From 00eda3a2eb5fb7e43ba9504c90ad494f41504888 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Tue, 13 Sep 2011 19:28:34 +0000
Subject: Fixes #1874. Correctly error out when the user or the pass is not
 posted during login of CP.

---
 usr/local/captiveportal/index.php | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 1bd9366..201a234 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -182,17 +182,20 @@ EOD;
         portal_reply_page($redirurl, "error", $errormsg);
     }
 
-} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
+} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local" && $_POST['auth_user']) {
 
+    if ($_POST['auth_user'] && $_POST['auth_pass']) {
 	//check against local user manager
 	$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
-    if ($loginok){
-        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
-        portal_allow($clientip, $clientmac,$_POST['auth_user']);
-    } else {
-        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
+	if ($loginok){
+		captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
+		portal_allow($clientip, $clientmac,$_POST['auth_user']);
+	} else {
+		captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
+		portal_reply_page($redirurl, "error", $errormsg);
+	}
+    } else
         portal_reply_page($redirurl, "error", $errormsg);
-    }
 } else if ($_POST['accept'] && $clientip && $config['captiveportal']['auth_method'] == "none") {
     captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
     portal_allow($clientip, $clientmac, "unauthenticated");
-- 
cgit v1.1