Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION$"

  • I have 3 files to handle users registration and login in my Captive Portal.

    • index.php: which detect if the user registered or not (if no it redirect the user to registration.php file / if yes it redirect the user to login.php file)
      plus it has a form that POSTing username and password
    <form class="login-form" method="post" action="login.php">
    <input name="user" type="text" class="form-input" placeholder="Username" required>
    <input name="pass" type="password" class="form-input" placeholder="password" required>
    <input name="accept" class="form-button" type="submit" value="Continue">
    • registration.php: which handle user registration.

    • login.php: which has the actual login form required by pfsense CP

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $identity_username = $_POST["user"];
            $identity_password = $_POST["pass"];
        <form method="post" action="$PORTAL_ACTION$">
            <input name="auth_user" type="text" value="<?php echo $identity_username ?>">
            <input name="auth_pass" type="password" value="<?php echo $identity_password ?>">
            <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
            <input name="zone" type="hidden" value="$PORTAL_ZONE$">
            <input name="accept" type="submit" value="Continue">

    I write username/password in index.php form and click submit then in the next page which is http://<SERVER_IP>:8002/login.php I click Continue on the pre-filled form, I got 404 Not Found Error from Nginx and the URL be like http://<SERVER_IP>:8002/$PORTAL_ACTION$ I expect that CP will authenticate the username/password against FreeRadius but it's not the case as you see.
    So, do I miss knowledge with CP behavior or should I modify something?

  • Hi,

    @emad said in Nginx "404 Not Found" Error after POST action to "$PORTAL_ACTION%2quot;:

    So, do I miss knowledge with CP behavior or should I modify something?

    You might as well check (== read and understand what happens when and why etc) this file /usr/local/captiveportal/index.php
    It's the file that's get 'executed' when a users is redirected that the portal login interface.
    Read that file carefully - and also check this one : /etc/inc/ which contains all the functions.

    For instance, you'll find why/where/when a string like $PORTAL_ACTION$ is replaced by the correct URL before getting send to the client.
    Throwing $PORTAL_ACTION$ at the client's web browser who throws it back to the captive portal web server will produce 404 errors.