… good point.

I guess I should have reworded my question to "how can I use Mongodb and Nodejs".

p.s. I appreciate your belief in my capabilities :D

yes im using radius but i dont know how to do this. i dont know where to get the active users.

Maybe this might help:

http://mgyinngetay.blogspot.co.uk/2014/04/how-to-configure-pfsense-captive-portal.html

How long is your :
Default DHCP lease time ?
Max DHCP lease time ?
concerning your interfaces interfaces ?

You are using a captive portal on LAN and OPT1 ?

Btw : Captive portal users are 'DISCONNECTED' by the function captiveportal_prune_old() (/etc/inc/captiveportal.inc)

Note : a "idletimeout" of 7200 minutes should NEVER log you out (= DISCONNECT). Today, every device does communicate all the time. For example, update checks are running all the time. A basic Windows system will sue the Internet - if a connection is available - all the time.
This means that the activity indicator (see Status -> Captive portal - and hit the "Show last Activity" button) will be set to a recent time all the time. A period of 5 days of NO activity at all is impossible.
This means that's something is very wrong ….

note2 : Did you checked "Status -> Captive portal - (and hit the "Show last Activity" button)" ? The Colum "Last activity" stays on recent times ?

@Artemiy:

https://google.com or https://facebook.com

Publish the golden rule for your visitors : never ever use a https site when you are connecting to a unknown (== captive portal) network.
Users want a protected one-to-one connection, that is understandable.
But you are using the captive portal - so users will be redirected from the site they want to visit, to the site where they have to authenticate first (pFsense).
This is against de 'https' rules
See it this way : Firefox is right.
Users ARE warned that they didn't land on their https …
This is another way to protect a users from a "man in de middle attack" - this time its clearly shown by the navigator.

If I was visiting https://my-bank-site.tld and another site sghows up instead (even emulating my banks site very well) and my navigator still accepts the connection, I would DITCH these browser.

This is solved.

The solution was to segment a DHCP pool that is restricted to a mac vendor (first six).

Then set that IP pool to bypass on the captive portal page.

Read and check this https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

Is the nginx running on the portal interface ?
Use SSH acces and :
ps ax | grep 'nginx'
sockstat -4l | grep 'nginx'

Btw : being able to access the portal on the WAN NIC ….. well, something is very wrong.

;D

Nice !!!

Thank you, Skron.  That works perfectly.  :)

Hi sir sorry for the late reply. Our problem is that we need to have the list of users in an external database like mysql and in the database the usernames and password where placed there. What are the ways so we can achieved our goal sir? please help us and thank you for replying us.

I just realized that my big image's button does not redirect me anymore to the intranet site, but just on the "Invalid Credentials Specified" page, as when a wrong voucher/password is entered…
There is any way to make both things works??

Inserting voucher code or username plus password = access to the internet

Just clicking on the huge image's button= access to the intranet only(NO www)

Solution:
                I just put my big button image as the "error's page" and now clicking to it i get redirected to my local host.

so as far as i see, there is no easy way to dynamically isolate clients until authorized, client isolation is possible, but dynamically is nearly impossible, i think ill get back to the standard AP WPA thing nd get over with it.  :(

Yes was depending from Mozilla FireFox, even if i have never been ask to save or use those credentials for those 2 fields, it kept putting them there even after having been erased and saved (without  asking, that's weird).
Using Google's Chrome fixed the issue, as those 2 fields would come up blank,
thanks! :)

An example from Google…

tp-link-bandwidth-control-1.jpg
tp-link-bandwidth-control-1.jpg_thumb

Ok i fixed it.
The problem was depending from the fact that i thought the only firewall was "Selinux" (which i disabled), but there was another default firewall still on, so as soon i realize that, i disabled it and now it works, good job OOPF, thank you for helping yourself…. ;D

Maybe you misunderstood me:
The captiveportal works fine with the css, if someone connect via interface.
It just not load the css files if i watch the portal page over the pfsense webconfigurator.

attached file: That "view" button i press.

Files on pfsense:

[2.3.1-RELEASE][root@fw.int]/root: ls -la /usr/local/captiveportal/ total 40 drwxr-xr-x  2 root  wheel  1024 Jun 30 13:42 . drwxr-xr-x  15 root  wheel    512 May 20 12:01 .. lrwxr-xr-x  1 root  wheel    39 Jun 29 15:23 captiveportal-bg.jpg -> /var/db/cpelements/captiveportal-bg.jpg lrwxr-xr-x  1 root  wheel    43 Jun 29 15:28 captiveportal-custom.css -> /var/db/cpelements/captiveportal-custom.css lrwxr-xr-x  1 root  wheel    44 Jun 29 15:24 captiveportal-fitlogo.png -> /var/db/cpelements/captiveportal-fitlogo.png lrwxr-xr-x  1 root  wheel    56 Jun 29 15:24 captiveportal-fontawesome-webfont.ttf -> /var/db/cpelements/captiveportal-fontawesome-webfont.ttf lrwxr-xr-x  1 root  wheel    57 Jun 29 15:24 captiveportal-fontawesome-webfont.woff -> /var/db/cpelements/captiveportal-fontawesome-webfont.woff lrwxr-xr-x  1 root  wheel    53 Jun 29 15:24 captiveportal-jquery-1.11.1.min.js -> /var/db/cpelements/captiveportal-jquery-1.11.1.min.js lrwxr-xr-x  1 root  wheel    45 Jun 30 13:42 captiveportal-success.html -> /var/db/cpelements/captiveportal-success.html lrwxr-xr-x  1 root  wheel    41 Jun 30 13:05 captiveportal-test.css -> /var/db/cpelements/captiveportal-test.css lrwxr-xr-x  1 root  wheel    49 Jun 29 15:27 captiveportal-uikit.active.css -> /var/db/cpelements/captiveportal-uikit.active.css lrwxr-xr-x  1 root  wheel    42 Jun 29 15:25 captiveportal-uikit.css -> /var/db/cpelements/captiveportal-uikit.css lrwxr-xr-x  1 root  wheel    45 Jun 29 15:25 captiveportal-uikit.min.js -> /var/db/cpelements/captiveportal-uikit.min.js lrwxr-xr-x  1 root  wheel    44 Jun 29 15:25 captiveportal-wa_logo.png -> /var/db/cpelements/captiveportal-wa_logo.png -rw-r--r--  1 root  wheel  10454 May 16 23:22 index.php -rw-r--r--  1 root  wheel  10434 May 16 23:22 radius_accounting.inc -rw-r--r--  1 root  wheel  6862 May 16 23:22 radius_authentication.inc


Can you mention :
The IP the "CP" of pfsense is using.
The mask
The DHCP range activated on the CP NIC.
The IP your AP is using.
The IP / Gateway / DNS the visitor(s) device(s) got from the DHCP server on pfsense (running on CP).
Did you saw the DHCP log entries for this lease on pfsense (you should recognize the MAC).

Your login page is sane. The error page is just another login page though, so you'll go back to the login upon an authentication failure. Status>System logs, Portal Auth should show why authentication is failing.