From 7faeda46273b8c1bc0b2ded1e5ea95956c90667c Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sun, 20 Mar 2005 22:24:53 +0000 Subject: Import m0n0wall 1.2b7's captive portal code *WITH* user manager. And the crowd goes wild. --- usr/local/captiveportal/index.php | 96 ++++++++- usr/local/www/datetimepicker.js | 22 ++- usr/local/www/services_captiveportal.php | 27 ++- usr/local/www/services_captiveportal_ip.php | 1 + usr/local/www/services_captiveportal_mac.php | 1 + usr/local/www/services_captiveportal_users.php | 264 +++++++++++++++++++++++++ 6 files changed, 392 insertions(+), 19 deletions(-) create mode 100755 usr/local/www/services_captiveportal_users.php (limited to 'usr') diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 497e506..c51c073 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -27,6 +27,10 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + This version of index.php has been modified by Rob Parker + . Changes made are in relation to Per-User Bandwidth + Management based on returned RADIUS attributes, and are (c) 2004 Keycom PLC. */ require("globals.inc"); @@ -59,7 +63,12 @@ if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) { if ($clientmac && portal_mac_fixed($clientmac)) { /* punch hole in ipfw for pass thru mac addresses */ - portal_allow($clientip, $clientmac, "unauthenticated"); + // KEYCOM: passthru mac bandwidth control] + if (isset($config['captiveportal']['peruserbw'])) { + portal_allow($clientip, $clientmac, "unauthenticated",$config['captiveportal']['bwauthmacup'],$config['captiveportal']['bwauthmacdn']); + } else { + portal_allow($clientip, $clientmac, "unauthenticated",0,0); + } } else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { @@ -72,14 +81,23 @@ if ($clientmac && portal_mac_fixed($clientmac)) { $radiusservers[0]['ipaddr'], $radiusservers[0]['port'], $radiusservers[0]['key']); + $auth_returns = explode("/", $auth_val); + $auth_val = $auth_returns[0]; + $bw_up = $auth_returns[1]; + $bw_down = $auth_returns[2]; if ($auth_val == 2) { - $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']); + if (isset($config['captiveportal']['peruserbw'])) { + $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],$bw_up,$bw_down); + } else { + $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],0,0); + } if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'], $sessionid, $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key']); + $radiusservers[0]['key'], + $clientip); } } else { readfile("{$g['varetc_path']}/captiveportal-error.html"); @@ -88,8 +106,34 @@ if ($clientmac && portal_mac_fixed($clientmac)) { readfile("{$g['varetc_path']}/captiveportal-error.html"); } +} else if ($_POST['accept'] && $config['captiveportal']['auth_method']=="local") { + //check against local usermanager + + //erase expired accounts + if(trim($config['users'][$_POST['auth_user']]['expirationdate'])!="" && strtotime("-1 day")>strtotime($config['users'][$_POST['auth_user']]['expirationdate'])){ + unset($config['users'][$_POST['auth_user']]); + write_config(); + } + if($config['users'][$_POST['auth_user']]['password']==md5($_POST['auth_pass'])){ + portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0); + } else { + readfile("{$g['varetc_path']}/captiveportal-error.html"); + } } else if ($_POST['accept'] && $clientip) { - portal_allow($clientip, $clientmac, "unauthenticated"); + //KEYCOM: authorised up and down bandwidth defaults (set from webgui). If not set, use 128/128 + if (isset($config['captiveportal']['peruserbw'])) { + $bw_up=$config['captiveportal']['bwauthipup']; + $bw_down=$config['captiveportal']['bwauthipdn']; + if(!isset($bw_up)) { + $bw_up=128; + } + if(!isset($bw_down)) { + $bw_down=128; + } + portal_allow($clientip, $clientmac, "unauthenticated",$bw_up,$bw_down); + } else { + portal_allow($clientip, $clientmac, "unauthenticated",0,0); + } } else if ($_POST['logout_id']) { disconnect_client($_POST['logout_id']); echo <<"+WindowTitle+""); docCal.writeln(""); + docCal.writeln(""); docCal.writeln("
"); - vCalHeader="\n"; + vCalHeader="
\n"; //Month Selector vCalHeader+="\n
@@ -318,6 +334,15 @@ to access after they've authenticated. + +
\n"; vCalHeader+="
RADIUS server + + + + + + + + + diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index c648fb3..4c0fbcb 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -92,6 +92,7 @@ if ($_GET['act'] == "del") {
  • Captive portal
  • Pass-through MAC
  • Allowed IP addresses
    • +
  • Users
    • diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 67be1b8..58e6a73 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -92,6 +92,7 @@ if ($_GET['act'] == "del") {
  • Captive portal
  • Pass-through MAC
  • Allowed IP addresses
    • +
  • Users
    • diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php new file mode 100755 index 0000000..46b9e17 --- /dev/null +++ b/usr/local/www/services_captiveportal_users.php @@ -0,0 +1,264 @@ +#!/usr/local/bin/php +. + All rights reserved. + Copyright (C) 2005 Pascal Suter . + All rights reserved. + (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pgtitle = array("Services", "Captive portal"); +require("guiconfig.inc"); +if(isset($_POST['save'])){ + //value-checking + if(trim($_POST['password1'])!="********" && + trim($_POST['password1'])!="" && + trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed but don't match + $input_errors[]="passwords don't match"; + } + if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") && + (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){ + //assume password should be left as is if a password is set already. + if(!empty($config['users'][$_POST['old_username']]['password'])){ + $_POST['password1']="********"; + $_POST['password2']="********"; + } else { + $input_errors[]="password must not be empty"; + } + } else { + if(trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed or set but don't match + $input_errors[]="passwords don't match"; + } else { + //check password for invalid characters + if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){ + $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed"; + //test pw: AZaz_-.@~()&*+§?!$£°%;: + } + } + } + if($_POST['username']==""){ + $input_errors[] = "username must not be empty!"; + } + //check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp + //so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim + //to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to + //MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate + if(trim($_POST['expirationdate'])!=""){ + if(strtotime($_POST['expirationdate'])>0){ + if(strtotime("-1 day")>strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){ + $input_errors[] = "selected expiration date lies in the past"; + } else { + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expirationdate']); + $_POST['expirationdate'] = date("m/d/Y",$expdate); + } + } else { + $input_errors[] = "invalid expiration date format, use MM/DD/YYYY instead"; + } + } + //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can + //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml + //could not be parsed anymore! + if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){ + $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; + } + + if(!empty($input_errors)){ + //there are illegal inputs --> print out error message and show formular again (and fill in all recently entered values + //except passwords + $_GET['act']="new"; + $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); + $_GET['username']=$_POST['old_username']; + foreach(Array("username","fullname","expirationdate") as $field){ + $config['users'][$_POST['old_username']][$field]=$_POST[$field]; + } + } else { + //all values are okay --> saving changes + $_POST['username']=trim($_POST['username']); + if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ + //change the username (which is used as array-index) + $config['users'][$_POST['username']]=$config['users'][$_POST['old_username']]; + unset($config['users'][$_POST['old_username']]); + } + foreach(Array('fullname','expirationdate') as $field){ + $config['users'][$_POST['username']][$field]=trim($_POST[$field]); + } + if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ + $config['users'][$_POST['username']]['password']=md5(trim($_POST['password1'])); + } + write_config(); + $savemsg=$_POST['username']." successfully saved
    "; + } +} else if ($_GET['act']=="delete" && isset($_GET['username'])){ + unset($config['users'][$_GET['username']]); + write_config(); + $savemsg=$_GET['username']." successfully deleted
    "; +} +//erase expired accounts +$changed=false; +if(is_array($config['users'])){ + foreach($config['users'] as $username => $user){ + if(trim($user['expirationdate'])!="" && strtotime("-1 day")>strtotime($user['expirationdate']) && empty($input_errors)){ + unset($config['users'][$username]); + $changed=true; + $savemsg.="$username has expired --> $username was deleted
    "; + } + } + if($changed){ + write_config(); + } +} + +?> + + + +<?=gentitle("pfSense webGUI");?> + + + + + + + + + + + +
    No Authentication:   onClick="auth_method_change()">
    Local Usermanager:   onClick="auth_method_change()">
    RADIUS Authentication:   onClick="auth_method_change()">
    IP address:
    + + + + + + + + +END; + if(is_array($config['users'])){ + foreach($config['users'] as $username => $user){ +?> + + + + + + + + + + +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Username + +
    + Username to be used
    Password + "> +
    + Password for the user
    confirm Password + "> +
    + Confirm the above Password
    Full Name + +
    + Full Name of current user, for your own information only
    Expiration Date + + Pick a date +
    enter nothing if account doesnt expire, otherwhise enter the expiration date in us-format: mm/dd/yyyy
      + + +
    + + +
    UsernameFull NameExpires
    +   + +   + +   + +  
    +END; +} +?> + +
    + -- cgit v1.1