I check the login before sending it to the Chilli to login. public function get_user_password($username) { $stmt = $this->mysqli->prepare("SELECT value FROM radcheck WHERE username = ? AND attribute = 'Cleartext-Password'"); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows() == 0) $return = NULL; else { $stmt->bind_result($password); $stmt->fetch(); $return = $password; } $stmt->free_result(); $stmt->close(); return $return; } ... function chilli_login() { if (!empty($_GET['challenge'])) $challenge = $_GET['challenge']; elseif (!empty($_SESSION['chilli']['challenge'])) $challenge = $_SESSION['chilli']['challenge']; if (empty($challenge) || empty($_POST['username']) || empty($_POST['password'])) error('CHILLI_LOGIN_FAILED'); $_SESSION['login'] = $_POST; $uamsecret = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'; $hexchal = pack("H32", $challenge); $newchal = pack("H*", md5($hexchal . $uamsecret)); $response = md5("\0" . $_POST['password'] . $newchal); $query = http_build_query(array( 'username' => $_POST['username'], 'response' => $response, // 'userurl' => $_GET['userurl'] ), '', '&', PHP_QUERY_RFC3986); header("Location: http://10.1.0.1:3990/login?" . $query); die(); } ... if (isset($_GET['login'])) { if (!$db_radius->user_exists($_POST['username'])) $errors[] = 'Name does not exist.'; if ($_POST['password'] != $db_radius->get_user_password($_POST['username'])) $errors[] = 'Password incorrect.'; if (empty($errors)) { chilli_login(); } } if (!empty($_GET['res'])) { switch ($_GET['res']) { case 'failed': if (isset($_GET['reply'])) if ($_GET['reply'] == 'Your maximum daily usage time has been reached' || $_GET['reply'] == 'Your maximum weekly usage time has been reached' || $_GET['reply'] == 'Your maximum monthly usage time has been reached') { $bandwidth = $db_radius->get_user_bandwidth($_SESSION['login']['username']); $bandwidth_types = array('all-time', 'daily', 'weekly', 'monthly'); $errors[] = "You have used your " . format_bytes($bandwidth['limit']['bytes'], 2) . " of {$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!"; $remaining_time = ($bandwidth['remaining']['time'] > 0 ? duration($bandwidth['remaining']['time']) : '∞'); $errors[] = "Your bandwidth resets in: {$remaining_time}."; } elseif ($_GET['reply'] == 'Your maximum never usage time has been reached') { $errors[] = "You have used all your bandwidth."; $errors[] = "You need to buy more to use the Internet."; } else $errors[] = $_GET['reply']; else $errors[] = "Username and/or password rejected."; } } On Wed, Feb 12, 2014 at 6:16 AM, Alan DeKok <aland@deployingradius.com>wrote:
Russell Mike wrote:
1.) Dear Alan - What is site specific means ?
It means that the problem is specific to your site. Most people don't do that kind of thing.
2.) Since you advised the solution. Could you please kindly assist little more by elaborating more. Which kind of program you are talking about? i am asking because i could not understand fully. Please help me with small example. I shall try to workout.
I'm not sure there's more to say. You need to poke the UAM. So... write a program to poke the UAM. I have no idea how that's done, because I'm not using your UAM.
Then, make FreeRADIUS run the program. That part should be simple.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html