Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal with "access code"

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 3 Posters 651 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      regexaurus
      last edited by

      I'm working on configuring a captive portal where Authentication Method is currently set to none. I would like to add a text box/field to the login form where the user enters an "access code". I have customized the login page html, and I'm looking into modifying index.php, to possibly add an option for authentication "none", and comparing what's entered in the "access code" text field, before allowing access. Ideally, the captive portal itself would be modified to allow entering/saving the "access code" value in the web gui settings, but I'm OK with periodically updating it directly in index.php, etc.
      I have looked over Username Only Captive Portal, Show a username without Authentication, etc., but haven't gotten very far.
      Any suggestions for implementing this, perhaps using a different Authentication Method...?

      Thank you!

      E GertjanG 2 Replies Last reply Reply Quote 0
      • E
        EDaleH @regexaurus
        last edited by

        @regexaurus
        An access code is effectively an authentication to use the Captive Portal.

        You could create an authenticated Captive Portal and use a multiple login option. Then create a user (eg. Enter_Access_Code) and your "access code" is their password. You could have the user name default (set in custom html) or you could provide it through the login screen itself. To change access code, simply change the password in user manager. Set the hard timeout to the duration you want the session valid for. If using Kea DHCP in particular, watch the idle timeout does not exceed the lease duration.

        Alternatively, you could create a voucher. This would get rid of the username field. The voucher would respect the "multiple" setting so one voucher would last until the relative timeout values closed it. Then the next voucher is you next access code.

        I hope this gets the creative juices flowing.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @regexaurus
          last edited by

          @regexaurus

          No need to change any 'core' pfSense file like index.php

          Create as much portal users as you need where the user name is the "Access Code".

          5768815a-86dc-42b8-8020-1f959e730ca3-image.png

          For all these user : enter the same password, for example the foolproof "1234".

          Now, create your own portal login page. For example :

          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> 
          <html lang="fr-FR">
          	<head>
          		<title>Blablablabla</title>
          		<meta name="viewport" content="width=device-width, user-scalable=no" />
          	</head>
          	<body> 
          		<div id="content">
          			<div class="login-card" style="text-align:center; margin:0 auto;">
          				<form method="post" action="$PORTAL_ACTION$">
          					<p>hello, welcome to our captive portal from</p>
          					<a href="http://www.some-domain-here.tld/" ><img src="captiveportal-nvxx-logo.png" width="200%" alt="Your Alt Logo text" ></a>
          					<p>First, start vreading our usage rules.</p>
          					<p>Here it is : <a href="THE-RULES.pdf?zone=$PORTAL_ZONE$">the suage rules</a><br /> (Click on the link !).</p>
          					<hr>
          					<p>Ready to acess the net ?</p>
          					<div class="auth_source">
          						<input name="auth_user" id="auth_user" type="text" size="12" maxlength="10" value="#USERNAME#" placeholder="Your access code"/>
          						<input name="auth_pass" type="hidden" value="1234" />
          					</div>
          					<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$" />
          					<input name="zone" type="hidden" value="$PORTAL_ZONE$" />
          					<p><input name='accept' type='submit' class='login login-submit' value='Go to the net' /></p>
          <?php
          	global $config, $cpzone;
          	if(isset($config['voucher'][$cpzone]['enable'])) {
          ?>
          					<p><input name="auth_voucher" type="text" value="#VOUCHER#"/></p>
          <?php
          	}
          ?>
          				</form> 
          			</div> 
          		</div> 
          	</body>
          </html>
          

          the magic is here :

          <input name="auth_pass" type="hidden" value="1234" />
          

          where the filed name "auth_pass" is set to "1234" - the user won't see it / doesn't have to enter it.

          and done ^^

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          R 1 Reply Last reply Reply Quote 0
          • R
            regexaurus @Gertjan
            last edited by regexaurus

            Thank you, @EDaleH and @Gertjan! I went with the "username as 'access code" idea, which is working well. And with "usermod -l newlogin oldlogin" cron jobs, I can automatically change the "access code" on a schedule. As pfSense usernames are case-sensitive, I used a CSS text-transform property to visually force the case I'm using for "access codes", and in index.php, added a
            $user = strtolower/upper($user);
            call, directly below
            $user = trim($_POST['auth_user']);
            .
            Trying to make it difficult to enter an incorrect "access code".

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @regexaurus
              last edited by Gertjan

              @regexaurus

              I do the same thing since ... not sure, for nearly a decade now.
              I 'strtolower()' the user and password field, as more and more people use only uppercase in whatever they write (not sure why ...).

              When the patch package became available, I wrote my own 'patch' so, when the system updates, chances are great that the patch still applies , and I don't need to manually edit anything.

              36c4277b-4158-4dcb-8e51-a0e878c68ef6-image.png

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              R 1 Reply Last reply Reply Quote 0
              • R
                regexaurus @Gertjan
                last edited by

                @Gertjan
                Since my last post on this topic, I discovered "usermod -l newlogin oldlogin" doesn't work on pfSense (cli). Is there a way to change a username from the cli?

                Thank you!

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @regexaurus
                  last edited by

                  @regexaurus

                  This usermod ?

                  You have to re-polish your definition of pfSense 😊
                  pfSense maintains a (one !) system wide config. Nearly everything you see in the GUI is stored in this file.
                  When the system boots, every system or process config file, for example the "GUI nginx web server" config file ( here : /var/etc/nginx-webConfigurator.conf ) is re-created with the GUI settings.
                  Then the process (nginx) is started, and the GUI becomes active.

                  The same thing is valid for system users. As you can see; under /home/, every portal user has actually a (limited) system account there.
                  If you want to change delete or add a user, use the GUI.
                  Everything you do with the command line will not be persistent, not taken in account, and undone when the related process restart.

                  'Real' CLI command is still possible, but you need to script things.
                  For example, adding or modifying a user, see how the GUI does it. Know that, you know how to write your own script.
                  It could be as simple as modifying the pfSense config.xml file, and then restart related processes.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.