From 4fc68c5aa4f72e930d453266c7bfb166af057b18 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 18:35:06 +0000
Subject: Do comparions as meant not assignment. Pointy-hat: Myself

---
 usr/local/captiveportal/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 03bd01a..b019b00 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -198,7 +198,7 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
     global $g, $config;
 
     /* Get captive portal layout */
-    if ($type = "redir") {
+    if ($type == "redir") {
 	header("Location: {$redirurl}");
 	return;
     } else if ($type == "login")
-- 
cgit v1.1


From fac13a5eb382ce8773e6897d06d28e06abe07179 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 18:38:41 +0000
Subject: Add a function to find the mac address on a passthrough mac entry by
 username(if present) in the <username> tag of the entry.

---
 usr/local/www/services_captiveportal_mac.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 7c40b85..f7aa502 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -64,8 +64,15 @@ if ($_POST) {
 			clear_subsystem_dirty('passthrumac');
 	}
 
-	if ($_POST['delmac'] && $_POST['postafterlogin']) {
-		if (is_array($a_passthrumacs)) {
+	if ($_POST['postafterlogin']) {
+		if (!is_array($a_passthrumacs))
+			exit;
+		if ($_POST['username']) {
+			$mac = captiveportal_passthrumac_findbyname($_POST['username']);
+			if (!empty($mac))
+				$_POST['delmac'] = $mac['mac'];	
+		}
+		if ($_POST['delmac']) {
 			$found = false;
 			foreach ($a_passthrumacs as $idx => $macent) {
 				if ($macent['mac'] == $_POST['delmac']) {
-- 
cgit v1.1


From 1c291e64f1273d2dc9a9d0ef5f714468b4ed49e7 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 19:16:24 +0000
Subject: Add the username to the auto added mac passthrough entry. Add an
 option to services->captiveportal page to activate/deactivate the auto-saving
 of username with the auto added mac passthrough.

---
 usr/local/captiveportal/index.php        | 15 ++++++++++++++-
 usr/local/www/services_captiveportal.php | 10 +++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

(limited to 'usr')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index b019b00..52d177a 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -286,7 +286,18 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		$remaining_time = $attributes['session_timeout'];
 
 	/* Find an existing session */
-	for ($i = 0; $i < count($cpdb); $i++) {
+	if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
+		if (isset($config['captiveportal']['passthrumacadd'])) {
+			$mac = captiveportal_passthrumac_findbyname($username);
+			if (!empty($mac)) {
+				portal_reply_page($redirurl, "error", "Username: {$username} is known with another mac address.");
+				exit;
+			}
+		}
+	}
+
+	$nousers = count($cpdb);
+	for ($i = 0; $i < $nousers; $i++) {
 		/* on the same ip */
 		if($cpdb[$i][2] == $clientip) {
 			captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION");
@@ -342,6 +353,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		if ($passthrumac) {
 			$mac = array();
 			$mac['mac'] = $clientmac;
+			if (isset($config['captiveportal']['passthrumacaddusername']))
+				$mac['username'] = $username;
 			$mac['descr'] =  "Auto added pass-through MAC for user {$username}";
 			if (!empty($bw_up))
 				$mac['bw_up'] = $bw_up;
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 6b024d3..8d79eb2 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -93,6 +93,7 @@ $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
 $pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
 $pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
 $pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']);
+$pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']);
 $pconfig['radmac_format'] = $config['captiveportal']['radmac_format'];
 
 if ($_POST) {
@@ -194,6 +195,7 @@ if ($_POST) {
 		$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
 		$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
 		$config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
+		$config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
 		$config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
 
 		/* file upload? */
@@ -370,7 +372,13 @@ to access after they've authenticated.</td>
         <strong>Enable Pass-through MAC automatic additions</strong><br>
     If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again. 
     To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it.
-    If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.</td>
+    If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.
+	<br/><br/>
+        <input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
+        <strong>Enable Pass-through MAC automatic addition with username</strong><br>
+    If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved.
+    To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it.
+	</td>
 	</tr>
 	<tr>
       <td valign="top" class="vncell">Per-user bandwidth restriction</td>
-- 
cgit v1.1


From ddd1fb7f19f6496cb772db67e722720972ce8d5b Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 27 May 2010 17:08:06 -0400
Subject: Add IPsec PSK field to User Manager. No backend code to use this
 value yet.

---
 usr/local/www/system_usermanager.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'usr')

diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 1224f6a..c3da004 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -158,6 +158,7 @@ if (isAllowedPage("system_usermanager")) {
 			$pconfig['uid'] = $a_user[$id]['uid'];
 			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
 			$pconfig['priv'] = $a_user[$id]['priv'];
+			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
 			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
 		}
 	}
@@ -270,6 +271,7 @@ if (isAllowedPage("system_usermanager")) {
 			$userent['fullname'] = $_POST['fullname'];
 			$userent['expires'] = $_POST['expires'];
 			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
+			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
 			
 			if($_POST['disabled'])
 				$userent['disabled'] = true;
@@ -728,6 +730,12 @@ function sshkeyClicked(obj) {
 								<?=gettext("Paste an authorized keys file here.");?>
 							</td>
 						</tr>
+						<tr id="ipsecpskrow" name="ipsecpskrow">
+							<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
+							<td width="78%" class="vtable">
+								<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>">
+							</td>
+						</tr>
 						<tr>
 							<td width="22%" valign="top">&nbsp;</td>
 							<td width="78%">
-- 
cgit v1.1


From 66a72c9f60adbd38d2054f137b9576335d941f01 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 28 May 2010 16:11:18 -0400
Subject: Show user keys on PSK list, edit link reroutes to user edit page.

---
 usr/local/www/vpn_ipsec_keys.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'usr')

diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php
index 59bb57c..2a232f3 100644
--- a/usr/local/www/vpn_ipsec_keys.php
+++ b/usr/local/www/vpn_ipsec_keys.php
@@ -46,6 +46,18 @@ if (!is_array($config['ipsec']['mobilekey'])) {
 ipsec_mobilekey_sort();
 $a_secret = &$config['ipsec']['mobilekey'];
 
+$userkeys = array();
+foreach ($config['system']['user'] as $id => $user) {
+	if (isset($user['ipsecpsk'])) {
+		$k = array();
+		$k["ident"] = $user['name'];
+		$k["pre-shared-key"] = $user['ipsecpsk'];
+		$k["id"] = $id;
+		$userkeys[] = $k;
+	}
+}
+
+
 if ($_GET['act'] == "del") {
 	if ($a_secret[$_GET['id']]) {
 		unset($a_secret[$_GET['id']]);
@@ -98,6 +110,19 @@ if (is_subsystem_dirty('ipsec'))
 			</table>
 		  </td>
 		</tr>
+			  <?php $i = 0; foreach ($userkeys as $secretent): ?>
+		<tr>
+		<td class="listlr gray">
+			<?=htmlspecialchars($secretent['ident']);?>
+		</td>
+		<td class="listr gray">
+			<?=htmlspecialchars($secretent['pre-shared-key']);?>
+		</td>
+		<td class="list" nowrap><a href="system_usermanager.php?act=edit&id=<?=$secretent['id'];?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit key" width="17" height="17" border="0"></a>
+		&nbsp;</td>
+				</tr>
+			  <?php $i++; endforeach; ?>
+
 			  <?php $i = 0; foreach ($a_secret as $secretent): ?>
                 <tr> 
                   <td class="listlr">
-- 
cgit v1.1


From 23e95c1a265382d6585328b71b12b040cac7f4e3 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 28 May 2010 16:12:08 -0400
Subject: Don't let someone add a custom PSK that conflicts with an existing
 username. While here, style formfields appropriately.

---
 usr/local/www/vpn_ipsec_keys_edit.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index 6e0db5b..20ac6c0 100644
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -56,6 +56,10 @@ if (isset($id) && $a_secret[$id]) {
 }
 
 if ($_POST) {
+	$userids = array();
+	foreach ($config['system']['user'] as $id => $user) {
+		$userids[$user['name']] = $id;
+	}
 	
 	unset($input_errors);
 	$pconfig = $_POST;
@@ -68,6 +72,9 @@ if ($_POST) {
 	
 	if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident']))
 		$input_errors[] = "The identifier contains invalid characters.";
+
+	if (array_key_exists($_POST['ident'], $userids))
+		$input_errors[] = "A user with this name already exists. Add the key to the user instead.";
 	
 	if (!$input_errors && !(isset($id) && $a_secret[$id])) {
 		/* make sure there are no dupes */
@@ -117,7 +124,7 @@ include("head.inc");
                 <tr> 
                   <td valign="top" class="vncellreq">Identifier</td>
                   <td class="vtable">
-					<?=$mandfldhtml;?><input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>">
+					<?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=$pconfig['ident'];?>">
                     <br>
 This can be either an IP address, fully qualified domain name or an e-mail address.       
                   </td>
@@ -125,7 +132,7 @@ This can be either an IP address, fully qualified domain name or an e-mail addre
                 <tr> 
                   <td width="22%" valign="top" class="vncellreq">Pre-shared key</td>
                   <td width="78%" class="vtable"> 
-                    <?=$mandfldhtml;?><input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>">
+                    <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>">
                   </td>
                 </tr>
                 <tr> 
-- 
cgit v1.1


From 72b9e452966668484e3a9ae15aedbc65df4a3bd0 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 20:15:30 +0000
Subject: Some configurations want to be able to ask users about replacing
 their existing mac during auto mac passthrough logins if they change
 equipment. Allow this in the backend by requiring the user to need posting a
 replacemacpassthru field with the post. Also add the possibility to send back
 with a portal_reply_page generated page the username and password posted.

---
 usr/local/captiveportal/index.php | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

(limited to 'usr')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 52d177a..204d6fa 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -194,7 +194,7 @@ exit;
 
 exit;
 
-function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null) {
+function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) {
     global $g, $config;
 
     /* Get captive portal layout */
@@ -232,6 +232,8 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
 	$htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext);
 	$htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext);
 	$htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext);
+	$htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext);
+	$htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext);
 
     echo $htmltext;
 }
@@ -254,7 +256,7 @@ function portal_mac_radius($clientmac,$clientip) {
 
 function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null)  {
 
-	global $redirurl, $g, $config, $type, $passthrumac;
+	global $redirurl, $g, $config, $type, $passthrumac, $_POST;
 
 	/* See if a ruleno is passed, if not start locking the sessions because this means there isn't one atm */
 	$captiveshouldunlock = false;
@@ -285,13 +287,31 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 	if ($attributes['voucher'])
 		$remaining_time = $attributes['session_timeout'];
 
+	$writecfg = false;
 	/* Find an existing session */
 	if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
 		if (isset($config['captiveportal']['passthrumacadd'])) {
 			$mac = captiveportal_passthrumac_findbyname($username);
 			if (!empty($mac)) {
-				portal_reply_page($redirurl, "error", "Username: {$username} is known with another mac address.");
-				exit;
+				if ($_POST['replacemacpassthru']) {
+					foreach ($a_passthrumacs as $idx => $macent) {
+						if ($macent['mac'] == $mac['mac']) {
+							unset($config['captiveportal']['passthrumac'][$idx]);
+							$mac['mac'] = $clientmac;
+							$config['captiveportal']['passthrumac'][] = $mac;
+							$macrules = captiveportal_passthrumac_configure_entry($mac);
+							file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
+							mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
+							$writecfg = true;
+							$sessionid = true;
+							break;
+						}
+					}
+                                } else {
+					portal_reply_page($redirurl, "error", "Username: {$username} is known with another mac address.",
+						$clientmac, $clientip, $username, $password);
+					exit;
+				}
 			}
 		}
 	}
@@ -334,7 +354,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		return 0;       // voucher already used and no time left
 	}
 
-	$writecfg = false;
 	if (!isset($sessionid)) {
 
 		/* generate unique session ID */
-- 
cgit v1.1


From d462a851d8655e0636c9f1ca3912f3f09efcd223 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 21:01:51 +0000
Subject: Provide an error message to the call.

---
 usr/local/captiveportal/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 204d6fa..59456d7 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -170,7 +170,7 @@ exit;
         }
     } else {
         captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
-        portal_reply_page($redirurl, "error");
+        portal_reply_page($redirurl, "error", "Invalid username/password specified.");
     }
 
 } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
-- 
cgit v1.1


From 5b87b24e07c6bf29c1e905ed6f75b6859d4f5fd7 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 21:30:47 +0000
Subject: Make the logout page configurable like the other pages. The only
 difference is that this page/code will be treated as a .php page so it may
 contain internal php CP variables referenced.

---
 usr/local/captiveportal/index.php        | 32 +-------------------------------
 usr/local/www/services_captiveportal.php | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 31 deletions(-)

(limited to 'usr')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 59456d7..bd5a91c 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -467,38 +467,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 			$logouturl = "http://{$ourhostname}/";
 		}
 
-		echo <<<EOD
-<HTML>
-<HEAD><TITLE>Redirecting...</TITLE></HEAD>
-<BODY>
-<SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
-<B>Redirecting to <A HREF="{$my_redirurl}">{$my_redirurl}</A>...</B>
-</SPAN>
-<SCRIPT LANGUAGE="JavaScript">
-<!--
-LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64');
-if (LogoutWin) {
-    LogoutWin.document.write('<HTML>');
-    LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
-    LogoutWin.document.write('<BODY BGCOLOR="#435370">');
-    LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
-    LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
-    LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">');
-    LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">');
-    LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
-    LogoutWin.document.write('</FORM>');
-    LogoutWin.document.write('</DIV></BODY>');
-    LogoutWin.document.write('</HTML>');
-    LogoutWin.document.close();
-}
+		include("{$g['varetc_path']}/captiveportal-logout.html");
 
-document.location.href="{$my_redirurl}";
--->
-</SCRIPT>
-</BODY>
-</HTML>
-
-EOD;
 	} else {
 		if($_POST['ORIGINAL_PORTAL_IP'] && $_SERVER['SERVER_NAME'] != $_POST['ORIGINAL_PORTAL_IP']) {
  			header ('HTTP/1.1 301 Moved Permanently');
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 8d79eb2..fcc5be6 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -57,6 +57,9 @@ if ($_GET['act'] == "viewhtml") {
 } else if ($_GET['act'] == "viewerrhtml") {
 	echo base64_decode($config['captiveportal']['page']['errtext']);
 	exit;
+} else if ($_GET['act'] == "viewlogouthtml") {
+	echo base64_decode($config['captiveportal']['page']['logouttext']);
+	exit;
 }
 
 $pconfig['cinterface'] = $config['captiveportal']['interface'];
@@ -203,6 +206,8 @@ if ($_POST) {
 			$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
 		if (is_uploaded_file($_FILES['errfile']['tmp_name']))
 			$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
+		if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
+			$config['captiveportal']['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
 
 		write_config();
 
@@ -257,6 +262,7 @@ function enable_change(enable_change) {
 	document.iform.radiussession_timeout.disabled = radius_endis;
 	document.iform.htmlfile.disabled = endis;
 	document.iform.errfile.disabled = endis;
+	document.iform.logoutfile.disabled = endis;
 
 	document.iform.radiusacctport.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change;
 
@@ -644,6 +650,20 @@ The contents of the HTML/PHP file that you upload here are displayed when an aut
 You may include &quot;$PORTAL_MESSAGE$&quot;, which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
 	</tr>
 	<tr>
+	  <td width="22%" valign="top" class="vncell">Logout<br>
+		page<br>
+		contents</td>
+	  <td class="vtable">
+		<input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
+		<?php if ($config['captiveportal']['page']['logouttext']): ?>
+		<a href="?act=viewlogouthtml" target="_blank">View current page</a>
+		  <br>
+		  <br>
+		<?php endif; ?>
+The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs.
+You may include &quot;$PORTAL_MESSAGE$&quot;, which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
+	</tr>
+	<tr>
 	  <td width="22%" valign="top">&nbsp;</td>
 	  <td width="78%">
 		<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
-- 
cgit v1.1


From fe383a26af8229e139d0853c11210e6252db6c0b Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 28 May 2010 22:40:27 +0000
Subject: Use REQUEST to hanle both POST/GET.

---
 usr/local/captiveportal/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr')

diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index bd5a91c..5990ec1 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -43,7 +43,7 @@ header("Cache-Control: post-check=0, pre-check=0", false);
 header("Pragma: no-cache");
 
 $orig_host = $_ENV['HTTP_HOST'];
-$orig_request = $_GET['redirurl'];
+$orig_request = $_REQUEST['redirurl'];
 $clientip = $_SERVER['REMOTE_ADDR'];
 
 if (!$clientip) {
-- 
cgit v1.1


From 943d4ad25d63bb74478baad804d63a70ac081a6b Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 28 May 2010 21:12:59 -0400
Subject: add auth logs tab to CP screens

---
 usr/local/www/services_captiveportal.php             | 1 +
 usr/local/www/services_captiveportal_filemanager.php | 1 +
 usr/local/www/services_captiveportal_ip.php          | 1 +
 usr/local/www/services_captiveportal_mac.php         | 1 +
 usr/local/www/services_captiveportal_vouchers.php    | 1 +
 5 files changed, 5 insertions(+)

(limited to 'usr')

diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index fcc5be6..331708a 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -288,6 +288,7 @@ function enable_change(enable_change) {
 	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
 	display_top_tabs($tab_array);
 ?>    </td></tr>
   <tr>
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 328f293..2c8d815 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -137,6 +137,7 @@ include("head.inc");
 	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php");
+	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
 	display_top_tabs($tab_array);
 ?>  </td></tr>
   <tr>
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 4bf2cf9..61e05e5 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -85,6 +85,7 @@ include("head.inc");
 	$tab_array[] = array("Allowed IP addresses", true, "services_captiveportal_ip.php");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
 	display_top_tabs($tab_array);
 ?>
   </td></tr>
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index f7aa502..3e459f4 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -125,6 +125,7 @@ include("head.inc");
 	$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
 	display_top_tabs($tab_array);
 ?>
   </td></tr>
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index c43de08..de305b7 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -244,6 +244,7 @@ function enable_change(enable_change) {
         $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
         $tab_array[] = array("Vouchers", true, "services_captiveportal_vouchers.php");
         $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
         display_top_tabs($tab_array);
 ?> 
   </ul>
-- 
cgit v1.1


From 881eb09217613337da4dd5376a038446a0e18b1c Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 28 May 2010 21:26:04 -0400
Subject: add a status tab to the CP screens as well

---
 usr/local/www/services_captiveportal.php             | 1 +
 usr/local/www/services_captiveportal_filemanager.php | 1 +
 usr/local/www/services_captiveportal_ip.php          | 1 +
 usr/local/www/services_captiveportal_mac.php         | 1 +
 usr/local/www/services_captiveportal_vouchers.php    | 1 +
 5 files changed, 5 insertions(+)

(limited to 'usr')

diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 331708a..aa24b3d 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -289,6 +289,7 @@ function enable_change(enable_change) {
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
+	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>    </td></tr>
   <tr>
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 2c8d815..cc64bc9 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -138,6 +138,7 @@ include("head.inc");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
+	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>  </td></tr>
   <tr>
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 61e05e5..1b3f71e 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -86,6 +86,7 @@ include("head.inc");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
+	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>
   </td></tr>
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 3e459f4..d88da1a 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -126,6 +126,7 @@ include("head.inc");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
+	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>
   </td></tr>
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index de305b7..c4ee4bb 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -245,6 +245,7 @@ function enable_change(enable_change) {
         $tab_array[] = array("Vouchers", true, "services_captiveportal_vouchers.php");
         $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
+	$tab_array[] = array("Status", false, "status_captiveportal.php");
         display_top_tabs($tab_array);
 ?> 
   </ul>
-- 
cgit v1.1


From 40e18a72af0d2633251ef197ff6311325ce4eae9 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 28 May 2010 21:31:21 -0400
Subject: Revert "add a status tab to the CP screens as well", this is just a
 tad too long

This reverts commit 881eb09217613337da4dd5376a038446a0e18b1c.
---
 usr/local/www/services_captiveportal.php             | 1 -
 usr/local/www/services_captiveportal_filemanager.php | 1 -
 usr/local/www/services_captiveportal_ip.php          | 1 -
 usr/local/www/services_captiveportal_mac.php         | 1 -
 usr/local/www/services_captiveportal_vouchers.php    | 1 -
 5 files changed, 5 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index aa24b3d..331708a 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -289,7 +289,6 @@ function enable_change(enable_change) {
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
-	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>    </td></tr>
   <tr>
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index cc64bc9..2c8d815 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -138,7 +138,6 @@ include("head.inc");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
-	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>  </td></tr>
   <tr>
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 1b3f71e..61e05e5 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -86,7 +86,6 @@ include("head.inc");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
-	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>
   </td></tr>
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index d88da1a..3e459f4 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -126,7 +126,6 @@ include("head.inc");
 	$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
 	$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
-	$tab_array[] = array("Status", false, "status_captiveportal.php");
 	display_top_tabs($tab_array);
 ?>
   </td></tr>
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index c4ee4bb..de305b7 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -245,7 +245,6 @@ function enable_change(enable_change) {
         $tab_array[] = array("Vouchers", true, "services_captiveportal_vouchers.php");
         $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
 	$tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
-	$tab_array[] = array("Status", false, "status_captiveportal.php");
         display_top_tabs($tab_array);
 ?> 
   </ul>
-- 
cgit v1.1


From 88e4881bb041c7556cfe4a22102c6c8a9eae2a5f Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 28 May 2010 22:43:08 -0400
Subject: fix text

---
 usr/local/www/diag_dhcp_leases.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr')

diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php
index 58e8351..1656e83 100755
--- a/usr/local/www/diag_dhcp_leases.php
+++ b/usr/local/www/diag_dhcp_leases.php
@@ -354,7 +354,7 @@ foreach ($leases as $data) {
 		echo "<tr>\n";
                 echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane}&nbsp;</td>\n";
                 if ($data['online'] != "online") {
-                        echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"send Wake on Lan packet to mac\">{$data['mac']}</a>{$fspane}&nbsp;</td>\n";
+                        echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"send Wake on LAN packet to this MAC\">{$data['mac']}</a>{$fspane}&nbsp;</td>\n";
                 } else {
                 	echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane}&nbsp;</td>\n";
                 }
-- 
cgit v1.1


From 12fa7ea105a69183ba5b97c3ff7de62f97f30dc0 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 28 May 2010 22:44:18 -0400
Subject: more text fixes

---
 usr/local/www/diag_dhcp_leases.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php
index 1656e83..e8e9409 100755
--- a/usr/local/www/diag_dhcp_leases.php
+++ b/usr/local/www/diag_dhcp_leases.php
@@ -354,7 +354,7 @@ foreach ($leases as $data) {
 		echo "<tr>\n";
                 echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane}&nbsp;</td>\n";
                 if ($data['online'] != "online") {
-                        echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"send Wake on LAN packet to this MAC\">{$data['mac']}</a>{$fspane}&nbsp;</td>\n";
+                        echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"send Wake on LAN packet to this MAC address\">{$data['mac']}</a>{$fspane}&nbsp;</td>\n";
                 } else {
                 	echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane}&nbsp;</td>\n";
                 }
@@ -378,12 +378,12 @@ foreach ($leases as $data) {
 		}
 
                 echo "<td valign=\"middle\"><a href=\"services_wol_edit.php?if={$data['if']}&mac={$data['mac']}&descr={$data['hostname']}\">";
-		echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_wol_all.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"add a Wake on Lan mapping for this MAC address\"></a></td>\n";
+		echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_wol_all.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"add a Wake on LAN mapping for this MAC address\"></a></td>\n";
 
 		/* Only show the button for offline dynamic leases */
 		if (($data['type'] == "dynamic") && ($data['online'] != "online")) {
 			echo "<td class=\"list\" valign=\"middle\"><a href=\"diag_dhcp_leases.php?deleteip={$data['ip']}&all={$_GET['all']}\">";
-			echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"delete this dhcp lease\"></a></td>\n";
+			echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"delete this DHCP lease\"></a></td>\n";
 		}
                 echo "</tr>\n";
 	}
-- 
cgit v1.1