/**
* list client sessions
* @param int $zoneid zone number
* @return array|mixed
*/
public function listAction($zoneid = 0)
{
$mdlCP = new CaptivePortal();
$cpZone = $mdlCP->getByZoneID($zoneid);
if ($cpZone != null) {
$backend = new Backend();
$allClientsRaw = $backend->configdpRun("captiveportal list_clients", array($cpZone->zoneid, 'json'));
$allClients = json_decode($allClientsRaw, true);
return $allClients;
} else {
// illegal zone, return empty response
return array();
}
}
/**
* logon client to zone, must use post type of request
* @param int|string zone id number
* @return array
*/
public function logonAction($zoneid = 0)
{
$clientIp = $this->getClientIp();
if ($this->request->isOptions()) {
// return empty result on CORS preflight
return array();
} elseif ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
// init variables for authserver object and name
$authServer = null;
$authServerName = "";
// get username from post
$userName = $this->request->getPost("user", "striptags", null);
// search zone info, to retrieve list of authenticators
$mdlCP = new CaptivePortal();
$cpZone = $mdlCP->getByZoneID($zoneid);
if ($cpZone != null) {
if (trim((string) $cpZone->authservers) != "") {
// authenticate user
$isAuthenticated = false;
$authFactory = new AuthenticationFactory();
foreach (explode(',', (string) $cpZone->authservers) as $authServerName) {
$authServer = $authFactory->get(trim($authServerName));
// try this auth method
$isAuthenticated = $authServer->authenticate($userName, $this->request->getPost("password", "string"));
if ($isAuthenticated) {
// stop trying, when authenticated
break;
}
}
} else {
// no authentication needed, set username to "anonymous@ip"
$userName = "******" . $clientIp;
$isAuthenticated = true;
}
if ($isAuthenticated) {
// when authenticated, we have $authServer available to request additional data if needed
$clientSession = $this->clientSession((string) $cpZone->zoneid);
if ($clientSession['clientState'] == 'AUTHORIZED') {
// already authorized, return current session
return $clientSession;
} else {
// allow client to this captiveportal zone
$backend = new Backend();
$CPsession = $backend->configdpRun("captiveportal allow", array((string) $cpZone->zoneid, $userName, $clientIp, $authServerName, 'json'));
$CPsession = json_decode($CPsession, true);
// push session restrictions, if they apply
if ($CPsession != null && array_key_exists('sessionId', $CPsession) && $authServer != null) {
$authProps = $authServer->getLastAuthProperties();
// when adding more client/session restrictions, extend next code
// (currently only time is restricted)
if (array_key_exists('session_timeout', $authProps)) {
$backend->configdpRun("captiveportal set session_restrictions", array((string) $cpZone->zoneid, $CPsession['sessionId'], $authProps['session_timeout']));
}
}
if ($CPsession != null) {
// only return session if configd return a valid json response, otherwise fallback to
// returning "UNKNOWN"
return $CPsession;
}
}
} else {
return array("clientState" => 'NOT_AUTHORIZED', "ipAddress" => $clientIp);
}
}
}
return array("clientState" => 'UNKNOWN', "ipAddress" => $clientIp);
}
/**
* delete template by uuid
* @param $uuid item unique id
* @return array status
*/
public function delTemplateAction($uuid)
{
$result = array("result" => "failed");
if ($this->request->isPost()) {
$mdlCP = new CaptivePortal();
if ($uuid != null) {
if ($mdlCP->templates->template->del($uuid)) {
// if item is removed, serialize to config and save
$mdlCP->serializeToConfig();
Config::getInstance()->save();
$result['result'] = 'deleted';
} else {
$result['result'] = 'not found';
}
}
}
return $result;
}
/**
* toggle zone by uuid (enable/disable)
* @param $uuid item unique id
* @param $enabled desired state enabled(1)/disabled(1), leave empty for toggle
* @return array status
*/
public function toggleZoneAction($uuid, $enabled = null)
{
$result = array("result" => "failed");
if ($this->request->isPost()) {
$mdlCP = new CaptivePortal();
if ($uuid != null) {
$node = $mdlCP->getNodeByReference('zones.zone.' . $uuid);
if ($node != null) {
if ($enabled == "0" || $enabled == "1") {
$node->enabled = (string) $enabled;
} elseif ((string) $node->enabled == "1") {
$node->enabled = "0";
} else {
$node->enabled = "1";
}
$result['result'] = $node->enabled;
// if item has toggled, serialize to config and save
$mdlCP->serializeToConfig();
Config::getInstance()->save();
}
}
}
return $result;
}
/**
* logon client to zone, must use post type of request
* @param string zone id number
* @return array
*/
public function logonAction($zoneid = 0)
{
$clientIp = $this->getClientIp();
if ($this->request->isOptions()) {
// return empty result on CORS preflight
return array();
} elseif ($this->request->isPost() && $this->request->hasPost('user')) {
// close session for long running action
$this->sessionClose();
// get username from post
$userName = $this->request->getPost("user", "striptags");
// search zone info, to retrieve list of authenticators
$mdlCP = new CaptivePortal();
$cpZone = $mdlCP->getByZoneID($zoneid);
if ($cpZone != null) {
// authenticate user
$isAuthenticated = false;
$authFactory = new AuthenticationFactory();
foreach (explode(',', (string) $cpZone->authservers) as $authServerName) {
$authServer = $authFactory->get(trim($authServerName));
// try this auth method
$isAuthenticated = $authServer->authenticate($userName, $this->request->getPost("password", "string"));
if ($isAuthenticated) {
// stop trying, when authenticated
break;
}
}
if ($isAuthenticated) {
// when authenticated, we have $authServer available to request additional data if needed
$clientSession = $this->clientSession((string) $cpZone->zoneid);
if ($clientSession['clientState'] == 'AUTHORIZED') {
// already authorized, return current session
return $clientSession;
} else {
// allow client to this captiveportal zone
$backend = new Backend();
$CPsession = $backend->configdpRun("captiveportal allow", array((string) $cpZone->zoneid, $userName, $clientIp, $authServerName, 'json'));
$CPsession = json_decode($CPsession, true);
if ($CPsession != null) {
// only return session if configd return a valid json response, otherwise fallback to
// returning "UNKNOWN"
return $CPsession;
}
}
} else {
return array("clientState" => 'NOT_AUTHORIZED', "ipAddress" => $clientIp);
}
}
}
return array("clientState" => 'UNKNOWN', "ipAddress" => $clientIp);
}
