From a8cb003844c8feda083925415d9cfc96d5f3827f Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Thu, 7 Feb 2013 11:09:09 -0200
Subject: Implement privilege for allowing login through CP

- The feature is optional, on by default for new zones, off for current
  ones when upgrading

It should fix #1010
---
 usr/local/captiveportal/index.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'usr/local/captiveportal/index.php')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 98b26e9..63b4280 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -207,6 +207,10 @@ EOD;
 	if ($_POST['auth_user'] && $_POST['auth_pass']) {
 		//check against local user manager
 		$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
+
+		if ($loginok && isset($cpcfg['localauth_priv']))
+			$loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login");
+
 		if ($loginok){
 			captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
 			portal_allow($clientip, $clientmac,$_POST['auth_user']);
-- 
cgit v1.1