update for vouchers and remove captiveportal features which will not work for initial release

3de21e1e · Ad Schellevis · f4f6b83b · 3de21e1e · 3de21e1e · 3de21e1e
Commit 3de21e1e authored Dec 29, 2014 by Ad Schellevis
4 changed files
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -103,11 +103,17 @@ function captiveportal_remove_entries($remove) {
 function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $pipeno = null, $radiusctx = null)  {
    global $cpzone ,$type,$g;
+    $cpc = new OPNsense\CaptivePortal\CPClient();
    // Ensure we create an array if we are missing attributes
    if (!is_array($attributes)) {
        $attributes = array();
    }
+    if ($attributes['voucher']) {
+        $remaining_time = $attributes['session_timeout'];
+    }
    // handle
    $dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0;
    $dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0;
@@ -118,10 +124,31 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
    $session_terminate_time = (!empty($attributes['session_terminate_time'])) ? $attributes['session_terminate_time'] : 'NULL';
    $interim_interval = (!empty($attributes['interim_interval'])) ? $attributes['interim_interval'] : 'NULL';
-    if (is_null($radiusctx))
+    if ($attributes['voucher']) {
+        $db = new OPNsense\Captiveportal\DB($cpzone);
+        $clients  = $db->listClients(array("username"=>$username), null, null);
+        foreach ($clients as $client) {
+            // user is already connected, disconnect old session
+            $cpc->disconnect($cpzone, $client->sessionid);
+            // calculate new session end time for this voucher
+            $session_terminate_time = $client->allow_time + $client->session_timeout - time() ;
+        }
+        if ($session_terminate_time <= 0) {
+            // no time left for voucher
+            return 0;
+        }
+        unset($db);
+    }
+    if (is_null($radiusctx)) {
        $radiusctx = 'first';
+    }
-    $cpc = new OPNsense\CaptivePortal\CPClient();
    $sessionid = $cpc->portal_allow($cpzone,$clientip,$clientmac,$username,$password,$bw_up,$bw_down,$radiusctx,$session_timeout,$idle_timeout,$session_terminate_time,$interim_interval);
    if (isset($config['captiveportal'][$cpzone]['radacct_enable']) && !empty($radiusservers[$radiusctx])) {
@@ -130,14 +157,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
            captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED");
    }
-    // TODO: fix vouchers
-//    // user logged in with an active voucher. Check for how long and calculate
-//    // how much time we can give him (voucher credit - used time)
-//    $remaining_time = $cpentry[0] + $cpentry[7] - $allow_time;
-//    if ($remaining_time < 0)    // just in case.
-//        $remaining_time = 0;
-//    if ($attributes['voucher'] && $remaining_time <= 0)
-//        return 0;       // voucher already used and no time left
    // TODO: error handling
 //    /* if the pool is empty, return appropriate message and exit */
 //    if (is_null($pipeno)) {

--- a/src/www/services_captiveportal.php
+++ b/src/www/services_captiveportal.php
@@ -574,6 +574,7 @@ function enable_change(enable_change) {
 											<?=gettext("minutes"); ?><br />
 										  <?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td>
 										</tr>
+<!--										
 										<tr>
 										  <td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td>
 										  <td width="78%" class="vtable">
@@ -595,6 +596,7 @@ function enable_change(enable_change) {
 											<strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br />
 											<?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td>
 										</tr>
+-->										
 										<tr>
 										  <td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td>
 										  <td width="78%" class="vtable">
@@ -617,6 +619,7 @@ function enable_change(enable_change) {
 									<?=gettext("If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried " .
 									"to access after they've authenticated."); ?></td>
 										</tr>
+<!--										
 										<tr>
 											<td valign="top" class="vncell"><?=gettext("Blocked MAC address redirect URL"); ?> </td>
 											<td class="vtable">
@@ -624,6 +627,7 @@ function enable_change(enable_change) {
 												<?php printf(gettext("If you provide a URL here, MAC addresses set to be blocked will be redirect to that URL when attempt to access anything."));?>
 											</td>
 										</tr>
+-->										
 										<tr>
 									      <td valign="top" class="vncell"><?=gettext("Concurrent user logins"); ?></td>
 									      <td class="vtable">
@@ -631,6 +635,7 @@ function enable_change(enable_change) {
 										<strong><?=gettext("Disable concurrent logins"); ?></strong><br />
 										<?=gettext("If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected."); ?></td>
 										</tr>
+<!--										
 										<tr>
 									      <td valign="top" class="vncell"><?=gettext("Per-user bandwidth restriction"); ?></td>
 									      <td class="vtable">
@@ -648,6 +653,7 @@ function enable_change(enable_change) {
 									        <br />
 									        <?=gettext("If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit."); ?> </td>
 										</tr>
+-->										
 										<tr>
 										  <td width="22%" valign="top" class="vncell"><?=gettext("Authentication"); ?></td>
 										  <td width="78%" class="vtable">

--- a/src/www/services_captiveportal_ip_edit.php
+++ b/src/www/services_captiveportal_ip_edit.php
@@ -221,6 +221,7 @@ include("head.inc");
 											<br /> <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)"); ?>.</span>
 										</td>
 									</tr>
+<!--									
 									<tr>
 										<td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth up"); ?></td>
 										<td width="78%" class="vtable">
@@ -235,6 +236,7 @@ include("head.inc");
 										<br /> <span class="vexpl"><?=gettext("Enter a download limit to be enforced on this IP address in Kbit/s"); ?></span>
 									</td>
 									</tr>
+-->									
 									<tr>
 										<td width="22%" valign="top">&nbsp;</td>
 										<td width="78%">

--- a/src/www/services_captiveportal_mac_edit.php
+++ b/src/www/services_captiveportal_mac_edit.php
@@ -236,6 +236,7 @@ include("head.inc");
 											<span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)"); ?>.</span>
 										</td>
 									</tr>
+<!--									
 									<tr>
 										<td width="22%" valign="top" class="vncell"><?=gettext("Bandwidth up"); ?></td>
 										<td width="78%" class="vtable">
@@ -252,6 +253,7 @@ include("head.inc");
 											<span class="vexpl"><?=gettext("Enter a download limit to be enforced on this MAC address in Kbit/s"); ?></span>
 										</td>
 									</tr>
+-->									
 									<tr>
 										<td width="22%" valign="top">&nbsp;</td>
 										<td width="78%">