From b01792a0a3df6795d21ca205cf57b371b41bf195 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 3 May 2010 17:43:39 +0000
Subject: Ticket #566. Reimplement the allowed ips keeping previous
 funcitonality and improving by adding a both direction. The problem with
 previous commit is that it always assumes that allowed ip address would have
 a pipe configured and entires without one would just get dropped.

---
 usr/local/www/services_captiveportal_ip.php      | 12 ++++++--
 usr/local/www/services_captiveportal_ip_edit.php | 39 ++++++++++++++----------
 2 files changed, 33 insertions(+), 18 deletions(-)

(limited to 'usr/local/www')
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index fb8711b..4bf2cf9 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -56,8 +56,10 @@ if ($_GET['act'] == "del") {
 		$ipent = $a_allowedips[$_GET['id']];
 		
 		if (isset($config['captiveportal']['enable'])) {
-			mwexec("/sbin/ipfw table 1 delete " . $ipent['ip']);
-			mwexec("/sbin/ipfw table 2 delete " . $ipent['ip']);
+			mwexec("/sbin/ipfw table 3 delete " . $ipent['ip']);
+			mwexec("/sbin/ipfw table 4 delete " . $ipent['ip']);
+			mwexec("/sbin/ipfw table 5 delete " . $ipent['ip']);
+			mwexec("/sbin/ipfw table 6 delete " . $ipent['ip']);
 		}
 			
 		unset($a_allowedips[$_GET['id']]);
@@ -104,7 +106,13 @@ include("head.inc");
   <?php $i = 0; foreach ($a_allowedips as $ip): ?>
 	<tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'">
 	  <td class="listlr">
+		<?php if($ip['dir'] == "to") 
+			echo "any <img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">";
+		?>	
 		<?=strtolower($ip['ip']);?>
+		<?php if($ip['dir'] == "from") 
+			echo "<img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any";
+		?>
 	  </td>
 	  <td class="listbg">
 		<?=htmlspecialchars($ip['descr']);?>&nbsp;
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 45c4e2f..09d8075 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -67,6 +67,7 @@ if (isset($_POST['id']))
 
 if (isset($id) && $a_allowedips[$id]) {
 	$pconfig['ip'] = $a_allowedips[$id]['ip'];
+	$pconfig['dir'] = $a_allowedips[$id]['dir'];
 	$pconfig['bw_up'] = $a_allowedips[$id]['bw_up'];
 	$pconfig['bw_down'] = $a_allowedips[$id]['bw_down'];
 	$pconfig['descr'] = $a_allowedips[$id]['descr'];
@@ -104,6 +105,7 @@ if ($_POST) {
 	if (!$input_errors) {
 		$ip = array();
 		$ip['ip'] = $_POST['ip'];
+		$ip['dir'] = $_POST['dir'];
 		$ip['descr'] = $_POST['descr'];
 		if ($_POST['bw_up'])
                         $ip['bw_up'] = $_POST['bw_up'];
@@ -117,22 +119,11 @@ if ($_POST) {
 		
 		write_config();
 
-		if (isset($config['captiveportal']['enable'])) {
-			$bwup = "";
-			$bwdown = "";
-			$ruleno = captiveportal_get_next_ipfw_ruleno();
-			if (!empty($ip['bw_up'])) {
-				$pipeno = $ruleno + 20000;
-				mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100");
-				$bwup = "pipe {$pipeno}";
-			}
-			if (!empty($ip['bw_down'])) {
-				$pipeno = $ruleno + 20001;
-				mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100");
-				$bwdown = "pipe {$pipeno}";
-			}
-			mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}");
-			mwexec("/sbin/ipfw table 2 add {$ip['ip']} {$bwdown}");
+		if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) {
+			$rules = captiveportal_allowedip_configure_entry($ip);
+			file_put_contents("{$g['tmp_path']}/allowedip_tmp", $rules);
+			mwexec("/sbin/ipfw {$g['tmp_path']}/allowedip_tmp");
+			@unlink("{$g['tmp_path']}/allowedip_tmp");
 		}
 		
 		header("Location: services_captiveportal_ip.php");
@@ -149,6 +140,22 @@ include("head.inc");
             <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform">
               <table width="100%" border="0" cellpadding="6" cellspacing="0">
 		<tr>
+                  <td width="22%" valign="top" class="vncellreq">Direction</td>
+                  <td width="78%" class="vtable"> 
+			<select name="dir" class="formfld">
+		<?php 
+			$dirs = explode(" ", "Both From To") ;
+			foreach ($dirs as $dir): ?>
+				<option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected";?> >
+				<?=htmlspecialchars($dir);?>
+				</option>
+		<?php endforeach; ?>
+			</select>
+                    <br> 
+                    <span class="vexpl">Use <em>From</em> to always allow an IP address through the captive portal (without authentication). 
+                    Use <em>To</em> to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.</span></td>
+                </tr>
+		<tr>
                   <td width="22%" valign="top" class="vncellreq">IP address</td>
                   <td width="78%" class="vtable"> 
                     <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="17" value="<?=htmlspecialchars($pconfig['ip']);?>">
-- 
cgit v1.1


Direction	+ + + Use From to always allow an IP address through the captive portal (without authentication). + Use To to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.
IP address	-- cgit v1.1