next »

[diwoda]

Hi,

I would like to use the cp without authentication, but the portal content should be on an external website intead on the pfsense machine. Therefore I uploaded an index.php which forces an redirect to that external link which I defined as allowed. So far so good, that works fine, but then, how can I integrate an "Accept" Button on that external site and make the cp accept it? I tried to solve this in the index.php with an if and else function but it does not work. The "submit" link is cpadress:8000/?showform=true

The content of the php is:

<?php
if (!isset($_GET['showform']))
{
   header('Location: http://external_link');
}
else
{
   ?>   
   <h1>BLABLA</h1>
   <p>again some text</p>
   <form method="post" action="$PORTAL_ACTION$">
      <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
      <input name="accept" type="submit" value="Bestätigen">
   </form>
   
   <?php


Shouldn't this work? I realy do need help as I have no more idea and am no code crack at all. Would be great if anybody could help me please.
Thank you in advance!

[wallabybob]

I have written only a small number of php pages. You should probably take that into account when reading the following remarks.

If I understand correctly what you are trying to do, that external web page will need to redirect back to pfSense captive portal (to give pfSense captive portal the accept notification).  This seems messy both in development and maintenance. If its an external web page presumably someone else wrote it for some other purpose and they might not want to hard wire it to direct the browser back to pfSense Captive Portal. Maybe the external page has a parameter to specify the next page.

Why are you doing this? Is it to "ensure" someone clicks "accept" on the external page that lists the "conditions of use"? How you ensure they have accepted the conditions of use before the portal allows them to access the internet? Once some one has figured out the mechanism couldn't they just go direct to the appropriate captive portal page and "spoof" an accept response to the external page? I suspect that if there is ever a legal dispute over whether someone clicked "accept" on the external page there would need to be rather more to the interactions than has been described so far.

[diwoda]

Well, it is just about simply presentate a "Startpage", some sort of Information Portal. It is not about security or something. The goal is simply that the portal page should or better to say is managed by a CMS System. So I need the Portal Page to be hosted external. If this is messy or not is not relevant as this is what is asked for. Anyway, you never could "force" someone to read anything. If the users just want to ignore the information then they will regardless of what I am doing.

There are already some posts about Pre-Authentication Page, but the system here will just work completly without authentication.


The parameter <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> just pass the initaly entert URL (if the CP woks without authentication). So if someone enter the URL www.xyz.com then the CP just make the redirect to the (local) index.php/html and then, when pressing the Button "Continue", "Accept" or whatever, the CP takes the value of the PORTAL_REDIRURL and the browser will open exactly this URL.

When I redirect the Portal Page to external, then this information is lost, so I have to "hardcode" the Information into the Form. So the URL that is opened after clicking "Continue" will always be the one I entered and the User will have to enter the URL he wanted to reach again. That is uncomfortable for the user and the reason why I am looking for an solution...