Article by: Charles M. |
Last Modified: 2016-03-05 10:57:58
Solution: M0n0wall Captive Portal Logout URL e.g. http://192.168.1.1/logout
First of all, this howto is not detailed and assumes one nows how to
work with PHP (Learn PHP in 17 Hours), Mysql and linux. If not, you can
still read through to get the general idea. I will be working on the finer details later - so please keep on checking.
Second, see Freeradius mysql MAC authentication using m0n0wall as NAS for initial configuration before proceeding.
M0n0wall is a FreeBSD firewall created by Manuel Kasper with many features. Of interest to us it the captive portal feature. If you would like to see full
feature list and stuff that M0n0wall can do for you, you can visit http://m0n0.ch/wall/features.php.
Basically, I run a billing system for my clients. I use an old PC (pentium II) which runs the M0n0wall NAS. I run a seperate Radius server installed with
Fedorah 12, Mysql 5.1 and Freeradius 2.0.
Having worked with M0n0wall for a while now, I find it excellent for my Captive Portal requirements, except one thing! The logout process. When
a user logs in, the captive portal produces a pop-up logout window so that when the user wants to logout, he/she will click a button on the
pop window. The problem is, if a user has a pop-up blocker software installed or he/she accidentally closes the logout pop-up window, he may never be
able to logout and his credit will slowly ran out until he reaches the configured idle-timoute period. I needed a solution for that and posted
a feature request here, but its not one of the priorities there ;)
This is my personal solution that I use. It may not be the best and infact some of the methods are really crude but the bottom line is it
works well for me
Solution: Logout URL - my way!
I did a little bit of study on the source html code of the logout popup window and noticed that, if I could recreate it when I use opens a special logout
url then that would be it!
I searched for the "logout_id" value "3a3829ac3dfe4e8d"
in the accouting table -radacct- of Mysql database nd found
out that its the "acctsessionid" column. Also found out that, its the newest column for that user!
The IP, 10.10.10.50 is the LAN ip of Monowall . So whats needed is only to alter the acctsessionid in red above for any user who
wants to be logged out and display the logout form !
The problem that followed was to identify which user was
requesting logout, then search for his acctsessionid and constitute a logout form for him/her to click to
M0n0wall Logout Implimentation example
In this example, the radius server that has apache webserver configured has an IP address 192.168.1.1 and the M0n0wall LAN ip is
- User wishing to logout opens
- A 'login' screen appears and
the user logs in with his username and password . NB: this is NOT the
captive portal login screen by M0n0wall. (this is the only way to know
the client to be logged out)
- User is validated
and the newest actsessionid
is queried from the database. I use the
- "SELECT radacctid, AcctStartTime, acctsessionid FROM `radacct` WHERE
nasporttype IS NOT NULL and username = '". mysql_real_escape_string($myuser) ."' ORDER BY
`radacct`.`RadAcctId` DESC LIMIT 0 , 1";
- With the returned
consititute a logout
form replacing the acctsessionid
resulting value from the above query.
Now the user needs to click logout and is logged out!
You can also use the window to report to the user his/her balance.
Share this Article
As I was doing this, I realised I could sell small things like CDs, my
funny video clips, GSM air time, among other revenue generating items
on the logout
form. A User logging out, is able to see items that I am selling and on
click, he is asked to confirm if he or she would like to purchase the
item. Once confirmed, item is charged on his balance . My currency
minutes. If you bill your clients per Megabyte, then your currency
in in Megabytes.
By adding a record of the expense in Minutes (seconds actually) or
table in Mysql, you can reduce user's online time.
M0n0wall has a nice Captive portal feature for reauthenticating every
minute. Using this feature, a user can be kicked if he/she purchases
an item while online and runs out of balance.
In the example below, as user called 'louis' purchased an
item code-named 'BIG_BABY' - actually a short funny clip that my sister
did, at the cost of 1,500 seconds of his online time!
Hope this helps someone. I will try to add more details later.
[2010-08-30] Kanuty says:
Please send me full code. I dn\'t know much in PHP. Need M0n0wall
[2011-01-27] Cibu says:
I found a solution within m0n0wall:
I added to
* the captive-code disconnection capability for IP
* my redirection-page and my main-guest-page a generic logout-button
logout by static URL is not possible without reducing security or bigger changes.
[2011-11-23] anania says:
how do i create monowall login page
[2017-01-15] Vicfdiwci says:
Post your Comments