summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-03-20 22:24:53 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-03-20 22:24:53 +0000
commit7faeda46273b8c1bc0b2ded1e5ea95956c90667c (patch)
tree50f14944482af986f4b5fb8363f7ae55172933fd /usr/local
parent3b378be5e864cc2b96a89e168e7dbe4541294040 (diff)
downloadpfsense-7faeda46273b8c1bc0b2ded1e5ea95956c90667c.zip
pfsense-7faeda46273b8c1bc0b2ded1e5ea95956c90667c.tar.gz
Import m0n0wall 1.2b7's captive portal code *WITH* user manager.
And the crowd goes wild.
Diffstat (limited to 'usr/local')
-rwxr-xr-xusr/local/captiveportal/index.php96
-rwxr-xr-xusr/local/www/datetimepicker.js22
-rwxr-xr-xusr/local/www/services_captiveportal.php27
-rwxr-xr-xusr/local/www/services_captiveportal_ip.php1
-rwxr-xr-xusr/local/www/services_captiveportal_mac.php1
-rwxr-xr-xusr/local/www/services_captiveportal_users.php264
6 files changed, 392 insertions, 19 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 497e506..c51c073 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -27,6 +27,10 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
+ This version of index.php has been modified by Rob Parker
+ <rob.parker@keycom.co.uk>. Changes made are in relation to Per-User Bandwidth
+ Management based on returned RADIUS attributes, and are (c) 2004 Keycom PLC.
*/
require("globals.inc");
@@ -59,7 +63,12 @@ if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) {
if ($clientmac && portal_mac_fixed($clientmac)) {
/* punch hole in ipfw for pass thru mac addresses */
- portal_allow($clientip, $clientmac, "unauthenticated");
+ // KEYCOM: passthru mac bandwidth control]
+ if (isset($config['captiveportal']['peruserbw'])) {
+ portal_allow($clientip, $clientmac, "unauthenticated",$config['captiveportal']['bwauthmacup'],$config['captiveportal']['bwauthmacdn']);
+ } else {
+ portal_allow($clientip, $clientmac, "unauthenticated",0,0);
+ }
} else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
@@ -72,14 +81,23 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
$radiusservers[0]['ipaddr'],
$radiusservers[0]['port'],
$radiusservers[0]['key']);
+ $auth_returns = explode("/", $auth_val);
+ $auth_val = $auth_returns[0];
+ $bw_up = $auth_returns[1];
+ $bw_down = $auth_returns[2];
if ($auth_val == 2) {
- $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']);
+ if (isset($config['captiveportal']['peruserbw'])) {
+ $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],$bw_up,$bw_down);
+ } else {
+ $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],0,0);
+ }
if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
$auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
$sessionid,
$radiusservers[0]['ipaddr'],
$radiusservers[0]['acctport'],
- $radiusservers[0]['key']);
+ $radiusservers[0]['key'],
+ $clientip);
}
} else {
readfile("{$g['varetc_path']}/captiveportal-error.html");
@@ -88,8 +106,34 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
readfile("{$g['varetc_path']}/captiveportal-error.html");
}
+} else if ($_POST['accept'] && $config['captiveportal']['auth_method']=="local") {
+ //check against local usermanager
+
+ //erase expired accounts
+ if(trim($config['users'][$_POST['auth_user']]['expirationdate'])!="" && strtotime("-1 day")>strtotime($config['users'][$_POST['auth_user']]['expirationdate'])){
+ unset($config['users'][$_POST['auth_user']]);
+ write_config();
+ }
+ if($config['users'][$_POST['auth_user']]['password']==md5($_POST['auth_pass'])){
+ portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0);
+ } else {
+ readfile("{$g['varetc_path']}/captiveportal-error.html");
+ }
} else if ($_POST['accept'] && $clientip) {
- portal_allow($clientip, $clientmac, "unauthenticated");
+ //KEYCOM: authorised up and down bandwidth defaults (set from webgui). If not set, use 128/128
+ if (isset($config['captiveportal']['peruserbw'])) {
+ $bw_up=$config['captiveportal']['bwauthipup'];
+ $bw_down=$config['captiveportal']['bwauthipdn'];
+ if(!isset($bw_up)) {
+ $bw_up=128;
+ }
+ if(!isset($bw_down)) {
+ $bw_down=128;
+ }
+ portal_allow($clientip, $clientmac, "unauthenticated",$bw_up,$bw_down);
+ } else {
+ portal_allow($clientip, $clientmac, "unauthenticated",0,0);
+ }
} else if ($_POST['logout_id']) {
disconnect_client($_POST['logout_id']);
echo <<<EOD
@@ -119,7 +163,7 @@ EOD;
if (isset($config['captiveportal']['httpslogin']))
$htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
else
- $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext);
+ $htmltext = str_replace("\$PORTAL_ACTION\$", "", $htmltext);
if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
$redirurl = urldecode($matches[1]);
@@ -153,7 +197,7 @@ function portal_mac_fixed($clientmac) {
return FALSE ;
}
-function portal_allow($clientip,$clientmac,$clientuser) {
+function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) {
global $orig_host, $orig_request, $g, $config;
@@ -175,6 +219,26 @@ function portal_allow($clientip,$clientmac,$clientuser) {
/* add ipfw rules for layer 3 */
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
+
+ /* KEYCOM: add ipfw rules for dummynet based on bw_up and bw_down */
+ //we're just copying them by adding on some and hoping no collision will occur
+ //2000 users would be expecting a bit much from a WAP ;)
+
+ //we're using fixed rule numbers which are 'a step above' the m0n0 ones
+ //this makes sure we always know where our rules are, and taht they are deleted when m0n0's are
+ //they're set so they shouldn't hit anything important, and also so they are in roughly the right position in the fw.
+
+ //of course, we only need to do this if it's enabled in the config
+ if (isset($config['captiveportal']['peruserbw'])) {
+ $up_rule_number = $ruleno + 40500;
+ $down_rule_number = $ruleno + 45500;
+ $lanif = $config['interfaces']['lan']['if'];
+ exec("/sbin/ipfw add $up_rule_number set 4 pipe $up_rule_number ip from $clientip to any via $lanif");
+ exec("/sbin/ipfw add $down_rule_number set 4 pipe $down_rule_number ip from any to $clientip via $lanif");
+ exec("/sbin/ipfw pipe $up_rule_number config bw " . trim($bw_up) . "Kbit/s queue 10");
+ exec("/sbin/ipfw pipe $down_rule_number config bw " . trim($bw_down) . "Kbit/s queue 10");
+ }
+ /* done */
/* add ipfw rules for layer 2 */
if (!isset($config['captiveportal']['nomacfilter'])) {
@@ -209,9 +273,17 @@ function portal_allow($clientip,$clientmac,$clientuser) {
$cpdb[$i][0], // start time
$radiusservers[0]['ipaddr'],
$radiusservers[0]['acctport'],
- $radiusservers[0]['key']);
+ $radiusservers[0]['key'],
+ $clientip);
+ }
+ //KEYCOM: we need to delete +40500 and +45500 as well...
+ //these are the rule numbers we use to control traffic shaping for each logged in user via captive portal
+ mwexec("/sbin/ipfw delete " . $cpdb[$i][1]);
+ //we only need to remove our rules if peruserbw is turned on.
+ if(isset($config['captiveportal']['peruserbw'])) {
+ mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500));
+ mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500));
}
- mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
unset($cpdb[$i]);
break;
}
@@ -385,9 +457,15 @@ function disconnect_client($sessionid) {
$cpdb[$i][0], // start time
$radiusservers[0]['ipaddr'],
$radiusservers[0]['acctport'],
- $radiusservers[0]['key']);
+ $radiusservers[0]['key'],
+ $clientip);
}
+ //again we need to remve +40500 and +45500 as well, if they exist
mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+ if(isset($config['captiveportal']['peruserbw'])) {
+ mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500));
+ mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500));
+ }
unset($cpdb[$i]);
break;
}
diff --git a/usr/local/www/datetimepicker.js b/usr/local/www/datetimepicker.js
index a0f5a9c..c4d585a 100755
--- a/usr/local/www/datetimepicker.js
+++ b/usr/local/www/datetimepicker.js
@@ -30,15 +30,15 @@ var TimeMode=24;//default TimeMode value. 12 or 24
var ShowLongMonth=true;//Show long month name in Calendar header. example: "January".
var ShowMonthYear=true;//Show Month and Year in Calendar header.
-var MonthYearColor="#cc0033";//Font Color of Month and Year in Calendar header.
-var WeekHeadColor="#0099CC";//Background Color in Week header.
-var SundayColor="#6699FF";//Background color of Sunday.
-var SaturdayColor="#CCCCFF";//Background color of Saturday.
+var MonthYearColor="#435370";//Font Color of Month and Year in Calendar header.
+var WeekHeadColor="#777777";//Background Color in Week header.
+var SundayColor="#D9DEE8";//Background color of Sunday.
+var SaturdayColor="#D9DEE8";//Background color of Saturday.
var WeekDayColor="white";//Background color of weekdays.
-var FontColor="blue";//color of font in Calendar day cell.
+var FontColor="black";//color of font in Calendar day cell.
var TodayColor="#FFFF33";//Background color of today.
-var SelDateColor="#FFFF99";//Backgrond color of selected date in textbox.
-var YrSelColor="#cc0033";//color of font of Year selector.
+var SelDateColor="red";//Backgrond color of selected date in textbox.
+var YrSelColor="black";//color of font of Year selector.
var ThemeBg="";//Background image of Calendar window.
//end Configurable parameters
//end Global variable
@@ -118,7 +118,7 @@ function NewCal(pCtrl,pFormat,pShowTime,pTimeMode)
Cal.SetSecond(strSecond);
}
}
- winCal=window.open("","DateTimePicker","toolbar=0,status=0,menubar=0,fullscreen=no,width=195,height=245,resizable=0,top="+cnTop+",left="+cnLeft);
+ winCal=window.open("","DateTimePicker","toolbar=0,status=0,menubar=0,fullscreen=no,width=195,height=200,resizable=0,top="+cnTop+",left="+cnLeft);
docCal=winCal.document;
RenderCal();
}
@@ -137,9 +137,13 @@ function RenderCal()
docCal.open();
docCal.writeln("<html><head><title>"+WindowTitle+"</title>");
docCal.writeln("<script>var winMain=window.opener;</script>");
+ docCal.writeln("<style>");
+ docCal.writeln("body,td,th,input,select {font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;font-size: 11px;}");
+ docCal.writeln("a {text-decoration: none;}");
+ docCal.writeln("</style>");
docCal.writeln("</head><body background='"+ThemeBg+"' link="+FontColor+" vlink="+FontColor+"><form name='Calendar'>");
- vCalHeader="<table border=1 cellpadding=1 cellspacing=1 width='100%' align=\"center\" valign=\"top\">\n";
+ vCalHeader="<table border=1 cellpadding=1 cellspacing=1 align=\"center\" valign=\"top\" bgcolor='#EEEEEE' style=\"border-color:#999999; border-style:solid; border-collapse:collapse\">\n";
//Month Selector
vCalHeader+="<tr>\n<td colspan='7'><table border=0 width='100%' cellpadding=0 cellspacing=0><tr><td align='left'>\n";
vCalHeader+="<select name=\"MonthSelector\" onChange=\"javascript:winMain.Cal.SwitchMth(this.selectedIndex);winMain.RenderCal();\">\n";
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index e86ed35..3185fd2 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -50,6 +50,7 @@ $pconfig['cinterface'] = $config['captiveportal']['interface'];
$pconfig['timeout'] = $config['captiveportal']['timeout'];
$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
$pconfig['enable'] = isset($config['captiveportal']['enable']);
+$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
$pconfig['httpsname'] = $config['captiveportal']['httpsname'];
@@ -128,6 +129,7 @@ if ($_POST) {
$config['captiveportal']['timeout'] = $_POST['timeout'];
$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
+ $config['captiveportal']['auth_method'] = $_POST['auth_method'];
$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
$config['captiveportal']['httpsname'] = $_POST['httpsname'];
@@ -180,9 +182,16 @@ if ($_POST) {
<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
+function auth_method_change() {
+ if (document.iform.auth_method[0].checked == false) {
+ document.iform.logoutwin_enable.checked = 1;
+ } else {
+ document.iform.logoutwin_enable.checked = 0;
+ }
+}
function radacct_change() {
if (document.iform.radacct_enable.checked) {
- document.iform.logoutwin_enable.checked = 1;
+ auth_method_change();
}
}
@@ -198,6 +207,9 @@ function enable_change(enable_change) {
document.iform.radiusport.disabled = endis;
document.iform.radiuskey.disabled = endis;
document.iform.radacct_enable.disabled = endis;
+ document.iform.auth_method[0].disabled = endis;
+ document.iform.auth_method[1].disabled = endis;
+ document.iform.auth_method[2].disabled = endis;
document.iform.httpslogin_enable.disabled = endis;
document.iform.httpsname.disabled = endis;
document.iform.cert.disabled = endis;
@@ -210,6 +222,9 @@ function enable_change(enable_change) {
if (enable_change && document.iform.radacct_enable.checked) {
document.iform.logoutwin_enable.checked = 1;
}
+ if (enable_change && document.iform.auth_method[0].checked == false) {
+ document.iform.logoutwin_enable.checked = 1;
+ }
}
//-->
</script>
@@ -222,6 +237,7 @@ function enable_change(enable_change) {
<li class="tabact">Captive portal</li>
<li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li>
<li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li>
+ <li class="tabinact"><a href="services_captiveportal_users.php">Users</a></li>
</ul>
</td></tr>
<tr>
@@ -318,6 +334,15 @@ to access after they've authenticated.</td>
<td width="22%" valign="top" class="vncell">RADIUS server</td>
<td width="78%" class="vtable">
<table cellpadding="0" cellspacing="0">
+ <td>No Authentication:&nbsp;&nbsp;</td>
+ <td><input name="auth_method" type="radio" id="auth_method" value="none" <?php if($pconfig['auth_method']!="local" || $pconfig['auth_method']!="radius") echo "checked"; ?> onClick="auth_method_change()"></td>
+ </tr>
+ <td>Local <a href="services_captiveportal_users.php">Usermanager</a>:&nbsp;&nbsp;</td>
+ <td><input name="auth_method" type="radio" id="auth_method" value="local" <?php if($pconfig['auth_method']=="local") echo "checked"; ?> onClick="auth_method_change()"></td>
+ </tr>
+ <td>RADIUS Authentication:&nbsp;&nbsp;</td>
+ <td><input name="auth_method" type="radio" id="auth_method" value="radius" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?> onClick="auth_method_change()"></td>
+ </tr>
<tr>
<td>IP address:</td>
<td><input name="radiusip" type="text" class="formfld" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"></td>
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index c648fb3..4c0fbcb 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -92,6 +92,7 @@ if ($_GET['act'] == "del") {
<li class="tabinact1"><a href="services_captiveportal.php">Captive portal</a></li>
<li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li>
<li class="tabact">Allowed IP addresses</li>
+ <li class="tabinact"><a href="services_captiveportal_users.php">Users</a></li>
</ul>
</td></tr>
<tr>
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 67be1b8..58e6a73 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -92,6 +92,7 @@ if ($_GET['act'] == "del") {
<li class="tabinact1"><a href="services_captiveportal.php">Captive portal</a></li>
<li class="tabact">Pass-through MAC</li>
<li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li>
+ <li class="tabinact"><a href="services_captiveportal_users.php">Users</a></li>
</ul>
</td></tr>
<tr>
diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php
new file mode 100755
index 0000000..46b9e17
--- /dev/null
+++ b/usr/local/www/services_captiveportal_users.php
@@ -0,0 +1,264 @@
+#!/usr/local/bin/php
+<?php
+/*
+ services_captiveportal_users.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ Copyright (C) 2005 Pascal Suter <d-monodev@psuter.ch>.
+ All rights reserved.
+ (files was created by Pascal based on the source code of services_captiveportal.php from Manuel)
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+$pgtitle = array("Services", "Captive portal");
+require("guiconfig.inc");
+if(isset($_POST['save'])){
+ //value-checking
+ if(trim($_POST['password1'])!="********" &&
+ trim($_POST['password1'])!="" &&
+ trim($_POST['password1'])!=trim($_POST['password2'])){
+ //passwords are to be changed but don't match
+ $input_errors[]="passwords don't match";
+ }
+ if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") &&
+ (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){
+ //assume password should be left as is if a password is set already.
+ if(!empty($config['users'][$_POST['old_username']]['password'])){
+ $_POST['password1']="********";
+ $_POST['password2']="********";
+ } else {
+ $input_errors[]="password must not be empty";
+ }
+ } else {
+ if(trim($_POST['password1'])!=trim($_POST['password2'])){
+ //passwords are to be changed or set but don't match
+ $input_errors[]="passwords don't match";
+ } else {
+ //check password for invalid characters
+ if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){
+ $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed";
+ //test pw: AZaz_-.@~()&*+§?!$£°%;:
+ }
+ }
+ }
+ if($_POST['username']==""){
+ $input_errors[] = "username must not be empty!";
+ }
+ //check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp
+ //so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim
+ //to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to
+ //MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate
+ if(trim($_POST['expirationdate'])!=""){
+ if(strtotime($_POST['expirationdate'])>0){
+ if(strtotime("-1 day")>strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){
+ $input_errors[] = "selected expiration date lies in the past";
+ } else {
+ //convert from any strtotime compatible date to MM/DD/YYYY
+ $expdate = strtotime($_POST['expirationdate']);
+ $_POST['expirationdate'] = date("m/d/Y",$expdate);
+ }
+ } else {
+ $input_errors[] = "invalid expiration date format, use MM/DD/YYYY instead";
+ }
+ }
+ //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can
+ //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml
+ //could not be parsed anymore!
+ if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){
+ $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed";
+ }
+
+ if(!empty($input_errors)){
+ //there are illegal inputs --> print out error message and show formular again (and fill in all recently entered values
+ //except passwords
+ $_GET['act']="new";
+ $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']);
+ $_GET['username']=$_POST['old_username'];
+ foreach(Array("username","fullname","expirationdate") as $field){
+ $config['users'][$_POST['old_username']][$field]=$_POST[$field];
+ }
+ } else {
+ //all values are okay --> saving changes
+ $_POST['username']=trim($_POST['username']);
+ if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){
+ //change the username (which is used as array-index)
+ $config['users'][$_POST['username']]=$config['users'][$_POST['old_username']];
+ unset($config['users'][$_POST['old_username']]);
+ }
+ foreach(Array('fullname','expirationdate') as $field){
+ $config['users'][$_POST['username']][$field]=trim($_POST[$field]);
+ }
+ if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){
+ $config['users'][$_POST['username']]['password']=md5(trim($_POST['password1']));
+ }
+ write_config();
+ $savemsg=$_POST['username']." successfully saved<br>";
+ }
+} else if ($_GET['act']=="delete" && isset($_GET['username'])){
+ unset($config['users'][$_GET['username']]);
+ write_config();
+ $savemsg=$_GET['username']." successfully deleted<br>";
+}
+//erase expired accounts
+$changed=false;
+if(is_array($config['users'])){
+ foreach($config['users'] as $username => $user){
+ if(trim($user['expirationdate'])!="" && strtotime("-1 day")>strtotime($user['expirationdate']) && empty($input_errors)){
+ unset($config['users'][$username]);
+ $changed=true;
+ $savemsg.="$username has expired --> $username was deleted<br>";
+ }
+ }
+ if($changed){
+ write_config();
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("pfSense webGUI");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<form>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<script language="javascript" type="text/javascript" src="datetimepicker.js">
+//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
+//Script featured on JavaScript Kit (http://www.javascriptkit.com)
+//For this script, visit http://www.javascriptkit.com
+</script>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact1"><a href="services_captiveportal.php">Captive portal</a></li>
+ <li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li>
+ <li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li>
+ <li class="tabact">Users</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+<?php
+if($_GET['act']=="new" || $_GET['act']=="edit"){
+ if($_GET['act']=="edit" && isset($_GET['username'])){
+ $user=$config['users'][$_GET['username']];
+ }
+?>
+ <form action="services_captiveportal_users.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Username</td>
+ <td width="78%" class="vtable">
+ <input name="username" type="text" class="formfld" id="username" size="20" value="<? echo $_GET['username']; ?>">
+ <br>
+ <span class="vexpl">Username to be used</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Password</td>
+ <td width="78%" class="vtable">
+ <input name="password1" type="password" class="formfld" id="password1" size="20" value="<?php echo ($_GET['act']=='edit' ? "********" : "" ); ?>">
+ <br>
+ <span class="vexpl">Password for the user</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">confirm Password</td>
+ <td width="78%" class="vtable">
+ <input name="password2" type="password" class="formfld" id="password2" size="20" value="<?php echo ($_GET['act']=='edit' ? "********" : "" ); ?>">
+ <br>
+ <span class="vexpl">Confirm the above Password</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Full Name</td>
+ <td width="78%" class="vtable">
+ <input name="fullname" type="text" class="formfld" id="fullname" size="20" value="<? echo $user['fullname']; ?>">
+ <br>
+ Full Name of current user, for your own information only</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Expiration Date</td>
+ <td width="78%" class="vtable">
+ <input name="expirationdate" type="text" class="formfld" id="expirationdate" size="10" value="<? echo $user['expirationdate']; ?>">
+ <a href="javascript:NewCal('expirationdate','mmddyyyy')"><img src="cal.gif" width="16" height="16" border="0" alt="Pick a date"></a>
+ <br> <span class="vexpl">enter nothing if account doesnt expire, otherwhise enter the expiration date in us-format: mm/dd/yyyy</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="save" type="submit" class="formbtn" value="Save">
+ <input name="old_username" type="hidden" value="<? echo $_GET['username'];?>">
+ </td>
+ </tr>
+ </table>
+ </form>
+<?php
+} else {
+ echo <<<END
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="35%" class="listhdrr">Username</td>
+ <td width="20%" class="listhdrr">Full Name</td>
+ <td width="35%" class="listhdr">Expires</td>
+ <td width="10%" class="list"></td>
+ </tr>
+END;
+ if(is_array($config['users'])){
+ foreach($config['users'] as $username => $user){
+?>
+ <tr>
+ <td class="listlr">
+ <?php echo $username; ?>&nbsp;
+ </td>
+ <td class="listr">
+ <?php echo $user['fullname']; ?>&nbsp;
+ </td>
+ <td class="listbg">
+ <?php echo $user['expirationdate']; ?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list"> <a href="services_captiveportal_users.php?act=edit&username=<?php echo $username; ?>"><img src="e.gif" width="17" height="17" border="0"></a>
+ &nbsp;<a href="services_captiveportal_users.php?act=delete&username=<?php echo $username; ?>" onclick="return confirm('Do you really want to delete this User?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+<?php
+ }
+ }
+ echo <<<END
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list"> <a href="services_captiveportal_users.php?act=new"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+END;
+}
+?>
+
+ </td>
+ </tr>
+ </table>
+<?php include("fend.inc"); ?>
OpenPOWER on IntegriCloud