Unable to run even basic PHP code on from submittion
-
Hi there,
my goal, is to record guests info in Google Spreadsheet via captive portal and custom PHP page,
but unfortunately, I faced a very strange issue, I am unable to execute any PHP code on form submission.I've tried even basic things:
<?php if (isset($_POST['submit'])) { echo "<h2>Hello, World!</h2>"; } ?> <!DOCTYPE html> <html> <head> <title>PHP Hello World</title> </head> <body> <form method="post"> <button type="submit" name="submit">Click Me</button> </form> </body> </html>I've also tried this:
if ($_SERVER['REQUEST_METHOD'] === 'POST')But unfortunately, when a guest connects to the network,
the code ran once (during the first page load) and did not run on submitting the form.Seems like pfSense does not use POST in this case, or it is somehow conflicting with something else.
Is there any way to verify my theory or make it work? :) -
I copied your script into a file called test.php here /usr/local/www/test.php
Then I visited it : https://pfsense.bhf.tld/test.php
I saw :
and when clicked :
-
@Gertjan
okay, I am sorry, maybe I did not verify the resultCan I ask you to test with this code?
<?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); echo '<script language="javascript">'; echo 'alert("php header")'; echo '</script>'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { echo '<script language="javascript">'; echo 'alert("php if entered")'; echo '</script>'; echo '<script language="javascript">'; echo 'alert("message successfully sent")'; echo '</script>'; } ?> <!DOCTYPE html> <html lang="uk"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Guest auth</title> <style> body { font-family: Arial, sans-serif; background-color: #f4f4f4; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; } .container { background-color: #fff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); width: 300px; } .form-group { margin-bottom: 15px; } .form-group input { width: 100%; padding: 8px; box-sizing: border-box; } button { width: 100%; padding: 10px; background-color: #28a745; color: white; border: none; border-radius: 5px; cursor: pointer; } </style> </head> <body> <div class="container"> <h1>Auth</h1> <form method="POST" action="$PORTAL_ACTION$"> <div class="form-group"> <label for="name">Name:</label> <input id="name" name="name" type="text" required> </div> <div class="form-group"> <label for="email">Email:</label> <input id="email" name="email" type="email" required> </div> <div class="form-group"> <label for="phone">Phone:</label> <input id="phone" name="phone" type="tel" required> </div> <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> <input name="zone" type="hidden" value="$PORTAL_ZONE$"> <div class="form-group"> <input name="accept" type="submit" value="Continue"> </div> </form> </div> </body> </html>but please, upload it via Captive portal option (Portal page contents) :
As far as I can understand, it must show me 3 JS alerts: first when page is loaded, second and third when form is submitted. But it shows me only first JS alert.
-
I saw this :
Btw :
This is my captive portal login page :<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html lang="fr-FR"> <head> <title>Brand Hotel Town</title> <meta name="viewport" content="width=device-width, user-scalable=no" /> <style> #content,.login,.login-card a,.login-card h1,.login-help{text-align:center}body,html{margin:0;padding:0;width:100%;height:100%;display:table}#content{font-family:'Source Sans Pro',sans-serif;background-color:#1C1275;background:{$bg_src};-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;display:table-cell;vertical-align:middle}.login-card{padding:40px;width:280px;background-color:#F7F7F7;margin:100px auto 10px;border-radius:2px;box-shadow:0 2px 2px rgba(0,0,0,.3);overflow:hidden}.login-card h1{font-weight:400;font-size:2.3em;color:#1383c6}.login-card h1 span{color:#f26721}.login-card img{width:90%;height:90%}.login-card input[type=submit]{width:100%;display:block;margin-bottom:10px;position:relative}.login-card input[type=text],input[type=password]{height:44px;font-size:16px;width:100%;margin-bottom:10px;-webkit-appearance:none;background:#fff;border:1px solid #d9d9d9;border-top:1px solid silver;padding:0 8px;box-sizing:border-box;-moz-box-sizing:border-box}.login-card input[type=text]:hover,input[type=password]:hover{border:1px solid #b9b9b9;border-top:1px solid #a0a0a0;-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.login{font-size:14px;font-family:Arial,sans-serif;font-weight:700;height:36px;padding:0 8px}.login-submit{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:0;color:#fff;text-shadow:0 1px rgba(0,0,0,.1);background-color:#4d90fe}.login-submit:disabled{opacity:.6}.login-submit:hover{border:0;text-shadow:0 1px rgba(0,0,0,.3);background-color:#357ae8}.login-card a{text-decoration:none;color:#222;font-weight:400;display:inline-block;opacity:.6;transition:opacity ease .5s}.login-card a:hover{opacity:1}.login-help{width:100%;font-size:12px}.list{list-style-type:none;padding:0}.list__item{margin:0 0 .7rem;padding:0}label{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;text-align:left;font-size:14px;}input[type=checkbox]{-webkit-box-flex:0;-webkit-flex:none;-ms-flex:none;flex:none;margin-right:10px;float:left}@media screen and (max-width:450px){.login-card{width:70%!important}.login-card img{width:100%;height:100%}}textarea{width:66%;margin:auto;height:120px;max-height:120px;background-color:#f7f7f7;padding:20px}#terms{display:none;padding-top:100px;padding-bottom:300px;}.auth_source{padding:20px 8px 0px 8px; margin-top: -2em; border-radius: 2px; }.auth_head{background-color:#f7f7f7;display:inline-block;}.auth_head_div{text-align:left;}#error-message{text-align:left;color:#ff3e3e;font-style:italic;} </style> </head> <body> <div id="content"> <div class="login-card" style="text-align:center; margin:0 auto;"> <form method="post" action="$PORTAL_ACTION$"> <p>Bonjour, <br />Vous êtes sur le portail d'accueil 'Wifi' de</p> <a href="http://www.bhf.tld/" ><img src="captiveportal-nvxx-logo.png" width="200%" alt="Brand Hotel Twon Logo" ></a> <p>Tout d'abord, nous vous <g>conseillons</g> de consulter notre Livret d'accueil.</p> <p>C'est ici : <a href="ROOM-DIRECTORY-BH-TOWN.pdf?zone=$PORTAL_ZONE$">Livret d'accueil</a><br /> (Veuillez cliquer/taper !).</p> <hr> <p>Souhaitez vous accéder l'Internet ?</p> <div class="auth_source"> <input name="auth_user" id="auth_user" type="text" size="12" maxlength="10" value="#USERNAME#" placeholder="Numéro de chambre"/> <input name="auth_pass" type="text" size="12" maxlength="10" value="#PASSWORD#" placeholder="Mot de passe (dans le Livret d'accueil !) "/> </div> <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$" /> <input name="zone" type="hidden" value="$PORTAL_ZONE$" /> <p><input name='accept' type='submit' class='login login-submit' value='Accéder à l´Internet' /></p> <?php global $config, $cpzone; if(isset($config['voucher'][$cpzone]['enable'])) { ?> <p><input name="auth_voucher" type="text" value="#VOUCHER#"/></p> <?php } ?> </form> </div> </div> </body> </html>The ob_flush() Failed message on the right side comes from the fact that I force password to upper case (hotel clients don't understand that if the password is "aabb" then "AABB"won't work).
I even mention the password on the login page, in a PDF file, but android devcie won't show PDF anymore, it portal user will be proposed to download it .... and they don't know what a PDF is .... don't know how to open it ?My captive portal is also modded so it will work with the modern "RFC8910". See here.
Btw : to make live easy on myself, I'm using
24.11- 25.03-BETA (amd64). -
Can I ask you to try to enter any random information in my login page (I provided code above)?
You can enter anything (for example: Name, test@test.com, 123). When you click or tap on "Continue", PFSense should execute this code:if ($_SERVER['REQUEST_METHOD'] === 'POST') { echo '<script language="javascript">'; echo 'alert("php if entered")'; echo '</script>'; echo '<script language="javascript">'; echo 'alert("message successfully sent")'; echo '</script>'; }But for some reason, it does not.
-
Maybe, client's machine during initial connection cannot execute POST request to Captive portal server.
I am using 2.7.2-RELEASE (amd64), built on Wed Dec 6 22:10:00 EET 2023, and there is no available stable updates :(
I will try update to BETA, but I am not sure, that it will help -
This :
@Leksandr said in Unable to run even basic PHP code on from submittion:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
is never reached.
The self-made html (php) login page, as shown above, is used by this file :
/usr/local/captiveportal/index.phpIf you want to make your own login page, your have to (my opnion) read that file, and understand what happens in there (as understanding things tend to make them easier (to understand) ^^).
You will find the place where you own login page is sourced = included.
You also find how parameters like "$PORTAL_REDIRURL$", "$PORTAL_ZONE$" "$PORTAL_ACTION$" and also 'password' etc are handled. You can add your own stuff, but then you have to also modify the /usr/local/captiveportal/index.php !When you enter fields into your own login page and click "ENTER" button, the /usr/local/captiveportal/index.php file is called again, and this time with hidden parameters, the ones you just entered in the fields. At that moment, your own portal login file isn't loaded (use) anymore as script (code) execution follows another execution path.
This means this :
if ($_SERVER['REQUEST_METHOD'] === 'POST') {is never reached and the IF test will always fail.
I've been working with 2.7.2 for several month before I moved to pfSense plus.
2.7.2 worked just fine for me (hotel wifi access). -
@Gertjan thank you very much! :)
I will try to figure out logics behind /usr/local/captiveportal/index.php and will be back with the results.
Fun fact: yesterday I switched my solution from PHP to pure JS + external Python app (JS script will reach to Python app to submit guests info to Google spreadsheet), it worked, but sometimes, JS is just too slow and does not have enough time to send request to Python app before PHP executes and redirect guest to the Internet.
-
For my own curiosity :
you are asking names, phone numbers and emails from the portal visitors ?
That won't work here in Europe, and if you do, its not local law enforcement that shows up, but the government itself, the ones dressed in black. Still, its a small risk, as no Wifi visitor would even think about answering to these questions, as they - imho - stand for "Please, go away - don't use the Wifi".
Same thing in the States, I guess, although 'core' laws are changing over there right now. -
@Gertjan yeah...
My superiors ask me to collect guests info via captive portal, I will collect just names and emails, no phone (I will remove this filed),
my superiors are aware of the risks, despite my strong objections not to do it, they ask me to implement it.Thank you for pointing this is, I will ask our lawyer about this,
oh, and maybe I will need to add checkbox to process guest related data. -
After much digging into /usr/local/captiveportal/index.php and /etc/inc/captiveportal.inc,
I was able to figure out logic behind Captive portal itself and successfully created custom PHP login page,
now I can collects guests info (with their permissions of course) and store it in Google Spreadsheets.@Gertjan , thank you very much for help,
now I just need to solve legal and design problems with this page :)
