/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ f0ce6758

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: captiveportal
32			*/
33	5b237745	Scott Ullrich
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-services-captiveportal
36			##\|*NAME=Services: Captive portal page
37			##\|*DESCR=Allow access to the 'Services: Captive portal' page.
38			##\|MATCH=services_captiveportal.php
39			##\|-PRIV
40
41	5633ab30	jim-p	$statusurl = "status_captiveportal.php";
42			$logurl = "diag_logs_auth.php";
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	7ab2b688	Scott Ullrich	require("functions.inc");
46			require("filter.inc");
47			require("shaper.inc");
48			require("captiveportal.inc");
49	5b237745	Scott Ullrich
50	6fde5a1e	Carlos Eduardo Ramos	$pgtitle = array(gettext("Services"),gettext("Captive portal"));
51
52	5b237745	Scott Ullrich	if (!is_array($config['captiveportal'])) {
53			$config['captiveportal'] = array();
54			$config['captiveportal']['page'] = array();
55			$config['captiveportal']['timeout'] = 60;
56			}
57
58			if ($_GET['act'] == "viewhtml") {
59			echo base64_decode($config['captiveportal']['page']['htmltext']);
60			exit;
61			} else if ($_GET['act'] == "viewerrhtml") {
62			echo base64_decode($config['captiveportal']['page']['errtext']);
63			exit;
64	5b87b24e	Ermal	} else if ($_GET['act'] == "viewlogouthtml") {
65			echo base64_decode($config['captiveportal']['page']['logouttext']);
66			exit;
67	5b237745	Scott Ullrich	}
68
69			$pconfig['cinterface'] = $config['captiveportal']['interface'];
70	0bd34ed6	Scott Ullrich	$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
71			$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
72	5b237745	Scott Ullrich	$pconfig['timeout'] = $config['captiveportal']['timeout'];
73			$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
74	03552507	Erik Fonnesbeck	$pconfig['freelogins_count'] = $config['captiveportal']['freelogins_count'];
75			$pconfig['freelogins_resettimeout'] = $config['captiveportal']['freelogins_resettimeout'];
76	e65d1a98	Erik Fonnesbeck	$pconfig['freelogins_updatetimeouts'] = isset($config['captiveportal']['freelogins_updatetimeouts']);
77	5b237745	Scott Ullrich	$pconfig['enable'] = isset($config['captiveportal']['enable']);
78	7faeda46	Scott Ullrich	$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
79	5b237745	Scott Ullrich	$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
80	0bd34ed6	Scott Ullrich	$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
81			$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
82	c980716e	Scott Ullrich	$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
83			$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
84	5b237745	Scott Ullrich	$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
85	1d622048	Scott Ullrich	$pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']);
86	5b237745	Scott Ullrich	$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
87	c6e1b0f5	Ermal Lu?i	$pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']);
88	5b237745	Scott Ullrich	$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
89			$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
90	7e587bdb	Scott Ullrich	$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
91			$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
92			$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
93	5b237745	Scott Ullrich	$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
94	0bd34ed6	Scott Ullrich	$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
95	5b237745	Scott Ullrich	$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
96			$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
97	0bd34ed6	Scott Ullrich	$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
98	5b237745	Scott Ullrich	$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
99	0bd34ed6	Scott Ullrich	$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
100	5b237745	Scott Ullrich	$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
101			$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
102	0bd34ed6	Scott Ullrich	$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
103			$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
104	2342bfb0	Ermal Lu?i	$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
105	822b687b	Ermal	$pconfig['radiussrcip_attribute'] = $config['captiveportal']['radiussrcip_attribute'];
106	6ce61a8f	Ermal	$pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']);
107	1c291e64	Ermal	$pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']);
108	d11c1f93	sullrich	$pconfig['radmac_format'] = $config['captiveportal']['radmac_format'];
109	5b237745	Scott Ullrich
110			if ($_POST) {
111
112			unset($input_errors);
113			$pconfig = $_POST;
114
115			/* input validation */
116			if ($_POST['enable']) {
117			$reqdfields = explode(" ", "cinterface");
118	6fde5a1e	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Interface"));
119	a5c0b6c7	Scott Ullrich
120	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
121	a5c0b6c7	Scott Ullrich
122	0bd34ed6	Scott Ullrich	/* make sure no interfaces are bridged */
123	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
124			foreach ($pconfig['cinterface'] as $cpbrif)
125			if (link_interface_to_bridge($cpbrif))
126			$input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif);
127	a5c0b6c7	Scott Ullrich
128	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
129			if (!$_POST['cert'] \|\| !$_POST['key']) {
130	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("Certificate and key must be specified for HTTPS login.");
131	5b237745	Scott Ullrich	} else {
132			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
133	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("This certificate does not appear to be valid.");
134	c6e1b0f5	Ermal Lu?i	if (!strstr($_POST['cacert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cacert'], "END CERTIFICATE"))
135	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("This intermmediate certificate does not appear to be valid.");
136	5b237745	Scott Ullrich	if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
137	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("This key does not appear to be valid.");
138	5b237745	Scott Ullrich	}
139	a5c0b6c7	Scott Ullrich
140	5b237745	Scott Ullrich	if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
141	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login.");
142	5b237745	Scott Ullrich	}
143			}
144			}
145	a5c0b6c7	Scott Ullrich
146	5b237745	Scott Ullrich	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))) {
147	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The timeout must be at least 1 minute.");
148	5b237745	Scott Ullrich	}
149			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
150	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The idle timeout must be at least 1 minute.");
151	5b237745	Scott Ullrich	}
152	03552507	Erik Fonnesbeck	if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) {
153	49f61a1c	Erik Fonnesbeck	$input_errors[] = gettext("The pass-through credit count must be a number or left blank.");
154			} else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) {
155			if (empty($_POST['freelogins_resettimeout']) \|\| !is_numeric($_POST['freelogins_resettimeout']) \|\| ($_POST['freelogins_resettimeout'] <= 0)) {
156			$input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours.");
157			}
158	03552507	Erik Fonnesbeck	}
159	5b237745	Scott Ullrich	if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
160	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']);
161	5b237745	Scott Ullrich	}
162	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
163	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']);
164	0bd34ed6	Scott Ullrich	}
165	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
166	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']);
167	5b237745	Scott Ullrich	}
168	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
169	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']);
170	0bd34ed6	Scott Ullrich	}
171	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
172	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']);
173	0bd34ed6	Scott Ullrich	}
174			if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
175	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The total maximum number of concurrent connections must be between 4 and 100.");
176	0bd34ed6	Scott Ullrich	}
177			$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
178			if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) \|\| ($_POST['maxprocperip'] > $mymaxproc))) {
179	6fde5a1e	Carlos Eduardo Ramos	$input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum.");
180	5b237745	Scott Ullrich	}
181
182			if (!$input_errors) {
183	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
184			$config['captiveportal']['interface'] = implode(",", $_POST['cinterface']);
185	0bd34ed6	Scott Ullrich	$config['captiveportal']['maxproc'] = $_POST['maxproc'];
186			$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
187	5b237745	Scott Ullrich	$config['captiveportal']['timeout'] = $_POST['timeout'];
188			$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
189	03552507	Erik Fonnesbeck	$config['captiveportal']['freelogins_count'] = $_POST['freelogins_count'];
190			$config['captiveportal']['freelogins_resettimeout'] = $_POST['freelogins_resettimeout'];
191			$config['captiveportal']['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false;
192	0bd34ed6	Scott Ullrich	$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
193	7faeda46	Scott Ullrich	$config['captiveportal']['auth_method'] = $_POST['auth_method'];
194	0bd34ed6	Scott Ullrich	$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
195			$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
196			$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
197			$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
198	c980716e	Scott Ullrich	$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
199	0bd34ed6	Scott Ullrich	$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
200	5b237745	Scott Ullrich	$config['captiveportal']['httpsname'] = $_POST['httpsname'];
201	7e587bdb	Scott Ullrich	$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
202			$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
203			$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
204	5b237745	Scott Ullrich	$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
205	c6e1b0f5	Ermal Lu?i	$config['captiveportal']['cacertificate'] = base64_encode($_POST['cacert']);
206	5b237745	Scott Ullrich	$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
207	0bd34ed6	Scott Ullrich	$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
208			$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
209			$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
210	5b237745	Scott Ullrich	$config['captiveportal']['redirurl'] = $_POST['redirurl'];
211			$config['captiveportal']['radiusip'] = $_POST['radiusip'];
212	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
213	5b237745	Scott Ullrich	$config['captiveportal']['radiusport'] = $_POST['radiusport'];
214	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
215	5b237745	Scott Ullrich	$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
216			$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
217	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
218			$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
219	2342bfb0	Ermal Lu?i	$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
220	8aede55b	Ermal	$config['captiveportal']['radiussrcip_attribute'] = $_POST['radiussrcip_attribute'];
221	6ce61a8f	Ermal	$config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
222	1c291e64	Ermal	$config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
223	6ce61a8f	Ermal	$config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
224	a5c0b6c7	Scott Ullrich
225	5b237745	Scott Ullrich	/* file upload? */
226			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
227			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
228	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
229	5b237745	Scott Ullrich	$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
230	5b87b24e	Ermal	if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
231			$config['captiveportal']['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
232	a5c0b6c7	Scott Ullrich
233	5b237745	Scott Ullrich	write_config();
234	a5c0b6c7	Scott Ullrich
235	5b237745	Scott Ullrich	$retval = 0;
236	ea1eac37	Scott Ullrich	$retval = captiveportal_configure();
237
238	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
239	f8b11310	Ermal Lu?i
240	3e4f5a33	jim-p	if (is_array($_POST['cinterface']))
241			$pconfig['cinterface'] = implode(",", $_POST['cinterface']);
242	5b237745	Scott Ullrich	}
243			}
244	3d4bd975	Scott Ullrich	include("head.inc");
245	5b237745	Scott Ullrich	?>
246	9699028a	Scott Ullrich	<?php include("fbegin.inc"); ?>
247	5b237745	Scott Ullrich	<script language="JavaScript">
248			<!--
249			function enable_change(enable_change) {
250	0bd34ed6	Scott Ullrich	var endis, radius_endis;
251	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
252	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
253	a5c0b6c7	Scott Ullrich
254	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
255	54611f24	Scott Ullrich	//document.iform.maxproc.disabled = endis;
256	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
257	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
258	03552507	Erik Fonnesbeck	document.iform.freelogins_count.disabled = endis;
259			document.iform.freelogins_resettimeout.disabled = endis;
260			document.iform.freelogins_updatetimeouts.disabled = endis;
261	07bd3f83	Scott Ullrich	document.iform.timeout.disabled = endis;
262			document.iform.redirurl.disabled = endis;
263	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
264			document.iform.radiusip2.disabled = radius_endis;
265			document.iform.radiusport.disabled = radius_endis;
266			document.iform.radiusport2.disabled = radius_endis;
267			document.iform.radiuskey.disabled = radius_endis;
268			document.iform.radiuskey2.disabled = radius_endis;
269	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
270	f5fa7d5e	Ermal Luçi	document.iform.peruserbw.disabled = endis;
271			document.iform.bwdefaultdn.disabled = endis;
272			document.iform.bwdefaultup.disabled = endis;
273	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
274	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
275			document.iform.auth_method[1].disabled = endis;
276			document.iform.auth_method[2].disabled = endis;
277	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
278	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
279	d11c1f93	sullrich	document.iform.radmac_format.disabled = radius_endis;
280	07bd3f83	Scott Ullrich	document.iform.httpsname.disabled = endis;
281			document.iform.cert.disabled = endis;
282			document.iform.key.disabled = endis;
283			document.iform.logoutwin_enable.disabled = endis;
284	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
285	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
286			document.iform.radiusvendor.disabled = radius_endis;
287	2342bfb0	Ermal Lu?i	document.iform.radiussession_timeout.disabled = radius_endis;
288	822b687b	Ermal	document.iform.radiussrcip_attribute.disabled = radius_endis;
289	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
290			document.iform.errfile.disabled = endis;
291	5b87b24e	Ermal	document.iform.logoutfile.disabled = endis;
292	a5c0b6c7	Scott Ullrich
293	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
294	a5c0b6c7	Scott Ullrich
295	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
296	a5c0b6c7	Scott Ullrich
297	0bd34ed6	Scott Ullrich	var reauthenticate_dis = (radius_endis \|\| !document.iform.reauthenticate.checked) && !enable_change;
298	856e58a6	Scott Ullrich	document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
299			document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
300			document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
301	5b237745	Scott Ullrich	}
302			//-->
303			</script>
304	93588e1a	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
305	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
306			<?php if ($savemsg) print_info_box($savemsg); ?>
307			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
308			<table width="100%" border="0" cellpadding="0" cellspacing="0">
309	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
310	64b85ffe	Scott Ullrich	<?php
311			$tab_array = array();
312	6fde5a1e	Carlos Eduardo Ramos	$tab_array[] = array(gettext("Captive portal"), true, "services_captiveportal.php");
313			$tab_array[] = array(gettext("Pass-through MAC"), false, "services_captiveportal_mac.php");
314			$tab_array[] = array(gettext("Allowed IP addresses"), false, "services_captiveportal_ip.php");
315			$tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_vouchers.php");
316			$tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php");
317	64b85ffe	Scott Ullrich	display_top_tabs($tab_array);
318	0bd34ed6	Scott Ullrich	?> </td></tr>
319	5b237745	Scott Ullrich	<tr>
320	c980716e	Scott Ullrich	<td class="tabcont">
321			<table width="100%" border="0" cellpadding="6" cellspacing="0">
322	a5c0b6c7	Scott Ullrich	<tr>
323	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
324			<td width="78%" class="vtable">
325			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
326	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable captive portal"); ?> </strong></td>
327	5b237745	Scott Ullrich	</tr>
328	a5c0b6c7	Scott Ullrich	<tr>
329	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interfaces"); ?></td>
330	5b237745	Scott Ullrich	<td width="78%" class="vtable">
331	d823b81c	sullrich	<select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface">
332	af98cced	Scott Ullrich	<?php
333	fbb45bb0	Ermal Luçi	$interfaces = get_configured_interface_with_descr();
334	c980716e	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
335	f8b11310	Ermal Lu?i	<option value="<?=$iface;?>" <?php if (stristr($pconfig['cinterface'], $iface)) echo "selected"; ?>>
336	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
337			</option>
338			<?php endforeach; ?>
339			</select> <br>
340	16457bdd	Renato Botelho	<span class="vexpl"><?=gettext("Select the interface(s) to enable for captive portal."); ?></span></td>
341	5b237745	Scott Ullrich	</tr>
342	4362e48a	Scott Ullrich	<tr>
343	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Maximum concurrent connections"); ?></td>
344	4362e48a	Scott Ullrich	<td class="vtable">
345			<table cellpadding="0" cellspacing="0">
346			<tr>
347	b5c78501	Seth Mos	<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5"
348	6fde5a1e	Carlos Eduardo Ramos	value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client IP address (0 = no limit)"); ?></td>
349	4362e48a	Scott Ullrich	</tr>
350			</table>
351	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in " .
352			"to the captive portal, but rather how many users can load the portal page or authenticate at the same time! " .
353	16457bdd	Renato Botelho	"Default is 4 connections per client IP address, with a total maximum of 16 connections."); ?></td>
354	4362e48a	Scott Ullrich	</tr>
355	5b237745	Scott Ullrich	<tr>
356	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Idle timeout"); ?></td>
357	5b237745	Scott Ullrich	<td class="vtable">
358	b5c78501	Seth Mos	<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
359	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
360	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout."); ?></td>
361	5b237745	Scott Ullrich	</tr>
362	a5c0b6c7	Scott Ullrich	<tr>
363	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Hard timeout"); ?></td>
364	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
365	b5c78501	Seth Mos	<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
366	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("minutes"); ?><br>
367	16457bdd	Renato Botelho	<?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td>
368	5b237745	Scott Ullrich	</tr>
369	03552507	Erik Fonnesbeck	<tr>
370	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td>
371	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
372			<input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>">
373			<?=gettext("per client MAC address (0 or blank = none)"); ?><br>
374			<?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?></td>
375			</tr>
376			<tr>
377	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td>
378	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
379			<input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>">
380			<?=gettext("hours"); ?><br>
381	49f61a1c	Erik Fonnesbeck	<?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?></td>
382	03552507	Erik Fonnesbeck	</tr>
383			<tr>
384	49f61a1c	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td>
385	03552507	Erik Fonnesbeck	<td width="78%" class="vtable">
386			<input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if($pconfig['freelogins_updatetimeouts']) echo "checked"; ?>>
387			<strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br>
388	49f61a1c	Erik Fonnesbeck	<?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td>
389	03552507	Erik Fonnesbeck	</tr>
390	a5c0b6c7	Scott Ullrich	<tr>
391	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td>
392	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
393	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
394	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable logout popup window"); ?></strong><br>
395	16457bdd	Renato Botelho	<?=gettext("If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs."); ?></td>
396	5b237745	Scott Ullrich	</tr>
397			<tr>
398	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Redirection URL"); ?></td>
399	5b237745	Scott Ullrich	<td class="vtable">
400	b5c78501	Seth Mos	<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
401	5b237745	Scott Ullrich	<br>
402	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried " .
403	16457bdd	Renato Botelho	"to access after they've authenticated."); ?></td>
404	5b237745	Scott Ullrich	</tr>
405			<tr>
406	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td>
407	0bd34ed6	Scott Ullrich	<td class="vtable">
408			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
409	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable concurrent logins"); ?></strong><br>
410	16457bdd	Renato Botelho	<?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?></td>
411	0bd34ed6	Scott Ullrich	</tr>
412			<tr>
413	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("MAC filtering"); ?> </td>
414	c980716e	Scott Ullrich	<td class="vtable">
415			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
416	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Disable MAC filtering"); ?></strong><br>
417			<?=gettext("If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in." .
418	16457bdd	Renato Botelho	"This is required when the MAC address of the client cannot be determined (usually because there are routers between"); ?> <?php echo $g['product_name'] ?> <?=gettext("and the clients)."); ?>
419			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used."); ?></td>
420	7e587bdb	Scott Ullrich	</tr>
421			<tr>
422	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Pass-through MAC Auto Entry"); ?></td>
423	6ce61a8f	Ermal	<td class="vtable">
424			<input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>>
425	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic additions"); ?></strong><br>
426	16457bdd	Renato Botelho	<?=gettext("If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again."); ?>
427			<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("Pass-through MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
428			<?=gettext("If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown."); ?>
429	1c291e64	Ermal	<br/><br/>
430			<input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
431	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable Pass-through MAC automatic addition with username"); ?></strong><br>
432	16457bdd	Renato Botelho	<?=gettext("If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved."); ?>
433			<?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("Pass-through MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?>
434	1c291e64	Ermal	</td>
435	6ce61a8f	Ermal	</tr>
436			<tr>
437	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td>
438	7e587bdb	Scott Ullrich	<td class="vtable">
439			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
440	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable per-user bandwidth restriction"); ?></strong><br><br>
441	7e587bdb	Scott Ullrich	<table cellpadding="0" cellspacing="0">
442			<tr>
443	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default download"); ?></td>
444			<td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> <?=gettext("Kbit/s"); ?></td>
445	7e587bdb	Scott Ullrich	</tr>
446			<tr>
447	6fde5a1e	Carlos Eduardo Ramos	<td><?=gettext("Default upload"); ?></td>
448			<td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> <?=gettext("Kbit/s"); ?></td>
449	7e587bdb	Scott Ullrich	</tr></table>
450			<br>
451	16457bdd	Renato Botelho	<?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> </td>
452	7e587bdb	Scott Ullrich	</tr>
453	a5c0b6c7	Scott Ullrich	<tr>
454	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td>
455	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
456	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
457			<tr>
458	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
459	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("No Authentication"); ?></td>
460	c980716e	Scott Ullrich	</tr>
461			<tr>
462	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
463	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a></td>
464	c980716e	Scott Ullrich	</tr>
465			<tr>
466	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
467	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("RADIUS Authentication"); ?></td>
468	c980716e	Scott Ullrich	</tr><tr>
469			<td> </td>
470			<td> </td>
471			</tr>
472			</table>
473	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
474	a5c0b6c7	Scott Ullrich	<tr>
475	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td>
476	0bd34ed6	Scott Ullrich	</tr>
477			<tr>
478	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
479	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
480	16457bdd	Renato Botelho	<?=gettext("Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against."); ?></td>
481	0bd34ed6	Scott Ullrich	</tr>
482			<tr>
483	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
484	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
485	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to use the default port (1812)."); ?></td>
486	0bd34ed6	Scott Ullrich	</tr>
487			<tr>
488	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
489	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
490	16457bdd	Renato Botelho	<?=gettext("Leave this field blank to not use a RADIUS shared secret (not recommended)."); ?></td>
491	0bd34ed6	Scott Ullrich	</tr>
492	a5c0b6c7	Scott Ullrich	<tr>
493	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
494			</tr>
495			<tr>
496	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td>
497	0bd34ed6	Scott Ullrich	</tr>
498			<tr>
499	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("IP address"); ?></td>
500	b5c78501	Seth Mos	<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
501	16457bdd	Renato Botelho	<?=gettext("If you have a second RADIUS server, you can activate it by entering its IP address here."); ?></td>
502	0bd34ed6	Scott Ullrich	</tr>
503			<tr>
504	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Port"); ?></td>
505	b5c78501	Seth Mos	<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
506	0bd34ed6	Scott Ullrich	</tr>
507			<tr>
508	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>  </td>
509	b5c78501	Seth Mos	<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16"
510			value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
511	0bd34ed6	Scott Ullrich	</tr>
512			<tr>
513			<td colspan="2" class="list" height="12"></td>
514			</tr>
515	856e58a6	Scott Ullrich	<tr>
516	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Accounting"); ?></td>
517	856e58a6	Scott Ullrich	</tr>
518			<tr>
519			<td class="vncell"> </td>
520			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
521	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("send RADIUS accounting packets"); ?></strong><br>
522	16457bdd	Renato Botelho	<?=gettext("If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server."); ?></td>
523	856e58a6	Scott Ullrich	</tr>
524			<tr>
525	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting port"); ?></td>
526	b5c78501	Seth Mos	<td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
527	16457bdd	Renato Botelho	<?=gettext("Leave blank to use the default port (1813)."); ?></td>
528	856e58a6	Scott Ullrich	</tr>
529			<tr>
530			<td colspan="2" class="list" height="12"></td>
531			</tr>
532			<tr>
533	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Reauthentication"); ?></td>
534	856e58a6	Scott Ullrich	</tr>
535			<tr>
536			<td class="vncell"> </td>
537			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
538	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br>
539			<?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " .
540	16457bdd	Renato Botelho	"logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td>
541	856e58a6	Scott Ullrich	</tr>
542			<tr>
543	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td>
544	856e58a6	Scott Ullrich	<td class="vtable">
545	6fde5a1e	Carlos Eduardo Ramos	<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> <?=gettext("no accounting updates"); ?><br>
546			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> <?=gettext("stop/start accounting"); ?><br>
547			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> <?=gettext("interim update"); ?>
548	856e58a6	Scott Ullrich	</td>
549			</tr>
550			<tr>
551			<td colspan="2" class="list" height="12"></td>
552			</tr>
553	0bd34ed6	Scott Ullrich	<tr>
554	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("RADIUS MAC authentication"); ?></td>
555	0bd34ed6	Scott Ullrich	</tr>
556			<tr>
557			<td class="vncell"> </td>
558			<td class="vtable">
559	6fde5a1e	Carlos Eduardo Ramos	<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br>
560			<?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " .
561	16457bdd	Renato Botelho	"entered below to the RADIUS server."); ?></td>
562	0bd34ed6	Scott Ullrich	</tr>
563			<tr>
564	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell"><?=gettext("Shared secret"); ?></td>
565	b5c78501	Seth Mos	<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
566	0bd34ed6	Scott Ullrich	</tr>
567			<tr>
568			<td colspan="2" class="list" height="12"></td>
569			</tr>
570			<tr>
571	6fde5a1e	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="optsect_t2"><?=gettext("RADIUS options"); ?></td>
572	0bd34ed6	Scott Ullrich	</tr>
573	cf0542ac	Scott Ullrich
574	822b687b	Ermal	<tr>
575	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Radius ip attribute"); ?></td>
576	822b687b	Ermal	<td>
577			<select name="radiussrcip_attribute" id="radiussrcip_attribute">
578			<?php $iflist = get_configured_interface_with_descr();
579			foreach ($iflist as $ifdesc => $ifdescr) {
580			$ipaddr = get_interface_ip($ifdesc);
581			if (is_ipaddr($ipaddr)) {
582			$selected = "";
583			if ($ipaddr == $pconfig['radiussrcip_attribute'])
584			$ifdesc = "selected";
585			echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n";
586			}
587			}
588	34e9ca60	Ermal	if (is_array($config['virtualip']['vip'])) {
589			foreach ($config['virtualip']['vip'] as $sn) {
590			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
591			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
592			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
593			$len = $end - $start;
594
595			for ($i = 0; $i <= $len; $i++) {
596			$snip = long2ip32($start+$i);
597			echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n";
598			}
599			} else
600			echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n";
601			}
602			}
603	822b687b	Ermal	?>
604			</select><br/>
605	16457bdd	Renato Botelho	<?=gettext("Choose the ip to use for calling station attribute."); ?>
606	822b687b	Ermal	</td>
607			</tr>
608
609	0bd34ed6	Scott Ullrich	<tr>
610	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Session-Timeout"); ?></td>
611			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong><?=gettext("Use RADIUS Session-Timeout attributes"); ?></strong><br>
612	16457bdd	Renato Botelho	<?=gettext("When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute."); ?></td>
613	0bd34ed6	Scott Ullrich	</tr>
614	cf0542ac	Scott Ullrich
615	0bd34ed6	Scott Ullrich	<tr>
616	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("Type"); ?></td>
617	0bd34ed6	Scott Ullrich	<td class="vtable"><select name="radiusvendor" id="radiusvendor">
618	6fde5a1e	Carlos Eduardo Ramos	<option><?=gettext("default"); ?></option>
619	a5c0b6c7	Scott Ullrich	<?php
620	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
621			foreach ($radiusvendors as $radiusvendor){
622			if ($pconfig['radiusvendor'] == $radiusvendor)
623			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
624			else
625			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
626			}
627			?></select><br>
628	3b7f0f53	Erik Fonnesbeck	<?php printf(gettext("If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and " .
629			"the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = %s's WAN IP address."),
630	16457bdd	Renato Botelho	$g['product_name']);?></td>
631	0bd34ed6	Scott Ullrich	</tr>
632			</table>
633	5b237745	Scott Ullrich	</tr>
634	d11c1f93	sullrich	<tr>
635	6fde5a1e	Carlos Eduardo Ramos	<td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td>
636	d11c1f93	sullrich	<td class="vtable">
637			<select name="radmac_format" id="radmac_format">
638	6fde5a1e	Carlos Eduardo Ramos	<option><?=gettext("default"); ?></option>
639	d11c1f93	sullrich	<?php
640	6fde5a1e	Carlos Eduardo Ramos	$macformats = array(gettext("singledash"),gettext("ietf"),gettext("cisco"),gettext("unformatted"));
641	d11c1f93	sullrich	foreach ($macformats as $macformat) {
642			if ($pconfig['radmac_format'] == $macformat)
643			echo "<option selected value=\"$macformat\">$macformat</option>\n";
644			else
645			echo "<option value=\"$macformat\">$macformat</option>\n";
646			}
647			?>
648			</select></br>
649	60f13e63	Carlos Eduardo Ramos	<?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?>
650	16457bdd	Renato Botelho	<?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br>
651			<?=gettext("default:"); ?> 00:11:22:33:44:55<br>
652			<?=gettext("singledash:"); ?> 001122-334455<br>
653			<?=gettext("ietf:"); ?> 00-11-22-33-44-55<br>
654			<?=gettext("cisco:"); ?> 0011.2233.4455<br>
655			<?=gettext("unformatted:"); ?> 001122334455
656	d11c1f93	sullrich	</tr>
657	5b237745	Scott Ullrich	<tr>
658	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td>
659	5b237745	Scott Ullrich	<td class="vtable">
660	c980716e	Scott Ullrich	<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
661	6fde5a1e	Carlos Eduardo Ramos	<strong><?=gettext("Enable HTTPS login"); ?></strong><br>
662	16457bdd	Renato Botelho	<?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below."); ?></td>
663	5b237745	Scott Ullrich	</tr>
664			<tr>
665	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td>
666	5b237745	Scott Ullrich	<td class="vtable">
667	b5c78501	Seth Mos	<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
668	3b7f0f53	Erik Fonnesbeck	<?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td>
669	5b237745	Scott Ullrich	</tr>
670			<tr>
671	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS certificate"); ?></td>
672	5b237745	Scott Ullrich	<td class="vtable">
673			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
674			<br>
675	16457bdd	Renato Botelho	<?=gettext("Paste a signed certificate in X.509 PEM format here."); ?></td>
676	5b237745	Scott Ullrich	</tr>
677			<tr>
678	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS private key"); ?></td>
679	5b237745	Scott Ullrich	<td class="vtable">
680			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
681			<br>
682	16457bdd	Renato Botelho	<?=gettext("Paste an RSA private key in PEM format here."); ?></td>
683	5b237745	Scott Ullrich	</tr>
684	c6e1b0f5	Ermal Lu?i	<tr>
685	6fde5a1e	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("HTTPS intermediate certificate"); ?></td>
686	c6e1b0f5	Ermal Lu?i	<td class="vtable">
687			<textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea>
688			<br>
689	16457bdd	Renato Botelho	<?=gettext("Paste a certificate in X.509 PEM format here."); ?></td>
690	c6e1b0f5	Ermal Lu?i	</tr>
691	a5c0b6c7	Scott Ullrich	<tr>
692	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Portal page contents"); ?></td>
693	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
694	b5c78501	Seth Mos	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
695	16f5fe76	Scott Ullrich	<?php
696			list($host) = explode(":", $_SERVER['HTTP_HOST']);
697			if(isset($config['captiveportal']['httpslogin'])) {
698			$href = "https://$host:8001";
699			} else {
700			$href = "http://$host:8000";
701	a5c0b6c7	Scott Ullrich	}
702	16f5fe76	Scott Ullrich	?>
703	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['htmltext']): ?>
704	6fde5a1e	Carlos Eduardo Ramos	<a href="<?=$href?>" target="_new"><?=gettext("View current page"); ?></a>
705	5b237745	Scott Ullrich	<br>
706			<br>
707			<?php endif; ?>
708	3b7f0f53	Erik Fonnesbeck	<?php
709	16457bdd	Renato Botelho	printf(
710	3b7f0f53	Erik Fonnesbeck	gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' .
711			'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' .
712			'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'),
713	16457bdd	Renato Botelho	""{$PORTAL_ACTION}"",
714			"name="accept"",
715			"name="redirurl"",
716			"value="{$PORTAL_REDIRURL}"",
717			""auth_user"",
718			""auth_pass"",
719			""auth_voucher"");
720			?>
721			<?=gettext("Example code for the form:"); ?><br>
722	5b237745	Scott Ullrich	<br>
723			<tt><form method="post" action="$PORTAL_ACTION$"><br>
724			<input name="auth_user" type="text"><br>
725			<input name="auth_pass" type="password"><br>
726	336e3c1c	Charlie	<input name="auth_voucher" type="text"><br>
727	5b237745	Scott Ullrich	<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
728			<input name="accept" type="submit" value="Continue"><br>
729			</form></tt></td>
730			</tr>
731			<tr>
732	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?><br>
733			<?=gettext("error page"); ?><br>
734			<?=gettext("contents"); ?></td>
735	5b237745	Scott Ullrich	<td class="vtable">
736	b5c78501	Seth Mos	<input name="errfile" type="file" class="formfld file" id="errfile"><br>
737	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['errtext']): ?>
738	6fde5a1e	Carlos Eduardo Ramos	<a href="?act=viewerrhtml" target="_blank"><?=gettext("View current page"); ?></a>
739	5b237745	Scott Ullrich	<br>
740			<br>
741			<?php endif; ?>
742	6fde5a1e	Carlos Eduardo Ramos	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " .
743	16457bdd	Renato Botelho	"You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td>
744	5b87b24e	Ermal	</tr>
745			<tr>
746	6fde5a1e	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Logout"); ?><br>
747			<?=gettext("page"); ?><br>
748			<?=gettext("contents"); ?></td>
749	5b87b24e	Ermal	<td class="vtable">
750			<input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
751			<?php if ($config['captiveportal']['page']['logouttext']): ?>
752	6fde5a1e	Carlos Eduardo Ramos	<a href="?act=viewlogouthtml" target="_blank"><?=gettext("View current page"); ?></a>
753	5b87b24e	Ermal	<br>
754			<br>
755			<?php endif; ?>
756	a36e98ff	Erik Fonnesbeck	<?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?></td>
757	5b237745	Scott Ullrich	</tr>
758	a5c0b6c7	Scott Ullrich	<tr>
759	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
760	a5c0b6c7	Scott Ullrich	<td width="78%">
761	6fde5a1e	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)">
762	5b237745	Scott Ullrich	</td>
763			</tr>
764	a5c0b6c7	Scott Ullrich	<tr>
765	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
766	16457bdd	Renato Botelho	<td width="78%"><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br>
767			</strong></span><?=gettext("Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."); ?> </span></td>
768	5b237745	Scott Ullrich	</tr>
769			</table>
770			</td>
771			</tr>
772			</table>
773			</form>
774			<script language="JavaScript">
775			<!--
776			enable_change(false);
777			//-->
778			</script>
779			<?php include("fend.inc"); ?>
780	93588e1a	Scott Dale	</body>
781			</html>

Project

General

Profile

pfSense