diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-26 15:12:02 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-26 15:12:02 -0300 |
commit | 03b19a93f4d8d870507ee96121cee4acd748dd2a (patch) | |
tree | 71a34e9e7e73d13de21cb4ad831799fb10c30df4 /src/usr/local/www/services_captiveportal_ip_edit.php | |
parent | 7f410a121522c5d0e2660256ae50c1fde1df3645 (diff) | |
parent | 30ce58ac1ea27b758d5112cb5a3b190c9760f010 (diff) | |
download | pfsense-03b19a93f4d8d870507ee96121cee4acd748dd2a.zip pfsense-03b19a93f4d8d870507ee96121cee4acd748dd2a.tar.gz |
Merge branch 'master' into bootstrap
Diffstat (limited to 'src/usr/local/www/services_captiveportal_ip_edit.php')
-rw-r--r-- | src/usr/local/www/services_captiveportal_ip_edit.php | 263 |
1 files changed, 263 insertions, 0 deletions
diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php new file mode 100644 index 0000000..0db6df5 --- /dev/null +++ b/src/usr/local/www/services_captiveportal_ip_edit.php @@ -0,0 +1,263 @@ +<?php +/* + services_captiveportal_ip_edit.php + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + Copyright (C) 2011 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + + Originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: /sbin/ipfw + pfSense_MODULE: captiveportal +*/ + +##|+PRIV +##|*IDENT=page-services-captiveportal-editallowedips +##|*NAME=Services: Captive portal: Edit Allowed IPs page +##|*DESCR=Allow access to the 'Services: Captive portal: Edit Allowed IPs' page. +##|*MATCH=services_captiveportal_ip_edit.php* +##|-PRIV + +function allowedipscmp($a, $b) { + return strcmp($a['ip'], $b['ip']); +} + +function allowedips_sort() { + global $g, $config, $cpzone; + + usort($config['captiveportal'][$cpzone]['allowedip'], "allowedipscmp"); +} + +require("guiconfig.inc"); +require("functions.inc"); +require_once("filter.inc"); +require("shaper.inc"); +require("captiveportal.inc"); + +$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit allowed IP address")); +$shortcut_section = "captiveportal"; + +$cpzone = $_GET['zone']; +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} + +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { + header("Location: services_captiveportal_zones.php"); + exit; +} + +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} +$a_cp =& $config['captiveportal']; + +if (is_numericint($_GET['id'])) { + $id = $_GET['id']; +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { + $id = $_POST['id']; +} + +if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) { + $config['captiveportal'][$cpzone]['allowedip'] = array(); +} +$a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; + +if (isset($id) && $a_allowedips[$id]) { + $pconfig['ip'] = $a_allowedips[$id]['ip']; + $pconfig['sn'] = $a_allowedips[$id]['sn']; + $pconfig['bw_up'] = $a_allowedips[$id]['bw_up']; + $pconfig['bw_down'] = $a_allowedips[$id]['bw_down']; + $pconfig['descr'] = $a_allowedips[$id]['descr']; +} + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ip sn"); + $reqdfieldsn = array(gettext("Allowed IP address"), gettext("Subnet mask")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) { + $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['ip']); + } + + if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32))) { + $input_errors[] = gettext("A valid subnet mask must be specified"); + } + + if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { + $input_errors[] = gettext("Upload speed needs to be an integer"); + } + + if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { + $input_errors[] = gettext("Download speed needs to be an integer"); + } + + foreach ($a_allowedips as $ipent) { + if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) { + continue; + } + + if ($ipent['ip'] == $_POST['ip']) { + $input_errors[] = sprintf("[%s] %s.", $_POST['ip'], gettext("already allowed")) ; + break ; + } + } + + if (!$input_errors) { + $ip = array(); + $ip['ip'] = $_POST['ip']; + $ip['sn'] = $_POST['sn']; + $ip['descr'] = $_POST['descr']; + if ($_POST['bw_up']) { + $ip['bw_up'] = $_POST['bw_up']; + } + if ($_POST['bw_down']) { + $ip['bw_down'] = $_POST['bw_down']; + } + if (isset($id) && $a_allowedips[$id]) { + $oldip = $a_allowedips[$id]['ip']; + if (!empty($a_allowedips[$id]['sn'])) { + $oldmask = $a_allowedips[$id]['sn']; + } else { + $oldmask = 32; + } + $a_allowedips[$id] = $ip; + } else { + $a_allowedips[] = $ip; + } + + allowedips_sort(); + + write_config(); + + if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) { + $rules = ""; + $cpzoneid = $a_cp[$cpzone]['zoneid']; + unset($ipfw); + if (isset($oldip) && isset($oldmask)) { + $ipfw = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, 3, $oldip); + $rules .= "table 3 delete {$oldip}/{$oldmask}\n"; + $rules .= "table 4 delete {$oldip}/{$oldmask}\n"; + if (is_array($ipfw)) { + $rules .= "pipe delete {$ipfw['dnpipe']}\n"; + $rules .= "pipe delete " . ($ipfw['dnpipe']+1 . "\n"); + } + } + + $rules .= captiveportal_allowedip_configure_entry($ip); + if (is_array($ipfw)) { + captiveportal_free_dn_ruleno($ipfw['dnpipe']); + } + + $uniqid = uniqid("{$cpzone}_allowed"); + @file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/{$uniqid}_tmp"); + @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); + } + + header("Location: services_captiveportal_ip.php?zone={$cpzone}"); + exit; + } +} + +function build_dir_list() { + $dirs = array(gettext("Both"),gettext("From"),gettext("To")); + $dirlist = array(); + + foreach ($dirs as $dir) { + $dirlist[strtolower($dir)] = $dir; + } + + return($dirlist); +} + +include("head.inc"); + +if ($input_errors) + print_input_errors($input_errors); + +require('classes/Form.class.php'); + +$form = new Form(); + +$section = new Form_Section('Edit Captive Portal IP rule'); + +$section->addInput(new Form_IpAddress( + 'ip', + 'IP Address', + $pconfig['ip'] +))->addMask(sn, $pconfig['sn'], 32); + + +$section->addInput(new Form_Select( + 'dir', + 'Direction', + strtolower($pconfig['dir']), + build_dir_list() +))->setHelp('Use "From" to always allow aaccess to an address through the captive portal (without authentication). ' . + 'Use "To" to allow access from all clients (even non-authenticated ones) behind the portal to this Hostname.'); + +$section->addInput(new Form_Input( + 'bw_up', + 'Bandwidth up', + 'text', + $pconfig['bw_up'] +))->setHelp('Enter an upload limit to be enforced on this address in Kbit/s'); + +$section->addInput(new Form_Input( + 'bw_down', + 'Bandwidth down', + 'text', + $pconfig['bw_down'] +))->setHelp('Enter a download limit to be enforced on this address in Kbit/s'); + +$section->addInput(new Form_Input( + 'zone', + null, + 'hidden', + $cpzone +)); + +if (isset($id) && $a_allowedips[$id]) { + $section->addInput(new Form_Input( + 'id', + null, + 'hidden', + $id + )); +} + +$form->add($section); +print($form); + +include("foot.inc");
\ No newline at end of file |