<div dir="ltr">I check the login before sending it to the Chilli to login.<br><br><span style="font-family:courier new,monospace">    public function get_user_password($username)<br>    {<br>        $stmt = $this->mysqli->prepare("SELECT value FROM radcheck WHERE username = ? AND attribute = 'Cleartext-Password'");<br>
        $stmt->bind_param('s', $username);<br>        $stmt->execute();<br>        $stmt->store_result();<br>        if ($stmt->num_rows() == 0)<br>            $return = NULL;<br>        else<br>        {<br>
            $stmt->bind_result($password);<br>            $stmt->fetch();<br>            $return = $password;<br>        }<br>        $stmt->free_result();<br>        $stmt->close();<br>        return $return;<br>
    }</span><br><br>...<br><br><span style="font-family:courier new,monospace">function chilli_login()<br>{<br>    if (!empty($_GET['challenge']))<br>        $challenge = $_GET['challenge'];<br>    elseif (!empty($_SESSION['chilli']['challenge']))<br>
        $challenge = $_SESSION['chilli']['challenge'];<br>    if (empty($challenge) || empty($_POST['username']) || empty($_POST['password']))<br>        error('CHILLI_LOGIN_FAILED');<br>
    $_SESSION['login'] = $_POST;<br>    $uamsecret = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz';<br>    $hexchal = pack("H32", $challenge);<br>    $newchal = pack("H*", md5($hexchal . $uamsecret));<br>
    $response = md5("\0" . $_POST['password'] . $newchal);<br>    $query = http_build_query(array(<br>        'username' => $_POST['username'],<br>        'response' => $response,<br>
//        'userurl' => $_GET['userurl']<br>    ), '', '&', PHP_QUERY_RFC3986);<br>    header("Location: <a href="http://10.1.0.1:3990/login">http://10.1.0.1:3990/login</a>?" . $query);<br>
    die();<br>}</span><br><br>...<br><br><span style="font-family:courier new,monospace">if (isset($_GET['login']))<br>{<br>      if (!$db_radius->user_exists($_POST['username']))<br>        $errors[] = 'Name does not exist.';<br>
    if ($_POST['password'] != $db_radius->get_user_password($_POST['username']))<br>        $errors[] = 'Password incorrect.';<br>    if (empty($errors))<br>    {<br>        chilli_login();<br>    }<br>
}<br><br>if (!empty($_GET['res']))<br>{<br>    switch ($_GET['res'])<br>    {<br>        case 'failed':<br>            if (isset($_GET['reply']))<br>                if ($_GET['reply'] == 'Your maximum daily usage time has been reached' ||<br>
                    $_GET['reply'] == 'Your maximum weekly usage time has been reached' ||<br>                    $_GET['reply'] == 'Your maximum monthly usage time has been reached')<br>                {<br>
                    $bandwidth = $db_radius->get_user_bandwidth($_SESSION['login']['username']);<br>                    $bandwidth_types = array('all-time', 'daily', 'weekly', 'monthly');<br>
                    $errors[] = "You have used your " . format_bytes($bandwidth['limit']['bytes'], 2) . " of {$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!";<br>
                    $remaining_time = ($bandwidth['remaining']['time'] > 0 ? duration($bandwidth['remaining']['time']) : '&infin;');<br>                    $errors[] = "Your bandwidth resets in: {$remaining_time}.";<br>
                }<br>                elseif ($_GET['reply'] == 'Your maximum never usage time has been reached')<br>                {<br>                    $errors[] = "You have used all your bandwidth.";<br>
                    $errors[] = "You need to buy more to use the Internet.";<br>                }<br>                else<br>                    $errors[] = $_GET['reply'];<br>            else<br>                $errors[] = "Username and/or password rejected.";<br>
    }<br>}</span><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 12, 2014 at 6:16 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">Russell Mike wrote:<br>
>     1.) Dear Alan - What is site specific means ?<br>
<br>
</div>  It means that the problem is specific to your site.  Most people don't<br>
do that kind of thing.<br>
<div class=""><br>
>      2.) Since you advised the solution. Could you please kindly assist<br>
> little more by elaborating more. Which kind of program you are talking<br>
> about? i am asking because i could not understand fully. Please help me<br>
> with small example. I shall try to workout.<br>
<br>
</div>  I'm not sure there's more to say.  You need to poke the UAM.  So...<br>
write a program to poke the UAM.  I have no idea how that's done,<br>
because I'm not using your UAM.<br>
<br>
  Then, make FreeRADIUS run the program.  That part should be simple.<br>
<div class="HOEnZb"><div class="h5"><br>
  Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>