From 0092b3bd47bdfa8b3bc24e140235e4693918ee46 Mon Sep 17 00:00:00 2001 From: mgrooms Date: Sun, 15 Mar 2009 00:31:55 +0000 Subject: Modify captive portal to use centralized user management. The user manager has been modified to include an account expiration option to support this service. --- usr/local/captiveportal/index.php | 32 +--- usr/local/www/services_captiveportal.php | 7 +- .../www/services_captiveportal_filemanager.php | 1 - usr/local/www/services_captiveportal_ip.php | 1 - usr/local/www/services_captiveportal_mac.php | 3 +- usr/local/www/services_captiveportal_users.php | 138 --------------- .../www/services_captiveportal_users_edit.php | 193 --------------------- usr/local/www/system_usermanager.php | 40 +++++ 8 files changed, 48 insertions(+), 367 deletions(-) delete mode 100755 usr/local/www/services_captiveportal_users.php delete mode 100755 usr/local/www/services_captiveportal_users_edit.php (limited to 'usr') diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 22384bf..011095a 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +require_once("auth.inc"); require_once("functions.inc"); header("Expires: 0"); @@ -135,33 +136,8 @@ EOD; } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { - //check against local usermanager - $userdb = &$config['captiveportal']['user']; - - $loginok = false; - - //erase expired accounts - if (is_array($userdb)) { - $moddb = false; - for ($i = 0; $i < count($userdb); $i++) { - if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) { - unset($userdb[$i]); - $moddb = true; - } - } - if ($moddb) - write_config(); - - $userdb = &$config['captiveportal']['user']; - - for ($i = 0; $i < count($userdb); $i++) { - if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) { - $loginok = true; - break; - } - } - } - + //check against local user manager + $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); if ($loginok){ captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); portal_allow($clientip, $clientmac,$_POST['auth_user']); @@ -415,4 +391,4 @@ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1 captiveportal_unlock(); } -?> \ No newline at end of file +?> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index c4345e5..180840d 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -264,7 +264,6 @@ function enable_change(enable_change) { $tab_array[] = array("Captive portal", true, "services_captiveportal.php"); $tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php"); $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); - $tab_array[] = array("Users", false, "services_captiveportal_users.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); display_top_tabs($tab_array); ?> @@ -372,15 +371,15 @@ to access after they've authenticated. + No Authentication + Local User Manager + RADIUS Authentication diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index e833685..0c1a12c 100755 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -119,7 +119,6 @@ include("head.inc"); $tab_array[] = array("Captive portal", false, "services_captiveportal.php"); $tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php"); $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); - $tab_array[] = array("Users", false, "services_captiveportal_users.php"); $tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php"); display_top_tabs($tab_array); ?> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 2a91321..19bbccd 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -92,7 +92,6 @@ include("head.inc"); $tab_array[] = array("Captive portal", false, "services_captiveportal.php"); $tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php"); $tab_array[] = array("Allowed IP addresses", true, "services_captiveportal_ip.php"); - $tab_array[] = array("Users", false, "services_captiveportal_users.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); display_top_tabs($tab_array); ?> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index a28ee94..47940c4 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -92,7 +92,6 @@ include("head.inc"); $tab_array[] = array("Captive portal", false, "services_captiveportal.php"); $tab_array[] = array("Pass-through MAC", true, "services_captiveportal_mac.php"); $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); - $tab_array[] = array("Users", false, "services_captiveportal_users.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); display_top_tabs($tab_array); ?> @@ -135,4 +134,4 @@ include("head.inc"); - \ No newline at end of file + diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php deleted file mode 100755 index 41ffb24..0000000 --- a/usr/local/www/services_captiveportal_users.php +++ /dev/null @@ -1,138 +0,0 @@ -. - All rights reserved. - Copyright (C) 2005 Pascal Suter . - All rights reserved. - (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-services-captiveportal-users -##|*NAME=Services: Captive portal: Users page -##|*DESCR=Allow access to the 'Services: Captive portal: Users' page. -##|*MATCH=services_captiveportal_users.php* -##|-PRIV - -$pgtitle = array("Services","Captive portal"); -require("guiconfig.inc"); - -if (!is_array($config['captiveportal']['user'])) { - $config['captiveportal']['user'] = array(); -} -captiveportal_users_sort(); -$a_user = &$config['captiveportal']['user']; - -if ($_GET['act'] == "del") { - if ($a_user[$_GET['id']]) { - unset($a_user[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_users.php"); - exit; - } -} - -//erase expired accounts -$changed = false; -for ($i = 0; $i < count($a_user); $i++) { - if ($a_user[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($a_user[$i]['expirationdate']))) { - unset($a_user[$i]); - $changed = true; - } -} -if ($changed) { - write_config(); - header("Location: services_captiveportal_users.php"); - exit; -} - -include("head.inc"); - -?> - - -

> - No authentication
> - Local user manager
> - RADIUS authentication

- - - - -

- -

- - - - - - - - - - - - - - - - - - - -

Username

Full name

Expires

- - - - - -

- -

- - - - - -

- - - diff --git a/usr/local/www/services_captiveportal_users_edit.php b/usr/local/www/services_captiveportal_users_edit.php deleted file mode 100755 index e61b32d..0000000 --- a/usr/local/www/services_captiveportal_users_edit.php +++ /dev/null @@ -1,193 +0,0 @@ -. - All rights reserved. - Copyright (C) 2005 Pascal Suter . - All rights reserved. - (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-services-captiveportal-edituser -##|*NAME=Services: Captive portal: Edit User page -##|*DESCR=Allow access to the 'Services: Captive portal: Edit User' page. -##|*MATCH=services_captiveportal_users_edit.php* -##|-PRIV - -$pgtitle = array("Services","Captive portal","Edit user"); -require("guiconfig.inc"); - -if (!is_array($config['captiveportal']['user'])) { - $config['captiveportal']['user'] = array(); -} -captiveportal_users_sort(); -$a_user = &$config['captiveportal']['user']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($id) && $a_user[$id]) { - $pconfig['username'] = $a_user[$id]['name']; - $pconfig['fullname'] = $a_user[$id]['fullname']; - $pconfig['expirationdate'] = $a_user[$id]['expirationdate']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "username"); - $reqdfieldsn = explode(",", "Username"); - } else { - $reqdfields = explode(" ", "username password"); - $reqdfieldsn = explode(",", "Username,Password"); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) - $input_errors[] = "The username contains invalid characters."; - - if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) - $input_errors[] = "The passwords do not match."; - - //check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp - //so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim - //to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to - //MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate - if ($_POST['expirationdate']){ - if(strtotime($_POST['expirationdate']) > 0){ - if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){ - $input_errors[] = "The expiration date lies in the past."; - } else { - //convert from any strtotime compatible date to MM/DD/YYYY - $expdate = strtotime($_POST['expirationdate']); - $_POST['expirationdate'] = date("m/d/Y",$expdate); - } - } else { - $input_errors[] = "Invalid expiration date format; use MM/DD/YYYY instead."; - } - } - - if (!$input_errors && !(isset($id) && $a_user[$id])) { - /* make sure there are no dupes */ - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['username']) { - $input_errors[] = "Another entry with the same username already exists."; - break; - } - } - } - - if (!$input_errors) { - - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; - - $userent['name'] = $_POST['username']; - $userent['fullname'] = $_POST['fullname']; - $userent['expirationdate'] = $_POST['expirationdate']; - - if ($_POST['password']) - $userent['password'] = md5($_POST['password']); - - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else - $a_user[] = $userent; - - write_config(); - - header("Location: services_captiveportal_users.php"); - exit; - } -} - -include("head.inc"); - -?> - - - - - - - - diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index b82484a..5c1b48a 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -149,6 +149,7 @@ if (isAllowedPage("system_usermanager")) { if (isset($id) && $a_user[$id]) { $pconfig['usernamefld'] = $a_user[$id]['name']; $pconfig['fullname'] = $a_user[$id]['fullname']; + $pconfig['expires'] = $a_user[$id]['expires']; $pconfig['groups'] = local_user_get_groups($a_user[$id]); $pconfig['utype'] = $a_user[$id]['scope']; $pconfig['uid'] = $a_user[$id]['uid']; @@ -198,6 +199,28 @@ if (isAllowedPage("system_usermanager")) { } } + /* + * Check for a valid expirationdate if one is set at all (valid means, + * strtotime() puts out a time stamp so any strtotime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if ($_POST['expires']){ + if(strtotime($_POST['expires']) > 0){ + if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) { + $input_errors[] = "The expiration date lies in the past."; + } else { + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expires']); + $_POST['expires'] = date("m/d/Y",$expdate); + } + } else { + $input_errors[] = "Invalid expiration date format; use MM/DD/YYYY instead."; + } + } + if (isset($config['system']['ssh']['sshdkeyonly']) && empty($_POST['authorizedkeys'])) $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); @@ -224,6 +247,7 @@ if (isAllowedPage("system_usermanager")) { $userent['name'] = $_POST['usernamefld']; $userent['fullname'] = $_POST['fullname']; + $userent['expires'] = $_POST['expires']; $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); if (isset($id) && $a_user[$id]) @@ -248,6 +272,12 @@ if (isAllowedPage("system_usermanager")) { "> + +

Username	- -
Password	- - - (confirmation) - If you want to change the users' password, - enter it here twice. -
Full name	- - - User's full name, for your own information only
Expiration date	- - - - Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy
	- - - - -