Project

General

Profile

Download (31.1 KB) Statistics
| Branch: | Tag: | Revision:
1 a5c0b6c7 Scott Ullrich
<?php
2 5b237745 Scott Ullrich
/*
3
	services_captiveportal.php
4
	part of m0n0wall (http://m0n0.ch/wall)
5 a5c0b6c7 Scott Ullrich
6 0bd34ed6 Scott Ullrich
	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7 5b237745 Scott Ullrich
	All rights reserved.
8 a5c0b6c7 Scott Ullrich
9 5b237745 Scott Ullrich
	Redistribution and use in source and binary forms, with or without
10
	modification, are permitted provided that the following conditions are met:
11 a5c0b6c7 Scott Ullrich
12 5b237745 Scott Ullrich
	1. Redistributions of source code must retain the above copyright notice,
13
	   this list of conditions and the following disclaimer.
14 a5c0b6c7 Scott Ullrich
15 5b237745 Scott Ullrich
	2. Redistributions in binary form must reproduce the above copyright
16
	   notice, this list of conditions and the following disclaimer in the
17
	   documentation and/or other materials provided with the distribution.
18 a5c0b6c7 Scott Ullrich
19 5b237745 Scott Ullrich
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28
	POSSIBILITY OF SUCH DAMAGE.
29
*/
30
31 6b07c15a Matthew Grooms
##|+PRIV
32
##|*IDENT=page-services-captiveportal
33
##|*NAME=Services: Captive portal page
34
##|*DESCR=Allow access to the 'Services: Captive portal' page.
35
##|*MATCH=services_captiveportal.php*
36
##|-PRIV
37
38
39 d88c6a9f Scott Ullrich
$pgtitle = array("Services","Captive portal");
40 5b237745 Scott Ullrich
require("guiconfig.inc");
41
42
if (!is_array($config['captiveportal'])) {
43
	$config['captiveportal'] = array();
44
	$config['captiveportal']['page'] = array();
45
	$config['captiveportal']['timeout'] = 60;
46
}
47
48
if ($_GET['act'] == "viewhtml") {
49
	echo base64_decode($config['captiveportal']['page']['htmltext']);
50
	exit;
51
} else if ($_GET['act'] == "viewerrhtml") {
52
	echo base64_decode($config['captiveportal']['page']['errtext']);
53
	exit;
54
}
55
56
$pconfig['cinterface'] = $config['captiveportal']['interface'];
57 0bd34ed6 Scott Ullrich
$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
58
$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
59 5b237745 Scott Ullrich
$pconfig['timeout'] = $config['captiveportal']['timeout'];
60
$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
61
$pconfig['enable'] = isset($config['captiveportal']['enable']);
62 7faeda46 Scott Ullrich
$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
63 5b237745 Scott Ullrich
$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
64 0bd34ed6 Scott Ullrich
$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
65
$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
66 c980716e Scott Ullrich
$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
67
$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
68 5b237745 Scott Ullrich
$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
69 1d622048 Scott Ullrich
$pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']);
70 5b237745 Scott Ullrich
$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
71
$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
72
$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
73 7e587bdb Scott Ullrich
$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
74
$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
75
$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
76 5b237745 Scott Ullrich
$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
77 0bd34ed6 Scott Ullrich
$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
78 5b237745 Scott Ullrich
$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
79
$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
80 0bd34ed6 Scott Ullrich
$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
81 5b237745 Scott Ullrich
$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
82 0bd34ed6 Scott Ullrich
$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
83 5b237745 Scott Ullrich
$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
84
$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
85 0bd34ed6 Scott Ullrich
$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
86
$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
87 cf0542ac Scott Ullrich
88
//$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
89 5b237745 Scott Ullrich
90
if ($_POST) {
91
92
	unset($input_errors);
93
	$pconfig = $_POST;
94
95
	/* input validation */
96
	if ($_POST['enable']) {
97
		$reqdfields = explode(" ", "cinterface");
98
		$reqdfieldsn = explode(",", "Interface");
99 a5c0b6c7 Scott Ullrich
100 5b237745 Scott Ullrich
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
101 a5c0b6c7 Scott Ullrich
102 0bd34ed6 Scott Ullrich
		/* make sure no interfaces are bridged */
103 fbb45bb0 Ermal Luçi
		$iflist = get_configured_interface_list(true);
104
		foreach ($iflist as $if) {
105
			$coptif = &$config['interfaces'][$if];
106
			if ($coptif['bridge'] == $pconfig['cinterface']) {
107 89b09672 Scott Ullrich
				$input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";
108
				break;
109 0bd34ed6 Scott Ullrich
			}
110
		}
111 a5c0b6c7 Scott Ullrich
112 5b237745 Scott Ullrich
		if ($_POST['httpslogin_enable']) {
113
		 	if (!$_POST['cert'] || !$_POST['key']) {
114
				$input_errors[] = "Certificate and key must be specified for HTTPS login.";
115
			} else {
116
				if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
117
					$input_errors[] = "This certificate does not appear to be valid.";
118
				if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY"))
119
					$input_errors[] = "This key does not appear to be valid.";
120
			}
121 a5c0b6c7 Scott Ullrich
122 5b237745 Scott Ullrich
			if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) {
123
				$input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
124
			}
125
		}
126
	}
127 a5c0b6c7 Scott Ullrich
128 5b237745 Scott Ullrich
	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) {
129
		$input_errors[] = "The timeout must be at least 1 minute.";
130
	}
131
	if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) {
132
		$input_errors[] = "The idle timeout must be at least 1 minute.";
133
	}
134
	if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
135
		$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
136
	}
137 0bd34ed6 Scott Ullrich
	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
138
		$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
139
	}
140 5b237745 Scott Ullrich
	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
141
		$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
142
	}
143 0bd34ed6 Scott Ullrich
	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
144
		$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
145
	}
146 5b237745 Scott Ullrich
	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
147 0bd34ed6 Scott Ullrich
		$input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
148
	}
149
	if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) {
150
		$input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
151
	}
152
	$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
153
	if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) {
154
		$input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
155 5b237745 Scott Ullrich
	}
156
157
	if (!$input_errors) {
158
		$config['captiveportal']['interface'] = $_POST['cinterface'];
159 0bd34ed6 Scott Ullrich
		$config['captiveportal']['maxproc'] = $_POST['maxproc'];
160
		$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
161 5b237745 Scott Ullrich
		$config['captiveportal']['timeout'] = $_POST['timeout'];
162
		$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
163 0bd34ed6 Scott Ullrich
		$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
164 7faeda46 Scott Ullrich
		$config['captiveportal']['auth_method'] = $_POST['auth_method'];
165 0bd34ed6 Scott Ullrich
		$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
166
		$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
167
		$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
168
		$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
169 c980716e Scott Ullrich
		$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
170 0bd34ed6 Scott Ullrich
		$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
171 5b237745 Scott Ullrich
		$config['captiveportal']['httpsname'] = $_POST['httpsname'];
172 7e587bdb Scott Ullrich
		$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
173
		$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
174
		$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
175 5b237745 Scott Ullrich
		$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
176
		$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
177 0bd34ed6 Scott Ullrich
		$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
178
		$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
179
		$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
180 5b237745 Scott Ullrich
		$config['captiveportal']['redirurl'] = $_POST['redirurl'];
181
		$config['captiveportal']['radiusip'] = $_POST['radiusip'];
182 0bd34ed6 Scott Ullrich
		$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
183 5b237745 Scott Ullrich
		$config['captiveportal']['radiusport'] = $_POST['radiusport'];
184 0bd34ed6 Scott Ullrich
		$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
185 5b237745 Scott Ullrich
		$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
186
		$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
187 0bd34ed6 Scott Ullrich
		$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
188
		$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
189 cf0542ac Scott Ullrich
		//$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
190 a5c0b6c7 Scott Ullrich
191 5b237745 Scott Ullrich
		/* file upload? */
192
		if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
193
			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
194 c980716e Scott Ullrich
		if (is_uploaded_file($_FILES['errfile']['tmp_name']))
195 5b237745 Scott Ullrich
			$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
196 a5c0b6c7 Scott Ullrich
197 5b237745 Scott Ullrich
		write_config();
198 a5c0b6c7 Scott Ullrich
199 5b237745 Scott Ullrich
		$retval = 0;
200 ea1eac37 Scott Ullrich
201
		config_lock();
202
		$retval = captiveportal_configure();
203
		config_unlock();
204
205 5b237745 Scott Ullrich
		$savemsg = get_std_save_message($retval);
206
	}
207
}
208 3d4bd975 Scott Ullrich
include("head.inc");
209 5b237745 Scott Ullrich
?>
210 9699028a Scott Ullrich
<?php include("fbegin.inc"); ?>
211 5b237745 Scott Ullrich
<script language="JavaScript">
212
<!--
213
function enable_change(enable_change) {
214 0bd34ed6 Scott Ullrich
	var endis, radius_endis;
215 07bd3f83 Scott Ullrich
	endis = !(document.iform.enable.checked || enable_change);
216 0bd34ed6 Scott Ullrich
	radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change);
217 a5c0b6c7 Scott Ullrich
218 07bd3f83 Scott Ullrich
	document.iform.cinterface.disabled = endis;
219 54611f24 Scott Ullrich
	//document.iform.maxproc.disabled = endis;
220 422d57b4 Scott Ullrich
	document.iform.maxprocperip.disabled = endis;
221 07bd3f83 Scott Ullrich
	document.iform.idletimeout.disabled = endis;
222
	document.iform.timeout.disabled = endis;
223
	document.iform.redirurl.disabled = endis;
224 0bd34ed6 Scott Ullrich
	document.iform.radiusip.disabled = radius_endis;
225
	document.iform.radiusip2.disabled = radius_endis;
226
	document.iform.radiusport.disabled = radius_endis;
227
	document.iform.radiusport2.disabled = radius_endis;
228
	document.iform.radiuskey.disabled = radius_endis;
229
	document.iform.radiuskey2.disabled = radius_endis;
230 856e58a6 Scott Ullrich
	document.iform.radacct_enable.disabled = radius_endis;
231 329069c9 Scott Ullrich
	//document.iform.peruserbw.disabled = endis;
232
	//document.iform.bwdefaultdn.disabled = endis;
233
	//document.iform.bwdefaultup.disabled = endis;
234 856e58a6 Scott Ullrich
	document.iform.reauthenticate.disabled = radius_endis;
235 7faeda46 Scott Ullrich
	document.iform.auth_method[0].disabled = endis;
236
	document.iform.auth_method[1].disabled = endis;
237
	document.iform.auth_method[2].disabled = endis;
238 0bd34ed6 Scott Ullrich
	document.iform.radmac_enable.disabled = radius_endis;
239 07bd3f83 Scott Ullrich
	document.iform.httpslogin_enable.disabled = endis;
240
	document.iform.httpsname.disabled = endis;
241
	document.iform.cert.disabled = endis;
242
	document.iform.key.disabled = endis;
243
	document.iform.logoutwin_enable.disabled = endis;
244 c980716e Scott Ullrich
	document.iform.nomacfilter.disabled = endis;
245 0bd34ed6 Scott Ullrich
	document.iform.noconcurrentlogins.disabled = endis;
246
	document.iform.radiusvendor.disabled = radius_endis;
247 cf0542ac Scott Ullrich
	//document.iform.radiussession_timeout.disabled = radius_endis;
248 07bd3f83 Scott Ullrich
	document.iform.htmlfile.disabled = endis;
249
	document.iform.errfile.disabled = endis;
250 a5c0b6c7 Scott Ullrich
251 856e58a6 Scott Ullrich
	document.iform.radiusacctport.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change;
252 a5c0b6c7 Scott Ullrich
253 856e58a6 Scott Ullrich
	document.iform.radmac_secret.disabled = (radius_endis || !document.iform.radmac_enable.checked) && !enable_change;
254 a5c0b6c7 Scott Ullrich
255 0bd34ed6 Scott Ullrich
	var reauthenticate_dis = (radius_endis || !document.iform.reauthenticate.checked) && !enable_change;
256 856e58a6 Scott Ullrich
	document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
257
	document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
258
	document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
259 5b237745 Scott Ullrich
}
260
//-->
261
</script>
262 93588e1a Scott Dale
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
263 5b237745 Scott Ullrich
<?php if ($input_errors) print_input_errors($input_errors); ?>
264
<?php if ($savemsg) print_info_box($savemsg); ?>
265
<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
266
<table width="100%" border="0" cellpadding="0" cellspacing="0">
267 9699028a Scott Ullrich
  <tr><td class="tabnavtbl">
268 64b85ffe Scott Ullrich
<?php
269
	$tab_array = array();
270
	$tab_array[] = array("Captive portal", true, "services_captiveportal.php");
271
	$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
272
	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
273 4e9dc150 Scott Ullrich
	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
274 3cf0d3f2 Scott Ullrich
	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
275 64b85ffe Scott Ullrich
	display_top_tabs($tab_array);
276 0bd34ed6 Scott Ullrich
?>    </td></tr>
277 5b237745 Scott Ullrich
  <tr>
278 c980716e Scott Ullrich
  <td class="tabcont">
279
  <table width="100%" border="0" cellpadding="6" cellspacing="0">
280 a5c0b6c7 Scott Ullrich
	<tr>
281 5b237745 Scott Ullrich
	  <td width="22%" valign="top" class="vtable">&nbsp;</td>
282
	  <td width="78%" class="vtable">
283
		<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
284
		<strong>Enable captive portal </strong></td>
285
	</tr>
286 a5c0b6c7 Scott Ullrich
	<tr>
287 5b237745 Scott Ullrich
	  <td width="22%" valign="top" class="vncellreq">Interface</td>
288
	  <td width="78%" class="vtable">
289 b5c78501 Seth Mos
		<select name="cinterface" class="formselect" id="cinterface">
290 af98cced Scott Ullrich
		  <?php 
291 fbb45bb0 Ermal Luçi
		  $interfaces = get_configured_interface_with_descr();
292 c980716e Scott Ullrich
		  foreach ($interfaces as $iface => $ifacename): ?>
293 a5c0b6c7 Scott Ullrich
		  <option value="<?=$iface;?>" <?php if ($iface == $pconfig['cinterface']) echo "selected"; ?>>
294 5b237745 Scott Ullrich
		  <?=htmlspecialchars($ifacename);?>
295
		  </option>
296
		  <?php endforeach; ?>
297
		</select> <br>
298
		<span class="vexpl">Choose which interface to run the captive portal on.</span></td>
299
	</tr>
300 4362e48a Scott Ullrich
	<tr>
301
	  <td valign="top" class="vncell">Maximum concurrent connections</td>
302
	  <td class="vtable">
303
		<table cellpadding="0" cellspacing="0">
304
                 <tr>
305 b5c78501 Seth Mos
           			<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5" 
306
value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> per client IP address (0 = no limit)</td>
307 4362e48a Scott Ullrich
                 </tr>
308
               </table>
309
This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in
310
to the captive portal, but rather how many users can load the portal page or authenticate at the same time!
311
Default is 4 connections per client IP address, with a total maximum of 16 connections.</td>
312
	</tr>
313 5b237745 Scott Ullrich
	<tr>
314
	  <td valign="top" class="vncell">Idle timeout</td>
315
	  <td class="vtable">
316 b5c78501 Seth Mos
		<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
317 5b237745 Scott Ullrich
minutes<br>
318
Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
319
	</tr>
320 a5c0b6c7 Scott Ullrich
	<tr>
321 5b237745 Scott Ullrich
	  <td width="22%" valign="top" class="vncell">Hard timeout</td>
322 a5c0b6c7 Scott Ullrich
	  <td width="78%" class="vtable">
323 b5c78501 Seth Mos
		<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
324 5b237745 Scott Ullrich
		minutes<br>
325
	  Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
326
	</tr>
327 a5c0b6c7 Scott Ullrich
	<tr>
328 5b237745 Scott Ullrich
	  <td width="22%" valign="top" class="vncell">Logout popup window</td>
329 a5c0b6c7 Scott Ullrich
	  <td width="78%" class="vtable">
330 5b237745 Scott Ullrich
		<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
331
		<strong>Enable logout popup window</strong><br>
332 c980716e Scott Ullrich
	  If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.</td>
333 5b237745 Scott Ullrich
	</tr>
334
	<tr>
335
	  <td valign="top" class="vncell">Redirection URL</td>
336
	  <td class="vtable">
337 b5c78501 Seth Mos
		<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
338 5b237745 Scott Ullrich
		<br>
339
If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
340
to access after they've authenticated.</td>
341
	</tr>
342
	<tr>
343 0bd34ed6 Scott Ullrich
      <td valign="top" class="vncell">Concurrent user logins</td>
344
      <td class="vtable">
345
	<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
346
	<strong>Disable concurrent logins</strong><br>
347
	If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.</td>
348
	</tr>
349
	<tr>
350 c980716e Scott Ullrich
      <td valign="top" class="vncell">MAC filtering </td>
351
      <td class="vtable">
352
        <input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
353
        <strong>Disable MAC filtering</strong><br>
354 0bd34ed6 Scott Ullrich
    If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.
355 d835d6b8 Chris Buechler
    This is required when the MAC address of the client cannot be determined (usually because there are routers between <?php echo $g['product_name'] ?> and the clients).
356 0bd34ed6 Scott Ullrich
    If this is enabled, RADIUS MAC authentication cannot be used.</td>
357 7e587bdb Scott Ullrich
	</tr>
358 329069c9 Scott Ullrich
<?php
359
/*
360 7e587bdb Scott Ullrich
	<tr>
361
      <td valign="top" class="vncell">Per-user bandwidth restriction</td>
362
      <td class="vtable">
363
        <input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
364
        <strong>Enable per-user bandwidth restriction</strong><br><br>
365
        <table cellpadding="0" cellspacing="0">
366
        <tr>
367
        <td>Default download</td>
368 b5c78501 Seth Mos
        <td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> Kbit/s</td>
369 7e587bdb Scott Ullrich
        </tr>
370
        <tr>
371
        <td>Default upload</td>
372 b5c78501 Seth Mos
        <td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> Kbit/s</td>
373 7e587bdb Scott Ullrich
        </tr></table>
374
        <br>
375
        If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit. You will <strong>need</strong> to enable the traffic shaper for this to be effective.</td>
376
	</tr>
377 329069c9 Scott Ullrich
*/
378
?>
379 a5c0b6c7 Scott Ullrich
	<tr>
380 c980716e Scott Ullrich
	  <td width="22%" valign="top" class="vncell">Authentication</td>
381 a5c0b6c7 Scott Ullrich
	  <td width="78%" class="vtable">
382 c980716e Scott Ullrich
		<table cellpadding="0" cellspacing="0">
383
		<tr>
384 0bd34ed6 Scott Ullrich
		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
385 a5c0b6c7 Scott Ullrich
  No authentication</td>
386 c980716e Scott Ullrich
		  </tr>
387
		<tr>
388 0bd34ed6 Scott Ullrich
		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
389 a5c0b6c7 Scott Ullrich
  Local <a href="services_captiveportal_users.php">user manager</a></td>
390 c980716e Scott Ullrich
		  </tr>
391
		<tr>
392 0bd34ed6 Scott Ullrich
		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
393 a5c0b6c7 Scott Ullrich
  RADIUS authentication</td>
394 c980716e Scott Ullrich
		  </tr><tr>
395
		  <td>&nbsp;</td>
396
		  <td>&nbsp;</td>
397
		  </tr>
398
		</table>
399 0bd34ed6 Scott Ullrich
		<table width="100%" border="0" cellpadding="6" cellspacing="0">
400 a5c0b6c7 Scott Ullrich
        	<tr>
401 0bd34ed6 Scott Ullrich
            	<td colspan="2" valign="top" class="optsect_t2">Primary RADIUS server</td>
402
			</tr>
403
			<tr>
404
				<td class="vncell" valign="top">IP address</td>
405 b5c78501 Seth Mos
				<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
406 0bd34ed6 Scott Ullrich
				Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.</td>
407
			</tr>
408
			<tr>
409
				<td class="vncell" valign="top">Port</td>
410 b5c78501 Seth Mos
				<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
411 0bd34ed6 Scott Ullrich
				 Leave this field blank to use the default port (1812).</td>
412
			</tr>
413
			<tr>
414
				<td class="vncell" valign="top">Shared secret&nbsp;&nbsp;</td>
415 b5c78501 Seth Mos
				<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
416 0bd34ed6 Scott Ullrich
				Leave this field blank to not use a RADIUS shared secret (not recommended).</td>
417
			</tr>
418 a5c0b6c7 Scott Ullrich
			<tr>
419 0bd34ed6 Scott Ullrich
			  <td colspan="2" class="list" height="12"></td>
420
			</tr>
421
			<tr>
422
				<td colspan="2" valign="top" class="optsect_t2">Secondary RADIUS server</td>
423
			</tr>
424
			<tr>
425
				<td class="vncell" valign="top">IP address</td>
426 b5c78501 Seth Mos
				<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
427 0bd34ed6 Scott Ullrich
				If you have a second RADIUS server, you can activate it by entering its IP address here.</td>
428
			</tr>
429
			<tr>
430
				<td class="vncell" valign="top">Port</td>
431 b5c78501 Seth Mos
				<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
432 0bd34ed6 Scott Ullrich
			</tr>
433
			<tr>
434
				<td class="vncell" valign="top">Shared secret&nbsp;&nbsp;</td>
435 b5c78501 Seth Mos
				<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" 
436
value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
437 0bd34ed6 Scott Ullrich
			</tr>
438
			<tr>
439
			  <td colspan="2" class="list" height="12"></td>
440
			</tr>
441 856e58a6 Scott Ullrich
			<tr>
442
				<td colspan="2" valign="top" class="optsect_t2">Accounting</td>
443
			</tr>
444
			<tr>
445
				<td class="vncell">&nbsp;</td>
446
				<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
447
				<strong>send RADIUS accounting packets</strong><br>
448
				If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
449
			</tr>
450
			<tr>
451
			  <td class="vncell" valign="top">Accounting port</td>
452 b5c78501 Seth Mos
			  <td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
453 856e58a6 Scott Ullrich
			  Leave blank to use the default port (1813).</td>
454
			  </tr>
455
			<tr>
456
			  <td colspan="2" class="list" height="12"></td>
457
			</tr>
458
			<tr>
459
				<td colspan="2" valign="top" class="optsect_t2">Reauthentication</td>
460
			</tr>
461
			<tr>
462
				<td class="vncell">&nbsp;</td>
463
				<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
464
			  <strong>Reauthenticate connected users every minute</strong><br>
465
			  If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is
466
			  logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.</td>
467
			</tr>
468
			<tr>
469
			  <td class="vncell" valign="top">Accounting updates</td>
470
			  <td class="vtable">
471
			  <input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
472
			  <input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
473
			  <input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update
474
			  </td>
475
			</tr>
476
			<tr>
477
			  <td colspan="2" class="list" height="12"></td>
478
			</tr>
479 0bd34ed6 Scott Ullrich
			<tr>
480
				<td colspan="2" valign="top" class="optsect_t2">RADIUS MAC authentication</td>
481
			</tr>
482
			<tr>
483
				<td class="vncell">&nbsp;</td>
484
				<td class="vtable">
485
				<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong>Enable RADIUS MAC authentication</strong><br>
486
				If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password
487
				entered below to the RADIUS server.</td>
488
			</tr>
489
			<tr>
490
				<td class="vncell">Shared secret</td>
491 b5c78501 Seth Mos
				<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
492 0bd34ed6 Scott Ullrich
			</tr>
493
			<tr>
494
			  <td colspan="2" class="list" height="12"></td>
495
			</tr>
496
			<tr>
497
				<td colspan="2" valign="top" class="optsect_t2">RADIUS options</td>
498
			</tr>
499 cf0542ac Scott Ullrich
500
			<!--
501 0bd34ed6 Scott Ullrich
			<tr>
502
				<td class="vncell" valign="top">Session-Timeout</td>
503
				<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong>Use RADIUS Session-Timeout attributes</strong><br>
504
				When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.</td>
505
			</tr>
506 cf0542ac Scott Ullrich
			-->
507
508 0bd34ed6 Scott Ullrich
			<tr>
509
				<td class="vncell" valign="top">Type</td>
510
				<td class="vtable"><select name="radiusvendor" id="radiusvendor">
511
				<option>default</option>
512 a5c0b6c7 Scott Ullrich
				<?php
513 0bd34ed6 Scott Ullrich
				$radiusvendors = array("cisco");
514
				foreach ($radiusvendors as $radiusvendor){
515
					if ($pconfig['radiusvendor'] == $radiusvendor)
516
						echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
517
					else
518
						echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
519
				}
520
				?></select><br>
521
				If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and
522 5fca0583 Scott Ullrich
				the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td>
523 0bd34ed6 Scott Ullrich
			</tr>
524
		</table>
525 5b237745 Scott Ullrich
	</tr>
526
	<tr>
527
      <td valign="top" class="vncell">HTTPS login</td>
528
      <td class="vtable">
529 c980716e Scott Ullrich
        <input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
530 5b237745 Scott Ullrich
        <strong>Enable HTTPS login</strong><br>
531 0bd34ed6 Scott Ullrich
    If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.</td>
532 5b237745 Scott Ullrich
	  </tr>
533
	<tr>
534
      <td valign="top" class="vncell">HTTPS server name </td>
535
      <td class="vtable">
536 b5c78501 Seth Mos
        <input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
537 5fca0583 Scott Ullrich
    	This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on <?=$g['product_name']?>. </td>
538 5b237745 Scott Ullrich
	  </tr>
539
	<tr>
540
      <td valign="top" class="vncell">HTTPS certificate</td>
541
      <td class="vtable">
542
        <textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
543
        <br>
544 9699028a Scott Ullrich
    Paste a signed certificate in X.509 PEM format here.</td>
545 5b237745 Scott Ullrich
	  </tr>
546
	<tr>
547
      <td valign="top" class="vncell">HTTPS private key</td>
548
      <td class="vtable">
549
        <textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
550
        <br>
551
    Paste an RSA private key in PEM format here.</td>
552
	  </tr>
553 a5c0b6c7 Scott Ullrich
	<tr>
554 5b237745 Scott Ullrich
	  <td width="22%" valign="top" class="vncellreq">Portal page contents</td>
555 a5c0b6c7 Scott Ullrich
	  <td width="78%" class="vtable">
556 b5c78501 Seth Mos
		<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
557 16f5fe76 Scott Ullrich
		<?php
558
			list($host) = explode(":", $_SERVER['HTTP_HOST']);
559
			if(isset($config['captiveportal']['httpslogin'])) {
560
				$href = "https://$host:8001";
561
			} else {
562
				$href = "http://$host:8000";
563 a5c0b6c7 Scott Ullrich
			}
564 16f5fe76 Scott Ullrich
		?>
565 5b237745 Scott Ullrich
		<?php if ($config['captiveportal']['page']['htmltext']): ?>
566 a5c0b6c7 Scott Ullrich
		<a href="<?=$href?>" target="_new">View current page</a>
567 5b237745 Scott Ullrich
		  <br>
568
		  <br>
569
		<?php endif; ?>
570
		  Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to &quot;$PORTAL_ACTION$&quot;)
571 0bd34ed6 Scott Ullrich
with a submit button (name=&quot;accept&quot;) and a hidden field with name=&quot;redirurl&quot; and value=&quot;$PORTAL_REDIRURL$&quot;.
572
Include the &quot;auth_user&quot; and &quot;auth_pass&quot; input fields if authentication is enabled, otherwise it will always fail.
573
Example code for the form:<br>
574 5b237745 Scott Ullrich
		  <br>
575
		  <tt>&lt;form method=&quot;post&quot; action=&quot;$PORTAL_ACTION$&quot;&gt;<br>
576
		  &nbsp;&nbsp;&nbsp;&lt;input name=&quot;auth_user&quot; type=&quot;text&quot;&gt;<br>
577
		  &nbsp;&nbsp;&nbsp;&lt;input name=&quot;auth_pass&quot; type=&quot;password&quot;&gt;<br>
578
		  &nbsp;&nbsp;&nbsp;&lt;input name=&quot;redirurl&quot; type=&quot;hidden&quot; value=&quot;$PORTAL_REDIRURL$&quot;&gt;<br>
579
&nbsp;&nbsp;&nbsp;&lt;input name=&quot;accept&quot; type=&quot;submit&quot; value=&quot;Continue&quot;&gt;<br>
580
		  &lt;/form&gt;</tt></td>
581
	</tr>
582
	<tr>
583
	  <td width="22%" valign="top" class="vncell">Authentication<br>
584
		error page<br>
585
		contents</td>
586
	  <td class="vtable">
587 b5c78501 Seth Mos
		<input name="errfile" type="file" class="formfld file" id="errfile"><br>
588 5b237745 Scott Ullrich
		<?php if ($config['captiveportal']['page']['errtext']): ?>
589 a5c0b6c7 Scott Ullrich
		<a href="?act=viewerrhtml" target="_blank">View current page</a>
590 5b237745 Scott Ullrich
		  <br>
591
		  <br>
592
		<?php endif; ?>
593 0bd34ed6 Scott Ullrich
The contents of the HTML file that you upload here are displayed when an authentication error occurs.
594
You may include &quot;$PORTAL_MESSAGE$&quot;, which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
595 5b237745 Scott Ullrich
	</tr>
596 a5c0b6c7 Scott Ullrich
	<tr>
597 5b237745 Scott Ullrich
	  <td width="22%" valign="top">&nbsp;</td>
598 a5c0b6c7 Scott Ullrich
	  <td width="78%">
599
		<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
600 5b237745 Scott Ullrich
	  </td>
601
	</tr>
602 a5c0b6c7 Scott Ullrich
	<tr>
603 5b237745 Scott Ullrich
	  <td width="22%" valign="top">&nbsp;</td>
604
	  <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
605 c980716e Scott Ullrich
		</strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
606 5b237745 Scott Ullrich
	</tr>
607
  </table>
608
  </td>
609
  </tr>
610
  </table>
611
</form>
612
<script language="JavaScript">
613
<!--
614
enable_change(false);
615
//-->
616
</script>
617
<?php include("fend.inc"); ?>
618 93588e1a Scott Dale
</body>
619
</html>