I check the login before sending it to the Chilli to login.

    public function get_user_password($username)
    {
        $stmt = $this->mysqli->prepare("SELECT value FROM radcheck WHERE username = ? AND attribute = 'Cleartext-Password'");
        $stmt->bind_param('s', $username);
        $stmt->execute();
        $stmt->store_result();
        if ($stmt->num_rows() == 0)
            $return = NULL;
        else
        {
            $stmt->bind_result($password);
            $stmt->fetch();
            $return = $password;
        }
        $stmt->free_result();
        $stmt->close();
        return $return;
    }


...

function chilli_login()
{
    if (!empty($_GET['challenge']))
        $challenge = $_GET['challenge'];
    elseif (!empty($_SESSION['chilli']['challenge']))
        $challenge = $_SESSION['chilli']['challenge'];
    if (empty($challenge) || empty($_POST['username']) || empty($_POST['password']))
        error('CHILLI_LOGIN_FAILED');
    $_SESSION['login'] = $_POST;
    $uamsecret = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz';
    $hexchal = pack("H32", $challenge);
    $newchal = pack("H*", md5($hexchal . $uamsecret));
    $response = md5("\0" . $_POST['password'] . $newchal);
    $query = http_build_query(array(
        'username' => $_POST['username'],
        'response' => $response,
//        'userurl' => $_GET['userurl']
    ), '', '&', PHP_QUERY_RFC3986);
    header("Location: http://10.1.0.1:3990/login?" . $query);
    die();
}


...

if (isset($_GET['login']))
{
      if (!$db_radius->user_exists($_POST['username']))
        $errors[] = 'Name does not exist.';
    if ($_POST['password'] != $db_radius->get_user_password($_POST['username']))
        $errors[] = 'Password incorrect.';
    if (empty($errors))
    {
        chilli_login();
    }
}

if (!empty($_GET['res']))
{
    switch ($_GET['res'])
    {
        case 'failed':
            if (isset($_GET['reply']))
                if ($_GET['reply'] == 'Your maximum daily usage time has been reached' ||
                    $_GET['reply'] == 'Your maximum weekly usage time has been reached' ||
                    $_GET['reply'] == 'Your maximum monthly usage time has been reached')
                {
                    $bandwidth = $db_radius->get_user_bandwidth($_SESSION['login']['username']);
                    $bandwidth_types = array('all-time', 'daily', 'weekly', 'monthly');
                    $errors[] = "You have used your " . format_bytes($bandwidth['limit']['bytes'], 2) . " of {$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!";
                    $remaining_time = ($bandwidth['remaining']['time'] > 0 ? duration($bandwidth['remaining']['time']) : '∞');
                    $errors[] = "Your bandwidth resets in: {$remaining_time}.";
                }
                elseif ($_GET['reply'] == 'Your maximum never usage time has been reached')
                {
                    $errors[] = "You have used all your bandwidth.";
                    $errors[] = "You need to buy more to use the Internet.";
                }
                else
                    $errors[] = $_GET['reply'];
            else
                $errors[] = "Username and/or password rejected.";
    }
}



On Wed, Feb 12, 2014 at 6:16 AM, Alan DeKok <aland@deployingradius.com> wrote:
Russell Mike wrote:
>     1.) Dear Alan - What is site specific means ?

  It means that the problem is specific to your site.  Most people don't
do that kind of thing.

>      2.) Since you advised the solution. Could you please kindly assist
> little more by elaborating more. Which kind of program you are talking
> about? i am asking because i could not understand fully. Please help me
> with small example. I shall try to workout.

  I'm not sure there's more to say.  You need to poke the UAM.  So...
write a program to poke the UAM.  I have no idea how that's done,
because I'm not using your UAM.

  Then, make FreeRADIUS run the program.  That part should be simple.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html