/usr/local/www/services_captiveportal.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/services_captiveportal.php @ fd541ad9

1	a5c0b6c7	Scott Ullrich	<?php
2	5b237745	Scott Ullrich	/*
3			services_captiveportal.php
4			part of m0n0wall (http://m0n0.ch/wall)
5	a5c0b6c7	Scott Ullrich
6	0bd34ed6	Scott Ullrich	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
7	5b237745	Scott Ullrich	All rights reserved.
8	a5c0b6c7	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	a5c0b6c7	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	a5c0b6c7	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	a5c0b6c7	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31	0bd34ed6	Scott Ullrich	$pgtitle = "Services:Captive portal";
32	5b237745	Scott Ullrich	require("guiconfig.inc");
33
34			if (!is_array($config['captiveportal'])) {
35			$config['captiveportal'] = array();
36			$config['captiveportal']['page'] = array();
37			$config['captiveportal']['timeout'] = 60;
38			}
39
40			if ($_GET['act'] == "viewhtml") {
41			echo base64_decode($config['captiveportal']['page']['htmltext']);
42			exit;
43			} else if ($_GET['act'] == "viewerrhtml") {
44			echo base64_decode($config['captiveportal']['page']['errtext']);
45			exit;
46			}
47
48			$pconfig['cinterface'] = $config['captiveportal']['interface'];
49	0bd34ed6	Scott Ullrich	$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
50			$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
51	5b237745	Scott Ullrich	$pconfig['timeout'] = $config['captiveportal']['timeout'];
52			$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
53			$pconfig['enable'] = isset($config['captiveportal']['enable']);
54	7faeda46	Scott Ullrich	$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
55	5b237745	Scott Ullrich	$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
56	0bd34ed6	Scott Ullrich	$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
57			$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
58	c980716e	Scott Ullrich	$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
59			$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
60	5b237745	Scott Ullrich	$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
61	8eacf6dd	Scott Ullrich	$pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']);
62	5b237745	Scott Ullrich	$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
63			$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
64			$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
65	7e587bdb	Scott Ullrich	$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
66			$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
67			$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
68	5b237745	Scott Ullrich	$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
69	0bd34ed6	Scott Ullrich	$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
70	5b237745	Scott Ullrich	$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
71			$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
72	0bd34ed6	Scott Ullrich	$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
73	5b237745	Scott Ullrich	$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
74	0bd34ed6	Scott Ullrich	$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
75	5b237745	Scott Ullrich	$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
76			$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
77	0bd34ed6	Scott Ullrich	$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
78			$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
79	cf0542ac	Scott Ullrich
80			//$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
81	5b237745	Scott Ullrich
82			if ($_POST) {
83
84			unset($input_errors);
85			$pconfig = $_POST;
86
87			/* input validation */
88			if ($_POST['enable']) {
89			$reqdfields = explode(" ", "cinterface");
90			$reqdfieldsn = explode(",", "Interface");
91	a5c0b6c7	Scott Ullrich
92	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
93	a5c0b6c7	Scott Ullrich
94	0bd34ed6	Scott Ullrich	/* make sure no interfaces are bridged */
95			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
96			$coptif = &$config['interfaces']['opt' . $i];
97	d2019622	Scott Ullrich	if (isset($coptif['enable']) && $coptif['bridge'] == $pconfig['cinterface']) {
98	89b09672	Scott Ullrich	$input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";
99			break;
100	0bd34ed6	Scott Ullrich	}
101			}
102	a5c0b6c7	Scott Ullrich
103	5b237745	Scott Ullrich	if ($_POST['httpslogin_enable']) {
104			if (!$_POST['cert'] \|\| !$_POST['key']) {
105			$input_errors[] = "Certificate and key must be specified for HTTPS login.";
106			} else {
107			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
108			$input_errors[] = "This certificate does not appear to be valid.";
109			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
110			$input_errors[] = "This key does not appear to be valid.";
111			}
112	a5c0b6c7	Scott Ullrich
113	5b237745	Scott Ullrich	if (!$_POST['httpsname'] \|\| !is_domain($_POST['httpsname'])) {
114			$input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
115			}
116			}
117			}
118	a5c0b6c7	Scott Ullrich
119	5b237745	Scott Ullrich	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) \|\| ($_POST['timeout'] < 1))) {
120			$input_errors[] = "The timeout must be at least 1 minute.";
121			}
122			if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) \|\| ($_POST['idletimeout'] < 1))) {
123			$input_errors[] = "The idle timeout must be at least 1 minute.";
124			}
125			if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
126			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
127			}
128	0bd34ed6	Scott Ullrich	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
129			$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
130			}
131	5b237745	Scott Ullrich	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
132			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
133			}
134	0bd34ed6	Scott Ullrich	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
135			$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
136			}
137	5b237745	Scott Ullrich	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
138	0bd34ed6	Scott Ullrich	$input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
139			}
140			if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) \|\| ($_POST['maxproc'] < 4) \|\| ($_POST['maxproc'] > 100))) {
141			$input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
142			}
143			$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
144			if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) \|\| ($_POST['maxprocperip'] > $mymaxproc))) {
145			$input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
146	5b237745	Scott Ullrich	}
147
148			if (!$input_errors) {
149			$config['captiveportal']['interface'] = $_POST['cinterface'];
150	0bd34ed6	Scott Ullrich	$config['captiveportal']['maxproc'] = $_POST['maxproc'];
151			$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
152	5b237745	Scott Ullrich	$config['captiveportal']['timeout'] = $_POST['timeout'];
153			$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
154	0bd34ed6	Scott Ullrich	$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
155	7faeda46	Scott Ullrich	$config['captiveportal']['auth_method'] = $_POST['auth_method'];
156	0bd34ed6	Scott Ullrich	$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
157			$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
158			$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
159			$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
160	c980716e	Scott Ullrich	$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
161	0bd34ed6	Scott Ullrich	$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
162	5b237745	Scott Ullrich	$config['captiveportal']['httpsname'] = $_POST['httpsname'];
163	7e587bdb	Scott Ullrich	$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
164			$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
165			$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
166	5b237745	Scott Ullrich	$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
167			$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
168	0bd34ed6	Scott Ullrich	$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
169			$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
170			$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
171	5b237745	Scott Ullrich	$config['captiveportal']['redirurl'] = $_POST['redirurl'];
172			$config['captiveportal']['radiusip'] = $_POST['radiusip'];
173	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
174	5b237745	Scott Ullrich	$config['captiveportal']['radiusport'] = $_POST['radiusport'];
175	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
176	5b237745	Scott Ullrich	$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
177			$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
178	0bd34ed6	Scott Ullrich	$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
179			$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
180	cf0542ac	Scott Ullrich	//$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
181	a5c0b6c7	Scott Ullrich
182	5b237745	Scott Ullrich	/* file upload? */
183			if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
184			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
185	c980716e	Scott Ullrich	if (is_uploaded_file($_FILES['errfile']['tmp_name']))
186	5b237745	Scott Ullrich	$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
187	a5c0b6c7	Scott Ullrich
188	5b237745	Scott Ullrich	write_config();
189	a5c0b6c7	Scott Ullrich
190	5b237745	Scott Ullrich	$retval = 0;
191	ea1eac37	Scott Ullrich
192			config_lock();
193			$retval = captiveportal_configure();
194			config_unlock();
195
196	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
197			}
198			}
199	3d4bd975	Scott Ullrich	include("head.inc");
200	5b237745	Scott Ullrich	?>
201	9699028a	Scott Ullrich	<?php include("fbegin.inc"); ?>
202	5b237745	Scott Ullrich	<script language="JavaScript">
203			<!--
204			function enable_change(enable_change) {
205	0bd34ed6	Scott Ullrich	var endis, radius_endis;
206	07bd3f83	Scott Ullrich	endis = !(document.iform.enable.checked \|\| enable_change);
207	0bd34ed6	Scott Ullrich	radius_endis = !((!endis && document.iform.auth_method[2].checked) \|\| enable_change);
208	a5c0b6c7	Scott Ullrich
209	07bd3f83	Scott Ullrich	document.iform.cinterface.disabled = endis;
210	54611f24	Scott Ullrich	//document.iform.maxproc.disabled = endis;
211	422d57b4	Scott Ullrich	document.iform.maxprocperip.disabled = endis;
212	07bd3f83	Scott Ullrich	document.iform.idletimeout.disabled = endis;
213			document.iform.timeout.disabled = endis;
214			document.iform.redirurl.disabled = endis;
215	0bd34ed6	Scott Ullrich	document.iform.radiusip.disabled = radius_endis;
216			document.iform.radiusip2.disabled = radius_endis;
217			document.iform.radiusport.disabled = radius_endis;
218			document.iform.radiusport2.disabled = radius_endis;
219			document.iform.radiuskey.disabled = radius_endis;
220			document.iform.radiuskey2.disabled = radius_endis;
221	856e58a6	Scott Ullrich	document.iform.radacct_enable.disabled = radius_endis;
222	329069c9	Scott Ullrich	//document.iform.peruserbw.disabled = endis;
223			//document.iform.bwdefaultdn.disabled = endis;
224			//document.iform.bwdefaultup.disabled = endis;
225	856e58a6	Scott Ullrich	document.iform.reauthenticate.disabled = radius_endis;
226	7faeda46	Scott Ullrich	document.iform.auth_method[0].disabled = endis;
227			document.iform.auth_method[1].disabled = endis;
228			document.iform.auth_method[2].disabled = endis;
229	0bd34ed6	Scott Ullrich	document.iform.radmac_enable.disabled = radius_endis;
230	07bd3f83	Scott Ullrich	document.iform.httpslogin_enable.disabled = endis;
231			document.iform.httpsname.disabled = endis;
232			document.iform.cert.disabled = endis;
233			document.iform.key.disabled = endis;
234			document.iform.logoutwin_enable.disabled = endis;
235	c980716e	Scott Ullrich	document.iform.nomacfilter.disabled = endis;
236	0bd34ed6	Scott Ullrich	document.iform.noconcurrentlogins.disabled = endis;
237			document.iform.radiusvendor.disabled = radius_endis;
238	cf0542ac	Scott Ullrich	//document.iform.radiussession_timeout.disabled = radius_endis;
239	07bd3f83	Scott Ullrich	document.iform.htmlfile.disabled = endis;
240			document.iform.errfile.disabled = endis;
241	a5c0b6c7	Scott Ullrich
242	856e58a6	Scott Ullrich	document.iform.radiusacctport.disabled = (radius_endis \|\| !document.iform.radacct_enable.checked) && !enable_change;
243	a5c0b6c7	Scott Ullrich
244	856e58a6	Scott Ullrich	document.iform.radmac_secret.disabled = (radius_endis \|\| !document.iform.radmac_enable.checked) && !enable_change;
245	a5c0b6c7	Scott Ullrich
246	0bd34ed6	Scott Ullrich	var reauthenticate_dis = (radius_endis \|\| !document.iform.reauthenticate.checked) && !enable_change;
247	856e58a6	Scott Ullrich	document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
248			document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
249			document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
250	5b237745	Scott Ullrich	}
251			//-->
252			</script>
253	3a23042b	Scott Ullrich	<p class="pgtitle"><?=$pgtitle?></p>
254	55af07f6	Scott Dale	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
255	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
256			<?php if ($savemsg) print_info_box($savemsg); ?>
257			<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
258			<table width="100%" border="0" cellpadding="0" cellspacing="0">
259	9699028a	Scott Ullrich	<tr><td class="tabnavtbl">
260	64b85ffe	Scott Ullrich	<?php
261			$tab_array = array();
262			$tab_array[] = array("Captive portal", true, "services_captiveportal.php");
263			$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
264			$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
265	4e9dc150	Scott Ullrich	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
266	3cf0d3f2	Scott Ullrich	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
267	64b85ffe	Scott Ullrich	display_top_tabs($tab_array);
268	0bd34ed6	Scott Ullrich	?> </td></tr>
269	5b237745	Scott Ullrich	<tr>
270	c980716e	Scott Ullrich	<td class="tabcont">
271			<table width="100%" border="0" cellpadding="6" cellspacing="0">
272	a5c0b6c7	Scott Ullrich	<tr>
273	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
274			<td width="78%" class="vtable">
275			<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
276			<strong>Enable captive portal </strong></td>
277			</tr>
278	a5c0b6c7	Scott Ullrich	<tr>
279	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
280			<td width="78%" class="vtable">
281			<select name="cinterface" class="formfld" id="cinterface">
282	c980716e	Scott Ullrich	<?php $interfaces = array('lan' => 'LAN');
283			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
284			if (isset($config['interfaces']['opt' . $i]['enable']))
285			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
286			}
287			foreach ($interfaces as $iface => $ifacename): ?>
288	a5c0b6c7	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['cinterface']) echo "selected"; ?>>
289	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
290			</option>
291			<?php endforeach; ?>
292			</select> <br>
293			<span class="vexpl">Choose which interface to run the captive portal on.</span></td>
294			</tr>
295	4362e48a	Scott Ullrich	<tr>
296			<td valign="top" class="vncell">Maximum concurrent connections</td>
297			<td class="vtable">
298			<table cellpadding="0" cellspacing="0">
299			<tr>
300			<td><input name="maxprocperip" type="text" class="formfld" id="maxprocperip" size="5" value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> per client IP address (0 = no limit)</td>
301			</tr>
302			</table>
303			This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in
304			to the captive portal, but rather how many users can load the portal page or authenticate at the same time!
305			Default is 4 connections per client IP address, with a total maximum of 16 connections.</td>
306			</tr>
307	5b237745	Scott Ullrich	<tr>
308			<td valign="top" class="vncell">Idle timeout</td>
309			<td class="vtable">
310			<input name="idletimeout" type="text" class="formfld" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
311			minutes<br>
312			Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
313			</tr>
314	a5c0b6c7	Scott Ullrich	<tr>
315	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Hard timeout</td>
316	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
317			<input name="timeout" type="text" class="formfld" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
318	5b237745	Scott Ullrich	minutes<br>
319			Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
320			</tr>
321	a5c0b6c7	Scott Ullrich	<tr>
322	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Logout popup window</td>
323	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
324	5b237745	Scott Ullrich	<input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
325			<strong>Enable logout popup window</strong><br>
326	c980716e	Scott Ullrich	If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.</td>
327	5b237745	Scott Ullrich	</tr>
328			<tr>
329			<td valign="top" class="vncell">Redirection URL</td>
330			<td class="vtable">
331			<input name="redirurl" type="text" class="formfld" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
332			<br>
333			If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
334			to access after they've authenticated.</td>
335			</tr>
336			<tr>
337	0bd34ed6	Scott Ullrich	<td valign="top" class="vncell">Concurrent user logins</td>
338			<td class="vtable">
339			<input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
340			<strong>Disable concurrent logins</strong><br>
341			If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.</td>
342			</tr>
343			<tr>
344	c980716e	Scott Ullrich	<td valign="top" class="vncell">MAC filtering </td>
345			<td class="vtable">
346			<input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
347			<strong>Disable MAC filtering</strong><br>
348	0bd34ed6	Scott Ullrich	If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.
349	9c1e2259	Chris Buechler	This is required when the MAC address of the client cannot be determined (usually because there are routers between <?=$g['product_name']; ?> and the clients).
350	0bd34ed6	Scott Ullrich	If this is enabled, RADIUS MAC authentication cannot be used.</td>
351	7e587bdb	Scott Ullrich	</tr>
352			<tr>
353			<td valign="top" class="vncell">Per-user bandwidth restriction</td>
354			<td class="vtable">
355			<input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
356			<strong>Enable per-user bandwidth restriction</strong><br><br>
357			<table cellpadding="0" cellspacing="0">
358			<tr>
359			<td>Default download</td>
360			<td><input type="text" class="formfld" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> Kbit/s</td>
361			</tr>
362			<tr>
363			<td>Default upload</td>
364			<td><input type="text" class="formfld" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> Kbit/s</td>
365			</tr></table>
366			<br>
367			If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit. You will <strong>need</strong> to enable the traffic shaper for this to be effective.</td>
368			</tr>
369	a5c0b6c7	Scott Ullrich	<tr>
370	c980716e	Scott Ullrich	<td width="22%" valign="top" class="vncell">Authentication</td>
371	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
372	c980716e	Scott Ullrich	<table cellpadding="0" cellspacing="0">
373			<tr>
374	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
375	a5c0b6c7	Scott Ullrich	No authentication</td>
376	c980716e	Scott Ullrich	</tr>
377			<tr>
378	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
379	a5c0b6c7	Scott Ullrich	Local <a href="services_captiveportal_users.php">user manager</a></td>
380	c980716e	Scott Ullrich	</tr>
381			<tr>
382	0bd34ed6	Scott Ullrich	<td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
383	a5c0b6c7	Scott Ullrich	RADIUS authentication</td>
384	c980716e	Scott Ullrich	</tr><tr>
385			<td> </td>
386			<td> </td>
387			</tr>
388			</table>
389	0bd34ed6	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
390	a5c0b6c7	Scott Ullrich	<tr>
391	0bd34ed6	Scott Ullrich	<td colspan="2" valign="top" class="optsect_t2">Primary RADIUS server</td>
392			</tr>
393			<tr>
394			<td class="vncell" valign="top">IP address</td>
395			<td class="vtable"><input name="radiusip" type="text" class="formfld" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
396			Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.</td>
397			</tr>
398			<tr>
399			<td class="vncell" valign="top">Port</td>
400			<td class="vtable"><input name="radiusport" type="text" class="formfld" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
401			Leave this field blank to use the default port (1812).</td>
402			</tr>
403			<tr>
404			<td class="vncell" valign="top">Shared secret  </td>
405			<td class="vtable"><input name="radiuskey" type="text" class="formfld" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
406			Leave this field blank to not use a RADIUS shared secret (not recommended).</td>
407			</tr>
408	a5c0b6c7	Scott Ullrich	<tr>
409	0bd34ed6	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
410			</tr>
411			<tr>
412			<td colspan="2" valign="top" class="optsect_t2">Secondary RADIUS server</td>
413			</tr>
414			<tr>
415			<td class="vncell" valign="top">IP address</td>
416			<td class="vtable"><input name="radiusip2" type="text" class="formfld" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
417			If you have a second RADIUS server, you can activate it by entering its IP address here.</td>
418			</tr>
419			<tr>
420			<td class="vncell" valign="top">Port</td>
421			<td class="vtable"><input name="radiusport2" type="text" class="formfld" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
422			</tr>
423			<tr>
424			<td class="vncell" valign="top">Shared secret  </td>
425			<td class="vtable"><input name="radiuskey2" type="text" class="formfld" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
426			</tr>
427			<tr>
428			<td colspan="2" class="list" height="12"></td>
429			</tr>
430	856e58a6	Scott Ullrich	<tr>
431			<td colspan="2" valign="top" class="optsect_t2">Accounting</td>
432			</tr>
433			<tr>
434			<td class="vncell"> </td>
435			<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
436			<strong>send RADIUS accounting packets</strong><br>
437			If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
438			</tr>
439			<tr>
440			<td class="vncell" valign="top">Accounting port</td>
441			<td class="vtable"><input name="radiusacctport" type="text" class="formfld" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
442			Leave blank to use the default port (1813).</td>
443			</tr>
444			<tr>
445			<td colspan="2" class="list" height="12"></td>
446			</tr>
447			<tr>
448			<td colspan="2" valign="top" class="optsect_t2">Reauthentication</td>
449			</tr>
450			<tr>
451			<td class="vncell"> </td>
452			<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
453			<strong>Reauthenticate connected users every minute</strong><br>
454			If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is
455			logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.</td>
456			</tr>
457			<tr>
458			<td class="vncell" valign="top">Accounting updates</td>
459			<td class="vtable">
460			<input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
461			<input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
462			<input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update
463			</td>
464			</tr>
465			<tr>
466			<td colspan="2" class="list" height="12"></td>
467			</tr>
468	0bd34ed6	Scott Ullrich	<tr>
469			<td colspan="2" valign="top" class="optsect_t2">RADIUS MAC authentication</td>
470			</tr>
471			<tr>
472			<td class="vncell"> </td>
473			<td class="vtable">
474			<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong>Enable RADIUS MAC authentication</strong><br>
475			If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password
476			entered below to the RADIUS server.</td>
477			</tr>
478			<tr>
479			<td class="vncell">Shared secret</td>
480			<td class="vtable"><input name="radmac_secret" type="text" class="formfld" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
481			</tr>
482			<tr>
483			<td colspan="2" class="list" height="12"></td>
484			</tr>
485			<tr>
486			<td colspan="2" valign="top" class="optsect_t2">RADIUS options</td>
487			</tr>
488	cf0542ac	Scott Ullrich
489			<!--
490	0bd34ed6	Scott Ullrich	<tr>
491			<td class="vncell" valign="top">Session-Timeout</td>
492			<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong>Use RADIUS Session-Timeout attributes</strong><br>
493			When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.</td>
494			</tr>
495	cf0542ac	Scott Ullrich	-->
496
497	0bd34ed6	Scott Ullrich	<tr>
498			<td class="vncell" valign="top">Type</td>
499			<td class="vtable"><select name="radiusvendor" id="radiusvendor">
500			<option>default</option>
501	a5c0b6c7	Scott Ullrich	<?php
502	0bd34ed6	Scott Ullrich	$radiusvendors = array("cisco");
503			foreach ($radiusvendors as $radiusvendor){
504			if ($pconfig['radiusvendor'] == $radiusvendor)
505			echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
506			else
507			echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
508			}
509			?></select><br>
510			If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and
511	9c1e2259	Chris Buechler	the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name'];?>'s WAN IP address.</td>
512	0bd34ed6	Scott Ullrich	</tr>
513			</table>
514	5b237745	Scott Ullrich	</tr>
515			<tr>
516			<td valign="top" class="vncell">HTTPS login</td>
517			<td class="vtable">
518	c980716e	Scott Ullrich	<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
519	5b237745	Scott Ullrich	<strong>Enable HTTPS login</strong><br>
520	0bd34ed6	Scott Ullrich	If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.</td>
521	5b237745	Scott Ullrich	</tr>
522			<tr>
523			<td valign="top" class="vncell">HTTPS server name </td>
524			<td class="vtable">
525			<input name="httpsname" type="text" class="formfld" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
526	9c1e2259	Chris Buechler	This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on <?=$g['product_name'];?>.. </td>
527	5b237745	Scott Ullrich	</tr>
528			<tr>
529			<td valign="top" class="vncell">HTTPS certificate</td>
530			<td class="vtable">
531			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
532			<br>
533	9699028a	Scott Ullrich	Paste a signed certificate in X.509 PEM format here.</td>
534	5b237745	Scott Ullrich	</tr>
535			<tr>
536			<td valign="top" class="vncell">HTTPS private key</td>
537			<td class="vtable">
538			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
539			<br>
540			Paste an RSA private key in PEM format here.</td>
541			</tr>
542	a5c0b6c7	Scott Ullrich	<tr>
543	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Portal page contents</td>
544	a5c0b6c7	Scott Ullrich	<td width="78%" class="vtable">
545	9699028a	Scott Ullrich	<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld" id="htmlfile"><br>
546	16f5fe76	Scott Ullrich	<?php
547			list($host) = explode(":", $_SERVER['HTTP_HOST']);
548			if(isset($config['captiveportal']['httpslogin'])) {
549			$href = "https://$host:8001";
550			} else {
551			$href = "http://$host:8000";
552	a5c0b6c7	Scott Ullrich	}
553	16f5fe76	Scott Ullrich	?>
554	5b237745	Scott Ullrich	<?php if ($config['captiveportal']['page']['htmltext']): ?>
555	a5c0b6c7	Scott Ullrich	<a href="<?=$href?>" target="_new">View current page</a>
556	5b237745	Scott Ullrich	<br>
557			<br>
558			<?php endif; ?>
559			Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$")
560	0bd34ed6	Scott Ullrich	with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$".
561			Include the "auth_user" and "auth_pass" input fields if authentication is enabled, otherwise it will always fail.
562			Example code for the form:<br>
563	5b237745	Scott Ullrich	<br>
564			<tt><form method="post" action="$PORTAL_ACTION$"><br>
565			<input name="auth_user" type="text"><br>
566			<input name="auth_pass" type="password"><br>
567			<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br>
568			<input name="accept" type="submit" value="Continue"><br>
569			</form></tt></td>
570			</tr>
571			<tr>
572			<td width="22%" valign="top" class="vncell">Authentication<br>
573			error page<br>
574			contents</td>
575			<td class="vtable">
576			<input name="errfile" type="file" class="formfld" id="errfile"><br>
577			<?php if ($config['captiveportal']['page']['errtext']): ?>
578	a5c0b6c7	Scott Ullrich	<a href="?act=viewerrhtml" target="_blank">View current page</a>
579	5b237745	Scott Ullrich	<br>
580			<br>
581			<?php endif; ?>
582	0bd34ed6	Scott Ullrich	The contents of the HTML file that you upload here are displayed when an authentication error occurs.
583			You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
584	5b237745	Scott Ullrich	</tr>
585	a5c0b6c7	Scott Ullrich	<tr>
586	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
587	a5c0b6c7	Scott Ullrich	<td width="78%">
588			<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
589	5b237745	Scott Ullrich	</td>
590			</tr>
591	a5c0b6c7	Scott Ullrich	<tr>
592	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
593			<td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
594	c980716e	Scott Ullrich	</strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
595	5b237745	Scott Ullrich	</tr>
596			</table>
597			</td>
598			</tr>
599			</table>
600			</form>
601			<script language="JavaScript">
602			<!--
603			enable_change(false);
604			//-->
605			</script>
606			<?php include("fend.inc"); ?>
607	55af07f6	Scott Dale	</body>
608			</html>

Project

General

Profile

pfSense