[ previous ] [ next ] [ threads ]
 
 From:  "Bernie O'Connor" <Bernie dot OConnor at sas dot com>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Patch for wrap-1.2b8 /usr/local/captiveportal/index.php
 Date:  Tue, 7 Jun 2005 12:57:52 -0400
> This adds capability for a new variable in the user specified Captive Portal page: auth_code. 
Auth_code represents a one-time use passcode in lieu of userid/password.  The code  presumes that an
entered passcode represents the userid and password values to be sent to the radius server.  We
pre-print these codes on card stock that looks like a bookmark and distribute to visitors as needed
for internet access.  Backend code on the radius server turns off the passcode after the day of its
onetime use.  Didn't know if anyone else would be interested in this sort of thing...I'm not a PHP
coder, so there isn't anything that prevents someone from entering  userid/password and passcode at
the same time in this simple patch.
> 
> Bernie
> ----------------------
> 
> --- index.php   2005-06-07 15:18:07.000000000 -0400
> +++ sas-index.php       2005-06-07 15:19:46.000000000 -0400
> @@ -65,18 +65,27 @@
> 
>         /* authenticate against radius server */
>         $radiusservers = captiveportal_get_radius_servers();
> -
> -       if ($_POST['auth_user'] && $_POST['auth_pass']) {
> -               $auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'],
> -                                                                                
$_POST['auth_pass'],
> +
> +       $radius_user = $_POST['auth_user'];
> +       $radius_pass = $_POST['auth_pass'];
> +       $radius_code = $_POST['auth_code'];
> +       /* if we have a code, then use code as both userid and password *blo* */
> +       if ($radius_code) {
> +               $radius_user =  $radius_code;
> +               $radius_pass =  $radius_code;
> +               }
> +
> +       if ($radius_user && $radius_pass) {
> +               $auth_val = RADIUS_AUTHENTICATION($radius_user,
> +                                                                                 $radius_pass,
>                                                                                  
$radiusservers[0]['ipaddr'],
>                                                                                  
$radiusservers[0]['port'],
>                                                                                  
$radiusservers[0]['key']);
>                 if ($auth_val == 2) {
> -                      
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
> -                       $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']);
> +                       captiveportal_logportalauth($radius_user,$clientmac,$clientip,"LOGIN");
> +                       $sessionid = portal_allow($clientip, $clientmac, $radius_user);
>                         if (isset($config['captiveportal']['radacct_enable']) &&
isset($radiusservers[0])) {
> -                               $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
> +                               $auth_val = RADIUS_ACCOUNTING_START($radius_user,
>                                                                                                   
     $sessionid,
>                                                                                                   
     $radiusservers[0]['ipaddr'],
>                                                                                                   
     $radiusservers[0]['acctport'],
> @@ -84,7 +93,7 @@
>                                                                                                   
     $clientip);
>                         }
>                 } else {
> -                      
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
> +                       captiveportal_logportalauth($radius_user,$clientmac,$clientip,"FAILURE");
>                         readfile("{$g['varetc_path']}/captiveportal-error.html");
>                 }
>         } else {
> @@ -96,16 +105,16 @@
>         //check against local usermanager
> 
>         //erase expired accounts
> -       if(trim($config['users'][$_POST['auth_user']]['expirationdate'])!="" && strtotime("-1
day")>strtotime($config['users'][$_POST['
> auth_user']]['expirationdate'])){
> -               unset($config['users'][$_POST['auth_user']]);
> +       if(trim($config['users'][$radius_user]['expirationdate'])!="" && strtotime("-1
day")>strtotime($config['users'][$radius_user]['
> expirationdate'])){
> +               unset($config['users'][$radius_user]);
>                 write_config();
>         }
> 
> -       if($config['users'][$_POST['auth_user']]['password']==md5($_POST['auth_pass'])){
> -               captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
> -               portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0);
> +       if($config['users'][$radius_user]['password']==md5($radius_pass)){
> +               captiveportal_logportalauth($radius_user,$clientmac,$clientip,"LOGIN");
> +               portal_allow($clientip, $clientmac,$radius_user,0,0);
>         } else {
> -               captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
> +               captiveportal_logportalauth($radius_user,$clientmac,$clientip,"FAILURE");
>                 readfile("{$g['varetc_path']}/captiveportal-error.html");
>         }
>  } else if ($_POST['accept'] && $clientip) {