Captive Portal

hello,
  I'm wondering if there is a way to automatically log off users, if they forget to hit the log off button.  So if they close their browser they will be dissconnected.  Not so important with people who bring in their own laptop.  But if someone on a public computer forgets to log off, the next person can come along and use their account.   


this would be greatly helpful.

i can use a idle-timeout, but on heavy usage machines.   This really isnt a functional solution.

thanks for any helpful solutions.   

B

As far as know there isn't.  A web browser keeps a session going and thus, you can login to m0n0wall, close your browser, open it back up and it ask for the password again, which is good. But when it comes to Captive Portal, it isn't a session based setup. So when you login, Captive Portal gives your IP the green light to connect and closing the web browser doesn't "tell" m0n0wall that your done.  The closest thing to this would be to emulate the "log out" script for m0n0wall and tie to a "closing browser" event so that the web browser sends a final "log me out" message to m0n0wall.

That would work, but other than Firefox, I'm not sure of what the other web browsers out there can do.

thats exactly what I've been looking at.   The "onbeforeunload" command could be utilized to do this.     I  was able to get the php script from m0n0wall where the logout window is hardcoded into it. and I've been looking at it. 

I know zeroshell is able to accomplish this, and it does it with an "onbeforeunload" command.  (unfortunetly, they have no accounting so I can't use it) anyway, I'm looking at how zeroshell does it,  and that might help me.   Like I said though, my scripting is pretty much limited to some html, and some php, so I'm feeling a bit challenged with it.   I'd love to hear some insights on how I might incorporate this.   I think it would be a great addition to m0n0wall.

onbeforeunload works in IE, and Firefox, which is ok, these are public access computers, and I can control which browser they use, I'm not to concerned about others personal laptops they use, this is basically to limit the ability of someone using the previous users acct.  I would love to use it to warn users that if they close the browser they will be logged off, and they can cancel the logoff if they want or hit "ok" and be logged off.  

anyhoo, if anyone has any collaborative ideas on how this might work. I would love to hear them....like I said, I have a basic idea how this may be done, but I'm a little weak in the web scripting department.

there may also be other scripting methods that i'm unaware of.


thanks
butteryak.

Well, I can think of a "hack" way off the top of my head.  Since you have control of these computers, redirect the shortcuts to a batch file that starts the same browser, as in, it runs the programs, but then put in a wait command that when they exit the program, it runs another command, which can be the script that sends the "log me out" command to m0n0wall, thus terminating their captive portal session.

Something like

start /wait C:\Program Files\Mozilla Firefox\firefox.exe

start C:\Program Files\Mozilla Firefox\firefox.exe "http://192.168.1.1/logout.html"

So basically, when they start the program, it waits until they terminate firefox, then it just loads up firefox again with the logout file or script which can say "thanks for using this, etc." and then they can close or the next person can use the computer, but either way, it logs them out.

I managed to get this working with the onbeforeuload command. after much trial and error.  (more error than trial)  I got onbeforeunload to submit the form.   with just a bit of tweaking of the code in /usr/local/captiveportal/index.php

If this is handy for anyone I'd be glad to send them the code.

thanks for the help folks..

Hi butteryak,

i'm currently facing the same problem request if you could please send the script code.

Appreciate your supportive response.

Thanks,

banaba.

[onbeforeunload]

yeah, no problem.   it took me a while to figure it out, so if this helps save someone some headaches, I'm more than happy, to help.

This is what the logout html looks like with my modifications.   The html is generated by index.php  located in /usr/local/captiveportal/

I had to include some javascript in order to get it to do what i wanted.  It's not as simple as just pasting the code in.  as I said, it's generated from index.php.   (i'm not a scriptor, so I dont really know what I"m talking about) what you bacially have to do is include the changes, in index.php where it writes the html for the logout popup.

anyway, I'll include an attachment that has the modified index.php

otherwise here is what the html for the logout button looks like with the modifications.  I basically had to write a javascript using onbeforeunload to get it to do what I want.

<html><head><title>Logout</title></head>
<script language="JavaScript">
var needToConfirm = true;
function confirmExit(){
myform.submit();
}
</script>
<body bgcolor="#435370"><div align="center" style="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;"><b>Click the button below to disconnect</b><p></p><form name="myform" form method="POST" action="http://192.168.11.1:8000/"><input name="logout_id" type="hidden" value="cee42bef22196ad1"></div></body></html>
<div align="center"><input type="Submit" value="Logout" onclick="needToConfirm = false;" ><body onbeforeunload = confirmExit()>
</form>
</DIV></BODY>
</HTML>



honestly, I dont even know if this is good coding,  but it works.   

I'll attach a file.  called "index.php"

what you want to do, is replace the file at  /usr/local/captiveportal/index.php with the one you modify, or the one I sent you.   

basically go to the hidden exec page on your monowall router.    http://(your ip address of your mono)/exec.php

not sure if your familiar with it or not.  but you can download files from your setup, and then upload to a temp directory.  then run the command.

mv tmp/index.php  var/local/captiveportal/  this will move the uploaded file(from the tmp dir.) to the right directory and replace the existing index.php with the modified one.

Keep in mind, this is only temporary.  once you reboot the machine, the changes are lost.  I know its a bummer.  but it's great for testing.  if you screw up, your changes revert back to original.  and if you have to use it this way, you can always just go through the few steps it takes to get it applied again.

In order to make it stick, these changes have to be applied to the disk image you use to install .  which admittedly I have not yet ventured into.  it looks like alot of work.   I'll do it eventually.

ps.   forum will not let me upload a php file. so I changed the extention to html,   just switch it back to use it.

PS.
   As I said, I insert this via the exec page, which doesnt hold.    What I really need to do is create an firmware .img with these changes.   Since this is a bit beyond my ability right now, if anyone out there can do it, and i can get an firmware img from them, I would greatly appreciate it!

thanks
B

informative post many of us will b beneficial from it

This is gr8. Must try it. Anyone who knows how to edit the .bin image file to include it as a more permanent solution?

   As I said, I insert this via the exec page, which doesnt hold.    What I really need to do is create an firmware .img with these changes.   Since this is a bit beyond my ability right now, if anyone out there can do it, and i can get an firmware img from them, I would greatly appreciate it!