diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-08-21 21:02:14 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-08-21 21:02:14 +0000 |
| commit | 8c1ce6c7c0f232d8ac46b5f38f6671df5583e42d (patch) | |
| tree | d993ec194df18f7c62993a1a2a287568c85f4cc3 /usr/local | |
| parent | 92442757dd0e12e593a5723787fa976735547335 (diff) | |
| download | pfsense-8c1ce6c7c0f232d8ac46b5f38f6671df5583e42d.zip pfsense-8c1ce6c7c0f232d8ac46b5f38f6671df5583e42d.tar.gz | |
Instead of simply bailing leaving the client with a blank screen, output that an error occured and write out to the system log more verbose information for what the problem is. If in the case of a missing mac address, suggest that the user may want to disable mac filtering if they do not need this functionality.
Diffstat (limited to 'usr/local')
| -rwxr-xr-x | usr/local/captiveportal/index.php | 106 |
1 files changed, 55 insertions, 51 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 89166db..788efcf 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -1,21 +1,21 @@ -<?php +<?php /* index.php part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -41,6 +41,8 @@ $clientip = $_SERVER['REMOTE_ADDR']; if (!$clientip) { /* not good - bail out */ + echo "An error occured. Please check the system logs for more information."; + log_error("Captive portal could not deterimine clients ip address."); exit; } @@ -48,6 +50,8 @@ if (!$clientip) { $clientmac = arp_get_mac_by_ip($clientip); if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) { /* unable to find MAC address - shouldn't happen! - bail out */ + echo "An error occured. Please check the system logs for more information."; + log_error("Captive portal could not deterimine clients MAC address. Disable MAC address filtering in captive portal if you do not needs this functionality."); exit; } @@ -59,7 +63,7 @@ if ($clientmac && portal_mac_fixed($clientmac)) { /* authenticate against radius server */ $radiusservers = captiveportal_get_radius_servers(); - + if ($_POST['auth_user'] && $_POST['auth_pass']) { $auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'], $_POST['auth_pass'], @@ -84,7 +88,7 @@ if ($clientmac && portal_mac_fixed($clientmac)) { } else { readfile("{$g['varetc_path']}/captiveportal-error.html"); } - + } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { //check against local usermanager @@ -103,9 +107,9 @@ if ($clientmac && portal_mac_fixed($clientmac)) { } if ($moddb) write_config(); - + $userdb = &$config['captiveportal']['user']; - + for ($i = 0; $i < count($userdb); $i++) { if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) { $loginok = true; @@ -145,27 +149,27 @@ EOD; /* redirect to HTTPS login page */ header("Location: https://{$config['captiveportal']['httpsname']}:8001/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); } else { - + header("Expires: 0"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); - header("Pragma: no-cache"); - + header("Pragma: no-cache"); + /* display captive portal page */ $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html"); - + /* substitute variables */ if (isset($config['captiveportal']['httpslogin'])) $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); else $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext); - + if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) $redirurl = urldecode($matches[1]); else $redirurl = "http://{$orig_host}{$orig_request}"; $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); - + echo $htmltext; } @@ -174,7 +178,7 @@ exit; function portal_mac_fixed($clientmac) { global $g ; - + /* open captive portal mac db */ if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) { $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db","r") ; @@ -191,7 +195,7 @@ function portal_mac_fixed($clientmac) { fclose($fd) ; } return FALSE ; -} +} function portal_allow($clientip,$clientmac,$clientuser,$password = "") { @@ -199,7 +203,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { /* user has accepted AUP - let him in */ portal_lock(); - + /* get next ipfw rule number */ if (file_exists("{$g['vardb_path']}/captiveportal.nextrule")) $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule")); @@ -207,22 +211,22 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { $ruleno = 10000; /* first rule number */ $saved_ruleno = $ruleno; - + /* generate unique session ID */ $tod = gettimeofday(); $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); - + /* add ipfw rules for layer 3 */ exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in"); exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out"); - + /* add ipfw rules for layer 2 */ if (!isset($config['captiveportal']['nomacfilter'])) { $l2ruleno = $ruleno + 10000; exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); } - + /* read in client database */ $cpdb = array(); @@ -232,11 +236,11 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { $line = trim(fgets($fd)) ; if($line) { $cpdb[] = explode(",",$line); - } + } } fclose($fd); } - + $radiusservers = captiveportal_get_radius_servers(); /* find an existing entry and delete it */ @@ -256,7 +260,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { unset($cpdb[$i]); break; } - } + } /* rewrite information to database */ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); @@ -270,7 +274,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser},{$sessionid},{$bpassword}\n") ; fclose($fd); } - + /* write next rule number */ $fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w"); if ($fd) { @@ -280,9 +284,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { fwrite($fd, $ruleno); fclose($fd); } - + portal_unlock(); - + /* redirect user to desired destination */ if ($config['captiveportal']['redirurl']) $redirurl = $config['captiveportal']['redirurl']; @@ -290,14 +294,14 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { $redirurl = $_POST['redirurl']; else $redirurl = "http://{$orig_host}{$orig_request}"; - + if(isset($config['captiveportal']['logoutwin_enable'])) { - + if (isset($config['captiveportal']['httpslogin'])) $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/"; else $logouturl = "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/"; - + echo <<<EOD <HTML> <HEAD><TITLE>Redirecting...</TITLE></HEAD> @@ -331,17 +335,17 @@ document.location.href="{$redirurl}"; EOD; } else { - header("Location: " . $redirurl); + header("Location: " . $redirurl); } - + return $sessionid; } /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - + global $g; - + if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r"); if ($fd) { @@ -355,20 +359,20 @@ function captiveportal_get_radius_servers() { } } fclose($fd); - + return $radiusservers; } } - + return false; } /* lock captive portal information, decide that the lock file is stale after 10 seconds */ function portal_lock() { - + global $lockfile; - + $n = 0; while ($n < 10) { /* open the lock file in append mode to avoid race condition */ @@ -386,9 +390,9 @@ function portal_lock() { /* unlock captive portal information file */ function portal_unlock() { - + global $lockfile; - + if (file_exists($lockfile)) unlink($lockfile); } @@ -397,11 +401,11 @@ function portal_unlock() { by Dinesh Nair */ function disconnect_client($sessionid) { - + global $g, $config; - + portal_lock(); - + /* read database */ $cpdb = array() ; $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); @@ -410,14 +414,14 @@ function disconnect_client($sessionid) { $line = trim(fgets($fd)) ; if($line) { $cpdb[] = explode(",",$line); - } + } } fclose($fd); } - + $radiusservers = captiveportal_get_radius_servers(); - - /* find entry */ + + /* find entry */ for ($i = 0; $i < count($cpdb); $i++) { if ($cpdb[$i][5] == $sessionid) { /* this client needs to be deleted - remove ipfw rules */ @@ -437,7 +441,7 @@ function disconnect_client($sessionid) { break; } } - + /* rewrite information to database */ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); if ($fd) { @@ -446,7 +450,7 @@ function disconnect_client($sessionid) { } fclose($fd); } - + portal_unlock(); } |
