/** * list client sessions * @param int $zoneid zone number * @return array|mixed */ public function listAction($zoneid = 0) { $mdlCP = new CaptivePortal(); $cpZone = $mdlCP->getByZoneID($zoneid); if ($cpZone != null) { $backend = new Backend(); $allClientsRaw = $backend->configdpRun("captiveportal list_clients", array($cpZone->zoneid, 'json')); $allClients = json_decode($allClientsRaw, true); return $allClients; } else { // illegal zone, return empty response return array(); } }
/** * logon client to zone, must use post type of request * @param int|string zone id number * @return array */ public function logonAction($zoneid = 0) { $clientIp = $this->getClientIp(); if ($this->request->isOptions()) { // return empty result on CORS preflight return array(); } elseif ($this->request->isPost()) { // close session for long running action $this->sessionClose(); // init variables for authserver object and name $authServer = null; $authServerName = ""; // get username from post $userName = $this->request->getPost("user", "striptags", null); // search zone info, to retrieve list of authenticators $mdlCP = new CaptivePortal(); $cpZone = $mdlCP->getByZoneID($zoneid); if ($cpZone != null) { if (trim((string) $cpZone->authservers) != "") { // authenticate user $isAuthenticated = false; $authFactory = new AuthenticationFactory(); foreach (explode(',', (string) $cpZone->authservers) as $authServerName) { $authServer = $authFactory->get(trim($authServerName)); // try this auth method $isAuthenticated = $authServer->authenticate($userName, $this->request->getPost("password", "string")); if ($isAuthenticated) { // stop trying, when authenticated break; } } } else { // no authentication needed, set username to "anonymous@ip" $userName = "******" . $clientIp; $isAuthenticated = true; } if ($isAuthenticated) { // when authenticated, we have $authServer available to request additional data if needed $clientSession = $this->clientSession((string) $cpZone->zoneid); if ($clientSession['clientState'] == 'AUTHORIZED') { // already authorized, return current session return $clientSession; } else { // allow client to this captiveportal zone $backend = new Backend(); $CPsession = $backend->configdpRun("captiveportal allow", array((string) $cpZone->zoneid, $userName, $clientIp, $authServerName, 'json')); $CPsession = json_decode($CPsession, true); // push session restrictions, if they apply if ($CPsession != null && array_key_exists('sessionId', $CPsession) && $authServer != null) { $authProps = $authServer->getLastAuthProperties(); // when adding more client/session restrictions, extend next code // (currently only time is restricted) if (array_key_exists('session_timeout', $authProps)) { $backend->configdpRun("captiveportal set session_restrictions", array((string) $cpZone->zoneid, $CPsession['sessionId'], $authProps['session_timeout'])); } } if ($CPsession != null) { // only return session if configd return a valid json response, otherwise fallback to // returning "UNKNOWN" return $CPsession; } } } else { return array("clientState" => 'NOT_AUTHORIZED', "ipAddress" => $clientIp); } } } return array("clientState" => 'UNKNOWN', "ipAddress" => $clientIp); }
/** * logon client to zone, must use post type of request * @param string zone id number * @return array */ public function logonAction($zoneid = 0) { $clientIp = $this->getClientIp(); if ($this->request->isOptions()) { // return empty result on CORS preflight return array(); } elseif ($this->request->isPost() && $this->request->hasPost('user')) { // close session for long running action $this->sessionClose(); // get username from post $userName = $this->request->getPost("user", "striptags"); // search zone info, to retrieve list of authenticators $mdlCP = new CaptivePortal(); $cpZone = $mdlCP->getByZoneID($zoneid); if ($cpZone != null) { // authenticate user $isAuthenticated = false; $authFactory = new AuthenticationFactory(); foreach (explode(',', (string) $cpZone->authservers) as $authServerName) { $authServer = $authFactory->get(trim($authServerName)); // try this auth method $isAuthenticated = $authServer->authenticate($userName, $this->request->getPost("password", "string")); if ($isAuthenticated) { // stop trying, when authenticated break; } } if ($isAuthenticated) { // when authenticated, we have $authServer available to request additional data if needed $clientSession = $this->clientSession((string) $cpZone->zoneid); if ($clientSession['clientState'] == 'AUTHORIZED') { // already authorized, return current session return $clientSession; } else { // allow client to this captiveportal zone $backend = new Backend(); $CPsession = $backend->configdpRun("captiveportal allow", array((string) $cpZone->zoneid, $userName, $clientIp, $authServerName, 'json')); $CPsession = json_decode($CPsession, true); if ($CPsession != null) { // only return session if configd return a valid json response, otherwise fallback to // returning "UNKNOWN" return $CPsession; } } } else { return array("clientState" => 'NOT_AUTHORIZED', "ipAddress" => $clientIp); } } } return array("clientState" => 'UNKNOWN', "ipAddress" => $clientIp); }