After authentication redirect URL - additional parameters



  • I have set up pfSense 2.03 with Captive Portal and FreeRadius as services.

    FreeRadius is using a mySQL database on an external server to authenticate the username and password.

    What I want to do after authentication is to redirect to a php page on the external server which will prompt the user to change their password.

    I'm thinking along these lines:

    1. user is redirected to the php page
    2. the php script queries the mySQL database to see if the user has already changed their password.
    3. if no, the user is presented with a change password page.
    4. if yes, they are redirected to somewhere else and can continue browsing.

    ok so in order to retrieve the appropriate record the URL needs to contain addtional parameters - ideally the id from the radcheck table, but username and password would do.

    Any thoughts on whether this is the best way to go about it or if it is even possible?



  • It would depend how far you want to go with coding yourself.

    If you were to edit the captiveportal_allow() function in captiveportal.inc, you could append the $my_redirurl at the end of the function (which re-directs to the page you specify in the captive portal settings) with the query string variables you need ($clientip,$clientmac,$username,$password all being available directly in that function).

    I am not familiar with the use of radius servers, so when you say the ID from the radcheck table, is this the session ID?  If so, this is created in this function as $sessionid.



  • appending the $my_redirurl worked fine for me with the $username variable.

    I had hoped to use the id field of the radcheck table in radius as it is the unique auto-incremented primary key for that table.  But I'm not sure about how to go about getting that variable back from Radius.

    However if I enforce unique usernames then it will serve the same purpose, so problem solved, thank you.

    Here is the appropriate modification of config.inc for anyone else coming this way - the line in question is 4th from the end.

    /* redirect user to desired destination */
    if (!empty($attributes['url_redirection']))
    $my_redirurl = $attributes['url_redirection'];
    else if (!empty($config['captiveportal'][$cpzone]['redirurl']))
    $my_redirurl = $config['captiveportal'][$cpzone]['redirurl'];
    else
    $my_redirurl = $redirurl;

    if(isset($config['captiveportal'][$cpzone]['logoutwin_enable']) && !$passthrumac) {

    if (isset($config['captiveportal'][$cpzone]['httpslogin'])) {
    $httpsport =
    $config['captiveportal'][$cpzone]['listenporthttps'] ?
    $config['captiveportal'][$cpzone]['listenporthttps'] :
    ($config['captiveportal'][$cpzone]['zoneid'] + 1);
    $logouturl = "https://{$config['captiveportal']['httpsname']}:{$httpsport}/";
    } else {
    $ifip = portal_ip_from_client_ip($clientip);
    $httpport =
    $config['captiveportal'][$cpzone]['listenporthttp'] ?
    $config['captiveportal'][$cpzone]['listenporthttp'] :
    $config['captiveportal'][$cpzone]['zoneid'];
    if (!$ifip)
    $ourhostname = $config['system']['hostname'] . ":{$httpport}";
    else
    $ourhostname = "{$ifip}:{$httpport}";
    $logouturl = "http://{$ourhostname}/";
    }

    if (isset($attributes['reply_message']))
    $message = $attributes['reply_message'];
    else
    $message = 0;

    include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");

    } else {
    header("Location: " . $my_redirurl."?userName=".$username);  /* this is the line that gets modified */
    }

    return $sessionid;
    }



  • and I'm so glad I did post the code change, because I've come back a couple of times now to use it.

    clarification: the file to be changed is /etc/inc/captiveportal.inc



  • recently there have been some changes to captiveportal.inc which affects the redirection discussion. In the newer version (it doesn't appear to have any version control) find the following lines:

    } else {
    portal_reply_page($redirurl, "redir", "Just redirect the user.");
    }

    and change to:

    } else {
    portal_reply_page($redirurl."?userName=".$username, "redir", "Just redirect the user.");
    }



  • a recent update to pfSense 2.2.5 broke my custom code  :P

    here is the new alteration required to captiveportal.inc…

    replace this code at around line 2113

    portal_reply_page($my_redirurl, "Just redirect the user.");
    

    with this

    portal_reply_page($my_redirurl."?userName=".$username, "redir", "Just redirect the user.");
    


  • Awesome, I might need this (not exactly, but same code area), because I want to present a after login page but also a clickable link to the initially requested page, or even open it in a new tab (with JS). Thanks a bunch.


Log in to reply