> This adds capability for a new variable in the user specified Captive Portal page: auth_code.
Auth_code represents a one-time use passcode in lieu of userid/password. The code presumes that an
entered passcode represents the userid and password values to be sent to the radius server. We
pre-print these codes on card stock that looks like a bookmark and distribute to visitors as needed
for internet access. Backend code on the radius server turns off the passcode after the day of its
onetime use. Didn't know if anyone else would be interested in this sort of thing...I'm not a PHP
coder, so there isn't anything that prevents someone from entering userid/password and passcode at
the same time in this simple patch.
>
> Bernie
> ----------------------
>
> --- index.php 2005-06-07 15:18:07.000000000 -0400
> +++ sas-index.php 2005-06-07 15:19:46.000000000 -0400
> @@ -65,18 +65,27 @@
>
> /* authenticate against radius server */
> $radiusservers = captiveportal_get_radius_servers();
> -
> - if ($_POST['auth_user'] && $_POST['auth_pass']) {
> - $auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'],
> -
$_POST['auth_pass'],
> +
> + $radius_user = $_POST['auth_user'];
> + $radius_pass = $_POST['auth_pass'];
> + $radius_code = $_POST['auth_code'];
> + /* if we have a code, then use code as both userid and password *blo* */
> + if ($radius_code) {
> + $radius_user = $radius_code;
> + $radius_pass = $radius_code;
> + }
> +
> + if ($radius_user && $radius_pass) {
> + $auth_val = RADIUS_AUTHENTICATION($radius_user,
> + $radius_pass,
>
$radiusservers[0]['ipaddr'],
>
$radiusservers[0]['port'],
>
$radiusservers[0]['key']);
> if ($auth_val == 2) {
> -
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
> - $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']);
> + captiveportal_logportalauth($radius_user,$clientmac,$clientip,"LOGIN");
> + $sessionid = portal_allow($clientip, $clientmac, $radius_user);
> if (isset($config['captiveportal']['radacct_enable']) &&
isset($radiusservers[0])) {
> - $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
> + $auth_val = RADIUS_ACCOUNTING_START($radius_user,
>
$sessionid,
>
$radiusservers[0]['ipaddr'],
>
$radiusservers[0]['acctport'],
> @@ -84,7 +93,7 @@
>
$clientip);
> }
> } else {
> -
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
> + captiveportal_logportalauth($radius_user,$clientmac,$clientip,"FAILURE");
> readfile("{$g['varetc_path']}/captiveportal-error.html");
> }
> } else {
> @@ -96,16 +105,16 @@
> //check against local usermanager
>
> //erase expired accounts
> - if(trim($config['users'][$_POST['auth_user']]['expirationdate'])!="" && strtotime("-1
day")>strtotime($config['users'][$_POST['
> auth_user']]['expirationdate'])){
> - unset($config['users'][$_POST['auth_user']]);
> + if(trim($config['users'][$radius_user]['expirationdate'])!="" && strtotime("-1
day")>strtotime($config['users'][$radius_user]['
> expirationdate'])){
> + unset($config['users'][$radius_user]);
> write_config();
> }
>
> - if($config['users'][$_POST['auth_user']]['password']==md5($_POST['auth_pass'])){
> - captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
> - portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0);
> + if($config['users'][$radius_user]['password']==md5($radius_pass)){
> + captiveportal_logportalauth($radius_user,$clientmac,$clientip,"LOGIN");
> + portal_allow($clientip, $clientmac,$radius_user,0,0);
> } else {
> - captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
> + captiveportal_logportalauth($radius_user,$clientmac,$clientip,"FAILURE");
> readfile("{$g['varetc_path']}/captiveportal-error.html");
> }
> } else if ($_POST['accept'] && $clientip) {
|
