
450
			/* rewrite information to database */
451
			captiveportal_write_db($cpdb);
452
		}
453
	}
454

    
455
	if ($captiveshouldunlock == true)
456
		unlock($cplock);
457

    
458
	if ($writecfg == true)
459
		write_config();
460

    
461
	/* redirect user to desired destination */
462
	if (!empty($attributes['url_redirection']))
463
		$my_redirurl = $attributes['url_redirection'];
464
	else if ($config['captiveportal']['redirurl'])
465
		$my_redirurl = $config['captiveportal']['redirurl'];
466
	else
467
		$my_redirurl = $redirurl;
468

    
469
	if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) {
470

    
471
		if (isset($config['captiveportal']['httpslogin']))
472
			$logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
473
		else {
474
			$ifip = portal_ip_from_client_ip($clientip);
475
			if (!$ifip)
476
				$ourhostname = $config['system']['hostname'] . ":8000";
477
			else
478
				$ourhostname = "{$ifip}:8000";
479
			$logouturl = "http://{$ourhostname}/";
480
		}
481

    
482
		if (isset($attributes['reply_message']))
483
			$message = $attributes['reply_message'];
484
		else
485
			$message = 0;
486

    
487
		include("{$g['varetc_path']}/captiveportal-logout.html");
488

    
489
	} else {
490
		header("Location: " . $my_redirurl);
491
	}
492

    
493
	return $sessionid;
494
}
495

    
496

    
497

    
498
/* remove a single client by session ID
499
   by Dinesh Nair
500
 */
501
function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) {
502

    
503
    global $g, $config;
504

    
505
    $cplock = lock('captiveportal');
506
    /* read database */
507
    $cpdb = captiveportal_read_db();
508

    
509
    $radiusservers = captiveportal_get_radius_servers();
510

    
511
    /* find entry */
512
    $dbcount = count($cpdb);
513
    for ($i = 0; $i < $dbcount; $i++) {
514
        if ($cpdb[$i][5] == $sessionid) {
515
            captiveportal_disconnect($cpdb[$i],$radiusservers, $term_cause);
516
            captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason);
517
            unset($cpdb[$i]);
518
            break;
519
        }
520
    }
521

    
522
    /* write database */
523
    captiveportal_write_db($cpdb);
524

    
525
    unlock($cplock);
526
}
527

    
528
?>
(1-1/3)