Unable to create account via a php page since the update to 2.0.1



  • Hello everyone!

    Until last week, we used pfSense 1.2.3 under VMware that acted essentially as a captive portal to allow guests to connect to WiFi. When I set up pfSense 3 years ago, and in order not to create every account at the hand, I found a php script that was allowing the user to create his account himself in the local database through a webpage. That way :

    • The user is connecting to the unsecured WiFi network
    • He is redirected to the authentication page
    • On that custom page, we are asking the user to click on a link to create his account
    • He is redirected to another page  where he is entering his personal informations  to create his account
    • He is redirected to the auth page where he can now authenticate himself with the newly created account.

    All of that was working very well, but when we upgraded to vSphere 4+, the VMware Tools didn't work anymore. For that reason, I decided to update pfSense to 2.0.1, thinking it could resolve the problem, but I forgot to test the "create account" page… Presently, I've got two functions, config_lock and write_config, and some invalids args in a foreach, and frankly, I don't know what to do as I don't know php enough.

    Does someone knows what changed in version 2 and if I can just replace those two functions ?

    Thank you for any help you could give me.

    Here is the create account page :

    <title>Create Account Page</title>

    require_once("functions.inc");
          if ($_POST) {
            config_lock();     
            $a_user =  &$config['captiveportal']['user'];
            unset($input_errors);
            $pconfig = $_POST;
            if ($_POST['username'] == "") $input_errors[] = "ID is required.";
            if ($_POST['password'] == "") $input_errors[] = "Password is required.";
            if ($_POST['fullname'] == "") $input_errors[] = "Name is required.";
            if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) $input_errors[] = "Passwords are not matching.";
            if (!$input_errors) {
              foreach ($a_user  as $userent) {
                if ($userent['name'] == $_POST['username']) {
                $input_errors[] = "This account already exists.";
                break;
              }
            }
          }

    if (!$input_errors) {
            $userent['name'] = $_POST['username'];
            $userent['fullname'] = $_POST['fullname'];
            $userent['expirationdate'] = "";//$_POST['expirationdate'];
            if ($_POST['password']) $userent['password'] = md5($_POST['password']); 
            $a_user[] = $userent;     
            write_config();
            $done =1;
          }

    }
        ?>

    if (isset($done)) {
        ?>

    ACCOUNT CREATION IS OVER

    You successfully created your account.
              You can now connect by clicking here.
             

    [} else {
          if ($input_errors) {
            echo "ERROR : ";
            foreach ($input_errors  as $input_error) {
            echo $input_error . "
    ";
          } //end foreach
        } // end if
        ?>

    ACCOUNT CREATION

    <form method="post">
             ID:
             
             Password:
             
             Password check :
             
             Full name:

    }
            ?>
               
           </form>](/)


Locked