Use login.sh with config select of "continue" or username/email login.
Allow reneabling with allow_legacy_splash config option.
Signed-off-by: Rob White <rob@blue-wave.net>
As (most) client CPD processes close immediately on authentication,
RedirectURL no longer works.
Similar but reliable functionality can be achieved by using FAS,
displaying the required URL BEFORE authenticating.
Signed-off-by: Rob White <rob@blue-wave.net>
Changelog updates for 6.0.0
Set MHD version check to >= 0.9.71
Clean up Preauth "Already authenticated" page
Update config files for v6.0.0
Add description for binauth output and input arguments
Tidy function do_binauth
Add preauth multifield login script with css update
Clarify custom string options
Hidden or client entered custom string
Signed-off-by: Rob White <rob@blue-wave.net>
See issue #516
"#" is used as a comment indicator in nodogsplash.conf
This fix allows the character to be present as part of an option value.
If the character occurs at the beginning of the line,
the line will be considered as a comment.
"'" (single quote/asterisk) is used as a uci delimiter.
If this character is required in gatewayname then use the
htmlentity ' instead.
The default config files have been updated to reflect this.
The demo preauth scripts have been modified to ensure
gatewayname is properly escaped.
Signed-off-by: Rob White <rob@blue-wave.net>
See issue #515
MHD_get_version is used to determine the installed (runtime) version of
libmicrohttpd (MHD).
If the version is earlier than 0.9.69, then by default, NDS will terminate.
However, if option use_outdated_mhd is set to 1, NDS starts normally
but logs an error.
Signed-off-by: Rob White <rob@blue-wave.net>
Disabled is 0 (default)
Enabled is 1
This allows custom unescape in MHD.
MHD needs to unescape characters sent in query strings by browsers.
When this option is disabled, MHD uses its builtin unescape.
When enabled, MHD uses /usr/lib/nodogsplash/unescape.sh
The unescape.sh library is safe as all incoming queries are escaped
by the client browser and the argument containing string to be unescaped
is quoted by NDS.
Signed-off-by: Rob White <rob@blue-wave.net>
This is a fix to allow "+" and "&" characters in user data passed to MHD in get requests.
Reported in issue #476, this effected PreAuth and Binauth.
"+" and "&" characters can now be used in form data, eg passwords etc.
Signed-off-by: Rob White <rob@blue-wave.net>
Allows simple switch between templated splash page and preauth login script.
Disabled:
option login_option_enabled '0'
use config options for FAS if set, or Templated Splash
Enabled:
option login_option_enabled '1'
use preauth login script providing username/email login with access log
Signed-off-by: Rob White <rob@blue-wave.net>
This enhancement allows custom variables generated by FAS
to be sent to Binauth.
FAS can embed custom variables into redir, allowing
local post authentication processing to take place.
Two example scripts are provided.
The first provides sitewide username/password login for two user groups,
Staff and Guest in the example.
Staff has unlimited access, Guest is limited to 10 minutes per session.
The second provides local logging of NDS logins, even with a remote FAS.
The documentation is fully updated.
Signed-off-by: Rob White <rob@blue-wave.net>
redirectURL is now redundant as most CPD implementations immediately close the "splash" page
as soon as NDS authenticates, thus redirectURL will not be shown.
This functionality, ie displaying a particular web page as a final "Landing Page"
can be achieved reliably using FAS, with NDS calling the previous "redirectURL" as the FAS page.
Signed-off-by: Rob White <rob@blue-wave.net>
Simple configuration of fas running on remote shared hosting server.
Encrypt the query string sent to remote FAS.
Documentation Updates.
Bumping to v4.0.0
Signed-off-by: Rob White <rob@blue-wave.net>
