diff options
Diffstat (limited to 'usr/local/www')
31 files changed, 5622 insertions, 4379 deletions
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index a56a6fc..4c3874e 100644 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -44,8 +44,9 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -if (substr($_GET['act'], 0, 3) == "get") +if (substr($_GET['act'], 0, 3) == "get") { $nocsrf = true; +} require_once("guiconfig.inc"); @@ -54,24 +55,27 @@ global $cpzoneid; $cpzoneid = 1; /* Just a default */ $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) +if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } -if (!is_array($config['captiveportal'])) +if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), $a_cp[$cpzone]['zone']); $shortcut_section = "captiveportal"; if ($_GET['act'] == "viewhtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) + if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { echo base64_decode($a_cp[$cpzone]['page']['htmltext']); + } exit; } else if ($_GET['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { $file_data = base64_decode($a_cp[$cpzone]['page']['htmltext']); @@ -89,8 +93,9 @@ if ($_GET['act'] == "viewhtml") { header("Location: services_captiveportal.php?zone={$cpzone}"); exit; } else if ($_GET['act'] == "viewerrhtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) + if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { echo base64_decode($a_cp[$cpzone]['page']['errtext']); + } exit; } else if ($_GET['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { $file_data = base64_decode($a_cp[$cpzone]['page']['errtext']); @@ -108,8 +113,9 @@ if ($_GET['act'] == "viewhtml") { header("Location: services_captiveportal.php?zone={$cpzone}"); exit; } else if ($_GET['act'] == "viewlogouthtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) + if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { echo base64_decode($a_cp[$cpzone]['page']['logouttext']); + } exit; } else if ($_GET['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { $file_data = base64_decode($a_cp[$cpzone]['page']['logouttext']); @@ -128,13 +134,15 @@ if ($_GET['act'] == "viewhtml") { exit; } -if (!is_array($config['ca'])) +if (!is_array($config['ca'])) { $config['ca'] = array(); +} $a_ca =& $config['ca']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert =& $config['cert']; @@ -192,12 +200,15 @@ if ($a_cp[$cpzone]) { $pconfig['reverseacct'] = isset($a_cp[$cpzone]['reverseacct']); $pconfig['radiusnasid'] = $a_cp[$cpzone]['radiusnasid']; $pconfig['page'] = array(); - if ($a_cp[$cpzone]['page']['htmltext']) + if ($a_cp[$cpzone]['page']['htmltext']) { $pconfig['page']['htmltext'] = $a_cp[$cpzone]['page']['htmltext']; - if ($a_cp[$cpzone]['page']['errtext']) + } + if ($a_cp[$cpzone]['page']['errtext']) { $pconfig['page']['errtext'] = $a_cp[$cpzone]['page']['errtext']; - if ($a_cp[$cpzone]['page']['logouttext']) + } + if ($a_cp[$cpzone]['page']['logouttext']) { $pconfig['page']['logouttext'] = $a_cp[$cpzone]['page']['logouttext']; + } } if ($_POST) { @@ -222,12 +233,14 @@ if ($_POST) { /* make sure no interfaces are bridged or used on other zones */ if (is_array($_POST['cinterface'])) { foreach ($pconfig['cinterface'] as $cpbrif) { - if (link_interface_to_bridge($cpbrif)) + if (link_interface_to_bridge($cpbrif)) { $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif); + } foreach ($a_cp as $cpkey => $cp) { if ($cpkey != $cpzone || empty($cpzone)) { - if (in_array($cpbrif, explode(",", $cp['interface']))) + if (in_array($cpbrif, explode(",", $cp['interface']))) { $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is used already on %s instance."), $cpbrif, $cp['zone']); + } } } } @@ -244,21 +257,25 @@ if ($_POST) { } if ($_POST['timeout']) { - if (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1)) + if (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1)) { $input_errors[] = gettext("The timeout must be at least 1 minute."); - else if (isset($config['dhcpd']) && is_array($config['dhcpd'])) { + } else if (isset($config['dhcpd']) && is_array($config['dhcpd'])) { foreach ($config['dhcpd'] as $dhcpd_if => $dhcpd_data) { - if (!isset($dhcpd_data['enable'])) + if (!isset($dhcpd_data['enable'])) { continue; - if (!is_array($_POST['cinterface']) || !in_array($dhcpd_if, $_POST['cinterface'])) + } + if (!is_array($_POST['cinterface']) || !in_array($dhcpd_if, $_POST['cinterface'])) { continue; + } $deftime = 7200; // Default lease time - if (isset($dhcpd_data['defaultleasetime']) && is_numeric($dhcpd_data['defaultleasetime'])) + if (isset($dhcpd_data['defaultleasetime']) && is_numeric($dhcpd_data['defaultleasetime'])) { $deftime = $dhcpd_data['defaultleasetime']; + } - if ($_POST['timeout'] > $deftime) + if ($_POST['timeout'] > $deftime) { $input_errors[] = gettext("Hard timeout must be less or equal Default lease time set on DHCP Server"); + } } } } @@ -312,14 +329,16 @@ if ($_POST) { if (empty($newcp['zoneid'])) { $newcp['zoneid'] = 2; foreach ($a_cp as $keycpzone => $cp) { - if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) - $newcp['zoneid'] += 2; /* Resreve space for SSL config if needed */ + if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) { + $newcp['zoneid'] += 2; /* Reserve space for SSL config if needed */ + } } $cpzoneid = $newcp['zoneid']; } $oldifaces = explode(",", $newcp['interface']); - if (is_array($_POST['cinterface'])) + if (is_array($_POST['cinterface'])) { $newcp['interface'] = implode(",", $_POST['cinterface']); + } $newcp['maxproc'] = $_POST['maxproc']; $newcp['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; $newcp['timeout'] = $_POST['timeout']; @@ -327,10 +346,11 @@ if ($_POST) { $newcp['freelogins_count'] = $_POST['freelogins_count']; $newcp['freelogins_resettimeout'] = $_POST['freelogins_resettimeout']; $newcp['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false; - if ($_POST['enable']) + if ($_POST['enable']) { $newcp['enable'] = true; - else + } else { unset($newcp['enable']); + } $newcp['auth_method'] = $_POST['auth_method']; $newcp['localauth_priv'] = isset($_POST['localauth_priv']); $newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false; @@ -338,22 +358,25 @@ if ($_POST) { $newcp['radmac_enable'] = $_POST['radmac_enable'] ? true : false; $newcp['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; $newcp['reauthenticateacct'] = $_POST['reauthenticateacct']; - if ($_POST['httpslogin_enable']) + if ($_POST['httpslogin_enable']) { $newcp['httpslogin'] = true; - else + } else { unset($newcp['httpslogin']); + } $newcp['httpsname'] = $_POST['httpsname']; $newcp['preauthurl'] = $_POST['preauthurl']; $newcp['blockedmacsurl'] = $_POST['blockedmacsurl']; $newcp['peruserbw'] = $_POST['peruserbw'] ? true : false; - if (isset($_POST['bwdefaultdn'])) + if (isset($_POST['bwdefaultdn'])) { $newcp['bwdefaultdn'] = $_POST['bwdefaultdn']; - else + } else { unset($newcp['bwdefaultdn']); - if (isset($_POST['bwdefaultup'])) + } + if (isset($_POST['bwdefaultup'])) { $newcp['bwdefaultup'] = $_POST['bwdefaultup']; - else + } else { unset($newcp['bwdefaultup']); + } $newcp['certref'] = $_POST['certref']; $newcp['nohttpsforwards'] = $_POST['nohttpsforwards'] ? true : false; $newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; @@ -361,28 +384,34 @@ if ($_POST) { $newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; $newcp['radius_protocol'] = $_POST['radius_protocol']; $newcp['redirurl'] = $_POST['redirurl']; - if (isset($_POST['radiusip'])) + if (isset($_POST['radiusip'])) { $newcp['radiusip'] = $_POST['radiusip']; - else + } else { unset($newcp['radiusip']); - if (isset($_POST['radiusip2'])) + } + if (isset($_POST['radiusip2'])) { $newcp['radiusip2'] = $_POST['radiusip2']; - else + } else { unset($newcp['radiusip2']); - if (isset($_POST['radiusip3'])) + } + if (isset($_POST['radiusip3'])) { $newcp['radiusip3'] = $_POST['radiusip3']; - else + } else { unset($newcp['radiusip3']); - if (isset($_POST['radiusip4'])) + } + if (isset($_POST['radiusip4'])) { $newcp['radiusip4'] = $_POST['radiusip4']; - else + } else { unset($newcp['radiusip4']); + } $newcp['radiusport'] = $_POST['radiusport']; $newcp['radiusport2'] = $_POST['radiusport2']; - if (isset($_POST['radiusport3'])) + if (isset($_POST['radiusport3'])) { $newcp['radiusport3'] = $_POST['radiusport3']; - if (isset($_POST['radiusport4'])) + } + if (isset($_POST['radiusport4'])) { $newcp['radiusport4'] = $_POST['radiusport4']; + } $newcp['radiusacctport'] = $_POST['radiusacctport']; $newcp['radiuskey'] = $_POST['radiuskey']; $newcp['radiuskey2'] = $_POST['radiuskey2']; @@ -396,16 +425,20 @@ if ($_POST) { $newcp['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; $newcp['reverseacct'] = $_POST['reverseacct'] ? true : false; $newcp['radiusnasid'] = trim($_POST['radiusnasid']); - if (!is_array($newcp['page'])) + if (!is_array($newcp['page'])) { $newcp['page'] = array(); + } /* file upload? */ - if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) + if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) { $newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); - if (is_uploaded_file($_FILES['errfile']['tmp_name'])) + } + if (is_uploaded_file($_FILES['errfile']['tmp_name'])) { $newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); - if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) + } + if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) { $newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name'])); + } write_config(); @@ -424,8 +457,9 @@ if ($_POST) { header("Location: services_captiveportal_zones.php"); exit; } else { - if (is_array($_POST['cinterface'])) + if (is_array($_POST['cinterface'])) { $pconfig['cinterface'] = implode(",", $_POST['cinterface']); + } } } $closehead = false; @@ -512,7 +546,8 @@ function enable_change(enable_change) { <?php if ($savemsg) print_info_box($savemsg); ?> <form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="captive portal"> - <tr><td class="tabnavtbl"> + <tr> + <td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Captive portal(s)"), true, "services_captiveportal.php?zone={$cpzone}"); @@ -522,588 +557,691 @@ function enable_change(enable_change) { $tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_vouchers.php?zone={$cpzone}"); $tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); -?> </td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main"> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> - <strong><?=gettext("Enable captive portal"); ?> </strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interfaces"); ?></td> - <td width="78%" class="vtable"> - <select name="cinterface[]" multiple="multiple" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface"> - <?php - $interfaces = get_configured_interface_with_descr(); - $cselected = explode(",", $pconfig['cinterface']); - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if (in_array($iface, $cselected)) echo "selected=\"selected\""; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select> <br /> - <span class="vexpl"><?=gettext("Select the interface(s) to enable for captive portal."); ?></span></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Maximum concurrent connections"); ?></td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0" summary="connections"> - <tr> - <td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5" value="<?=htmlspecialchars($pconfig['maxprocperip']);?>" /> <?=gettext("per client IP address (0 = no limit)"); ?></td> - </tr> - </table> -<?=gettext("This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in " . -"to the captive portal, but rather how many users can load the portal page or authenticate at the same time! " . -"Possible setting allowed is: minimum 4 connections per client IP address, with a total maximum of 100 connections."); ?></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Idle timeout"); ?></td> - <td class="vtable"> - <input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>" /> -<?=gettext("minutes"); ?><br /> -<?=gettext("Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Hard timeout"); ?></td> - <td width="78%" class="vtable"> - <input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>" /> - <?=gettext("minutes"); ?><br /> - <?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td> - <td width="78%" class="vtable"> - <input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>" /> - <?=gettext("per client MAC address (0 or blank = none)"); ?><br /> - <?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td> - <td width="78%" class="vtable"> - <input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>" /> - <?=gettext("hours"); ?><br /> - <?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td> - <td width="78%" class="vtable"> - <input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if($pconfig['freelogins_updatetimeouts']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br /> - <?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td> - <td width="78%" class="vtable"> - <input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable logout popup window"); ?></strong><br /> - <?=gettext("If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs."); ?></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Pre-authentication redirect URL"); ?> </td> - <td class="vtable"> - <input name="preauthurl" type="text" class="formfld url" id="preauthurl" size="60" value="<?=htmlspecialchars($pconfig['preauthurl']);?>" /><br /> - <?php printf(gettext("Use this field to set \$PORTAL_REDIRURL\$ variable which can be accessed using your custom captive portal index.php page or error pages."));?> - </td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("After authentication Redirection URL"); ?></td> - <td class="vtable"> - <input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>" /> - <br /> -<?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried " . -"to access after they've authenticated."); ?></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Blocked MAC address redirect URL"); ?> </td> - <td class="vtable"> - <input name="blockedmacsurl" type="text" class="formfld url" id="blockedmacsurl" size="60" value="<?=htmlspecialchars($pconfig['blockedmacsurl']);?>" /><br /> - <?php printf(gettext("If you provide a URL here, MAC addresses set to be blocked will be redirect to that URL when attempt to access anything."));?> +?> </td> </tr> <tr> - <td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td> - <td class="vtable"> - <input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Disable concurrent logins"); ?></strong><br /> - <?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("MAC filtering"); ?> </td> - <td class="vtable"> - <input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Disable MAC filtering"); ?></strong><br /> - <?=gettext("If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in." . - "This is required when the MAC address of the client cannot be determined (usually because there are routers between"); ?> <?php echo $g['product_name'] ?> <?=gettext("and the clients)."); ?> - <?=gettext("If this is enabled, RADIUS MAC authentication cannot be used."); ?></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Pass-through MAC Auto Entry"); ?></td> - <td class="vtable"> - <input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable Pass-through MAC automatic additions"); ?></strong><br /> - <?=gettext("If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again."); ?> - <?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?> - <?=gettext("If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown."); ?> - <br /><br /> - <input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable Pass-through MAC automatic addition with username"); ?></strong><br /> - <?=gettext("If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved."); ?> - <?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?> - </td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td> - <td class="vtable"> - <input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable per-user bandwidth restriction"); ?></strong><br /><br /> - <table cellpadding="0" cellspacing="0" summary="bandwidth"> - <tr> - <td><?=gettext("Default download"); ?></td> - <td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>" /> <?=gettext("Kbit/s"); ?></td> - </tr> - <tr> - <td><?=gettext("Default upload"); ?></td> - <td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>" /> <?=gettext("Kbit/s"); ?></td> - </tr></table> - <br /> - <?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0" summary="authentication"> - <tr> - <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onclick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked=\"checked\""; ?> /> - <?=gettext("No Authentication"); ?></td> - </tr> - <tr> - <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onclick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked=\"checked\""; ?> /> - <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td> - </tr> - <tr> - <td> </td> - <td> </td> - </tr> - <tr> - <td> </td> - <td><input name="localauth_priv" type="checkbox" id="localauth_priv" value="yes" onclick="enable_change(false)" <?php if($pconfig['localauth_priv']=="yes") echo "checked=\"checked\""; ?> /> - <?=gettext("Allow only users/groups with 'Captive portal login' privilege set"); ?></td> - </tr><tr> - <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onclick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked=\"checked\""; ?> /> - <?=gettext("RADIUS Authentication"); ?></td> - </tr><tr> - <td> </td> - <td> </td> - </tr> -<tr> - <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS Protocol"); ?></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0" summary="radius"> - <tr> - <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="PAP" onclick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']!="CHAP_MD5" && $pconfig['radius_protocol']!="MSCHAPv1" && $pconfig['radius_protocol']!="MSCHAPv2") echo "checked=\"checked\""; ?> /> - <?=gettext("PAP"); ?></td> - </tr> - <tr> - <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="CHAP_MD5" onclick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="CHAP_MD5") echo "checked=\"checked\""; ?> /> - <?=gettext("CHAP_MD5"); ?></td> - </tr> - <tr> - <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv1" onclick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv1") echo "checked=\"checked\""; ?> /> - <?=gettext("MSCHAPv1"); ?></td> - </tr> - <tr> - <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv2" onclick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv2") echo "checked=\"checked\""; ?> /> - <?=gettext("MSCHAPv2"); ?></td> - </tr><tr> - <td> </td> - <td> </td> - </tr> - </table> - </td> - </tr><tr> - <td> </td> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="primary athentication"> - <tr> - <td colspan="2" valign="top" class="listtopic">Primary Authentication Source</td> - </tr> - <tr> - <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> - <td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>" /><br /> - <?=gettext("Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against."); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Port"); ?></td> - <td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>" /><br /> - <?=gettext("Leave this field blank to use the default port (1812)."); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> - <td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>" /><br /> - <?=gettext("Leave this field blank to not use a RADIUS shared secret (not recommended)."); ?></td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> - <td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>" /><br /> - <?=gettext("If you have a second RADIUS server, you can activate it by entering its IP address here."); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Port"); ?></td> - <td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>" /></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> - <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>" /></td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Secondary Authentication Source</td> - </tr> - <tr> - <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> - <td class="vtable"><input name="radiusip3" type="text" class="formfld unknown" id="radiusip3" size="20" value="<?=htmlspecialchars($pconfig['radiusip3']);?>" /><br /> - <?=gettext("If you have a third RADIUS server, you can activate it by entering its IP address here."); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Port"); ?></td> - <td class="vtable"><input name="radiusport3" type="text" class="formfld unknown" id="radiusport3" size="5" value="<?=htmlspecialchars($pconfig['radiusport3']);?>" /></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> - <td class="vtable"><input name="radiuskey3" type="text" class="formfld unknown" id="radiuskey3" size="16" value="<?=htmlspecialchars($pconfig['radiuskey3']);?>" /></td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> - <td class="vtable"><input name="radiusip4" type="text" class="formfld unknown" id="radiusip4" size="20" value="<?=htmlspecialchars($pconfig['radiusip4']);?>" /><br /> - <?=gettext("If you have a fourth RADIUS server, you can activate it by entering its IP address here."); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Port"); ?></td> - <td class="vtable"><input name="radiusport4" type="text" class="formfld unknown" id="radiusport4" size="5" value="<?=htmlspecialchars($pconfig['radiusport4']);?>" /></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> - <td class="vtable"><input name="radiuskey4" type="text" class="formfld unknown" id="radiuskey4" size="16" value="<?=htmlspecialchars($pconfig['radiuskey4']);?>" /></td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Accounting"); ?></td> - </tr> - <tr> - <td class="vncell"> </td> - <td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onclick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("send RADIUS accounting packets"); ?></strong><br /> - <?=gettext("If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server."); ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Accounting port"); ?></td> - <td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>" /><br /> - <?=gettext("Leave blank to use the default port (1813)."); ?></td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td> - <td class="vtable"> - <input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked=\"checked\""; ?> /> <?=gettext("no accounting updates"); ?><br /> - <input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked=\"checked\""; ?> /> <?=gettext("stop/start accounting"); ?><br /> - <input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked=\"checked\""; ?> /> <?=gettext("interim update"); ?> - </td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("RADIUS options"); ?></td> - </tr> - <tr> - <td class="vncell"><?=gettext("Reauthentication"); ?></td> - <td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onclick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br /> - <?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " . - "logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td> - </tr> - <tr> - <td class=""><?=gettext("RADIUS MAC authentication"); ?></td> - <td class=""> - <input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onclick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br /> - <?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " . - "entered below to the RADIUS server."); ?></td> - </tr> - <tr> - <td class="vncell"><?=gettext("MAC authentication secret"); ?></td> - <td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>" /></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td> - <td class="vtable"> - <select name="radiussrcip_attribute" id="radiussrcip_attribute"> - <?php $iflist = get_configured_interface_with_descr(); - foreach ($iflist as $ifdesc => $ifdescr) { - $ipaddr = get_interface_ip($ifdesc); - if (is_ipaddr($ipaddr)) { - $selected = ""; - if ($ifdesc == $pconfig['radiussrcip_attribute']) - $selected= "selected=\"selected\""; - echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n"; - } - } - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $sn) { - if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { - $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); - $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); - $len = $end - $start; - - for ($i = 0; $i <= $len; $i++) { - $snip = long2ip32($start+$i); - echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n"; - } - } else - echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n"; - } - } - ?> - </select><br /> - <?=gettext("Choose the IP to use for calling station attribute."); ?> - </td> - </tr> - - <tr> - <td class="vncell" valign="top"><?=gettext("Session-Timeout"); ?></td> - <td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Use RADIUS Session-Timeout attributes"); ?></strong><br /> - <?=gettext("When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute."); ?></td> - </tr> - - <tr> - <td class="vncell" valign="top"><?=gettext("Type"); ?></td> - <td class="vtable"><select name="radiusvendor" id="radiusvendor"> - <option value="default"><?php echo gettext("default"); ?></option> - <?php - $radiusvendors = array("cisco"); - foreach ($radiusvendors as $radiusvendor){ - if ($pconfig['radiusvendor'] == $radiusvendor) - echo "<option selected=\"selected\" value=\"$radiusvendor\">$radiusvendor</option>\n"; - else - echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n"; - } - ?></select><br /> - <?php printf(gettext("If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and " . - "the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = %s's WAN IP address."), - $g['product_name']);?></td> - </tr> - - <tr> - <td class="vncell" valign="top"><?=gettext("Accounting Style"); ?></td> - <td class="vtable"><input name="reverseacct" type="checkbox" id="reverseacct" value="yes" <?php if ($pconfig['reverseacct']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Invert Acct-Input-Octets and Acct-Output-Octets"); ?></strong><br /> - <?=gettext("When this is enabled, data counts for RADIUS accounting packets will be taken from the client perspective, not the NAS. Acct-Input-Octets will represent download, and Acct-Output-Octets will represent upload."); ?></td> - </tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main"> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> + <strong><?=gettext("Enable captive portal"); ?> </strong> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interfaces"); ?></td> + <td width="78%" class="vtable"> + <select name="cinterface[]" multiple="multiple" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface"> + <?php + $interfaces = get_configured_interface_with_descr(); + $cselected = explode(",", $pconfig['cinterface']); + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if (in_array($iface, $cselected)) echo "selected=\"selected\""; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php + endforeach; + ?> + </select> + <br /> + <span class="vexpl"> + <?=gettext("Select the interface(s) to enable for captive portal."); ?> + </span> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Maximum concurrent connections"); ?></td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0" summary="connections"> + <tr> + <td> + <input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5" value="<?=htmlspecialchars($pconfig['maxprocperip']);?>" /> <?=gettext("per client IP address (0 = no limit)"); ?> + </td> + </tr> + </table> + <?=gettext("This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in " . + "to the captive portal, but rather how many users can load the portal page or authenticate at the same time! " . + "Possible setting allowed is: minimum 4 connections per client IP address, with a total maximum of 100 connections."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Idle timeout"); ?></td> + <td class="vtable"> + <input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>" /> + <?=gettext("minutes"); ?><br /> + <?=gettext("Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Hard timeout"); ?></td> + <td width="78%" class="vtable"> + <input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>" /> + <?=gettext("minutes"); ?><br /> + <?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td> + <td width="78%" class="vtable"> + <input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>" /> + <?=gettext("per client MAC address (0 or blank = none)"); ?><br /> + <?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td> + <td width="78%" class="vtable"> + <input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>" /> + <?=gettext("hours"); ?><br /> + <?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td> + <td width="78%" class="vtable"> + <input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if ($pconfig['freelogins_updatetimeouts']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br /> + <?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td> + <td width="78%" class="vtable"> + <input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if ($pconfig['logoutwin_enable']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable logout popup window"); ?></strong><br /> + <?=gettext("If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Pre-authentication redirect URL"); ?> </td> + <td class="vtable"> + <input name="preauthurl" type="text" class="formfld url" id="preauthurl" size="60" value="<?=htmlspecialchars($pconfig['preauthurl']);?>" /><br /> + <?php printf(gettext("Use this field to set \$PORTAL_REDIRURL\$ variable which can be accessed using your custom captive portal index.php page or error pages."));?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("After authentication Redirection URL"); ?></td> + <td class="vtable"> + <input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>" /> + <br /> + <?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried to access after they've authenticated."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Blocked MAC address redirect URL"); ?> </td> + <td class="vtable"> + <input name="blockedmacsurl" type="text" class="formfld url" id="blockedmacsurl" size="60" value="<?=htmlspecialchars($pconfig['blockedmacsurl']);?>" /><br /> + <?php printf(gettext("If you provide a URL here, MAC addresses set to be blocked will be redirect to that URL when attempt to access anything."));?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td> + <td class="vtable"> + <input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Disable concurrent logins"); ?></strong><br /> + <?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("MAC filtering"); ?> </td> + <td class="vtable"> + <input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Disable MAC filtering"); ?></strong><br /> + <?=gettext("If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in." . + "This is required when the MAC address of the client cannot be determined (usually because there are routers between"); ?> <?php echo $g['product_name'] ?> <?=gettext("and the clients)."); ?> + <?=gettext("If this is enabled, RADIUS MAC authentication cannot be used."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Pass-through MAC Auto Entry"); ?></td> + <td class="vtable"> + <input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable Pass-through MAC automatic additions"); ?></strong><br /> + <?=gettext("If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again."); ?> + <?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?> + <?=gettext("If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown."); ?> + <br /><br /> + <input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable Pass-through MAC automatic addition with username"); ?></strong><br /> + <?=gettext("If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved."); ?> + <?=gettext("To remove the passthrough MAC entry you either have to log in and remove it manually from the"); ?> <a href="services_captiveportal_mac.php"><?=gettext("MAC tab"); ?></a> <?=gettext("or send a POST from another system to remove it."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td> + <td class="vtable"> + <input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable per-user bandwidth restriction"); ?></strong><br /><br /> + <table cellpadding="0" cellspacing="0" summary="bandwidth"> + <tr> + <td><?=gettext("Default download"); ?></td> + <td> + <input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>" /> <?=gettext("Kbit/s"); ?> + </td> + </tr> + <tr> + <td><?=gettext("Default upload"); ?></td> + <td> + <input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>" /> <?=gettext("Kbit/s"); ?> + </td> + </tr> + </table> + <br /> + <?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0" summary="authentication"> + <tr> + <td colspan="2"> + <input name="auth_method" type="radio" id="auth_method" value="none" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] != "local" && $pconfig['auth_method'] != "radius") echo "checked=\"checked\""; ?> /> + <?=gettext("No Authentication"); ?> + </td> + </tr> + <tr> + <td colspan="2"> + <input name="auth_method" type="radio" id="auth_method" value="local" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] == "local") echo "checked=\"checked\""; ?> /> + <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?> + </td> + </tr> + <tr> + <td> </td> + <td> </td> + </tr> + <tr> + <td> </td> + <td> + <input name="localauth_priv" type="checkbox" id="localauth_priv" value="yes" onclick="enable_change(false)" <?php if ($pconfig['localauth_priv'] == "yes") echo "checked=\"checked\""; ?> /> + <?=gettext("Allow only users/groups with 'Captive portal login' privilege set"); ?> + </td> + </tr> + <tr> + <td colspan="2"> + <input name="auth_method" type="radio" id="auth_method" value="radius" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] == "radius") echo "checked=\"checked\""; ?> /> + <?=gettext("RADIUS Authentication"); ?> + </td> + </tr> + <tr> + <td> </td> + <td> </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS Protocol"); ?></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0" summary="radius"> + <tr> + <td colspan="2"> + <input name="radius_protocol" type="radio" id="radius_protocol" value="PAP" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] == "radius" && $pconfig['radius_protocol'] != "CHAP_MD5" && $pconfig['radius_protocol'] != "MSCHAPv1" && $pconfig['radius_protocol'] != "MSCHAPv2") echo "checked=\"checked\""; ?> /> + <?=gettext("PAP"); ?> + </td> + </tr> + <tr> + <td colspan="2"> + <input name="radius_protocol" type="radio" id="radius_protocol" value="CHAP_MD5" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] == "radius" && $pconfig['radius_protocol'] == "CHAP_MD5") echo "checked=\"checked\""; ?> /> + <?=gettext("CHAP_MD5"); ?> + </td> + </tr> + <tr> + <td colspan="2"> + <input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv1" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] == "radius" && $pconfig['radius_protocol'] == "MSCHAPv1") echo "checked=\"checked\""; ?> /> + <?=gettext("MSCHAPv1"); ?> + </td> + </tr> + <tr> + <td colspan="2"> + <input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv2" onclick="enable_change(false)" <?php if ($pconfig['auth_method'] == "radius" && $pconfig['radius_protocol'] == "MSCHAPv2") echo "checked=\"checked\""; ?> /> + <?=gettext("MSCHAPv2"); ?> + </td> + </tr> + <tr> + <td> </td> + <td> </td> + </tr> + </table> + </td> + </tr> + <tr> + <td> </td> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="primary athentication"> + <tr> + <td colspan="2" valign="top" class="listtopic">Primary Authentication Source</td> + </tr> + <tr> + <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> + <td class="vtable"> + <input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>" /><br /> + <?=gettext("Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Port"); ?></td> + <td class="vtable"> + <input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>" /><br /> + <?=gettext("Leave this field blank to use the default port (1812)."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> + <td class="vtable"> + <input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>" /><br /> + <?=gettext("Leave this field blank to not use a RADIUS shared secret (not recommended)."); ?> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> + <td class="vtable"> + <input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>" /><br /> + <?=gettext("If you have a second RADIUS server, you can activate it by entering its IP address here."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Port"); ?></td> + <td class="vtable"> + <input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>" /> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> + <td class="vtable"> + <input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>" /> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Secondary Authentication Source</td> + </tr> + <tr> + <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> + <td class="vtable"> + <input name="radiusip3" type="text" class="formfld unknown" id="radiusip3" size="20" value="<?=htmlspecialchars($pconfig['radiusip3']);?>" /><br /> + <?=gettext("If you have a third RADIUS server, you can activate it by entering its IP address here."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Port"); ?></td> + <td class="vtable"> + <input name="radiusport3" type="text" class="formfld unknown" id="radiusport3" size="5" value="<?=htmlspecialchars($pconfig['radiusport3']);?>" /> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> + <td class="vtable"> + <input name="radiuskey3" type="text" class="formfld unknown" id="radiuskey3" size="16" value="<?=htmlspecialchars($pconfig['radiuskey3']);?>" /> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Secondary RADIUS server"); ?></td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("IP address"); ?></td> + <td class="vtable"> + <input name="radiusip4" type="text" class="formfld unknown" id="radiusip4" size="20" value="<?=htmlspecialchars($pconfig['radiusip4']);?>" /><br /> + <?=gettext("If you have a fourth RADIUS server, you can activate it by entering its IP address here."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Port"); ?></td> + <td class="vtable"> + <input name="radiusport4" type="text" class="formfld unknown" id="radiusport4" size="5" value="<?=htmlspecialchars($pconfig['radiusport4']);?>" /> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> + <td class="vtable"> + <input name="radiuskey4" type="text" class="formfld unknown" id="radiuskey4" size="16" value="<?=htmlspecialchars($pconfig['radiuskey4']);?>" /> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Accounting"); ?></td> + </tr> + <tr> + <td class="vncell"> </td> + <td class="vtable"> + <input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onclick="enable_change(false)" <?php if ($pconfig['radacct_enable']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("send RADIUS accounting packets"); ?></strong><br /> + <?=gettext("If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Accounting port"); ?></td> + <td class="vtable"> + <input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>" /><br /> + <?=gettext("Leave blank to use the default port (1813)."); ?> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td> + <td class="vtable"> + <input name="reauthenticateacct" type="radio" value="" <?php if (!$pconfig['reauthenticateacct']) echo "checked=\"checked\""; ?> /> <?=gettext("no accounting updates"); ?><br /> + <input name="reauthenticateacct" type="radio" value="stopstart" <?php if ($pconfig['reauthenticateacct'] == "stopstart") echo "checked=\"checked\""; ?> /> <?=gettext("stop/start accounting"); ?><br /> + <input name="reauthenticateacct" type="radio" value="interimupdate" <?php if ($pconfig['reauthenticateacct'] == "interimupdate") echo "checked=\"checked\""; ?> /> <?=gettext("interim update"); ?> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("RADIUS options"); ?></td> + </tr> + <tr> + <td class="vncell"><?=gettext("Reauthentication"); ?></td> + <td class="vtable"> + <input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onclick="enable_change(false)" <?php if ($pconfig['reauthenticate']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br /> + <?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " . + "logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?> + </td> + </tr> + <tr> + <td class=""><?=gettext("RADIUS MAC authentication"); ?></td> + <td class=""> + <input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onclick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br /> + <?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " . + "entered below to the RADIUS server."); ?> + </td> + </tr> + <tr> + <td class="vncell"><?=gettext("MAC authentication secret"); ?></td> + <td class="vtable"> + <input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>" /> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td> + <td class="vtable"> + <select name="radiussrcip_attribute" id="radiussrcip_attribute"> + <?php + $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $ifdesc => $ifdescr) { + $ipaddr = get_interface_ip($ifdesc); + if (is_ipaddr($ipaddr)) { + $selected = ""; + if ($ifdesc == $pconfig['radiussrcip_attribute']) { + $selected= "selected=\"selected\""; + } + echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n"; + } + } + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $sn) { + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { + $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); + $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); + $len = $end - $start; - <tr> - <td class="vncell" valign="top"><?=gettext("NAS Identifier"); ?></td> - <td class="vtable"><input name="radiusnasid" type="text" maxlength="253" class="formfld unknown" id="radiusnasid" value="<?=htmlspecialchars($pconfig['radiusnasid']);?>" /><br /> - <?=gettext("Specify a NAS identifier to override the default value") . " (" . php_uname("n") . ")"; ?></td> - </tr> - <tr> - <td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td> - <td class="vtable"> - <select name="radmac_format" id="radmac_format"> - <option value="default"><?php echo gettext("default"); ?></option> + for ($i = 0; $i <= $len; $i++) { + $snip = long2ip32($start+$i); + echo "<option value='{$snip}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$snip}") . "></option>\n"; + } + } else { + echo "<option value='{$sn['subnet']}' {$selected}>" . htmlspecialchars("{$sn['descr']} - {$sn['subnet']}") . "></option>\n"; + } + } + } + ?> + </select><br /> + <?=gettext("Choose the IP to use for calling station attribute."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Session-Timeout"); ?></td> + <td class="vtable"> + <input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Use RADIUS Session-Timeout attributes"); ?></strong><br /> + <?=gettext("When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Type"); ?></td> + <td class="vtable"> + <select name="radiusvendor" id="radiusvendor"> + <option value="default"><?php echo gettext("default"); ?></option> + <?php + $radiusvendors = array("cisco"); + foreach ($radiusvendors as $radiusvendor) { + if ($pconfig['radiusvendor'] == $radiusvendor) { + echo "<option selected=\"selected\" value=\"$radiusvendor\">$radiusvendor</option>\n"; + } else { + echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n"; + } + } + ?> + </select><br /> + <?php printf(gettext("If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and " . + "the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = %s's WAN IP address."), + $g['product_name']);?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("Accounting Style"); ?></td> + <td class="vtable"> + <input name="reverseacct" type="checkbox" id="reverseacct" value="yes" <?php if ($pconfig['reverseacct']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Invert Acct-Input-Octets and Acct-Output-Octets"); ?></strong><br /> + <?=gettext("When this is enabled, data counts for RADIUS accounting packets will be taken from the client perspective, not the NAS. Acct-Input-Octets will represent download, and Acct-Output-Octets will represent upload."); ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("NAS Identifier"); ?></td> + <td class="vtable"> + <input name="radiusnasid" type="text" maxlength="253" class="formfld unknown" id="radiusnasid" value="<?=htmlspecialchars($pconfig['radiusnasid']);?>" /><br /> + <?=gettext("Specify a NAS identifier to override the default value") . " (" . php_uname("n") . ")"; ?> + </td> + </tr> + <tr> + <td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td> + <td class="vtable"> + <select name="radmac_format" id="radmac_format"> + <option value="default"><?php echo gettext("default"); ?></option> + <?php + $macformats = array("singledash", "ietf", "cisco", "unformatted"); + foreach ($macformats as $macformat) { + if ($pconfig['radmac_format'] == $macformat) { + echo "<option selected=\"selected\" value=\"$macformat\">",gettext($macformat),"</option>\n"; + } else { + echo "<option value=\"$macformat\">",gettext($macformat),"</option>\n"; + } + } + ?> + </select><br /> + <?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?> + <?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br /> + <?=gettext("default:"); ?> 00:11:22:33:44:55<br /> + <?=gettext("singledash:"); ?> 001122-334455<br /> + <?=gettext("ietf:"); ?> 00-11-22-33-44-55<br /> + <?=gettext("cisco:"); ?> 0011.2233.4455<br /> + <?=gettext("unformatted:"); ?> 001122334455 + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td> + <td class="vtable"> + <input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" onclick="enable_change(false)" <?php if ($pconfig['httpslogin_enable']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable HTTPS login"); ?></strong><br /> + <?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name and certificate must also be specified below."); ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td> + <td class="vtable"> + <input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>" /><br /> + <?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> + </td> + </tr> + <tr id="ssl_opts"> + <td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td> + <td width="78%" class="vtable"> + <?php if (count($a_cert)): ?> + <select name="certref" id="certref" class="formselect"> + <?php + foreach ($a_cert as $cert): + $selected = ""; + if ($pconfig['certref'] == $cert['refid']) { + $selected = " selected=\"selected\""; + } + ?> + <option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option> + <?php endforeach; ?> + </select> + <?php else: ?> + <b><?=gettext("No Certificates defined."); ?></b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php endif; ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Disable HTTPS forwards"); ?></td> + <td class="vtable"> + <input name="nohttpsforwards" type="checkbox" class="formfld" id="nohttpsforwards" value="yes" <?php if ($pconfig['nohttpsforwards']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Disable HTTPS forwards"); ?></strong><br/> + <?=gettext("If this option is set, attempts to connect to SSL/HTTPS (Port 443) sites will not be forwarded to the captive portal. This prevents certificate errors from being presented to the user even if HTTPS logins are enabled. Users must attempt a connecton to an HTTP (Port 80) site to get forwarded to the captive portal. If HTTPS logins are enabled, the user will be redirected to the HTTPS login page."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Portal page contents"); ?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile" /><br /> <?php - $macformats = array("singledash","ietf","cisco","unformatted"); - foreach ($macformats as $macformat) { - if ($pconfig['radmac_format'] == $macformat) { - echo "<option selected=\"selected\" value=\"$macformat\">",gettext($macformat),"</option>\n"; + list($host) = explode(":", $_SERVER['HTTP_HOST']); + $zoneid = $pconfig['zoneid'] ? $pconfig['zoneid'] : 8000; + if ($pconfig['httpslogin_enable']) { + $port = $pconfig['listenporthttps'] ? $pconfig['listenporthttps'] : ($zoneid + 8001); + $href = "https://{$host}:{$port}"; } else { - echo "<option value=\"$macformat\">",gettext($macformat),"</option>\n"; + $port = $pconfig['listenporthttp'] ? $pconfig['listenporthttp'] : ($zoneid + 8000); + $href = "http://{$host}:{$port}"; } - } ?> - </select><br /> - <?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?> - <?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br /> - <?=gettext("default:"); ?> 00:11:22:33:44:55<br /> - <?=gettext("singledash:"); ?> 001122-334455<br /> - <?=gettext("ietf:"); ?> 00-11-22-33-44-55<br /> - <?=gettext("cisco:"); ?> 0011.2233.4455<br /> - <?=gettext("unformatted:"); ?> 001122334455 - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td> - <td class="vtable"> - <input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" onclick="enable_change(false)" <?php if($pconfig['httpslogin_enable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable HTTPS login"); ?></strong><br /> - <?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name and certificate must also be specified below."); ?></td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td> - <td class="vtable"> - <input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>" /><br /> - <?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td> - </tr> - <tr id="ssl_opts"> - <td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td> - <td width="78%" class="vtable"> - <?php if (count($a_cert)): ?> - <select name="certref" id="certref" class="formselect"> - <?php - foreach($a_cert as $cert): - $selected = ""; - if ($pconfig['certref'] == $cert['refid']) - $selected = " selected=\"selected\""; - ?> - <option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option> - <?php endforeach; ?> - </select> - <?php else: ?> - <b><?=gettext("No Certificates defined."); ?></b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. - <?php endif; ?> + <?php if ($pconfig['page']['htmltext']): ?> + <a href="<?=$href?>" target="_blank"><?=gettext("View current page"); ?></a> + <br /> + <a href="?zone=<?=$cpzone?>&act=gethtmlhtml" target="_blank"><?=gettext("Download current page"); ?></a> + <br /> + <a href="?zone=<?=$cpzone?>&act=delhtmlhtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank"> + <?=gettext("Restore default portal page"); ?> + </a> + <br /> + <br /> + <?php endif; ?> + <?php + printf( + gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' . + 'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' . + 'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'), + '"$PORTAL_ACTION$"', + "name="accept"", + "name="redirurl"", + 'value="$PORTAL_REDIRURL$"', + ""auth_user"", + ""auth_pass"", + ""auth_voucher""); + ?> + <?=gettext("Example code for the form:"); ?><br /> + <br /> + <tt><form method="post" action="$PORTAL_ACTION$"><br /> + <input name="auth_user" type="text"><br /> + <input name="auth_pass" type="password"><br /> + <input name="auth_voucher" type="text"><br /> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br /> + <input name="accept" type="submit" value="Continue"><br /> + </form></tt> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?><br /> + <?=gettext("error page"); ?><br /> + <?=gettext("contents"); ?> + </td> + <td class="vtable"> + <input name="errfile" type="file" class="formfld file" id="errfile" /><br /> + <?php if ($pconfig['page']['errtext']): ?> + <a href="?zone=<?=$cpzone?>&act=viewerrhtml" target="_blank"><?=gettext("View current page"); ?></a> + <br /> + <a href="?zone=<?=$cpzone?>&act=geterrhtml" target="_blank"><?=gettext("Download current page"); ?></a> + <br /> + <a href="?zone=<?=$cpzone?>&act=delerrhtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank"> + <?=gettext("Restore default error page"); ?> + </a> + <br /> + <br /> + <?php endif; ?> + <?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " . + "You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Logout"); ?><br /> + <?=gettext("page"); ?><br /> + <?=gettext("contents"); ?></td> + <td class="vtable"> + <input name="logoutfile" type="file" class="formfld file" id="logoutfile" /><br /> + <?php if ($pconfig['page']['logouttext']): ?> + <a href="?zone=<?=$cpzone?>&act=viewlogouthtml" target="_blank"><?=gettext("View current page"); ?></a> + <br /> + <a href="?zone=<?=$cpzone?>&act=getlogouthtml" target="_blank"><?=gettext("Download current page"); ?></a> + <br /> + <a href="?zone=<?=$cpzone?>&act=dellogouthtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank"> + <?=gettext("Restore default logout page"); ?> + </a> + <br /> + <br /> + <?php endif; ?> + <?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "' />"; ?> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)" /> + <a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="enable_change(true)" /></a> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <span class="vexpl"> + <span class="red"> + <strong> + <?=gettext("Note:"); ?><br /> + </strong> + </span> + <?=gettext("Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."); ?> + </span> + </td> + </tr> + </table> </td> </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Disable HTTPS forwards"); ?></td> - <td class="vtable"> - <input name="nohttpsforwards" type="checkbox" class="formfld" id="nohttpsforwards" value="yes" <?php if ($pconfig['nohttpsforwards']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Disable HTTPS forwards"); ?></strong><br/> - <?=gettext("If this option is set, attempts to connect to SSL/HTTPS (Port 443) sites will not be forwarded to the captive portal. This prevents certificate errors from being presented to the user even if HTTPS logins are enabled. Users must attempt a connecton to an HTTP (Port 80) site to get forwarded to the captive portal. If HTTPS logins are enabled, the user will be redirected to the HTTPS login page."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Portal page contents"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile" /><br /> - <?php - list($host) = explode(":", $_SERVER['HTTP_HOST']); - $zoneid = $pconfig['zoneid'] ? $pconfig['zoneid'] : 8000; - if ($pconfig['httpslogin_enable']) { - $port = $pconfig['listenporthttps'] ? $pconfig['listenporthttps'] : ($zoneid + 8001); - $href = "https://{$host}:{$port}"; - } else { - $port = $pconfig['listenporthttp'] ? $pconfig['listenporthttp'] : ($zoneid + 8000); - $href = "http://{$host}:{$port}"; - } - ?> - <?php if ($pconfig['page']['htmltext']): ?> - <a href="<?=$href?>" target="_blank"><?=gettext("View current page"); ?></a> - <br /> - <a href="?zone=<?=$cpzone?>&act=gethtmlhtml" target="_blank"><?=gettext("Download current page"); ?></a> - <br /> - <a href="?zone=<?=$cpzone?>&act=delhtmlhtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank"> - <?=gettext("Restore default portal page"); ?> - </a> - <br /> - <br /> - <?php endif; ?> - <?php - printf( - gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' . - 'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' . - 'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'), - '"$PORTAL_ACTION$"', - "name="accept"", - "name="redirurl"", - 'value="$PORTAL_REDIRURL$"', - ""auth_user"", - ""auth_pass"", - ""auth_voucher""); - ?> - <?=gettext("Example code for the form:"); ?><br /> - <br /> - <tt><form method="post" action="$PORTAL_ACTION$"><br /> - <input name="auth_user" type="text"><br /> - <input name="auth_pass" type="password"><br /> - <input name="auth_voucher" type="text"><br /> - <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br /> - <input name="accept" type="submit" value="Continue"><br /> - </form></tt></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?><br /> - <?=gettext("error page"); ?><br /> - <?=gettext("contents"); ?></td> - <td class="vtable"> - <input name="errfile" type="file" class="formfld file" id="errfile" /><br /> - <?php if ($pconfig['page']['errtext']): ?> - <a href="?zone=<?=$cpzone?>&act=viewerrhtml" target="_blank"><?=gettext("View current page"); ?></a> - <br /> - <a href="?zone=<?=$cpzone?>&act=geterrhtml" target="_blank"><?=gettext("Download current page"); ?></a> - <br /> - <a href="?zone=<?=$cpzone?>&act=delerrhtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank"> - <?=gettext("Restore default error page"); ?> - </a> - <br /> - <br /> - <?php endif; ?> -<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " . -"You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Logout"); ?><br /> - <?=gettext("page"); ?><br /> - <?=gettext("contents"); ?></td> - <td class="vtable"> - <input name="logoutfile" type="file" class="formfld file" id="logoutfile" /><br /> - <?php if ($pconfig['page']['logouttext']): ?> - <a href="?zone=<?=$cpzone?>&act=viewlogouthtml" target="_blank"><?=gettext("View current page"); ?></a> - <br /> - <a href="?zone=<?=$cpzone?>&act=getlogouthtml" target="_blank"><?=gettext("Download current page"); ?></a> - <br /> - <a href="?zone=<?=$cpzone?>&act=dellogouthtml" onclick="return confirm('Do you really want to restore default page?')" target="_blank"> - <?=gettext("Restore default logout page"); ?> - </a> - <br /> - <br /> - <?php endif; ?> -<?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "' />"; ?> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)" /> - <a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="enable_change(true)" /></a> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br /> - </strong></span><?=gettext("Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."); ?> </span></td> - </tr> - </table> - </td> - </tr> - </table> +</table> </form> <script type="text/javascript"> //<![CDATA[ diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index 1368753..f672938 100644 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -45,9 +45,9 @@ function cpelementscmp($a, $b) { } function cpelements_sort() { - global $config, $cpzone; + global $config, $cpzone; - usort($config['captiveportal'][$cpzone]['element'],"cpelementscmp"); + usort($config['captiveportal'][$cpzone]['element'], "cpelementscmp"); } require("guiconfig.inc"); @@ -57,23 +57,26 @@ require("shaper.inc"); require("captiveportal.inc"); $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} + if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), $a_cp[$cpzone]['zone']); $shortcut_section = "captiveportal"; -if (!is_array($a_cp[$cpzone]['element'])) +if (!is_array($a_cp[$cpzone]['element'])) { $a_cp[$cpzone]['element'] = array(); +} $a_element =& $a_cp[$cpzone]['element']; // Calculate total size of all files @@ -83,18 +86,19 @@ foreach ($a_element as $element) { } if ($_POST) { - unset($input_errors); + unset($input_errors); - if (is_uploaded_file($_FILES['new']['tmp_name'])) { + if (is_uploaded_file($_FILES['new']['tmp_name'])) { - if(!stristr($_FILES['new']['name'], "captiveportal-")) - $name = "captiveportal-" . $_FILES['new']['name']; - else - $name = $_FILES['new']['name']; - $size = filesize($_FILES['new']['tmp_name']); + if (!stristr($_FILES['new']['name'], "captiveportal-")) { + $name = "captiveportal-" . $_FILES['new']['name']; + } else { + $name = $_FILES['new']['name']; + } + $size = filesize($_FILES['new']['tmp_name']); - // is there already a file with that name? - foreach ($a_element as $element) { + // is there already a file with that name? + foreach ($a_element as $element) { if ($element['name'] == $name) { $input_errors[] = sprintf(gettext("A file with the name '%s' already exists."), $name); break; @@ -121,7 +125,7 @@ if ($_POST) { header("Location: services_captiveportal_filemanager.php?zone={$cpzone}"); exit; } - } + } } else if (($_GET['act'] == "del") && !empty($cpzone) && $a_element[$_GET['id']]) { conf_mount_rw(); @unlink("{$g['captiveportal_element_path']}/" . $a_element[$_GET['id']]['name']); @@ -142,7 +146,8 @@ include("head.inc"); <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($input_errors) print_input_errors($input_errors); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="captiveportal file manager"> - <tr><td class="tabnavtbl"> + <tr> + <td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Captive portal(s)"), false, "services_captiveportal.php?zone={$cpzone}"); @@ -152,81 +157,109 @@ include("head.inc"); $tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_vouchers.php?zone={$cpzone}"); $tab_array[] = array(gettext("File Manager"), true, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); -?> </td></tr> - <tr> - <td class="tabcont"> - <table width="80%" border="0" cellpadding="0" cellspacing="0" summary="main"> - <tr> - <td width="70%" class="listhdrr"><?=gettext("Name"); ?></td> - <td width="20%" class="listhdr"><?=gettext("Size"); ?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>&act=add"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add file"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> -<?php if (is_array($a_cp[$cpzone]['element'])): - $i = 0; foreach ($a_cp[$cpzone]['element'] as $element): ?> - <tr> - <td class="listlr"><?=htmlspecialchars($element['name']);?></td> - <td class="listr" align="right"><?=format_bytes($element['size']);?></td> - <td valign="middle" class="list nowrap"> - <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this file?"); ?>')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete file"); ?>" width="17" height="17" border="0" alt="delete" /></a> - </td> - </tr> - <?php $i++; endforeach; endif; ?> - - <?php if ($total_size > 0): ?> - <tr> - <td class="listlr" style="background-color: #eee"><strong><?=gettext("TOTAL"); ?></strong></td> - <td class="listr" style="background-color: #eee" align="right"><strong><?=format_bytes($total_size);?></strong></td> - <td valign="middle" class="list nowrap"></td> - </tr> - <?php endif; ?> - - <?php if ($_GET['act'] == 'add'): ?> - <tr> - <td class="listlr" colspan="2"><input type="file" name="new" class="formfld file" size="40" id="new" /> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Upload"); ?>" /></td> - <td valign="middle" class="list nowrap"> - <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("cancel"); ?>" width="17" height="17" border="0" alt="delete" /></a> +?> </td> - </tr> - <?php else: ?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>&act=add"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add file"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> + </tr> + <tr> + <td class="tabcont"> + <table width="80%" border="0" cellpadding="0" cellspacing="0" summary="main"> + <tr> + <td width="70%" class="listhdrr"><?=gettext("Name"); ?></td> + <td width="20%" class="listhdr"><?=gettext("Size"); ?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="icons"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>&act=add"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add file"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + if (is_array($a_cp[$cpzone]['element'])): + $i = 0; + foreach ($a_cp[$cpzone]['element'] as $element): +?> + <tr> + <td class="listlr"><?=htmlspecialchars($element['name']);?></td> + <td class="listr" align="right"><?=format_bytes($element['size']);?></td> + <td valign="middle" class="list nowrap"> + <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this file?"); ?>')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete file"); ?>" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> +<?php + $i++; + endforeach; + endif; +?> + +<?php + if ($total_size > 0): +?> + <tr> + <td class="listlr" style="background-color: #eee"><strong><?=gettext("TOTAL"); ?></strong></td> + <td class="listr" style="background-color: #eee" align="right"><strong><?=format_bytes($total_size);?></strong></td> + <td valign="middle" class="list nowrap"></td> + </tr> +<?php + endif; + + if ($_GET['act'] == 'add'): +?> + <tr> + <td class="listlr" colspan="2"> + <input type="file" name="new" class="formfld file" size="40" id="new" /> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Upload"); ?>" /> + </td> + <td valign="middle" class="list nowrap"> + <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("cancel"); ?>" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> +<?php + else: +?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone;?>&act=add"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add file"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + endif; +?> </table> + <span class="vexpl"> + <span class="red"> + <strong> + <?=gettext("Note:"); ?><br /> + </strong> + </span> + <?=gettext("Any files that you upload here with the filename prefix of captiveportal- will " . + "be made available in the root directory of the captive portal HTTP(S) server. " . + "You may reference them directly from your portal page HTML code using relative paths. " . + "Example: you've uploaded an image with the name 'captiveportal-test.jpg' using the " . + "file manager. Then you can include it in your portal page like this:"); ?> + <br /><br /> + <tt><img src="captiveportal-test.jpg" width=... height=...></tt> + <br /><br /> + <?=gettext("In addition, you can also upload .php files for execution. You can pass the filename " . + "to your custom page from the initial page by using text similar to:"); ?> + <br /><br /> + <tt><a href="/captiveportal-aup.php?zone=$PORTAL_ZONE$&redirurl=$PORTAL_REDIRURL$"><?=gettext("Acceptable usage policy"); ?></a></tt> + <br /><br /> + <?php printf(gettext("The total size limit for all files is %s."), format_bytes($g['captiveportal_element_sizelimit']));?> + </span> </td> - </tr> - <?php endif; ?> - </table> - <span class="vexpl"><span class="red"><strong> - <?=gettext("Note:"); ?><br /> - </strong></span> - <?=gettext("Any files that you upload here with the filename prefix of captiveportal- will " . - "be made available in the root directory of the captive portal HTTP(S) server. " . - "You may reference them directly from your portal page HTML code using relative paths. " . - "Example: you've uploaded an image with the name 'captiveportal-test.jpg' using the " . - "file manager. Then you can include it in your portal page like this:"); ?><br /><br /> - <tt><img src="captiveportal-test.jpg" width=... height=...></tt> - <br /><br /> - <?=gettext("In addition, you can also upload .php files for execution. You can pass the filename " . - "to your custom page from the initial page by using text similar to:"); ?> - <br /><br /> - <tt><a href="/captiveportal-aup.php?zone=$PORTAL_ZONE$&redirurl=$PORTAL_REDIRURL$"><?=gettext("Acceptable usage policy"); ?></a></tt> - <br /><br /> - <?php printf(gettext("The total size limit for all files is %s."), format_bytes($g['captiveportal_element_sizelimit']));?></span> -</td> -</tr> + </tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index 03afc59..939fb23 100644 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -49,36 +49,40 @@ require("shaper.inc"); require("captiveportal.inc"); $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) +if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if (!is_array($config['captiveportal'])) +if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) +if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { $cpzoneid = $a_cp[$cpzone]['zoneid']; +} -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), $a_cp[$cpzone]['zone']); $shortcut_section = "captiveportal"; if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { $a_allowedhostnames =& $a_cp[$cpzone]['allowedhostname']; if ($a_allowedhostnames[$_GET['id']]) { $ipent = $a_allowedhostnames[$_GET['id']]; - + if (isset($a_cp[$cpzone]['enable'])) { - if(is_ipaddr($ipent['hostname'])) + if (is_ipaddr($ipent['hostname'])) { $ip = $ipent['hostname']; - else + } else { $ip = gethostbyname($ipent['hostname']); + } $sn = (is_ipaddrv6($ip)) ? 128 : 32; - if(is_ipaddr($ip)) { + if (is_ipaddr($ip)) { $ipfw = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, 3, $ip); if (is_array($ipfw)) { captiveportal_free_dn_ruleno($ipfw['dnpipe']); @@ -89,7 +93,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 4, $ip, $sn); } } - + unset($a_allowedhostnames[$_GET['id']]); write_config(); captiveportal_allowedhostname_configure(); @@ -107,7 +111,8 @@ include("head.inc"); <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="captiveportal hostname"> - <tr><td class="tabnavtbl"> + <tr> + <td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Captive portal(s)"), false, "services_captiveportal.php?zone={$cpzone}"); @@ -118,86 +123,109 @@ include("head.inc"); $tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); ?> - </td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="main"> - <tr> - <td width="60%" class="listhdrr"><?=gettext("Hostname"); ?></td> - <td width="40%" class="listhdr"><?=gettext("Description"); ?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> -<?php if (is_array($a_cp[$cpzone]['allowedhostname'])): - $i = 0; foreach ($a_cp[$cpzone]['allowedhostname'] as $ip): ?> - <tr ondblclick="document.location='services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>'"> - <td class="listlr"> - <?php - if($ip['dir'] == "to") { - echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"in\" /> "; - } - if($ip['dir'] == "both") { - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"pass\" /> "; - } - echo strtolower($ip['hostname']); - if($ip['dir'] == "from") { - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"in\" /> any"; - } - - ?> - </td> - <td class="listbg"> - <?=htmlspecialchars($ip['descr']);?> - </td> - <td valign="middle" class="list nowrap"> <a href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit address"); ?>" width="17" height="17" border="0" alt="add" /></a> - <a href="services_captiveportal_hostname.php?zone=<?=$cpzone;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this address?"); ?>')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete address"); ?>" width="17" height="17" border="0" alt="delete" /></a></td> - </tr> - <?php $i++; endforeach; endif; ?> - <tr> - <td class="list" colspan="2"> </td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> + </td> </tr> <tr> - <td colspan="2" class="list"><p class="vexpl"><span class="red"><strong> - <?=gettext("Note:"); ?><br /> - </strong></span> - <?=gettext("Adding allowed Hostnames will allow a DNS hostname access to/from access through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying <em>from</em> addresses, it may be used to always allow pass-through access from a client behind the captive portal."); ?></p> - <table border="0" cellspacing="0" cellpadding="0" summary="icons"> - <tr> - <td><span class="vexpl"><?=gettext("any"); ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_in.gif" width="11" height="11" align="middle" alt="in" /> x.x.x.x </span></td> - <td><span class="vexpl"><?=gettext("All connections"); ?> <strong><?=gettext("to"); ?></strong> <?=gettext("the Hostname are allowed"); ?></span></td> - </tr> - <tr> - <td colspan="5" height="4"></td> - </tr> - <tr> - <td>x.x.x.x <span class="vexpl"><img src="/themes/<?=$g['theme'];?>/images/icons/icon_in.gif" width="11" height="11" align="middle" alt="in" /></span> <?=gettext("any"); ?> </td> - <td><span class="vexpl"><?=gettext("All connections"); ?> <strong><?=gettext("from"); ?></strong> <?=gettext("the Hostname are allowed"); ?> </span></td> - </tr> - <tr> - <td><span class="vexpl"><img src="/themes/<?=$g['theme'];?>/images/icons/icon_pass.gif" width="11" height="11" align="right" alt="pass" /></span> </td> - <td><span class="vexpl"> All connections <strong>to</strong> and <strong>from</strong> the Hostname are allowed </span></td> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="main"> + <tr> + <td width="60%" class="listhdrr"><?=gettext("Hostname"); ?></td> + <td width="40%" class="listhdr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + if (is_array($a_cp[$cpzone]['allowedhostname'])): + $i = 0; + foreach ($a_cp[$cpzone]['allowedhostname'] as $ip): +?> + <tr ondblclick="document.location='services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>'"> + <td class="listlr"> +<?php + if ($ip['dir'] == "to") { + echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"in\" /> "; + } + if ($ip['dir'] == "both") { + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"pass\" /> "; + } + echo strtolower($ip['hostname']); + if ($ip['dir'] == "from") { + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"in\" /> any"; + } +?> + </td> + <td class="listbg"> + <?=htmlspecialchars($ip['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <a href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit address"); ?>" width="17" height="17" border="0" alt="add" /></a> + <a href="services_captiveportal_hostname.php?zone=<?=$cpzone;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this address?"); ?>')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete address"); ?>" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> +<?php + $i++; + endforeach; + endif; +?> + <tr> + <td class="list" colspan="2"> </td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td colspan="2" class="list"> + <p class="vexpl"> + <span class="red"> + <strong> + <?=gettext("Note:"); ?><br /> + </strong> + </span> + <?=gettext("Adding allowed Hostnames will allow a DNS hostname access to/from access through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying <em>from</em> addresses, it may be used to always allow pass-through access from a client behind the captive portal."); ?> + </p> + <table border="0" cellspacing="0" cellpadding="0" summary="icons"> + <tr> + <td> + <span class="vexpl"><?=gettext("any"); ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_in.gif" width="11" height="11" align="middle" alt="in" /> x.x.x.x </span> + </td> + <td> + <span class="vexpl"><?=gettext("All connections"); ?> <strong><?=gettext("to"); ?></strong> <?=gettext("the Hostname are allowed"); ?></span> + </td> + </tr> + <tr> + <td colspan="5" height="4"></td> + </tr> + <tr> + <td>x.x.x.x <span class="vexpl"><img src="/themes/<?=$g['theme'];?>/images/icons/icon_in.gif" width="11" height="11" align="middle" alt="in" /></span> <?=gettext("any"); ?> </td> + <td><span class="vexpl"><?=gettext("All connections"); ?> <strong><?=gettext("from"); ?></strong> <?=gettext("the Hostname are allowed"); ?> </span></td> + </tr> + <tr> + <td><span class="vexpl"><img src="/themes/<?=$g['theme'];?>/images/icons/icon_pass.gif" width="11" height="11" align="right" alt="pass" /></span> </td> + <td><span class="vexpl"> All connections <strong>to</strong> and <strong>from</strong> the Hostname are allowed </span></td> + </tr> + </table> + </td> + <td class="list"> </td> + </tr> + </table> + </td> </tr> - </table></td> - <td class="list"> </td> - </tr> - </table> - </td> - </tr> - </table> +</table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index 9d7c7d6..dc33739 100644 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -1,4 +1,4 @@ -<?php +<?php /* services_captiveportal_hostname_edit.php Copyright (C) 2013-2015 Electric Sheep Fencing, LP @@ -8,17 +8,17 @@ Originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com> All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -48,7 +48,7 @@ function allowedhostnamescmp($a, $b) { function allowedhostnames_sort() { global $g, $config, $cpzone; - usort($config['captiveportal'][$cpzone]['allowedhostname'],"allowedhostnamescmp"); + usort($config['captiveportal'][$cpzone]['allowedhostname'], "allowedhostnamescmp"); } require("guiconfig.inc"); @@ -57,29 +57,34 @@ require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit allowed Hostname")); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit allowed Hostname")); $shortcut_section = "captiveportal"; $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (!is_array($a_cp[$cpzone]['allowedhostname'])) +if (!is_array($a_cp[$cpzone]['allowedhostname'])) { $a_cp[$cpzone]['allowedhostname'] = array(); +} $a_allowedhostnames = &$a_cp[$cpzone]['allowedhostname']; if (isset($id) && $a_allowedhostnames[$id]) { @@ -100,25 +105,29 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "hostname"); $reqdfieldsn = array(gettext("Allowed Hostname")); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (($_POST['hostname'] && !is_hostname($_POST['hostname']))) + + if (($_POST['hostname'] && !is_hostname($_POST['hostname']))) { $input_errors[] = sprintf(gettext("A valid Hostname must be specified. [%s]"), $_POST['hostname']); + } - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) + if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { $input_errors[] = gettext("Upload speed needs to be an integer"); - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) + } + if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { $input_errors[] = gettext("Download speed needs to be an integer"); + } foreach ($a_allowedhostnames as $ipent) { - if (isset($id) && ($a_allowedhostnames[$id]) && ($a_allowedhostnames[$id] === $ipent)) + if (isset($id) && ($a_allowedhostnames[$id]) && ($a_allowedhostnames[$id] === $ipent)) { continue; - - if ($ipent['hostname'] == $_POST['hostname']){ + } + + if ($ipent['hostname'] == $_POST['hostname']) { $input_errors[] = sprintf("[%s] %s.", $_POST['hostname'], gettext("already allowed")) ; break ; - } + } } if (!$input_errors) { @@ -127,17 +136,20 @@ if ($_POST) { $ip['sn'] = $_POST['sn']; $ip['dir'] = $_POST['dir']; $ip['descr'] = $_POST['descr']; - if ($_POST['bw_up']) + if ($_POST['bw_up']) { $ip['bw_up'] = $_POST['bw_up']; - if ($_POST['bw_down']) + } + if ($_POST['bw_down']) { $ip['bw_down'] = $_POST['bw_down']; - if (isset($id) && $a_allowedhostnames[$id]) + } + if (isset($id) && $a_allowedhostnames[$id]) { $a_allowedhostnames[$id] = $ip; - else + } else { $a_allowedhostnames[] = $ip; + } allowedhostnames_sort(); - + write_config(); $rules = captiveportal_allowedhostname_configure(); @@ -145,7 +157,7 @@ if ($_POST) { $cpzoneid = $a_cp[$cpzone]['zoneid']; mwexec("/sbin/ipfw -x {$cpzoneid} {$g['tmp_path']}/hostname_rules"); unset($rules); - + header("Location: services_captiveportal_hostname.php?zone={$cpzone}"); exit; } @@ -157,52 +169,65 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="services_captiveportal_hostname_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="captiveportal hostname edit"> +<form action="services_captiveportal_hostname_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="captiveportal hostname edit"> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Direction"); ?></td> - <td width="78%" class="vtable"> - <select name="dir" class="formfld"> - <?php - $dirs = array(gettext("Both"),gettext("From"),gettext("To")) ; - foreach ($dirs as $dir): ?> - <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected=\"selected\"";?> > - <?=htmlspecialchars($dir);?> - </option> - <?php endforeach; ?> - </select> - <br /> - <span class="vexpl"><?=gettext("Use"); ?> <em><?=gettext("From"); ?></em> <?=gettext("to always allow an Hostname through the captive portal (without authentication)"); ?>. - <?=gettext("Use"); ?> <em><?=gettext("To"); ?></em> <?=gettext("to allow access from all clients (even non-authenticated ones) behind the portal to this Hostname"); ?>.</span></td> + <td width="78%" class="vtable"> + <select name="dir" class="formfld"> + <?php + $dirs = array(gettext("Both"), gettext("From"), gettext("To")) ; + foreach ($dirs as $dir): + ?> + <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected=\"selected\"";?> > + <?=htmlspecialchars($dir);?> + </option> + <?php + endforeach; + ?> + </select> + <br /> + <span class="vexpl"> + <?=gettext("Use"); ?> <em><?=gettext("From"); ?></em> <?=gettext("to always allow an Hostname through the captive portal (without authentication)"); ?>. + <?=gettext("Use"); ?> <em><?=gettext("To"); ?></em> <?=gettext("to allow access from all clients (even non-authenticated ones) behind the portal to this Hostname"); ?>. + </span> + </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="hostname" type="text" class="formfld unknown" id="hostname" size="17" value="<?=htmlspecialchars($pconfig['hostname']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Hostname");?>.</span></td> + <br /> + <span class="vexpl"><?=gettext("Hostname");?>.</span> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)"); ?>.</span></td> - </tr> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)"); ?>.</span> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth up"); ?></td> <td width="78%" class="vtable"> - <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter a upload limit to be enforced on this Hostname in Kbit/s"); ?></span></td> + <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter a upload limit to be enforced on this Hostname in Kbit/s"); ?></span> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth down"); ?></td> <td width="78%" class="vtable"> - <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter a download limit to be enforced on this Hostname in Kbit/s"); ?></span></td> + <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter a download limit to be enforced on this Hostname in Kbit/s"); ?></span> + </td> </tr> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> + <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>" /> <?php if (isset($id) && $a_allowedhostnames[$id]): ?> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 72b1126..c475aeb 100644 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -47,43 +47,46 @@ require("shaper.inc"); require("captiveportal.inc"); $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) +if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { $cpzoneid = $a_cp[$cpzone]['zoneid']; +} -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), $a_cp[$cpzone]['zone']); $shortcut_section = "captiveportal"; if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; if ($a_allowedips[$_GET['id']]) { $ipent = $a_allowedips[$_GET['id']]; - + if (isset($config['captiveportal'][$cpzone]['enable'])) { $mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32; - + $ipfw = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, 3, $ipent['ip']); pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 3, $ipent['ip'], $mask); pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 4, $ipent['ip'], $mask); - + if (is_array($ipfw)) { captiveportal_free_dn_ruleno($ipfw['dnpipe']); pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}"); pfSense_pipe_action("pipe delete " . ($ipfw['dnpipe']+1)); } } - + unset($a_allowedips[$_GET['id']]); write_config(); header("Location: services_captiveportal_ip.php?zone={$cpzone}"); @@ -97,10 +100,11 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <form action="services_captiveportal_ip.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="captiveportal ip addresses"> - <tr><td class="tabnavtbl"> + <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> + <?php if ($savemsg) print_info_box($savemsg); ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="captiveportal ip addresses"> + <tr> + <td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Captive portal(s)"), false, "services_captiveportal.php?zone={$cpzone}"); @@ -111,74 +115,93 @@ include("head.inc"); $tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); ?> - </td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="main"> - <tr> - <td width="40%" class="listhdrr"><?=gettext("IP address"); ?></td> - <td width="50%" class="listhdr"><?=gettext("Description"); ?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> -<?php if (is_array($a_cp[$cpzone]['allowedip'])): - $i = 0; foreach ($a_cp[$cpzone]['allowedip'] as $ip): ?> - <tr ondblclick="document.location='services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>'"> - <td class="listlr"> - <?php - if($ip['dir'] == "to") { - echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"in\" /> "; - } - if($ip['dir'] == "both") { - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"pass\" /> "; - } - echo strtolower($ip['ip']); - if($ip['sn'] != "32" && is_numeric($ip['sn'])) { - $sn = $ip['sn']; - echo "/$sn"; - } - if($ip['dir'] == "from") { - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"any\" /> any"; - } - - ?> - </td> - <td class="listbg"> - <?=htmlspecialchars($ip['descr']);?> - </td> - <td valign="middle" class="list nowrap"><a href="services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit address"); ?>" width="17" height="17" border="0" alt="edit" /></a> - <a href="services_captiveportal_ip.php?zone=<?=$cpzone;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this address?"); ?>')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete address"); ?>" width="17" height="17" border="0" alt="delete" /></a></td> - </tr> - <?php $i++; endforeach; endif; ?> - <tr> - <td class="list" colspan="2"> </td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <tr> - <td colspan="2" class="list"><p class="vexpl"><span class="red"><strong> - <?=gettext("Note:"); ?><br /> - </strong></span> - <?=gettext("Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example."); ?></p> - </td> - <td class="list"> </td> - </tr> - </table> - </td> - </tr> - </table> + </td> + </tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="main"> + <tr> + <td width="40%" class="listhdrr"><?=gettext("IP address"); ?></td> + <td width="50%" class="listhdr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + if (is_array($a_cp[$cpzone]['allowedip'])): + $i = 0; + foreach ($a_cp[$cpzone]['allowedip'] as $ip): +?> + <tr ondblclick="document.location='services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>'"> + <td class="listlr"> +<?php + if ($ip['dir'] == "to") { + echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"in\" /> "; + } + if ($ip['dir'] == "both") { + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"pass\" /> "; + } + echo strtolower($ip['ip']); + if ($ip['sn'] != "32" && is_numeric($ip['sn'])) { + $sn = $ip['sn']; + echo "/$sn"; + } + if ($ip['dir'] == "from") { + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"middle\" alt=\"any\" /> any"; + } +?> + </td> + <td class="listbg"> + <?=htmlspecialchars($ip['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <a href="services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>&id=<?=$i;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit address"); ?>" width="17" height="17" border="0" alt="edit" /></a> + + <a href="services_captiveportal_ip.php?zone=<?=$cpzone;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this address?"); ?>')"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete address"); ?>" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> +<?php + $i++; + endforeach; + endif; +?> + <tr> + <td class="list" colspan="2"> </td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_captiveportal_ip_edit.php?zone=<?=$cpzone;?>"><img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add address"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td colspan="2" class="list"> + <p class="vexpl"> + <span class="red"> + <strong> + <?=gettext("Note:"); ?><br /> + </strong> + </span> + <?=gettext("Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example."); ?> + </p> + </td> + <td class="list"> </td> + </tr> + </table> + </td> + </tr> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 4ad066a..c5e5544 100644 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -1,24 +1,24 @@ -<?php +<?php /* services_captiveportal_ip_edit.php Copyright (C) 2013-2015 Electric Sheep Fencing, LP Copyright (C) 2011 Scott Ullrich <sullrich@gmail.com> All rights reserved. - Originally part of m0n0wall (http://m0n0.ch/wall) + Originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com> All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -49,7 +49,7 @@ function allowedipscmp($a, $b) { function allowedips_sort() { global $g, $config, $cpzone; - usort($config['captiveportal'][$cpzone]['allowedip'],"allowedipscmp"); + usort($config['captiveportal'][$cpzone]['allowedip'], "allowedipscmp"); } require("guiconfig.inc"); @@ -58,29 +58,34 @@ require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit allowed IP address")); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit allowed IP address")); $shortcut_section = "captiveportal"; $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} + if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) +if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) { $config['captiveportal'][$cpzone]['allowedip'] = array(); +} $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; if (isset($id) && $a_allowedips[$id]) { @@ -99,29 +104,34 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "ip sn"); $reqdfieldsn = array(gettext("Allowed IP address"), gettext("Subnet mask")); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) + + if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) { $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['ip']); - - if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32))) + } + + if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32))) { $input_errors[] = gettext("A valid subnet mask must be specified"); - - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) + } + + if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { $input_errors[] = gettext("Upload speed needs to be an integer"); + } - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) + if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { $input_errors[] = gettext("Download speed needs to be an integer"); + } foreach ($a_allowedips as $ipent) { - if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) + if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) { continue; - - if ($ipent['ip'] == $_POST['ip']){ + } + + if ($ipent['ip'] == $_POST['ip']) { $input_errors[] = sprintf("[%s] %s.", $_POST['ip'], gettext("already allowed")) ; break ; - } + } } if (!$input_errors) { @@ -129,16 +139,19 @@ if ($_POST) { $ip['ip'] = $_POST['ip']; $ip['sn'] = $_POST['sn']; $ip['descr'] = $_POST['descr']; - if ($_POST['bw_up']) + if ($_POST['bw_up']) { $ip['bw_up'] = $_POST['bw_up']; - if ($_POST['bw_down']) + } + if ($_POST['bw_down']) { $ip['bw_down'] = $_POST['bw_down']; + } if (isset($id) && $a_allowedips[$id]) { $oldip = $a_allowedips[$id]['ip']; - if (!empty($a_allowedips[$id]['sn'])) + if (!empty($a_allowedips[$id]['sn'])) { $oldmask = $a_allowedips[$id]['sn']; - else + } else { $oldmask = 32; + } $a_allowedips[$id] = $ip; } else { $a_allowedips[] = $ip; @@ -169,7 +182,7 @@ if ($_POST) { mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); } - + header("Location: services_captiveportal_ip.php?zone={$cpzone}"); exit; } @@ -181,48 +194,51 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="captiveportal allow ip edit"> +<form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="captiveportal allow ip edit"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit allowed ip rule");?></td> - </tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit allowed ip rule");?></td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("IP address"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="17" value="<?=htmlspecialchars($pconfig['ip']);?>" /> /<select name='sn' class="formselect" id='sn'> <?php for ($i = 32; $i >= 1; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['sn']) echo "selected=\"selected\""; ?>><?=$i;?></option> <?php endfor; ?> </select> - <br /> + <br /> <span class="vexpl"><?=gettext("IP address and subnet mask. Use /32 for a single IP");?>.</span> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)"); ?>.</span> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)"); ?>.</span> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth up"); ?></td> <td width="78%" class="vtable"> - <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter a upload limit to be enforced on this IP address in Kbit/s"); ?></span> - </td> + <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter a upload limit to be enforced on this IP address in Kbit/s"); ?></span> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth down"); ?></td> - <td width="78%" class="vtable"> - <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter a download limit to be enforced on this IP address in Kbit/s"); ?></span> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth down"); ?></td> + <td width="78%" class="vtable"> + <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter a download limit to be enforced on this IP address in Kbit/s"); ?></span> + </td> </tr> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> + <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>" /> <?php if (isset($id) && $a_allowedips[$id]): ?> @@ -230,7 +246,7 @@ include("head.inc"); <?php endif; ?> </td> </tr> - </table> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index b81a4c2..d6fe66a 100644 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -49,19 +49,21 @@ global $cpzone; global $cpzoneid; $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) +if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } -if (!is_array($config['captiveportal'])) +if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), $a_cp[$cpzone]['zone']); $shortcut_section = "captiveportal"; if ($_POST) { @@ -80,8 +82,9 @@ if ($_POST) { @unlink("{$g['tmp_path']}/passthrumac_gui"); } $savemsg = get_std_save_message($retval); - if ($retval == 0) + if ($retval == 0) { clear_subsystem_dirty('passthrumac'); + } } } @@ -94,16 +97,18 @@ if ($_POST) { echo gettext("Please set the zone on which the operation should be allowed"); exit; } - if (!is_array($a_cp[$cpzone]['passthrumac'])) + if (!is_array($a_cp[$cpzone]['passthrumac'])) { $a_cp[$cpzone]['passthrumac'] = array(); + } $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; if ($_POST['username']) { $mac = captiveportal_passthrumac_findbyname($_POST['username']); - if (!empty($mac)) + if (!empty($mac)) { $_POST['delmac'] = $mac['mac']; - else + } else { echo gettext("No entry exists for this username:") . " " . $_POST['username'] . "\n"; + } } if ($_POST['delmac']) { $found = false; @@ -123,8 +128,9 @@ if ($_POST) { unset($a_passthrumacs[$idx]); write_config(); echo gettext("The entry was successfully deleted") . "\n"; - } else + } else { echo gettext("No entry exists for this mac address:") . " " . $_POST['delmac'] . "\n"; + } } exit; } @@ -158,7 +164,8 @@ include("head.inc"); <?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br />You must apply the changes in order for them to take effect."));?><br /> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="captiveportal mac"> - <tr><td class="tabnavtbl"> + <tr> + <td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Captive portal(s)"), false, "services_captiveportal.php?zone={$cpzone}"); @@ -169,7 +176,8 @@ include("head.inc"); $tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); ?> - </td></tr> + </td> + </tr> <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="main"> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index 50a28db..191c9bb 100644 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -46,7 +46,7 @@ function passthrumacscmp($a, $b) { function passthrumacs_sort() { global $config, $cpzone; - usort($config['captiveportal'][$cpzone]['passthrumac'],"passthrumacscmp"); + usort($config['captiveportal'][$cpzone]['passthrumac'], "passthrumacscmp"); } require("guiconfig.inc"); @@ -58,29 +58,34 @@ require("captiveportal.inc"); global $cpzone; global $cpzoneid; -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit MAC address rules")); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit MAC address rules")); $shortcut_section = "captiveportal"; $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) +if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } -if (!is_array($config['captiveportal'])) +if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (!is_array($a_cp[$cpzone]['passthrumac'])) +if (!is_array($a_cp[$cpzone]['passthrumac'])) { $a_cp[$cpzone]['passthrumac'] = array(); +} $a_passthrumacs = &$a_cp[$cpzone]['passthrumac']; if (isset($id) && $a_passthrumacs[$id]) { @@ -118,16 +123,19 @@ if ($_POST) { $input_errors[] = sprintf("%s. [%s]", gettext("A valid MAC address must be specified"), $_POST['mac']); } } - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) + if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { $input_errors[] = gettext("Upload speed needs to be an integer"); - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) + } + if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { $input_errors[] = gettext("Download speed needs to be an integer"); + } foreach ($a_passthrumacs as $macent) { - if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent)) + if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent)) { continue; + } - if ($macent['mac'] == $_POST['mac']){ + if ($macent['mac'] == $_POST['mac']) { $input_errors[] = sprintf("[%s] %s.", $_POST['mac'], gettext("already exists")); break; } @@ -137,12 +145,15 @@ if ($_POST) { $mac = array(); $mac['action'] = $_POST['action']; $mac['mac'] = $_POST['mac']; - if ($_POST['bw_up']) + if ($_POST['bw_up']) { $mac['bw_up'] = $_POST['bw_up']; - if ($_POST['bw_down']) + } + if ($_POST['bw_down']) { $mac['bw_down'] = $_POST['bw_down']; - if ($_POST['username']) + } + if ($_POST['username']) { $mac['username'] = $_POST['username']; + } $mac['descr'] = $_POST['descr']; @@ -208,11 +219,12 @@ include("head.inc"); <?php $ip = getenv('REMOTE_ADDR'); $mac = `/usr/sbin/arp -an | grep {$ip} | cut -d" " -f4`; - $mac = str_replace("\n","",$mac); + $mac = str_replace("\n", "", $mac); ?> <a onclick="document.forms[0].mac.value='<?=$mac?>';" href="#"><?=gettext("Copy my MAC address");?></a> <br /> - <span class="vexpl"><?=gettext("MAC address (6 hex octets separated by colons)"); ?></span></td> + <span class="vexpl"><?=gettext("MAC address (6 hex octets separated by colons)"); ?></span> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 2f02802..82477b5 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -1,21 +1,21 @@ -<?php +<?php /* services_captiveportal_vouchers.php Copyright (C) 2013-2015 Electric Sheep Fencing, LP Copyright (C) 2007 Marcel Wiget <mwiget@mac.com> - All rights reserved. - + All rights reserved. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -39,8 +39,9 @@ ##|*MATCH=services_captiveportal_vouchers.php* ##|-PRIV -if ($_POST['postafterlogin']) +if ($_POST['postafterlogin']) { $nocsrf= true; +} require("guiconfig.inc"); require("functions.inc"); @@ -52,15 +53,16 @@ require_once("voucher.inc"); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_captiveportal_vouchers.php'); $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if($_REQUEST['generatekey']) { +if ($_REQUEST['generatekey']) { exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private"); exec("/usr/bin/openssl rsa -pubout < /tmp/key64.private > /tmp/key64.public"); $privatekey = str_replace("\n", "\\n", file_get_contents("/tmp/key64.private")); @@ -77,12 +79,14 @@ EOF; exit; } -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; -if (!is_array($config['voucher'])) +if (!is_array($config['voucher'])) { $config['voucher'] = array(); +} if (empty($a_cp[$cpzone])) { log_error("Submission on captiveportal page with unknown zone parameter: " . htmlspecialchars($cpzone)); @@ -94,25 +98,33 @@ if (empty($a_cp[$cpzone])) { $pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Vouchers"), $a_cp[$cpzone]['zone']); $shortcut_section = "captiveportal-vouchers"; -if (!is_array($config['voucher'][$cpzone]['roll'])) +if (!is_array($config['voucher'][$cpzone]['roll'])) { $config['voucher'][$cpzone]['roll'] = array(); -if (!isset($config['voucher'][$cpzone]['charset'])) +} +if (!isset($config['voucher'][$cpzone]['charset'])) { $config['voucher'][$cpzone]['charset'] = '2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'; -if (!isset($config['voucher'][$cpzone]['rollbits'])) +} +if (!isset($config['voucher'][$cpzone]['rollbits'])) { $config['voucher'][$cpzone]['rollbits'] = 16; -if (!isset($config['voucher'][$cpzone]['ticketbits'])) +} +if (!isset($config['voucher'][$cpzone]['ticketbits'])) { $config['voucher'][$cpzone]['ticketbits'] = 10; -if (!isset($config['voucher'][$cpzone]['checksumbits'])) +} +if (!isset($config['voucher'][$cpzone]['checksumbits'])) { $config['voucher'][$cpzone]['checksumbits'] = 5; -if (!isset($config['voucher'][$cpzone]['magic'])) +} +if (!isset($config['voucher'][$cpzone]['magic'])) { $config['voucher'][$cpzone]['magic'] = rand(); // anything slightly random will do +} if (!isset($config['voucher'][$cpzone]['exponent'])) { while (true) { - while (($exponent = rand()) % 30000 < 5000) + while (($exponent = rand()) % 30000 < 5000) { continue; + } $exponent = ($exponent * 2) + 1; // Make it odd number - if ($exponent <= 65537) + if ($exponent <= 65537) { break; + } } $config['voucher'][$cpzone]['exponent'] = $exponent; unset($exponent); @@ -131,31 +143,32 @@ if (!isset($config['voucher'][$cpzone]['publickey'])) { } // Check for invalid or expired vouchers -if (!isset($config['voucher'][$cpzone]['descrmsgnoaccess'])) +if (!isset($config['voucher'][$cpzone]['descrmsgnoaccess'])) { $config['voucher'][$cpzone]['descrmsgnoaccess'] = gettext("Voucher invalid"); -if (!isset($config['voucher'][$cpzone]['descrmsgexpired'])) +} +if (!isset($config['voucher'][$cpzone]['descrmsgexpired'])) { $config['voucher'][$cpzone]['descrmsgexpired'] = gettext("Voucher expired"); +} $a_roll = &$config['voucher'][$cpzone]['roll']; if ($_GET['act'] == "del") { - $id = $_GET['id']; - if ($a_roll[$id]) { - $roll = $a_roll[$id]['number']; + $id = $_GET['id']; + if ($a_roll[$id]) { + $roll = $a_roll[$id]['number']; $voucherlck = lock("voucher{$cpzone}"); unset($a_roll[$id]); voucher_unlink_db($roll); unlock($voucherlck); write_config(); - } + } header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); exit; -} -/* print all vouchers of the selected roll */ -else if ($_GET['act'] == "csv") { +} else if ($_GET['act'] == "csv") { + /* print all vouchers of the selected roll */ $privkey = base64_decode($config['voucher'][$cpzone]['privatekey']); - if (strstr($privkey,"BEGIN RSA PRIVATE KEY")) { - $fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.private","w"); + if (strstr($privkey, "BEGIN RSA PRIVATE KEY")) { + $fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.private", "w"); if (!$fd) { $input_errors[] = gettext("Cannot write private key file") . ".\n"; } else { @@ -169,11 +182,13 @@ else if ($_GET['act'] == "csv") { $count = $a_voucher[$id]['count']; header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=vouchers_{$cpzone}_roll{$number}.csv"); - if (file_exists("{$g['varetc_path']}/voucher_{$cpzone}.cfg")) + if (file_exists("{$g['varetc_path']}/voucher_{$cpzone}.cfg")) { system("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -p {$g['varetc_path']}/voucher_{$cpzone}.private $number $count"); + } @unlink("{$g['varetc_path']}/voucher_{$cpzone}.private"); - } else + } else { header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); + } exit; } } else { @@ -210,48 +225,59 @@ if ($_POST) { /* input validation */ if ($_POST['enable'] == "yes") { - if (!$_POST['vouchersyncusername']) { + if (!$_POST['vouchersyncusername']) { $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic")); + $reqdfieldsn = array(gettext("charset"), gettext("rollbits"), gettext("ticketbits"), gettext("checksumbits"), gettext("publickey"), gettext("magic")); } else { $reqdfields = explode(" ", "vouchersyncdbip vouchersyncport vouchersyncpass vouchersyncusername"); - $reqdfieldsn = array(gettext("Synchronize Voucher Database IP"),gettext("Sync port"),gettext("Sync password"),gettext("Sync username")); + $reqdfieldsn = array(gettext("Synchronize Voucher Database IP"), gettext("Sync port"), gettext("Sync password"), gettext("Sync username")); } - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); } - - if (!$_POST['vouchersyncusername']) { + + if (!$_POST['vouchersyncusername']) { // Check for form errors - if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) + if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) { $input_errors[] = gettext("Need at least 2 characters to create vouchers."); - if ($_POST['charset'] && (strpos($_POST['charset'],"\"")>0)) + } + if ($_POST['charset'] && (strpos($_POST['charset'], "\"")>0)) { $input_errors[] = gettext("Double quotes aren't allowed."); - if ($_POST['charset'] && (strpos($_POST['charset'],",")>0)) + } + if ($_POST['charset'] && (strpos($_POST['charset'], ",")>0)) { $input_errors[] = "',' " . gettext("aren't allowed."); - if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) + } + if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) { $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); - if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) + } + if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) { $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); - if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) + } + if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) { $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) + } + if ($_POST['publickey'] && (!strstr($_POST['publickey'], "BEGIN PUBLIC KEY"))) { $input_errors[] = gettext("This doesn't look like an RSA Public key."); - if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) + } + if ($_POST['privatekey'] && (!strstr($_POST['privatekey'], "BEGIN RSA PRIVATE KEY"))) { $input_errors[] = gettext("This doesn't look like an RSA Private key."); - if ($_POST['vouchersyncdbip'] && (is_ipaddr_configured($_POST['vouchersyncdbip']))) + } + if ($_POST['vouchersyncdbip'] && (is_ipaddr_configured($_POST['vouchersyncdbip']))) { $input_errors[] = gettext("You cannot sync the voucher database to this host (itself)."); + } } if (!$input_errors) { - if (empty($config['voucher'][$cpzone])) - $newvoucher = array(); - else - $newvoucher = $config['voucher'][$cpzone]; - if ($_POST['enable'] == "yes") + if (empty($config['voucher'][$cpzone])) { + $newvoucher = array(); + } else { + $newvoucher = $config['voucher'][$cpzone]; + } + if ($_POST['enable'] == "yes") { $newvoucher['enable'] = true; - else + } else { unset($newvoucher['enable']); + } if (empty($_POST['vouchersyncusername'])) { unset($newvoucher['vouchersyncdbip']); unset($newvoucher['vouchersyncport']); @@ -275,19 +301,21 @@ if ($_POST) { $newvoucher['vouchersyncport'] = $_POST['vouchersyncport']; $newvoucher['vouchersyncusername'] = $_POST['vouchersyncusername']; $newvoucher['vouchersyncpass'] = $_POST['vouchersyncpass']; - if($newvoucher['vouchersyncpass'] && $newvoucher['vouchersyncusername'] && - $newvoucher['vouchersyncport'] && $newvoucher['vouchersyncdbip']) { + if ($newvoucher['vouchersyncpass'] && $newvoucher['vouchersyncusername'] && + $newvoucher['vouchersyncport'] && $newvoucher['vouchersyncdbip']) { // Synchronize the voucher DB from the master node require_once("xmlrpc.inc"); $protocol = "http"; if (is_array($config['system']) && is_array($config['system']['webgui']) && !empty($config['system']['webgui']['protocol']) && - $config['system']['webgui']['protocol'] == "https") + $config['system']['webgui']['protocol'] == "https") { $protocol = "https"; - if ($protocol == "https" || $newvoucher['vouchersyncport'] == "443") + } + if ($protocol == "https" || $newvoucher['vouchersyncport'] == "443") { $url = "https://{$newvoucher['vouchersyncdbip']}"; - else + } else { $url = "http://{$newvoucher['vouchersyncdbip']}"; + } $execcmd = <<<EOF \$toreturn = array(); @@ -307,12 +335,12 @@ EOF; $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($newvoucher['vouchersyncusername'], $newvoucher['vouchersyncpass']); $resp = $cli->send($msg, "250"); - if(!is_object($resp)) { + if (!is_object($resp)) { $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); $input_errors[] = $error; - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -324,31 +352,42 @@ EOF; } if (!$input_errors) { $toreturn = XML_RPC_Decode($resp->value()); - if(!is_array($toreturn)) { - if($toreturn == "Authentication failed") + if (!is_array($toreturn)) { + if ($toreturn == "Authentication failed") { $input_errors[] = "Could not synchronize the voucher database: Authentication Failed."; - } else { + } + } else { // If we received back the voucher roll and other information then store it. - if($toreturn['voucher']['roll']) + if ($toreturn['voucher']['roll']) { $newvoucher['roll'] = $toreturn['voucher']['roll']; - if($toreturn['voucher']['rollbits']) + } + if ($toreturn['voucher']['rollbits']) { $newvoucher['rollbits'] = $toreturn['voucher']['rollbits']; - if($toreturn['voucher']['ticketbits']) + } + if ($toreturn['voucher']['ticketbits']) { $newvoucher['ticketbits'] = $toreturn['voucher']['ticketbits']; - if($toreturn['voucher']['checksumbits']) + } + if ($toreturn['voucher']['checksumbits']) { $newvoucher['checksumbits'] = $toreturn['voucher']['checksumbits']; - if($toreturn['voucher']['magic']) + } + if ($toreturn['voucher']['magic']) { $newvoucher['magic'] = $toreturn['voucher']['magic']; - if($toreturn['voucher']['exponent']) + } + if ($toreturn['voucher']['exponent']) { $newvoucher['exponent'] = $toreturn['voucher']['exponent']; - if($toreturn['voucher']['publickey']) + } + if ($toreturn['voucher']['publickey']) { $newvoucher['publickey'] = $toreturn['voucher']['publickey']; - if($toreturn['voucher']['privatekey']) + } + if ($toreturn['voucher']['privatekey']) { $newvoucher['privatekey'] = $toreturn['voucher']['privatekey']; - if($toreturn['voucher']['descrmsgnoaccess']) + } + if ($toreturn['voucher']['descrmsgnoaccess']) { $newvoucher['descrmsgnoaccess'] = $toreturn['voucher']['descrmsgnoaccess']; - if($toreturn['voucher']['descrmsgexpired']) + } + if ($toreturn['voucher']['descrmsgexpired']) { $newvoucher['descrmsgexpired'] = $toreturn['voucher']['descrmsgexpired']; + } $savemsg = gettext("Voucher database has been synchronized from {$url}:{$port}"); $config['voucher'][$cpzone] = $newvoucher; @@ -374,10 +413,10 @@ function generatenewkey() { jQuery('#privatekey').val('One moment please...'); jQuery.ajax("services_captiveportal_vouchers.php?zone=<?php echo($cpzone); ?>&generatekey=true", { type: 'get', - success: function(data) { + success: function(data) { eval(data); } - }); + }); } function before_save() { document.iform.charset.disabled = false; @@ -389,13 +428,14 @@ function before_save() { document.iform.privatekey.disabled = false; document.iform.msgnoaccess.disabled = false; document.iform.msgexpired.disabled = false; - for(var x=0; x < <?php echo count($a_roll); ?>; x++) + for (var x=0; x < <?php echo count($a_roll); ?>; x++) { jQuery('#addeditdelete' + x).show(); + } jQuery('#addnewroll').show(); } function enable_change(enable_change) { var endis; - endis = !(document.iform.enable.checked || enable_change); + endis = !(document.iform.enable.checked || enable_change); document.iform.charset.disabled = endis; document.iform.rollbits.disabled = endis; document.iform.ticketbits.disabled = endis; @@ -409,7 +449,7 @@ function enable_change(enable_change) { document.iform.vouchersyncport.disabled = endis; document.iform.vouchersyncpass.disabled = endis; document.iform.vouchersyncusername.disabled = endis; - if(document.iform.vouchersyncusername.value != "") { + if (document.iform.vouchersyncusername.value != "") { document.iform.charset.disabled = true; document.iform.rollbits.disabled = true; document.iform.ticketbits.disabled = true; @@ -419,12 +459,14 @@ function enable_change(enable_change) { document.iform.privatekey.disabled = true; document.iform.msgnoaccess.disabled = true; document.iform.msgexpired.disabled = true; - for(var x=0; x < <?php echo count($a_roll); ?>; x++) + for (var x=0; x < <?php echo count($a_roll); ?>; x++) { jQuery('#addeditdelete' + x).hide(); + } jQuery('#addnewroll').hide(); } else { - for(var x=0; x < <?php echo count($a_roll); ?>; x++) + for (var x=0; x < <?php echo count($a_roll); ?>; x++) { jQuery('#addeditdelete' + x).show(); + } jQuery('#addnewroll').show(); } } @@ -439,7 +481,7 @@ function enable_change(enable_change) { <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="tab pane"> <tr> <td class="tabnavtbl"> -<?php +<?php $tab_array = array(); $tab_array[] = array(gettext("Captive portal(s)"), false, "services_captiveportal.php?zone={$cpzone}"); $tab_array[] = array(gettext("MAC"), false, "services_captiveportal_mac.php?zone={$cpzone}"); @@ -448,13 +490,13 @@ function enable_change(enable_change) { $tab_array[] = array(gettext("Vouchers"), true, "services_captiveportal_vouchers.php?zone={$cpzone}"); $tab_array[] = array(gettext("File Manager"), false, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); -?> +?> </td> </tr> <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="checkbox pane"> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> @@ -464,9 +506,10 @@ function enable_change(enable_change) { <tr> <td valign="top" class="vncell"> <?=gettext("Voucher Rolls"); ?> - <?php - if($pconfig['vouchersyncdbip']) + <?php + if ($pconfig['vouchersyncdbip']) { echo "<br />(Synchronized from {$pconfig['vouchersyncdbip']})"; + } ?> </td> <td class="vtable"> @@ -478,9 +521,9 @@ function enable_change(enable_change) { <td width="35%" class="listhdr"><?=gettext("Comment"); ?></td> <td width="15%" class="list"></td> </tr> - <?php $i = 0; foreach($a_roll as $rollent): ?> - <tr> - <td class="listlr"> + <?php $i = 0; foreach ($a_roll as $rollent): ?> + <tr> + <td class="listlr"> <?=htmlspecialchars($rollent['number']); ?> </td> <td class="listr"> @@ -492,26 +535,27 @@ function enable_change(enable_change) { <td class="listr"> <?=htmlspecialchars($rollent['descr']); ?> </td> - <td valign="middle" class="list nowrap"> + <td valign="middle" class="list nowrap"> <div id='addeditdelete<?=$i?>'> - <?php if ($pconfig['enable']): ?> + <?php if ($pconfig['enable']): ?> <a href="services_captiveportal_vouchers_edit.php?zone=<?=$cpzone;?>&id=<?=$i; ?>"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit voucher"); ?>" width="17" height="17" border="0" alt="<?=gettext("edit voucher"); ?>" /></a> <a href="services_captiveportal_vouchers.php?zone=<?=$cpzone;?>&act=del&id=<?=$i; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this voucher? This makes all vouchers from this roll invalid"); ?>')"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete vouchers"); ?>" width="17" height="17" border="0" alt="<?=gettext("delete vouchers"); ?>" /></a> <a href="services_captiveportal_vouchers.php?zone=<?=$cpzone;?>&act=csv&id=<?=$i; ?>"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_log_s.gif" title="<?=gettext("generate vouchers for this roll to CSV file"); ?>" width="11" height="15" border="0" alt="<?=gettext("generate vouchers for this roll to CSV file"); ?>" /></a> - <?php endif;?> + <?php endif;?> </div> </td> </tr> <?php $i++; endforeach; ?> - <tr> + <tr> <td class="list" colspan="4"></td> <?php - if ($pconfig['enable']) + if ($pconfig['enable']) { echo "<td class=\"list\"><div id='addnewroll'> <a href=\"services_captiveportal_vouchers_edit.php?zone={$cpzone}\"><img src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\"" . gettext("add voucher") . "\" width=\"17\" height=\"17\" border=\"0\" alt=\"" . gettext("add voucher") . "\" /></a></div></td>"; + } ?> </tr> - </table> - <?php if ($pconfig['enable']): ?> + </table> + <?php if ($pconfig['enable']): ?> <?=gettext("Create, generate and activate Rolls with Vouchers that allow access through the " . "captive portal for the configured time. Once a voucher is activated, " . "its clock is started and runs uninterrupted until it expires. During that " . @@ -520,128 +564,131 @@ function enable_change(enable_change) { <?php else: ?> <?=gettext("Enable Voucher support first using the checkbox above and hit Save at the bottom."); ?> <?php endif;?> - </td> - </tr> - <tr> - <td valign="top" class="vncellreq"> - <?=gettext("Voucher public key"); ?> - </td> - <td class="vtable"> - <textarea name="publickey" cols="65" rows="4" id="publickey" class="formpre"><?=htmlspecialchars($pconfig['publickey']);?></textarea> - <br /> - <?=gettext("Paste an RSA public key (64 Bit or smaller) in PEM format here. This key is used to decrypt vouchers."); ?> <a href='#' onclick='generatenewkey();'><?=gettext('Generate');?></a> <?=gettext('new key');?>.</td> - </tr> - <tr> - <td valign="top" class="vncell"><?=gettext("Voucher private key"); ?></td> - <td class="vtable"> - <textarea name="privatekey" cols="65" rows="5" id="privatekey" class="formpre"><?=htmlspecialchars($pconfig['privatekey']);?></textarea> - <br /> - <?=gettext("Paste an RSA private key (64 Bit or smaller) in PEM format here. This key is only used to generate encrypted vouchers and doesn't need to be available if the vouchers have been generated offline."); ?> <a href='#' onclick='generatenewkey();'> <?=gettext('Generate');?></a> <?=gettext('new key');?>.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Character set"); ?></td> - <td width="78%" class="vtable"> - <input name="charset" type="text" class="formfld" id="charset" size="80" value="<?=htmlspecialchars($pconfig['charset']);?>" /> - <br /> - <?=gettext("Tickets are generated with the specified character set. It should contain printable characters (numbers, lower case and upper case letters) that are hard to confuse with others. Avoid e.g. 0/O and l/1."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"># <?=gettext("of Roll Bits"); ?></td> - <td width="78%" class="vtable"> - <input name="rollbits" type="text" class="formfld" id="rollbits" size="2" value="<?=htmlspecialchars($pconfig['rollbits']);?>" /> - <br /> - <?=gettext("Reserves a range in each voucher to store the Roll # it belongs to. Allowed range: 1..31. Sum of Roll+Ticket+Checksum bits must be one Bit less than the RSA key size."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"># <?=gettext("of Ticket Bits"); ?></td> - <td width="78%" class="vtable"> - <input name="ticketbits" type="text" class="formfld" id="ticketbits" size="2" value="<?=htmlspecialchars($pconfig['ticketbits']);?>" /> - <br /> - <?=gettext("Reserves a range in each voucher to store the Ticket# it belongs to. Allowed range: 1..16. Using 16 bits allows a roll to have up to 65535 vouchers. A bit array, stored in RAM and in the config, is used to mark if a voucher has been used. A bit array for 65535 vouchers requires 8 KB of storage."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"># <?=gettext("of Checksum Bits"); ?></td> - <td width="78%" class="vtable"> - <input name="checksumbits" type="text" class="formfld" id="checksumbits" size="2" value="<?=htmlspecialchars($pconfig['checksumbits']);?>" /> - <br /> - <?=gettext("Reserves a range in each voucher to store a simple checksum over Roll # and Ticket#. Allowed range is 0..31."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Magic Number"); ?></td> - <td width="78%" class="vtable"> - <input name="magic" type="text" class="formfld" id="magic" size="20" value="<?=htmlspecialchars($pconfig['magic']);?>" /> - <br /> - <?=gettext("Magic number stored in every voucher. Verified during voucher check. Size depends on how many bits are left by Roll+Ticket+Checksum bits. If all bits are used, no magic number will be used and checked."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Invalid Voucher Message"); ?></td> - <td width="78%" class="vtable"> - <input name="msgnoaccess" type="text" class="formfld" id="msgnoaccess" size="80" value="<?=htmlspecialchars($pconfig['msgnoaccess']);?>" /> - <br /><?=gettext("Error message displayed for invalid vouchers on captive portal error page"); ?> ($PORTAL_MESSAGE$). - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Expired Voucher Message"); ?></td> - <td width="78%" class="vtable"> - <input name="msgexpired" type="text" class="formfld" id="msgexpired" size="80" value="<?=htmlspecialchars($pconfig['msgexpired']);?>" /> - <br /><?=gettext("Error message displayed for expired vouchers on captive portal error page"); ?> ($PORTAL_MESSAGE$). - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Voucher database synchronization"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Synchronize Voucher Database IP"); ?></td> - <td width="78%" class="vtable"> - <input name="vouchersyncdbip" type="text" class="formfld" id="vouchersyncdbip" size="17" value="<?=htmlspecialchars($pconfig['vouchersyncdbip']);?>" /> - <br /><?=gettext("IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from."); ?> - <br /><?=gettext("NOTE: this should be setup on the slave nodes and not the primary node!"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Voucher sync port"); ?></td> - <td width="78%" class="vtable"> - <input name="vouchersyncport" type="text" class="formfld" id="vouchersyncport" size="7" value="<?=htmlspecialchars($pconfig['vouchersyncport']);?>" /> - <br /><?=gettext("This is the port of the master voucher nodes webConfigurator. Example: 443"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Voucher sync username"); ?></td> - <td width="78%" class="vtable"> - <input name="vouchersyncusername" type="text" class="formfld" id="vouchersyncusername" size="25" value="<?=htmlspecialchars($pconfig['vouchersyncusername']);?>" autocomplete="off" /> - <br /><?=gettext("This is the username of the master voucher nodes webConfigurator."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Voucher sync password"); ?></td> - <td width="78%" class="vtable"> - <input name="vouchersyncpass" type="password" class="formfld" id="vouchersyncpass" size="25" value="<?=htmlspecialchars($pconfig['vouchersyncpass']);?>" autocomplete="off" /> - <br /><?=gettext("This is the password of the master voucher nodes webConfigurator."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> - <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true); before_save();" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - </td> - </tr> - <tr> - <td colspan="2" class="list"><p class="vexpl"> - <span class="red"><strong> <?=gettext("Note:"); ?><br /> </strong></span> + </td> + </tr> + <tr> + <td valign="top" class="vncellreq"> + <?=gettext("Voucher public key"); ?> + </td> + <td class="vtable"> + <textarea name="publickey" cols="65" rows="4" id="publickey" class="formpre"><?=htmlspecialchars($pconfig['publickey']);?></textarea> + <br /> + <?=gettext("Paste an RSA public key (64 Bit or smaller) in PEM format here. This key is used to decrypt vouchers."); ?> <a href='#' onclick='generatenewkey();'><?=gettext('Generate');?></a> <?=gettext('new key');?>. + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?=gettext("Voucher private key"); ?></td> + <td class="vtable"> + <textarea name="privatekey" cols="65" rows="5" id="privatekey" class="formpre"><?=htmlspecialchars($pconfig['privatekey']);?></textarea> + <br /> + <?=gettext("Paste an RSA private key (64 Bit or smaller) in PEM format here. This key is only used to generate encrypted vouchers and doesn't need to be available if the vouchers have been generated offline."); ?> <a href='#' onclick='generatenewkey();'> <?=gettext('Generate');?></a> <?=gettext('new key');?>. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Character set"); ?></td> + <td width="78%" class="vtable"> + <input name="charset" type="text" class="formfld" id="charset" size="80" value="<?=htmlspecialchars($pconfig['charset']);?>" /> + <br /> + <?=gettext("Tickets are generated with the specified character set. It should contain printable characters (numbers, lower case and upper case letters) that are hard to confuse with others. Avoid e.g. 0/O and l/1."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"># <?=gettext("of Roll Bits"); ?></td> + <td width="78%" class="vtable"> + <input name="rollbits" type="text" class="formfld" id="rollbits" size="2" value="<?=htmlspecialchars($pconfig['rollbits']);?>" /> + <br /> + <?=gettext("Reserves a range in each voucher to store the Roll # it belongs to. Allowed range: 1..31. Sum of Roll+Ticket+Checksum bits must be one Bit less than the RSA key size."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"># <?=gettext("of Ticket Bits"); ?></td> + <td width="78%" class="vtable"> + <input name="ticketbits" type="text" class="formfld" id="ticketbits" size="2" value="<?=htmlspecialchars($pconfig['ticketbits']);?>" /> + <br /> + <?=gettext("Reserves a range in each voucher to store the Ticket# it belongs to. Allowed range: 1..16. Using 16 bits allows a roll to have up to 65535 vouchers. A bit array, stored in RAM and in the config, is used to mark if a voucher has been used. A bit array for 65535 vouchers requires 8 KB of storage."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"># <?=gettext("of Checksum Bits"); ?></td> + <td width="78%" class="vtable"> + <input name="checksumbits" type="text" class="formfld" id="checksumbits" size="2" value="<?=htmlspecialchars($pconfig['checksumbits']);?>" /> + <br /> + <?=gettext("Reserves a range in each voucher to store a simple checksum over Roll # and Ticket#. Allowed range is 0..31."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Magic Number"); ?></td> + <td width="78%" class="vtable"> + <input name="magic" type="text" class="formfld" id="magic" size="20" value="<?=htmlspecialchars($pconfig['magic']);?>" /> + <br /> + <?=gettext("Magic number stored in every voucher. Verified during voucher check. Size depends on how many bits are left by Roll+Ticket+Checksum bits. If all bits are used, no magic number will be used and checked."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Invalid Voucher Message"); ?></td> + <td width="78%" class="vtable"> + <input name="msgnoaccess" type="text" class="formfld" id="msgnoaccess" size="80" value="<?=htmlspecialchars($pconfig['msgnoaccess']);?>" /> + <br /><?=gettext("Error message displayed for invalid vouchers on captive portal error page"); ?> ($PORTAL_MESSAGE$). + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Expired Voucher Message"); ?></td> + <td width="78%" class="vtable"> + <input name="msgexpired" type="text" class="formfld" id="msgexpired" size="80" value="<?=htmlspecialchars($pconfig['msgexpired']);?>" /> + <br /><?=gettext("Error message displayed for expired vouchers on captive portal error page"); ?> ($PORTAL_MESSAGE$). + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Voucher database synchronization"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Synchronize Voucher Database IP"); ?></td> + <td width="78%" class="vtable"> + <input name="vouchersyncdbip" type="text" class="formfld" id="vouchersyncdbip" size="17" value="<?=htmlspecialchars($pconfig['vouchersyncdbip']);?>" /> + <br /><?=gettext("IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from."); ?> + <br /><?=gettext("NOTE: this should be setup on the slave nodes and not the primary node!"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Voucher sync port"); ?></td> + <td width="78%" class="vtable"> + <input name="vouchersyncport" type="text" class="formfld" id="vouchersyncport" size="7" value="<?=htmlspecialchars($pconfig['vouchersyncport']);?>" /> + <br /><?=gettext("This is the port of the master voucher nodes webConfigurator. Example: 443"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Voucher sync username"); ?></td> + <td width="78%" class="vtable"> + <input name="vouchersyncusername" type="text" class="formfld" id="vouchersyncusername" size="25" value="<?=htmlspecialchars($pconfig['vouchersyncusername']);?>" autocomplete="off" /> + <br /><?=gettext("This is the username of the master voucher nodes webConfigurator."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Voucher sync password"); ?></td> + <td width="78%" class="vtable"> + <input name="vouchersyncpass" type="password" class="formfld" id="vouchersyncpass" size="25" value="<?=htmlspecialchars($pconfig['vouchersyncpass']);?>" autocomplete="off" /> + <br /><?=gettext("This is the password of the master voucher nodes webConfigurator."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> + <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true); before_save();" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + </td> + </tr> + <tr> + <td colspan="2" class="list"> + <p class="vexpl"> + <span class="red"><strong> <?=gettext("Note:"); ?><br /> </strong></span> <?=gettext("Changing any Voucher parameter (apart from managing the list of Rolls) on this page will render existing vouchers useless if they were generated with different settings."); ?> <br /> <?=gettext("Specifying the Voucher Database Synchronization options will not record any other value from the other options. They will be retrieved/synced from the master."); ?> diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php index b43a0f7..5b1afbe 100644 --- a/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/usr/local/www/services_captiveportal_vouchers_edit.php @@ -1,21 +1,21 @@ -<?php +<?php /* services_captiveportal_vouchers_edit.php Copyright (C) 2013-2015 Electric Sheep Fencing, LP Copyright (C) 2007 Marcel Wiget <mwiget@mac.com>. - All rights reserved. - + All rights reserved. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* +/* pfSense_MODULE: captiveportal */ @@ -49,20 +49,22 @@ $pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit V $shortcut_section = "captiveportal-vouchers"; $cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; +if (isset($_POST['zone'])) { + $cpzone = $_POST['zone']; +} if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; + header("Location: services_captiveportal_zones.php"); + exit; } -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; if (!is_array($config['voucher'])) { - $config['voucher'] = array(); + $config['voucher'] = array(); } if (!is_array($config['voucher'][$cpzone]['roll'])) { @@ -70,10 +72,12 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) { } $a_roll = &$config['voucher'][$cpzone]['roll']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_roll[$id]) { $pconfig['zone'] = $a_roll[$id]['zone']; @@ -87,81 +91,86 @@ $maxnumber = (1<<$config['voucher'][$cpzone]['rollbits']) -1; // Highest Roll $maxcount = (1<<$config['voucher'][$cpzone]['ticketbits']) -1; // Highest Ticket# if ($_POST) { - + unset($input_errors); $pconfig = $_POST; - /* input validation */ - $reqdfields = explode(" ", "number count minutes"); - $reqdfieldsn = array(gettext("Number"),gettext("Count"),gettext("minutes")); + /* input validation */ + $reqdfields = explode(" ", "number count minutes"); + $reqdfieldsn = array(gettext("Number"), gettext("Count"), gettext("minutes")); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); // Look for duplicate roll # - foreach($a_roll as $re) { - if($re['number'] == $_POST['number']) { + foreach ($a_roll as $re) { + if ($re['number'] == $_POST['number']) { $input_errors[] = sprintf(gettext("Roll number %s already exists."), $_POST['number']); break; } } - - if (!is_numeric($_POST['number']) || $_POST['number'] >= $maxnumber) - $input_errors[] = sprintf(gettext("Roll number must be numeric and less than %s"), $maxnumber); - - if (!is_numeric($_POST['count']) || $_POST['count'] < 1 || $_POST['count'] > $maxcount) - $input_errors[] = sprintf(gettext("A roll has at least one voucher and less than %s."), $maxcount); - - if (!is_numeric($_POST['minutes']) || $_POST['minutes'] < 1) - $input_errors[] = gettext("Each voucher must be good for at least 1 minute."); - - if (!$input_errors) { - - if (isset($id) && $a_roll[$id]) - $rollent = $a_roll[$id]; - - $rollent['zone'] = $_POST['zone']; - $rollent['number'] = $_POST['number']; - $rollent['minutes'] = $_POST['minutes']; - $rollent['descr'] = $_POST['descr']; - - /* New Roll or modified voucher count: create bitmask */ - $voucherlck = lock("voucher{$cpzone}"); - if ($_POST['count'] != $rollent['count']) { - $rollent['count'] = $_POST['count']; - $len = ($rollent['count']>>3) + 1; // count / 8 +1 - $rollent['used'] = base64_encode(str_repeat("\000",$len)); // 4 bitmask - $rollent['active'] = array(); - voucher_write_used_db($rollent['number'], $rollent['used']); - voucher_write_active_db($rollent['number'], array()); // create empty DB - voucher_log(LOG_INFO,sprintf(gettext('All %1$s vouchers from Roll %2$s marked unused'), $rollent['count'], $rollent['number'])); - } else { - // existing roll has been modified but without changing the count - // read active and used DB from ramdisk and store it in XML config - $rollent['used'] = base64_encode(voucher_read_used_db($rollent['number'])); - $activent = array(); - $db = array(); - $active_vouchers = voucher_read_active_db($rollent['number'], $rollent['minutes']); - foreach($active_vouchers as $voucher => $line) { - list($timestamp, $minutes) = explode(",", $line); - $activent['voucher'] = $voucher; - $activent['timestamp'] = $timestamp; - $activent['minutes'] = $minutes; - $db[] = $activent; - } - $rollent['active'] = $db; - } - unlock($voucherlck); - - if (isset($id) && $a_roll[$id]) - $a_roll[$id] = $rollent; - else - $a_roll[] = $rollent; - - write_config(); - - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; - } + + if (!is_numeric($_POST['number']) || $_POST['number'] >= $maxnumber) { + $input_errors[] = sprintf(gettext("Roll number must be numeric and less than %s"), $maxnumber); + } + + if (!is_numeric($_POST['count']) || $_POST['count'] < 1 || $_POST['count'] > $maxcount) { + $input_errors[] = sprintf(gettext("A roll has at least one voucher and less than %s."), $maxcount); + } + + if (!is_numeric($_POST['minutes']) || $_POST['minutes'] < 1) { + $input_errors[] = gettext("Each voucher must be good for at least 1 minute."); + } + + if (!$input_errors) { + + if (isset($id) && $a_roll[$id]) { + $rollent = $a_roll[$id]; + } + + $rollent['zone'] = $_POST['zone']; + $rollent['number'] = $_POST['number']; + $rollent['minutes'] = $_POST['minutes']; + $rollent['descr'] = $_POST['descr']; + + /* New Roll or modified voucher count: create bitmask */ + $voucherlck = lock("voucher{$cpzone}"); + if ($_POST['count'] != $rollent['count']) { + $rollent['count'] = $_POST['count']; + $len = ($rollent['count']>>3) + 1; // count / 8 +1 + $rollent['used'] = base64_encode(str_repeat("\000", $len)); // 4 bitmask + $rollent['active'] = array(); + voucher_write_used_db($rollent['number'], $rollent['used']); + voucher_write_active_db($rollent['number'], array()); // create empty DB + voucher_log(LOG_INFO, sprintf(gettext('All %1$s vouchers from Roll %2$s marked unused'), $rollent['count'], $rollent['number'])); + } else { + // existing roll has been modified but without changing the count + // read active and used DB from ramdisk and store it in XML config + $rollent['used'] = base64_encode(voucher_read_used_db($rollent['number'])); + $activent = array(); + $db = array(); + $active_vouchers = voucher_read_active_db($rollent['number'], $rollent['minutes']); + foreach ($active_vouchers as $voucher => $line) { + list($timestamp, $minutes) = explode(",", $line); + $activent['voucher'] = $voucher; + $activent['timestamp'] = $timestamp; + $activent['minutes'] = $minutes; + $db[] = $activent; + } + $rollent['active'] = $db; + } + unlock($voucherlck); + + if (isset($id) && $a_roll[$id]) { + $a_roll[$id] = $rollent; + } else { + $a_roll[] = $rollent; + } + + write_config(); + + header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); + exit; + } } include("head.inc"); @@ -171,51 +180,51 @@ include("head.inc"); <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <form action="services_captiveportal_vouchers_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="content pane"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Roll"); ?>#</td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="number" type="text" class="formfld" id="number" size="10" value="<?=htmlspecialchars($pconfig['number']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Enter the Roll"); ?># (0..<?=htmlspecialchars($maxnumber);?>) <?=gettext("found on top of the generated/printed vouchers"); ?>.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Minutes per Ticket"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="minutes" type="text" class="formfld" id="minutes" size="10" value="<?=htmlspecialchars($pconfig['minutes']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Defines the time in minutes that a user is allowed access. The clock starts ticking the first time a voucher is used for authentication"); ?>.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Count"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="count" type="text" class="formfld" id="count" size="10" value="<?=htmlspecialchars($pconfig['count']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Enter the number of vouchers"); ?> (1..<?=htmlspecialchars($maxcount);?>) <?=gettext("found on top of the generated/printed vouchers. WARNING: Changing this number for an existing Roll will mark all vouchers as unused again"); ?>.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Comment"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="descr" type="text" class="formfld" id="descr" size="60" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Can be used to further identify this roll. Ignored by the system"); ?>.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>" /> - <?php if (isset($id) && $a_roll[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> - </table> - </form> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="content pane"> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Roll"); ?>#</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="number" type="text" class="formfld" id="number" size="10" value="<?=htmlspecialchars($pconfig['number']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter the Roll"); ?># (0..<?=htmlspecialchars($maxnumber);?>) <?=gettext("found on top of the generated/printed vouchers"); ?>.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Minutes per Ticket"); ?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="minutes" type="text" class="formfld" id="minutes" size="10" value="<?=htmlspecialchars($pconfig['minutes']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Defines the time in minutes that a user is allowed access. The clock starts ticking the first time a voucher is used for authentication"); ?>.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Count"); ?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="count" type="text" class="formfld" id="count" size="10" value="<?=htmlspecialchars($pconfig['count']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter the number of vouchers"); ?> (1..<?=htmlspecialchars($maxcount);?>) <?=gettext("found on top of the generated/printed vouchers. WARNING: Changing this number for an existing Roll will mark all vouchers as unused again"); ?>.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Comment"); ?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="descr" type="text" class="formfld" id="descr" size="60" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Can be used to further identify this roll. Ignored by the system"); ?>.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>" /> + <?php if (isset($id) && $a_roll[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + </td> + </tr> + </table> +</form> <?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/services_captiveportal_zones.php b/usr/local/www/services_captiveportal_zones.php index 8974167..5eb9742 100644 --- a/usr/local/www/services_captiveportal_zones.php +++ b/usr/local/www/services_captiveportal_zones.php @@ -44,8 +44,9 @@ require("captiveportal.inc"); global $cpzone; global $cpzoneid; -if (!is_array($config['captiveportal'])) +if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); +} $a_cp = &$config['captiveportal']; if ($_GET['act'] == "del" && !empty($_GET['zone'])) { @@ -55,15 +56,16 @@ if ($_GET['act'] == "del" && !empty($_GET['zone'])) { unset($a_cp[$cpzone]['enable']); captiveportal_configure_zone($a_cp[$cpzone]); unset($a_cp[$cpzone]); - if (isset($config['voucher'][$cpzone])) + if (isset($config['voucher'][$cpzone])) { unset($config['voucher'][$cpzone]); + } write_config(); header("Location: services_captiveportal_zones.php"); exit; } } -$pgtitle = array(gettext("Captive Portal"),gettext("Zones")); +$pgtitle = array(gettext("Captive Portal"), gettext("Zones")); $shortcut_section = "captiveportal"; include("head.inc"); @@ -78,61 +80,73 @@ include("head.inc"); <?php endif; ?> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="captive portal"> -<tr> - <td width="15%" class="listhdrr"><?=gettext("Zone");?></td> - <td width="30%" class="listhdrr"><?=gettext("Interfaces");?></td> - <td width="10%" class="listhdrr"><?=gettext("Number of users");?></td> - <td width="40%" class="listhdrr"><?=gettext("Description");?></td> - <td width="5%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="services_captiveportal_zones_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add a new captiveportal instance");?>" alt="add" /></a></td> - </tr> - </table> - </td> -</tr> - <?php foreach ($a_cp as $cpzone => $cpitem): - if (!is_array($cpitem)) + <tr> + <td width="15%" class="listhdrr"><?=gettext("Zone");?></td> + <td width="30%" class="listhdrr"><?=gettext("Interfaces");?></td> + <td width="10%" class="listhdrr"><?=gettext("Number of users");?></td> + <td width="40%" class="listhdrr"><?=gettext("Description");?></td> + <td width="5%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="icons"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"> + <a href="services_captiveportal_zones_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add a new captiveportal instance");?>" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + foreach ($a_cp as $cpzone => $cpitem): + if (!is_array($cpitem)) { continue; - ?> -<tr> - <td class="listlr" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> - <?=htmlspecialchars($cpitem['zone']);?> - </td> - <td class="listlr" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> - <?php $cpifaces = explode(",", $cpitem['interface']); - foreach ($cpifaces as $cpiface) - echo convert_friendly_interface_to_friendly_descr($cpiface) . " "; - ?> - </td> - <td class="listr" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> - <?=count(captiveportal_read_db());?> - </td> - <td class="listbg" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> - <?=htmlspecialchars($cpitem['descr']);?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td valign="middle"><a href="services_captiveportal.php?zone=<?=$cpzone?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit captiveportal instance"); ?>" alt="edit" /></a></td> - <td><a href="services_captiveportal_zones.php?act=del&zone=<?=$cpzone;?>" onclick="return confirm('<?=gettext("Do you really want to delete this entry?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete captiveportal instance");?>" alt="delete" /></a></td> - </tr> - </table> - </td> -</tr> - <?php endforeach; ?> -<tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="services_captiveportal_zones_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add a new captiveportal instance");?>" alt="add" /></a></td> - </tr> - </table> - </td> -</tr> + } +?> + <tr> + <td class="listlr" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> + <?=htmlspecialchars($cpitem['zone']);?> + </td> + <td class="listlr" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> +<?php + $cpifaces = explode(",", $cpitem['interface']); + foreach ($cpifaces as $cpiface) { + echo convert_friendly_interface_to_friendly_descr($cpiface) . " "; + } +?> + </td> + <td class="listr" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> + <?=count(captiveportal_read_db());?> + </td> + <td class="listbg" ondblclick="document.location='services_captiveportal.php?zone=<?=$cpzone;?>';"> + <?=htmlspecialchars($cpitem['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="icons"> + <tr> + <td valign="middle"><a href="services_captiveportal.php?zone=<?=$cpzone?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit captiveportal instance"); ?>" alt="edit" /></a></td> + <td> + <a href="services_captiveportal_zones.php?act=del&zone=<?=$cpzone;?>" onclick="return confirm('<?=gettext("Do you really want to delete this entry?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete captiveportal instance");?>" alt="delete" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + endforeach; +?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"> + <a href="services_captiveportal_zones_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add a new captiveportal instance");?>" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/services_captiveportal_zones_edit.php b/usr/local/www/services_captiveportal_zones_edit.php index 26ab823..fa37c80 100644 --- a/usr/local/www/services_captiveportal_zones_edit.php +++ b/usr/local/www/services_captiveportal_zones_edit.php @@ -43,11 +43,12 @@ require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit Zones")); +$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit Zones")); $shortcut_section = "captiveportal"; -if (!is_array($config['captiveportal'])) +if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); +} $a_cp =& $config['captiveportal']; if ($_POST) { diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index f0b5be9..7b9cc20 100644 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -44,24 +44,25 @@ require("guiconfig.inc"); require_once("filter.inc"); -if(!$g['services_dhcp_server_enable']) { +if (!$g['services_dhcp_server_enable']) { header("Location: /"); exit; } $if = $_GET['if']; -if (!empty($_POST['if'])) +if (!empty($_POST['if'])) { $if = $_POST['if']; +} /* if OLSRD is enabled, allow WAN to house DHCP. */ -if($config['installedpackages']['olsrd']) { - foreach($config['installedpackages']['olsrd']['config'] as $olsrd) { - if($olsrd['enable']) { - $is_olsr_enabled = true; - break; - } +if ($config['installedpackages']['olsrd']) { + foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) { + if ($olsrd['enable']) { + $is_olsr_enabled = true; + break; + } } -} +} $iflist = get_configured_interface_with_descr(); @@ -70,23 +71,26 @@ if (!$if || !isset($iflist[$if])) { foreach ($iflist as $ifent => $ifname) { $oc = $config['interfaces'][$ifent]; if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddrv4($oc['ipaddr']))) || - (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddrv4($oc['ipaddr'])))) + (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddrv4($oc['ipaddr'])))) { continue; + } $if = $ifent; break; } } $act = $_GET['act']; -if (!empty($_POST['act'])) +if (!empty($_POST['act'])) { $act = $_POST['act']; +} $a_pools = array(); -if (is_array($config['dhcpd'][$if])){ +if (is_array($config['dhcpd'][$if])) { $pool = $_GET['pool']; - if (is_numeric($_POST['pool'])) + if (is_numeric($_POST['pool'])) { $pool = $_POST['pool']; + } // If we have a pool but no interface name, that's not valid. Redirect away. if (is_numeric($pool) && empty($if)) { @@ -94,16 +98,18 @@ if (is_array($config['dhcpd'][$if])){ exit; } - if (!is_array($config['dhcpd'][$if]['pool'])) + if (!is_array($config['dhcpd'][$if]['pool'])) { $config['dhcpd'][$if]['pool'] = array(); + } $a_pools = &$config['dhcpd'][$if]['pool']; - if (is_numeric($pool) && $a_pools[$pool]) + if (is_numeric($pool) && $a_pools[$pool]) { $dhcpdconf = &$a_pools[$pool]; - elseif ($act == "newpool") + } elseif ($act == "newpool") { $dhcpdconf = array(); - else + } else { $dhcpdconf = &$config['dhcpd'][$if]; + } } if (is_array($dhcpdconf)) { // Global Options @@ -118,14 +124,16 @@ if (is_array($dhcpdconf)) { // then show it true/checked. foreach ($config['dhcpd'] as $dhcpdifitem) { $dhcpleaseinlocaltime = $dhcpdifitem['dhcpleaseinlocaltime']; - if ($dhcpleaseinlocaltime) + if ($dhcpleaseinlocaltime) { break; + } } $pconfig['dhcpleaseinlocaltime'] = $dhcpleaseinlocaltime; - if (!is_array($dhcpdconf['staticmap'])) + if (!is_array($dhcpdconf['staticmap'])) { $dhcpdconf['staticmap'] = array(); + } $a_maps = &$dhcpdconf['staticmap']; } else { // Options that exist only in pools @@ -142,8 +150,8 @@ if (is_array($dhcpdconf)) { $pconfig['gateway'] = $dhcpdconf['gateway']; $pconfig['domain'] = $dhcpdconf['domain']; $pconfig['domainsearchlist'] = $dhcpdconf['domainsearchlist']; - list($pconfig['wins1'],$pconfig['wins2']) = $dhcpdconf['winsserver']; - list($pconfig['dns1'],$pconfig['dns2'],$pconfig['dns3'],$pconfig['dns4']) = $dhcpdconf['dnsserver']; + list($pconfig['wins1'], $pconfig['wins2']) = $dhcpdconf['winsserver']; + list($pconfig['dns1'], $pconfig['dns2'], $pconfig['dns3'], $pconfig['dns4']) = $dhcpdconf['dnsserver']; $pconfig['denyunknown'] = isset($dhcpdconf['denyunknown']); $pconfig['ddnsdomain'] = $dhcpdconf['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $dhcpdconf['ddnsdomainprimary']; @@ -152,7 +160,7 @@ if (is_array($dhcpdconf)) { $pconfig['ddnsupdate'] = isset($dhcpdconf['ddnsupdate']); $pconfig['mac_allow'] = $dhcpdconf['mac_allow']; $pconfig['mac_deny'] = $dhcpdconf['mac_deny']; - list($pconfig['ntp1'],$pconfig['ntp2']) = $dhcpdconf['ntpserver']; + list($pconfig['ntp1'], $pconfig['ntp2']) = $dhcpdconf['ntpserver']; $pconfig['tftp'] = $dhcpdconf['tftp']; $pconfig['ldap'] = $dhcpdconf['ldap']; $pconfig['netboot'] = isset($dhcpdconf['netboot']); @@ -172,9 +180,11 @@ function validate_partial_mac_list($maclist) { $macs = explode(',', $maclist); // Loop through and look for invalid MACs. - foreach ($macs as $mac) - if (!is_macaddr($mac, true)) + foreach ($macs as $mac) { + if (!is_macaddr($mac, true)) { return false; + } + } return true; } @@ -185,8 +195,8 @@ if (isset($_POST['submit'])) { $pconfig = $_POST; $numberoptions = array(); - for($x=0; $x<99; $x++) { - if(isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { + for ($x=0; $x<99; $x++) { + if (isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { $numbervalue = array(); $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); $numbervalue['type'] = htmlspecialchars($_POST["itemtype{$x}"]); @@ -200,60 +210,76 @@ if (isset($_POST['submit'])) { /* input validation */ if ($_POST['enable'] || is_numeric($pool) || $act == "newpool") { $reqdfields = explode(" ", "range_from range_to"); - $reqdfieldsn = array(gettext("Range begin"),gettext("Range end")); + $reqdfieldsn = array(gettext("Range begin"), gettext("Range end")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if (($_POST['range_from'] && !is_ipaddrv4($_POST['range_from']))) + if (($_POST['range_from'] && !is_ipaddrv4($_POST['range_from']))) { $input_errors[] = gettext("A valid range must be specified."); - if (($_POST['range_to'] && !is_ipaddrv4($_POST['range_to']))) + } + if (($_POST['range_to'] && !is_ipaddrv4($_POST['range_to']))) { $input_errors[] = gettext("A valid range must be specified."); - if (($_POST['gateway'] && $_POST['gateway'] != "none" && !is_ipaddrv4($_POST['gateway']))) + } + if (($_POST['gateway'] && $_POST['gateway'] != "none" && !is_ipaddrv4($_POST['gateway']))) { $input_errors[] = gettext("A valid IP address must be specified for the gateway."); - if (($_POST['wins1'] && !is_ipaddrv4($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddrv4($_POST['wins2']))) + } + if (($_POST['wins1'] && !is_ipaddrv4($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddrv4($_POST['wins2']))) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers."); + } $parent_ip = get_interface_ip($_POST['if']); if (is_ipaddrv4($parent_ip) && $_POST['gateway'] && $_POST['gateway'] != "none") { $parent_sn = get_interface_subnet($_POST['if']); - if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) + if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) { $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); + } } - if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv4($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv4($_POST['dns4']))) + if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv4($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv4($_POST['dns4']))) { $input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers."); + } - if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) - $input_errors[] = gettext("The default lease time must be at least 60 seconds."); + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) { + $input_errors[] = gettext("The default lease time must be at least 60 seconds."); + } if (isset($config['captiveportal']) && is_array($config['captiveportal'])) { $deftime = 7200; // Default value if it's empty - if (is_numeric($_POST['deftime'])) + if (is_numeric($_POST['deftime'])) { $deftime = $_POST['deftime']; + } foreach ($config['captiveportal'] as $cpZone => $cpdata) { - if (!isset($cpdata['enable'])) + if (!isset($cpdata['enable'])) { continue; - if (!isset($cpdata['timeout']) || !is_numeric($cpdata['timeout'])) + } + if (!isset($cpdata['timeout']) || !is_numeric($cpdata['timeout'])) { continue; + } $cp_ifs = explode(',', $cpdata['interface']); - if (!in_array($if, $cp_ifs)) + if (!in_array($if, $cp_ifs)) { continue; - if ($cpdata['timeout'] > $deftime) + } + if ($cpdata['timeout'] > $deftime) { $input_errors[] = sprintf(gettext( "The Captive Portal zone '%s' has Hard Timeout parameter set to a value bigger than Default lease time (%s)."), $cpZone, $deftime); + } } } - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) { $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); - if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) + } + if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) { $input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration."); - if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) + } + if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) { $input_errors[] = gettext("A valid primary domain name server IP address must be specified for the dynamic domain name."); + } if (($_POST['ddnsdomainkey'] && !$_POST['ddnsdomainkeyname']) || - ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) + ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) { $input_errors[] = gettext("You must specify both a valid domain key and key name."); + } if ($_POST['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$_POST['domainsearchlist']); + $domain_array = preg_split("/[ ;]+/", $_POST['domainsearchlist']); foreach ($domain_array as $curdomain) { if (!is_domain($curdomain)) { $input_errors[] = gettext("A valid domain search list must be specified."); @@ -263,64 +289,79 @@ if (isset($_POST['submit'])) { } // Validate MACs - if (!empty($_POST['mac_allow']) && !validate_partial_mac_list($_POST['mac_allow'])) + if (!empty($_POST['mac_allow']) && !validate_partial_mac_list($_POST['mac_allow'])) { $input_errors[] = gettext("If you specify a mac allow list, it must contain only valid partial MAC addresses."); - if (!empty($_POST['mac_deny']) && !validate_partial_mac_list($_POST['mac_deny'])) + } + if (!empty($_POST['mac_deny']) && !validate_partial_mac_list($_POST['mac_deny'])) { $input_errors[] = gettext("If you specify a mac deny list, it must contain only valid partial MAC addresses."); + } - if (($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2']))) + if (($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2']))) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); - if (($_POST['domain'] && !is_domain($_POST['domain']))) + } + if (($_POST['domain'] && !is_domain($_POST['domain']))) { $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); - if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) + } + if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server."); - if (($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver']))) + } + if (($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver']))) { $input_errors[] = gettext("A valid IP address must be specified for the network boot server."); + } - if(gen_subnet($ifcfgip, $ifcfgsn) == $_POST['range_from']) + if (gen_subnet($ifcfgip, $ifcfgsn) == $_POST['range_from']) { $input_errors[] = gettext("You cannot use the network address in the starting subnet range."); - if(gen_subnet_max($ifcfgip, $ifcfgsn) == $_POST['range_to']) + } + if (gen_subnet_max($ifcfgip, $ifcfgsn) == $_POST['range_to']) { $input_errors[] = gettext("You cannot use the broadcast address in the ending subnet range."); + } // Disallow a range that includes the virtualip if (is_array($config['virtualip']['vip'])) { - foreach($config['virtualip']['vip'] as $vip) { - if($vip['interface'] == $if) - if($vip['subnet'] && is_inrange_v4($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) - $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IP address %s."),$vip['subnet']); + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['interface'] == $if) { + if ($vip['subnet'] && is_inrange_v4($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) { + $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IP address %s."), $vip['subnet']); + } + } } } $noip = false; - if(is_array($a_maps)) - foreach ($a_maps as $map) - if (empty($map['ipaddr'])) + if (is_array($a_maps)) { + foreach ($a_maps as $map) { + if (empty($map['ipaddr'])) { $noip = true; - if ($_POST['staticarp'] && $noip) + } + } + } + if ($_POST['staticarp'] && $noip) { $input_errors[] = "Cannot enable static ARP when you have static map entries without IP addresses. Ensure all static maps have IP addresses and try again."; + } - if(is_array($pconfig['numberoptions']['item'])) { + if (is_array($pconfig['numberoptions']['item'])) { foreach ($pconfig['numberoptions']['item'] as $numberoption) { - if ( $numberoption['type'] == 'text' && strstr($numberoption['value'], '"') ) + if ($numberoption['type'] == 'text' && strstr($numberoption['value'], '"')) { $input_errors[] = gettext("Text type cannot include quotation marks."); - else if ( $numberoption['type'] == 'string' && !preg_match('/^"[^"]*"$/', $numberoption['value']) && !preg_match('/^[0-9a-f]{2}(?:\:[0-9a-f]{2})*$/i', $numberoption['value']) ) + } else if ($numberoption['type'] == 'string' && !preg_match('/^"[^"]*"$/', $numberoption['value']) && !preg_match('/^[0-9a-f]{2}(?:\:[0-9a-f]{2})*$/i', $numberoption['value'])) { $input_errors[] = gettext("String type must be enclosed in quotes like \"this\" or must be a series of octets specified in hexadecimal, separated by colons, like 01:23:45:67:89:ab:cd:ef"); - else if ( $numberoption['type'] == 'boolean' && $numberoption['value'] != 'true' && $numberoption['value'] != 'false' && $numberoption['value'] != 'on' && $numberoption['value'] != 'off' ) + } else if ($numberoption['type'] == 'boolean' && $numberoption['value'] != 'true' && $numberoption['value'] != 'false' && $numberoption['value'] != 'on' && $numberoption['value'] != 'off') { $input_errors[] = gettext("Boolean type must be true, false, on, or off."); - else if ( $numberoption['type'] == 'unsigned integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 255) ) + } else if ($numberoption['type'] == 'unsigned integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 255)) { $input_errors[] = gettext("Unsigned 8-bit integer type must be a number in the range 0 to 255."); - else if ( $numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535) ) + } else if ($numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535)) { $input_errors[] = gettext("Unsigned 16-bit integer type must be a number in the range 0 to 65535."); - else if ( $numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295) ) + } else if ($numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295)) { $input_errors[] = gettext("Unsigned 32-bit integer type must be a number in the range 0 to 4294967295."); - else if ( $numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127) ) + } else if ($numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127)) { $input_errors[] = gettext("Signed 8-bit integer type must be a number in the range -128 to 127."); - else if ( $numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767) ) + } else if ($numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767)) { $input_errors[] = gettext("Signed 16-bit integer type must be a number in the range -32768 to 32767."); - else if ( $numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647) ) + } else if ($numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647)) { $input_errors[] = gettext("Signed 32-bit integer type must be a number in the range -2147483648 to 2147483647."); - else if ( $numberoption['type'] == 'ip-address' && !is_ipaddrv4($numberoption['value']) && !is_hostname($numberoption['value']) ) + } else if ($numberoption['type'] == 'ip-address' && !is_ipaddrv4($numberoption['value']) && !is_hostname($numberoption['value'])) { $input_errors[] = gettext("IP address or host type must be an IP address or host name."); + } } } @@ -334,20 +375,23 @@ if (isset($_POST['submit'])) { $input_errors[] = gettext("The specified range lies outside of the current subnet."); } - if (ip2ulong($_POST['range_from']) > ip2ulong($_POST['range_to'])) + if (ip2ulong($_POST['range_from']) > ip2ulong($_POST['range_to'])) { $input_errors[] = gettext("The range is invalid (first element higher than second element)."); + } if (is_numeric($pool) || ($act == "newpool")) { $rfrom = $config['dhcpd'][$if]['range']['from']; $rto = $config['dhcpd'][$if]['range']['to']; - if (is_inrange_v4($_POST['range_from'], $rfrom, $rto) || is_inrange_v4($_POST['range_to'], $rfrom, $rto)) + if (is_inrange_v4($_POST['range_from'], $rfrom, $rto) || is_inrange_v4($_POST['range_to'], $rfrom, $rto)) { $input_errors[] = gettext("The specified range must not be within the DHCP range for this interface."); + } } foreach ($a_pools as $id => $p) { - if (is_numeric($pool) && ($id == $pool)) + if (is_numeric($pool) && ($id == $pool)) { continue; + } if (is_inrange_v4($_POST['range_from'], $p['range']['from'], $p['range']['to']) || is_inrange_v4($_POST['range_to'], $p['range']['from'], $p['range']['to'])) { @@ -357,17 +401,19 @@ if (isset($_POST['submit'])) { } /* make sure that the DHCP Relay isn't enabled on this interface */ - if (isset($config['dhcrelay']['enable']) && (stristr($config['dhcrelay']['interface'], $if) !== false)) - $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."),$iflist[$if]); + if (isset($config['dhcrelay']['enable']) && (stristr($config['dhcrelay']['interface'], $if) !== false)) { + $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."), $iflist[$if]); + } $dynsubnet_start = ip2ulong($_POST['range_from']); $dynsubnet_end = ip2ulong($_POST['range_to']); if (is_array($a_maps)) { foreach ($a_maps as $map) { - if (empty($map['ipaddr'])) + if (empty($map['ipaddr'])) { continue; + } if ((ip2ulong($map['ipaddr']) > $dynsubnet_start) && - (ip2ulong($map['ipaddr']) < $dynsubnet_end)) { + (ip2ulong($map['ipaddr']) < $dynsubnet_end)) { $input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings.")); break; } @@ -381,8 +427,9 @@ if (isset($_POST['submit'])) { if ($act == "newpool") { $dhcpdconf = array(); } else { - if (!is_array($config['dhcpd'][$if])) + if (!is_array($config['dhcpd'][$if])) { $config['dhcpd'][$if] = array(); + } $dhcpdconf = $config['dhcpd'][$if]; } } else { @@ -394,8 +441,9 @@ if (isset($_POST['submit'])) { exit; } } - if (!is_array($dhcpdconf['range'])) + if (!is_array($dhcpdconf['range'])) { $dhcpdconf['range'] = array(); + } $dhcpd_enable_changed = false; @@ -410,8 +458,9 @@ if (isset($_POST['submit'])) { $dhcpdconf['enable'] = $new_dhcpd_enable; $dhcpdconf['staticarp'] = ($_POST['staticarp']) ? true : false; $previous = $dhcpdconf['failover_peerip']; - if($previous <> $_POST['failover_peerip']) + if ($previous <> $_POST['failover_peerip']) { mwexec("/bin/rm -rf /var/dhcpd/var/db/*"); + } $dhcpdconf['failover_peerip'] = $_POST['failover_peerip']; // dhcpleaseinlocaltime is global to all interfaces. So update the setting on all interfaces. foreach ($config['dhcpd'] as &$dhcpdifitem) { @@ -430,20 +479,26 @@ if (isset($_POST['submit'])) { $dhcpdconf['netmask'] = $_POST['netmask']; unset($dhcpdconf['winsserver']); - if ($_POST['wins1']) + if ($_POST['wins1']) { $dhcpdconf['winsserver'][] = $_POST['wins1']; - if ($_POST['wins2']) + } + if ($_POST['wins2']) { $dhcpdconf['winsserver'][] = $_POST['wins2']; + } unset($dhcpdconf['dnsserver']); - if ($_POST['dns1']) + if ($_POST['dns1']) { $dhcpdconf['dnsserver'][] = $_POST['dns1']; - if ($_POST['dns2']) + } + if ($_POST['dns2']) { $dhcpdconf['dnsserver'][] = $_POST['dns2']; - if ($_POST['dns3']) + } + if ($_POST['dns3']) { $dhcpdconf['dnsserver'][] = $_POST['dns3']; - if ($_POST['dns4']) + } + if ($_POST['dns4']) { $dhcpdconf['dnsserver'][] = $_POST['dns4']; + } $dhcpdconf['gateway'] = $_POST['gateway']; $dhcpdconf['domain'] = $_POST['domain']; @@ -458,10 +513,12 @@ if (isset($_POST['submit'])) { $dhcpdconf['mac_deny'] = $_POST['mac_deny']; unset($dhcpdconf['ntpserver']); - if ($_POST['ntp1']) + if ($_POST['ntp1']) { $dhcpdconf['ntpserver'][] = $_POST['ntp1']; - if ($_POST['ntp2']) + } + if ($_POST['ntp2']) { $dhcpdconf['ntpserver'][] = $_POST['ntp2']; + } $dhcpdconf['tftp'] = $_POST['tftp']; $dhcpdconf['ldap'] = $_POST['ldap']; @@ -473,8 +530,9 @@ if (isset($_POST['submit'])) { $dhcpdconf['rootpath'] = $_POST['rootpath']; // Handle the custom options rowhelper - if(isset($dhcpdconf['numberoptions']['item'])) + if (isset($dhcpdconf['numberoptions']['item'])) { unset($dhcpdconf['numberoptions']['item']); + } $dhcpdconf['numberoptions'] = $numberoptions; @@ -504,20 +562,24 @@ if ((isset($_POST['submit']) || isset($_POST['apply'])) && (!$input_errors)) { } } else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { $retvaldns = services_unbound_configure(); - if ($retvaldns == 0) + if ($retvaldns == 0) { clear_subsystem_dirty('unbound'); clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); + } } else { $retvaldhcp = services_dhcpd_configure(); - if ($retvaldhcp == 0) + if ($retvaldhcp == 0) { clear_subsystem_dirty('staticmaps'); + } } - if ($dhcpd_enable_changed) + if ($dhcpd_enable_changed) { $retvalfc = filter_configure(); + } - if($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) + if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { $retval = 1; + } $savemsg = get_std_save_message($retval); } @@ -534,10 +596,11 @@ if ($act == "del") { if ($a_maps[$_GET['id']]) { unset($a_maps[$_GET['id']]); write_config(); - if(isset($config['dhcpd'][$if]['enable'])) { + if (isset($config['dhcpd'][$if]['enable'])) { mark_subsystem_dirty('staticmaps'); - if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) + if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { mark_subsystem_dirty('hosts'); + } } header("Location: services_dhcp.php?if={$if}"); exit; @@ -545,7 +608,7 @@ if ($act == "del") { } $closehead = false; -$pgtitle = array(gettext("Services"),gettext("DHCP server")); +$pgtitle = array(gettext("Services"), gettext("DHCP server")); $shortcut_section = "dhcp"; include("head.inc"); @@ -689,7 +752,8 @@ include("head.inc"); <?php print_info_box_np(gettext("The static mapping configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br /> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="dhcp server"> -<tr><td> + <tr> + <td> <?php /* active tabs */ $tab_array = array(); @@ -698,12 +762,14 @@ include("head.inc"); foreach ($iflist as $ifent => $ifname) { $oc = $config['interfaces'][$ifent]; if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddrv4($oc['ipaddr']))) || - (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddrv4($oc['ipaddr'])))) + (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddrv4($oc['ipaddr'])))) { continue; - if ($ifent == $if) + } + if ($ifent == $if) { $active = true; - else + } else { $active = false; + } $tab_array[] = array($ifname, $active, "services_dhcp.php?if={$ifent}"); $tabscounter++; } @@ -717,572 +783,655 @@ include("head.inc"); } display_top_tabs($tab_array); ?> -</td></tr> -<tr> -<td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> - <strong><?php printf(gettext("Enable DHCP server on " . - "%s " . - "interface"),htmlspecialchars($iflist[$if]));?></strong></td> - </tr> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> + <strong><?php printf(gettext("Enable DHCP server on %s interface"), htmlspecialchars($iflist[$if]));?></strong> + </td> + </tr> <?php else: ?> - <tr> - <td colspan="2" class="listtopic"><?php echo gettext("Editing Pool-Specific Options. To return to the Interface, click its tab above."); ?></td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Deny unknown clients");?></strong><br /> - <?=gettext("If this is checked, only the clients defined below will get DHCP leases from this server. ");?></td> - </tr> - <?php if (is_numeric($pool) || ($act == "newpool")): ?> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Pool Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - </td> + <td colspan="2" class="listtopic"><?php echo gettext("Editing Pool-Specific Options. To return to the Interface, click its tab above."); ?></td> </tr> <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet");?></td> - <td width="78%" class="vtable"> - <?=gen_subnet($ifcfgip, $ifcfgsn);?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet mask");?></td> - <td width="78%" class="vtable"> - <?=gen_subnet_mask($ifcfgsn);?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Available range");?></td> - <td width="78%" class="vtable"> - <?php - $range_from = ip2long(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); - $range_from++; - echo long2ip32($range_from); - ?> - - - <?php - $range_to = ip2long(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); - $range_to--; - echo long2ip32($range_to); - ?> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Deny unknown clients");?></strong><br /> + <?=gettext("If this is checked, only the clients defined below will get DHCP leases from this server. ");?> + </td> + </tr> <?php if (is_numeric($pool) || ($act == "newpool")): ?> - <br />In-use DHCP Pool Ranges: - <?php if (is_array($config['dhcpd'][$if]['range'])): ?> - <br /><?php echo $config['dhcpd'][$if]['range']['from']; ?>-<?php echo $config['dhcpd'][$if]['range']['to']; ?> - <?php endif; ?> - <?php foreach ($a_pools as $p): ?> - <?php if (is_array($p['range'])): ?> - <br /><?php echo $p['range']['from']; ?>-<?php echo $p['range']['to']; ?> - <?php endif; ?> - <?php endforeach; ?> - <?php endif; ?> - </td> - </tr> - <?php if($is_olsr_enabled): ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet Mask");?></td> - <td width="78%" class="vtable"> - <select name="netmask" class="formselect" id="netmask"> - <?php - for ($i = 32; $i > 0; $i--) { - if($i <> 31) { - echo "<option value=\"{$i}\" "; - if ($i == $pconfig['netmask']) echo "selected=\"selected\""; - echo ">" . $i . "</option>"; - } - } - ?> - </select> - </td> - </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Pool Description");?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + </td> + </tr> <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Range");?></td> - <td width="78%" class="vtable"> - <input name="range_from" type="text" class="formfld unknown" id="range_from" size="20" value="<?=htmlspecialchars($pconfig['range_from']);?>" /> - <?=gettext("to"); ?> <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range_to']);?>" /> - </td> - </tr> - <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Additional Pools");?></td> - <td width="78%" class="vtable"> - <?php echo gettext("If you need additional pools of addresses inside of this subnet outside the above Range, they may be specified here."); ?> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="subnet"> <tr> - <td width="35%" class="listhdrr"><?=gettext("Pool Start");?></td> - <td width="35%" class="listhdrr"><?=gettext("Pool End");?></td> - <td width="20%" class="listhdrr"><?=gettext("Description");?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="pool"> - <tr> - <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=newpool"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="plus" /></a></td> - </tr> - </table> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet");?></td> + <td width="78%" class="vtable"> + <?=gen_subnet($ifcfgip, $ifcfgsn);?> </td> </tr> - <?php if(is_array($a_pools)): ?> - <?php $i = 0; foreach ($a_pools as $poolent): ?> - <?php if(!empty($poolent['range']['from']) && !empty($poolent['range']['to'])): ?> <tr> - <td class="listlr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> - <?=htmlspecialchars($poolent['range']['from']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> - <?=htmlspecialchars($poolent['range']['to']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> - <?=htmlspecialchars($poolent['descr']);?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td> - <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=delpool&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this pool?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> - </tr> - </table> - </td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet mask");?></td> + <td width="78%" class="vtable"> + <?=gen_subnet_mask($ifcfgsn);?> + </td> </tr> - <?php endif; ?> - <?php $i++; endforeach; ?> - <?php endif; ?> <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=newpool"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Available range");?></td> + <td width="78%" class="vtable"> + <?php + $range_from = ip2long(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); + $range_from++; + echo long2ip32($range_from); + ?> + - + <?php + $range_to = ip2long(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); + $range_to--; + echo long2ip32($range_to); + if (is_numeric($pool) || ($act == "newpool")): + ?> + <br />In-use DHCP Pool Ranges: + <?php + if (is_array($config['dhcpd'][$if]['range'])): + ?> + <br /> + <?php + echo $config['dhcpd'][$if]['range']['from']; + ?> + - + <?php + echo $config['dhcpd'][$if]['range']['to']; + endif; + ?> + <?php + foreach ($a_pools as $p): + if (is_array($p['range'])): + ?> + <br /> + <?php + echo $p['range']['from']; + ?> + - + <?php + echo $p['range']['to']; + endif; + endforeach; + endif; + ?> + </td> </tr> - </table> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("WINS servers");?></td> - <td width="78%" class="vtable"> - <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>" /><br /> - <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> - <td width="78%" class="vtable"> - <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> - <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> - <input name="dns3" type="text" class="formfld unknown" id="dns3" size="20" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> - <input name="dns4" type="text" class="formfld unknown" id="dns4" size="20" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> - <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td> - <td width="78%" class="vtable"> - <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>" /><br /> - <?=gettext("The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. Type \"none\" for no gateway assignment.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> - <td width="78%" class="vtable"> - <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>" /><br /> - <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> - <td width="78%" class="vtable"> - <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>" /><br /> - <?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator ");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> - <td width="78%" class="vtable"> - <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>" /> - <?=gettext("seconds");?><br /> - <?=gettext("This is used for clients that do not ask for a specific " . - "expiration time."); ?><br /> - <?=gettext("The default is 7200 seconds.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> - <td width="78%" class="vtable"> - <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>" /> - <?=gettext("seconds");?><br /> - <?=gettext("This is the maximum lease time for clients that ask". - " for a specific expiration time."); ?><br /> - <?=gettext("The default is 86400 seconds.");?> - </td> - </tr> - <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Failover peer IP:");?></td> - <td width="78%" class="vtable"> - <input name="failover_peerip" type="text" class="formfld host" id="failover_peerip" size="20" value="<?=htmlspecialchars($pconfig['failover_peerip']);?>" /><br /> - <?=gettext("Leave blank to disable. Enter the interface IP address of the other machine. Machines must be using CARP. Interface's advskew determines whether the DHCPd process is Primary or Secondary. Ensure one machine's advskew<20 (and the other is >20).");?> - </td> - </tr> - <?php endif; ?> - <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Static ARP");?></td> - <td width="78%" class="vtable"> - <table summary="static arp"> - <tr> - <td> - <input style="vertical-align:middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked=\"checked\""; ?> /> +<?php if ($is_olsr_enabled): ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet Mask");?></td> + <td width="78%" class="vtable"> + <select name="netmask" class="formselect" id="netmask"> + <?php + for ($i = 32; $i > 0; $i--) { + if ($i <> 31) { + echo "<option value=\"{$i}\" "; + if ($i == $pconfig['netmask']) { + echo "selected=\"selected\""; + } + echo ">" . $i . "</option>"; + } + } + ?> + </select> </td> - <td><b><?=gettext("Enable Static ARP entries");?></b></td> - </tr> - <tr> - <td> </td> - <td> - <span class="red"><strong><?=gettext("Note:");?></strong></span> <?=gettext("This option persists even if DHCP server is disabled. Only the machines listed below will be able to communicate with the firewall on this NIC.");?> + </tr> +<?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Range");?></td> + <td width="78%" class="vtable"> + <input name="range_from" type="text" class="formfld unknown" id="range_from" size="20" value="<?=htmlspecialchars($pconfig['range_from']);?>" /> + <?=gettext("to"); ?> <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range_to']);?>" /> </td> - </tr> - </table> - </td> - </tr> - <?php endif; ?> - <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Time format change"); ?></td> - <td width="78%" class="vtable"> - <table summary="time format"> - <tr> - <td> - <input name="dhcpleaseinlocaltime" type="checkbox" id="dhcpleaseinlocaltime" value="yes" <?php if ($pconfig['dhcpleaseinlocaltime']) echo "checked=\"checked\""; ?> /> + </tr> +<?php + if (!is_numeric($pool) && !($act == "newpool")): +?> + <tr> + <td width="22%" valign="top" class="vncell"> + <?=gettext("Additional Pools");?> </td> - <td> - <strong> - <?=gettext("Change DHCP display lease time from UTC to local time."); ?> - </strong> + <td width="78%" class="vtable"> + <?php echo gettext("If you need additional pools of addresses inside of this subnet outside the above Range, they may be specified here."); ?> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="subnet"> + <tr> + <td width="35%" class="listhdrr"><?=gettext("Pool Start");?></td> + <td width="35%" class="listhdrr"><?=gettext("Pool End");?></td> + <td width="20%" class="listhdrr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="pool"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"> + <a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=newpool"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="plus" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + if (is_array($a_pools)): + $i = 0; + foreach ($a_pools as $poolent): + if (!empty($poolent['range']['from']) && !empty($poolent['range']['to'])): +?> + <tr> + <td class="listlr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> + <?=htmlspecialchars($poolent['range']['from']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> + <?=htmlspecialchars($poolent['range']['to']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> + <?=htmlspecialchars($poolent['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="icons"> + <tr> + <td valign="middle"> + <a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a> + </td> + <td valign="middle"> + <a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=delpool&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this pool?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + endif; + $i++; + endforeach; + endif; +?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"> + <a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=newpool"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> + </table> </td> - </tr> - <tr> - <td> </td> - <td> - <span class="red"><strong><?=gettext("Note:");?></strong></span> <?=gettext("By default DHCP leases are displayed in UTC time. By checking this - box DHCP lease time will be displayed in local time and set to time zone selected. This will be used for all DHCP interfaces lease time."); ?> + </tr> +<?php + endif; +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("WINS servers");?></td> + <td width="78%" class="vtable"> + <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>" /><br /> + <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>" /> </td> - </tr> - </table> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> - <td width="78%" class="vtable"> - <div id="showddnsbox"> - <input type="button" onclick="show_ddns_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Dynamic DNS");?> - </div> - <div id="showddns" style="display:none"> - <input style="vertical-align:middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked=\"checked\""; ?> /> - <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> - <br/> - <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>" /><br /> - <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> - <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?><br /> - <input name="ddnsdomainprimary" type="text" class="formfld unknown" id="ddnsdomainprimary" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainprimary']);?>" /><br /> - <?=gettext("Enter the primary domain name server IP address for the dynamic domain name.");?><br /> - <input name="ddnsdomainkeyname" type="text" class="formfld unknown" id="ddnsdomainkeyname" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkeyname']);?>" /><br /> - <?=gettext("Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.");?><br /> - <input name="ddnsdomainkey" type="text" class="formfld unknown" id="ddnsdomainkey" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkey']);?>" /><br /> - <?=gettext("Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.");?> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("MAC Address Control");?></td> - <td width="78%" class="vtable"> - <div id="showmaccontrolbox"> - <input type="button" onclick="show_maccontrol_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show MAC Address Control");?> - </div> - <div id="showmaccontrol" style="display:none"> - <input name="mac_allow" type="text" class="formfld unknown" id="mac_allow" size="20" value="<?=htmlspecialchars($pconfig['mac_allow']);?>" /><br /> - <?=gettext("Enter a list of partial MAC addresses to allow, comma separated, no spaces, such as ");?>00:00:00,01:E5:FF<br /> - <input name="mac_deny" type="text" class="formfld unknown" id="mac_deny" size="20" value="<?=htmlspecialchars($pconfig['mac_deny']);?>" /><br /> - <?=gettext("Enter a list of partial MAC addresses to deny access, comma separated, no spaces, such as ");?>00:00:00,01:E5:FF - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> - <td width="78%" class="vtable"> - <div id="showntpbox"> - <input type="button" onclick="show_ntp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show NTP configuration");?> - </div> - <div id="showntp" style="display:none"> - <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="20" value="<?=htmlspecialchars($pconfig['ntp1']);?>" /><br /> - <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="20" value="<?=htmlspecialchars($pconfig['ntp2']);?>" /> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> - <td width="78%" class="vtable"> - <div id="showtftpbox"> - <input type="button" onclick="show_tftp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show TFTP configuration");?> - </div> - <div id="showtftp" style="display:none"> - <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>" /><br /> - <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("LDAP URI");?></td> - <td width="78%" class="vtable"> - <div id="showldapbox"> - <input type="button" onclick="show_ldap_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show LDAP configuration");?> - </div> - <div id="showldap" style="display:none"> - <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>" /><br /> - <?=gettext("Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com");?> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Enable network booting");?></td> - <td width="78%" class="vtable"> - <div id="shownetbootbox"> - <input type="button" onclick="show_netboot_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Network booting");?> - </div> - <div id="shownetboot" style="display:none"> - <input style="vertical-align:middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked=\"checked\""; ?> /> - <b><?=gettext("Enables network booting.");?></b> - <br/> - <table border="0" cellspacing="0" cellpadding="2" summary="network booting"> - <tr> - <td> - <?=gettext("Enter the IP of the"); ?> <b><?=gettext("next-server"); ?></b> - </td> - <td> - <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="20" value="<?=htmlspecialchars($pconfig['nextserver']);?>" /><br /> - </td> - </tr> - <tr> - <td> - <?=gettext("and the default bios filename");?> - </td> - <td> - <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>" /><br /> - </td> - </tr> - <tr> - <td> - <?=gettext("and the UEFI 32bit filename ");?> - </td> - <td> - <input name="filename32" type="text" class="formfld unknown" id="filename32" size="20" value="<?=htmlspecialchars($pconfig['filename32']);?>" /><br /> - </td> - </tr> - <tr> - <td> - <?=gettext("and the UEFI 64bit filename ");?> - </td> - <td> - <input name="filename64" type="text" class="formfld unknown" id="filename64" size="20" value="<?=htmlspecialchars($pconfig['filename64']);?>" /><br /> - </td> - </tr> - </table> - <?=gettext("Note: You need both a filename and a boot server configured for this to work!");?> - <?=gettext("You will need all three filenames and a boot server configured for UEFI to work!");?> - <?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?> - <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>" /><br /> - <?=gettext("Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname");?> - </div> - </td> - </tr> - <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Additional BOOTP/DHCP Options");?></td> - <td width="78%" class="vtable"> - <div id="shownumbervaluebox"> - <input type="button" onclick="show_shownumbervalue()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Additional BOOTP/DHCP Options");?> - </div> - <div id="shownumbervalue" style="display:none"> - <table id="maintable" summary="bootp-dhcp options"> - <tbody> + </tr> <tr> - <td colspan="3"> - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> - <?=gettext("Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this"); ?> <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank"><?=gettext("URL"); ?></a> - </div> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> + <td width="78%" class="vtable"> + <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> + <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> + <input name="dns3" type="text" class="formfld unknown" id="dns3" size="20" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> + <input name="dns4" type="text" class="formfld unknown" id="dns4" size="20" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> + <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> + </td> </tr> <tr> - <td><div id="onecolumn"><?=gettext("Number");?></div></td> - <td><div id="twocolumn"><?=gettext("Type");?></div></td> - <td><div id="threecolumn"><?=gettext("Value");?></div></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td> + <td width="78%" class="vtable"> + <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>" /><br /> + <?=gettext("The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. Type \"none\" for no gateway assignment.");?> + </td> </tr> - <?php $counter = 0; ?> - <?php - if($pconfig['numberoptions']) - foreach($pconfig['numberoptions']['item'] as $item): - ?> - <?php - $number = $item['number']; - $itemtype = $item['type']; - $value = $item['value']; - ?> <tr> - <td> - <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld unknown" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> - </td> - <td> - <select name="itemtype<?php echo $counter; ?>" class="formselect" id="itemtype<?php echo $counter; ?>"> - <?php - foreach ($customitemtypes as $typename => $typedescr) { - echo "<option value=\"{$typename}\" "; - if ($itemtype == $typename) echo "selected=\"selected\""; - echo ">" . $typedescr . "</option>"; + <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> + <td width="78%" class="vtable"> + <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>" /><br /> + <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> + <td width="78%" class="vtable"> + <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>" /><br /> + <?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator ");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> + <td width="78%" class="vtable"> + <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>" /> + <?=gettext("seconds");?><br /> + <?=gettext("This is used for clients that do not ask for a specific expiration time."); ?><br /> + <?=gettext("The default is 7200 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> + <td width="78%" class="vtable"> + <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>" /> + <?=gettext("seconds");?><br /> + <?=gettext("This is the maximum lease time for clients that ask for a specific expiration time."); ?><br /> + <?=gettext("The default is 86400 seconds.");?> + </td> + </tr> +<?php + if (!is_numeric($pool) && !($act == "newpool")): +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Failover peer IP:");?></td> + <td width="78%" class="vtable"> + <input name="failover_peerip" type="text" class="formfld host" id="failover_peerip" size="20" value="<?=htmlspecialchars($pconfig['failover_peerip']);?>" /><br /> + <?=gettext("Leave blank to disable. Enter the interface IP address of the other machine. Machines must be using CARP. Interface's advskew determines whether the DHCPd process is Primary or Secondary. Ensure one machine's advskew<20 (and the other is >20).");?> + </td> + </tr> +<?php + endif; + + if (!is_numeric($pool) && !($act == "newpool")): +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Static ARP");?></td> + <td width="78%" class="vtable"> + <table summary="static arp"> + <tr> + <td> + <input style="vertical-align:middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if ($pconfig['staticarp']) echo " checked=\"checked\""; ?> /> + </td> + <td><b><?=gettext("Enable Static ARP entries");?></b></td> + </tr> + <tr> + <td> </td> + <td> + <span class="red"> + <strong><?=gettext("Note:");?></strong> + </span> + <?=gettext("This option persists even if DHCP server is disabled. Only the machines listed below will be able to communicate with the firewall on this NIC.");?> + </td> + </tr> + </table> + </td> + </tr> +<?php + endif; + + if (!is_numeric($pool) && !($act == "newpool")): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Time format change"); ?></td> + <td width="78%" class="vtable"> + <table summary="time format"> + <tr> + <td> + <input name="dhcpleaseinlocaltime" type="checkbox" id="dhcpleaseinlocaltime" value="yes" <?php if ($pconfig['dhcpleaseinlocaltime']) echo "checked=\"checked\""; ?> /> + </td> + <td> + <strong> + <?=gettext("Change DHCP display lease time from UTC to local time."); ?> + </strong> + </td> + </tr> + <tr> + <td> </td> + <td> + <span class="red"> + <strong><?=gettext("Note:");?></strong> + </span> + <?=gettext("By default DHCP leases are displayed in UTC time. By checking this box DHCP lease time will be displayed in local time and set to time zone selected. This will be used for all DHCP interfaces lease time."); ?> + </td> + </tr> + </table> + </td> + </tr> +<?php + endif; +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> + <td width="78%" class="vtable"> + <div id="showddnsbox"> + <input type="button" onclick="show_ddns_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Dynamic DNS");?> + </div> + <div id="showddns" style="display:none"> + <input style="vertical-align:middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if ($pconfig['ddnsupdate']) echo " checked=\"checked\""; ?> /> + <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> + <br/> + <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>" /><br /> + <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> + <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?><br /> + <input name="ddnsdomainprimary" type="text" class="formfld unknown" id="ddnsdomainprimary" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainprimary']);?>" /><br /> + <?=gettext("Enter the primary domain name server IP address for the dynamic domain name.");?><br /> + <input name="ddnsdomainkeyname" type="text" class="formfld unknown" id="ddnsdomainkeyname" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkeyname']);?>" /><br /> + <?=gettext("Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.");?><br /> + <input name="ddnsdomainkey" type="text" class="formfld unknown" id="ddnsdomainkey" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkey']);?>" /><br /> + <?=gettext("Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("MAC Address Control");?></td> + <td width="78%" class="vtable"> + <div id="showmaccontrolbox"> + <input type="button" onclick="show_maccontrol_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show MAC Address Control");?> + </div> + <div id="showmaccontrol" style="display:none"> + <input name="mac_allow" type="text" class="formfld unknown" id="mac_allow" size="20" value="<?=htmlspecialchars($pconfig['mac_allow']);?>" /><br /> + <?=gettext("Enter a list of partial MAC addresses to allow, comma separated, no spaces, such as ");?>00:00:00,01:E5:FF<br /> + <input name="mac_deny" type="text" class="formfld unknown" id="mac_deny" size="20" value="<?=htmlspecialchars($pconfig['mac_deny']);?>" /><br /> + <?=gettext("Enter a list of partial MAC addresses to deny access, comma separated, no spaces, such as ");?>00:00:00,01:E5:FF + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> + <td width="78%" class="vtable"> + <div id="showntpbox"> + <input type="button" onclick="show_ntp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show NTP configuration");?> + </div> + <div id="showntp" style="display:none"> + <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="20" value="<?=htmlspecialchars($pconfig['ntp1']);?>" /><br /> + <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="20" value="<?=htmlspecialchars($pconfig['ntp2']);?>" /> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> + <td width="78%" class="vtable"> + <div id="showtftpbox"> + <input type="button" onclick="show_tftp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show TFTP configuration");?> + </div> + <div id="showtftp" style="display:none"> + <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>" /><br /> + <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("LDAP URI");?></td> + <td width="78%" class="vtable"> + <div id="showldapbox"> + <input type="button" onclick="show_ldap_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show LDAP configuration");?> + </div> + <div id="showldap" style="display:none"> + <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>" /><br /> + <?=gettext("Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Enable network booting");?></td> + <td width="78%" class="vtable"> + <div id="shownetbootbox"> + <input type="button" onclick="show_netboot_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Network booting");?> + </div> + <div id="shownetboot" style="display:none"> + <input style="vertical-align:middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if ($pconfig['netboot']) echo " checked=\"checked\""; ?> /> + <b><?=gettext("Enables network booting.");?></b> + <br/> + <table border="0" cellspacing="0" cellpadding="2" summary="network booting"> + <tr> + <td> + <?=gettext("Enter the IP of the"); ?> <b><?=gettext("next-server"); ?></b> + </td> + <td> + <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="20" value="<?=htmlspecialchars($pconfig['nextserver']);?>" /><br /> + </td> + </tr> + <tr> + <td> + <?=gettext("and the default bios filename");?> + </td> + <td> + <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>" /><br /> + </td> + </tr> + <tr> + <td> + <?=gettext("and the UEFI 32bit filename ");?> + </td> + <td> + <input name="filename32" type="text" class="formfld unknown" id="filename32" size="20" value="<?=htmlspecialchars($pconfig['filename32']);?>" /><br /> + </td> + </tr> + <tr> + <td> + <?=gettext("and the UEFI 64bit filename ");?> + </td> + <td> + <input name="filename64" type="text" class="formfld unknown" id="filename64" size="20" value="<?=htmlspecialchars($pconfig['filename64']);?>" /><br /> + </td> + </tr> + </table> + <?=gettext("Note: You need both a filename and a boot server configured for this to work!");?> + <?=gettext("You will need all three filenames and a boot server configured for UEFI to work!");?> + <?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?> + <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>" /><br /> + <?=gettext("Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname");?> + </div> + </td> + </tr> +<?php + if (!is_numeric($pool) && !($act == "newpool")): +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Additional BOOTP/DHCP Options");?></td> + <td width="78%" class="vtable"> + <div id="shownumbervaluebox"> + <input type="button" onclick="show_shownumbervalue()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Additional BOOTP/DHCP Options");?> + </div> + <div id="shownumbervalue" style="display:none"> + <table id="maintable" summary="bootp-dhcp options"> + <tbody> + <tr> + <td colspan="3"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + <?=gettext("Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this"); ?> <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank"><?=gettext("URL"); ?></a> + </div> + </td> + </tr> + <tr> + <td><div id="onecolumn"><?=gettext("Number");?></div></td> + <td><div id="twocolumn"><?=gettext("Type");?></div></td> + <td><div id="threecolumn"><?=gettext("Value");?></div></td> + </tr> +<?php + $counter = 0; + if ($pconfig['numberoptions']): + foreach ($pconfig['numberoptions']['item'] as $item): + $number = $item['number']; + $itemtype = $item['type']; + $value = $item['value']; +?> + <tr> + <td> + <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld unknown" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> + </td> + <td> + <select name="itemtype<?php echo $counter; ?>" class="formselect" id="itemtype<?php echo $counter; ?>"> +<?php + foreach ($customitemtypes as $typename => $typedescr) { + echo "<option value=\"{$typename}\" "; + if ($itemtype == $typename) { + echo "selected=\"selected\""; } - ?> - </select> - </td> - <td> - <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld unknown" id="value<?php echo $counter; ?>" size="40" value="<?=htmlspecialchars($value);?>" /> - </td> - <td> - <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="delete" /></a> - </td> + echo ">" . $typedescr . "</option>"; + } +?> + </select> + </td> + <td> + <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld unknown" id="value<?php echo $counter; ?>" size="40" value="<?=htmlspecialchars($value);?>" /> + </td> + <td> + <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="delete" /></a> + </td> + </tr> +<?php + $counter++; + endforeach; + endif; // numberoptions +?> + </tbody> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + //<![CDATA[ + field_counter_js = 3; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + //]]> + </script> + </div> + </td> + </tr> +<?php + endif; +?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <?php if ($act == "newpool"): ?> + <input type="hidden" name="act" value="newpool" /> + <?php endif; ?> + <?php if (is_numeric($pool)): ?> + <input type="hidden" name="pool" value="<?php echo $pool; ?>" /> + <?php endif; ?> + <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>" /> + <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <p> + <span class="vexpl"> + <span class="red"><strong><?=gettext("Note:");?> + <br /> + </strong> + </span> + <?=gettext("The DNS servers entered in"); ?> + <a href="system.php"><?=gettext("System: General setup"); ?></a> + <?=gettext("(or the"); ?> <a href="services_dnsmasq.php"><?=gettext("DNS forwarder"); ?></a>, <?=gettext("if enabled)"); ?> + </span> + <span class="vexpl"> + <?=gettext("will be assigned to clients by the DHCP server."); ?> + <br /> + <br /> + <?=gettext("The DHCP lease table can be viewed on the"); ?> + <a href="status_dhcp_leases.php"><?=gettext("Status: DHCP leases"); ?></a> + <?=gettext("page."); ?> + <br /> + </span> + </p> + </td> </tr> - <?php $counter++; ?> - <?php endforeach; ?> - </tbody> - </table> - <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> - <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> - </a> - <script type="text/javascript"> - //<![CDATA[ - field_counter_js = 3; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; - //]]> - </script> - </div> - - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <?php if ($act == "newpool"): ?> - <input type="hidden" name="act" value="newpool" /> - <?php endif; ?> - <?php if (is_numeric($pool)): ?> - <input type="hidden" name="pool" value="<?php echo $pool; ?>" /> - <?php endif; ?> - <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>" /> - <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br /> - </strong></span><?=gettext("The DNS servers entered in"); ?> <a href="system.php"><?=gettext("System: " . - "General setup"); ?></a> <?=gettext("(or the"); ?> <a href="services_dnsmasq.php"><?=gettext("DNS " . - "forwarder"); ?></a>, <?=gettext("if enabled)"); ?> </span><span class="vexpl"><?=gettext("will " . - "be assigned to clients by the DHCP server."); ?><br /> - <br /> - <?=gettext("The DHCP lease table can be viewed on the"); ?> <a href="status_dhcp_leases.php"><?=gettext("Status: " . - "DHCP leases"); ?></a> <?=gettext("page."); ?><br /> - </span></p> - </td> - </tr> - </table> - <?php if (!is_numeric($pool) && !($act == "newpool")): ?> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="static mappings"> - <tr> - <td colspan="5" valign="top" class="listtopic"><?=gettext("DHCP Static Mappings for this interface.");?></td> - <td> </td> - </tr> - <tr> - <td width="7%" class="listhdrr"><?=gettext("Static ARP");?></td> - <td width="18%" class="listhdrr"><?=gettext("MAC address");?></td> - <td width="15%" class="listhdrr"><?=gettext("IP address");?></td> - <td width="20%" class="listhdrr"><?=gettext("Hostname");?></td> - <td width="30%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php if(is_array($a_maps)): ?> - <?php $i = 0; foreach ($a_maps as $mapent): ?> - <?php if($mapent['mac'] <> "" or $mapent['ipaddr'] <> ""): ?> - <tr> - <td align="center" class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> - <?php if (isset($mapent['arp_table_static_entry'])): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_alert.gif" alt="ARP Table Static Entry" width="17" height="17" border="0" alt="alert" /> - <?php endif; ?> - </td> - <td class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['mac']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['ipaddr']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['hostname']);?> - </td> - <td class="listbg" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['descr']);?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td> - <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> - </tr> </table> - </td> - </tr> - <?php endif; ?> - <?php $i++; endforeach; ?> - <?php endif; ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> +<?php + if (!is_numeric($pool) && !($act == "newpool")): +?> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="static mappings"> + <tr> + <td colspan="5" valign="top" class="listtopic"><?=gettext("DHCP Static Mappings for this interface.");?></td> + <td> </td> + </tr> + <tr> + <td width="7%" class="listhdrr"><?=gettext("Static ARP");?></td> + <td width="18%" class="listhdrr"><?=gettext("MAC address");?></td> + <td width="15%" class="listhdrr"><?=gettext("IP address");?></td> + <td width="20%" class="listhdrr"><?=gettext("Hostname");?></td> + <td width="30%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"> + <a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + if (is_array($a_maps)): + $i = 0; + foreach ($a_maps as $mapent): + if ($mapent['mac'] <> "" or $mapent['ipaddr'] <> ""): +?> + <tr> + <td align="center" class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> + <?php if (isset($mapent['arp_table_static_entry'])): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_alert.gif" alt="ARP Table Static Entry" width="17" height="17" border="0" alt="alert" /> + <?php endif; ?> + </td> + <td class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['mac']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['ipaddr']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['hostname']);?> + </td> + <td class="listbg" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="icons"> + <tr> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td> + <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> + </tr> + </table> + </td> + </tr> +<?php + endif; + $i++; + endforeach; + endif; +?> + <tr> + <td class="list" colspan="5"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> </table> +<?php + endif; +?> + </div> </td> - </tr> - </table> - <?php endif; ?> - </div> -</td> -</tr> + </tr> </table> </form> <script type="text/javascript"> diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index 8bd9664..357c7d6 100644 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -53,7 +53,7 @@ function staticmaps_sort($ifgui) { require_once('globals.inc'); -if(!$g['services_dhcp_server_enable']) { +if (!$g['services_dhcp_server_enable']) { header("Location: /"); exit; } @@ -63,23 +63,28 @@ require("guiconfig.inc"); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_dhcp.php'); $if = $_GET['if']; -if ($_POST['if']) +if ($_POST['if']) { $if = $_POST['if']; +} if (!$if) { header("Location: services_dhcp.php"); exit; } -if (!is_array($config['dhcpd'])) +if (!is_array($config['dhcpd'])) { $config['dhcpd'] = array(); -if (!is_array($config['dhcpd'][$if])) +} +if (!is_array($config['dhcpd'][$if])) { $config['dhcpd'][$if] = array(); -if (!is_array($config['dhcpd'][$if]['staticmap'])) +} +if (!is_array($config['dhcpd'][$if]['staticmap'])) { $config['dhcpd'][$if]['staticmap'] = array(); +} -if (!is_array($config['dhcpd'][$if]['pool'])) +if (!is_array($config['dhcpd'][$if]['pool'])) { $config['dhcpd'][$if]['pool'] = array(); +} $a_pools = &$config['dhcpd'][$if]['pool']; $static_arp_enabled=isset($config['dhcpd'][$if]['staticarp']); @@ -89,10 +94,12 @@ $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_maps[$id]) { $pconfig['mac'] = $a_maps[$id]['mac']; @@ -108,14 +115,14 @@ if (isset($id) && $a_maps[$id]) { $pconfig['gateway'] = $a_maps[$id]['gateway']; $pconfig['domain'] = $a_maps[$id]['domain']; $pconfig['domainsearchlist'] = $a_maps[$id]['domainsearchlist']; - list($pconfig['wins1'],$pconfig['wins2']) = $a_maps[$id]['winsserver']; - list($pconfig['dns1'],$pconfig['dns2'],$pconfig['dns3'],$pconfig['dns4']) = $a_maps[$id]['dnsserver']; + list($pconfig['wins1'], $pconfig['wins2']) = $a_maps[$id]['winsserver']; + list($pconfig['dns1'], $pconfig['dns2'], $pconfig['dns3'], $pconfig['dns4']) = $a_maps[$id]['dnsserver']; $pconfig['ddnsdomain'] = $a_maps[$id]['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $a_maps[$id]['ddnsdomainprimary']; $pconfig['ddnsdomainkeyname'] = $a_maps[$id]['ddnsdomainkeyname']; $pconfig['ddnsdomainkey'] = $a_maps[$id]['ddnsdomainkey']; $pconfig['ddnsupdate'] = isset($a_maps[$id]['ddnsupdate']); - list($pconfig['ntp1'],$pconfig['ntp2']) = $a_maps[$id]['ntpserver']; + list($pconfig['ntp1'], $pconfig['ntp2']) = $a_maps[$id]['ntpserver']; $pconfig['tftp'] = $a_maps[$id]['tftp']; } else { $pconfig['mac'] = $_GET['mac']; @@ -157,17 +164,19 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - /* either MAC or Client-ID must be specified */ - if (empty($_POST['mac']) && empty($_POST['cid'])) - $input_errors[] = gettext("Either MAC address or Client identifier must be specified"); + /* either MAC or Client-ID must be specified */ + if (empty($_POST['mac']) && empty($_POST['cid'])) { + $input_errors[] = gettext("Either MAC address or Client identifier must be specified"); + } /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); if ($_POST['hostname']) { preg_match("/\-\$/", $_POST['hostname'], $matches); - if($matches) + if ($matches) { $input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952"); + } if (!is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } else { @@ -182,20 +191,24 @@ if ($_POST) { if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { $input_errors[] = gettext("A valid MAC address must be specified."); } - if($static_arp_enabled && !$_POST['ipaddr']) { + if ($static_arp_enabled && !$_POST['ipaddr']) { $input_errors[] = gettext("Static ARP is enabled. You must specify an IP address."); } /* check for overlaps */ foreach ($a_maps as $mapent) { - if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent)) + if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent)) { continue; + } /* The fully qualified hostname (hostname + '.' + domainname) must be unique. * The unqualified hostname does not have to be unique as long as the fully * qualified hostname is unique. */ $existingFqn = "{$mapent['hostname']}.{$mapent['domain']}"; $candidateFqn = "{$_POST['hostname']}.{$_POST['domain']}"; - if ((($existingFqn == $candidateFqn) && $mapent['hostname']) || (($mapent['mac'] == $_POST['mac']) && $mapent['mac']) || (($mapent['ipaddr'] == $_POST['ipaddr']) && $mapent['ipaddr'] ) || (($mapent['cid'] == $_POST['cid']) && $mapent['cid'])) { + if ((($existingFqn == $candidateFqn) && $mapent['hostname']) || + (($mapent['mac'] == $_POST['mac']) && $mapent['mac']) || + (($mapent['ipaddr'] == $_POST['ipaddr']) && $mapent['ipaddr']) || + (($mapent['cid'] == $_POST['cid']) && $mapent['cid'])) { $input_errors[] = gettext("This fully qualified hostname (Hostname + Domainname), IP, MAC address or Client identifier already exists."); break; } @@ -206,7 +219,7 @@ if ($_POST) { $dynsubnet_start = ip2ulong($config['dhcpd'][$if]['range']['from']); $dynsubnet_end = ip2ulong($config['dhcpd'][$if]['range']['to']); if ((ip2ulong($_POST['ipaddr']) >= $dynsubnet_start) && - (ip2ulong($_POST['ipaddr']) <= $dynsubnet_end)) { + (ip2ulong($_POST['ipaddr']) <= $dynsubnet_end)) { $input_errors[] = sprintf(gettext("The IP address must not be within the DHCP range for this interface.")); } @@ -220,38 +233,50 @@ if ($_POST) { $lansubnet_start = ip2ulong(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); $lansubnet_end = ip2ulong(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); if ((ip2ulong($_POST['ipaddr']) < $lansubnet_start) || - (ip2ulong($_POST['ipaddr']) > $lansubnet_end)) { - $input_errors[] = sprintf(gettext("The IP address must lie in the %s subnet."),$ifcfgdescr); + (ip2ulong($_POST['ipaddr']) > $lansubnet_end)) { + $input_errors[] = sprintf(gettext("The IP address must lie in the %s subnet."), $ifcfgdescr); } } - if (($_POST['gateway'] && !is_ipaddrv4($_POST['gateway']))) + if (($_POST['gateway'] && !is_ipaddrv4($_POST['gateway']))) { $input_errors[] = gettext("A valid IP address must be specified for the gateway."); - if (($_POST['wins1'] && !is_ipaddrv4($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddrv4($_POST['wins2']))) + } + if (($_POST['wins1'] && !is_ipaddrv4($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddrv4($_POST['wins2']))) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers."); + } $parent_ip = get_interface_ip($POST['if']); if (is_ipaddrv4($parent_ip) && $_POST['gateway']) { $parent_sn = get_interface_subnet($_POST['if']); - if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) + if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) { $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); + } } - if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv4($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv4($_POST['dns4']))) + if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || + ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2'])) || + ($_POST['dns3'] && !is_ipaddrv4($_POST['dns3'])) || + ($_POST['dns4'] && !is_ipaddrv4($_POST['dns4']))) { $input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers."); + } - if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) { $input_errors[] = gettext("The default lease time must be at least 60 seconds."); - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) + } + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) { $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); - if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) + } + if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) { $input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration."); - if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) + } + if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) { $input_errors[] = gettext("A valid primary domain name server IP address must be specified for the dynamic domain name."); + } if (($_POST['ddnsdomainkey'] && !$_POST['ddnsdomainkeyname']) || - ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) + ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) { $input_errors[] = gettext("You must specify both a valid domain key and key name."); + } if ($_POST['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$_POST['domainsearchlist']); + $domain_array=preg_split("/[ ;]+/", $_POST['domainsearchlist']); foreach ($domain_array as $curdomain) { if (!is_domain($curdomain)) { $input_errors[] = gettext("A valid domain search list must be specified."); @@ -260,12 +285,15 @@ if ($_POST) { } } - if (($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2']))) + if (($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2']))) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); - if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) + } + if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server."); - if (($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver']))) + } + if (($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver']))) { $input_errors[] = gettext("A valid IP address must be specified for the network boot server."); + } if (!$input_errors) { $mapent = array(); @@ -281,20 +309,26 @@ if ($_POST) { $mapent['maxleasetime'] = $_POST['maxtime']; unset($mapent['winsserver']); - if ($_POST['wins1']) + if ($_POST['wins1']) { $mapent['winsserver'][] = $_POST['wins1']; - if ($_POST['wins2']) + } + if ($_POST['wins2']) { $mapent['winsserver'][] = $_POST['wins2']; + } unset($mapent['dnsserver']); - if ($_POST['dns1']) + if ($_POST['dns1']) { $mapent['dnsserver'][] = $_POST['dns1']; - if ($_POST['dns2']) + } + if ($_POST['dns2']) { $mapent['dnsserver'][] = $_POST['dns2']; - if ($_POST['dns3']) + } + if ($_POST['dns3']) { $mapent['dnsserver'][] = $_POST['dns3']; - if ($_POST['dns4']) + } + if ($_POST['dns4']) { $mapent['dnsserver'][] = $_POST['dns4']; + } $mapent['gateway'] = $_POST['gateway']; $mapent['domain'] = $_POST['domain']; @@ -306,28 +340,33 @@ if ($_POST) { $mapent['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; unset($mapent['ntpserver']); - if ($_POST['ntp1']) + if ($_POST['ntp1']) { $mapent['ntpserver'][] = $_POST['ntp1']; - if ($_POST['ntp2']) + } + if ($_POST['ntp2']) { $mapent['ntpserver'][] = $_POST['ntp2']; + } $mapent['tftp'] = $_POST['tftp']; $mapent['ldap'] = $_POST['ldap']; - if (isset($id) && $a_maps[$id]) + if (isset($id) && $a_maps[$id]) { $a_maps[$id] = $mapent; - else + } else { $a_maps[] = $mapent; + } staticmaps_sort($if); write_config(); - if(isset($config['dhcpd'][$if]['enable'])) { + if (isset($config['dhcpd'][$if]['enable'])) { mark_subsystem_dirty('staticmaps'); - if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) + if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { mark_subsystem_dirty('hosts'); - if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) + } + if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { mark_subsystem_dirty('unbound'); + } } header("Location: services_dhcp.php?if={$if}"); @@ -336,7 +375,7 @@ if ($_POST) { } $closehead = false; -$pgtitle = array(gettext("Services"),gettext("DHCP"),gettext("Edit static mapping")); +$pgtitle = array(gettext("Services"), gettext("DHCP"), gettext("Edit static mapping")); $shortcut_section = "dhcp"; include("head.inc"); @@ -369,192 +408,212 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="services_dhcp_edit.php" method="post" name="iform" id="iform"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="static mapping"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=sprintf(gettext("Static DHCP Mapping on %s"),$ifcfgdescr);?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("MAC address");?></td> - <td width="78%" class="vtable"> - <input name="mac" type="text" class="formfld unknown" id="mac" size="30" value="<?=htmlspecialchars($pconfig['mac']);?>" /> - <?php - $ip = getenv('REMOTE_ADDR'); - $mac = `/usr/sbin/arp -an | grep {$ip} | cut -d" " -f4`; - $mac = str_replace("\n","",$mac); - ?> - <a onclick="document.forms[0].mac.value='<?=$mac?>';" href="#"><?=gettext("Copy my MAC address");?></a> - <br /> - <span class="vexpl"><?=gettext("Enter a MAC address in the following format: ". - "xx:xx:xx:xx:xx:xx");?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Client identifier");?></td> - <td width="78%" class="vtable"> - <input name="cid" type="text" class="formfld unknown" id="cid" size="30" value="<?=htmlspecialchars($pconfig['cid']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IP address");?></td> - <td width="78%" class="vtable"> - <input name="ipaddr" type="text" class="formfld unknown" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>" /> - <br /> - <?=gettext("If an IPv4 address is entered, the address must be outside of the pool.");?> - <br /> - <?=gettext("If no IPv4 address is given, one will be dynamically allocated from the pool.");?> +<form action="services_dhcp_edit.php" method="post" name="iform" id="iform"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="static mapping"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=sprintf(gettext("Static DHCP Mapping on %s"), $ifcfgdescr);?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("MAC address");?></td> + <td width="78%" class="vtable"> + <input name="mac" type="text" class="formfld unknown" id="mac" size="30" value="<?=htmlspecialchars($pconfig['mac']);?>" /> + <?php + $ip = getenv('REMOTE_ADDR'); + $mac = `/usr/sbin/arp -an | grep {$ip} | cut -d" " -f4`; + $mac = str_replace("\n", "", $mac); + ?> + <a onclick="document.forms[0].mac.value='<?=$mac?>';" href="#"><?=gettext("Copy my MAC address");?></a> + <br /> + <span class="vexpl"> + <?=gettext("Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx");?> + </span> </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Hostname");?></td> - <td width="78%" class="vtable"> - <input name="hostname" type="text" class="formfld unknown" id="hostname" size="20" value="<?=htmlspecialchars($pconfig['hostname']);?>" /> - <br /> <span class="vexpl"><?=gettext("Name of the host, without domain part.");?></span></td> - </tr> - <?php if($netboot_enabled) { ?> + </tr> <tr> - <td width="22%" valign="top" class="vncell">Netboot Filename</td> - <td width="78%" class="vtable"> - <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>" /> - <br /> <span class="vexpl">Name of the file that should be loaded when this host boots off of the network, overrides setting on main page.</span></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Client identifier");?></td> + <td width="78%" class="vtable"> + <input name="cid" type="text" class="formfld unknown" id="cid" size="30" value="<?=htmlspecialchars($pconfig['cid']);?>" /> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Root Path</td> - <td width="78%" class="vtable"> - <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?>, overrides setting on main page.</span></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IP address");?></td> + <td width="78%" class="vtable"> + <input name="ipaddr" type="text" class="formfld unknown" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>" /> + <br /> + <?=gettext("If an IPv4 address is entered, the address must be outside of the pool.");?> + <br /> + <?=gettext("If no IPv4 address is given, one will be dynamically allocated from the pool.");?> + </td> </tr> - <?php } ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here ". - "for your reference (not parsed).");?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("ARP Table Static Entry");?></td> - <td width="78%" class="vtable"> - <input name="arp_table_static_entry" id="arp_table_static_entry" type="checkbox" value="yes" <?php if ($pconfig['arp_table_static_entry']) echo "checked=\"checked\""; ?> /> - <br /> <span class="vexpl"><?=gettext("Create an ARP Table Static Entry for this MAC & IP Address pair. ". - "");?></span></td> - </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("WINS servers");?></td> - <td width="78%" class="vtable"> - <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>" /><br /> - <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>" /> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("Hostname");?></td> + <td width="78%" class="vtable"> + <input name="hostname" type="text" class="formfld unknown" id="hostname" size="20" value="<?=htmlspecialchars($pconfig['hostname']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("Name of the host, without domain part.");?> + </span> + </td> </tr> +<?php + if ($netboot_enabled) { +?> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> - <td width="78%" class="vtable"> - <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> - <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> - <input name="dns3" type="text" class="formfld unknown" id="dns3" size="20" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> - <input name="dns4" type="text" class="formfld unknown" id="dns4" size="20" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> - <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> - </td> + <td width="22%" valign="top" class="vncell">Netboot Filename</td> + <td width="78%" class="vtable"> + <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>" /> + <br /> + <span class="vexpl">Name of the file that should be loaded when this host boots off of the network, overrides setting on main page.</span> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td> - <td width="78%" class="vtable"> - <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>" /><br /> - <?=gettext("The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network.");?> - </td> + <td width="22%" valign="top" class="vncell">Root Path</td> + <td width="78%" class="vtable"> + <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?>, overrides setting on main page. + </span> + </td> </tr> +<?php + } +?> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> - <td width="78%" class="vtable"> - <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>" /><br /> - <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("You may enter a description here for your reference (not parsed).");?> + </span> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> - <td width="78%" class="vtable"> - <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>" /><br /> - <?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator ");?> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("ARP Table Static Entry");?></td> + <td width="78%" class="vtable"> + <input name="arp_table_static_entry" id="arp_table_static_entry" type="checkbox" value="yes" <?php if ($pconfig['arp_table_static_entry']) echo "checked=\"checked\""; ?> /> + <br /> + <span class="vexpl"> + <?=gettext("Create an ARP Table Static Entry for this MAC & IP Address pair. ");?> + </span> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> - <td width="78%" class="vtable"> - <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>" /> - <?=gettext("seconds");?><br /> - <?=gettext("This is used for clients that do not ask for a specific " . - "expiration time."); ?><br /> - <?=gettext("The default is 7200 seconds.");?> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("WINS servers");?></td> + <td width="78%" class="vtable"> + <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>" /><br /> + <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>" /> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> - <td width="78%" class="vtable"> - <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>" /> - <?=gettext("seconds");?><br /> - <?=gettext("This is the maximum lease time for clients that ask". - " for a specific expiration time."); ?><br /> - <?=gettext("The default is 86400 seconds.");?> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> + <td width="78%" class="vtable"> + <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> + <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> + <input name="dns3" type="text" class="formfld unknown" id="dns3" size="20" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> + <input name="dns4" type="text" class="formfld unknown" id="dns4" size="20" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> + <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> - <td width="78%" class="vtable"> - <div id="showddnsbox"> - <input type="button" onclick="show_ddns_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Dynamic DNS");?> - </div> - <div id="showddns" style="display:none"> - <input style="vertical-align:middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo "checked=\"checked\""; ?> /> - <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> - <p> - <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>" /><br /> - <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> - <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?><br /> - <input name="ddnsdomainprimary" type="text" class="formfld unknown" id="ddnsdomainprimary" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainprimary']);?>" /><br /> - <?=gettext("Enter the primary domain name server IP address for the dynamic domain name.");?><br /> - <input name="ddnsdomainkeyname" type="text" class="formfld unknown" id="ddnsdomainkeyname" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkeyname']);?>" /><br /> - <?=gettext("Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.");?><br /> - <input name="ddnsdomainkey" type="text" class="formfld unknown" id="ddnsdomainkey" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkey']);?>" /><br /> - <?=gettext("Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.");?> - </p> - </div> - </td> + <td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td> + <td width="78%" class="vtable"> + <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>" /><br /> + <?=gettext("The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network.");?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> - <td width="78%" class="vtable"> - <div id="showntpbox"> - <input type="button" onclick="show_ntp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show NTP configuration");?> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> + <td width="78%" class="vtable"> + <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>" /><br /> + <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> + <td width="78%" class="vtable"> + <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>" /><br /> + <?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator ");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> + <td width="78%" class="vtable"> + <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>" /> + <?=gettext("seconds");?><br /> + <?=gettext("This is used for clients that do not ask for a specific expiration time."); ?><br /> + <?=gettext("The default is 7200 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> + <td width="78%" class="vtable"> + <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>" /> + <?=gettext("seconds");?><br /> + <?=gettext("This is the maximum lease time for clients that ask for a specific expiration time."); ?><br /> + <?=gettext("The default is 86400 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> + <td width="78%" class="vtable"> + <div id="showddnsbox"> + <input type="button" onclick="show_ddns_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Dynamic DNS");?> + </div> + <div id="showddns" style="display:none"> + <input style="vertical-align:middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if ($pconfig['ddnsupdate']) echo "checked=\"checked\""; ?> /> + <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> + <p> + <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>" /><br /> + <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> + <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?><br /> + <input name="ddnsdomainprimary" type="text" class="formfld unknown" id="ddnsdomainprimary" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainprimary']);?>" /><br /> + <?=gettext("Enter the primary domain name server IP address for the dynamic domain name.");?><br /> + <input name="ddnsdomainkeyname" type="text" class="formfld unknown" id="ddnsdomainkeyname" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkeyname']);?>" /><br /> + <?=gettext("Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.");?><br /> + <input name="ddnsdomainkey" type="text" class="formfld unknown" id="ddnsdomainkey" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkey']);?>" /><br /> + <?=gettext("Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.");?> + </p> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> + <td width="78%" class="vtable"> + <div id="showntpbox"> + <input type="button" onclick="show_ntp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show NTP configuration");?> + </div> + <div id="showntp" style="display:none"> + <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="20" value="<?=htmlspecialchars($pconfig['ntp1']);?>" /><br /> + <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="20" value="<?=htmlspecialchars($pconfig['ntp2']);?>" /> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> + <td width="78%" class="vtable"> + <div id="showtftpbox"> + <input type="button" onclick="show_tftp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show TFTP configuration");?> </div> - <div id="showntp" style="display:none"> - <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="20" value="<?=htmlspecialchars($pconfig['ntp1']);?>" /><br /> - <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="20" value="<?=htmlspecialchars($pconfig['ntp2']);?>" /> + <div id="showtftp" style="display:none"> + <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>" /><br /> + <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> </div> - </td> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> - <td width="78%" class="vtable"> - <div id="showtftpbox"> - <input type="button" onclick="show_tftp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show TFTP configuration");?> - </div> - <div id="showtftp" style="display:none"> - <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>" /><br /> - <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> - </div> - </td> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_maps[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>" /> + </td> </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_maps[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>" /> - </td> - </tr> - </table> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php index 607002c..ae69c3a 100644 --- a/usr/local/www/services_dhcp_relay.php +++ b/usr/local/www/services_dhcp_relay.php @@ -42,10 +42,11 @@ require("guiconfig.inc"); $pconfig['enable'] = isset($config['dhcrelay']['enable']); -if (empty($config['dhcrelay']['interface'])) +if (empty($config['dhcrelay']['interface'])) { $pconfig['interface'] = array(); -else +} else { $pconfig['interface'] = explode(",", $config['dhcrelay']['interface']); +} $pconfig['server'] = $config['dhcrelay']['server']; $pconfig['agentoption'] = isset($config['dhcrelay']['agentoption']); @@ -57,7 +58,7 @@ $iflist = get_configured_interface_with_descr(); */ $dhcpd_enabled = false; if (is_array($config['dhcpd'])) { - foreach($config['dhcpd'] as $dhcpif => $dhcp) { + foreach ($config['dhcpd'] as $dhcpif => $dhcp) { if (isset($dhcp['enable']) && isset($config['interfaces'][$dhcpif]['enable'])) { $dhcpd_enabled = true; break; @@ -80,8 +81,9 @@ if ($_POST) { if ($_POST['server']) { $checksrv = explode(",", $_POST['server']); foreach ($checksrv as $srv) { - if (!is_ipaddr($srv)) + if (!is_ipaddr($srv)) { $input_errors[] = gettext("A valid Destination Server IP address must be specified."); + } } } } @@ -102,7 +104,7 @@ if ($_POST) { } $closehead = false; -$pgtitle = array(gettext("Services"),gettext("DHCP Relay")); +$pgtitle = array(gettext("Services"), gettext("DHCP Relay")); $shortcut_section = "dhcp"; include("head.inc"); @@ -132,73 +134,76 @@ function enable_change(enable_over) { <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="dhcp relay"> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> + <tr> <?php if ($dhcpd_enabled) { echo "<td>DHCP Server is currently enabled. Cannot enable the DHCP Relay service while the DHCP Server is enabled on any interface."; - echo "</td></tr></table></div></td></tr></table></form>"; - include("fend.inc"); - echo "</body></html>"; - exit; - } + echo "</td></tr></table></div></td></tr></table></form>"; + include("fend.inc"); + echo "</body></html>"; + exit; + } ?> - <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCP Relay configuration"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Enable</td> - <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> - <strong><?php printf(gettext("Enable DHCP relay on interface"));?></strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Interface(s)</td> - <td width="78%" class="vtable"> - <select id="interface" name="interface[]" multiple="multiple" class="formselect" size="3"> - <?php - foreach ($iflist as $ifent => $ifdesc) { - if (!is_ipaddr(get_interface_ip($ifent))) - continue; - echo "<option value=\"{$ifent}\""; - if (in_array($ifent, $pconfig['interface'])) - echo " selected=\"selected\""; - echo ">{$ifdesc}</option>\n"; - } - ?> - </select> - <br />Interfaces without an IP address will not be shown. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> -<input name="agentoption" type="checkbox" value="yes" <?php if ($pconfig['agentoption']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Append circuit ID and agent ID to requests"); ?></strong><br /> - <?php printf(gettext("If this is checked, the DHCP relay will append the circuit ID (%s interface number) and the agent ID to the DHCP request."), $g['product_name']); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination server");?></td> - <td width="78%" class="vtable"> - <input name="server" type="text" class="formfld unknown" id="server" size="20" value="<?=htmlspecialchars($pconfig['server']);?>" /> - <br /> - <?=gettext("This is the IP address of the server to which DHCP requests are relayed. You can enter multiple server IP addresses, separated by commas.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> - </td> - </tr> - </table> - </div> - </td> - </tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCP Relay configuration"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Enable</td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> + <strong><?php printf(gettext("Enable DHCP relay on interface"));?></strong> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Interface(s)</td> + <td width="78%" class="vtable"> + <select id="interface" name="interface[]" multiple="multiple" class="formselect" size="3"> + <?php + foreach ($iflist as $ifent => $ifdesc) { + if (!is_ipaddr(get_interface_ip($ifent))) { + continue; + } + echo "<option value=\"{$ifent}\""; + if (in_array($ifent, $pconfig['interface'])) { + echo " selected=\"selected\""; + } + echo ">{$ifdesc}</option>\n"; + } + ?> + </select> + <br />Interfaces without an IP address will not be shown. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="agentoption" type="checkbox" value="yes" <?php if ($pconfig['agentoption']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Append circuit ID and agent ID to requests"); ?></strong><br /> + <?php printf(gettext("If this is checked, the DHCP relay will append the circuit ID (%s interface number) and the agent ID to the DHCP request."), $g['product_name']); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination server");?></td> + <td width="78%" class="vtable"> + <input name="server" type="text" class="formfld unknown" id="server" size="20" value="<?=htmlspecialchars($pconfig['server']);?>" /> + <br /> + <?=gettext("This is the IP address of the server to which DHCP requests are relayed. You can enter multiple server IP addresses, separated by commas.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> + </td> + </tr> + </table> + </div> + </td> + </tr> </table> </form> <script type="text/javascript"> diff --git a/usr/local/www/services_dhcpv6.php b/usr/local/www/services_dhcpv6.php index 5683e5d..9888f03 100644 --- a/usr/local/www/services_dhcpv6.php +++ b/usr/local/www/services_dhcpv6.php @@ -48,7 +48,7 @@ require("guiconfig.inc"); require_once("filter.inc"); -if(!$g['services_dhcp_server_enable']) { +if (!$g['services_dhcp_server_enable']) { header("Location: /"); exit; } @@ -56,19 +56,20 @@ if(!$g['services_dhcp_server_enable']) { /* Fix failover DHCP problem * http://article.gmane.org/gmane.comp.security.firewalls.pfsense.support/18749 */ -ini_set("memory_limit","64M"); +ini_set("memory_limit", "64M"); $if = $_GET['if']; -if ($_POST['if']) +if ($_POST['if']) { $if = $_POST['if']; +} /* if OLSRD is enabled, allow WAN to house DHCP. */ -if($config['installedpackages']['olsrd']) { - foreach($config['installedpackages']['olsrd']['config'] as $olsrd) { - if($olsrd['enable']) { - $is_olsr_enabled = true; - break; - } +if ($config['installedpackages']['olsrd']) { + foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) { + if ($olsrd['enable']) { + $is_olsr_enabled = true; + break; + } } } @@ -80,14 +81,15 @@ if (!$if || !isset($iflist[$if])) { foreach ($iflist as $ifent => $ifname) { $oc = $config['interfaces'][$ifent]; if ((is_array($config['dhcpdv6'][$ifent]) && !isset($config['dhcpdv6'][$ifent]['enable']) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6'])))) || - (!is_array($config['dhcpdv6'][$ifent]) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6']))))) + (!is_array($config['dhcpdv6'][$ifent]) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6']))))) { continue; + } $if = $ifent; break; } } -if (is_array($config['dhcpdv6'][$if])){ +if (is_array($config['dhcpdv6'][$if])) { /* DHCPv6 */ if (is_array($config['dhcpdv6'][$if]['range'])) { $pconfig['range_from'] = $config['dhcpdv6'][$if]['range']['from']; @@ -102,15 +104,15 @@ if (is_array($config['dhcpdv6'][$if])){ $pconfig['maxtime'] = $config['dhcpdv6'][$if]['maxleasetime']; $pconfig['domain'] = $config['dhcpdv6'][$if]['domain']; $pconfig['domainsearchlist'] = $config['dhcpdv6'][$if]['domainsearchlist']; - list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpdv6'][$if]['winsserver']; - list($pconfig['dns1'],$pconfig['dns2'],$pconfig['dns3'],$pconfig['dns4']) = $config['dhcpdv6'][$if]['dnsserver']; + list($pconfig['wins1'], $pconfig['wins2']) = $config['dhcpdv6'][$if]['winsserver']; + list($pconfig['dns1'], $pconfig['dns2'], $pconfig['dns3'], $pconfig['dns4']) = $config['dhcpdv6'][$if]['dnsserver']; $pconfig['enable'] = isset($config['dhcpdv6'][$if]['enable']); $pconfig['ddnsdomain'] = $config['dhcpdv6'][$if]['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $config['dhcpdv6'][$if]['ddnsdomainprimary']; $pconfig['ddnsdomainkeyname'] = $config['dhcpdv6'][$if]['ddnsdomainkeyname']; $pconfig['ddnsdomainkey'] = $config['dhcpdv6'][$if]['ddnsdomainkey']; $pconfig['ddnsupdate'] = isset($config['dhcpdv6'][$if]['ddnsupdate']); - list($pconfig['ntp1'],$pconfig['ntp2']) = $config['dhcpdv6'][$if]['ntpserver']; + list($pconfig['ntp1'], $pconfig['ntp2']) = $config['dhcpdv6'][$if]['ntpserver']; $pconfig['tftp'] = $config['dhcpdv6'][$if]['tftp']; $pconfig['ldap'] = $config['dhcpdv6'][$if]['ldap']; $pconfig['netboot'] = isset($config['dhcpdv6'][$if]['netboot']); @@ -118,8 +120,9 @@ if (is_array($config['dhcpdv6'][$if])){ $pconfig['netmask'] = $config['dhcpdv6'][$if]['netmask']; $pconfig['numberoptions'] = $config['dhcpdv6'][$if]['numberoptions']; $pconfig['dhcpv6leaseinlocaltime'] = $config['dhcpdv6'][$if]['dhcpv6leaseinlocaltime']; - if (!is_array($config['dhcpdv6'][$if]['staticmap'])) + if (!is_array($config['dhcpdv6'][$if]['staticmap'])) { $config['dhcpdv6'][$if]['staticmap'] = array(); + } $a_maps = &$config['dhcpdv6'][$if]['staticmap']; } @@ -134,11 +137,12 @@ $ifcfgsn = get_interface_subnetv6($if); $dhcrelay_enabled = false; $dhcrelaycfg = $config['dhcrelay6']; -if(is_array($dhcrelaycfg)) { +if (is_array($dhcrelaycfg)) { foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) { if (isset($dhcrelayifconf['enable']) && isset($iflist[$dhcrelayif]) && - (!link_interface_to_bridge($dhcrelayif))) + (!link_interface_to_bridge($dhcrelayif))) { $dhcrelay_enabled = true; + } } } @@ -153,8 +157,8 @@ if ($_POST) { $pconfig = $_POST; $numberoptions = array(); - for($x=0; $x<99; $x++) { - if(isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { + for ($x=0; $x<99; $x++) { + if (isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { $numbervalue = array(); $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); @@ -167,36 +171,50 @@ if ($_POST) { /* input validation */ if ($_POST['enable']) { $reqdfields = explode(" ", "range_from range_to"); - $reqdfieldsn = array(gettext("Range begin"),gettext("Range end")); + $reqdfieldsn = array(gettext("Range begin"), gettext("Range end")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if (($_POST['prefixrange_from'] && !is_ipaddrv6($_POST['prefixrange_from']))) + if (($_POST['prefixrange_from'] && !is_ipaddrv6($_POST['prefixrange_from']))) { $input_errors[] = gettext("A valid range must be specified."); - if (($_POST['prefixrange_to'] && !is_ipaddrv6($_POST['prefixrange_to']))) + } + if (($_POST['prefixrange_to'] && !is_ipaddrv6($_POST['prefixrange_to']))) { $input_errors[] = gettext("A valid prefix range must be specified."); - if (($_POST['range_from'] && !is_ipaddrv6($_POST['range_from']))) + } + if (($_POST['range_from'] && !is_ipaddrv6($_POST['range_from']))) { $input_errors[] = gettext("A valid range must be specified."); - if (($_POST['range_to'] && !is_ipaddrv6($_POST['range_to']))) + } + if (($_POST['range_to'] && !is_ipaddrv6($_POST['range_to']))) { $input_errors[] = gettext("A valid range must be specified."); - if (($_POST['gateway'] && !is_ipaddrv6($_POST['gateway']))) + } + if (($_POST['gateway'] && !is_ipaddrv6($_POST['gateway']))) { $input_errors[] = gettext("A valid IPv6 address must be specified for the gateway."); - if (($_POST['dns1'] && !is_ipaddrv6($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv6($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv6($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv6($_POST['dns4']))) + } + if (($_POST['dns1'] && !is_ipaddrv6($_POST['dns1'])) || + ($_POST['dns2'] && !is_ipaddrv6($_POST['dns2'])) || + ($_POST['dns3'] && !is_ipaddrv6($_POST['dns3'])) || + ($_POST['dns4'] && !is_ipaddrv6($_POST['dns4']))) { $input_errors[] = gettext("A valid IPv6 address must be specified for each of the DNS servers."); + } - if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) { $input_errors[] = gettext("The default lease time must be at least 60 seconds."); - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) + } + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) { $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); - if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) + } + if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) { $input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration."); - if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) + } + if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) { $input_errors[] = gettext("A valid primary domain name server IPv4 address must be specified for the dynamic domain name."); + } if (($_POST['ddnsdomainkey'] && !$_POST['ddnsdomainkeyname']) || - ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) + ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) { $input_errors[] = gettext("You must specify both a valid domain key and key name."); + } if ($_POST['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$_POST['domainsearchlist']); + $domain_array=preg_split("/[ ;]+/", $_POST['domainsearchlist']); foreach ($domain_array as $curdomain) { if (!is_domain($curdomain)) { $input_errors[] = gettext("A valid domain search list must be specified."); @@ -205,47 +223,58 @@ if ($_POST) { } } - if (($_POST['ntp1'] && !is_ipaddrv6($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv6($_POST['ntp2']))) + if (($_POST['ntp1'] && !is_ipaddrv6($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv6($_POST['ntp2']))) { $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary NTP servers."); - if (($_POST['domain'] && !is_domain($_POST['domain']))) + } + if (($_POST['domain'] && !is_domain($_POST['domain']))) { $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); - if ($_POST['tftp'] && !is_ipaddr($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) + } + if ($_POST['tftp'] && !is_ipaddr($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IPv6 address or hostname must be specified for the TFTP server."); - if (($_POST['bootfile_url'] && !is_URL($_POST['bootfile_url']))) + } + if (($_POST['bootfile_url'] && !is_URL($_POST['bootfile_url']))) { $input_errors[] = gettext("A valid URL must be specified for the network bootfile."); + } // Disallow a range that includes the virtualip if (is_array($config['virtualip']['vip'])) { - foreach($config['virtualip']['vip'] as $vip) { - if($vip['interface'] == $if) - if($vip['subnetv6'] && is_inrange_v6($vip['subnetv6'], $_POST['range_from'], $_POST['range_to'])) - $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."),$vip['subnetv6']); + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['interface'] == $if) { + if ($vip['subnetv6'] && is_inrange_v6($vip['subnetv6'], $_POST['range_from'], $_POST['range_to'])) { + $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."), $vip['subnetv6']); + } + } } } $noip = false; - if(is_array($a_maps)) - foreach ($a_maps as $map) - if (empty($map['ipaddrv6'])) + if (is_array($a_maps)) { + foreach ($a_maps as $map) { + if (empty($map['ipaddrv6'])) { $noip = true; + } + } + } if (!$input_errors) { /* make sure the range lies within the current subnet */ $subnet_start = gen_subnetv6($ifcfgip, $ifcfgsn); $subnet_end = gen_subnetv6_max($ifcfgip, $ifcfgsn); if (is_ipaddrv6($ifcfgip)) { - if ((! is_inrange_v6($_POST['range_from'], $subnet_start, $subnet_end)) || - (! is_inrange_v6($_POST['range_to'], $subnet_start, $subnet_end))) { + if ((!is_inrange_v6($_POST['range_from'], $subnet_start, $subnet_end)) || + (!is_inrange_v6($_POST['range_to'], $subnet_start, $subnet_end))) { $input_errors[] = gettext("The specified range lies outside of the current subnet."); } } /* "from" cannot be higher than "to" */ - if (inet_pton($_POST['range_from']) > inet_pton($_POST['range_to'])) + if (inet_pton($_POST['range_from']) > inet_pton($_POST['range_to'])) { $input_errors[] = gettext("The range is invalid (first element higher than second element)."); + } /* make sure that the DHCP Relay isn't enabled on this interface */ - if (isset($config['dhcrelay'][$if]['enable'])) - $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."),$iflist[$if]); + if (isset($config['dhcrelay'][$if]['enable'])) { + $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."), $iflist[$if]); + } /* Verify static mappings do not overlap: @@ -254,12 +283,13 @@ if ($_POST) { $dynsubnet_start = inet_pton($_POST['range_from']); $dynsubnet_end = inet_pton($_POST['range_to']); - if(is_array($a_maps)) { + if (is_array($a_maps)) { foreach ($a_maps as $map) { - if (empty($map['ipaddrv6'])) + if (empty($map['ipaddrv6'])) { continue; + } if ((inet_pton($map['ipaddrv6']) > $dynsubnet_start) && - (inet_pton($map['ipaddrv6']) < $dynsubnet_end)) { + (inet_pton($map['ipaddrv6']) < $dynsubnet_end)) { $input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings.")); break; } @@ -269,12 +299,15 @@ if ($_POST) { } if (!$input_errors) { - if (!is_array($config['dhcpdv6'][$if])) + if (!is_array($config['dhcpdv6'][$if])) { $config['dhcpdv6'][$if] = array(); - if (!is_array($config['dhcpdv6'][$if]['range'])) + } + if (!is_array($config['dhcpdv6'][$if]['range'])) { $config['dhcpdv6'][$if]['range'] = array(); - if (!is_array($config['dhcpdv6'][$if]['prefixrange'])) + } + if (!is_array($config['dhcpdv6'][$if]['prefixrange'])) { $config['dhcpdv6'][$if]['prefixrange'] = array(); + } $config['dhcpdv6'][$if]['range']['from'] = $_POST['range_from']; $config['dhcpdv6'][$if]['range']['to'] = $_POST['range_to']; @@ -288,14 +321,18 @@ if ($_POST) { unset($config['dhcpdv6'][$if]['winsserver']); unset($config['dhcpdv6'][$if]['dnsserver']); - if ($_POST['dns1']) + if ($_POST['dns1']) { $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns1']; - if ($_POST['dns2']) + } + if ($_POST['dns2']) { $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns2']; - if ($_POST['dns3']) + } + if ($_POST['dns3']) { $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns3']; - if ($_POST['dns4']) + } + if ($_POST['dns4']) { $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns4']; + } $config['dhcpdv6'][$if]['domain'] = $_POST['domain']; $config['dhcpdv6'][$if]['domainsearchlist'] = $_POST['domainsearchlist']; @@ -307,10 +344,12 @@ if ($_POST) { $config['dhcpdv6'][$if]['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; unset($config['dhcpdv6'][$if]['ntpserver']); - if ($_POST['ntp1']) + if ($_POST['ntp1']) { $config['dhcpdv6'][$if]['ntpserver'][] = $_POST['ntp1']; - if ($_POST['ntp2']) + } + if ($_POST['ntp2']) { $config['dhcpdv6'][$if]['ntpserver'][] = $_POST['ntp2']; + } $config['dhcpdv6'][$if]['tftp'] = $_POST['tftp']; $config['dhcpdv6'][$if]['ldap'] = $_POST['ldap']; @@ -319,8 +358,9 @@ if ($_POST) { $config['dhcpdv6'][$if]['dhcpv6leaseinlocaltime'] = $_POST['dhcpv6leaseinlocaltime']; // Handle the custom options rowhelper - if(isset($config['dhcpdv6'][$if]['numberoptions']['item'])) + if (isset($config['dhcpdv6'][$if]['numberoptions']['item'])) { unset($config['dhcpdv6'][$if]['numberoptions']['item']); + } $config['dhcpdv6'][$if]['numberoptions'] = $numberoptions; @@ -348,13 +388,16 @@ if ($_POST) { } } else { $retvaldhcp = services_dhcpd_configure(); - if ($retvaldhcp == 0) + if ($retvaldhcp == 0) { clear_subsystem_dirty('staticmaps'); + } } - if ($dhcpdv6_enable_changed) + if ($dhcpdv6_enable_changed) { $retvalfc = filter_configure(); - if($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) + } + if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { $retval = 1; + } $savemsg = get_std_save_message($retval); } } @@ -363,10 +406,11 @@ if ($_GET['act'] == "del") { if ($a_maps[$_GET['id']]) { unset($a_maps[$_GET['id']]); write_config(); - if(isset($config['dhcpdv6'][$if]['enable'])) { + if (isset($config['dhcpdv6'][$if]['enable'])) { mark_subsystem_dirty('staticmapsv6'); - if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstaticv6'])) + if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstaticv6'])) { mark_subsystem_dirty('hosts'); + } } header("Location: services_dhcpv6.php?if={$if}"); exit; @@ -374,7 +418,7 @@ if ($_GET['act'] == "del") { } $closehead = false; -$pgtitle = array(gettext("Services"),gettext("DHCPv6 server")); +$pgtitle = array(gettext("Services"), gettext("DHCPv6 server")); $shortcut_section = "dhcp6"; include("head.inc"); @@ -484,7 +528,8 @@ include("head.inc"); <?php print_info_box_np(gettext("The static mapping configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br /> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="dhcpv6 server"> -<tr><td> + <tr> + <td> <?php /* active tabs */ $tab_array = array(); @@ -493,26 +538,29 @@ include("head.inc"); foreach ($iflist as $ifent => $ifname) { $oc = $config['interfaces'][$ifent]; if ((is_array($config['dhcpdv6'][$ifent]) && !isset($config['dhcpdv6'][$ifent]['enable']) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6'])))) || - (!is_array($config['dhcpdv6'][$ifent]) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6']))))) + (!is_array($config['dhcpdv6'][$ifent]) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6']))))) { continue; - if ($ifent == $if) + } + if ($ifent == $if) { $active = true; - else + } else { $active = false; + } $tab_array[] = array($ifname, $active, "services_dhcpv6.php?if={$ifent}"); $tabscounter++; } /* tack on PPPoE or PPtP servers here */ /* pppoe server */ if (is_array($config['pppoes']['pppoe'])) { - foreach($config['pppoes']['pppoe'] as $pppoe) { + foreach ($config['pppoes']['pppoe'] as $pppoe) { if ($pppoe['mode'] == "server") { $ifent = "poes". $pppoe['pppoeid']; $ifname = strtoupper($ifent); - if ($ifent == $if) + if ($ifent == $if) { $active = true; - else + } else { $active = false; + } $tab_array[] = array($ifname, $active, "services_dhcpv6.php?if={$ifent}"); $tabscounter++; } @@ -528,390 +576,413 @@ include("head.inc"); } display_top_tabs($tab_array); ?> -</td></tr> -<tr><td class="tabnavtbl"> + </td> + </tr> + <tr> + <td class="tabnavtbl"> <?php -$tab_array = array(); -$tab_array[] = array(gettext("DHCPv6 Server"), true, "services_dhcpv6.php?if={$if}"); -$tab_array[] = array(gettext("Router Advertisements"), false, "services_router_advertisements.php?if={$if}"); -display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array(gettext("DHCPv6 Server"), true, "services_dhcpv6.php?if={$if}"); + $tab_array[] = array(gettext("Router Advertisements"), false, "services_router_advertisements.php?if={$if}"); + display_top_tabs($tab_array); ?> -</td></tr> -<tr> -<td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("DHCPv6 Server");?></td> - <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false);" /> - <strong><?php printf(gettext("Enable DHCPv6 server on " . - "%s " . - "interface"),htmlspecialchars($iflist[$if]));?></strong></td> - </tr> - <?php - /* the PPPoE Server could well have no IPv6 address and operate fine with just link-local, just hide these */ - if(is_ipaddrv6($ifcfgip)) { - ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet");?></td> - <td width="78%" class="vtable"> - <?=gen_subnetv6($ifcfgip, $ifcfgsn);?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet mask");?></td> - <td width="78%" class="vtable"> - <?=$ifcfgsn;?> bits - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Available range");?></td> - <td width="78%" class="vtable"> - <?php - $range_from = gen_subnetv6($ifcfgip, $ifcfgsn); - echo $range_from; - - ?> - - - <?php - $range_to = gen_subnetv6_max($ifcfgip, $ifcfgsn); - echo $range_to; - ?> - </td> - </tr> - <?php } ?> - - <?php if($is_olsr_enabled): ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet Mask");?></td> - <td width="78%" class="vtable"> - <select name="netmask" class="formselect" id="netmask"> - <?php - for ($i = 128; $i > 0; $i--) { - if($i <> 127) { - echo "<option value=\"{$i}\" "; - if ($i == $pconfig['netmask']) echo "selected"; - echo ">" . $i . "</option>"; - } - } - ?> - </select> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Range");?></td> - <td width="78%" class="vtable"> - <input name="range_from" type="text" class="formfld unknown" id="range_from" size="28" value="<?=htmlspecialchars($pconfig['range_from']);?>" /> - <?=gettext("to"); ?> <input name="range_to" type="text" class="formfld unknown" id="range_to" size="28" value="<?=htmlspecialchars($pconfig['range_to']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Prefix Delegation Range");?></td> - <td width="78%" class="vtable"> - <input name="prefixrange_from" type="text" class="formfld unknown" id="prefixrange_from" size="28" value="<?=htmlspecialchars($pconfig['prefixrange_from']);?>" /> - <?=gettext("to"); ?> <input name="prefixrange_to" type="text" class="formfld unknown" id="prefixrange_to" size="28" value="<?=htmlspecialchars($pconfig['prefixrange_to']);?>" /> - <br /><?=gettext("Prefix Delegation Size"); ?>: <select name="prefixrange_length" class="formselect" id="prefixrange_length"> - <option value="48" <?php if($pconfig['prefixrange_length'] == 48) echo "selected=\"selected\""; ?>>48</option> - <option value="52" <?php if($pconfig['prefixrange_length'] == 52) echo "selected=\"selected\""; ?>>52</option> - <option value="56" <?php if($pconfig['prefixrange_length'] == 56) echo "selected=\"selected\""; ?>>56</option> - <option value="60" <?php if($pconfig['prefixrange_length'] == 60) echo "selected=\"selected\""; ?>>60</option> - <option value="62" <?php if($pconfig['prefixrange_length'] == 62) echo "selected=\"selected\""; ?>>62</option> - <option value="63" <?php if($pconfig['prefixrange_length'] == 63) echo "selected=\"selected\""; ?>>63</option> - <option value="64" <?php if($pconfig['prefixrange_length'] == 64) echo "selected=\"selected\""; ?>>64</option> - </select> <br /> - <?php echo gettext("You can define a Prefix range here for DHCP Prefix Delegation. This allows for - assigning networks to subrouters. The start and end of the range must end on boundaries of the prefix delegation size."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> - <td width="78%" class="vtable"> - <input name="dns1" type="text" class="formfld unknown" id="dns1" size="28" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> - <input name="dns2" type="text" class="formfld unknown" id="dns2" size="28" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> - <input name="dns3" type="text" class="formfld unknown" id="dns3" size="28" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> - <input name="dns4" type="text" class="formfld unknown" id="dns4" size="28" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> - <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> - <td width="78%" class="vtable"> - <input name="domain" type="text" class="formfld unknown" id="domain" size="28" value="<?=htmlspecialchars($pconfig['domain']);?>" /><br /> - <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> - <td width="78%" class="vtable"> - <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="28" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>" /><br /> - <?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> - <td width="78%" class="vtable"> - <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>" /> - <?=gettext("seconds");?><br /> - <?=gettext("This is used for clients that do not ask for a specific " . - "expiration time."); ?><br /> - <?=gettext("The default is 7200 seconds.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> - <td width="78%" class="vtable"> - <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>" /> - <?=gettext("seconds");?><br /> - <?=gettext("This is the maximum lease time for clients that ask". - " for a specific expiration time."); ?><br /> - <?=gettext("The default is 86400 seconds.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Time format change"); ?></td> - <td width="78%" class="vtable"> - <table summary="time format change"> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> <tr> - <td> - <input name="dhcpv6leaseinlocaltime" type="checkbox" id="dhcpv6leaseinlocaltime" value="yes" <?php if ($pconfig['dhcpv6leaseinlocaltime']) echo "checked=\"checked\""; ?> /> - </td> - <td> - <strong> - <?=gettext("Change DHCPv6 display lease time from UTC to local time."); ?> - </strong> - </td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("DHCPv6 Server");?></td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false);" /> + <strong><?php printf(gettext("Enable DHCPv6 server on %s interface"), htmlspecialchars($iflist[$if]));?></strong> + </td> </tr> +<?php + /* the PPPoE Server could well have no IPv6 address and operate fine with just link-local, just hide these */ + if (is_ipaddrv6($ifcfgip)) { +?> <tr> - <td> </td> - <td> - <span class="red"><strong><?=gettext("Note:");?></strong></span> <?=gettext("By default DHCPv6 leases are displayed in UTC time. By checking this - box DHCPv6 lease time will be displayed in local time and set to time zone selected. This will be used for all DHCPv6 interfaces lease time."); ?> - - </td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet");?></td> + <td width="78%" class="vtable"> + <?=gen_subnetv6($ifcfgip, $ifcfgsn);?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet mask");?></td> + <td width="78%" class="vtable"> + <?=$ifcfgsn;?> bits + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Available range");?></td> + <td width="78%" class="vtable"> + <?php + $range_from = gen_subnetv6($ifcfgip, $ifcfgsn); + echo $range_from; + ?> + - + <?php + $range_to = gen_subnetv6_max($ifcfgip, $ifcfgsn); + echo $range_to; + ?> + </td> + </tr> +<?php + } + + if ($is_olsr_enabled): +?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet Mask");?></td> + <td width="78%" class="vtable"> + <select name="netmask" class="formselect" id="netmask"> + <?php + for ($i = 128; $i > 0; $i--) { + if ($i <> 127) { + echo "<option value=\"{$i}\" "; + if ($i == $pconfig['netmask']) { + echo "selected"; + } + echo ">" . $i . "</option>"; + } + } + ?> + </select> + </td> + </tr> +<?php + endif; +?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Range");?></td> + <td width="78%" class="vtable"> + <input name="range_from" type="text" class="formfld unknown" id="range_from" size="28" value="<?=htmlspecialchars($pconfig['range_from']);?>" /> + <?=gettext("to"); ?> <input name="range_to" type="text" class="formfld unknown" id="range_to" size="28" value="<?=htmlspecialchars($pconfig['range_to']);?>" /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Prefix Delegation Range");?></td> + <td width="78%" class="vtable"> + <input name="prefixrange_from" type="text" class="formfld unknown" id="prefixrange_from" size="28" value="<?=htmlspecialchars($pconfig['prefixrange_from']);?>" /> + <?=gettext("to"); ?> <input name="prefixrange_to" type="text" class="formfld unknown" id="prefixrange_to" size="28" value="<?=htmlspecialchars($pconfig['prefixrange_to']);?>" /> + <br /><?=gettext("Prefix Delegation Size"); ?>: + <select name="prefixrange_length" class="formselect" id="prefixrange_length"> + <option value="48" <?php if ($pconfig['prefixrange_length'] == 48) echo "selected=\"selected\""; ?>>48</option> + <option value="52" <?php if ($pconfig['prefixrange_length'] == 52) echo "selected=\"selected\""; ?>>52</option> + <option value="56" <?php if ($pconfig['prefixrange_length'] == 56) echo "selected=\"selected\""; ?>>56</option> + <option value="60" <?php if ($pconfig['prefixrange_length'] == 60) echo "selected=\"selected\""; ?>>60</option> + <option value="62" <?php if ($pconfig['prefixrange_length'] == 62) echo "selected=\"selected\""; ?>>62</option> + <option value="63" <?php if ($pconfig['prefixrange_length'] == 63) echo "selected=\"selected\""; ?>>63</option> + <option value="64" <?php if ($pconfig['prefixrange_length'] == 64) echo "selected=\"selected\""; ?>>64</option> + </select> <br /> + <?php echo gettext("You can define a Prefix range here for DHCP Prefix Delegation. This allows for + assigning networks to subrouters. The start and end of the range must end on boundaries of the prefix delegation size."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> + <td width="78%" class="vtable"> + <input name="dns1" type="text" class="formfld unknown" id="dns1" size="28" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> + <input name="dns2" type="text" class="formfld unknown" id="dns2" size="28" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> + <input name="dns3" type="text" class="formfld unknown" id="dns3" size="28" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> + <input name="dns4" type="text" class="formfld unknown" id="dns4" size="28" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> + <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> + <td width="78%" class="vtable"> + <input name="domain" type="text" class="formfld unknown" id="domain" size="28" value="<?=htmlspecialchars($pconfig['domain']);?>" /><br /> + <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> + <td width="78%" class="vtable"> + <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="28" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>" /><br /> + <?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> + <td width="78%" class="vtable"> + <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>" /> + <?=gettext("seconds");?><br /> + <?=gettext("This is used for clients that do not ask for a specific expiration time."); ?><br /> + <?=gettext("The default is 7200 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> + <td width="78%" class="vtable"> + <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>" /> + <?=gettext("seconds");?><br /> + <?=gettext("This is the maximum lease time for clients that ask for a specific expiration time."); ?><br /> + <?=gettext("The default is 86400 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Time format change"); ?></td> + <td width="78%" class="vtable"> + <table summary="time format change"> + <tr> + <td> + <input name="dhcpv6leaseinlocaltime" type="checkbox" id="dhcpv6leaseinlocaltime" value="yes" <?php if ($pconfig['dhcpv6leaseinlocaltime']) echo "checked=\"checked\""; ?> /> + </td> + <td> + <strong> + <?=gettext("Change DHCPv6 display lease time from UTC to local time."); ?> + </strong> + </td> + </tr> + <tr> + <td> </td> + <td> + <span class="red"> + <strong><?=gettext("Note:");?></strong> + </span> + <?=gettext("By default DHCPv6 leases are displayed in UTC time. By checking this box DHCPv6 lease time will be displayed in local time and set to time zone selected. This will be used for all DHCPv6 interfaces lease time."); ?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> + <td width="78%" class="vtable"> + <div id="showddnsbox"> + <input type="button" onclick="show_ddns_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Dynamic DNS");?> + </div> + <div id="showddns" style="display:none"> + <input style="vertical-align:middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if ($pconfig['ddnsupdate']) echo " checked=\"checked\""; ?> /> + <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> + <p> + <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="28" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>" /><br /> + <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> + <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?><br /> + <input name="ddnsdomainprimary" type="text" class="formfld unknown" id="ddnsdomainprimary" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainprimary']);?>" /><br /> + <?=gettext("Enter the primary domain name server IP address for the dynamic domain name.");?><br /> + <input name="ddnsdomainkeyname" type="text" class="formfld unknown" id="ddnsdomainkeyname" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkeyname']);?>" /><br /> + <?=gettext("Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.");?><br /> + <input name="ddnsdomainkey" type="text" class="formfld unknown" id="ddnsdomainkey" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkey']);?>" /><br /> + <?=gettext("Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.");?> + </p> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> + <td width="78%" class="vtable"> + <div id="showntpbox"> + <input type="button" onclick="show_ntp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show NTP configuration");?> + </div> + <div id="showntp" style="display:none"> + <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="28" value="<?=htmlspecialchars($pconfig['ntp1']);?>" /><br /> + <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="28" value="<?=htmlspecialchars($pconfig['ntp2']);?>" /> + </div> + </td> + </tr> + <!-- ISC dhcpd does not support tftp for ipv6 yet. See redmine #2016 + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> + <td width="78%" class="vtable"> + <div id="showtftpbox"> + <input type="button" onclick="show_tftp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show TFTP configuration");?> + </div> + <div id="showtftp" style="display:none"> + <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>" /><br /> + <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> + </div> + </td> + </tr> + --> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("LDAP URI");?></td> + <td width="78%" class="vtable"> + <div id="showldapbox"> + <input type="button" onclick="show_ldap_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show LDAP configuration");?> + </div> + <div id="showldap" style="display:none"> + <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>" /><br /> + <?=gettext("Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Enable network booting");?></td> + <td width="78%" class="vtable"> + <div id="shownetbootbox"> + <input type="button" onclick="show_netboot_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Network booting");?> + </div> + <div id="shownetboot" style="display:none"> + <input style="vertical-align:middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if ($pconfig['netboot']) echo " checked=\"checked\""; ?> /> + <b><?=gettext("Enables network booting.");?></b> + <br/> + <?=gettext("Enter the Bootfile URL");?> + <input name="bootfile_url" type="text" class="formfld unknown" id="bootfile_url" size="28" value="<?=htmlspecialchars($pconfig['bootfile_url']);?>" /> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Additional BOOTP/DHCP Options");?></td> + <td width="78%" class="vtable"> + <div id="shownumbervaluebox"> + <input type="button" onclick="show_shownumbervalue()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Additional BOOTP/DHCP Options");?> + </div> + <div id="shownumbervalue" style="display:none"> + <table id="maintable" summary="bootp-dhcp options"> + <tbody> + <tr> + <td colspan="3"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + <?=gettext("Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this"); ?> <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank"><?=gettext("URL"); ?></a> + </div> + </td> + </tr> + <tr> + <td><div id="onecolumn"><?=gettext("Number");?></div></td> + <td><div id="twocolumn"><?=gettext("Value");?></div></td> + </tr> +<?php + $counter = 0; + if ($pconfig['numberoptions']): + foreach ($pconfig['numberoptions']['item'] as $item): + $number = $item['number']; + $value = $item['value']; +?> + <tr> + <td> + <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> + </td> + <td> + <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="55" value="<?=htmlspecialchars($value);?>" /> + </td> + <td> + <input type="image" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="<?=gettext("Delete");?>" /> + </td> + </tr> +<?php + $counter++; + endforeach; + endif; +?> + </tbody> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + //<![CDATA[ + field_counter_js = 2; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + //]]> + </script> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="if" type="hidden" value="<?=$if;?>" /> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <p> + <span class="vexpl"> + <span class="red"> + <strong> + <?=gettext("Note:");?><br /> + </strong> + </span> + <?=gettext("The DNS servers entered in"); ?> <a href="system.php"><?=gettext("System: General setup"); ?></a>\ + <?=gettext("(or the"); ?> <a href="services_dnsmasq.php"><?=gettext("DNS forwarder"); ?></a>, <?=gettext("if enabled)"); ?> + </span> + <span class="vexpl"> + <?=gettext("will be assigned to clients by the DHCP server."); ?><br /> + <br /> + <?=gettext("The DHCP lease table can be viewed on the"); ?> <a href="status_dhcpv6_leases.php"><?=gettext("Status: DHCPv6 leases"); ?></a> <?=gettext("page."); ?><br /> + </span> + </p> + </td> </tr> </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> - <td width="78%" class="vtable"> - <div id="showddnsbox"> - <input type="button" onclick="show_ddns_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Dynamic DNS");?> - </div> - <div id="showddns" style="display:none"> - <input style="vertical-align:middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked=\"checked\""; ?> /> - <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> - <p> - <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="28" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>" /><br /> - <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> - <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?><br /> - <input name="ddnsdomainprimary" type="text" class="formfld unknown" id="ddnsdomainprimary" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainprimary']);?>" /><br /> - <?=gettext("Enter the primary domain name server IP address for the dynamic domain name.");?><br /> - <input name="ddnsdomainkeyname" type="text" class="formfld unknown" id="ddnsdomainkeyname" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkeyname']);?>" /><br /> - <?=gettext("Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.");?><br /> - <input name="ddnsdomainkey" type="text" class="formfld unknown" id="ddnsdomainkey" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomainkey']);?>" /><br /> - <?=gettext("Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.");?> - </p> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> - <td width="78%" class="vtable"> - <div id="showntpbox"> - <input type="button" onclick="show_ntp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show NTP configuration");?> - </div> - <div id="showntp" style="display:none"> - <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="28" value="<?=htmlspecialchars($pconfig['ntp1']);?>" /><br /> - <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="28" value="<?=htmlspecialchars($pconfig['ntp2']);?>" /> - </div> - </td> - </tr> - <!-- ISC dhcpd does not support tftp for ipv6 yet. See redmine #2016 - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> - <td width="78%" class="vtable"> - <div id="showtftpbox"> - <input type="button" onclick="show_tftp_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show TFTP configuration");?> - </div> - <div id="showtftp" style="display:none"> - <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>" /><br /> - <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> - </div> - </td> - </tr> - --> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("LDAP URI");?></td> - <td width="78%" class="vtable"> - <div id="showldapbox"> - <input type="button" onclick="show_ldap_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show LDAP configuration");?> - </div> - <div id="showldap" style="display:none"> - <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>" /><br /> - <?=gettext("Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com");?> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Enable network booting");?></td> - <td width="78%" class="vtable"> - <div id="shownetbootbox"> - <input type="button" onclick="show_netboot_config()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Network booting");?> - </div> - <div id="shownetboot" style="display:none"> - <input style="vertical-align:middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked=\"checked\""; ?> /> - <b><?=gettext("Enables network booting.");?></b> - <br/> - <?=gettext("Enter the Bootfile URL");?> - <input name="bootfile_url" type="text" class="formfld unknown" id="bootfile_url" size="28" value="<?=htmlspecialchars($pconfig['bootfile_url']);?>" /> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Additional BOOTP/DHCP Options");?></td> - <td width="78%" class="vtable"> - <div id="shownumbervaluebox"> - <input type="button" onclick="show_shownumbervalue()" value="<?=gettext("Advanced");?>" /> - <?=gettext("Show Additional BOOTP/DHCP Options");?> - </div> - <div id="shownumbervalue" style="display:none"> - <table id="maintable" summary="bootp-dhcp options"> - <tbody> - <tr> - <td colspan="3"> - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> - <?=gettext("Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this"); ?> <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank"><?=gettext("URL"); ?></a> - </div> - </td> - </tr> - <tr> - <td><div id="onecolumn"><?=gettext("Number");?></div></td> - <td><div id="twocolumn"><?=gettext("Value");?></div></td> - </tr> - <?php $counter = 0; ?> - <?php - if($pconfig['numberoptions']) - foreach($pconfig['numberoptions']['item'] as $item): - ?> - <?php - $number = $item['number']; - $value = $item['value']; - ?> - <tr> - <td> - <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> - </td> - <td> - <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="55" value="<?=htmlspecialchars($value);?>" /> - </td> - <td> - <input type="image" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="<?=gettext("Delete");?>" /> - </td> - </tr> - <?php $counter++; ?> - <?php endforeach; ?> - </tbody> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="static mappings"> + <tr> + <td colspan="4" valign="top" class="listtopic"><?=gettext("DHCPv6 Static Mappings for this interface.");?></td> + <td> </td> + </tr> + <tr> + <td width="25%" class="listhdrr"><?=gettext("DUID");?></td> + <td width="15%" class="listhdrr"><?=gettext("IPv6 address");?></td> + <td width="20%" class="listhdrr"><?=gettext("Hostname");?></td> + <td width="30%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"> + <a href="services_dhcpv6_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> + </tr> +<?php + if (is_array($a_maps)): + $i = 0; + foreach ($a_maps as $mapent): + if ($mapent['duid'] <> "" or $mapent['ipaddrv6'] <> ""): +?> + <tr> + <td class="listlr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['duid']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['ipaddrv6']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['hostname']);?> + </td> + <td class="listbg" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="icons"> + <tr> + <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td> + <td valign="middle"><a href="services_dhcpv6.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> + </tr> + </table> + </td> + </tr> +<?php + endif; + $i++; + endforeach; + endif; +?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> </table> - <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> - <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> - </a> - <script type="text/javascript"> - //<![CDATA[ - field_counter_js = 2; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; - //]]> - </script> - </div> - - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="if" type="hidden" value="<?=$if;?>" /> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br /> - </strong></span><?=gettext("The DNS servers entered in"); ?> <a href="system.php"><?=gettext("System: " . - "General setup"); ?></a> <?=gettext("(or the"); ?> <a href="services_dnsmasq.php"><?=gettext("DNS " . - "forwarder"); ?></a>, <?=gettext("if enabled)"); ?> </span><span class="vexpl"><?=gettext("will " . - "be assigned to clients by the DHCP server."); ?><br /> - <br /> - <?=gettext("The DHCP lease table can be viewed on the"); ?> <a href="status_dhcpv6_leases.php"><?=gettext("Status: " . - "DHCPv6 leases"); ?></a> <?=gettext("page."); ?><br /> - </span></p> - </td> - </tr> - </table> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="static mappings"> - <tr> - <td colspan="4" valign="top" class="listtopic"><?=gettext("DHCPv6 Static Mappings for this interface.");?></td> - <td> </td> - </tr> - <tr> - <td width="25%" class="listhdrr"><?=gettext("DUID");?></td> - <td width="15%" class="listhdrr"><?=gettext("IPv6 address");?></td> - <td width="20%" class="listhdrr"><?=gettext("Hostname");?></td> - <td width="30%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php if(is_array($a_maps)): ?> - <?php $i = 0; foreach ($a_maps as $mapent): ?> - <?php if($mapent['duid'] <> "" or $mapent['ipaddrv6'] <> ""): ?> - <tr> - <td class="listlr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['duid']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['ipaddrv6']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['hostname']);?> - </td> - <td class="listbg" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['descr']);?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td> - <td valign="middle"><a href="services_dhcpv6.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> - </tr> - </table> - </td> - </tr> - <?php endif; ?> - <?php $i++; endforeach; ?> - <?php endif; ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> + </div> </td> - </tr> - </table> - </div> -</td> -</tr> + </tr> </table> </form> <script type="text/javascript"> diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index 76993e6..aea880d 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -1,24 +1,24 @@ -<?php +<?php /* $Id$ */ /* services_dhcpv6_edit.php part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -43,20 +43,20 @@ ##|-PRIV function staticmapcmp($a, $b) { - return ipcmp($a['ipaddrv6'], $b['ipaddrv6']); + return ipcmp($a['ipaddrv6'], $b['ipaddrv6']); } function staticmaps_sort($ifgui) { - global $g, $config; + global $g, $config; - usort($config['dhcpdv6'][$ifgui]['staticmap'], "staticmapcmp"); + usort($config['dhcpdv6'][$ifgui]['staticmap'], "staticmapcmp"); } require_once('globals.inc'); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_dhcpv6.php'); -if(!$g['services_dhcp_server_enable']) { +if (!$g['services_dhcp_server_enable']) { header("Location: /"); exit; } @@ -64,45 +64,51 @@ if(!$g['services_dhcp_server_enable']) { require("guiconfig.inc"); $if = $_GET['if']; -if ($_POST['if']) +if ($_POST['if']) { $if = $_POST['if']; - +} + if (!$if) { header("Location: services_dhcpv6.php"); exit; } -if (!is_array($config['dhcpdv6'])) +if (!is_array($config['dhcpdv6'])) { $config['dhcpdv6'] = array(); -if (!is_array($config['dhcpdv6'][$if])) +} +if (!is_array($config['dhcpdv6'][$if])) { $config['dhcpdv6'][$if] = array(); -if (!is_array($config['dhcpdv6'][$if]['staticmap'])) +} +if (!is_array($config['dhcpdv6'][$if]['staticmap'])) { $config['dhcpdv6'][$if]['staticmap'] = array(); +} -$netboot_enabled=isset($config['dhcpdv6'][$if]['netboot']); +$netboot_enabled = isset($config['dhcpdv6'][$if]['netboot']); $a_maps = &$config['dhcpdv6'][$if]['staticmap']; $ifcfgipv6 = get_interface_ipv6($if); $ifcfgsnv6 = get_interface_subnetv6($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_maps[$id]) { - $pconfig['duid'] = $a_maps[$id]['duid']; + $pconfig['duid'] = $a_maps[$id]['duid']; $pconfig['hostname'] = $a_maps[$id]['hostname']; - $pconfig['ipaddrv6'] = $a_maps[$id]['ipaddrv6']; + $pconfig['ipaddrv6'] = $a_maps[$id]['ipaddrv6']; $pconfig['filename'] = $a_maps[$id]['filename']; - $pconfig['rootpath'] = $a_maps[$id]['rootpath']; - $pconfig['descr'] = $a_maps[$id]['descr']; + $pconfig['rootpath'] = $a_maps[$id]['rootpath']; + $pconfig['descr'] = $a_maps[$id]['descr']; } else { - $pconfig['duid'] = $_GET['duid']; + $pconfig['duid'] = $_GET['duid']; $pconfig['hostname'] = $_GET['hostname']; $pconfig['filename'] = $_GET['filename']; - $pconfig['rootpath'] = $a_maps[$id]['rootpath']; - $pconfig['descr'] = $_GET['descr']; + $pconfig['rootpath'] = $a_maps[$id]['rootpath']; + $pconfig['descr'] = $_GET['descr']; } if ($_POST) { @@ -113,13 +119,14 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "duid"); $reqdfieldsn = array(gettext("DUID")); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['hostname']) { preg_match("/\-\$/", $_POST['hostname'], $matches); - if($matches) - $input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952"); + if ($matches) { + $input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952"); + } if (!is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } else { @@ -134,18 +141,19 @@ if ($_POST) { if (empty($_POST['duid'])) { $input_errors[] = gettext("A valid DUID must be specified."); } - + /* check for overlaps */ foreach ($a_maps as $mapent) { - if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent)) + if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent)) { continue; + } if ((($mapent['hostname'] == $_POST['hostname']) && $mapent['hostname']) || ($mapent['duid'] == $_POST['duid'])) { $input_errors[] = gettext("This Hostname, IP or DUID already exists."); break; } } - + /* make sure it's not within the dynamic subnet */ if ($_POST['ipaddrv6']) { /* oh boy, we need to be able to somehow do this at some point. skip */ @@ -160,20 +168,23 @@ if ($_POST) { $mapent['filename'] = $_POST['filename']; $mapent['rootpath'] = $_POST['rootpath']; - if (isset($id) && $a_maps[$id]) + if (isset($id) && $a_maps[$id]) { $a_maps[$id] = $mapent; - else + } else { $a_maps[] = $mapent; + } staticmaps_sort($if); - + write_config(); - if(isset($config['dhcpdv6'][$if]['enable'])) { + if (isset($config['dhcpdv6'][$if]['enable'])) { mark_subsystem_dirty('staticmaps'); - if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) + if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { mark_subsystem_dirty('hosts'); - if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) + } + if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { mark_subsystem_dirty('unbound'); + } } @@ -182,7 +193,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Services"),gettext("DHCPv6"),gettext("Edit static mapping")); +$pgtitle = array(gettext("Services"), gettext("DHCPv6"), gettext("Edit static mapping")); $shortcut_section = "dhcp6"; include("head.inc"); @@ -192,69 +203,77 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="services_dhcpv6_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="static mapping"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Static DHCPv6 Mapping");?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("DUID");?></td> - <td width="78%" class="vtable"> - <input name="duid" type="text" class="formfld unknown" id="duid" size="40" value="<?=htmlspecialchars($pconfig['duid']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Enter a DUID in the following format: ");?><br /> +<form action="services_dhcpv6_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="static mapping"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Static DHCPv6 Mapping");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("DUID");?></td> + <td width="78%" class="vtable"> + <input name="duid" type="text" class="formfld unknown" id="duid" size="40" value="<?=htmlspecialchars($pconfig['duid']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter a DUID in the following format: ");?><br /> "DUID-LLT - ETH -- TIME --- ---- address ----" <br /> -"xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 address");?></td> - <td width="78%" class="vtable"> - <input name="ipaddrv6" type="text" class="formfld unknown" id="ipaddrv6" size="28" value="<?=htmlspecialchars($pconfig['ipaddrv6']);?>" /> - <br /> - <?=gettext("If an IPv6 address is entered, the address must be outside of the pool.");?> - <br /> - <?=gettext("If no IPv6 address is given, one will be dynamically allocated from the pool.");?> +"xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"</span> </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Hostname");?></td> - <td width="78%" class="vtable"> - <input name="hostname" type="text" class="formfld unknown" id="hostname" size="28" value="<?=htmlspecialchars($pconfig['hostname']);?>" /> - <br /> <span class="vexpl"><?=gettext("Name of the host, without domain part.");?></span></td> - </tr> - <?php if($netboot_enabled) { ?> + </tr> <tr> - <td width="22%" valign="top" class="vncell">Netboot filename</td> - <td width="78%" class="vtable"> - <input name="filename" type="text" class="formfld unknown" id="filename" size="28" value="<?=htmlspecialchars($pconfig['filename']);?>" /> - <br /> <span class="vexpl">Name of the file that should be loaded when this host boots off of the network, overrides setting on main page.</span></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 address");?></td> + <td width="78%" class="vtable"> + <input name="ipaddrv6" type="text" class="formfld unknown" id="ipaddrv6" size="28" value="<?=htmlspecialchars($pconfig['ipaddrv6']);?>" /> + <br /> + <?=gettext("If an IPv6 address is entered, the address must be outside of the pool.");?> + <br /> + <?=gettext("If no IPv6 address is given, one will be dynamically allocated from the pool.");?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Root Path</td> - <td width="78%" class="vtable"> - <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?>, overrides setting on main page.</span></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Hostname");?></td> + <td width="78%" class="vtable"> + <input name="hostname" type="text" class="formfld unknown" id="hostname" size="28" value="<?=htmlspecialchars($pconfig['hostname']);?>" /> + <br /> <span class="vexpl"><?=gettext("Name of the host, without domain part.");?></span> + </td> + </tr> +<?php + if ($netboot_enabled) { +?> + <tr> + <td width="22%" valign="top" class="vncell">Netboot filename</td> + <td width="78%" class="vtable"> + <input name="filename" type="text" class="formfld unknown" id="filename" size="28" value="<?=htmlspecialchars($pconfig['filename']);?>" /> + <br /> <span class="vexpl">Name of the file that should be loaded when this host boots off of the network, overrides setting on main page.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Root Path</td> + <td width="78%" class="vtable"> + <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>" /> + <br /> <span class="vexpl"><?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?>, overrides setting on main page.</span> + </td> + </tr> +<?php + } +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed).");?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_maps[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>" /> + </td> </tr> - <?php } ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here ". - "for your reference (not parsed).");?></span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_maps[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>" /> - </td> - </tr> - </table> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/services_dhcpv6_relay.php b/usr/local/www/services_dhcpv6_relay.php index 6b6ebe1..c6e5daf 100644 --- a/usr/local/www/services_dhcpv6_relay.php +++ b/usr/local/www/services_dhcpv6_relay.php @@ -43,10 +43,11 @@ require("guiconfig.inc"); $pconfig['enable'] = isset($config['dhcrelay6']['enable']); -if (empty($config['dhcrelay6']['interface'])) +if (empty($config['dhcrelay6']['interface'])) { $pconfig['interface'] = array(); -else +} else { $pconfig['interface'] = explode(",", $config['dhcrelay6']['interface']); +} $pconfig['server'] = $config['dhcrelay6']['server']; $pconfig['agentoption'] = isset($config['dhcrelay6']['agentoption']); @@ -58,7 +59,7 @@ $iflist = get_configured_interface_with_descr(); */ $dhcpd_enabled = false; if (is_array($config['dhcpdv6'])) { - foreach($config['dhcpdv6'] as $dhcp) { + foreach ($config['dhcpdv6'] as $dhcp) { if (isset($dhcp['enable']) && isset($config['interfaces'][$dhcpif]['enable'])) { $dhcpd_enabled = true; break; @@ -81,8 +82,9 @@ if ($_POST) { if ($_POST['server']) { $checksrv = explode(",", $_POST['server']); foreach ($checksrv as $srv) { - if (!is_ipaddrv6($srv)) - $input_errors[] = gettext("A valid Destination Server IPv6 address must be specified."); + if (!is_ipaddrv6($srv)) { + $input_errors[] = gettext("A valid Destination Server IPv6 address must be specified."); + } } } } @@ -98,12 +100,11 @@ if ($_POST) { $retval = 0; $retval = services_dhcrelay6_configure(); $savemsg = get_std_save_message($retval); - } } $closehead = false; -$pgtitle = array(gettext("Services"),gettext("DHCPv6 Relay")); +$pgtitle = array(gettext("Services"), gettext("DHCPv6 Relay")); $shortcut_section = "dhcp6"; include("head.inc"); @@ -133,73 +134,76 @@ function enable_change(enable_over) { <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="dhcpv6 relay"> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> -<?php + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> + <tr> +<?php if ($dhcpd_enabled) { echo "<td>DHCPv6 Server is currently enabled. Cannot enable the DHCPv6 Relay service while the DHCPv6 Server is enabled on any interface."; - echo "</td></tr></table></div></td></tr></table></form>"; - include("fend.inc"); - echo "</body></html>"; - exit; - } + echo "</td></tr></table></div></td></tr></table></form>"; + include("fend.inc"); + echo "</body></html>"; + exit; + } ?> - <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCPv6 Relay configuration"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Enable</td> - <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> - <strong><?php printf(gettext("Enable DHCPv6 relay on interface"));?></strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Interface(s)</td> - <td width="78%" class="vtable"> - <select id="interface" name="interface[]" multiple="multiple" class="formselect" size="3"> - <?php - foreach ($iflist as $ifent => $ifdesc) { - if (!is_ipaddrv6(get_interface_ipv6($ifent))) - continue; - echo "<option value=\"{$ifent}\""; - if (in_array($ifent, $pconfig['interface'])) - echo " selected=\"selected\""; - echo ">{$ifdesc}</option>\n"; - } - ?> - </select> - <br /><?=gettext("Interfaces without an IPv6 address will not be shown."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> -<input name="agentoption" type="checkbox" value="yes" <?php if ($pconfig['agentoption']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Append circuit ID and agent ID to requests"); ?></strong><br /> - <?php printf(gettext("If this is checked, the DHCPv6 relay will append the circuit ID (%s interface number) and the agent ID to the DHCPv6 request."), $g['product_name']); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Destination server");?></td> - <td width="78%" class="vtable"> - <input name="server" type="text" class="formfld unknown" id="server" size="20" value="<?=htmlspecialchars($pconfig['server']);?>" /> - <br /> - <?=gettext("This is the IPv6 address of the server to which DHCPv6 requests are relayed. You can enter multiple server IPv6 addresses, separated by commas. ");?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> - </td> - </tr> - </table> - </div> - </td> - </tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCPv6 Relay configuration"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Enable</td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\""; ?> onclick="enable_change(false)" /> + <strong><?php printf(gettext("Enable DHCPv6 relay on interface"));?></strong> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Interface(s)</td> + <td width="78%" class="vtable"> + <select id="interface" name="interface[]" multiple="multiple" class="formselect" size="3"> + <?php + foreach ($iflist as $ifent => $ifdesc) { + if (!is_ipaddrv6(get_interface_ipv6($ifent))) { + continue; + } + echo "<option value=\"{$ifent}\""; + if (in_array($ifent, $pconfig['interface'])) { + echo " selected=\"selected\""; + } + echo ">{$ifdesc}</option>\n"; + } + ?> + </select> + <br /><?=gettext("Interfaces without an IPv6 address will not be shown."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="agentoption" type="checkbox" value="yes" <?php if ($pconfig['agentoption']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Append circuit ID and agent ID to requests"); ?></strong><br /> + <?php printf(gettext("If this is checked, the DHCPv6 relay will append the circuit ID (%s interface number) and the agent ID to the DHCPv6 request."), $g['product_name']); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Destination server");?></td> + <td width="78%" class="vtable"> + <input name="server" type="text" class="formfld unknown" id="server" size="20" value="<?=htmlspecialchars($pconfig['server']);?>" /> + <br /> + <?=gettext("This is the IPv6 address of the server to which DHCPv6 requests are relayed. You can enter multiple server IPv6 addresses, separated by commas. ");?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)" /> + </td> + </tr> + </table> + </div> + </td> + </tr> </table> </form> <script type="text/javascript"> diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php index a758a48..638eeff 100644 --- a/usr/local/www/services_dnsmasq.php +++ b/usr/local/www/services_dnsmasq.php @@ -57,17 +57,19 @@ $pconfig['port'] = $config['dnsmasq']['port']; $pconfig['custom_options'] = $config['dnsmasq']['custom_options']; $pconfig['strictbind'] = isset($config['dnsmasq']['strictbind']); -if (!empty($config['dnsmasq']['interface'])) +if (!empty($config['dnsmasq']['interface'])) { $pconfig['interface'] = explode(",", $config['dnsmasq']['interface']); -else +} else { $pconfig['interface'] = array(); +} -if (!is_array($config['dnsmasq']['hosts'])) +if (!is_array($config['dnsmasq']['hosts'])) { $config['dnsmasq']['hosts'] = array(); +} -if (!is_array($config['dnsmasq']['domainoverrides'])) +if (!is_array($config['dnsmasq']['domainoverrides'])) { $config['dnsmasq']['domainoverrides'] = array(); - +} $a_hosts = &$config['dnsmasq']['hosts']; $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; @@ -88,30 +90,36 @@ if ($_POST) { $config['dnsmasq']['strictbind'] = ($_POST['strictbind']) ? true : false; if (isset($_POST['enable']) && isset($config['unbound']['enable'])) { - if ($_POST['port'] == $config['unbound']['port']) + if ($_POST['port'] == $config['unbound']['port']) { $input_errors[] = "The DNS Resolver is enabled using this port. Choose a non-conflicting port, or disable DNS Resolver."; + } } - - if ($_POST['port']) - if(is_port($_POST['port'])) + + if ($_POST['port']) { + if (is_port($_POST['port'])) { $config['dnsmasq']['port'] = $_POST['port']; - else + } else { $input_errors[] = gettext("You must specify a valid port number"); - else if (isset($config['dnsmasq']['port'])) + } + } else if (isset($config['dnsmasq']['port'])) { unset($config['dnsmasq']['port']); + } - if (is_array($_POST['interface'])) + if (is_array($_POST['interface'])) { $config['dnsmasq']['interface'] = implode(",", $_POST['interface']); - elseif (isset($config['dnsmasq']['interface'])) + } elseif (isset($config['dnsmasq']['interface'])) { unset($config['dnsmasq']['interface']); + } if ($config['dnsmasq']['custom_options']) { $args = ''; - foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) + foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) { $args .= escapeshellarg("--{$c}") . " "; + } exec("/usr/local/sbin/dnsmasq --test $args", $output, $rc); - if ($rc != 0) + if ($rc != 0) { $input_errors[] = gettext("Invalid custom options"); + } } if (!$input_errors) { @@ -121,15 +129,16 @@ if ($_POST) { $retval = services_dnsmasq_configure(); $savemsg = get_std_save_message($retval); - // Relaod filter (we might need to sync to CARP hosts) + // Reload filter (we might need to sync to CARP hosts) filter_configure(); /* Update resolv.conf in case the interface bindings exclude localhost. */ system_resolvconf_generate(); /* Start or restart dhcpleases when it's necessary */ system_dhcpleases_configure(); - if ($retval == 0) + if ($retval == 0) { clear_subsystem_dirty('hosts'); + } } } @@ -155,7 +164,7 @@ if ($_GET['act'] == "del") { } $closehead = false; -$pgtitle = array(gettext("Services"),gettext("DNS forwarder")); +$pgtitle = array(gettext("Services"), gettext("DNS forwarder")); $shortcut_section = "forwarder"; include("head.inc"); @@ -192,82 +201,109 @@ function show_advanced_dns() { </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Enable");?></td> - <td width="78%" class="vtable"><p> - <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked=\"checked\"";?> onclick="enable_change(false)" /> - <strong><?=gettext("Enable DNS forwarder");?><br /> - </strong></p></td> - </tr> + <td width="78%" class="vtable"> + <p> + <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked=\"checked\"";?> onclick="enable_change(false)" /> + <strong> + <?=gettext("Enable DNS forwarder");?><br /> + </strong> + </p> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("DHCP Registration");?></td> - <td width="78%" class="vtable"><p> - <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br /> - </strong><?php printf(gettext("If this option is set, then machines that specify". - " their hostname when requesting a DHCP lease will be registered". - " in the DNS forwarder, so that their name can be resolved.". - " You should also set the domain in %sSystem:". - " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p> + <td width="78%" class="vtable"> + <p> + <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked=\"checked\"";?> /> + <strong> + <?=gettext("Register DHCP leases in DNS forwarder");?><br /> + </strong> + <?php printf(gettext("If this option is set, then machines that specify". + " their hostname when requesting a DHCP lease will be registered". + " in the DNS forwarder, so that their name can be resolved.". + " You should also set the domain in %sSystem:". + " General setup%s to the proper value."),'<a href="system.php">','</a>')?> + </p> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Static DHCP");?></td> - <td width="78%" class="vtable"><p> - <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br /> - </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ". + <td width="78%" class="vtable"> + <p> + <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked=\"checked\"";?> /> + <strong> + <?=gettext("Register DHCP static mappings in DNS forwarder");?><br /> + </strong> + <?php printf(gettext("If this option is set, then DHCP static mappings will ". "be registered in the DNS forwarder, so that their name can be ". "resolved. You should also set the domain in %s". - "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p> + "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?> + </p> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Prefer DHCP");?></td> - <td width="78%" class="vtable"><p> - <input name="dhcpfirst" type="checkbox" id="dhcpfirst" value="yes" <?php if ($pconfig['dhcpfirst'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Resolve DHCP mappings first");?><br /> - </strong><?php printf(gettext("If this option is set, then DHCP mappings will ". + <td width="78%" class="vtable"> + <p> + <input name="dhcpfirst" type="checkbox" id="dhcpfirst" value="yes" <?php if ($pconfig['dhcpfirst'] == "yes") echo "checked=\"checked\"";?> /> + <strong> + <?=gettext("Resolve DHCP mappings first");?><br /> + </strong> + <?php printf(gettext("If this option is set, then DHCP mappings will ". "be resolved before the manual list of names below. This only ". - "affects the name given for a reverse lookup (PTR)."));?></p> + "affects the name given for a reverse lookup (PTR)."));?> + </p> </td> </tr> <tr> <td rowspan="3" width="22%" valign="top" class="vncellreq"><?=gettext("DNS Query Forwarding");?></td> - <td width="78%" class="vtable"><p> - <input name="strict_order" type="checkbox" id="strict_order" value="yes" <?php if ($pconfig['strict_order'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Query DNS servers sequentially");?><br /> - </strong><?php printf(gettext("If this option is set, %s DNS Forwarder (dnsmasq) will ". + <td width="78%" class="vtable"> + <p> + <input name="strict_order" type="checkbox" id="strict_order" value="yes" <?php if ($pconfig['strict_order'] == "yes") echo "checked=\"checked\"";?> /> + <strong> + <?=gettext("Query DNS servers sequentially");?><br /> + </strong> + <?php printf(gettext("If this option is set, %s DNS Forwarder (dnsmasq) will ". "query the DNS servers sequentially in the order specified (<i>System - General Setup - DNS Servers</i>), ". - "rather than all at once in parallel. ". - ""), $g['product_name']); ?></p> + "rather than all at once in parallel. "), $g['product_name']); ?> + </p> </td> </tr> <tr> - <td width="78%" class="vtable"><p> - <input name="domain_needed" type="checkbox" id="domain_needed" value="yes" <?php if ($pconfig['domain_needed'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Require domain");?><br /> - </strong><?php printf(gettext("If this option is set, %s DNS Forwarder (dnsmasq) will ". + <td width="78%" class="vtable"> + <p> + <input name="domain_needed" type="checkbox" id="domain_needed" value="yes" <?php if ($pconfig['domain_needed'] == "yes") echo "checked=\"checked\"";?> /> + <strong> + <?=gettext("Require domain");?><br /> + </strong> + <?php printf(gettext("If this option is set, %s DNS Forwarder (dnsmasq) will ". "not forward A or AAAA queries for plain names, without dots or domain parts, to upstream name servers. ". - "If the name is not known from /etc/hosts or DHCP then a \"not found\" answer is returned. ". - ""), $g['product_name']); ?></p> + "If the name is not known from /etc/hosts or DHCP then a \"not found\" answer is returned. "), $g['product_name']); ?> + </p> </td> </tr> <tr> - <td width="78%" class="vtable"><p> - <input name="no_private_reverse" type="checkbox" id="no_private_reverse" value="yes" <?php if ($pconfig['no_private_reverse'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Do not forward private reverse lookups");?><br /> - </strong><?php printf(gettext("If this option is set, %s DNS Forwarder (dnsmasq) will ". + <td width="78%" class="vtable"> + <p> + <input name="no_private_reverse" type="checkbox" id="no_private_reverse" value="yes" <?php if ($pconfig['no_private_reverse'] == "yes") echo "checked=\"checked\"";?> /> + <strong> + <?=gettext("Do not forward private reverse lookups");?><br /> + </strong> + <?php printf(gettext("If this option is set, %s DNS Forwarder (dnsmasq) will ". "not forward reverse DNS lookups (PTR) for private addresses (RFC 1918) to upstream name servers. ". "Any entries in the Domain Overrides section forwarding private \"n.n.n.in-addr.arpa\" names to a specific server are still forwarded. ". - "If the IP to name is not known from /etc/hosts, DHCP or a specific domain override then a \"not found\" answer is immediately returned. ". - ""), $g['product_name']); ?></p> + "If the IP to name is not known from /etc/hosts, DHCP or a specific domain override then a \"not found\" answer is immediately returned. "), $g['product_name']); ?> + </p> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Listen Port");?></td> - <td width="78%" class="vtable"><p> - <input name="port" type="text" id="port" size="6" <?php if ($pconfig['port']) echo "value=\"{$pconfig['port']}\"";?> /> - <br /><br /> - <?=gettext("The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.");?></p> + <td width="78%" class="vtable"> + <p> + <input name="port" type="text" id="port" size="6" <?php if ($pconfig['port']) echo "value=\"{$pconfig['port']}\"";?> /> + <br /><br /> + <?=gettext("The port used for responding to DNS queries. It should normally be left blank unless another service needs to bind to TCP/UDP port 53.");?> + </p> </td> </tr> <tr> @@ -280,29 +316,33 @@ function show_advanced_dns() { <br /><br /> <select id="interface" name="interface[]" multiple="multiple" class="formselect" size="5"> <option value="" <?php if (empty($pconfig['interface']) || empty($pconfig['interface'][0])) echo 'selected="selected"'; ?>>All</option> - <?php foreach ($interface_addresses as $laddr => $ldescr): + <?php + foreach ($interface_addresses as $laddr => $ldescr): $selected = ""; - if (in_array($laddr, $pconfig['interface'])) + if (in_array($laddr, $pconfig['interface'])) { $selected = 'selected="selected"'; + } ?> <option value="<?=$laddr;?>" <?=$selected;?>> <?=htmlspecialchars($ldescr);?> </option> - <?php endforeach; - unset($interface_addresses); + <?php + endforeach; + unset($interface_addresses); ?> </select> <br /><br /> </td> </tr> <tr> - <td width="78%" class="vtable"><p> - <input name="strictbind" type="checkbox" id="strictbind" value="yes" <?php if ($pconfig['strictbind'] == "yes") echo "checked=\"checked\"";?> /> - <strong><?=gettext("Strict Interface Binding");?></strong> - <br /> - <?= gettext("If this option is set, the DNS forwarder will only bind to the interfaces containing the IP addresses selected above, rather than binding to all interfaces and discarding queries to other addresses."); ?> - <br /><br /> - <?= gettext("NOTE: This option does NOT work with IPv6. If set, dnsmasq will not bind to IPv6 addresses."); ?> + <td width="78%" class="vtable"> + <p> + <input name="strictbind" type="checkbox" id="strictbind" value="yes" <?php if ($pconfig['strictbind'] == "yes") echo "checked=\"checked\"";?> /> + <strong><?=gettext("Strict Interface Binding");?></strong> + <br /> + <?= gettext("If this option is set, the DNS forwarder will only bind to the interfaces containing the IP addresses selected above, rather than binding to all interfaces and discarding queries to other addresses."); ?> + <br /><br /> + <?= gettext("NOTE: This option does NOT work with IPv6. If set, dnsmasq will not bind to IPv6 addresses."); ?> </p> </td> </tr> @@ -326,31 +366,39 @@ function show_advanced_dns() { </tr> </table> -<p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br /> -</strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP". -" service (if enabled) will automatically serve the LAN IP". -" address as a DNS server to DHCP clients so they will use". -" the forwarder. The DNS forwarder will use the DNS servers". -" entered in %sSystem: General setup%s". -" or those obtained via DHCP or PPP on WAN if the "Allow". -" DNS server list to be overridden by DHCP/PPP on WAN"". -" is checked. If you don't use that option (or if you use". -" a static IP address on WAN), you must manually specify at". -" least one DNS server on the %sSystem:". -"General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br /> -</span></p> +<p> + <span class="vexpl"> + <span class="red"> + <strong> + <?=gettext("Note:");?><br /> + </strong> + </span> + <?php printf(gettext("If the DNS forwarder is enabled, the DHCP". + " service (if enabled) will automatically serve the LAN IP". + " address as a DNS server to DHCP clients so they will use". + " the forwarder. The DNS forwarder will use the DNS servers". + " entered in %sSystem: General setup%s". + " or those obtained via DHCP or PPP on WAN if the "Allow". + " DNS server list to be overridden by DHCP/PPP on WAN"". + " is checked. If you don't use that option (or if you use". + " a static IP address on WAN), you must manually specify at". + " least one DNS server on the %sSystem:". + "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br /> + </span> +</p> <br /> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont" summary="host overrides"> -<tr> - <td colspan="5" valign="top" class="listtopic"><?=gettext("Host Overrides");?></td> -</tr> -<tr> - <td><br /> - <?=gettext("Entries in this section override individual results from the forwarders.");?> - <?=gettext("Use these for changing DNS results or for adding custom DNS records.");?> - </td> -</tr> + <tr> + <td colspan="5" valign="top" class="listtopic"><?=gettext("Host Overrides");?></td> + </tr> + <tr> + <td> + <br /> + <?=gettext("Entries in this section override individual results from the forwarders.");?> + <?=gettext("Use these for changing DNS results or for adding custom DNS records.");?> + </td> + </tr> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont sortable" summary="results"> <thead> @@ -363,7 +411,9 @@ function show_advanced_dns() { <table border="0" cellspacing="0" cellpadding="1" summary="icons"> <tr> <td width="17"></td> - <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + <td valign="middle"> + <a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> </tr> </table> </td> @@ -376,14 +426,19 @@ function show_advanced_dns() { <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> <td width="17"></td> - <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + <td valign="middle"> + <a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> </tr> </table> </td> </tr> </tfoot> <tbody> - <?php $i = 0; foreach ($a_hosts as $hostent): ?> +<?php + $i = 0; + foreach ($a_hosts as $hostent): +?> <tr> <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> <?=strtolower($hostent['host']);?> @@ -401,12 +456,17 @@ function show_advanced_dns() { <table border="0" cellspacing="0" cellpadding="1" summary="icons"> <tr> <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td> - <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> + <td> + <a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a> + </td> </tr> </table> + </td> </tr> - <?php if ($hostent['aliases']['item'] && is_array($hostent['aliases']['item'])): ?> - <?php foreach ($hostent['aliases']['item'] as $alias): ?> +<?php + if ($hostent['aliases']['item'] && is_array($hostent['aliases']['item'])): + foreach ($hostent['aliases']['item'] as $alias): +?> <tr> <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> <?=strtolower($alias['host']);?> @@ -424,21 +484,30 @@ function show_advanced_dns() { <a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a> </td> </tr> - <?php endforeach; ?> - <?php endif; ?> - <?php $i++; endforeach; ?> - <tr style="display:none"><td></td></tr> +<?php + endforeach; + endif; + $i++; + endforeach; +?> + <tr style="display:none"> + <td></td> + </tr> </tbody> </table> <br /> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont" summary="domain overrides"> -<tr> - <td colspan="5" valign="top" class="listtopic"><?=gettext("Domain Overrides");?></td> -</tr> -<tr> - <td><p><?=gettext("Entries in this area override an entire domain, and subdomains, by specifying an". - " authoritative DNS server to be queried for that domain.");?></p></td> -</tr> + <tr> + <td colspan="5" valign="top" class="listtopic"><?=gettext("Domain Overrides");?></td> + </tr> + <tr> + <td> + <p> + <?=gettext("Entries in this area override an entire domain, and subdomains, by specifying an". + " authoritative DNS server to be queried for that domain.");?> + </p> + </td> + </tr> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont sortable" summary="results"> <thead> @@ -450,7 +519,9 @@ function show_advanced_dns() { <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> <td width="17" height="17"></td> - <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + <td> + <a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> </tr> </table> </td> @@ -460,17 +531,22 @@ function show_advanced_dns() { <tr> <td class="list" colspan="3"></td> <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17" height="17"></td> - <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17" height="17"></td> + <td> + <a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> </td> </tr> </tfoot> <tbody> - <?php $i = 0; foreach ($a_domainOverrides as $doment): ?> +<?php + $i = 0; + foreach ($a_domainOverrides as $doment): +?> <tr> <td class="listlr"> <?=strtolower($doment['domain']);?> @@ -481,11 +557,18 @@ function show_advanced_dns() { <td class="listbg"> <?=htmlspecialchars($doment['descr']);?> </td> - <td valign="middle" class="list nowrap"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a> - <a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td> + <td valign="middle" class="list nowrap"> + <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a> + <a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> +<?php + $i++; + endforeach; +?> + <tr style="display:none"> + <td></td> </tr> - <?php $i++; endforeach; ?> - <tr style="display:none"><td></td></tr> </tbody> </table> </form> diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php index d2c3181..b992019 100644 --- a/usr/local/www/services_dnsmasq_domainoverride_edit.php +++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php @@ -44,82 +44,84 @@ require("guiconfig.inc"); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_dnsmasq.php'); if (!is_array($config['dnsmasq']['domainoverrides'])) { - $config['dnsmasq']['domainoverrides'] = array(); + $config['dnsmasq']['domainoverrides'] = array(); } $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_domainOverrides[$id]) { - $pconfig['domain'] = $a_domainOverrides[$id]['domain']; - if (is_ipaddr($a_domainOverrides[$id]['ip']) && ($a_domainOverrides[$id]['ip'] != '#')) { - $pconfig['ip'] = $a_domainOverrides[$id]['ip']; - } - else { - $dnsmasqpieces = explode('@', $a_domainOverrides[$id]['ip'], 2); - $pconfig['ip'] = $dnsmasqpieces[0]; - $pconfig['dnssrcip'] = $dnsmasqpieces[1]; - } - $pconfig['descr'] = $a_domainOverrides[$id]['descr']; + $pconfig['domain'] = $a_domainOverrides[$id]['domain']; + if (is_ipaddr($a_domainOverrides[$id]['ip']) && ($a_domainOverrides[$id]['ip'] != '#')) { + $pconfig['ip'] = $a_domainOverrides[$id]['ip']; + } else { + $dnsmasqpieces = explode('@', $a_domainOverrides[$id]['ip'], 2); + $pconfig['ip'] = $dnsmasqpieces[0]; + $pconfig['dnssrcip'] = $dnsmasqpieces[1]; + } + $pconfig['descr'] = $a_domainOverrides[$id]['descr']; } if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "domain ip"); - $reqdfieldsn = array(gettext("Domain"),gettext("IP address")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - function String_Begins_With($needle, $haystack) { - return (substr($haystack, 0, strlen($needle))==$needle); - } - - if (String_Begins_With(_msdcs, $_POST['domain'])) { - $subdomainstr = substr($_POST['domain'], 7); - if ($subdomainstr && !is_domain($subdomainstr)) { - $input_errors[] = gettext("A valid domain must be specified after _msdcs."); - } - } - elseif ($_POST['domain'] && !is_domain($_POST['domain'])) { - $input_errors[] = gettext("A valid domain must be specified."); - } - if ($_POST['ip'] && !is_ipaddr($_POST['ip']) && ($_POST['ip'] != '#') && ($_POST['ip'] != '!')) { - $input_errors[] = gettext("A valid IP address must be specified, or # for an exclusion or ! to not forward at all."); - } - if ($_POST['dnssrcip'] && !in_array($_POST['dnssrcip'], get_configured_ip_addresses())) { - $input_errors[] = gettext("An interface IP address must be specified for the DNS query source."); - } - if (!$input_errors) { - $doment = array(); - $doment['domain'] = $_POST['domain']; - if (empty($_POST['dnssrcip'])) - $doment['ip'] = $_POST['ip']; - else - $doment['ip'] = $_POST['ip'] . "@" . $_POST['dnssrcip']; - $doment['descr'] = $_POST['descr']; - - if (isset($id) && $a_domainOverrides[$id]) - $a_domainOverrides[$id] = $doment; - else - $a_domainOverrides[] = $doment; - - $retval = services_dnsmasq_configure(); - - write_config(); - - header("Location: services_dnsmasq.php"); - exit; - } + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "domain ip"); + $reqdfieldsn = array(gettext("Domain"), gettext("IP address")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + function String_Begins_With($needle, $haystack) { + return (substr($haystack, 0, strlen($needle)) == $needle); + } + + if (String_Begins_With(_msdcs, $_POST['domain'])) { + $subdomainstr = substr($_POST['domain'], 7); + if ($subdomainstr && !is_domain($subdomainstr)) { + $input_errors[] = gettext("A valid domain must be specified after _msdcs."); + } + } elseif ($_POST['domain'] && !is_domain($_POST['domain'])) { + $input_errors[] = gettext("A valid domain must be specified."); + } + if ($_POST['ip'] && !is_ipaddr($_POST['ip']) && ($_POST['ip'] != '#') && ($_POST['ip'] != '!')) { + $input_errors[] = gettext("A valid IP address must be specified, or # for an exclusion or ! to not forward at all."); + } + if ($_POST['dnssrcip'] && !in_array($_POST['dnssrcip'], get_configured_ip_addresses())) { + $input_errors[] = gettext("An interface IP address must be specified for the DNS query source."); + } + if (!$input_errors) { + $doment = array(); + $doment['domain'] = $_POST['domain']; + if (empty($_POST['dnssrcip'])) { + $doment['ip'] = $_POST['ip']; + } else { + $doment['ip'] = $_POST['ip'] . "@" . $_POST['dnssrcip']; + } + $doment['descr'] = $_POST['descr']; + + if (isset($id) && $a_domainOverrides[$id]) { + $a_domainOverrides[$id] = $doment; + } else { + $a_domainOverrides[] = $doment; + } + + $retval = services_dnsmasq_configure(); + + write_config(); + + header("Location: services_dnsmasq.php"); + exit; + } } -$pgtitle = array(gettext("Services"),gettext("DNS forwarder"),gettext("Edit Domain Override")); +$pgtitle = array(gettext("Services"), gettext("DNS forwarder"), gettext("Edit Domain Override")); $shortcut_section = "forwarder"; include("head.inc"); @@ -128,47 +130,62 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="services_dnsmasq_domainoverride_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="domain override"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Domain");?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="domain" type="text" class="formfld unknown" id="domain" size="40" value="<?=htmlspecialchars($pconfig['domain']);?>" /> - <br /> <span class="vexpl"><?=gettext("Domain to override (NOTE: this does not have to be a valid TLD!)"); ?><br /> - <?=gettext("e.g."); ?> <em><?=gettext("test"); ?></em> <?=gettext("or"); ?> <em>mycompany.localdomain</em> <?=gettext("or"); ?> <em>1.168.192.in-addr.arpa</em> </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("IP address");?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="40" value="<?=htmlspecialchars($pconfig['ip']);?>" /> - <br /> <span class="vexpl"><?=gettext("IP address of the authoritative DNS server for this domain"); ?><br /> - <?=gettext("e.g."); ?> <em>192.168.100.100</em><br /><?=gettext("Or enter # for an exclusion to pass through this host/subdomain to standard nameservers instead of a previous override."); ?><br /><?=gettext("Or enter ! for lookups for this host/subdomain to NOT be forwarded anywhere."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Source IP");?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="dnssrcip" type="text" class="formfld unknown" id="dnssrcip" size="40" value="<?=htmlspecialchars($pconfig['dnssrcip']);?>" /> - <br /> <span class="vexpl"><?=gettext("Source IP address for queries to the DNS server for the override domain."); ?><br /> - <?=gettext("Leave blank unless your DNS server is accessed through a VPN tunnel."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here". - " for your reference (not parsed).");?></span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_domainOverrides[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> - </table> +<form action="services_dnsmasq_domainoverride_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="domain override"> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Domain");?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="domain" type="text" class="formfld unknown" id="domain" size="40" value="<?=htmlspecialchars($pconfig['domain']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("Domain to override (NOTE: this does not have to be a valid TLD!)"); ?><br /> + <?=gettext("e.g."); ?> <em><?=gettext("test"); ?></em> <?=gettext("or"); ?> <em>mycompany.localdomain</em> <?=gettext("or"); ?> <em>1.168.192.in-addr.arpa</em> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("IP address");?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="40" value="<?=htmlspecialchars($pconfig['ip']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("IP address of the authoritative DNS server for this domain"); ?><br /> + <?=gettext("e.g."); ?> <em>192.168.100.100</em><br /><?=gettext("Or enter # for an exclusion to pass through this host/subdomain to standard nameservers instead of a previous override."); ?><br /><?=gettext("Or enter ! for lookups for this host/subdomain to NOT be forwarded anywhere."); ?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Source IP");?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="dnssrcip" type="text" class="formfld unknown" id="dnssrcip" size="40" value="<?=htmlspecialchars($pconfig['dnssrcip']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("Source IP address for queries to the DNS server for the override domain."); ?><br /> + <?=gettext("Leave blank unless your DNS server is accessed through a VPN tunnel."); ?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("You may enter a description here for your reference (not parsed).");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_domainOverrides[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + </td> + </tr> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php index d8d168a..879675f 100644 --- a/usr/local/www/services_dnsmasq_edit.php +++ b/usr/local/www/services_dnsmasq_edit.php @@ -1,23 +1,23 @@ -<?php +<?php /* $Id$ */ /* services_dnsmasq_edit.php part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2003-2004 Bob Zoller <bob@kludgebox.com> and Manuel Kasper <mk@neon1.net>. Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -45,27 +45,31 @@ function hostcmp($a, $b) { } function hosts_sort() { - global $g, $config; + global $g, $config; - if (!is_array($config['dnsmasq']['hosts'])) - return; + if (!is_array($config['dnsmasq']['hosts'])) { + return; + } - usort($config['dnsmasq']['hosts'], "hostcmp"); + usort($config['dnsmasq']['hosts'], "hostcmp"); } require("guiconfig.inc"); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_dnsmasq.php'); -if (!is_array($config['dnsmasq']['hosts'])) +if (!is_array($config['dnsmasq']['hosts'])) { $config['dnsmasq']['hosts'] = array(); +} $a_hosts = &$config['dnsmasq']['hosts']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_hosts[$id]) { $pconfig['host'] = $a_hosts[$id]['host']; @@ -82,12 +86,12 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "domain ip"); - $reqdfieldsn = array(gettext("Domain"),gettext("IP address")); - + $reqdfieldsn = array(gettext("Domain"), gettext("IP address")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - + if ($_POST['host']) { - if (!is_hostname($_POST['host'])) { + if (!is_hostname($_POST['host'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'."); } else { if (!is_unqualified_hostname($_POST['host'])) { @@ -96,11 +100,13 @@ if ($_POST) { } } - if (($_POST['domain'] && !is_domain($_POST['domain']))) + if (($_POST['domain'] && !is_domain($_POST['domain']))) { $input_errors[] = gettext("A valid domain must be specified."); - - if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) + } + + if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { $input_errors[] = gettext("A valid IP address must be specified."); + } /* collect aliases */ $aliases = array(); @@ -146,11 +152,14 @@ if ($_POST) { /* check for overlaps */ foreach ($a_hosts as $hostent) { - if (isset($id) && ($a_hosts[$id]) && ($a_hosts[$id] === $hostent)) + if (isset($id) && ($a_hosts[$id]) && ($a_hosts[$id] === $hostent)) { continue; + } - if (($hostent['host'] == $_POST['host']) && ($hostent['domain'] == $_POST['domain']) - && ((is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip'])) || (is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip'])))) { + if (($hostent['host'] == $_POST['host']) && + ($hostent['domain'] == $_POST['domain']) && + ((is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip'])) || + (is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip'])))) { $input_errors[] = gettext("This host/domain already exists."); break; } @@ -164,22 +173,23 @@ if ($_POST) { $hostent['descr'] = $_POST['descr']; $hostent['aliases']['item'] = $aliases; - if (isset($id) && $a_hosts[$id]) + if (isset($id) && $a_hosts[$id]) { $a_hosts[$id] = $hostent; - else + } else { $a_hosts[] = $hostent; + } hosts_sort(); - + mark_subsystem_dirty('hosts'); - + write_config(); - + header("Location: services_dnsmasq.php"); exit; } } -$pgtitle = array(gettext("Services"),gettext("DNS forwarder"),gettext("Edit host")); +$pgtitle = array(gettext("Services"), gettext("DNS forwarder"), gettext("Edit host")); $shortcut_section = "forwarder"; include("head.inc"); @@ -206,110 +216,124 @@ include("head.inc"); </script> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="services_dnsmasq_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="dns edit"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit DNS Forwarder entry");?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Host");?></td> - <td width="78%" class="vtable"> - <input name="host" type="text" class="formfld unknown" id="host" size="40" value="<?=htmlspecialchars($pconfig['host']);?>" /> - <br /> <span class="vexpl"><?=gettext("Name of the host, without". - " domain part"); ?><br /> - <?=gettext("e.g."); ?> <em><?=gettext("myhost"); ?></em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Domain");?></td> - <td width="78%" class="vtable"> - <input name="domain" type="text" class="formfld unknown" id="domain" size="40" value="<?=htmlspecialchars($pconfig['domain']);?>" /> - <br /> <span class="vexpl"><?=gettext("Domain of the host"); ?><br /> - <?=gettext("e.g."); ?> <em><?=gettext("example.com"); ?></em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("IP address");?></td> - <td width="78%" class="vtable"> - <input name="ip" type="text" class="formfld unknown" id="ip" size="40" value="<?=htmlspecialchars($pconfig['ip']);?>" /> - <br /> <span class="vexpl"><?=gettext("IP address of the host"); ?><br /> - <?=gettext("e.g."); ?> <em>192.168.100.100</em> <?=gettext("or"); ?> <em>fd00:abcd::1</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here". - " for your reference (not parsed).");?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><div id="addressnetworkport"><?=gettext("Aliases"); ?></div></td> - <td width="78%" class="vtable"> - <table id="maintable" summary="aliases"> - <tbody> - <tr> - <td colspan="4"> - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> - <?=gettext("Enter additional names for this host."); ?> - </div> - </td> - </tr> - <tr> - <td><div id="onecolumn"><?=gettext("Host");?></div></td> - <td><div id="twocolumn"><?=gettext("Domain");?></div></td> - <td><div id="threecolumn"><?=gettext("Description");?></div></td> - </tr> - <?php - $counter = 0; - if($pconfig['aliases']['item']): - foreach($pconfig['aliases']['item'] as $item): - $host = $item['host']; - $domain = $item['domain']; - $description = $item['description']; - ?> - <tr> - <td> - <input autocomplete="off" name="aliashost<?php echo $counter; ?>" type="text" class="formfld unknown" id="aliashost<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($host);?>" /> - </td> - <td> - <input autocomplete="off" name="aliasdomain<?php echo $counter; ?>" type="text" class="formfld unknown" id="aliasdomain<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($domain);?>" /> - </td> - <td> - <input name="aliasdescription<?php echo $counter; ?>" type="text" class="formfld unknown" id="aliasdescription<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($description);?>" /> - </td> - <td> - <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a> - </td> - </tr> - <?php - $counter++; - endforeach; - endif; - ?> - </tbody> - </table> - <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> - <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> - </a> - <script type="text/javascript"> - //<![CDATA[ - field_counter_js = 3; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; - //]]> - </script> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_hosts[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> - </table> +<form action="services_dnsmasq_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="dns edit"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit DNS Forwarder entry");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Host");?></td> + <td width="78%" class="vtable"> + <input name="host" type="text" class="formfld unknown" id="host" size="40" value="<?=htmlspecialchars($pconfig['host']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("Name of the host, without domain part"); ?><br /> + <?=gettext("e.g."); ?> <em><?=gettext("myhost"); ?></em> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Domain");?></td> + <td width="78%" class="vtable"> + <input name="domain" type="text" class="formfld unknown" id="domain" size="40" value="<?=htmlspecialchars($pconfig['domain']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("Domain of the host"); ?><br /> + <?=gettext("e.g."); ?> <em><?=gettext("example.com"); ?></em> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("IP address");?></td> + <td width="78%" class="vtable"> + <input name="ip" type="text" class="formfld unknown" id="ip" size="40" value="<?=htmlspecialchars($pconfig['ip']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("IP address of the host"); ?><br /> + <?=gettext("e.g."); ?> <em>192.168.100.100</em> <?=gettext("or"); ?> <em>fd00:abcd::1</em> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("You may enter a description here for your reference (not parsed).");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><div id="addressnetworkport"><?=gettext("Aliases"); ?></div></td> + <td width="78%" class="vtable"> + <table id="maintable" summary="aliases"> + <tbody> + <tr> + <td colspan="4"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + <?=gettext("Enter additional names for this host."); ?> + </div> + </td> + </tr> + <tr> + <td><div id="onecolumn"><?=gettext("Host");?></div></td> + <td><div id="twocolumn"><?=gettext("Domain");?></div></td> + <td><div id="threecolumn"><?=gettext("Description");?></div></td> + </tr> +<?php + $counter = 0; + if ($pconfig['aliases']['item']): + foreach ($pconfig['aliases']['item'] as $item): + $host = $item['host']; + $domain = $item['domain']; + $description = $item['description']; +?> + <tr> + <td> + <input autocomplete="off" name="aliashost<?php echo $counter; ?>" type="text" class="formfld unknown" id="aliashost<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($host);?>" /> + </td> + <td> + <input autocomplete="off" name="aliasdomain<?php echo $counter; ?>" type="text" class="formfld unknown" id="aliasdomain<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($domain);?>" /> + </td> + <td> + <input name="aliasdescription<?php echo $counter; ?>" type="text" class="formfld unknown" id="aliasdescription<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($description);?>" /> + </td> + <td> + <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a> + </td> + </tr> +<?php + $counter++; + endforeach; + endif; +?> + </tbody> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + //<![CDATA[ + field_counter_js = 3; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + //]]> + </script> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_hosts[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + </td> + </tr> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 6ca6d32..fd400b0 100644 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -45,11 +45,13 @@ require_once("shaper.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); -if (!is_array($config['ipsec']['phase1'])) +if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); +} -if (!is_array($config['ipsec']['phase2'])) +if (!is_array($config['ipsec']['phase2'])) { $config['ipsec']['phase2'] = array(); +} $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; @@ -64,8 +66,9 @@ if ($_POST) { filter_configure(); $savemsg = get_std_save_message($retval); if ($retval >= 0) { - if (is_subsystem_dirty('ipsec')) + if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); + } } } else if ($_POST['submit']) { $pconfig = $_POST; @@ -81,8 +84,9 @@ if ($_POST) { foreach ($_POST['p1entry'] as $p1entrydel) { unset($a_phase1[$p1entrydel]); } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('ipsec'); + } } } else if (isset($_POST['delp2_x'])) { /* delete selected p2 entries */ @@ -90,8 +94,9 @@ if ($_POST) { foreach ($_POST['p2entry'] as $p2entrydel) { unset($a_phase2[$p2entrydel]); } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('ipsec'); + } } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ @@ -120,29 +125,35 @@ if ($_POST) { /* copy all p1 entries < $movebtn and not selected */ for ($i = 0; $i < $movebtn; $i++) { - if (!in_array($i, $_POST['p1entry'])) + if (!in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; + } } /* copy all selected p1 entries */ for ($i = 0; $i < count($a_phase1); $i++) { - if ($i == $movebtn) + if ($i == $movebtn) { continue; - if (in_array($i, $_POST['p1entry'])) + } + if (in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; + } } /* copy $movebtn p1 entry */ - if ($movebtn < count($a_phase1)) + if ($movebtn < count($a_phase1)) { $a_phase1_new[] = $a_phase1[$movebtn]; + } /* copy all p1 entries > $movebtn and not selected */ for ($i = $movebtn+1; $i < count($a_phase1); $i++) { - if (!in_array($i, $_POST['p1entry'])) + if (!in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; + } } - if (count($a_phase1_new) > 0) + if (count($a_phase1_new) > 0) { $a_phase1 = $a_phase1_new; + } } else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) { /* move selected p2 entries before this */ @@ -150,65 +161,74 @@ if ($_POST) { /* copy all p2 entries < $movebtnp2 and not selected */ for ($i = 0; $i < $movebtnp2; $i++) { - if (!in_array($i, $_POST['p2entry'])) + if (!in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; + } } /* copy all selected p2 entries */ for ($i = 0; $i < count($a_phase2); $i++) { - if ($i == $movebtnp2) + if ($i == $movebtnp2) { continue; - if (in_array($i, $_POST['p2entry'])) + } + if (in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; + } } /* copy $movebtnp2 p2 entry */ - if ($movebtnp2 < count($a_phase2)) + if ($movebtnp2 < count($a_phase2)) { $a_phase2_new[] = $a_phase2[$movebtnp2]; + } /* copy all p2 entries > $movebtnp2 and not selected */ for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) { - if (!in_array($i, $_POST['p2entry'])) + if (!in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; + } } - if (count($a_phase2_new) > 0) + if (count($a_phase2_new) > 0) { $a_phase2 = $a_phase2_new; + } } else if (isset($togglebtn)) { - if (isset($a_phase1[$togglebtn]['disabled'])) + if (isset($a_phase1[$togglebtn]['disabled'])) { unset($a_phase1[$togglebtn]['disabled']); - else + } else { $a_phase1[$togglebtn]['disabled'] = true; - + } } else if (isset($togglebtnp2)) { - if (isset($a_phase2[$togglebtnp2]['disabled'])) + if (isset($a_phase2[$togglebtnp2]['disabled'])) { unset($a_phase2[$togglebtnp2]['disabled']); - else + } else { $a_phase2[$togglebtnp2]['disabled'] = true; - + } } else if (isset($delbtn)) { /* remove static route if interface is not WAN */ - if ($a_phase1[$delbtn]['interface'] <> "wan") + if ($a_phase1[$delbtn]['interface'] <> "wan") { mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}"); + } /* remove all phase2 entries that match the ikeid */ $ikeid = $a_phase1[$delbtn]['ikeid']; - foreach ($a_phase2 as $p2index => $ph2tmp) + foreach ($a_phase2 as $p2index => $ph2tmp) { if ($ph2tmp['ikeid'] == $ikeid) { unset($a_phase2[$p2index]); } - + } unset($a_phase1[$delbtn]); } else if (isset($delbtnp2)) { unset($a_phase2[$delbtnp2]); - } else + } else { $save = 0; + } if ($save === 1) { - if (write_config()) + if (write_config()) { mark_subsystem_dirty('ipsec'); + } } } } @@ -225,10 +245,12 @@ include("head.inc"); <form action="vpn_ipsec.php" method="post"> <script type="text/javascript" src="/javascript/row_toggle.js"></script> <?php - if ($savemsg) + if ($savemsg) { print_info_box($savemsg); - if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) + } + if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) { print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec"> <tr> @@ -303,10 +325,11 @@ include("head.inc"); <td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>"> <?=$spans;?> <?php - if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") + if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") { echo "V1"; - else + } else { echo "V2"; + } ?> <?=$spane;?> </td> @@ -317,38 +340,43 @@ include("head.inc"); $iflabels = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { - if($group[0]['vip'] <> "") + if ($group[0]['vip'] <> "") { $vipif = $group[0]['vip']; - else + } else { $vipif = $group[0]['int']; + } $iflabels[$name] = "GW Group {$name}"; } $if = htmlspecialchars($iflabels[$ph1ent['interface']]); - } - else + } else { $if = "WAN"; + } - if (!isset($ph1ent['mobile'])) + if (!isset($ph1ent['mobile'])) { echo $if."<br />".$ph1ent['remote-gateway']; - else + } else { echo $if."<br /><strong>" . gettext("Mobile Client") . "</strong>"; + } ?> <?=$spane;?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>"> <?=$spans;?> <?php - if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") + if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") { echo "{$ph1ent['mode']}"; + } ?> <?=$spane;?> </td> @@ -357,10 +385,11 @@ include("head.inc"); <?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?> <?php if ($ph1ent['encryption-algorithm']['keylen']) { - if ($ph1ent['encryption-algorithm']['keylen']=="auto") + if ($ph1ent['encryption-algorithm']['keylen']=="auto") { echo " (" . gettext("auto") . ")"; - else + } else { echo " ({$ph1ent['encryption-algorithm']['keylen']} " . gettext("bits") . ")"; + } } ?> <?=$spane;?> @@ -417,18 +446,20 @@ include("head.inc"); <td class="listt"> </td> <td class="listrborder" colspan="6"> <?php - if (isset($_POST["tdph2-{$i}-visible"])) + if (isset($_POST["tdph2-{$i}-visible"])) { $tdph2_visible = htmlspecialchars($_POST["tdph2-{$i}-visible"]); - else + } else { $tdph2_visible = 0; + } ?> <input type="hidden" name="tdph2-<?=$i;?>-visible" id="tdph2-<?=$i;?>-visible" value="<?=$tdph2_visible?>" /> <div id="shph2but-<?=$i?>" <?php echo ($tdph2_visible == '1' ? 'style="display:none"' : '');?>> <?php $phase2count=0; foreach ($a_phase2 as $ph2ent) { - if ($ph2ent['ikeid'] != $ph1ent['ikeid']) + if ($ph2ent['ikeid'] != $ph1ent['ikeid']) { continue; + } $phase2count++; } $fr_prefix = "frp2{$i}"; @@ -438,7 +469,7 @@ include("head.inc"); </div> <div id="tdph2-<?=$i?>" <?php echo ($tdph2_visible != '1' ? 'style="display:none"' : '');?>> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="phase-2 entries"> - <tr id="<?=$fr_header;?>"> + <tr id="<?=$fr_header;?>"> <td> </td> <td> </td> <td class="listhdrr"><?=gettext("Mode"); ?></td> @@ -452,8 +483,9 @@ include("head.inc"); <?php $j = 0; foreach ($a_phase2 as $ph2index => $ph2ent): - if ($ph2ent['ikeid'] != $ph1ent['ikeid']) + if ($ph2ent['ikeid'] != $ph1ent['ikeid']) { continue; + } $fr_c = $fr_prefix . "c" . $j; $fr_d = $fr_prefix . "d" . $j; @@ -468,7 +500,7 @@ include("head.inc"); ?> <tr valign="top" id="<?=$fr_prefix . $j;?>" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid'];?>'"> <td class="listt" align="center" valign="middle"> - <input type="checkbox" id="<?=$fr_c;?>" name="p2entry[]" value="<?=$ph2index;?>" onclick="fr_bgcolor('<?=$j;?>', '<?=$fr_prefix;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /> + <input type="checkbox" id="<?=$fr_c;?>" name="p2entry[]" value="<?=$ph2index;?>" onclick="fr_bgcolor('<?=$j;?>', '<?=$fr_prefix;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /> </td> <td class="listt" align="center" valign="middle"> <input name="togglep2_<?=$ph2index;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn?>.gif" @@ -481,7 +513,7 @@ include("head.inc"); <?=$spane;?> </td> <?php - if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): + if (($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): ?> <td class="listr nowrap" id="<?=$fr_d;?>" onclick="fr_toggle('<?=$j;?>', '<?=$fr_prefix;?>')"> <?=$spans;?> @@ -507,14 +539,16 @@ include("head.inc"); <?=$spans;?> <?php foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) { - if ($k) + if ($k) { echo ", "; + } echo $p2_ealgos[$ph2ea['name']]['name']; if ($ph2ea['keylen']) { - if ($ph2ea['keylen']=="auto") + if ($ph2ea['keylen']=="auto") { echo " (" . gettext("auto") . ")"; - else + } else { echo " ({$ph2ea['keylen']} " . gettext("bits") . ")"; + } } } ?> @@ -525,8 +559,9 @@ include("head.inc"); <?php if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) { foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) { - if ($k) + if ($k) { echo ", "; + } echo $p2_halgos[$ph2ha]; } } diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php index ebddcc9..8c30d6b 100644 --- a/usr/local/www/vpn_ipsec_keys.php +++ b/usr/local/www/vpn_ipsec_keys.php @@ -3,21 +3,21 @@ vpn_ipsec_keys.php part of m0n0wall (http://m0n0.ch/wall) part of pfSense - + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -61,8 +61,9 @@ if (isset($_POST['apply'])) { /* reload the filter in the background */ filter_configure(); $savemsg = get_std_save_message($retval); - if (is_subsystem_dirty('ipsec')) + if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); + } } if ($_GET['act'] == "del") { @@ -85,16 +86,17 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <form action="vpn_ipsec_keys.php" method="post"> -<?php -if ($savemsg) +<?php +if ($savemsg) { print_info_box($savemsg); -if (is_subsystem_dirty('ipsec')) +} +if (is_subsystem_dirty('ipsec')) { print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); - +} ?> </form> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec keys"> - <tr><td class="tabnavtbl"> + <tr><td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php"); @@ -103,92 +105,113 @@ if (is_subsystem_dirty('ipsec')) $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> - <tr> - <td class="listhdrr"><?=gettext("Identifier"); ?></td> - <td class="listhdrr"><?=gettext("Type"); ?></td> - <td class="listhdr"><?=gettext("Pre-Shared Key"); ?></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add key"> - <tr> - <td width="20" height="17"></td> - <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php $i = 0; foreach ($userkeys as $secretent): ?> - <tr> - <td class="listlr gray"> - <?php - if ($secretent['ident'] == 'allusers') - echo gettext("ANY USER"); - else - echo htmlspecialchars($secretent['ident']); - ?> - </td> - <td class="listlr gray"> - <?php - if (empty($secretent['type'])) - echo 'PSK'; - else - echo htmlspecialchars($secretent['type']); - ?> - </td> - <td class="listr gray"> - <?=htmlspecialchars($secretent['pre-shared-key']);?> - </td> - <td class="list nowrap"> - <form action="system_usermanager.php" method="post" name="form_edit_key"> - <input type="hidden" name="act" value="edit" /> - <input type="hidden" name="userid" value="<?=$secretent['id'];?>" /> - <input type="image" name="edituser[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" - title="<?=gettext("edit");?>" /> - </form> - </td> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> + <tr> + <td class="listhdrr"><?=gettext("Identifier"); ?></td> + <td class="listhdrr"><?=gettext("Type"); ?></td> + <td class="listhdr"><?=gettext("Pre-Shared Key"); ?></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add key"> + <tr> + <td width="20" height="17"></td> + <td> + <a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> </tr> - <?php $i++; endforeach; ?> - - <?php $i = 0; foreach ($a_secret as $secretent): ?> - <tr> - <td class="listlr"> - <?=htmlspecialchars($secretent['ident']);?> - </td> - <td class="listlr"> - <?php - if (empty($secretent['type'])) - echo 'PSK'; - else - echo htmlspecialchars($secretent['type']); - ?> - </td> - <td class="listr"> - <?=htmlspecialchars($secretent['pre-shared-key']);?> - </td> - <td class="list nowrap"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit key"); ?>" width="17" height="17" border="0" alt="edit" /></a> - <a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Pre-Shared Key?"); ?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete key"); ?>" width="17" height="17" border="0" alt="delete" /></a></td> +<?php + $i = 0; + foreach ($userkeys as $secretent): +?> + <tr> + <td class="listlr gray"> + <?php + if ($secretent['ident'] == 'allusers') { + echo gettext("ANY USER"); + } else { + echo htmlspecialchars($secretent['ident']); + } + ?> + </td> + <td class="listlr gray"> + <?php + if (empty($secretent['type'])) { + echo 'PSK'; + } else { + echo htmlspecialchars($secretent['type']); + } + ?> + </td> + <td class="listr gray"> + <?=htmlspecialchars($secretent['pre-shared-key']);?> + </td> + <td class="list nowrap"> + <form action="system_usermanager.php" method="post" name="form_edit_key"> + <input type="hidden" name="act" value="edit" /> + <input type="hidden" name="userid" value="<?=$secretent['id'];?>" /> + <input type="image" name="edituser[]" width="17" height="17" border="0" + src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + title="<?=gettext("edit");?>" /> + </form> + + </td> + </tr> +<?php + $i++; + endforeach; +?> + +<?php + $i = 0; + foreach ($a_secret as $secretent): +?> + <tr> + <td class="listlr"> + <?=htmlspecialchars($secretent['ident']);?> + </td> + <td class="listlr"> + <?php + if (empty($secretent['type'])) { + echo 'PSK'; + } else { + echo htmlspecialchars($secretent['type']); + } + ?> + </td> + <td class="listr"> + <?=htmlspecialchars($secretent['pre-shared-key']);?> + </td> + <td class="list nowrap"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit key"); ?>" width="17" height="17" border="0" alt="edit" /></a> + <a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Pre-Shared Key?"); ?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete key"); ?>" width="17" height="17" border="0" alt="delete" /></a> + </td> + </tr> +<?php + $i++; + endforeach; +?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add key"> + <tr> + <td width="20" height="17"></td> + <td> + <a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add key"> - <tr> - <td width="20" height="17"></td> - <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> </table> - </td> - </tr> - </table> - </div> - </td> - </tr> + </div> + </td> + </tr> <tr> <td colspan="4"> <p> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index 82ab80c..6419a6b 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -3,21 +3,21 @@ vpn_ipsec_keys_edit.php part of m0n0wall (http://m0n0.ch/wall) part of pfSense - + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -48,10 +48,12 @@ if (!is_array($config['ipsec']['mobilekey'])) { ipsec_mobilekey_sort(); $a_secret = &$config['ipsec']['mobilekey']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_secret[$id]) { $pconfig['ident'] = $a_secret[$id]['ident']; @@ -64,25 +66,28 @@ if ($_POST) { foreach ($config['system']['user'] as $uid => $user) { $userids[$user['name']] = $uid; } - + unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "ident psk"); - $reqdfieldsn = array(gettext("Identifier"),gettext("Pre-Shared Key")); - + $reqdfieldsn = array(gettext("Identifier"), gettext("Pre-Shared Key")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) + + if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) { $input_errors[] = gettext("The identifier contains invalid characters."); + } - if (array_key_exists($_POST['ident'], $userids)) + if (array_key_exists($_POST['ident'], $userids)) { $input_errors[] = gettext("A user with this name already exists. Add the key to the user instead."); + } unset($userids); - - if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk'])) + + if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk'])) { $input_errors[] = gettext("Pre-Shared Key contains invalid characters."); + } if (!$input_errors && !(isset($id) && $a_secret[$id])) { /* make sure there are no dupes */ @@ -95,15 +100,16 @@ if ($_POST) { } if (!$input_errors) { - - if (isset($id) && $a_secret[$id]) + + if (isset($id) && $a_secret[$id]) { $secretent = $a_secret[$id]; - + } + $secretent['ident'] = $_POST['ident']; $secretent['type'] = $_POST['type']; $secretent['pre-shared-key'] = $_POST['psk']; $text = ""; - + if (isset($id) && $a_secret[$id]) { $a_secret[$id] = $secretent; $text = gettext("Edited"); @@ -111,10 +117,10 @@ if ($_POST) { $a_secret[] = $secretent; $text = gettext("Added"); } - + write_config("{$text} IPsec Pre-Shared Keys"); mark_subsystem_dirty('ipsec'); - + header("Location: vpn_ipsec_keys.php"); exit; } @@ -130,62 +136,63 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn ipsec keys edit"> +<form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn ipsec keys edit"> <tr> <td colspan="2" valign="top" class="listtopic">Edit pre-shared secret</td> </tr> - <tr> - <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td> - <td class="vtable"> - <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" /> - <br /> -<?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Secret type"); ?></td> - <td width="78%" class="vtable"> - <select name="type" class="formselect"> - <?php - foreach ($ipsec_preshared_key_type as $value => $descr) { - echo "<option value='{$value}' "; - if ($pconfig['type'] == $value) - echo "selected=\"selected\""; - echo ">{$descr}</option>"; - } - ?> - </select> - </td> + <tr> + <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td> + <td class="vtable"> + <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" /> + <br /> + <?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Secret type"); ?></td> + <td width="78%" class="vtable"> + <select name="type" class="formselect"> + <?php + foreach ($ipsec_preshared_key_type as $value => $descr) { + echo "<option value='{$value}' "; + if ($pconfig['type'] == $value) { + echo "selected=\"selected\""; + } + echo ">{$descr}</option>"; + } + ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" /> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <?php if (isset($id) && $a_secret[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + </td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <?php if (isset($id) && $a_secret[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> <tr> <td colspan="4"> - <p> - <span class="vexpl"> - <span class="red"> - <strong><?=gettext("Note"); ?>:<br /></strong> - </span> - <?=gettext("PSK for any user can be set by using an identifier of any/ANY");?> - </span> - </p> + <p> + <span class="vexpl"> + <span class="red"> + <strong><?=gettext("Note"); ?>:<br /></strong> + </span> + <?=gettext("PSK for any user can be set by using an identifier of any/ANY");?> + </span> + </p> </td> </tr> - </table> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 8fed8e9..86c63f5 100644 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -1,21 +1,21 @@ <?php /* vpn_ipsec_mobile.php - + Copyright (C) 2008 Shrew Soft Inc Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -41,13 +41,15 @@ require_once("ipsec.inc"); require_once("vpn.inc"); require_once("filter.inc"); -if (!is_array($config['ipsec']['phase1'])) +if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); +} $a_phase1 = &$config['ipsec']['phase1']; -if (!is_array($config['ipsec']['client'])) +if (!is_array($config['ipsec']['client'])) { $config['ipsec']['client'] = array(); +} $a_client = &$config['ipsec']['client']; @@ -73,37 +75,47 @@ if (count($a_client)) { $pconfig['pfs_group'] = $a_client['pfs_group']; $pconfig['login_banner'] = $a_client['login_banner']; - if (isset($pconfig['enable'])) + if (isset($pconfig['enable'])) { $pconfig['enable'] = true; + } - if ($pconfig['pool_address']&&$pconfig['pool_netbits']) + if ($pconfig['pool_address']&&$pconfig['pool_netbits']) { $pconfig['pool_enable'] = true; - else + } else { $pconfig['pool_netbits'] = 24; + } - if (isset($pconfig['net_list'])) + if (isset($pconfig['net_list'])) { $pconfig['net_list_enable'] = true; + } - if (isset($pconfig['save_passwd'])) + if (isset($pconfig['save_passwd'])) { $pconfig['save_passwd_enable'] = true; + } - if ($pconfig['dns_domain']) + if ($pconfig['dns_domain']) { $pconfig['dns_domain_enable'] = true; + } - if ($pconfig['dns_split']) + if ($pconfig['dns_split']) { $pconfig['dns_split_enable'] = true; + } - if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4']) + if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4']) { $pconfig['dns_server_enable'] = true; + } - if ($pconfig['wins_server1']||$pconfig['wins_server2']) + if ($pconfig['wins_server1']||$pconfig['wins_server2']) { $pconfig['wins_server_enable'] = true; + } - if (isset($pconfig['pfs_group'])) + if (isset($pconfig['pfs_group'])) { $pconfig['pfs_group_enable'] = true; + } - if ($pconfig['login_banner']) + if ($pconfig['login_banner']) { $pconfig['login_banner_enable'] = true; + } } if ($_POST['create']) { @@ -115,9 +127,11 @@ if ($_POST['apply']) { /* NOTE: #4353 Always restart ipsec when mobile clients settings change */ $retval = vpn_ipsec_configure(true); $savemsg = get_std_save_message($retval); - if ($retval >= 0) - if (is_subsystem_dirty('ipsec')) + if ($retval >= 0) { + if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); + } + } } if ($_POST['submit']) { @@ -127,28 +141,28 @@ if ($_POST['submit']) { /* input consolidation */ - - /* input validation */ $reqdfields = explode(" ", "user_source group_source"); - $reqdfieldsn = array(gettext("User Authentication Source"),gettext("Group Authentication Source")); + $reqdfieldsn = array(gettext("User Authentication Source"), gettext("Group Authentication Source")); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($pconfig['pool_enable']) - if (!is_ipaddr($pconfig['pool_address'])) + if ($pconfig['pool_enable']) { + if (!is_ipaddr($pconfig['pool_address'])) { $input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified."); - - if ($pconfig['dns_domain_enable']) - if (!is_domain($pconfig['dns_domain'])) + } + } + if ($pconfig['dns_domain_enable']) { + if (!is_domain($pconfig['dns_domain'])) { $input_errors[] = gettext("A valid value for 'DNS Default Domain' must be specified."); - + } + } if ($pconfig['dns_split_enable']) { if (!empty($pconfig['dns_split'])) { /* Replace multiple spaces by single */ $pconfig['dns_split'] = preg_replace('/\s+/', ' ', trim($pconfig['dns_split'])); - $domain_array=explode(' ', $pconfig['dns_split']); + $domain_array = explode(' ', $pconfig['dns_split']); foreach ($domain_array as $curdomain) { if (!is_domain($curdomain)) { $input_errors[] = gettext("A valid split DNS domain list must be specified."); @@ -160,39 +174,51 @@ if ($_POST['submit']) { if ($pconfig['dns_server_enable']) { if (!$pconfig['dns_server1'] && !$pconfig['dns_server2'] && - !$pconfig['dns_server3'] && !$pconfig['dns_server4'] ) + !$pconfig['dns_server3'] && !$pconfig['dns_server4'] ) { $input_errors[] = gettext("At least one DNS server must be specified to enable the DNS Server option."); - if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1'])) + } + if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1'])) { $input_errors[] = gettext("A valid IP address for 'DNS Server #1' must be specified."); - if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2'])) + } + if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2'])) { $input_errors[] = gettext("A valid IP address for 'DNS Server #2' must be specified."); - if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3'])) + } + if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3'])) { $input_errors[] = gettext("A valid IP address for 'DNS Server #3' must be specified."); - if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4'])) + } + if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4'])) { $input_errors[] = gettext("A valid IP address for 'DNS Server #4' must be specified."); + } } if ($pconfig['wins_server_enable']) { - if (!$pconfig['wins_server1'] && !$pconfig['wins_server2']) + if (!$pconfig['wins_server1'] && !$pconfig['wins_server2']) { $input_errors[] = gettext("At least one WINS server must be specified to enable the DNS Server option."); - if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1'])) + } + if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1'])) { $input_errors[] = gettext("A valid IP address for 'WINS Server #1' must be specified."); - if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2'])) + } + if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2'])) { $input_errors[] = gettext("A valid IP address for 'WINS Server #2' must be specified."); + } } - if ($pconfig['login_banner_enable']) - if (!strlen($pconfig['login_banner'])) + if ($pconfig['login_banner_enable']) { + if (!strlen($pconfig['login_banner'])) { $input_errors[] = gettext("A valid value for 'Login Banner' must be specified."); + } + } if (!$input_errors) { $client = array(); - - if ($pconfig['enable']) + + if ($pconfig['enable']) { $client['enable'] = true; + } - if (!empty($pconfig['user_source'])) + if (!empty($pconfig['user_source'])) { $client['user_source'] = implode(",", $pconfig['user_source']); + } $client['group_source'] = $pconfig['group_source']; if ($pconfig['pool_enable']) { @@ -200,17 +226,21 @@ if ($_POST['submit']) { $client['pool_netbits'] = $pconfig['pool_netbits']; } - if ($pconfig['net_list_enable']) + if ($pconfig['net_list_enable']) { $client['net_list'] = true; + } - if ($pconfig['save_passwd_enable']) + if ($pconfig['save_passwd_enable']) { $client['save_passwd'] = true; + } - if ($pconfig['dns_domain_enable']) + if ($pconfig['dns_domain_enable']) { $client['dns_domain'] = $pconfig['dns_domain']; + } - if ($pconfig['dns_split_enable']) + if ($pconfig['dns_split_enable']) { $client['dns_split'] = $pconfig['dns_split']; + } if ($pconfig['dns_server_enable']) { $client['dns_server1'] = $pconfig['dns_server1']; @@ -224,23 +254,25 @@ if ($_POST['submit']) { $client['wins_server2'] = $pconfig['wins_server2']; } - if ($pconfig['pfs_group_enable']) + if ($pconfig['pfs_group_enable']) { $client['pfs_group'] = $pconfig['pfs_group']; + } - if ($pconfig['login_banner_enable']) + if ($pconfig['login_banner_enable']) { $client['login_banner'] = $pconfig['login_banner']; + } $a_client = $client; - + write_config(); mark_subsystem_dirty('ipsec'); - + header("Location: vpn_ipsec_mobile.php"); exit; } } -$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Mobile")); +$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Mobile")); $shortcut_section = "ipsec"; include("head.inc"); @@ -265,18 +297,20 @@ function pool_change() { function dns_domain_change() { - if (document.iform.dns_domain_enable.checked) + if (document.iform.dns_domain_enable.checked) { document.iform.dns_domain.disabled = 0; - else + } else { document.iform.dns_domain.disabled = 1; + } } function dns_split_change() { - if (document.iform.dns_split_enable.checked) + if (document.iform.dns_split_enable.checked) { document.iform.dns_split.disabled = 0; - else + } else { document.iform.dns_split.disabled = 1; + } } function dns_server_change() { @@ -307,18 +341,20 @@ function wins_server_change() { function pfs_group_change() { - if (document.iform.pfs_group_enable.checked) + if (document.iform.pfs_group_enable.checked) { document.iform.pfs_group.disabled = 0; - else + } else { document.iform.pfs_group.disabled = 1; + } } function login_banner_change() { - if (document.iform.login_banner_enable.checked) + if (document.iform.login_banner_enable.checked) { document.iform.login_banner.disabled = 0; - else + } else { document.iform.login_banner.disabled = 1; + } } //]]> @@ -327,17 +363,23 @@ function login_banner_change() { <form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform"> <?php - if ($savemsg) + if ($savemsg) { print_info_box($savemsg); - if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec')) + } + if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec')) { print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); - foreach ($a_phase1 as $ph1ent) - if (isset($ph1ent['mobile'])) + } + foreach ($a_phase1 as $ph1ent) { + if (isset($ph1ent['mobile'])) { $ph1found = true; - if ($pconfig['enable'] && !$ph1found) + } + } + if ($pconfig['enable'] && !$ph1found) { print_info_box_np(gettext("Support for IPsec Mobile clients is enabled but a Phase1 definition was not found") . ".<br />" . gettext("Please click Create to define one."),gettext("create"),gettext("Create Phase1")); - if ($input_errors) + } + if ($input_errors) { print_input_errors($input_errors); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec mobile"> @@ -353,7 +395,7 @@ function login_banner_change() { ?> </td> </tr> - <tr> + <tr> <td id="mainarea"> <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> @@ -363,7 +405,7 @@ function login_banner_change() { <table border="0" cellspacing="2" cellpadding="0" summary="ike extensions"> <tr> <td> - <?php set_checked($pconfig['enable'],$chk); ?> + <?php set_checked($pconfig['enable'], $chk); ?> <input name="enable" type="checkbox" id="enable" value="yes" <?=$chk;?> /> </td> <td> @@ -391,8 +433,9 @@ function login_banner_change() { $auth_servers = auth_get_authserver_list(); foreach ($auth_servers as $auth_server) { $selected = ""; - if (in_array($auth_server['name'], $authmodes)) + if (in_array($auth_server['name'], $authmodes)) { $selected = "selected=\"selected\""; + } echo "<option value='{$auth_server['name']}' {$selected}>{$auth_server['name']}</option>\n"; } ?> @@ -412,18 +455,18 @@ function login_banner_change() { <tr> <td colspan="2" class="list" height="12"></td> </tr> - <tr> + <tr> <td colspan="2" valign="top" class="listtopic"> <?=gettext("Client Configuration (mode-cfg)"); ?> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Virtual Address Pool"); ?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="2" cellpadding="0" summary="enable pool"> <tr> <td> - <?php set_checked($pconfig['pool_enable'],$chk); ?> + <?php set_checked($pconfig['pool_enable'], $chk); ?> <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> onclick="pool_change()" /> </td> <td> @@ -455,7 +498,7 @@ function login_banner_change() { <table border="0" cellspacing="2" cellpadding="0" summary="network list"> <tr> <td> - <?php set_checked($pconfig['net_list_enable'],$chk); ?> + <?php set_checked($pconfig['net_list_enable'], $chk); ?> <input name="net_list_enable" type="checkbox" id="net_list_enable" value="yes" <?=$chk;?> /> </td> <td> @@ -471,7 +514,7 @@ function login_banner_change() { <table border="0" cellspacing="2" cellpadding="0" summary="password"> <tr> <td> - <?php set_checked($pconfig['save_passwd_enable'],$chk); ?> + <?php set_checked($pconfig['save_passwd_enable'], $chk); ?> <input name="save_passwd_enable" type="checkbox" id="save_passwd_enable" value="yes" <?=$chk;?> /> </td> <td> @@ -482,13 +525,13 @@ function login_banner_change() { </table> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="2" cellpadding="0" summary="enable dns default domain"> <tr> <td> - <?php set_checked($pconfig['dns_domain_enable'],$chk); ?> + <?php set_checked($pconfig['dns_domain_enable'], $chk); ?> <input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" /> </td> <td> @@ -511,7 +554,7 @@ function login_banner_change() { <table border="0" cellspacing="2" cellpadding="0" summary="enable split dns"> <tr> <td> - <?php set_checked($pconfig['dns_split_enable'],$chk); ?> + <?php set_checked($pconfig['dns_split_enable'], $chk); ?> <input name="dns_split_enable" type="checkbox" id="dns_split_enable" value="yes" <?=$chk;?> onclick="dns_split_change()" /> </td> <td> @@ -529,13 +572,13 @@ function login_banner_change() { </table> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="2" cellpadding="0" summary="enable dns servers"> <tr> <td> - <?php set_checked($pconfig['dns_server_enable'],$chk); ?> + <?php set_checked($pconfig['dns_server_enable'], $chk); ?> <input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" /> </td> <td> @@ -571,13 +614,13 @@ function login_banner_change() { </table> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="2" cellpadding="0" summary="enable wins servers"> <tr> <td> - <?php set_checked($pconfig['wins_server_enable'],$chk); ?> + <?php set_checked($pconfig['wins_server_enable'], $chk); ?> <input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" /> </td> <td> @@ -607,7 +650,7 @@ function login_banner_change() { <table border="0" cellspacing="2" cellpadding="0" summary="enable pfs group"> <tr> <td> - <?php set_checked($pconfig['pfs_group_enable'],$chk); ?> + <?php set_checked($pconfig['pfs_group_enable'], $chk); ?> <input name="pfs_group_enable" type="checkbox" id="pfs_group_enable" value="yes" <?=$chk;?> onclick="pfs_group_change()" /> </td> <td> @@ -631,13 +674,13 @@ function login_banner_change() { </table> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Login Banner"); ?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="2" cellpadding="0" summary="enable login banner"> <tr> <td> - <?php set_checked($pconfig['login_banner_enable'],$chk); ?> + <?php set_checked($pconfig['login_banner_enable'], $chk); ?> <input name="login_banner_enable" type="checkbox" id="login_banner_enable" value="yes" <?=$chk;?> onclick="login_banner_change()" /> </td> <td> @@ -687,10 +730,11 @@ login_banner_change(); /* local utility functions */ function set_checked($var,& $chk) { - if($var) + if ($var) { $chk = "checked=\"checked\""; - else + } else { $chk = ""; + } } ?> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 8128217..79cf671 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -44,48 +44,57 @@ require_once("ipsec.inc"); require_once("vpn.inc"); require_once("filter.inc"); -if (!is_array($config['ipsec']['phase1'])) +if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); +} -if (!is_array($config['ipsec']['phase2'])) +if (!is_array($config['ipsec']['phase2'])) { $config['ipsec']['phase2'] = array(); +} $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -if (is_numericint($_GET['p1index'])) +if (is_numericint($_GET['p1index'])) { $p1index = $_GET['p1index']; -if (isset($_POST['p1index']) && is_numericint($_POST['p1index'])) +} +if (isset($_POST['p1index']) && is_numericint($_POST['p1index'])) { $p1index = $_POST['p1index']; +} -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { $p1index = $_GET['dup']; +} if (isset($p1index) && $a_phase1[$p1index]) { // don't copy the ikeid on dup - if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) { $pconfig['ikeid'] = $a_phase1[$p1index]['ikeid']; + } $old_ph1ent = $a_phase1[$p1index]; $pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']); - if ($a_phase1[$p1index]['interface']) + if ($a_phase1[$p1index]['interface']) { $pconfig['interface'] = $a_phase1[$p1index]['interface']; - else + } else { $pconfig['interface'] = "wan"; + } - list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']); + list($pconfig['remotenet'], $pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']); - if (isset($a_phase1[$p1index]['mobile'])) + if (isset($a_phase1[$p1index]['mobile'])) { $pconfig['mobile'] = 'true'; - else + } else { $pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway']; + } - if (empty($a_phase1[$p1index]['iketype'])) + if (empty($a_phase1[$p1index]['iketype'])) { $pconfig['iketype'] = "ikev1"; - else + } else { $pconfig['iketype'] = $a_phase1[$p1index]['iketype']; + } $pconfig['mode'] = $a_phase1[$p1index]['mode']; $pconfig['protocol'] = $a_phase1[$p1index]['protocol']; $pconfig['myid_type'] = $a_phase1[$p1index]['myid_type']; @@ -99,7 +108,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; if (($pconfig['authentication_method'] == "pre_shared_key") || - ($pconfig['authentication_method'] == "xauth_psk_server")) { + ($pconfig['authentication_method'] == "xauth_psk_server")) { $pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key']; } else { $pconfig['certref'] = $a_phase1[$p1index]['certref']; @@ -108,14 +117,17 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['descr'] = $a_phase1[$p1index]['descr']; $pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal']; - $pconfig['mobike'] = $a_phase1[$p1index]['mobike']; + $pconfig['mobike'] = $a_phase1[$p1index]['mobike']; - if (isset($a_phase1[$p1index]['reauth_enable'])) + if (isset($a_phase1[$p1index]['reauth_enable'])) { $pconfig['reauth_enable'] = true; - if (isset($a_phase1[$p1index]['rekey_enable'])) + } + if (isset($a_phase1[$p1index]['rekey_enable'])) { $pconfig['rekey_enable'] = true; - if (isset($a_phase1[$p1index]['responderonly'])) + } + if (isset($a_phase1[$p1index]['responderonly'])) { $pconfig['responderonly'] = true; + } if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) { $pconfig['dpd_enable'] = true; @@ -125,31 +137,33 @@ if (isset($p1index) && $a_phase1[$p1index]) { } else { /* defaults */ $pconfig['interface'] = "wan"; - if($config['interfaces']['lan']) + if ($config['interfaces']['lan']) { $pconfig['localnet'] = "lan"; + } $pconfig['mode'] = "main"; $pconfig['protocol'] = "inet"; $pconfig['myid_type'] = "myaddress"; $pconfig['peerid_type'] = "peeraddress"; $pconfig['authentication_method'] = "pre_shared_key"; - $pconfig['ealgo'] = array( name => "aes" ); + $pconfig['ealgo'] = array(name => "aes"); $pconfig['halgo'] = "sha1"; $pconfig['dhgroup'] = "2"; $pconfig['lifetime'] = "28800"; $pconfig['nat_traversal'] = 'on'; - $pconfig['mobike'] = 'off'; + $pconfig['mobike'] = 'off'; $pconfig['dpd_enable'] = true; $pconfig['iketype'] = "ikev1"; /* mobile client */ - if($_GET['mobile']) { - $pconfig['mobile']=true; - $pconfig['mode'] = "aggressive"; + if ($_GET['mobile']) { + $pconfig['mobile'] = true; + $pconfig['mode'] = "aggressive"; } } -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($p1index); +} if ($_POST) { unset($input_errors); @@ -158,8 +172,8 @@ if ($_POST) { /* input validation */ $method = $pconfig['authentication_method']; - // Unset ca and cert if not required to avaoid storing in config - if ($method == "pre_shared_key" || $method == "xauth_psk_server"){ + // Unset ca and cert if not required to avoid storing in config + if ($method == "pre_shared_key" || $method == "xauth_psk_server") { unset($pconfig['caref']); unset($pconfig['certref']); } @@ -168,22 +182,26 @@ if ($_POST) { // For RSA methods, require the CA/Cert. switch ($method) { case 'eap-mschapv2': - if ($pconfig['iketype'] != 'ikev2') + if ($pconfig['iketype'] != 'ikev2') { $input_errors[] = gettext("EAP-MSChapv2 can only be used with IKEv2 type VPNs."); + } break; case "eap-tls": - if ($pconfig['iketype'] != 'ikev2') + if ($pconfig['iketype'] != 'ikev2') { $input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs."); + } break; case "eap-radius": - if ($pconfig['iketype'] != 'ikev2') + if ($pconfig['iketype'] != 'ikev2') { $input_errors[] = gettext("EAP-RADIUS can only be used with IKEv2 type VPNs."); + } break; case "pre_shared_key": // If this is a mobile PSK tunnel the user PSKs go on // the PSK tab, not here, so skip the check. - if ($pconfig['mobile']) + if ($pconfig['mobile']) { break; + } case "xauth_psk_server": $reqdfields = explode(" ", "pskey"); $reqdfieldsn = array(gettext("Pre-Shared Key")); @@ -193,7 +211,7 @@ if ($_POST) { case "xauth_rsa_server": case "rsasig": $reqdfields = explode(" ", "caref certref"); - $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); + $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate")); break; } if (!$pconfig['mobile']) { @@ -208,19 +226,21 @@ if ($_POST) { $input_errors[] = gettext("Pre-Shared Key contains invalid characters."); } - if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime']))) + if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime']))) { $input_errors[] = gettext("The P1 lifetime must be an integer."); + } if ($pconfig['remotegw']) { - if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) + if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) { $input_errors[] = gettext("A valid remote gateway address or host name must be specified."); - elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet")) + } elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet")) { $input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6"); - elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6")) + } elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6")) { $input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4"); + } } - if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) { + if ($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled'])) { $t = 0; foreach ($a_phase1 as $ph1tmp) { if ($p1index <> $t) { @@ -235,7 +255,7 @@ if ($_POST) { if (is_array($a_phase2) && (count($a_phase2))) { foreach ($a_phase2 as $phase2) { - if($phase2['ikeid'] == $pconfig['ikeid']) { + if ($phase2['ikeid'] == $pconfig['ikeid']) { if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) { $input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4."); break; @@ -250,125 +270,155 @@ if ($_POST) { /* My identity */ - if ($pconfig['myid_type'] == "myaddress") + if ($pconfig['myid_type'] == "myaddress") { $pconfig['myid_data'] = ""; + } - if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "") + if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "") { $input_errors[] = gettext("Please enter an address for 'My Identifier'"); + } - if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "") + if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "") { $input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'"); + } - if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "") + if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "") { $input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'"); + } - if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "") + if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "") { $input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'"); + } - if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "") + if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "") { $input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'"); + } - if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data']))) + if (($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])) { $input_errors[] = gettext("A valid IP address for 'My identifier' must be specified."); + } - if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data']))) + if (($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])) { $input_errors[] = gettext("A valid domain name for 'My identifier' must be specified."); + } - if ($pconfig['myid_type'] == "fqdn") - if (is_domain($pconfig['myid_data']) == false) + if ($pconfig['myid_type'] == "fqdn") { + if (is_domain($pconfig['myid_data']) == false) { $input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified."); + } + } if ($pconfig['myid_type'] == "user_fqdn") { - $user_fqdn = explode("@",$pconfig['myid_data']); - if (is_domain($user_fqdn[1]) == false) + $user_fqdn = explode("@", $pconfig['myid_data']); + if (is_domain($user_fqdn[1]) == false) { $input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified."); + } } - if ($pconfig['myid_type'] == "dyn_dns") - if (is_domain($pconfig['myid_data']) == false) + if ($pconfig['myid_type'] == "dyn_dns") { + if (is_domain($pconfig['myid_data']) == false) { $input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified."); + } + } /* Peer identity */ - if ($pconfig['myid_type'] == "peeraddress") + if ($pconfig['myid_type'] == "peeraddress") { $pconfig['peerid_data'] = ""; + } // Only enforce peer ID if we are not dealing with a pure-psk mobile config. if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) { - if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "") + if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "") { $input_errors[] = gettext("Please enter an address for 'Peer Identifier'"); + } - if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "") + if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "") { $input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'"); + } - if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "") + if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "") { $input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'"); + } - if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "") + if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "") { $input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'"); + } - if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data']))) + if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data']))) { $input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified."); + } - if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data']))) + if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data']))) { $input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified."); + } - if ($pconfig['peerid_type'] == "fqdn") - if (is_domain($pconfig['peerid_data']) == false) + if ($pconfig['peerid_type'] == "fqdn") { + if (is_domain($pconfig['peerid_data']) == false) { $input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified."); + } + } if ($pconfig['peerid_type'] == "user_fqdn") { - $user_fqdn = explode("@",$pconfig['peerid_data']); - if (is_domain($user_fqdn[1]) == false) + $user_fqdn = explode("@", $pconfig['peerid_data']); + if (is_domain($user_fqdn[1]) == false) { $input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified."); + } } } if ($pconfig['dpd_enable']) { - if (!is_numeric($pconfig['dpd_delay'])) + if (!is_numeric($pconfig['dpd_delay'])) { $input_errors[] = gettext("A numeric value must be specified for DPD delay."); + } - if (!is_numeric($pconfig['dpd_maxfail'])) + if (!is_numeric($pconfig['dpd_maxfail'])) { $input_errors[] = gettext("A numeric value must be specified for DPD retries."); + } } - if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto") + if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto") { $input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto"); - - if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) { - if ($config['system']['crypto_hardware'] == "glxsb") { - if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") - $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); - } - } + } + + if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) { + if ($config['system']['crypto_hardware'] == "glxsb") { + if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") { + $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); + } + } + } /* build our encryption algorithms array */ $pconfig['ealgo'] = array(); $pconfig['ealgo']['name'] = $_POST['ealgo']; - if($pconfig['ealgo_keylen']) + if ($pconfig['ealgo_keylen']) { $pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen']; + } if (!$input_errors) { $ph1ent['ikeid'] = $pconfig['ikeid']; $ph1ent['iketype'] = $pconfig['iketype']; - if ($pconfig['iketype'] != 'ikev1') + if ($pconfig['iketype'] != 'ikev1') { unset($ph1ent['mode']); - else + } else { $ph1ent['mode'] = $pconfig['mode']; + } $ph1ent['disabled'] = $pconfig['disabled'] ? true : false; $ph1ent['interface'] = $pconfig['interface']; /* if the remote gateway changed and the interface is not WAN then remove route */ /* the vpn_ipsec_configure() handles adding the route */ if ($pconfig['interface'] <> "wan") { - if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) { + if ($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) { mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}"); } } - if ($pconfig['mobile']) + if ($pconfig['mobile']) { $ph1ent['mobile'] = true; - else + } else { $ph1ent['remote-gateway'] = $pconfig['remotegw']; + } $ph1ent['protocol'] = $pconfig['protocol']; @@ -388,21 +438,24 @@ if ($_POST) { $ph1ent['authentication_method'] = $pconfig['authentication_method']; $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; - $ph1ent['mobike'] = $pconfig['mobike']; + $ph1ent['mobike'] = $pconfig['mobike']; - if (isset($pconfig['reauth_enable'])) + if (isset($pconfig['reauth_enable'])) { $ph1ent['reauth_enable'] = true; - else + } else { unset($ph1ent['reauth_enable']); - if (isset($pconfig['rekey_enable'])) + } + if (isset($pconfig['rekey_enable'])) { $ph1ent['rekey_enable'] = true; - else + } else { unset($ph1ent['rekey_enable']); + } - if (isset($pconfig['responderonly'])) + if (isset($pconfig['responderonly'])) { $ph1ent['responderonly'] = true; - else + } else { unset($ph1ent['responderonly']); + } if (isset($pconfig['dpd_enable'])) { $ph1ent['dpd_delay'] = $pconfig['dpd_delay']; @@ -410,13 +463,15 @@ if ($_POST) { } /* generate unique phase1 ikeid */ - if ($ph1ent['ikeid'] == 0) + if ($ph1ent['ikeid'] == 0) { $ph1ent['ikeid'] = ipsec_ikeid_next(); + } - if (isset($p1index) && $a_phase1[$p1index]) + if (isset($p1index) && $a_phase1[$p1index]) { $a_phase1[$p1index] = $ph1ent; - else + } else { $a_phase1[] = $ph1ent; + } write_config(); mark_subsystem_dirty('ipsec'); @@ -426,10 +481,11 @@ if ($_POST) { } } -if ($pconfig['mobile']) - $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client")); -else - $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1")); +if ($pconfig['mobile']) { + $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"), gettext("Mobile Client")); +} else { + $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1")); +} $shortcut_section = "ipsec"; @@ -445,35 +501,37 @@ include("head.inc"); function myidsel_change() { index = document.iform.myid_type.selectedIndex; value = document.iform.myid_type.options[index].value; - if (value == 'myaddress') - document.getElementById('myid_data').style.visibility = 'hidden'; - else - document.getElementById('myid_data').style.visibility = 'visible'; + if (value == 'myaddress') { + document.getElementById('myid_data').style.visibility = 'hidden'; + } else { + document.getElementById('myid_data').style.visibility = 'visible'; + } } function iketype_change() { index = document.iform.iketype.selectedIndex; value = document.iform.iketype.options[index].value; if (value == 'ikev2') { - document.getElementById('negmode').style.display= 'none'; - document.getElementById('mobike').style.display= ''; - document.getElementById('natt').style.display= 'none'; - document.getElementById('disablereauth').style.display= ''; - } else { - document.getElementById('negmode').style.display = ''; - document.getElementById('mobike').style.display = 'none'; - document.getElementById('natt').style.display= ''; - document.getElementById('disablereauth').style.display= 'none'; - } + document.getElementById('negmode').style.display= 'none'; + document.getElementById('mobike').style.display= ''; + document.getElementById('natt').style.display= 'none'; + document.getElementById('disablereauth').style.display= ''; + } else { + document.getElementById('negmode').style.display = ''; + document.getElementById('mobike').style.display = 'none'; + document.getElementById('natt').style.display= ''; + document.getElementById('disablereauth').style.display= 'none'; + } } function peeridsel_change() { index = document.iform.peerid_type.selectedIndex; value = document.iform.peerid_type.options[index].value; - if (value == 'peeraddress') - document.getElementById('peerid_data').style.visibility = 'hidden'; - else - document.getElementById('peerid_data').style.visibility = 'visible'; + if (value == 'peeraddress') { + document.getElementById('peerid_data').style.visibility = 'hidden'; + } else { + document.getElementById('peerid_data').style.visibility = 'visible'; + } } function methodsel_change() { @@ -481,51 +539,51 @@ function methodsel_change() { value = document.iform.authentication_method.options[index].value; switch (value) { - case 'eap-mschapv2': - case 'eap-tls': - case 'eap-radius': - document.getElementById('opt_psk').style.display = 'none'; - document.getElementById('opt_peerid').style.display = ''; - document.getElementById('opt_cert').style.display = ''; - document.getElementById('opt_ca').style.display = ''; - document.getElementById('opt_cert').disabled = false; - document.getElementById('opt_ca').disabled = false; - break; - case 'hybrid_rsa_server': - document.getElementById('opt_psk').style.display = 'none'; - document.getElementById('opt_peerid').style.display = ''; - document.getElementById('opt_cert').style.display = ''; - document.getElementById('opt_ca').style.display = ''; - document.getElementById('opt_cert').disabled = false; - document.getElementById('opt_ca').disabled = false; - break; - case 'xauth_rsa_server': - case 'rsasig': - document.getElementById('opt_psk').style.display = 'none'; - document.getElementById('opt_peerid').style.display = ''; - document.getElementById('opt_cert').style.display = ''; - document.getElementById('opt_ca').style.display = ''; - document.getElementById('opt_cert').disabled = false; - document.getElementById('opt_ca').disabled = false; - break; + case 'eap-mschapv2': + case 'eap-tls': + case 'eap-radius': + document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = ''; + document.getElementById('opt_cert').style.display = ''; + document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; + break; + case 'hybrid_rsa_server': + document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = ''; + document.getElementById('opt_cert').style.display = ''; + document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; + break; + case 'xauth_rsa_server': + case 'rsasig': + document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = ''; + document.getElementById('opt_cert').style.display = ''; + document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; + break; <?php if ($pconfig['mobile']) { ?> - case 'pre_shared_key': - document.getElementById('opt_psk').style.display = 'none'; - document.getElementById('opt_peerid').style.display = 'none'; - document.getElementById('opt_cert').style.display = 'none'; - document.getElementById('opt_ca').style.display = 'none'; - document.getElementById('opt_cert').disabled = true; - document.getElementById('opt_ca').disabled = true; - break; + case 'pre_shared_key': + document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = 'none'; + document.getElementById('opt_cert').style.display = 'none'; + document.getElementById('opt_ca').style.display = 'none'; + document.getElementById('opt_cert').disabled = true; + document.getElementById('opt_ca').disabled = true; + break; <?php } ?> - default: /* psk modes*/ - document.getElementById('opt_psk').style.display = ''; - document.getElementById('opt_peerid').style.display = ''; - document.getElementById('opt_cert').style.display = 'none'; - document.getElementById('opt_ca').style.display = 'none'; - document.getElementById('opt_cert').disabled = true; - document.getElementById('opt_ca').disabled = true; - break; + default: /* psk modes*/ + document.getElementById('opt_psk').style.display = ''; + document.getElementById('opt_peerid').style.display = ''; + document.getElementById('opt_cert').style.display = 'none'; + document.getElementById('opt_ca').style.display = 'none'; + document.getElementById('opt_cert').disabled = true; + document.getElementById('opt_ca').disabled = true; + break; } } @@ -539,14 +597,15 @@ foreach ($p1_ealgos as $algo => $algodata) { echo " case {$i}:\n"; echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n"; echo " document.iform.ealgo_keylen.options.length = 0;\n"; - // echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n"; + // echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n"; $key_hi = $algodata['keysel']['hi']; $key_lo = $algodata['keysel']['lo']; $key_step = $algodata['keysel']['step']; - for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) + for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) { echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n"; + } echo " break;\n"; } else { echo " case {$i}:\n"; @@ -559,21 +618,25 @@ foreach ($p1_ealgos as $algo => $algodata) { ?> } - if( bits ) + if (bits) { document.iform.ealgo_keylen.value = bits; + } } function dpdchkbox_change() { - if( document.iform.dpd_enable.checked ) + if (document.iform.dpd_enable.checked) { document.getElementById('opt_dpd').style.display = ''; - else + } else { document.getElementById('opt_dpd').style.display = 'none'; + } - if (!document.iform.dpd_delay.value) + if (!document.iform.dpd_delay.value) { document.iform.dpd_delay.value = "10"; + } - if (!document.iform.dpd_maxfail.value) + if (!document.iform.dpd_maxfail.value) { document.iform.dpd_maxfail.value = "5"; + } } //]]> @@ -582,8 +645,9 @@ function dpdchkbox_change() { <form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform"> <?php - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1"> @@ -612,8 +676,7 @@ function dpdchkbox_change() { <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("Disable this phase1 entry"); ?></strong><br /> <span class="vexpl"> - <?=gettext("Set this option to disable this phase1 without " . - "removing it from the list"); ?>. + <?=gettext("Set this option to disable this phase1 without removing it from the list"); ?>. </span> </td> </tr> @@ -629,7 +692,9 @@ function dpdchkbox_change() { <?=htmlspecialchars($name);?> </option> <?php endforeach; ?> - </select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span> + </select> + <br /> + <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span> </td> </tr> <tr> @@ -644,7 +709,9 @@ function dpdchkbox_change() { <?=htmlspecialchars($name);?> </option> <?php endforeach; ?> - </select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span> + </select> + <br /> + <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span> </td> </tr> <tr> @@ -655,19 +722,22 @@ function dpdchkbox_change() { $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { - if($group[0]['vip'] <> "") + if ($group[0]['vip'] <> "") { $vipif = $group[0]['vip']; - else + } else { $vipif = $group[0]['int']; + } $interfaces[$name] = "GW Group {$name}"; } @@ -703,8 +773,7 @@ function dpdchkbox_change() { <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> <br /> <span class="vexpl"> - <?=gettext("You may enter a description here " . - "for your reference (not parsed)"); ?>. + <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. </span> </td> </tr> @@ -722,8 +791,9 @@ function dpdchkbox_change() { <select name="authentication_method" class="formselect" onchange="methodsel_change()"> <?php foreach ($p1_authentication_methods as $method_type => $method_params): - if (!$pconfig['mobile'] && $method_params['mobile']) + if (!$pconfig['mobile'] && $method_params['mobile']) { continue; + } ?> <option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>> <?=htmlspecialchars($method_params['name']);?> @@ -770,8 +840,9 @@ function dpdchkbox_change() { <select name="peerid_type" class="formselect" onchange="peeridsel_change()"> <?php foreach ($peer_identifier_list as $id_type => $id_params): - if ($pconfig['mobile'] && !$id_params['mobile']) + if ($pconfig['mobile'] && !$id_params['mobile']) { continue; + } ?> <option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>> <?=htmlspecialchars($id_params['desc']);?> @@ -802,8 +873,9 @@ function dpdchkbox_change() { <?php foreach ($config['cert'] as $cert): $selected = ""; - if ($pconfig['certref'] == $cert['refid']) + if ($pconfig['certref'] == $cert['refid']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option> <?php endforeach; ?> @@ -821,8 +893,9 @@ function dpdchkbox_change() { <?php foreach ($config['ca'] as $ca): $selected = ""; - if ($pconfig['caref'] == $ca['refid']) + if ($pconfig['caref'] == $ca['refid']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> @@ -845,8 +918,9 @@ function dpdchkbox_change() { <?php foreach ($p1_ealgos as $algo => $algodata): $selected = ""; - if ($algo == $pconfig['ealgo']['name']) + if ($algo == $pconfig['ealgo']['name']) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$algo;?>"<?=$selected?>> <?=htmlspecialchars($algodata['name']);?> @@ -936,10 +1010,10 @@ function dpdchkbox_change() { "which can help with clients that are behind restrictive firewalls"); ?>. </span> </td> - </tr> - <tr id='mobike'> - <td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td> - <td width="78%" class="vtable"> + </tr> + <tr id='mobike'> + <td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td> + <td width="78%" class="vtable"> <select name="mobike" class="formselect"> <option value="on" <?php if ($pconfig['mobike'] == 'on') echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option> <option value="off" <?php if ($pconfig['mobike'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option> @@ -997,9 +1071,11 @@ function dpdchkbox_change() { <?php /* determine if we should init the key length */ $keyset = ''; - if (isset($pconfig['ealgo']['keylen'])) - if (is_numeric($pconfig['ealgo']['keylen'])) + if (isset($pconfig['ealgo']['keylen'])) { + if (is_numeric($pconfig['ealgo']['keylen'])) { $keyset = $pconfig['ealgo']['keylen']; + } + } ?> myidsel_change(); peeridsel_change(); diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index e42cc0b..b4c456a 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -42,27 +42,33 @@ require("guiconfig.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); -if (!is_array($config['ipsec']['client'])) +if (!is_array($config['ipsec']['client'])) { $config['ipsec']['client'] = array(); +} $a_client = &$config['ipsec']['client']; -if (!is_array($config['ipsec']['phase1'])) +if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); +} -if (!is_array($config['ipsec']['phase2'])) +if (!is_array($config['ipsec']['phase2'])) { $config['ipsec']['phase2'] = array(); +} $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -if (!empty($_GET['p2index'])) +if (!empty($_GET['p2index'])) { $uindex = $_GET['p2index']; -if (!empty($_POST['uniqid'])) +} +if (!empty($_POST['uniqid'])) { $uindex = $_POST['uniqid']; +} -if (!empty($_GET['dup'])) +if (!empty($_GET['dup'])) { $uindex = $_GET['dup']; +} $ph2found = false; if (isset($uindex)) { @@ -74,32 +80,31 @@ if (isset($uindex)) { } } -if ($ph2found === true) -{ +if ($ph2found === true) { $pconfig['ikeid'] = $ph2['ikeid']; $pconfig['disabled'] = isset($ph2['disabled']); $pconfig['mode'] = $ph2['mode']; $pconfig['descr'] = $ph2['descr']; $pconfig['uniqid'] = $ph2['uniqid']; - if (!empty($ph2['natlocalid'])) - idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig); - idinfo_to_pconfig("local",$ph2['localid'],$pconfig); - idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig); + if (!empty($ph2['natlocalid'])) { + idinfo_to_pconfig("natlocal", $ph2['natlocalid'], $pconfig); + } + idinfo_to_pconfig("local", $ph2['localid'], $pconfig); + idinfo_to_pconfig("remote", $ph2['remoteid'], $pconfig); $pconfig['proto'] = $ph2['protocol']; - ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig); + ealgos_to_pconfig($ph2['encryption-algorithm-option'], $pconfig); $pconfig['halgos'] = $ph2['hash-algorithm-option']; $pconfig['pfsgroup'] = $ph2['pfsgroup']; $pconfig['lifetime'] = $ph2['lifetime']; $pconfig['pinghost'] = $ph2['pinghost']; $pconfig['reqid'] = $ph2['reqid']; - if (isset($ph2['mobile'])) + if (isset($ph2['mobile'])) { $pconfig['mobile'] = true; -} -else -{ + } +} else { $pconfig['ikeid'] = $_GET['ikeid']; /* defaults */ @@ -113,8 +118,9 @@ else $pconfig['uniqid'] = uniqid(); /* mobile client */ - if($_GET['mobile']) + if ($_GET['mobile']) { $pconfig['mobile']=true; + } } unset($ph2); @@ -130,32 +136,34 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if (!isset( $_POST['ikeid'])) + if (!isset($_POST['ikeid'])) { $input_errors[] = gettext("A valid ikeid must be specified."); + } /* input validation */ $reqdfields = explode(" ", "localid_type uniqid"); $reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier")); - if (!isset($pconfig['mobile'])){ + if (!isset($pconfig['mobile'])) { $reqdfields[] = "remoteid_type"; $reqdfieldsn[] = gettext("Remote network type"); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) - { + + if (($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) { switch ($pconfig['localid_type']) { case "network": - if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits'])) + if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits'])) { $input_errors[] = gettext("A valid local network bit count must be specified."); + } case "address": - if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) + if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) { $input_errors[] = gettext("A valid local network IP address must be specified."); - elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel")) + } elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel")) { $input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6"); - elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6")) + } elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6")) { $input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4"); + } break; } /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ @@ -164,24 +172,28 @@ if ($_POST) { $address = get_interface_ip($pconfig['localid_type']); $netbits = get_interface_subnet($pconfig['localid_type']); - if (empty($address) || empty($netbits)) + if (empty($address) || empty($netbits)) { $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); + } } if (!empty($pconfig['natlocalid_address'])) { switch ($pconfig['natlocalid_type']) { case "network": - if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) + if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) { $input_errors[] = gettext("A valid NAT local network bit count must be specified."); - if ($pconfig['localid_type'] == "address") - $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source."); + } + if ($pconfig['localid_type'] == "address") { + $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source."); + } case "address": - if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) + if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) { $input_errors[] = gettext("A valid NAT local network IP address must be specified."); - elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) + } elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) { $input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6"); - elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) + } elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) { $input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4"); + } break; } @@ -190,29 +202,32 @@ if ($_POST) { $address = get_interface_ip($pconfig['natlocalid_type']); $netbits = get_interface_subnet($pconfig['natlocalid_type']); - if (empty($address) || empty($netbits)) + if (empty($address) || empty($netbits)) { $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet."); + } } } switch ($pconfig['remoteid_type']) { case "network": - if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) + if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) { $input_errors[] = gettext("A valid remote network bit count must be specified."); + } case "address": - if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) + if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) { $input_errors[] = gettext("A valid remote network IP address must be specified."); - elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel")) + } elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel")) { $input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6"); - elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6")) + } elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6")) { $input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4"); + } break; } } /* Validate enabled phase2's are not duplicates */ - if (isset($pconfig['mobile'])){ + if (isset($pconfig['mobile'])) { /* User is adding phase 2 for mobile phase1 */ - foreach($a_phase2 as $key => $name){ + foreach ($a_phase2 as $key => $name) { if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) { /* check duplicate localids only for mobile clents */ $localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']); @@ -221,32 +236,40 @@ if ($_POST) { if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address']; if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits']; $entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']); - if ($localid_data == $entered_localid_data){ + if ($localid_data == $entered_localid_data) { /* adding new p2 entry */ $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); break; } } } - }else{ + } else { /* User is adding phase 2 for site-to-site phase1 */ $input_error = 0; - foreach($a_phase2 as $key => $name){ + foreach ($a_phase2 as $key => $name) { if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) { /* check duplicate subnets only for given phase1 */ $localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']); $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']); $entered_local = array(); $entered_local['type'] = $pconfig['localid_type']; - if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address']; - if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits']; + if (isset($pconfig['localid_address'])) { + $entered_local['address'] = $pconfig['localid_address']; + } + if (isset($pconfig['localid_netbits'])) { + $entered_local['netbits'] = $pconfig['localid_netbits']; + } $entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']); $entered_remote = array(); $entered_remote['type'] = $pconfig['remoteid_type']; - if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address']; - if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + if (isset($pconfig['remoteid_address'])) { + $entered_remote['address'] = $pconfig['remoteid_address']; + } + if (isset($pconfig['remoteid_netbits'])) { + $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + } $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']); - if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { + if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { /* adding new p2 entry */ $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); break; @@ -254,21 +277,29 @@ if ($_POST) { } } foreach ($a_phase1 as $phase1) { - if($phase1['ikeid'] == $pconfig['ikeid']) { + if ($phase1['ikeid'] == $pconfig['ikeid']) { /* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */ $entered_local = array(); $entered_local['type'] = $pconfig['localid_type']; - if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address']; - if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits']; + if (isset($pconfig['localid_address'])) { + $entered_local['address'] = $pconfig['localid_address']; + } + if (isset($pconfig['localid_netbits'])) { + $entered_local['netbits'] = $pconfig['localid_netbits']; + } $entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']); list($entered_local_network, $entered_local_mask) = explode('/', $entered_localid_data); $entered_remote = array(); $entered_remote['type'] = $pconfig['remoteid_type']; - if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address']; - if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + if (isset($pconfig['remoteid_address'])) { + $entered_remote['address'] = $pconfig['remoteid_address']; + } + if (isset($pconfig['remoteid_netbits'])) { + $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + } $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']); list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data); - if ($phase1['protocol'] == "inet6") { + if ($phase1['protocol'] == "inet6") { $if = get_failover_interface($phase1['interface'], "inet6"); $interfaceip = get_interface_ipv6($if); } else { @@ -278,23 +309,23 @@ if ($_POST) { /* skip validation for hostnames, they're subject to change anyway */ if (is_ipaddr($phase1['remote-gateway'])) { if ($pconfig['mode'] == "tunnel") { - if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) { + if (check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) { $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1."); break; } } else if ($pconfig['mode'] == "tunnel6") { - if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) { + if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) { $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1."); break; - } - } + } + } } } } - } + } /* For ESP protocol, handle encryption algorithms */ - if ( $pconfig['proto'] == "esp") { + if ($pconfig['proto'] == "esp") { $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { @@ -303,8 +334,9 @@ if ($_POST) { foreach ($ealgos as $ealgo) { if (isset($config['system']['crypto_hardware'])) { if ($config['system']['crypto_hardware'] == "glxsb") { - if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128") - $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); + if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128") { + $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); + } } } if (empty($pconfig['halgos'])) { @@ -315,7 +347,6 @@ if ($_POST) { } } } - } if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) { $input_errors[] = gettext("The P2 lifetime must be an integer."); @@ -328,37 +359,41 @@ if ($_POST) { $ph2ent['uniqid'] = $pconfig['uniqid']; $ph2ent['mode'] = $pconfig['mode']; $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; - if (!isset($pconfig['reqid'])) + if (!isset($pconfig['reqid'])) { $ph2ent['reqid'] = ipsec_new_reqid(); - else + } else { $ph2ent['reqid'] = $pconfig['reqid']; + } - if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){ - if (!empty($pconfig['natlocalid_address'])) - $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig); - $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig); - $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig); + if (($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")) { + if (!empty($pconfig['natlocalid_address'])) { + $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal", $pconfig); + } + $ph2ent['localid'] = pconfig_to_idinfo("local", $pconfig); + $ph2ent['remoteid'] = pconfig_to_idinfo("remote", $pconfig); } $ph2ent['protocol'] = $pconfig['proto']; $ph2ent['encryption-algorithm-option'] = $ealgos; - if (!empty($pconfig['halgos'])) + if (!empty($pconfig['halgos'])) { $ph2ent['hash-algorithm-option'] = $pconfig['halgos']; - else + } else { unset($ph2ent['hash-algorithm-option']); + } $ph2ent['pfsgroup'] = $pconfig['pfsgroup']; $ph2ent['lifetime'] = $pconfig['lifetime']; $ph2ent['pinghost'] = $pconfig['pinghost']; $ph2ent['descr'] = $pconfig['descr']; - if (isset($pconfig['mobile'])) + if (isset($pconfig['mobile'])) { $ph2ent['mobile'] = true; + } - if ($ph2found === true && $a_phase2[$p2index]) + if ($ph2found === true && $a_phase2[$p2index]) { $a_phase2[$p2index] = $ph2ent; - else + } else { $a_phase2[] = $ph2ent; - + } write_config(); mark_subsystem_dirty('ipsec'); @@ -368,13 +403,13 @@ if ($_POST) { } } -if ($pconfig['mobile']) - $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client")); -else - $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2")); +if ($pconfig['mobile']) { + $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 2"), gettext("Mobile Client")); +} else { + $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 2")); +} $shortcut_section = "ipsec"; - include("head.inc"); ?> @@ -406,8 +441,7 @@ function typesel_change_natlocal(bits) { if (typeof(bits) === "undefined") { if (value === "tunnel") { bits = 24; - } - else if (value === "tunnel6") { + } else if (value === "tunnel6") { bits = 64; } } @@ -447,8 +481,7 @@ function typesel_change_local(bits) { if (typeof(bits) === "undefined") { if (value === "tunnel") { bits = 24; - } - else if (value === "tunnel6") { + } else if (value === "tunnel6") { bits = 64; } } @@ -539,8 +572,9 @@ function change_protocol() { <form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform"> <?php - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2"> @@ -566,8 +600,8 @@ function change_protocol() { <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("Disable this phase2 entry"); ?></strong> <br /> - <span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " . - "removing it from the list"); ?>. + <span class="vexpl"> + <?=gettext("Set this option to disable this phase2 entry without removing it from the list"); ?>. </span> </td> </tr> @@ -576,10 +610,11 @@ function change_protocol() { <td width="78%" class="vtable"> <select name="mode" class="formselect" onchange="change_mode()"> <?php - foreach($p2_modes as $name => $value): + foreach ($p2_modes as $name => $value): $selected = ""; - if ($name == $pconfig['mode']) + if ($name == $pconfig['mode']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option> <?php endforeach; ?> @@ -621,10 +656,12 @@ function change_protocol() { </select> </td> </tr> - <tr> <td colspan="3"> - <br /> - <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?> - </td></tr> + <tr> + <td colspan="3"> + <br /> + <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?> + </td> + </tr> <tr> <td><?=gettext("Type"); ?>: </td> <td></td> @@ -662,7 +699,7 @@ function change_protocol() { </tr> <?php if (!isset($pconfig['mobile'])): ?> - + <tr id="opt_remoteid"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td> <td width="78%" class="vtable"> @@ -684,8 +721,8 @@ function change_protocol() { <input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" /> / <select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits"> - <?php for ($i = 128; $i >= 0; $i--) { - + <?php for ($i = 128; $i >= 0; $i--) { + echo "<option value=\"{$i}\""; if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\""; echo ">{$i}</option>\n"; @@ -696,17 +733,16 @@ function change_protocol() { </table> </td> </tr> - + <?php endif; ?> - + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> <br /> <span class="vexpl"> - <?=gettext("You may enter a description here " . - "for your reference (not parsed)"); ?>. + <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. </span> </td> </tr> @@ -741,8 +777,9 @@ function change_protocol() { <?php foreach ($p2_ealgos as $algo => $algodata): $checked = ''; - if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos'])) + if (is_array($pconfig['ealgos']) && in_array($algo, $pconfig['ealgos'])) { $checked = " checked=\"checked\""; + } ?> <tr> <td> @@ -752,7 +789,7 @@ function change_protocol() { <?=htmlspecialchars($algodata['name']);?> </td> <td> - <?php if(is_array($algodata['keysel'])): ?> + <?php if (is_array($algodata['keysel'])): ?> <select name="keylen_<?=$algo;?>" class="formselect"> <option value="auto"><?=gettext("auto"); ?></option> @@ -762,9 +799,10 @@ function change_protocol() { $key_step = $algodata['keysel']['step']; for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step): $selected = ""; - // if ($checked && in_array("keylen_".$algo,$pconfig)) - if ($keylen == $pconfig["keylen_".$algo]) + // if ($checked && in_array("keylen_".$algo, $pconfig)) + if ($keylen == $pconfig["keylen_".$algo]) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option> <?php endfor; ?> @@ -772,12 +810,12 @@ function change_protocol() { <?php endif; ?> </td> </tr> - + <?php endforeach; ?> - + </table> <br /> - <?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " . + <?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " . "crypto accelerator card. Blowfish is usually the fastest in " . "software encryption"); ?>. </td> @@ -881,11 +919,12 @@ function pconfig_to_ealgos(& $pconfig) { $ealgos = array(); if (is_array($pconfig['ealgos'])) { foreach ($p2_ealgos as $algo_name => $algo_data) { - if (in_array($algo_name,$pconfig['ealgos'])) { + if (in_array($algo_name, $pconfig['ealgos'])) { $ealg = array(); $ealg['name'] = $algo_name; - if (is_array($algo_data['keysel'])) + if (is_array($algo_data['keysel'])) { $ealg['keylen'] = $_POST["keylen_".$algo_name]; + } $ealgos[] = $ealg; } } @@ -899,8 +938,9 @@ function ealgos_to_pconfig(& $ealgos,& $pconfig) { $pconfig['ealgos'] = array(); foreach ($ealgos as $algo_data) { $pconfig['ealgos'][] = $algo_data['name']; - if (isset($algo_data['keylen'])) + if (isset($algo_data['keylen'])) { $pconfig["keylen_".$algo_data['name']] = $algo_data['keylen']; + } } return $ealgos; @@ -912,8 +952,7 @@ function pconfig_to_idinfo($prefix,& $pconfig) { $address = $pconfig[$prefix."id_address"]; $netbits = $pconfig[$prefix."id_netbits"]; - switch( $type ) - { + switch ($type) { case "address": return array('type' => $type, 'address' => $address); case "network": @@ -925,8 +964,7 @@ function pconfig_to_idinfo($prefix,& $pconfig) { function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) { - switch( $idinfo['type'] ) - { + switch ($idinfo['type']) { case "address": $pconfig[$prefix."id_type"] = $idinfo['type']; $pconfig[$prefix."id_address"] = $idinfo['address']; diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 023d202..024fe2c 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -42,8 +42,9 @@ require_once("ipsec.inc"); require_once("vpn.inc"); foreach ($ipsec_loglevels as $lkey => $ldescr) { - if (!empty($config['ipsec']["ipsec_{$lkey}"])) + if (!empty($config['ipsec']["ipsec_{$lkey}"])) { $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; + } } $pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']); $pconfig['makebeforebreak'] = isset($config['ipsec']['makebeforebreak']); @@ -59,7 +60,7 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - + if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) { $input_errors[] = "A valid value must be specified for Daemon debug."; } @@ -112,79 +113,86 @@ if ($_POST) { if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') { $input_errors[] = "An integer must be specified for Maximum MSS."; } - if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) - $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS"; + if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) { + $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS"; + } } - + if (!$input_errors) { if (is_array($config['ipsec'])) { foreach ($ipsec_loglevels as $lkey => $ldescr) { if (empty($_POST["ipsec_{$lkey}"])) { - if (isset($config['ipsec']["ipsec_{$lkey}"])) + if (isset($config['ipsec']["ipsec_{$lkey}"])) { unset($config['ipsec']["ipsec_{$lkey}"]); - } else + } + } else { $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; + } } } $needsrestart = false; - if($_POST['compression'] == "yes") { - if (!isset($config['ipsec']['compression'])) + if ($_POST['compression'] == "yes") { + if (!isset($config['ipsec']['compression'])) { $needsrestart = true; + } $config['ipsec']['compression'] = true; } elseif (isset($config['ipsec']['compression'])) { $needsrestart = true; unset($config['ipsec']['compression']); } - - if($_POST['enableinterfacesuse'] == "yes") { - if (!isset($config['ipsec']['enableinterfacesuse'])) + + if ($_POST['enableinterfacesuse'] == "yes") { + if (!isset($config['ipsec']['enableinterfacesuse'])) { $needsrestart = true; + } $config['ipsec']['enableinterfacesuse'] = true; } elseif (isset($config['ipsec']['enableinterfacesuse'])) { $needsrestart = true; unset($config['ipsec']['enableinterfacesuse']); } - if($_POST['unityplugin'] == "yes") { - if (!isset($config['ipsec']['unityplugin'])) + if ($_POST['unityplugin'] == "yes") { + if (!isset($config['ipsec']['unityplugin'])) { $needsrestart = true; + } $config['ipsec']['unityplugin'] = true; } elseif (isset($config['ipsec']['unityplugin'])) { $needsrestart = true; unset($config['ipsec']['unityplugin']); } - if($_POST['makebeforebreak'] == "yes") { + if ($_POST['makebeforebreak'] == "yes") { $config['ipsec']['makebeforebreak'] = true; } elseif (isset($config['ipsec']['makebeforebreak'])) { unset($config['ipsec']['makebeforebreak']); } - if($_POST['noshuntlaninterfaces'] == "yes") { + if ($_POST['noshuntlaninterfaces'] == "yes") { $config['ipsec']['noshuntlaninterfaces'] = true; } elseif (isset($config['ipsec']['noshuntlaninterfaces'])) { unset($config['ipsec']['noshuntlaninterfaces']); } - if($_POST['acceptunencryptedmainmode'] == "yes") { - if (!isset($config['ipsec']['acceptunencryptedmainmode'])) + if ($_POST['acceptunencryptedmainmode'] == "yes") { + if (!isset($config['ipsec']['acceptunencryptedmainmode'])) { $needsrestart = true; + } $config['ipsec']['acceptunencryptedmainmode'] = true; } elseif (isset($config['ipsec']['acceptunencryptedmainmode'])) { $needsrestart = true; unset($config['ipsec']['acceptunencryptedmainmode']); } - if(!empty($_POST['uniqueids'])) { + if (!empty($_POST['uniqueids'])) { $config['ipsec']['uniqueids'] = $_POST['uniqueids']; } else { unset($config['ipsec']['uniqueids']); } - if($_POST['maxmss_enable'] == "yes") { + if ($_POST['maxmss_enable'] == "yes") { $config['system']['maxmss_enable'] = true; $config['system']['maxmss'] = $_POST['maxmss']; } else { @@ -196,10 +204,11 @@ if ($_POST) { $retval = 0; $retval = filter_configure(); - if(stristr($retval, "error") <> true) + if (stristr($retval, "error") <> true) { $savemsg = get_std_save_message(gettext($retval)); - else + } else { $savemsg = gettext($retval); + } vpn_ipsec_configure($needsrestart); vpn_ipsec_configure_loglevels(); @@ -209,7 +218,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Settings")); +$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Settings")); $shortcut_section = "ipsec"; include("head.inc"); @@ -222,10 +231,11 @@ include("head.inc"); //<![CDATA[ function maxmss_checked(obj) { - if (obj.checked) + if (obj.checked) { jQuery('#maxmss').attr('disabled',false); - else + } else { jQuery('#maxmss').attr('disabled','true'); + } } //]]> @@ -234,10 +244,12 @@ function maxmss_checked(obj) { <form action="vpn_ipsec_settings.php" method="post" name="iform" id="iform"> <?php - if ($savemsg) + if ($savemsg) { print_info_box($savemsg); - if ($input_errors) + } + if ($input_errors) { print_input_errors($input_errors); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec settings"> @@ -266,23 +278,26 @@ function maxmss_checked(obj) { <strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong> <br /> <table summary="ipsec debug"> - <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td> - <td width="78%" valign="top" class="vncell"> - <?php echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n"; - foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) { - echo "<option value=\"{$lidx}\" "; - if ($pconfig["ipsec_{$lkey}"] == $lidx) - echo "selected=\"selected\""; - echo ">{$lvalue}</option>\n"; - } - ?> - </select> - </td> - </tr> - <?php endforeach; ?> - <tr style="display:none;"><td></td></tr> + <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td> + <td width="78%" valign="top" class="vncell"> + <?php + echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n"; + foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) { + echo "<option value=\"{$lidx}\" "; + if ($pconfig["ipsec_{$lkey}"] == $lidx) + echo "selected=\"selected\""; + echo ">{$lvalue}</option>\n"; + } + ?> + </select> + </td> + </tr> + <?php endforeach; ?> + <tr style="display:none;"> + <td></td> + </tr> </table> <br /><?=gettext("Launches IPsec in debug mode so that more verbose logs " . "will be generated to aid in troubleshooting."); ?> @@ -292,15 +307,17 @@ function maxmss_checked(obj) { <td width="22%" valign="top" class="vncell"><?=gettext("Unique IDs"); ?></td> <td width="78%" class="vtable"> <strong><?=gettext("Configure Unique IDs as: "); ?></strong> - <?php echo "<select name=\"uniqueids\" id=\"uniqueids\">\n"; + <?php + echo "<select name=\"uniqueids\" id=\"uniqueids\">\n"; foreach ($ipsec_idhandling as $value => $lvalue) { echo "<option value=\"{$value}\" "; - if ($pconfig['uniqueids'] == $value) + if ($pconfig['uniqueids'] == $value) { echo "selected=\"selected\""; + } echo ">{$lvalue}</option>\n"; } ?> - </select> + </select> <br /> <?=gettext("whether a particular participant ID should be kept unique, with any new IKE_SA using an ID " . "deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new " . diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 4ee0278..b0b2e4e 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -42,39 +42,47 @@ require_once("pkg-utils.inc"); $pgtitle = array(gettext("OpenVPN"), gettext("Client")); $shortcut_section = "openvpn"; -if (!is_array($config['openvpn']['openvpn-client'])) +if (!is_array($config['openvpn']['openvpn-client'])) { $config['openvpn']['openvpn-client'] = array(); +} $a_client = &$config['openvpn']['openvpn-client']; -if (!is_array($config['ca'])) +if (!is_array($config['ca'])) { $config['ca'] = array(); +} $a_ca =& $config['ca']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert =& $config['cert']; -if (!is_array($config['crl'])) +if (!is_array($config['crl'])) { $config['crl'] = array(); +} $a_crl =& $config['crl']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} $act = $_GET['act']; -if (isset($_POST['act'])) +if (isset($_POST['act'])) { $act = $_POST['act']; +} -if (isset($id) && $a_client[$id]) +if (isset($id) && $a_client[$id]) { $vpnid = $a_client[$id]['vpnid']; -else +} else { $vpnid = 0; +} if ($_GET['act'] == "del") { @@ -82,14 +90,15 @@ if ($_GET['act'] == "del") { pfSenseHeader("vpn_openvpn_client.php"); exit; } - if (!empty($a_client[$id])) + if (!empty($a_client[$id])) { openvpn_delete('client', $a_client[$id]); + } unset($a_client[$id]); write_config(); $savemsg = gettext("Client successfully deleted")."<br />"; } -if($_GET['act']=="new"){ +if ($_GET['act'] == "new") { $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; @@ -101,13 +110,14 @@ if($_GET['act']=="new"){ } global $simplefields; -$simplefields = array('auth_user','auth_pass'); +$simplefields = array('auth_user', 'auth_pass'); -if($_GET['act']=="edit"){ +if ($_GET['act'] == "edit") { if (isset($id) && $a_client[$id]) { - foreach($simplefields as $stat) + foreach ($simplefields as $stat) { $pconfig[$stat] = $a_client[$id][$stat]; + } $pconfig['disable'] = isset($a_client[$id]['disable']); $pconfig['mode'] = $a_client[$id]['mode']; @@ -137,8 +147,9 @@ if($_GET['act']=="edit"){ $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_client[$id]['tls']); } - } else + } else { $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); + } $pconfig['crypto'] = $a_client[$id]['crypto']; // OpenVPN Defaults to SHA1 if unset $pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1"; @@ -155,14 +166,15 @@ if($_GET['act']=="edit"){ // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; - + $pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6']; $pconfig['route_no_pull'] = $a_client[$id]['route_no_pull']; $pconfig['route_no_exec'] = $a_client[$id]['route_no_exec']; - if (isset($a_client[$id]['verbosity_level'])) + if (isset($a_client[$id]['verbosity_level'])) { $pconfig['verbosity_level'] = $a_client[$id]['verbosity_level']; - else + } else { $pconfig['verbosity_level'] = 1; // Default verbosity is 1 + } } } @@ -171,12 +183,13 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if (isset($id) && $a_client[$id]) + if (isset($id) && $a_client[$id]) { $vpnid = $a_client[$id]['vpnid']; - else + } else { $vpnid = 0; + } - list($iv_iface, $iv_ip) = explode ("|",$pconfig['interface']); + list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']); if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address."); } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) { @@ -187,71 +200,91 @@ if ($_POST) { $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address."); } - if ($pconfig['mode'] != "p2p_shared_key") + if ($pconfig['mode'] != "p2p_shared_key") { $tls_mode = true; - else + } else { $tls_mode = false; + } /* input validation */ if ($pconfig['local_port']) { - if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) + if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { $input_errors[] = $result; + } $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); - if (($portused != $vpnid) && ($portused != 0)) + if (($portused != $vpnid) && ($portused != 0)) { $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); + } } - if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) + if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) { $input_errors[] = $result; + } - if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) + if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) { $input_errors[] = $result; + } if ($pconfig['proxy_addr']) { - if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) + if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) { $input_errors[] = $result; + } - if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) + if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) { $input_errors[] = $result; + } if ($pconfig['proxy_authtype'] != "none") { - if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) + if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) { $input_errors[] = gettext("User name and password are required for proxy with authentication."); + } } } - if($pconfig['tunnel_network']) - if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) + if ($pconfig['tunnel_network']) { + if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) { $input_errors[] = $result; + } + } - if($pconfig['tunnel_networkv6']) - if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) + if ($pconfig['tunnel_networkv6']) { + if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { $input_errors[] = $result; + } + } - if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) + if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) + if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) { $input_errors[] = $result; + } - if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) + if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) { $input_errors[] = gettext("The bandwidth limit must be a positive numeric value."); + } - if ($pconfig['autokey_enable']) + if ($pconfig['autokey_enable']) { $pconfig['shared_key'] = openvpn_create_key(); + } - if (!$tls_mode && !$pconfig['autokey_enable']) + if (!$tls_mode && !$pconfig['autokey_enable']) { if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) + !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid"); + } + } - if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) + if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) { if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) + !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); + } + } /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { @@ -273,19 +306,22 @@ if ($_POST) { $client = array(); - foreach($simplefields as $stat) + foreach ($simplefields as $stat) { update_if_changed($stat, $client[$stat], $_POST[$stat]); + } - if ($vpnid) + if ($vpnid) { $client['vpnid'] = $vpnid; - else + } else { $client['vpnid'] = openvpn_vpnid_next(); + } - if ($_POST['disable'] == "yes") + if ($_POST['disable'] == "yes") { $client['disable'] = true; + } $client['protocol'] = $pconfig['protocol']; $client['dev_mode'] = $pconfig['dev_mode']; - list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']); + list($client['interface'], $client['ipaddr']) = explode ("|", $pconfig['interface']); $client['local_port'] = $pconfig['local_port']; $client['server_addr'] = $pconfig['server_addr']; $client['server_port'] = $pconfig['server_port']; @@ -303,8 +339,9 @@ if ($_POST) { $client['caref'] = $pconfig['caref']; $client['certref'] = $pconfig['certref']; if ($pconfig['tlsauth_enable']) { - if ($pconfig['autotls_enable']) + if ($pconfig['autotls_enable']) { $pconfig['tls'] = openvpn_create_key(); + } $client['tls'] = base64_encode($pconfig['tls']); } } else { @@ -327,10 +364,11 @@ if ($_POST) { $client['route_no_exec'] = $pconfig['route_no_exec']; $client['verbosity_level'] = $pconfig['verbosity_level']; - if (isset($id) && $a_client[$id]) + if (isset($id) && $a_client[$id]) { $a_client[$id] = $client; - else + } else { $a_client[] = $client; + } openvpn_resync('client', $client); write_config(); @@ -352,7 +390,7 @@ include("head.inc"); function mode_change() { index = document.iform.mode.selectedIndex; value = document.iform.mode.options[index].value; - switch(value) { + switch (value) { case "p2p_tls": document.getElementById("tls").style.display=""; document.getElementById("tls_ca").style.display=""; @@ -375,7 +413,7 @@ function mode_change() { function dev_mode_change() { index = document.iform.dev_mode.selectedIndex; value = document.iform.dev_mode.options[index].value; - switch(value) { + switch (value) { case "tun": document.getElementById("chkboxNoTunIPv6").style.display=""; break; @@ -386,10 +424,11 @@ function dev_mode_change() { } function autokey_change() { - if (document.iform.autokey_enable.checked) + if (document.iform.autokey_enable.checked) { document.getElementById("autokey_opts").style.display="none"; - else + } else { document.getElementById("autokey_opts").style.display=""; + } } function useproxy_changed() { @@ -404,10 +443,11 @@ function useproxy_changed() { function tlsauth_change() { <?php if (!$pconfig['tls']): ?> - if (document.iform.tlsauth_enable.checked) + if (document.iform.tlsauth_enable.checked) { document.getElementById("tlsauth_opts").style.display=""; - else + } else { document.getElementById("tlsauth_opts").style.display="none"; + } <?php endif; ?> autotls_change(); @@ -421,22 +461,26 @@ function autotls_change() { autocheck = false; <?php endif; ?> - if (document.iform.tlsauth_enable.checked && !autocheck) + if (document.iform.tlsauth_enable.checked && !autocheck) { document.getElementById("autotls_opts").style.display=""; - else + } else { document.getElementById("autotls_opts").style.display="none"; + } } //]]> </script> <?php -if (!$savemsg) +if (!$savemsg) { $savemsg = ""; +} -if ($input_errors) +if ($input_errors) { print_input_errors($input_errors); -if ($savemsg) +} +if ($savemsg) { print_info_box($savemsg); +} ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn client"> <tr> @@ -455,7 +499,7 @@ if ($savemsg) <tr> <td class="tabcont"> - <?php if($act=="new" || $act=="edit"): ?> + <?php if ($act=="new" || $act=="edit"): ?> <form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information"> @@ -468,7 +512,7 @@ if ($savemsg) <table border="0" cellpadding="0" cellspacing="0" summary="enable disable client"> <tr> <td> - <?php set_checked($pconfig['disable'],$chk); ?> + <?php set_checked($pconfig['disable'], $chk); ?> <input name="disable" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -489,8 +533,9 @@ if ($savemsg) <?php foreach ($openvpn_client_modes as $name => $desc): $selected = ""; - if ($pconfig['mode'] == $name) + if ($pconfig['mode'] == $name) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option> <?php endforeach; ?> @@ -499,33 +544,35 @@ if ($savemsg) </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <select name='protocol' class="formselect"> <?php foreach ($openvpn_prots as $prot): $selected = ""; - if ($pconfig['protocol'] == $prot) + if ($pconfig['protocol'] == $prot) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option> <?php endforeach; ?> </select> - </td> + </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <select name='dev_mode' class="formselect" onchange="dev_mode_change()"> <?php foreach ($openvpn_dev_mode as $mode): $selected = ""; - if ($pconfig['dev_mode'] == $mode) + if ($pconfig['dev_mode'] == $mode) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> <?php endforeach; ?> </select> - </td> + </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> @@ -534,27 +581,32 @@ if ($savemsg) <?php $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { - if($group['ipprotocol'] != inet) + if ($group['ipprotocol'] != inet) { continue; - if($group[0]['vip'] <> "") + } + if ($group[0]['vip'] <> "") { $vipif = $group[0]['vip']; - else + } else { $vipif = $group[0]['int']; + } $interfaces[$name] = "GW Group {$name}"; } $interfaces['lo0'] = "Localhost"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; - if ($iface == $pconfig['interface']) + if ($iface == $pconfig['interface']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$iface;?>" <?=$selected;?>> <?=htmlspecialchars($ifacename);?> @@ -645,7 +697,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="server host name resolution"> <tr> <td> - <?php set_checked($pconfig['resolve_retry'],$chk); ?> + <?php set_checked($pconfig['resolve_retry'], $chk); ?> <input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -682,22 +734,22 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="user name password"> <tr> <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Username"); ?> : - </span> + <span class="vexpl"> + <?=gettext("Username"); ?> : + </span> </td> <td> - <input name="auth_user" id="auth_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['auth_user']);?>" /> + <input name="auth_user" id="auth_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['auth_user']);?>" /> </td> </tr> <tr> <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Password"); ?> : - </span> + <span class="vexpl"> + <?=gettext("Password"); ?> : + </span> </td> <td> - <input name="auth_pass" id="auth_pass" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['auth_pass']);?>" /> + <input name="auth_pass" id="auth_pass" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['auth_pass']);?>" /> </td> </tr> </table> @@ -712,7 +764,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="tls authentication"> <tr> <td> - <?php set_checked($pconfig['tlsauth_enable'],$chk); ?> + <?php set_checked($pconfig['tlsauth_enable'], $chk); ?> <input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" /> </td> <td> @@ -726,7 +778,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options"> <tr> <td> - <?php set_checked($pconfig['autotls_enable'],$chk); ?> + <?php set_checked($pconfig['autotls_enable'], $chk); ?> <input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" /> </td> <td> @@ -750,14 +802,15 @@ if ($savemsg) </tr> <tr id="tls_ca"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?php if (count($a_ca)): ?> <select name='caref' class="formselect"> <?php foreach ($a_ca as $ca): $selected = ""; - if ($pconfig['caref'] == $ca['refid']) + if ($pconfig['caref'] == $ca['refid']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> @@ -769,7 +822,7 @@ if ($savemsg) </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -778,22 +831,26 @@ if ($savemsg) $inuse = ""; $revoked = ""; $ca = lookup_ca($cert['caref']); - if ($ca) + if ($ca) { $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) + } + if ($pconfig['certref'] == $cert['refid']) { $selected = "selected=\"selected\""; - if (cert_in_use($cert['refid'])) + } + if (cert_in_use($cert['refid'])) { $inuse = " *In Use"; - if (is_cert_revoked($cert)) + } + if (is_cert_revoked($cert)) { $revoked = " *Revoked"; + } ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> <option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option> </select> - <?php if (!count($a_cert)): ?> - <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a> if one is required for this connection. - <?php endif; ?> + <?php if (!count($a_cert)): ?> + <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a> if one is required for this connection. + <?php endif; ?> </td> </tr> <tr id="psk"> @@ -803,7 +860,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="shared key"> <tr> <td> - <?php set_checked($pconfig['autokey_enable'],$chk); ?> + <?php set_checked($pconfig['autokey_enable'], $chk); ?> <input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" /> </td> <td> @@ -832,9 +889,10 @@ if ($savemsg) <?php $cipherlist = openvpn_get_cipherlist(); foreach ($cipherlist as $name => $desc): - $selected = ""; - if ($name == $pconfig['crypto']) - $selected = " selected=\"selected\""; + $selected = ""; + if ($name == $pconfig['crypto']) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$name;?>"<?=$selected?>> <?=htmlspecialchars($desc);?> @@ -851,8 +909,9 @@ if ($savemsg) $digestlist = openvpn_get_digestlist(); foreach ($digestlist as $name => $desc): $selected = ""; - if ($name == $pconfig['digest']) + if ($name == $pconfig['digest']) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$name;?>"<?=$selected?>> <?=htmlspecialchars($desc);?> @@ -870,8 +929,9 @@ if ($savemsg) $engines = openvpn_get_engines(); foreach ($engines as $name => $desc): $selected = ""; - if ($name == $pconfig['engine']) + if ($name == $pconfig['engine']) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$name;?>"<?=$selected?>> <?=htmlspecialchars($desc);?> @@ -959,11 +1019,12 @@ if ($savemsg) <select name="compression" class="formselect"> <?php foreach ($openvpn_compression_modes as $cmode => $cmodedesc): - $selected = ""; - if ($cmode == $pconfig['compression']) - $selected = " selected=\"selected\""; + $selected = ""; + if ($cmode == $pconfig['compression']) { + $selected = " selected=\"selected\""; + } ?> - <option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option> + <option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option> <?php endforeach; ?> </select> <br /> @@ -976,7 +1037,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="type-of-service"> <tr> <td> - <?php set_checked($pconfig['passtos'],$chk); ?> + <?php set_checked($pconfig['passtos'], $chk); ?> <input name="passtos" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -995,7 +1056,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6"> <tr> <td> - <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?> + <?php set_checked($pconfig['no_tun_ipv6'], $chk); ?> <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1014,7 +1075,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes"> <tr> <td> - <?php set_checked($pconfig['route_no_pull'],$chk); ?> + <?php set_checked($pconfig['route_no_pull'], $chk); ?> <input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1033,7 +1094,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes"> <tr> <td> - <?php set_checked($pconfig['route_no_exec'],$chk); ?> + <?php set_checked($pconfig['route_no_exec'], $chk); ?> <input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1070,14 +1131,15 @@ if ($savemsg) </tr> <tr id="comboboxVerbosityLevel"> - <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td> - <td width="78%" class="vtable"> + <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td> + <td width="78%" class="vtable"> <select name="verbosity_level" class="formselect"> <?php foreach ($openvpn_verbosity_level as $verb_value => $verb_desc): $selected = ""; - if ($pconfig['verbosity_level'] == $verb_value) + if ($pconfig['verbosity_level'] == $verb_value) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option> <?php endforeach; ?> @@ -1088,7 +1150,7 @@ if ($savemsg) <strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br /> <strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br /> <strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>. - </td> + </td> </tr> </table> @@ -1139,10 +1201,11 @@ if ($savemsg) <tbody> <?php $i = 0; - foreach($a_client as $client): + foreach ($a_client as $client): $disabled = "NO"; - if (isset($client['disable'])) + if (isset($client['disable'])) { $disabled = "YES"; + } $server = "{$client['server_addr']}:{$client['server_port']}"; ?> <tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'"> @@ -1197,11 +1260,12 @@ useproxy_changed(); /* local utility functions */ -function set_checked($var,& $chk) { - if($var) +function set_checked($var, & $chk) { + if ($var) { $chk = "checked=\"checked\""; - else + } else { $chk = ""; + } } ?> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 0241d12..0211c2c 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -1,21 +1,21 @@ -<?php +<?php /* vpn_openvpn_csc.php Copyright (C) 2008 Shrew Soft Inc. Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -42,19 +42,23 @@ require_once("pkg-utils.inc"); $pgtitle = array(gettext("OpenVPN"), gettext("Client Specific Override")); $shortcut_section = "openvpn"; -if (!is_array($config['openvpn']['openvpn-csc'])) +if (!is_array($config['openvpn']['openvpn-csc'])) { $config['openvpn']['openvpn-csc'] = array(); +} $a_csc = &$config['openvpn']['openvpn-csc']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} $act = $_GET['act']; -if (isset($_POST['act'])) +if (isset($_POST['act'])) { $act = $_POST['act']; +} if ($_GET['act'] == "del") { @@ -69,7 +73,7 @@ if ($_GET['act'] == "del") { $savemsg = gettext("Client Specific Override successfully deleted")."<br />"; } -if($_GET['act']=="edit"){ +if ($_GET['act'] == "edit") { if (isset($id) && $a_csc[$id]) { $pconfig['custom_options'] = $a_csc[$id]['custom_options']; @@ -88,24 +92,27 @@ if($_GET['act']=="edit"){ $pconfig['push_reset'] = $a_csc[$id]['push_reset']; $pconfig['dns_domain'] = $a_csc[$id]['dns_domain']; - if ($pconfig['dns_domain']) + if ($pconfig['dns_domain']) { $pconfig['dns_domain_enable'] = true; + } $pconfig['dns_server1'] = $a_csc[$id]['dns_server1']; $pconfig['dns_server2'] = $a_csc[$id]['dns_server2']; $pconfig['dns_server3'] = $a_csc[$id]['dns_server3']; $pconfig['dns_server4'] = $a_csc[$id]['dns_server4']; if ($pconfig['dns_server1'] || - $pconfig['dns_server2'] || - $pconfig['dns_server3'] || - $pconfig['dns_server4']) + $pconfig['dns_server2'] || + $pconfig['dns_server3'] || + $pconfig['dns_server4']) { $pconfig['dns_server_enable'] = true; + } $pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1']; $pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2']; if ($pconfig['ntp_server1'] || - $pconfig['ntp_server2']) + $pconfig['ntp_server2']) { $pconfig['ntp_server_enable'] = true; + } $pconfig['netbios_enable'] = $a_csc[$id]['netbios_enable']; $pconfig['netbios_ntype'] = $a_csc[$id]['netbios_ntype']; @@ -114,12 +121,14 @@ if($_GET['act']=="edit"){ $pconfig['wins_server1'] = $a_csc[$id]['wins_server1']; $pconfig['wins_server2'] = $a_csc[$id]['wins_server2']; if ($pconfig['wins_server1'] || - $pconfig['wins_server2']) + $pconfig['wins_server2']) { $pconfig['wins_server_enable'] = true; + } $pconfig['nbdd_server1'] = $a_csc[$id]['nbdd_server1']; - if ($pconfig['nbdd_server1']) + if ($pconfig['nbdd_server1']) { $pconfig['nbdd_server_enable'] = true; + } } } @@ -129,67 +138,85 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) + if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) + if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) + if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) + if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) + if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) { $input_errors[] = $result; + } if ($pconfig['dns_server_enable']) { - if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) + if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) { $input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address"); - if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) + } + if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) { $input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address"); - if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) + } + if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) { $input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address"); - if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) + } + if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) { $input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address"); + } } if ($pconfig['ntp_server_enable']) { - if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) + if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) { $input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address"); - if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) + } + if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) { $input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address"); - if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) + } + if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) { $input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address"); - if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) + } + if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) { $input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address"); + } } if ($pconfig['netbios_enable']) { if ($pconfig['wins_server_enable']) { - if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) + if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) { $input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address"); - if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) + } + if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) { $input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address"); + } } - if ($pconfig['nbdd_server_enable']) - if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) + if ($pconfig['nbdd_server_enable']) { + if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) { $input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address"); + } + } } $reqdfields[] = 'common_name'; $reqdfieldsn[] = 'Common name'; - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!$input_errors) { $csc = array(); $csc['custom_options'] = $pconfig['custom_options']; - if ($_POST['disable'] == "yes") + if ($_POST['disable'] == "yes") { $csc['disable'] = true; + } $csc['common_name'] = $pconfig['common_name']; $csc['block'] = $pconfig['block']; $csc['description'] = $pconfig['description']; @@ -203,8 +230,9 @@ if ($_POST) { $csc['push_reset'] = $pconfig['push_reset']; - if ($pconfig['dns_domain_enable']) + if ($pconfig['dns_domain_enable']) { $csc['dns_domain'] = $pconfig['dns_domain']; + } if ($pconfig['dns_server_enable']) { $csc['dns_server1'] = $pconfig['dns_server1']; @@ -229,21 +257,24 @@ if ($_POST) { $csc['wins_server2'] = $pconfig['wins_server2']; } - if ($pconfig['dns_server_enable']) + if ($pconfig['dns_server_enable']) { $csc['nbdd_server1'] = $pconfig['nbdd_server1']; + } } - + if (isset($id) && $a_csc[$id]) { $old_csc_cn = $a_csc[$id]['common_name']; $a_csc[$id] = $csc; - } else + } else { $a_csc[] = $csc; + } - if (!empty($old_csc_cn)) + if (!empty($old_csc_cn)) { openvpn_cleanup_csc($old_csc_cn); + } openvpn_resync_csc($csc); write_config(); - + header("Location: vpn_openvpn_csc.php"); exit; } @@ -260,34 +291,38 @@ include("head.inc"); function dns_domain_change() { - if (document.iform.dns_domain_enable.checked) + if (document.iform.dns_domain_enable.checked) { document.getElementById("dns_domain_data").style.display=""; - else + } else { document.getElementById("dns_domain_data").style.display="none"; + } } function dns_server_change() { - if (document.iform.dns_server_enable.checked) + if (document.iform.dns_server_enable.checked) { document.getElementById("dns_server_data").style.display=""; - else + } else { document.getElementById("dns_server_data").style.display="none"; + } } function wins_server_change() { - if (document.iform.wins_server_enable.checked) + if (document.iform.wins_server_enable.checked) { document.getElementById("wins_server_data").style.display=""; - else + } else { document.getElementById("wins_server_data").style.display="none"; + } } function ntp_server_change() { - if (document.iform.ntp_server_enable.checked) + if (document.iform.ntp_server_enable.checked) { document.getElementById("ntp_server_data").style.display=""; - else + } else { document.getElementById("ntp_server_data").style.display="none"; + } } function netbios_change() { @@ -304,15 +339,17 @@ function netbios_change() { //]]> </script> <?php - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); - if ($savemsg) + } + if ($savemsg) { print_info_box($savemsg); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn csc"> - <tr> + <tr> <td class="tabnavtbl"> - <?php + <?php $tab_array = array(); $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php"); $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); @@ -322,24 +359,24 @@ function netbios_change() { display_top_tabs($tab_array); ?> </td> - </tr> + </tr> <tr> <td class="tabcont"> - <?php if($act=="new" || $act=="edit"): ?> + <?php if ($act=="new" || $act=="edit"): ?> <form action="vpn_openvpn_csc.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information"> <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td> - </tr> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> <td width="78%" class="vtable"> <table border="0" cellpadding="0" cellspacing="0" summary="enable disable"> <tr> <td> - <?php set_checked($pconfig['disable'],$chk); ?> + <?php set_checked($pconfig['disable'], $chk); ?> <input name="disable" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -353,17 +390,17 @@ function netbios_change() { <?=gettext("Set this option to disable this client-specific override without removing it from the list"); ?>. </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Common name"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="common_name" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['common_name']);?>" /> <br /> <?=gettext("Enter the client's X.509 common name here"); ?>. </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" /> <br /> <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. @@ -375,7 +412,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="connection blocking"> <tr> <td> - <?php set_checked($pconfig['block'],$chk); ?> + <?php set_checked($pconfig['block'], $chk); ?> <input name="block" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -468,7 +505,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway"> <tr> <td> - <?php set_checked($pconfig['gwredir'],$chk); ?> + <?php set_checked($pconfig['gwredir'], $chk); ?> <input name="gwredir" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -492,7 +529,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="server definitions"> <tr> <td> - <?php set_checked($pconfig['push_reset'],$chk); ?> + <?php set_checked($pconfig['push_reset'], $chk); ?> <input name="push_reset" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -510,12 +547,12 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="dns default domain"> <tr> <td> - <?php set_checked($pconfig['dns_domain_enable'],$chk); ?> + <?php set_checked($pconfig['dns_domain_enable'], $chk); ?> <input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" /> </td> <td> <span class="vexpl"> - <?=gettext("Provide a default domain name to clients"); ?><br /> + <?=gettext("Provide a default domain name to clients"); ?><br /> </span> </td> </tr> @@ -535,7 +572,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="dns servers"> <tr> <td> - <?php set_checked($pconfig['dns_server_enable'],$chk); ?> + <?php set_checked($pconfig['dns_server_enable'], $chk); ?> <input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" /> </td> <td> @@ -587,7 +624,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="ntp servers"> <tr> <td> - <?php set_checked($pconfig['ntp_server_enable'],$chk); ?> + <?php set_checked($pconfig['ntp_server_enable'], $chk); ?> <input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" /> </td> <td> @@ -623,7 +660,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="netbios options"> <tr> <td> - <?php set_checked($pconfig['netbios_enable'],$chk); ?> + <?php set_checked($pconfig['netbios_enable'], $chk); ?> <input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" /> </td> <td> @@ -646,8 +683,9 @@ function netbios_change() { <?php foreach ($netbios_nodetypes as $type => $name): $selected = ""; - if ($pconfig['netbios_ntype'] == $type) + if ($pconfig['netbios_ntype'] == $type) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option> <?php endforeach; ?> @@ -683,7 +721,7 @@ function netbios_change() { <table border="0" cellpadding="2" cellspacing="0" summary="wins servers"> <tr> <td> - <?php set_checked($pconfig['wins_server_enable'],$chk); ?> + <?php set_checked($pconfig['wins_server_enable'], $chk); ?> <input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" /> </td> <td> @@ -729,8 +767,8 @@ function netbios_change() { </tr> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="act" type="hidden" value="<?=$act;?>" /> <?php if (isset($id) && $a_csc[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> @@ -751,10 +789,11 @@ function netbios_change() { </tr> <?php $i = 0; - foreach($a_csc as $csc): + foreach ($a_csc as $csc): $disabled = "NO"; - if (isset($csc['disable'])) + if (isset($csc['disable'])) { $disabled = "YES"; + } ?> <tr ondblclick="document.location='vpn_openvpn_csc.php?act=edit&id=<?=$i;?>'"> <td class="listlr"> @@ -777,7 +816,7 @@ function netbios_change() { </td> </tr> <?php - $i++; + $i++; endforeach; ?> <tr> @@ -818,11 +857,12 @@ netbios_change(); /* local utility functions */ -function set_checked($var,& $chk) { - if($var) - $chk = "checked=\"checked\""; - else - $chk = ""; +function set_checked($var, & $chk) { + if ($var) { + $chk = "checked=\"checked\""; + } else { + $chk = ""; + } } ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 9ea7f6d..9b70468 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -1,21 +1,21 @@ -<?php +<?php /* vpn_openvpn_server.php Copyright (C) 2008 Shrew Soft Inc. Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -39,43 +39,53 @@ require("guiconfig.inc"); require_once("openvpn.inc"); require_once("pkg-utils.inc"); -if (!is_array($config['openvpn']['openvpn-server'])) +if (!is_array($config['openvpn']['openvpn-server'])) { $config['openvpn']['openvpn-server'] = array(); +} $a_server = &$config['openvpn']['openvpn-server']; -if (!is_array($config['ca'])) +if (!is_array($config['ca'])) { $config['ca'] = array(); +} $a_ca =& $config['ca']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert =& $config['cert']; -if (!is_array($config['crl'])) +if (!is_array($config['crl'])) { $config['crl'] = array(); +} $a_crl =& $config['crl']; -foreach ($a_crl as $cid => $acrl) - if (!isset($acrl['refid'])) +foreach ($a_crl as $cid => $acrl) { + if (!isset($acrl['refid'])) { unset ($a_crl[$cid]); + } +} -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} $act = $_GET['act']; -if (isset($_POST['act'])) +if (isset($_POST['act'])) { $act = $_POST['act']; +} -if (isset($id) && $a_server[$id]) +if (isset($id) && $a_server[$id]) { $vpnid = $a_server[$id]['vpnid']; -else +} else { $vpnid = 0; +} if ($_GET['act'] == "del") { @@ -83,14 +93,15 @@ if ($_GET['act'] == "del") { pfSenseHeader("vpn_openvpn_server.php"); exit; } - if (!empty($a_server[$id])) + if (!empty($a_server[$id])) { openvpn_delete('server', $a_server[$id]); + } unset($a_server[$id]); write_config(); $savemsg = gettext("Server successfully deleted")."<br />"; } -if($_GET['act']=="new") { +if ($_GET['act'] == "new") { $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; @@ -105,7 +116,7 @@ if($_GET['act']=="new") { $pconfig['digest'] = "SHA1"; } -if($_GET['act']=="edit") { +if ($_GET['act'] == "edit") { if (isset($id) && $a_server[$id]) { $pconfig['disable'] = isset($a_server[$id]['disable']); @@ -130,14 +141,17 @@ if($_GET['act']=="edit") { $pconfig['crlref'] = $a_server[$id]['crlref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; - if (isset($a_server[$id]['cert_depth'])) + if (isset($a_server[$id]['cert_depth'])) { $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; - else + } else { $pconfig['cert_depth'] = 1; - if ($pconfig['mode'] == "server_tls_user") + } + if ($pconfig['mode'] == "server_tls_user") { $pconfig['strictusercn'] = $a_server[$id]['strictusercn']; - } else + } + } else { $pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']); + } $pconfig['crypto'] = $a_server[$id]['crypto']; // OpenVPN Defaults to SHA1 if unset $pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1"; @@ -166,24 +180,27 @@ if($_GET['act']=="edit") { $pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end']; $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; - if ($pconfig['dns_domain']) + if ($pconfig['dns_domain']) { $pconfig['dns_domain_enable'] = true; + } $pconfig['dns_server1'] = $a_server[$id]['dns_server1']; $pconfig['dns_server2'] = $a_server[$id]['dns_server2']; $pconfig['dns_server3'] = $a_server[$id]['dns_server3']; $pconfig['dns_server4'] = $a_server[$id]['dns_server4']; if ($pconfig['dns_server1'] || - $pconfig['dns_server2'] || - $pconfig['dns_server3'] || - $pconfig['dns_server4']) + $pconfig['dns_server2'] || + $pconfig['dns_server3'] || + $pconfig['dns_server4']) { $pconfig['dns_server_enable'] = true; + } $pconfig['ntp_server1'] = $a_server[$id]['ntp_server1']; $pconfig['ntp_server2'] = $a_server[$id]['ntp_server2']; if ($pconfig['ntp_server1'] || - $pconfig['ntp_server2']) + $pconfig['ntp_server2']) { $pconfig['ntp_server_enable'] = true; + } $pconfig['netbios_enable'] = $a_server[$id]['netbios_enable']; $pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype']; @@ -192,29 +209,33 @@ if($_GET['act']=="edit") { $pconfig['wins_server1'] = $a_server[$id]['wins_server1']; $pconfig['wins_server2'] = $a_server[$id]['wins_server2']; if ($pconfig['wins_server1'] || - $pconfig['wins_server2']) + $pconfig['wins_server2']) { $pconfig['wins_server_enable'] = true; + } $pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port']; - if ($pconfig['client_mgmt_port']) + if ($pconfig['client_mgmt_port']) { $pconfig['client_mgmt_port_enable'] = true; + } $pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1']; - if ($pconfig['nbdd_server1']) + if ($pconfig['nbdd_server1']) { $pconfig['nbdd_server_enable'] = true; + } // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']); - + $pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6']; - if (isset($a_server[$id]['verbosity_level'])) + if (isset($a_server[$id]['verbosity_level'])) { $pconfig['verbosity_level'] = $a_server[$id]['verbosity_level']; - else + } else { $pconfig['verbosity_level'] = 1; // Default verbosity is 1 - + } + $pconfig['push_register_dns'] = $a_server[$id]['push_register_dns']; } } @@ -223,12 +244,13 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if (isset($id) && $a_server[$id]) + if (isset($id) && $a_server[$id]) { $vpnid = $a_server[$id]['vpnid']; - else + } else { $vpnid = 0; + } - list($iv_iface, $iv_ip) = explode ("|",$pconfig['interface']); + list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']); if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address."); } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) { @@ -239,99 +261,128 @@ if ($_POST) { $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address."); } - if ($pconfig['mode'] != "p2p_shared_key") + if ($pconfig['mode'] != "p2p_shared_key") { $tls_mode = true; - else + } else { $tls_mode = false; + } - if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) + if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) { $input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth."); + } /* input validation */ - if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) + if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) + if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) + if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) + if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) + if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) + if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) { $input_errors[] = $result; + } - if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) + if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) { $input_errors[] = $result; + } $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); - if (($portused != $vpnid) && ($portused != 0)) + if (($portused != $vpnid) && ($portused != 0)) { $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); + } - if ($pconfig['autokey_enable']) + if ($pconfig['autokey_enable']) { $pconfig['shared_key'] = openvpn_create_key(); + } - if (!$tls_mode && !$pconfig['autokey_enable']) + if (!$tls_mode && !$pconfig['autokey_enable']) { if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) + !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid"); + } + } - if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) + if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) { if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) + !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); + } + } if ($pconfig['dns_server_enable']) { - if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) + if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) { $input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address"); - if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) + } + if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) { $input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address"); - if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) + } + if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) { $input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address"); - if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) + } + if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) { $input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address"); + } } if ($pconfig['ntp_server_enable']) { - if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) + if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) { $input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address"); - if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) + } + if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) { $input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address"); - if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) + } + if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) { $input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address"); - if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) + } + if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) { $input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address"); + } } if ($pconfig['netbios_enable']) { if ($pconfig['wins_server_enable']) { - if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) + if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) { $input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address"); - if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) + } + if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) { $input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address"); + } } - if ($pconfig['nbdd_server_enable']) - if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) + if ($pconfig['nbdd_server_enable']) { + if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) { $input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address"); + } + } } if ($pconfig['client_mgmt_port_enable']) { - if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port')) + if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port')) { $input_errors[] = $result; + } } - if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients'])) + if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients'])) { $input_errors[] = gettext("The field 'Concurrent connections' must be numeric."); + } /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { $reqdfields = explode(" ", "caref certref"); - $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); + $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate")); } elseif (!$pconfig['autokey_enable']) { /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ $reqdfields = array('shared_key'); @@ -342,48 +393,58 @@ if ($_POST) { $reqdfields[] = 'tunnel_network'; $reqdfieldsn[] = gettext('Tunnel network'); } else { - if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) + if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) { $input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed."); - if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) - || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) + } + if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) || + (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) { $input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined."); - if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start']))) + } + if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start']))) { $input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address."); - if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end']))) + } + if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end']))) { $input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address."); - if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) + } + if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) { $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end)."); + } } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - + if (!$input_errors) { $server = array(); - if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) + if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) { openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created. + } - if ($vpnid) + if ($vpnid) { $server['vpnid'] = $vpnid; - else + } else { $server['vpnid'] = openvpn_vpnid_next(); + } - if ($_POST['disable'] == "yes") + if ($_POST['disable'] == "yes") { $server['disable'] = true; + } $server['mode'] = $pconfig['mode']; - if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) + if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) { $server['authmode'] = implode(",", $pconfig['authmode']); + } $server['protocol'] = $pconfig['protocol']; $server['dev_mode'] = $pconfig['dev_mode']; - list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); + list($server['interface'], $server['ipaddr']) = explode ("|", $pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; $server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); if ($tls_mode) { if ($pconfig['tlsauth_enable']) { - if ($pconfig['autotls_enable']) + if ($pconfig['autotls_enable']) { $pconfig['tls'] = openvpn_create_key(); + } $server['tls'] = base64_encode($pconfig['tls']); } $server['caref'] = $pconfig['caref']; @@ -391,8 +452,9 @@ if ($_POST) { $server['certref'] = $pconfig['certref']; $server['dh_length'] = $pconfig['dh_length']; $server['cert_depth'] = $pconfig['cert_depth']; - if ($pconfig['mode'] == "server_tls_user") + if ($pconfig['mode'] == "server_tls_user") { $server['strictusercn'] = $pconfig['strictusercn']; + } } else { $server['shared_key'] = base64_encode($pconfig['shared_key']); } @@ -421,8 +483,9 @@ if ($_POST) { $server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start']; $server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end']; - if ($pconfig['dns_domain_enable']) + if ($pconfig['dns_domain_enable']) { $server['dns_domain'] = $pconfig['dns_domain']; + } if ($pconfig['dns_server_enable']) { $server['dns_server1'] = $pconfig['dns_server1']; @@ -431,8 +494,9 @@ if ($_POST) { $server['dns_server4'] = $pconfig['dns_server4']; } - if ($pconfig['push_register_dns']) + if ($pconfig['push_register_dns']) { $server['push_register_dns'] = $pconfig['push_register_dns']; + } if ($pconfig['ntp_server_enable']) { $server['ntp_server1'] = $pconfig['ntp_server1']; @@ -442,7 +506,7 @@ if ($_POST) { $server['netbios_enable'] = $pconfig['netbios_enable']; $server['netbios_ntype'] = $pconfig['netbios_ntype']; $server['netbios_scope'] = $pconfig['netbios_scope']; - + $server['no_tun_ipv6'] = $pconfig['no_tun_ipv6']; $server['verbosity_level'] = $pconfig['verbosity_level']; @@ -453,29 +517,34 @@ if ($_POST) { $server['wins_server2'] = $pconfig['wins_server2']; } - if ($pconfig['dns_server_enable']) + if ($pconfig['dns_server_enable']) { $server['nbdd_server1'] = $pconfig['nbdd_server1']; + } } - if ($pconfig['client_mgmt_port_enable']) + if ($pconfig['client_mgmt_port_enable']) { $server['client_mgmt_port'] = $pconfig['client_mgmt_port']; + } - if ($_POST['duplicate_cn'] == "yes") + if ($_POST['duplicate_cn'] == "yes") { $server['duplicate_cn'] = true; + } - if (isset($id) && $a_server[$id]) + if (isset($id) && $a_server[$id]) { $a_server[$id] = $server; - else + } else { $a_server[] = $server; + } openvpn_resync('server', $server); write_config(); - + header("Location: vpn_openvpn_server.php"); exit; } - if (!empty($pconfig['authmode'])) + if (!empty($pconfig['authmode'])) { $pconfig['authmode'] = implode(",", $pconfig['authmode']); + } } $pgtitle = array(gettext("OpenVPN"), gettext("Server")); $shortcut_section = "openvpn"; @@ -492,7 +561,7 @@ include("head.inc"); function mode_change() { index = document.iform.mode.selectedIndex; value = document.iform.mode.options[index].value; - switch(value) { + switch (value) { case "p2p_tls": case "server_tls": case "server_user": @@ -526,7 +595,7 @@ function mode_change() { document.getElementById("psk").style.display=""; break; } - switch(value) { + switch (value) { case "p2p_shared_key": document.getElementById("client_opts").style.display="none"; document.getElementById("remote_optsv4").style.display=""; @@ -575,19 +644,21 @@ function mode_change() { function autokey_change() { - if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked)) + if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked)) { document.getElementById("autokey_opts").style.display="none"; - else + } else { document.getElementById("autokey_opts").style.display=""; + } } function tlsauth_change() { <?php if (!$pconfig['tls']): ?> - if (document.iform.tlsauth_enable.checked) + if (document.iform.tlsauth_enable.checked) { document.getElementById("tlsauth_opts").style.display=""; - else + } else { document.getElementById("tlsauth_opts").style.display="none"; + } <?php endif; ?> autotls_change(); @@ -601,10 +672,11 @@ function autotls_change() { autocheck = false; <?php endif; ?> - if (document.iform.tlsauth_enable.checked && !autocheck) + if (document.iform.tlsauth_enable.checked && !autocheck) { document.getElementById("autotls_opts").style.display=""; - else + } else { document.getElementById("autotls_opts").style.display="none"; + } } function gwredir_change() { @@ -620,42 +692,47 @@ function gwredir_change() { function dns_domain_change() { - if (document.iform.dns_domain_enable.checked) + if (document.iform.dns_domain_enable.checked) { document.getElementById("dns_domain_data").style.display=""; - else + } else { document.getElementById("dns_domain_data").style.display="none"; + } } function dns_server_change() { - if (document.iform.dns_server_enable.checked) + if (document.iform.dns_server_enable.checked) { document.getElementById("dns_server_data").style.display=""; - else + } else { document.getElementById("dns_server_data").style.display="none"; + } } function wins_server_change() { - if (document.iform.wins_server_enable.checked) + if (document.iform.wins_server_enable.checked) { document.getElementById("wins_server_data").style.display=""; - else + } else { document.getElementById("wins_server_data").style.display="none"; + } } function client_mgmt_port_change() { - if (document.iform.client_mgmt_port_enable.checked) + if (document.iform.client_mgmt_port_enable.checked) { document.getElementById("client_mgmt_port_data").style.display=""; - else + } else { document.getElementById("client_mgmt_port_data").style.display="none"; + } } function ntp_server_change() { - if (document.iform.ntp_server_enable.checked) + if (document.iform.ntp_server_enable.checked) { document.getElementById("ntp_server_data").style.display=""; - else + } else { document.getElementById("ntp_server_data").style.display="none"; + } } function netbios_change() { @@ -674,7 +751,7 @@ function tuntap_change() { mindex = document.iform.mode.selectedIndex; mvalue = document.iform.mode.options[mindex].value; - switch(mvalue) { + switch( mvalue) { case "p2p_tls": case "p2p_shared_key": p2p = true; @@ -686,7 +763,7 @@ function tuntap_change() { index = document.iform.dev_mode.selectedIndex; value = document.iform.dev_mode.options[index].value; - switch(value) { + switch (value) { case "tun": document.getElementById("chkboxNoTunIPv6").style.display=""; document.getElementById("ipv4_tunnel_network").className="vncellreq"; @@ -728,18 +805,21 @@ function tuntap_change() { //]]> </script> <?php -if (!$savemsg) +if (!$savemsg) { $savemsg = ""; +} -if ($input_errors) +if ($input_errors) { print_input_errors($input_errors); -if ($savemsg) +} +if ($savemsg) { print_info_box_np($savemsg); +} ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn server"> <tr> <td class="tabnavtbl"> - <?php + <?php $tab_array = array(); $tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php"); $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); @@ -749,11 +829,11 @@ if ($savemsg) display_top_tabs($tab_array); ?> </td> - </tr> + </tr> <tr> <td class="tabcont"> - <?php if($act=="new" || $act=="edit"): ?> + <?php if ($act=="new" || $act=="edit"): ?> <form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information"> @@ -766,7 +846,7 @@ if ($savemsg) <table border="0" cellpadding="0" cellspacing="0" summary="enable disable server"> <tr> <td> - <?php set_checked($pconfig['disable'],$chk); ?> + <?php set_checked($pconfig['disable'], $chk); ?> <input name="disable" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -782,13 +862,14 @@ if ($savemsg) </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'> <?php foreach ($openvpn_server_modes as $name => $desc): $selected = ""; - if ($pconfig['mode'] == $name) + if ($pconfig['mode'] == $name) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option> <?php endforeach; ?> @@ -803,13 +884,15 @@ if ($savemsg) $authmodes = explode(",", $pconfig['authmode']); $auth_servers = auth_get_authserver_list(); // If no authmodes set then default to selecting the first entry in auth_servers - if (empty($authmodes[0]) && !empty(key($auth_servers))) + if (empty($authmodes[0]) && !empty(key($auth_servers))) { $authmodes[0] = key($auth_servers); + } foreach ($auth_servers as $auth_server_key => $auth_server): $selected = ""; - if (in_array($auth_server_key, $authmodes)) + if (in_array($auth_server_key, $authmodes)) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option> <?php endforeach; ?> @@ -818,13 +901,14 @@ if ($savemsg) </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <select name='protocol' class="formselect"> <?php foreach ($openvpn_prots as $prot): $selected = ""; - if ($pconfig['protocol'] == $prot) + if ($pconfig['protocol'] == $prot) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option> <?php endforeach; ?> @@ -839,11 +923,13 @@ if ($savemsg) foreach ($openvpn_dev_mode as $device): $selected = ""; if (! empty($pconfig['dev_mode'])) { - if ($pconfig['dev_mode'] == $device) + if ($pconfig['dev_mode'] == $device) { $selected = "selected=\"selected\""; + } } else { - if ($device == "tun") + if ($device == "tun") { $selected = "selected=\"selected\""; + } } ?> <option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option> @@ -858,27 +944,32 @@ if ($savemsg) <?php $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { - if($group['ipprotocol'] != inet) + if ($group['ipprotocol'] != inet) { continue; - if($group[0]['vip'] <> "") + } + if ($group[0]['vip'] <> "") { $vipif = $group[0]['vip']; - else + } else { $vipif = $group[0]['int']; + } $interfaces[$name] = "GW Group {$name}"; } $interfaces['lo0'] = "Localhost"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; - if ($iface == $pconfig['interface']) + if ($iface == $pconfig['interface']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$iface;?>" <?=$selected;?>> <?=htmlspecialchars($ifacename);?> @@ -893,9 +984,9 @@ if ($savemsg) <input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" /> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" /> <br /> <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. @@ -913,7 +1004,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="tls authentication"> <tr> <td> - <?php set_checked($pconfig['tlsauth_enable'],$chk); ?> + <?php set_checked($pconfig['tlsauth_enable'], $chk); ?> <input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" /> </td> <td> @@ -927,7 +1018,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options"> <tr> <td> - <?php set_checked($pconfig['autotls_enable'],$chk); ?> + <?php set_checked($pconfig['autotls_enable'], $chk); ?> <input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" /> </td> <td> @@ -951,26 +1042,27 @@ if ($savemsg) </tr> <tr id="tls_ca"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?php if (count($a_ca)): ?> <select name='caref' class="formselect"> <?php foreach ($a_ca as $ca): $selected = ""; - if ($pconfig['caref'] == $ca['refid']) + if ($pconfig['caref'] == $ca['refid']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> </select> <?php else: ?> - <b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>. + <b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>. <?php endif; ?> - </td> + </td> </tr> <tr id="tls_crl"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?php if (count($a_crl)): ?> <select name='crlref' class="formselect"> <option value="">None</option> @@ -981,21 +1073,22 @@ if ($savemsg) $ca = lookup_ca($crl['caref']); if ($ca) { $caname = " (CA: {$ca['descr']})"; - if ($pconfig['crlref'] == $crl['refid']) + if ($pconfig['crlref'] == $crl['refid']) { $selected = "selected=\"selected\""; + } } ?> <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option> <?php endforeach; ?> </select> <?php else: ?> - <b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System > Cert Manager</a>. + <b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System > Cert Manager</a>. <?php endif; ?> - </td> + </td> </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php @@ -1005,20 +1098,24 @@ if ($savemsg) $inuse = ""; $revoked = ""; $ca = lookup_ca($cert['caref']); - if ($ca) + if ($ca) { $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) + } + if ($pconfig['certref'] == $cert['refid']) { $selected = "selected=\"selected\""; - if (cert_in_use($cert['refid'])) + } + if (cert_in_use($cert['refid'])) { $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; + } + if (is_cert_revoked($cert)) { + $revoked = " *Revoked"; + } ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> </select> <?php else: ?> - <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. <?php endif; ?> </td> </tr> @@ -1029,8 +1126,9 @@ if ($savemsg) <?php foreach ($openvpn_dh_lengths as $length): $selected = ""; - if ($length == $pconfig['dh_length']) + if ($length == $pconfig['dh_length']) { $selected = " selected=\"selected\""; + } ?> <option<?=$selected?>><?=$length;?></option> <?php endforeach; ?> @@ -1047,7 +1145,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="shared key"> <tr> <td> - <?php set_checked($pconfig['autokey_enable'],$chk); ?> + <?php set_checked($pconfig['autokey_enable'], $chk); ?> <input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" /> </td> <td> @@ -1077,8 +1175,9 @@ if ($savemsg) $cipherlist = openvpn_get_cipherlist(); foreach ($cipherlist as $name => $desc): $selected = ""; - if ($name == $pconfig['crypto']) + if ($name == $pconfig['crypto']) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$name;?>"<?=$selected?>> <?=htmlspecialchars($desc);?> @@ -1095,8 +1194,9 @@ if ($savemsg) $digestlist = openvpn_get_digestlist(); foreach ($digestlist as $name => $desc): $selected = ""; - if ($name == $pconfig['digest']) + if ($name == $pconfig['digest']) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$name;?>"<?=$selected?>> <?=htmlspecialchars($desc);?> @@ -1114,8 +1214,9 @@ if ($savemsg) $engines = openvpn_get_engines(); foreach ($engines as $name => $desc): $selected = ""; - if ($name == $pconfig['engine']) + if ($name == $pconfig['engine']) { $selected = " selected=\"selected\""; + } ?> <option value="<?=$name;?>"<?=$selected?>> <?=htmlspecialchars($desc);?> @@ -1128,24 +1229,29 @@ if ($savemsg) <td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0" summary="certificate depth"> - <tr><td> - <select name="cert_depth" class="formselect"> - <option value="">Do Not Check</option> - <?php - foreach ($openvpn_cert_depths as $depth => $depthdesc): - $selected = ""; - if ($depth == $pconfig['cert_depth']) - $selected = " selected=\"selected\""; - ?> - <option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option> - <?php endforeach; ?> - </select> - </td></tr> - <tr><td> - <span class="vexpl"> - <?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?> - </span> - </td></tr> + <tr> + <td> + <select name="cert_depth" class="formselect"> + <option value="">Do Not Check</option> + <?php + foreach ($openvpn_cert_depths as $depth => $depthdesc): + $selected = ""; + if ($depth == $pconfig['cert_depth']) { + $selected = " selected=\"selected\""; + } + ?> + <option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td> + <span class="vexpl"> + <?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?> + </span> + </td> + </tr> </table> </td> </tr> @@ -1155,7 +1261,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="strict user/cn matching"> <tr> <td> - <?php set_checked($pconfig['strictusercn'],$chk); ?> + <?php set_checked($pconfig['strictusercn'], $chk); ?> <input name="strictusercn" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1207,7 +1313,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="bridge dhcp"> <tr> <td> - <?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?> + <?php set_checked($pconfig['serverbridge_dhcp'], $chk); ?> <input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange="tuntap_change()" /> </td> <td> @@ -1227,15 +1333,18 @@ if ($savemsg) $serverbridge_interface['none'] = "none"; $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } foreach ($serverbridge_interface as $iface => $ifacename): $selected = ""; - if ($iface == $pconfig['serverbridge_interface']) + if ($iface == $pconfig['serverbridge_interface']) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$iface;?>" <?=$selected;?>> <?=htmlspecialchars($ifacename);?> @@ -1276,7 +1385,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway"> <tr> <td> - <?php set_checked($pconfig['gwredir'],$chk); ?> + <?php set_checked($pconfig['gwredir'], $chk); ?> <input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onclick="gwredir_change()" /> </td> <td> @@ -1357,8 +1466,9 @@ if ($savemsg) <?php foreach ($openvpn_compression_modes as $cmode => $cmodedesc): $selected = ""; - if ($cmode == $pconfig['compression']) + if ($cmode == $pconfig['compression']) { $selected = " selected=\"selected\""; + } ?> <option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option> <?php endforeach; ?> @@ -1373,7 +1483,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="type-of-service"> <tr> <td> - <?php set_checked($pconfig['passtos'],$chk); ?> + <?php set_checked($pconfig['passtos'], $chk); ?> <input name="passtos" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1391,7 +1501,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="inter-client communication"> <tr> <td> - <?php set_checked($pconfig['client2client'],$chk); ?> + <?php set_checked($pconfig['client2client'], $chk); ?> <input name="client2client" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1409,7 +1519,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="duplicate connection"> <tr> <td> - <?php set_checked($pconfig['duplicate_cn'],$chk); ?> + <?php set_checked($pconfig['duplicate_cn'], $chk); ?> <input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1428,7 +1538,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv"> <tr> <td> - <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?> + <?php set_checked($pconfig['no_tun_ipv6'], $chk); ?> <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1456,7 +1566,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="dynamic ip"> <tr> <td> - <?php set_checked($pconfig['dynamic_ip'],$chk); ?> + <?php set_checked($pconfig['dynamic_ip'], $chk); ?> <input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?> /> </td> <td> @@ -1474,7 +1584,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="address pool"> <tr> <td> - <?php set_checked($pconfig['pool_enable'],$chk); ?> + <?php set_checked($pconfig['pool_enable'], $chk); ?> <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> /> </td> <td> @@ -1492,7 +1602,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="topology"> <tr> <td> - <?php set_checked($pconfig['topology_subnet'],$chk); ?> + <?php set_checked($pconfig['topology_subnet'], $chk); ?> <input name="topology_subnet" type="checkbox" id="topology_subnet" value="yes" <?=$chk;?> /> </td> <td> @@ -1517,12 +1627,12 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="dns default domain"> <tr> <td> - <?php set_checked($pconfig['dns_domain_enable'],$chk); ?> + <?php set_checked($pconfig['dns_domain_enable'], $chk); ?> <input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" /> </td> <td> <span class="vexpl"> - <?=gettext("Provide a default domain name to clients"); ?><br /> + <?=gettext("Provide a default domain name to clients"); ?><br /> </span> </td> </tr> @@ -1542,7 +1652,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="dns servers"> <tr> <td> - <?php set_checked($pconfig['dns_server_enable'],$chk); ?> + <?php set_checked($pconfig['dns_server_enable'], $chk); ?> <input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" /> </td> <td> @@ -1595,7 +1705,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="push register dns"> <tr> <td> - <?php set_checked($pconfig['push_register_dns'],$chk); ?> + <?php set_checked($pconfig['push_register_dns'], $chk); ?> <input name="push_register_dns" type="checkbox" value="yes" <?=$chk;?> /> </td> <td> @@ -1614,7 +1724,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="ntp servers"> <tr> <td> - <?php set_checked($pconfig['ntp_server_enable'],$chk); ?> + <?php set_checked($pconfig['ntp_server_enable'], $chk); ?> <input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" /> </td> <td> @@ -1650,7 +1760,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="netboios options"> <tr> <td> - <?php set_checked($pconfig['netbios_enable'],$chk); ?> + <?php set_checked($pconfig['netbios_enable'], $chk); ?> <input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" /> </td> <td> @@ -1673,8 +1783,9 @@ if ($savemsg) <?php foreach ($netbios_nodetypes as $type => $name): $selected = ""; - if ($pconfig['netbios_ntype'] == $type) + if ($pconfig['netbios_ntype'] == $type) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option> <?php endforeach; ?> @@ -1710,7 +1821,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="wins servers"> <tr> <td> - <?php set_checked($pconfig['wins_server_enable'],$chk); ?> + <?php set_checked($pconfig['wins_server_enable'], $chk); ?> <input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" /> </td> <td> @@ -1746,12 +1857,12 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0" summary="client management port"> <tr> <td> - <?php set_checked($pconfig['client_mgmt_port_enable'],$chk); ?> + <?php set_checked($pconfig['client_mgmt_port_enable'], $chk); ?> <input name="client_mgmt_port_enable" type="checkbox" id="client_mgmt_port_enable" value="yes" <?=$chk;?> onclick="client_mgmt_port_change()" /> </td> <td> <span class="vexpl"> - <?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br /> + <?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br /> </span> </td> </tr> @@ -1796,8 +1907,9 @@ if ($savemsg) <?php foreach ($openvpn_verbosity_level as $verb_value => $verb_desc): $selected = ""; - if ($pconfig['verbosity_level'] == $verb_value) + if ($pconfig['verbosity_level'] == $verb_value) { $selected = "selected=\"selected\""; + } ?> <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option> <?php endforeach; ?> @@ -1817,8 +1929,8 @@ if ($savemsg) <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons"> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="act" type="hidden" value="<?=$act;?>" /> <?php if (isset($id) && $a_server[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> @@ -1852,10 +1964,11 @@ if ($savemsg) <tbody> <?php $i = 0; - foreach($a_server as $server): + foreach ($a_server as $server): $disabled = "NO"; - if (isset($server['disable'])) + if (isset($server['disable'])) { $disabled = "YES"; + } ?> <tr> <td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> @@ -1882,7 +1995,7 @@ if ($savemsg) </td> </tr> <?php - $i++; + $i++; endforeach; ?> <tr style="display:none;"><td></td></tr> @@ -1919,10 +2032,11 @@ tuntap_change(); /* local utility functions */ function set_checked($var,& $chk) { - if($var) + if ($var) { $chk = "checked=\"checked\""; - else + } else { $chk = ""; + } } ?> |
