captiveportal: apply PSR2 style

2026-03-20 03:16:12 +00:00 · 2015-07-28 20:48:16 +02:00 · 2015-07-28 20:48:16 +02:00 · 0fe885b95c
commit 0fe885b95c
parent 21377312f8
1 changed files with 148 additions and 142 deletions
--- a/src/captiveportal/index.php
+++ b/src/captiveportal/index.php
@ -46,10 +46,10 @@ global $cpzone, $cpzoneid;
 $cpzone = $_REQUEST['zone'];
 $cpcfg = $config['captiveportal'][$cpzone];
 if (empty($cpcfg)) {
-	log_error("Submission to captiveportal with unkown parameter zone: " . htmlspecialchars($cpzone));
-	portal_reply_page($redirurl, "error", $errormsg);
-	ob_flush();
-	return;
+    log_error("Submission to captiveportal with unkown parameter zone: " . htmlspecialchars($cpzone));
+    portal_reply_page($redirurl, "error", $errormsg);
+    ob_flush();
+    return;
 }

 $cpzoneid = $cpcfg['zoneid'];
@ -60,83 +60,85 @@ $orig_request = trim($_REQUEST['redirurl'], " /");
 $clientip = $_SERVER['REMOTE_ADDR'];

 if (!$clientip) {
-	/* not good - bail out */
-	log_error("Zone: {$cpzone} - Captive portal could not determine client's IP address.");
-	$error_message = "An error occurred.  Please check the system logs for more information.";
-	portal_reply_page($redirurl, "error", $errormsg);
-	ob_flush();
-	return;
+    /* not good - bail out */
+    log_error("Zone: {$cpzone} - Captive portal could not determine client's IP address.");
+    $error_message = "An error occurred.  Please check the system logs for more information.";
+    portal_reply_page($redirurl, "error", $errormsg);
+    ob_flush();
+    return;
 }

 $ourhostname = portal_hostname_from_client_ip($clientip);
 if ($orig_host != $ourhostname) {
-	/* the client thinks it's connected to the desired web server, but instead
+    /* the client thinks it's connected to the desired web server, but instead
 	   it's connected to us. Issue a redirect... */
-	$protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://';
-	header("Location: {$protocol}{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}/{$orig_request}"));
+    $protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://';
+    header("Location: {$protocol}{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}/{$orig_request}"));

-	ob_flush();
-	return;
+    ob_flush();
+    return;
 }

-if (!empty($cpcfg['redirurl']))
-	$redirurl = $cpcfg['redirurl'];
-else if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
-	$redirurl = urldecode($matches[1]);
-else if ($_REQUEST['redirurl'])
-	$redirurl = $_REQUEST['redirurl'];
+if (!empty($cpcfg['redirurl'])) {
+    $redirurl = $cpcfg['redirurl'];
+} elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
+    $redirurl = urldecode($matches[1]);
+} elseif ($_REQUEST['redirurl']) {
+    $redirurl = $_REQUEST['redirurl'];
+}

 $macfilter = !isset($cpcfg['nomacfilter']);
 $passthrumac = isset($cpcfg['passthrumacadd']);

 function ip_to_mac($addr)
 {
-	$cmd = '/usr/sbin/arp -n ' . $addr;
-	$ret = false;
+    $cmd = '/usr/sbin/arp -n ' . $addr;
+    $ret = false;

-	exec($cmd, $out, $ret);
-	if ($ret) {
-		log_error('The command `' . $cmd . '\' failed to execute');
-	} else {
-		$mac = explode(' ', $out[0]);
-		if (isset($mac[3])) {
-			$ret = $mac[3];
-		}
-	}
+    exec($cmd, $out, $ret);
+    if ($ret) {
+        log_error('The command `' . $cmd . '\' failed to execute');
+    } else {
+        $mac = explode(' ', $out[0]);
+        if (isset($mac[3])) {
+            $ret = $mac[3];
+        }
+    }

-	return $ret;
+    return $ret;
 }

 /* find MAC address for client */
 if ($macfilter || $passthrumac) {
-	$tmpres = ip_to_mac($clientip);
-	if (!$tmpres) {
-		/* unable to find MAC address - shouldn't happen! - bail out */
-		captiveportal_logportalauth("unauthenticated","noclientmac",$clientip,"ERROR");
-		echo "An error occurred.  Please check the system logs for more information.";
-		log_error("Zone: {$cpzone} - Captive portal could not determine client's MAC address.  Disable MAC address filtering in captive portal if you do not need this functionality.");
-		ob_flush();
-		return;
-	}
-	$clientmac = $tmpres;
-	unset($tmpres);
+    $tmpres = ip_to_mac($clientip);
+    if (!$tmpres) {
+        /* unable to find MAC address - shouldn't happen! - bail out */
+        captiveportal_logportalauth("unauthenticated", "noclientmac", $clientip, "ERROR");
+        echo "An error occurred.  Please check the system logs for more information.";
+        log_error("Zone: {$cpzone} - Captive portal could not determine client's MAC address.  Disable MAC address filtering in captive portal if you do not need this functionality.");
+        ob_flush();
+        return;
+    }
+    $clientmac = $tmpres;
+    unset($tmpres);
 }

 /* find out if we need RADIUS + RADIUSMAC or not */
 if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) {
-	$radius_enable = TRUE;
-	if (isset($cpcfg['radmac_enable'])) {
-		$radmac_enable = TRUE;
-	}
+    $radius_enable = true;
+    if (isset($cpcfg['radmac_enable'])) {
+        $radmac_enable = true;
+    }
 }

 /* find radius context */
 $radiusctx = 'first';
-if ($_POST['auth_user2'])
-	$radiusctx = 'second';
+if ($_POST['auth_user2']) {
+    $radiusctx = 'second';
+}

 if ($_POST['logout_id']) {
-	echo <<<EOD
+    echo <<<EOD
 <html>
 <head><title>Disconnecting...</title></head>
 <body bgcolor="#435370">
@ -152,109 +154,113 @@ setTimeout('window.close();',5000) ;
 </html>

 EOD;
-	captiveportal_disconnect_client($_POST['logout_id']);
+    captiveportal_disconnect_client($_POST['logout_id']);

-} else if ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) {
-	captiveportal_logportalauth($clientmac,$clientmac,$clientip,"Blocked MAC address");
-	if (!empty($cpcfg['blockedmacsurl']))
-		portal_reply_page($cpcfg['blockedmacsurl'], "redir");
-	else
-		portal_reply_page($redirurl, "error", "This MAC address has been blocked");
+} elseif ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) {
+    captiveportal_logportalauth($clientmac, $clientmac, $clientip, "Blocked MAC address");
+    if (!empty($cpcfg['blockedmacsurl'])) {
+        portal_reply_page($cpcfg['blockedmacsurl'], "redir");
+    } else {
+        portal_reply_page($redirurl, "error", "This MAC address has been blocked");
+    }

-} else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip, $radiusctx)) {
-	/* radius functions handle everything so we exit here since we're done */
+} elseif ($clientmac && $radmac_enable && portal_mac_radius($clientmac, $clientip, $radiusctx)) {
+    /* radius functions handle everything so we exit here since we're done */

-} else if (portal_consume_passthrough_credit($clientmac)) {
-	/* allow the client through if it had a pass-through credit for its MAC */
-	captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
-	portal_allow($clientip, $clientmac, "unauthenticated");
+} elseif (portal_consume_passthrough_credit($clientmac)) {
+    /* allow the client through if it had a pass-through credit for its MAC */
+    captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT");
+    portal_allow($clientip, $clientmac, "unauthenticated");

-} else if (isset($config['voucher'][$cpzone]['enable']) && $_POST['accept'] && $_POST['auth_voucher']) {
-	$voucher = trim($_POST['auth_voucher']);
-	$timecredit = voucher_auth($voucher);
-	// $timecredit contains either a credit in minutes or an error message
-	if ($timecredit > 0) {  // voucher is valid. Remaining minutes returned
-		// if multiple vouchers given, use the first as username
-		$a_vouchers = preg_split("/[\t\n\r ]+/s",$voucher);
-		$voucher = $a_vouchers[0];
-		$attr = array( 'voucher' => 1,
-				'session_timeout' => $timecredit*60,
-				'session_terminate_time' => 0);
-		if (portal_allow($clientip, $clientmac,$voucher,null,$attr)) {
-			// YES: user is good for $timecredit minutes.
-			captiveportal_logportalauth($voucher,$clientmac,$clientip,"Voucher login good for $timecredit min.");
-			portal_reply_page($redirurl, "redir", "Just redirect the user.");
-		} else {
-			portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg);
-		}
-	} else if (-1 == $timecredit) {  // valid but expired
-		captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE","voucher expired");
-		portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg);
-	} else {
-		captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE");
-		portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgnoaccess'] ? $config['voucher'][$cpzone]['msgnoaccess'] : $errormsg);
-	}
+} elseif (isset($config['voucher'][$cpzone]['enable']) && $_POST['accept'] && $_POST['auth_voucher']) {
+    $voucher = trim($_POST['auth_voucher']);
+    $timecredit = voucher_auth($voucher);
+    // $timecredit contains either a credit in minutes or an error message
+    if ($timecredit > 0) {  // voucher is valid. Remaining minutes returned
+        // if multiple vouchers given, use the first as username
+        $a_vouchers = preg_split("/[\t\n\r ]+/s", $voucher);
+        $voucher = $a_vouchers[0];
+        $attr = array( 'voucher' => 1,
+                'session_timeout' => $timecredit*60,
+                'session_terminate_time' => 0);
+        if (portal_allow($clientip, $clientmac, $voucher, null, $attr)) {
+            // YES: user is good for $timecredit minutes.
+            captiveportal_logportalauth($voucher, $clientmac, $clientip, "Voucher login good for $timecredit min.");
+            portal_reply_page($redirurl, "redir", "Just redirect the user.");
+        } else {
+            portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg);
+        }
+    } elseif (-1 == $timecredit) {  // valid but expired
+        captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE", "voucher expired");
+        portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg);
+    } else {
+        captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE");
+        portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgnoaccess'] ? $config['voucher'][$cpzone]['msgnoaccess'] : $errormsg);
+    }

-} else if ($_POST['accept'] && $radius_enable) {
-	if (($_POST['auth_user'] && isset($_POST['auth_pass'])) || ($_POST['auth_user2'] && isset($_POST['auth_pass2']))) {
-		if (!empty($_POST['auth_user'])) {
-			$user = $_POST['auth_user'];
-			$paswd = $_POST['auth_pass'];
-		} else if (!empty($_POST['auth_user2'])) {
-			$user = $_POST['auth_user2'];
-			$paswd = $_POST['auth_pass2'];
-		}
-		$auth_list = radius($user,$paswd,$clientip,$clientmac,"USER LOGIN", $radiusctx);
-		$type = "error";
-		if (!empty($auth_list['url_redirection'])) {
-			$redirurl = $auth_list['url_redirection'];
-			$type = "redir";
-		}
+} elseif ($_POST['accept'] && $radius_enable) {
+    if (($_POST['auth_user'] && isset($_POST['auth_pass'])) || ($_POST['auth_user2'] && isset($_POST['auth_pass2']))) {
+        if (!empty($_POST['auth_user'])) {
+            $user = $_POST['auth_user'];
+            $paswd = $_POST['auth_pass'];
+        } elseif (!empty($_POST['auth_user2'])) {
+            $user = $_POST['auth_user2'];
+            $paswd = $_POST['auth_pass2'];
+        }
+        $auth_list = radius($user, $paswd, $clientip, $clientmac, "USER LOGIN", $radiusctx);
+        $type = "error";
+        if (!empty($auth_list['url_redirection'])) {
+            $redirurl = $auth_list['url_redirection'];
+            $type = "redir";
+        }

-		if ($auth_list['auth_val'] == 1) {
-			captiveportal_logportalauth($user,$clientmac,$clientip,"ERROR",$auth_list['error']);
-			portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
-		} else if ($auth_list['auth_val'] == 3) {
-			captiveportal_logportalauth($user,$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
-			portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
-		}
-	} else {
-		if (!empty($_POST['auth_user']))
-			$user = $_POST['auth_user'];
-		else if (!empty($_POST['auth_user2']))
-			$user = $_POST['auth_user2'];
-		else
-			$user = 'unknown';
-		captiveportal_logportalauth($user ,$clientmac,$clientip,"ERROR");
-		portal_reply_page($redirurl, "error", $errormsg);
-	}
+        if ($auth_list['auth_val'] == 1) {
+            captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR", $auth_list['error']);
+            portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
+        } elseif ($auth_list['auth_val'] == 3) {
+            captiveportal_logportalauth($user, $clientmac, $clientip, "FAILURE", $auth_list['reply_message']);
+            portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
+        }
+    } else {
+        if (!empty($_POST['auth_user'])) {
+            $user = $_POST['auth_user'];
+        } elseif (!empty($_POST['auth_user2'])) {
+            $user = $_POST['auth_user2'];
+        } else {
+            $user = 'unknown';
+        }
+        captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR");
+        portal_reply_page($redirurl, "error", $errormsg);
+    }

-} else if ($_POST['accept'] && $cpcfg['auth_method'] == "local") {
-	if ($_POST['auth_user'] && $_POST['auth_pass']) {
-		//check against local user manager
-		$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
+} elseif ($_POST['accept'] && $cpcfg['auth_method'] == "local") {
+    if ($_POST['auth_user'] && $_POST['auth_pass']) {
+        //check against local user manager
+        $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);

-		if ($loginok && isset($cpcfg['localauth_priv']))
-			$loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login");
+        if ($loginok && isset($cpcfg['localauth_priv'])) {
+            $loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login");
+        }

-		if ($loginok){
-			captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
-			portal_allow($clientip, $clientmac,$_POST['auth_user']);
-			portal_reply_page($redirurl, "redir", "Just redirect the user.");
-		} else {
-			captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
-			portal_reply_page($redirurl, "error", $errormsg);
-		}
-	} else
-		portal_reply_page($redirurl, "error", $errormsg);
+        if ($loginok) {
+            captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "LOGIN");
+            portal_allow($clientip, $clientmac, $_POST['auth_user']);
+            portal_reply_page($redirurl, "redir", "Just redirect the user.");
+        } else {
+            captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "FAILURE");
+            portal_reply_page($redirurl, "error", $errormsg);
+        }
+    } else {
+        portal_reply_page($redirurl, "error", $errormsg);
+    }

-} else if ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") {
-	captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
-	portal_allow($clientip, $clientmac, "unauthenticated");
+} elseif ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") {
+    captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT");
+    portal_allow($clientip, $clientmac, "unauthenticated");

 } else {
-	/* display captive portal page */
-	portal_reply_page($redirurl, "login",null,$clientmac,$clientip);
+    /* display captive portal page */
+    portal_reply_page($redirurl, "login", null, $clientmac, $clientip);
 }

 ob_flush();