From 6fde5a1e464f3c8404593b1cd5258310f1914b4a Mon Sep 17 00:00:00 2001 From: Carlos Eduardo Ramos Date: Wed, 14 Jul 2010 09:25:34 -0300 Subject: Implement gettext() calls on services_captiveportal.php --- usr/local/www/services_captiveportal.php | 303 ++++++++++++++++--------------- 1 file changed, 152 insertions(+), 151 deletions(-) (limited to 'usr/local/www/services_captiveportal.php') diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index fc5a1a9..512dbf9 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -38,7 +38,6 @@ ##|*MATCH=services_captiveportal.php* ##|-PRIV -$pgtitle = array("Services","Captive portal"); $statusurl = "status_captiveportal.php"; $logurl = "diag_logs_auth.php"; @@ -48,6 +47,8 @@ require("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); +$pgtitle = array(gettext("Services"),gettext("Captive portal")); + if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); $config['captiveportal']['page'] = array(); @@ -111,60 +112,60 @@ if ($_POST) { /* input validation */ if ($_POST['enable']) { $reqdfields = explode(" ", "cinterface"); - $reqdfieldsn = explode(",", "Interface"); + $reqdfieldsn = array(gettext("Interface")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* make sure no interfaces are bridged */ foreach ($pconfig['cinterface'] as $cpbrif) if (link_interface_to_bridge($cpbrif)) - $input_errors[] = "The captive portal cannot be used on interface {$cpbrif} since it is part of a bridge."; + $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif); if ($_POST['httpslogin_enable']) { if (!$_POST['cert'] || !$_POST['key']) { - $input_errors[] = "Certificate and key must be specified for HTTPS login."; + $input_errors[] = gettext("Certificate and key must be specified for HTTPS login."); } else { if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) - $input_errors[] = "This certificate does not appear to be valid."; + $input_errors[] = gettext("This certificate does not appear to be valid."); if (!strstr($_POST['cacert'], "BEGIN CERTIFICATE") || !strstr($_POST['cacert'], "END CERTIFICATE")) - $input_errors[] = "This intermmediate certificate does not appear to be valid."; + $input_errors[] = gettext("This intermmediate certificate does not appear to be valid."); if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) - $input_errors[] = "This key does not appear to be valid."; + $input_errors[] = gettext("This key does not appear to be valid."); } if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { - $input_errors[] = "The HTTPS server name must be specified for HTTPS login."; + $input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login."); } } } if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) { - $input_errors[] = "The timeout must be at least 1 minute."; + $input_errors[] = gettext("The timeout must be at least 1 minute."); } if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { - $input_errors[] = "The idle timeout must be at least 1 minute."; + $input_errors[] = gettext("The idle timeout must be at least 1 minute."); } if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { - $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; + $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']); } if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { - $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]"; + $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']); } if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; + $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']); } if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]"; + $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']); } if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; + $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']); } if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { - $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100."; + $input_errors[] = gettext("The total maximum number of concurrent connections must be between 4 and 100."); } $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16; if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) { - $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum."; + $input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum."); } if (!$input_errors) { @@ -289,11 +290,11 @@ function enable_change(enable_change) { @@ -303,10 +304,10 @@ function enable_change(enable_change) {   onClick="enable_change(false)"> - Enable captive portal + - Interfaces +
- Select the interface(s) to enable for captive portal. + . - Maximum concurrent connections + +value="">
per client IP address (0 = no limit)
-This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in -to the captive portal, but rather how many users can load the portal page or authenticate at the same time! -Default is 4 connections per client IP address, with a total maximum of 16 connections. +. - Idle timeout + -minutes
-Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout. +
+. - Hard timeout + - minutes
- Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set). +
+ . - Logout popup window + > - Enable logout popup window
- If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs. +
+ . - Redirection URL +
-If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried -to access after they've authenticated. +. - Concurrent user logins + > - Disable concurrent logins
- If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected. +
+ . - MAC filtering + > - Disable MAC filtering
- If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. - This is required when the MAC address of the client cannot be determined (usually because there are routers between and the clients). - If this is enabled, RADIUS MAC authentication cannot be used. +
+ . + . - Pass-through MAC Auto Entry + > - Enable Pass-through MAC automatic additions
- If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again. - To remove the passthrough MAC entry you either have to log in and remove it manually from the Pass-through MAC tab or send a POST from another system to remove it. - If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown. +
+ . + Pass-through MAC tab . + .

> - Enable Pass-through MAC automatic addition with username
- If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved. - To remove the passthrough MAC entry you either have to log in and remove it manually from the Pass-through MAC tab or send a POST from another system to remove it. +
+ . + . - Per-user bandwidth restriction + > - Enable per-user bandwidth restriction

+

- - + + - - + +
Default download Kbit/s
Default upload Kbit/s

- If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit. + . - Authentication + + + + @@ -431,40 +432,40 @@ to access after they've authenticated.
> - No Authentication
> - Local User Manager
> - RADIUS Authentication
   
- + - + + . - + + . - + + . - + - + + . - + - + @@ -472,66 +473,66 @@ value=""> - + +
+ . - + + . - + +
+ . - + - + + >
+ . - + - + - + } ?>
- Choose the ip to use for calling station attribute. + . - - + + - + echo "\n"; } ?>
- If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and - the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = 's WAN IP address. + = 's .
Primary RADIUS server
IP address
- Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.
Port
- Leave this field blank to use the default port (1812).
Shared secret    
- Leave this field blank to not use a RADIUS shared secret (not recommended).
Secondary RADIUS server
IP address
- If you have a second RADIUS server, you can activate it by entering its IP address here.
Port
Shared secret    
Accounting
  > - send RADIUS accounting packets
- If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.
Accounting port
- Leave blank to use the default port (1813).
Reauthentication
  > - Reauthenticate connected users every minute
- If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is - logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.
Accounting updates - > no accounting updates
- > stop/start accounting
- > interim update + >
+ >
+ >
RADIUS MAC authentication
  - >Enable RADIUS MAC authentication
- If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password - entered below to the RADIUS server.
Shared secret
RADIUS options
Radius ip attribute
Session-Timeout>Use RADIUS Session-Timeout attributes
- When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.		>
+ .
Type
- MAC address format +
- This option changes the MAC address format used in the whole RADIUS system. Change this if you also - need to change the username format for RADIUS MAC authentication.
- default: 00:11:22:33:44:55
- singledash: 001122-334455
- ietf: 00-11-22-33-44-55
- cisco: 0011.2233.4455
- unformatted: 001122334455 + .
+ : 00:11:22:33:44:55
+ : 001122-334455
+ : 00-11-22-33-44-55
+ : 0011.2233.4455
+ : 001122334455 - HTTPS login + > - Enable HTTPS login
- If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below. +
+ . - HTTPS server name +
- This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on . + . - HTTPS certificate +
- Paste a signed certificate in X.509 PEM format here. + . - HTTPS private key +
- Paste an RSA private key in PEM format here. + . - HTTPS intermediate certificate +
- Paste a certificate in X.509 PEM format here. + . - Portal page contents +
"> } ?> - View current page +

- Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") -with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". -Include the "auth_user" and "auth_pass" and/or "auth_voucher" input fields if authentication is enabled, otherwise it will always fail. -Example code for the form:
+ "$PORTAL_ACTION$") + (name="accept") name="redirurl" value="$PORTAL_REDIRURL$". + "auth_user" "auth_pass" "auth_voucher" . +:

<form method="post" action="$PORTAL_ACTION$">
   <input name="auth_user" type="text">
@@ -677,43 +678,43 @@ Example code for the form:
</form> - Authentication
- error page
- contents +
+
+
- View current page +

-The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. -You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any. + "$PORTAL_MESSAGE$", . - Logout
- page
- contents +
+
+
- View current page +

-The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. -You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any. + "$PORTAL_MESSAGE$", .   - + " onClick="enable_change(true)">   - Note:
- Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. + :
+ . -- cgit v1.1