diff options
Diffstat (limited to 'usr/local/www')
| -rwxr-xr-x | usr/local/www/datetimepicker.js | 22 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal.php | 27 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_ip.php | 1 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_mac.php | 1 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_users.php | 264 |
5 files changed, 305 insertions, 10 deletions
diff --git a/usr/local/www/datetimepicker.js b/usr/local/www/datetimepicker.js index a0f5a9c..c4d585a 100755 --- a/usr/local/www/datetimepicker.js +++ b/usr/local/www/datetimepicker.js @@ -30,15 +30,15 @@ var TimeMode=24;//default TimeMode value. 12 or 24 var ShowLongMonth=true;//Show long month name in Calendar header. example: "January". var ShowMonthYear=true;//Show Month and Year in Calendar header. -var MonthYearColor="#cc0033";//Font Color of Month and Year in Calendar header. -var WeekHeadColor="#0099CC";//Background Color in Week header. -var SundayColor="#6699FF";//Background color of Sunday. -var SaturdayColor="#CCCCFF";//Background color of Saturday. +var MonthYearColor="#435370";//Font Color of Month and Year in Calendar header. +var WeekHeadColor="#777777";//Background Color in Week header. +var SundayColor="#D9DEE8";//Background color of Sunday. +var SaturdayColor="#D9DEE8";//Background color of Saturday. var WeekDayColor="white";//Background color of weekdays. -var FontColor="blue";//color of font in Calendar day cell. +var FontColor="black";//color of font in Calendar day cell. var TodayColor="#FFFF33";//Background color of today. -var SelDateColor="#FFFF99";//Backgrond color of selected date in textbox. -var YrSelColor="#cc0033";//color of font of Year selector. +var SelDateColor="red";//Backgrond color of selected date in textbox. +var YrSelColor="black";//color of font of Year selector. var ThemeBg="";//Background image of Calendar window. //end Configurable parameters //end Global variable @@ -118,7 +118,7 @@ function NewCal(pCtrl,pFormat,pShowTime,pTimeMode) Cal.SetSecond(strSecond); } } - winCal=window.open("","DateTimePicker","toolbar=0,status=0,menubar=0,fullscreen=no,width=195,height=245,resizable=0,top="+cnTop+",left="+cnLeft); + winCal=window.open("","DateTimePicker","toolbar=0,status=0,menubar=0,fullscreen=no,width=195,height=200,resizable=0,top="+cnTop+",left="+cnLeft); docCal=winCal.document; RenderCal(); } @@ -137,9 +137,13 @@ function RenderCal() docCal.open(); docCal.writeln("<html><head><title>"+WindowTitle+"</title>"); docCal.writeln("<script>var winMain=window.opener;</script>"); + docCal.writeln("<style>"); + docCal.writeln("body,td,th,input,select {font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;font-size: 11px;}"); + docCal.writeln("a {text-decoration: none;}"); + docCal.writeln("</style>"); docCal.writeln("</head><body background='"+ThemeBg+"' link="+FontColor+" vlink="+FontColor+"><form name='Calendar'>"); - vCalHeader="<table border=1 cellpadding=1 cellspacing=1 width='100%' align=\"center\" valign=\"top\">\n"; + vCalHeader="<table border=1 cellpadding=1 cellspacing=1 align=\"center\" valign=\"top\" bgcolor='#EEEEEE' style=\"border-color:#999999; border-style:solid; border-collapse:collapse\">\n"; //Month Selector vCalHeader+="<tr>\n<td colspan='7'><table border=0 width='100%' cellpadding=0 cellspacing=0><tr><td align='left'>\n"; vCalHeader+="<select name=\"MonthSelector\" onChange=\"javascript:winMain.Cal.SwitchMth(this.selectedIndex);winMain.RenderCal();\">\n"; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index e86ed35..3185fd2 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -50,6 +50,7 @@ $pconfig['cinterface'] = $config['captiveportal']['interface']; $pconfig['timeout'] = $config['captiveportal']['timeout']; $pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; $pconfig['enable'] = isset($config['captiveportal']['enable']); +$pconfig['auth_method'] = $config['captiveportal']['auth_method']; $pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); $pconfig['httpsname'] = $config['captiveportal']['httpsname']; @@ -128,6 +129,7 @@ if ($_POST) { $config['captiveportal']['timeout'] = $_POST['timeout']; $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; + $config['captiveportal']['auth_method'] = $_POST['auth_method']; $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false; $config['captiveportal']['httpsname'] = $_POST['httpsname']; @@ -180,9 +182,16 @@ if ($_POST) { <?php include("fbegin.inc"); ?> <script language="JavaScript"> <!-- +function auth_method_change() { + if (document.iform.auth_method[0].checked == false) { + document.iform.logoutwin_enable.checked = 1; + } else { + document.iform.logoutwin_enable.checked = 0; + } +} function radacct_change() { if (document.iform.radacct_enable.checked) { - document.iform.logoutwin_enable.checked = 1; + auth_method_change(); } } @@ -198,6 +207,9 @@ function enable_change(enable_change) { document.iform.radiusport.disabled = endis; document.iform.radiuskey.disabled = endis; document.iform.radacct_enable.disabled = endis; + document.iform.auth_method[0].disabled = endis; + document.iform.auth_method[1].disabled = endis; + document.iform.auth_method[2].disabled = endis; document.iform.httpslogin_enable.disabled = endis; document.iform.httpsname.disabled = endis; document.iform.cert.disabled = endis; @@ -210,6 +222,9 @@ function enable_change(enable_change) { if (enable_change && document.iform.radacct_enable.checked) { document.iform.logoutwin_enable.checked = 1; } + if (enable_change && document.iform.auth_method[0].checked == false) { + document.iform.logoutwin_enable.checked = 1; + } } //--> </script> @@ -222,6 +237,7 @@ function enable_change(enable_change) { <li class="tabact">Captive portal</li> <li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li> <li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li> + <li class="tabinact"><a href="services_captiveportal_users.php">Users</a></li> </ul> </td></tr> <tr> @@ -318,6 +334,15 @@ to access after they've authenticated.</td> <td width="22%" valign="top" class="vncell">RADIUS server</td> <td width="78%" class="vtable"> <table cellpadding="0" cellspacing="0"> + <td>No Authentication: </td> + <td><input name="auth_method" type="radio" id="auth_method" value="none" <?php if($pconfig['auth_method']!="local" || $pconfig['auth_method']!="radius") echo "checked"; ?> onClick="auth_method_change()"></td> + </tr> + <td>Local <a href="services_captiveportal_users.php">Usermanager</a>: </td> + <td><input name="auth_method" type="radio" id="auth_method" value="local" <?php if($pconfig['auth_method']=="local") echo "checked"; ?> onClick="auth_method_change()"></td> + </tr> + <td>RADIUS Authentication: </td> + <td><input name="auth_method" type="radio" id="auth_method" value="radius" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?> onClick="auth_method_change()"></td> + </tr> <tr> <td>IP address:</td> <td><input name="radiusip" type="text" class="formfld" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"></td> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index c648fb3..4c0fbcb 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -92,6 +92,7 @@ if ($_GET['act'] == "del") { <li class="tabinact1"><a href="services_captiveportal.php">Captive portal</a></li> <li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li> <li class="tabact">Allowed IP addresses</li> + <li class="tabinact"><a href="services_captiveportal_users.php">Users</a></li> </ul> </td></tr> <tr> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 67be1b8..58e6a73 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -92,6 +92,7 @@ if ($_GET['act'] == "del") { <li class="tabinact1"><a href="services_captiveportal.php">Captive portal</a></li> <li class="tabact">Pass-through MAC</li> <li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li> + <li class="tabinact"><a href="services_captiveportal_users.php">Users</a></li> </ul> </td></tr> <tr> diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php new file mode 100755 index 0000000..46b9e17 --- /dev/null +++ b/usr/local/www/services_captiveportal_users.php @@ -0,0 +1,264 @@ +#!/usr/local/bin/php +<?php +/* + services_captiveportal_users.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + Copyright (C) 2005 Pascal Suter <d-monodev@psuter.ch>. + All rights reserved. + (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pgtitle = array("Services", "Captive portal"); +require("guiconfig.inc"); +if(isset($_POST['save'])){ + //value-checking + if(trim($_POST['password1'])!="********" && + trim($_POST['password1'])!="" && + trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed but don't match + $input_errors[]="passwords don't match"; + } + if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") && + (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){ + //assume password should be left as is if a password is set already. + if(!empty($config['users'][$_POST['old_username']]['password'])){ + $_POST['password1']="********"; + $_POST['password2']="********"; + } else { + $input_errors[]="password must not be empty"; + } + } else { + if(trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed or set but don't match + $input_errors[]="passwords don't match"; + } else { + //check password for invalid characters + if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){ + $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed"; + //test pw: AZaz_-.@~()&*+§?!$£°%;: + } + } + } + if($_POST['username']==""){ + $input_errors[] = "username must not be empty!"; + } + //check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp + //so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim + //to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to + //MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate + if(trim($_POST['expirationdate'])!=""){ + if(strtotime($_POST['expirationdate'])>0){ + if(strtotime("-1 day")>strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){ + $input_errors[] = "selected expiration date lies in the past"; + } else { + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expirationdate']); + $_POST['expirationdate'] = date("m/d/Y",$expdate); + } + } else { + $input_errors[] = "invalid expiration date format, use MM/DD/YYYY instead"; + } + } + //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can + //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml + //could not be parsed anymore! + if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){ + $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; + } + + if(!empty($input_errors)){ + //there are illegal inputs --> print out error message and show formular again (and fill in all recently entered values + //except passwords + $_GET['act']="new"; + $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); + $_GET['username']=$_POST['old_username']; + foreach(Array("username","fullname","expirationdate") as $field){ + $config['users'][$_POST['old_username']][$field]=$_POST[$field]; + } + } else { + //all values are okay --> saving changes + $_POST['username']=trim($_POST['username']); + if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ + //change the username (which is used as array-index) + $config['users'][$_POST['username']]=$config['users'][$_POST['old_username']]; + unset($config['users'][$_POST['old_username']]); + } + foreach(Array('fullname','expirationdate') as $field){ + $config['users'][$_POST['username']][$field]=trim($_POST[$field]); + } + if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ + $config['users'][$_POST['username']]['password']=md5(trim($_POST['password1'])); + } + write_config(); + $savemsg=$_POST['username']." successfully saved<br>"; + } +} else if ($_GET['act']=="delete" && isset($_GET['username'])){ + unset($config['users'][$_GET['username']]); + write_config(); + $savemsg=$_GET['username']." successfully deleted<br>"; +} +//erase expired accounts +$changed=false; +if(is_array($config['users'])){ + foreach($config['users'] as $username => $user){ + if(trim($user['expirationdate'])!="" && strtotime("-1 day")>strtotime($user['expirationdate']) && empty($input_errors)){ + unset($config['users'][$username]); + $changed=true; + $savemsg.="$username has expired --> $username was deleted<br>"; + } + } + if($changed){ + write_config(); + } +} + +?> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head> +<title><?=gentitle("pfSense webGUI");?></title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<link href="gui.css" rel="stylesheet" type="text/css"> +</head> + +<form> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<script language="javascript" type="text/javascript" src="datetimepicker.js"> +//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com +//Script featured on JavaScript Kit (http://www.javascriptkit.com) +//For this script, visit http://www.javascriptkit.com +</script> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <ul id="tabnav"> + <li class="tabinact1"><a href="services_captiveportal.php">Captive portal</a></li> + <li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li> + <li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li> + <li class="tabact">Users</li> + </ul> + </td></tr> + <tr> + <td class="tabcont"> +<?php +if($_GET['act']=="new" || $_GET['act']=="edit"){ + if($_GET['act']=="edit" && isset($_GET['username'])){ + $user=$config['users'][$_GET['username']]; + } +?> + <form action="services_captiveportal_users.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Username</td> + <td width="78%" class="vtable"> + <input name="username" type="text" class="formfld" id="username" size="20" value="<? echo $_GET['username']; ?>"> + <br> + <span class="vexpl">Username to be used</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Password</td> + <td width="78%" class="vtable"> + <input name="password1" type="password" class="formfld" id="password1" size="20" value="<?php echo ($_GET['act']=='edit' ? "********" : "" ); ?>"> + <br> + <span class="vexpl">Password for the user</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">confirm Password</td> + <td width="78%" class="vtable"> + <input name="password2" type="password" class="formfld" id="password2" size="20" value="<?php echo ($_GET['act']=='edit' ? "********" : "" ); ?>"> + <br> + <span class="vexpl">Confirm the above Password</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Full Name</td> + <td width="78%" class="vtable"> + <input name="fullname" type="text" class="formfld" id="fullname" size="20" value="<? echo $user['fullname']; ?>"> + <br> + Full Name of current user, for your own information only</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Expiration Date</td> + <td width="78%" class="vtable"> + <input name="expirationdate" type="text" class="formfld" id="expirationdate" size="10" value="<? echo $user['expirationdate']; ?>"> + <a href="javascript:NewCal('expirationdate','mmddyyyy')"><img src="cal.gif" width="16" height="16" border="0" alt="Pick a date"></a> + <br> <span class="vexpl">enter nothing if account doesnt expire, otherwhise enter the expiration date in us-format: mm/dd/yyyy</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="Save"> + <input name="old_username" type="hidden" value="<? echo $_GET['username'];?>"> + </td> + </tr> + </table> + </form> +<?php +} else { + echo <<<END + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="35%" class="listhdrr">Username</td> + <td width="20%" class="listhdrr">Full Name</td> + <td width="35%" class="listhdr">Expires</td> + <td width="10%" class="list"></td> + </tr> +END; + if(is_array($config['users'])){ + foreach($config['users'] as $username => $user){ +?> + <tr> + <td class="listlr"> + <?php echo $username; ?> + </td> + <td class="listr"> + <?php echo $user['fullname']; ?> + </td> + <td class="listbg"> + <?php echo $user['expirationdate']; ?> + </td> + <td valign="middle" nowrap class="list"> <a href="services_captiveportal_users.php?act=edit&username=<?php echo $username; ?>"><img src="e.gif" width="17" height="17" border="0"></a> + <a href="services_captiveportal_users.php?act=delete&username=<?php echo $username; ?>" onclick="return confirm('Do you really want to delete this User?')"><img src="x.gif" width="17" height="17" border="0"></a></td> + </tr> +<?php + } + } + echo <<<END + <tr> + <td class="list" colspan="3"></td> + <td class="list"> <a href="services_captiveportal_users.php?act=new"><img src="plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> +END; +} +?> + + </td> + </tr> + </table> +<?php include("fend.inc"); ?> |
