Login with email address + curl don't work in local



  • Hi pfSense users!

    I'm new to pfSense and want to customize the captive portal. I want it to do a simple thing: users on the LAN are redirected to the captive portal which ask them for their email address. If the address is valid, they are logged-in, else a message warn them of invalid email address.

    I created login.php, a simple form which auto-post $PORTAL_REDIRURL$ and  $PORTAL_ACTION$ (they are not replaced in another php-only page).

    It seems that I cannot execute php script more than ~200 bytes long in login.php: the start of them is interpreted, and after a certain point, script content is outputed as-is in the html source. It's why it splitted the code into 2 php files:

    login.php

    I want the second file, captiveportal-login.php to ask for the email address, and connect as a defined user (ie: guest). I think the better way to do this is that the script itself check email address and post to $PORTAL_ACTION$.

    Here is the simplified code of captiveportal-login.php:

    
    /**
     * http_build_query don't exists in PHP4
     */
    if (!function_exists('http_build_query')) {
    	[... simulatre http_build_query ...]
    }
    
    // Page not called by login.php, redirect to login.php
    if (!isset($_POST["portal_action"]) || !isset($_POST["portal_redirurl"])) {
    	header('Location: login.php');
    	die();
    }
    
    // Redirection from login.php, get portal addresses
    $portal_action = $_POST["portal_action"];
    $portal_redirurl = $_POST["portal_redirurl"];
    
    // Checks if email address have been post, else show login form
    if (!isset($_POST["email"]))
    {
    	showLoginForm($portal_action, $portal_redirurl);
    	die();
    }
    
    // Got a mail address
    $email = trim($_POST["email"]);
    
    // If email if invalid, shows a failure message
    if (!validEmail($email))
    {
    	showLoginForm($portal_action, $portal_redirurl, 'The mail you entered is invalid!');
    	die();
    }
    
    // Got a valid email, post user and password to the portal login form
    //*****************
    echo "server respond: " . Post($portal_action , "auth_user=guest&auth_pass=passw0rd&redirurl=$portal_redirurl&accept=Continue");
    //******************
    
    /**
    Validate an email address.
    Provide email address (raw input)
    Returns true if the email address has the email 
    address format and the domain exists.
    */
    function validEmail($email)
    {
        [... check email and set result in $isValid]
       return $isValid;
    }
    
    /**
     * Shows the login form
     */
    function showLoginForm($portal_action, $portal_redirurl, $message = "")
    {
    
    echo '
    
    ## Login
    
    		Please enter your email address to log-in to the portal.
    
    		**' .  $message . '**
    
    <form method="POST" action="captiveportal-login.php">
    			Email address: 
    
    		</form>
    
    	';
    }
    
    /**
     * POST content to a page
     */
    function Post($url, $post)
    {
    	$ch = curl_init($url);
    	curl_setopt ($ch, CURLOPT_POST, 1);
    	curl_setopt ($ch, CURLOPT_POSTFIELDS,  $post);
    	$result =  curl_exec ($ch);
    	curl_close ($ch);
    
    	return $result;
    }
    ?>
    
    

    My problem come from the Post function: I tried curl, fopen, readfile, exec(curl)… It can post to and get the response from an external page, but when I try getting $PORTAL_ACTION$ (for me http://1.2.3.4:8000) I get an error saying that the destination is unreacheable or a timeout, or simply nothing (instead exec('ls') shows me a result).

    Do you think this code is the best way to do email-authentification?
    Do you know why curl sucks so much in local?

    Regards,
    thegigistouch


Log in to reply