15 files changed, 161 insertions, 375 deletions
diff --git a/cf/conf/config.xml b/cf/conf/config.xml
index 7a8ddf4..fc2862e 100644
--- a/cf/conf/config.xml
+++ b/cf/conf/config.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!-- pfSense default system configuration -->
 <pfsense>
-	<version>5.6</version>
+	<version>5.7</version>
 	<lastchange></lastchange>
 	<theme>nervecenter</theme>
 	<sysctl>
diff --git a/conf.default/config.xml b/conf.default/config.xml
index a543b47..76967fc 100644
--- a/conf.default/config.xml
+++ b/conf.default/config.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!-- pfSense default system configuration -->
 <pfsense>
-	<version>5.6</version>
+	<version>5.7</version>
 	<lastchange></lastchange>
 	<theme>nervecenter</theme>
 	<sysctl>
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index ab04846..f45dbae 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -113,9 +113,21 @@ function local_backed($username, $passwd) {
 	if (!$user)
 		return false;
 
-	$passwd = crypt($passwd, $user['password']);
+	if ($user['password'])
+	{
+		$passwd = crypt($passwd, $user['password']);
+		if ($passwd == $user['password'])
+			return true;
+	}
+
+	if ($user['md5-hash'])
+	{
+		$passwd = md5($passwd);
+		if ($passwd == $user['md5-hash'])
+			return true;
+	}
 
-	return ($passwd == $user['password']);
+	return false;
 }
 
 function local_sync_accounts() {
@@ -366,7 +378,7 @@ function local_group_set($group, $reset = false) {
 
 	if($debug)
 		log_error("Running: {$cmd}");
-	$fd = popen($cmd, "w");
+	$fd = popen($cmd, "w");
 	fwrite($fd, $user['password']);
 	pclose($fd);
 
@@ -882,4 +894,4 @@ function session_auth($backing) {
 	return true;
 }
 
-?>
+?>
diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 7c8597e..026b90f 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -2217,6 +2217,32 @@ endif;
 		$config['version'] = "5.6";
 	}
 
+	/* Convert 5.6 -> 5.7 */
+	if ($config['version'] <= 5.6) {
+
+		/* migrate captivate portal to user manager */
+		if (is_array($config['captiveportal']['user'])) {
+			foreach($config['captiveportal']['user'] as $user) {
+				// avoid user conflicts
+				if ($config['system']['user'][$user['name']])
+					continue;
+				$user['scope'] = "user";
+				if (isset($user['expirationdate'])) {
+					$user['expires'] = $user['expirationdate'];
+					unset($user['expirationdate']);
+				}
+				if (isset($user['password'])) {
+					$user['md5-hash'] = $user['password'];
+					unset($user['password']);
+				}
+				$config['system']['user'][] = $user;
+			}
+			unset($config['captiveportal']['user']);
+		}
+
+		$config['version'] = "5.7";
+	}
+
 	$now = date("H:i:s");
 	log_error("Ended Configuration upgrade at $now");
 
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 66632d9..c8ae12d 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -58,7 +58,7 @@ $g = array(
         "product_website_footer" => "http://www.pfsense.org/?gui20",
 	"product_email" => "coreteam@pfsense.org",
 	"debug" => false,
-	"latest_config" => "5.6",
+	"latest_config" => "5.7",
 	"nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "115",
 	"minimum_ram_warning_text" => "128 megabytes",
diff --git a/etc/rc b/etc/rc
index bfdda55..ef9250e 100755
--- a/etc/rc
+++ b/etc/rc
@@ -294,9 +294,12 @@ rm -f /tmp/filter_dirty
 rm -f /tmp/rc.linkup
 nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status 2>/dev/null &
 
-# Start ping handler for every 240 seconds
+# Start ping handler every 240 seconds
 minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
 
+# Start account expire handler every hour
+minicron 3600 /var/run/expire_accounts.pid /etc/inc/rc.exipireaccounts
+
 chmod a+rw /tmp/.
 
 echo "Bootup complete"
diff --git a/etc/rc.exipireaccounts b/etc/rc.exipireaccounts
new file mode 100755
index 0000000..7a37e91
--- /dev/null
+++ b/etc/rc.exipireaccounts
@@ -0,0 +1,64 @@
+#!/usr/local/bin/php -f
+<?php
+/* $Id$ */
+/*
+	rc.exireaccounts
+	part of pfSense
+	
+	Copyright (C) 2009 Shrew Soft Inc.
+	All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+	require_once("auth.inc");
+
+	$removed = 0;
+	if (!is_array($config['system']['user']))
+		return;
+
+	$count = count($config['system']['user']);
+	$index = 0;
+	for(; $index < $count; $index++) {
+		$user = $config['system']['user'][$index];
+		if($user['scope'] == "system")
+			continue;
+		echo "1\n";
+		echo "User {$user['name']} expires {$user['expires']}\n";
+		if(!$user['expires'])
+			continue;
+		echo "1\n";
+		if(strtotime("-1 day") > strtotime($user['expires'])) {
+			echo "removing user {$user['name']} at index #{$index}\n";
+			unset($config['system']['user'][$index]);
+			$removed++;
+			$count--;
+			$index--;
+		}
+	}
+
+	if($removed > 0)
+		write_config("Expired {$removed} user accounts");
+
+	print_r($config);
+
+?>
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 22384bf..011095a 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -28,6 +28,7 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+require_once("auth.inc");
 require_once("functions.inc");
 
 header("Expires: 0");
@@ -135,33 +136,8 @@ EOD;
 
 } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
 
-    //check against local usermanager
-    $userdb = &$config['captiveportal']['user'];
-
-    $loginok = false;
-
-    //erase expired accounts
-    if (is_array($userdb)) {
-        $moddb = false;
-        for ($i = 0; $i < count($userdb); $i++) {
-            if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) {
-                unset($userdb[$i]);
-                $moddb = true;
-            }
-        }
-        if ($moddb)
-            write_config();
-
-        $userdb = &$config['captiveportal']['user'];
-
-        for ($i = 0; $i < count($userdb); $i++) {
-            if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) {
-                $loginok = true;
-                break;
-            }
-        }
-    }
-
+	//check against local user manager
+	$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
     if ($loginok){
         captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
         portal_allow($clientip, $clientmac,$_POST['auth_user']);
@@ -415,4 +391,4 @@ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1
     captiveportal_unlock();
 }
 
-?>
-\ No newline at end of file
+?>
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index c4345e5..180840d 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -264,7 +264,6 @@ function enable_change(enable_change) {
 	$tab_array[] = array("Captive portal", true, "services_captiveportal.php");
 	$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
 	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
-	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	display_top_tabs($tab_array);
 ?>    </td></tr>
@@ -372,15 +371,15 @@ to access after they've authenticated.</td>
 		<table cellpadding="0" cellspacing="0">
 		<tr>
 		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
-  No authentication</td>
+  No Authentication</td>
 		  </tr>
 		<tr>
 		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
-  Local <a href="services_captiveportal_users.php">user manager</a></td>
+  Local <a href="system_usermanager.php">User Manager</a></td>
 		  </tr>
 		<tr>
 		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
-  RADIUS authentication</td>
+  RADIUS Authentication</td>
 		  </tr><tr>
 		  <td>&nbsp;</td>
 		  <td>&nbsp;</td>
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index e833685..0c1a12c 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -119,7 +119,6 @@ include("head.inc");
 	$tab_array[] = array("Captive portal", false, "services_captiveportal.php");
 	$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
 	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
-	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
 	$tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php");
 	display_top_tabs($tab_array);
 ?>  </td></tr>
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 2a91321..19bbccd 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -92,7 +92,6 @@ include("head.inc");
 	$tab_array[] = array("Captive portal", false, "services_captiveportal.php");
 	$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
 	$tab_array[] = array("Allowed IP addresses", true, "services_captiveportal_ip.php");
-	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	display_top_tabs($tab_array);
 ?>
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index a28ee94..47940c4 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -92,7 +92,6 @@ include("head.inc");
 	$tab_array[] = array("Captive portal", false, "services_captiveportal.php");
 	$tab_array[] = array("Pass-through MAC", true, "services_captiveportal_mac.php");
 	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
-	$tab_array[] = array("Users", false, "services_captiveportal_users.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	display_top_tabs($tab_array);
 ?>
@@ -135,4 +134,4 @@ include("head.inc");
 </form>
 <?php include("fend.inc"); ?>
 </body>
-</html>
-\ No newline at end of file
+</html>
diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php
deleted file mode 100755
index 41ffb24..0000000
--- a/usr/local/www/services_captiveportal_users.php
+++ /dev/null
@@ -1,138 +0,0 @@
-<?php 
-/*
-	services_captiveportal_users.php
-	part of m0n0wall (http://m0n0.ch/wall)
-	
-	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-	All rights reserved.
-	Copyright (C) 2005 Pascal Suter <d-monodev@psuter.ch>.
-	All rights reserved. 
-	(files was created by Pascal based on the source code of services_captiveportal.php from Manuel)
-	
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-	
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-	
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-	
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-##|+PRIV
-##|*IDENT=page-services-captiveportal-users
-##|*NAME=Services: Captive portal: Users page
-##|*DESCR=Allow access to the 'Services: Captive portal: Users' page.
-##|*MATCH=services_captiveportal_users.php*
-##|-PRIV
-
-$pgtitle = array("Services","Captive portal");
-require("guiconfig.inc");
-
-if (!is_array($config['captiveportal']['user'])) {
-	$config['captiveportal']['user'] = array();
-}
-captiveportal_users_sort();
-$a_user = &$config['captiveportal']['user'];
-
-if ($_GET['act'] == "del") {
-	if ($a_user[$_GET['id']]) {
-		unset($a_user[$_GET['id']]);
-		write_config();
-		header("Location: services_captiveportal_users.php");
-		exit;
-	}
-}
-
-//erase expired accounts
-$changed = false;
-for ($i = 0; $i < count($a_user); $i++) {
-	if ($a_user[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($a_user[$i]['expirationdate']))) {
-		unset($a_user[$i]);
-		$changed = true;
-	}
-}
-if ($changed) {
-	write_config();
-	header("Location: services_captiveportal_users.php");
-	exit;
-}
-
-include("head.inc");
-
-?>
-<?php include("fbegin.inc"); ?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-  <tr><td>
-<?php
-	$tab_array = array();
-	$tab_array[] = array("Captive portal", false, "services_captiveportal.php");
-	$tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
-	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
-	$tab_array[] = array("Users", true, "services_captiveportal_users.php");
-	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
-	display_top_tabs($tab_array);
-?>
-  </td></tr>
-  <tr>
-  <td class="tabcont">
-     <table width="100%" border="0" cellpadding="0" cellspacing="0">
-                <tr>
-                  <td width="35%" class="listhdrr">Username</td>
-                  <td width="20%" class="listhdrr">Full name</td>
-                  <td width="35%" class="listhdr">Expires</td>
-                  <td width="10%" class="list">
-			<table border="0" cellspacing="0" cellpadding="1">
-			     <tr>
-				<td width="17" heigth="17"></td>
-				<td><a href="services_captiveportal_users_edit.php"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="add user" width="17" height="17" border="0"></a></td>
-			     </tr>
-			</table>
-		  </td>
-		</tr>
-	<?php $i = 0; foreach($a_user as $userent): ?>
-		<tr>
-                  <td class="listlr">
-                    <?=htmlspecialchars($userent['name']); ?>&nbsp;
-                  </td>
-                  <td class="listr">
-                    <?=htmlspecialchars($userent['fullname']);?>&nbsp;
-                  </td>
-                  <td class="listbg">
-                    <?=$userent['expirationdate']; ?>&nbsp;
-                  </td>
-                  <td valign="middle" nowrap class="list"> <a href="services_captiveportal_users_edit.php?id=<?=$i; ?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_e.gif" title="edit user" width="17" height="17" border="0"></a>
-                     &nbsp;<a href="services_captiveportal_users.php?act=del&id=<?=$i; ?>" onclick="return confirm('Do you really want to delete this user?')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="delete user" width="17" height="17" border="0"></a></td>
-		</tr>
-	<?php $i++; endforeach; ?>
-		<tr> 
-			  <td class="list" colspan="3"></td>
-			  <td class="list">
-				<table border="0" cellspacing="0" cellpadding="1">
-				     <tr>
-					<td width="17" heigth="17"></td>
-					<td><a href="services_captiveportal_users_edit.php"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="add user" width="17" height="17" border="0"></a></td>
-				     </tr>
-				</table>
-			  </td>
-		</tr>
- </table>     
-</td>
-</tr>
-</table>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/services_captiveportal_users_edit.php b/usr/local/www/services_captiveportal_users_edit.php
deleted file mode 100755
index e61b32d..0000000
--- a/usr/local/www/services_captiveportal_users_edit.php
+++ /dev/null
@@ -1,193 +0,0 @@
-<?php 
-/*
-	services_captiveportal_users_edit.php
-	part of m0n0wall (http://m0n0.ch/wall)
-	
-	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-	All rights reserved.
-	Copyright (C) 2005 Pascal Suter <d-monodev@psuter.ch>.
-	All rights reserved. 
-	(files was created by Pascal based on the source code of services_captiveportal.php from Manuel)
-	
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-	
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-	
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-	
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-##|+PRIV
-##|*IDENT=page-services-captiveportal-edituser
-##|*NAME=Services: Captive portal: Edit User page
-##|*DESCR=Allow access to the 'Services: Captive portal: Edit User' page.
-##|*MATCH=services_captiveportal_users_edit.php*
-##|-PRIV
-
-$pgtitle = array("Services","Captive portal","Edit user");
-require("guiconfig.inc");
-
-if (!is_array($config['captiveportal']['user'])) {
-	$config['captiveportal']['user'] = array();
-}
-captiveportal_users_sort();
-$a_user = &$config['captiveportal']['user'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
-
-if (isset($id) && $a_user[$id]) {
-	$pconfig['username'] = $a_user[$id]['name'];
-	$pconfig['fullname'] = $a_user[$id]['fullname'];
-	$pconfig['expirationdate'] = $a_user[$id]['expirationdate'];
-}
-
-if ($_POST) {
-	
-	unset($input_errors);
-	$pconfig = $_POST;
-
-	/* input validation */
-	if (isset($id) && ($a_user[$id])) {
-		$reqdfields = explode(" ", "username");
-		$reqdfieldsn = explode(",", "Username");
-	} else {
-		$reqdfields = explode(" ", "username password");
-		$reqdfieldsn = explode(",", "Username,Password");
-	}
-	
-	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-	
-	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username']))
-		$input_errors[] = "The username contains invalid characters.";
-		
-	if (($_POST['password']) && ($_POST['password'] != $_POST['password2']))
-		$input_errors[] = "The passwords do not match.";
-
-	//check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp
-	//so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim 
-	//to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to 
-	//MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate
-	if ($_POST['expirationdate']){
-		if(strtotime($_POST['expirationdate']) > 0){
-			if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){
-				$input_errors[] = "The expiration date lies in the past.";			
-			} else {
-				//convert from any strtotime compatible date to MM/DD/YYYY
-				$expdate = strtotime($_POST['expirationdate']);
-				$_POST['expirationdate'] = date("m/d/Y",$expdate);
-			}
-		} else {
-			$input_errors[] = "Invalid expiration date format; use MM/DD/YYYY instead.";
-		}
-	}
-	
-	if (!$input_errors && !(isset($id) && $a_user[$id])) {
-		/* make sure there are no dupes */
-		foreach ($a_user as $userent) {
-			if ($userent['name'] == $_POST['username']) {
-				$input_errors[] = "Another entry with the same username already exists.";
-				break;
-			}
-		}
-	}
-	
-	if (!$input_errors) {
-	
-		if (isset($id) && $a_user[$id])
-			$userent = $a_user[$id];
-		
-		$userent['name'] = $_POST['username'];
-		$userent['fullname'] = $_POST['fullname'];
-		$userent['expirationdate'] = $_POST['expirationdate'];
-		
-		if ($_POST['password'])
-			$userent['password'] = md5($_POST['password']);
-		
-		if (isset($id) && $a_user[$id])
-			$a_user[$id] = $userent;
-		else
-			$a_user[] = $userent;
-		
-		write_config();
-		
-		header("Location: services_captiveportal_users.php");
-		exit;
-	}
-}
-
-include("head.inc");
-
-?>
-<?php include("fbegin.inc"); ?>
-<script language="javascript" type="text/javascript" src="/javascript/datetimepicker.js">
-<!--
-//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
-//Script featured on JavaScript Kit (http://www.javascriptkit.com)
-//For this script, visit http://www.javascriptkit.com
-// -->
-</script>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<form action="services_captiveportal_users_edit.php" method="post" name="iform" id="iform">
-  <table width="100%" border="0" cellpadding="6" cellspacing="0">
-	<tr> 
-	  <td width="22%" valign="top" class="vncellreq">Username</td>
-	  <td width="78%" class="vtable"> 
-		<?=$mandfldhtml;?><input name="username" type="text" class="formfld user" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>"> 
-		</td>
-	</tr>
-	<tr> 
-	  <td width="22%" valign="top" class="vncellreq">Password</td>
-	  <td width="78%" class="vtable"> 
-		<?=$mandfldhtml;?><input name="password" type="password" class="formfld pwd" id="password" size="20"><br>
-		<?=$mandfldhtml;?><input name="password2" type="password" class="formfld pwd" id="password2" size="20">
-		&nbsp;(confirmation)<?php if (isset($id) && $a_user[$id]): ?><br>
-        <span class="vexpl">If you want to change the users' password, 
-        enter it here twice.</span><?php endif; ?>
-		</td>
-	</tr>
-	<tr> 
-	  <td width="22%" valign="top" class="vncell">Full name</td>
-	  <td width="78%" class="vtable"> 
-		<input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>">
-		<br>
-		<span class="vexpl">User's full name, for your own information only</span></td>
-	</tr>
-	<tr> 
-	  <td width="22%" valign="top" class="vncell">Expiration date</td>
-	  <td width="78%" class="vtable"> 
-		<input name="expirationdate" type="text" class="formfld unknown" id="expirationdate" size="10" value="<?=$pconfig['expirationdate'];?>">
-		<a href="javascript:NewCal('expirationdate','mmddyyyy')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="Pick a date"></a> 
-		<br> 
-		<span class="vexpl">Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy</span></td>
-	</tr>
-	<tr> 
-	  <td width="22%" valign="top">&nbsp;</td>
-	  <td width="78%"> 
-		<input name="Submit" type="submit" class="formbtn" value="Save"> 
-		<?php if (isset($id) && $a_user[$id]): ?>
-		<input name="id" type="hidden" value="<?=$id;?>">
-		<?php endif; ?>
-	  </td>
-	</tr>
-  </table>
- </form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index b82484a..5c1b48a 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -149,6 +149,7 @@ if (isAllowedPage("system_usermanager")) {
 		if (isset($id) && $a_user[$id]) {
 			$pconfig['usernamefld'] = $a_user[$id]['name'];
 			$pconfig['fullname'] = $a_user[$id]['fullname'];
+			$pconfig['expires'] = $a_user[$id]['expires'];
 			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
 			$pconfig['utype'] = $a_user[$id]['scope'];
 			$pconfig['uid'] = $a_user[$id]['uid'];
@@ -198,6 +199,28 @@ if (isAllowedPage("system_usermanager")) {
 			}
 		}
 
+		/*
+		 * Check for a valid expirationdate if one is set at all (valid means,
+		 * strtotime() puts out a time stamp so any strtotime compatible time
+		 * format may be used. to keep it simple for the enduser, we only
+		 * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
+		 * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
+		 * Otherwhise such an entry would lead to an invalid expiration data.
+		 */
+		if ($_POST['expires']){
+			if(strtotime($_POST['expires']) > 0){
+				if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
+					$input_errors[] = "The expiration date lies in the past.";
+				} else {
+					//convert from any strtotime compatible date to MM/DD/YYYY
+					$expdate = strtotime($_POST['expires']);
+					$_POST['expires'] = date("m/d/Y",$expdate);
+				}
+			} else {
+				$input_errors[] = "Invalid expiration date format; use MM/DD/YYYY instead.";
+			}
+		}
+
 		if (isset($config['system']['ssh']['sshdkeyonly']) && empty($_POST['authorizedkeys']))
 			$input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system.");
 
@@ -224,6 +247,7 @@ if (isAllowedPage("system_usermanager")) {
 
 			$userent['name'] = $_POST['usernamefld'];
 			$userent['fullname'] = $_POST['fullname'];
+			$userent['expires'] = $_POST['expires'];
 			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
 
 			if (isset($id) && $a_user[$id])
@@ -248,6 +272,12 @@ if (isAllowedPage("system_usermanager")) {
 
 <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
 <?php include("fbegin.inc"); ?>
+<!--
+//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
+//Script featured on JavaScript Kit (http://www.javascriptkit.com)
+//For this script, visit http://www.javascriptkit.com
+// -->
+<script language="javascript" type="text/javascript" src="datetimepicker.js"></script>
 <script language="JavaScript">
 <!--
 
@@ -365,6 +395,16 @@ function presubmit() {
 							</td>
 						</tr>
 						<tr>
+							<td width="22%" valign="top" class="vncell">Expiration date</td>
+							<td width="78%" class="vtable">
+								<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=$pconfig['expires'];?>">
+								<a href="javascript:NewCal('expires','mmddyyyy')">
+									<img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="Pick a date">
+								</a>
+								<br>
+								<span class="vexpl">Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy</span></td>
+						</tr>
+						<tr>
 							<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
 							<td width="78%" class="vtable" align="center">
 								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">