@Swicago said in Different rate limits based on login ?:
Next I will see how I can make the Radius user valid for a few days after 1st login.
It looks like we were replying to each other at the same time and overlapped our replies.
Impressive solution, well done. As far as your timeout requirement, the solution may partially be in the code I sent with my prior reply. If you can get away with it, I believe Captive Portal will disconnect by itself at the hard timeout value anyway. I needed to share time amongst all connected devices to one user account and the solution below includes that consideration.
$cpdb_50 = captiveportal_read_db();
$nbr_logins_50 = 0;
$user_50 = $cpentry[4];
foreach ($cpdb_50 as $cpentry_50) {
if($cpentry_50[4] === $user_50) {
$nbr_logins_50 = $nbr_logins_50 +1;
$time_used = $time_used + (time() - $cpentry_50[0]);
}
}
unset($cpdb_50);
The $time_used variable is tracking total connect time. The next piece of code maxes out a data quota and lets freeRadius disconnect (everyone logged into that user) on the next reauthenticate interval for each of them in turn.
if (($auth_result['result'] === false) || (intval($time_used) > $cpentry[7])) {
if((intval($time_used) > $cpentry[7]) && ($cpzone == "vlan50")) {
$d_max_file = "/var/log/radacct/datacounter/forever/max-octets-" . $cpentry[4];
$d_used_file = "/var/log/radacct/datacounter/forever/used-octets-" . $cpentry[4];
$d_log_file = "/var/log/radlog/forever-used-octets";
$d_max = array();
if (file_exists($d_max_file)) {
$file_max_OK = "File exists";
$d_max_handle = fopen($d_max_file, "r");
while(!feof($d_max_handle)) {
$d_max[] = fgets($d_max_handle);
}
fclose($d_max_handle);
}
$d_used = array();
if (file_exists($d_used_file)) {
$d_used_handle = fopen($d_used_file, "r");
while(!feof($d_used_handle)) {
$d_used[] = fgets($d_used_handle);
}
$dused = $d_used[0];
fclose($d_used_handle);
$d_used_handle = fopen($d_used_file, "w");
fwrite($d_used_handle,strval($d_max[0] + 1));
fclose($d_used_handle);
}
if (file_exists($d_log_file)) {
$d_log_handle = fopen($d_log_file, "a");
fwrite($d_log_handle,$d_log_file . "," . str_replace("\n","",strval($user_50)) . "," . str_replace("\n","",strval($nbr_logins_50)) . "," . str_replace("\n","",strval($dused)) . "," . str_replace("\n","",strval($d_max[0])) . "," . date("Y-m-d h:i:sa") . "\n");
fclose($d_log_handle);
}
unset($d_max);
unset($d_used);
}
captiveportal_disconnect($cpentry, 17);
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT - REAUTHENTICATION FAILED", $auth_result['reply_message']);
$unsetindexes[] = $cpentry[5];
Maybe that will stimulate one possibility to consider?
.