From: jdegraeve <jdegraeve@e36fee2c-cc09-0410-a7cc-ebac5c6737de>
Date: Thu, 9 Feb 2006 10:53:49 +0000 (+0000)
Subject: Lunch commitment for safety ;)
X-Git-Url: https://git.gsnw.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a3e1cb22bef6b2aac337a3cb309f75447c2ef29;p=m0n0chwall.git

Lunch commitment for safety ;)

git-svn-id: https://svn.m0n0.ch/wall/trunk@65 e36fee2c-cc09-0410-a7cc-ebac5c6737de
---

diff --git a/captiveportal/index.php b/captiveportal/index.php
index 4791c56..fb83d7e 100644
--- a/captiveportal/index.php
+++ b/captiveportal/index.php
@@ -1,32 +1,32 @@
 #!/usr/local/bin/php
 <?php 
 /*
-	$Id$
-	part of m0n0wall (http://m0n0.ch/wall)
-	
-	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-	All rights reserved.
-	
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-	
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-	
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-	
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
+    $Id$
+    part of m0n0wall (http://m0n0.ch/wall)
+    
+    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+    All rights reserved.
+    
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+    
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+    
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+    
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
 */
 
 require_once("functions.inc");
@@ -43,53 +43,53 @@ $orig_request = $_ENV['CAPTIVE_REQPATH'];
 $clientip = $_ENV['REMOTE_ADDR'];
 
 if (!$clientip) {
-	/* not good - bail out */
-	exit;
+    /* not good - bail out */
+    exit;
 }
 
 if (isset($config['captiveportal']['httpslogin']))
-	$ourhostname = $config['captiveportal']['httpsname'] . ":8001";
+    $ourhostname = $config['captiveportal']['httpsname'] . ":8001";
 else
-	$ourhostname = $config['interfaces'][$config['captiveportal']['interface']]['ipaddr'] . ":8000";
+    $ourhostname = $config['interfaces'][$config['captiveportal']['interface']]['ipaddr'] . ":8000";
 
 if ($orig_host != $ourhostname) {
-	/* the client thinks it's connected to the desired web server, but instead
-	   it's connected to us. Issue a redirect... */
-	  
-	if (isset($config['captiveportal']['httpslogin']))
-		header("Location: https://{$ourhostname}/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
-	else
-		header("Location: http://{$ourhostname}/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
-	
-	exit;
+    /* the client thinks it's connected to the desired web server, but instead
+       it's connected to us. Issue a redirect... */
+      
+    if (isset($config['captiveportal']['httpslogin']))
+        header("Location: https://{$ourhostname}/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
+    else
+        header("Location: http://{$ourhostname}/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
+    
+    exit;
 }
 
 if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
-	$redirurl = urldecode($matches[1]);
+    $redirurl = urldecode($matches[1]);
 if ($_POST['redirurl'])
-	$redirurl = $_POST['redirurl'];
+    $redirurl = $_POST['redirurl'];
 
 $macfilter = !isset($config['captiveportal']['nomacfilter']);
 
 /* find MAC address for client */
 $clientmac = arp_get_mac_by_ip($clientip);
 if (!$clientmac && $macfilter) {
-	/* unable to find MAC address - shouldn't happen! - bail out */
-	captiveportal_logportalauth("unauthenticated","noclientmac",$clientip,"ERROR");
-	/* We should return an error page to the client explaining what went wrong instead of exiting */
-	exit;
+    /* unable to find MAC address - shouldn't happen! - bail out */
+    captiveportal_logportalauth("unauthenticated","noclientmac",$clientip,"ERROR");
+    /* We should return an error page to the client explaining what went wrong instead of exiting */
+    exit;
 }
 
 /* find out if we need RADIUS + RADIUSMAC or not */
 if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
-	$radius_enable = TRUE;
-	if ($radius_enable && isset($config['captiveportal']['radmac_enable']))
-		$radmac_enable = TRUE;
+    $radius_enable = TRUE;
+    if ($radius_enable && isset($config['captiveportal']['radmac_enable']))
+        $radmac_enable = TRUE;
 }
 
 if ($_POST['logout_id']) {
-	disconnect_client($_POST['logout_id']);
-	echo <<<EOD
+    disconnect_client($_POST['logout_id']);
+    echo <<<EOD
 <HTML>
 <HEAD><TITLE>Disconnecting...</TITLE></HEAD>
 <BODY BGCOLOR="#435370">
@@ -107,220 +107,220 @@ setTimeout('window.close();',5000) ;
 EOD;
 /* The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail */
 } else if ($clientmac && portal_mac_fixed($clientmac)) {
-	/* punch hole in ipfw for pass thru mac addresses */
-	portal_allow($clientip, $clientmac, "unauthenticated");
-	exit;
+    /* punch hole in ipfw for pass thru mac addresses */
+    portal_allow($clientip, $clientmac, "unauthenticated");
+    exit;
 
 } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) {
-	/* radius functions handle everything so we exit here since we're done */
-	exit;
+    /* radius functions handle everything so we exit here since we're done */
+    exit;
 
 } else if ($_POST['accept'] && $radius_enable) {
 
-	if ($_POST['auth_user'] && $_POST['auth_pass']) {
-		$auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
-
-		if ($auth_list['auth_val'] == 1) {
-			captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
-			portal_reply_page($redirurl, "error", $auth_list['error']);
-		}
-		else if ($auth_list['auth_val'] == 3) {
-			captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
-			portal_reply_page($redirurl, "error", $auth_list['reply_message']);
-		}
-	} else {
-		captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
-		portal_reply_page($redirurl, "error");
-	}
-	
+    if ($_POST['auth_user'] && $_POST['auth_pass']) {
+        $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
+
+        if ($auth_list['auth_val'] == 1) {
+            captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
+            portal_reply_page($redirurl, "error", $auth_list['error']);
+        }
+        else if ($auth_list['auth_val'] == 3) {
+            captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
+            portal_reply_page($redirurl, "error", $auth_list['reply_message']);
+        }
+    } else {
+        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
+        portal_reply_page($redirurl, "error");
+    }
+    
 } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
 
-	//check against local usermanager
-	$userdb = &$config['captiveportal']['user'];
-
-	$loginok = false;
-
-	//erase expired accounts
-	if (is_array($userdb)) {
-		$moddb = false;
-		for ($i = 0; $i < count($userdb); $i++) {
-			if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) {
-				unset($userdb[$i]);
-				$moddb = true;
-			}
-		}
-		if ($moddb)
-			write_config();
-			
-		$userdb = &$config['captiveportal']['user'];
-		
-		for ($i = 0; $i < count($userdb); $i++) {
-			if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) {
-				$loginok = true;
-				break;
-			}
-		}
-	}
-
-	if ($loginok){
-		captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
-		portal_allow($clientip, $clientmac,$_POST['auth_user']);
-	} else {
-		captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
-		portal_reply_page($redirurl, "error");
-	}
+    //check against local usermanager
+    $userdb = &$config['captiveportal']['user'];
+
+    $loginok = false;
+
+    //erase expired accounts
+    if (is_array($userdb)) {
+        $moddb = false;
+        for ($i = 0; $i < count($userdb); $i++) {
+            if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) {
+                unset($userdb[$i]);
+                $moddb = true;
+            }
+        }
+        if ($moddb)
+            write_config();
+            
+        $userdb = &$config['captiveportal']['user'];
+        
+        for ($i = 0; $i < count($userdb); $i++) {
+            if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) {
+                $loginok = true;
+                break;
+            }
+        }
+    }
+
+    if ($loginok){
+        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
+        portal_allow($clientip, $clientmac,$_POST['auth_user']);
+    } else {
+        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
+        portal_reply_page($redirurl, "error");
+    }
 } else if ($_POST['accept'] && $clientip) {
-	captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
-	portal_allow($clientip, $clientmac, "unauthenticated");
+    captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
+    portal_allow($clientip, $clientmac, "unauthenticated");
 } else {
-	/* display captive portal page */
-	portal_reply_page($redirurl, "login");
+    /* display captive portal page */
+    portal_reply_page($redirurl, "login");
 }
 
 exit;
 
 function portal_reply_page($redirurl, $type = null, $message = null) {
-	global $g, $config;
+    global $g, $config;
 
-	/* Get captive portal layout */
-	if ($type == "login") 
-		$htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html");
-	else 
-		$htmltext = file_get_contents("{$g['varetc_path']}/captiveportal-error.html");
+    /* Get captive portal layout */
+    if ($type == "login") 
+        $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html");
+    else 
+        $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal-error.html");
 
-	/* substitute other variables */
-	if (isset($config['captiveportal']['httpslogin']))
-		$htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
-	else
-		$htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext);
+    /* substitute other variables */
+    if (isset($config['captiveportal']['httpslogin']))
+        $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
+    else
+        $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext);
 
-	$htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext);
-	$htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext);
+    $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext);
+    $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext);
 
-	echo $htmltext;
+    echo $htmltext;
 }
 
 function portal_mac_fixed($clientmac) {
-	global $g ;
-	
-	/* open captive portal mac db */
-	if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) {
-		$fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db","r") ;
-		if (!$fd) {
-			return FALSE;
-		}
-		while (!feof($fd)) {
-			$mac = trim(fgets($fd)) ;
-			if(strcasecmp($clientmac, $mac) == 0) {
-				fclose($fd) ;
-				return TRUE ;
-			}
-		}
-		fclose($fd) ;
-	}
-	return FALSE ;
-}	
+    global $g ;
+    
+    /* open captive portal mac db */
+    if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) {
+        $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db","r") ;
+        if (!$fd) {
+            return FALSE;
+        }
+        while (!feof($fd)) {
+            $mac = trim(fgets($fd)) ;
+            if(strcasecmp($clientmac, $mac) == 0) {
+                fclose($fd) ;
+                return TRUE ;
+            }
+        }
+        fclose($fd) ;
+    }
+    return FALSE ;
+}    
 
 function portal_mac_radius($clientmac,$clientip) {
-	global $config ;
+    global $config ;
 
-	$radmac_secret = $config['captiveportal']['radmac_secret'];
+    $radmac_secret = $config['captiveportal']['radmac_secret'];
 
-	/* authentication against the radius server */
-	$auth_list = radius($clientmac,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
-	if ($auth_list['auth_val'] == 2) {
-		return TRUE;
-	}
-	return FALSE;
+    /* authentication against the radius server */
+    $auth_list = radius($clientmac,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
+    if ($auth_list['auth_val'] == 2) {
+        return TRUE;
+    }
+    return FALSE;
 }
 
 function portal_allow($clientip,$clientmac,$clientuser,$password = null, $session_timeout = null, $idle_timeout = null, $url_redirection = null, $session_terminate_time = null)  {
 
-	global $redirurl, $g, $config;
-
-	if ((isset($config['captiveportal']['noconcurrentlogins'])) && ($clientuser != 'unauthenticated'))
-		kick_concurrent_logins($clientuser);
-
-	captiveportal_lock();
-	
-	$ruleno = get_next_ipfw_ruleno();
-
-	/* generate unique session ID */
-	$tod = gettimeofday();
-	$sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
-	
-	/* add ipfw rules for layer 3 */
-	exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
-	exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
-	
-	/* add ipfw rules for layer 2 */
-	if (!isset($config['captiveportal']['nomacfilter'])) {
-		$l2ruleno = $ruleno + 10000;
-		exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in");
-		exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out");
-	}
-	
-	/* read in client database */
-	$cpdb = captiveportal_read_db();
-	
-	$radiusservers = captiveportal_get_radius_servers();
-
-	/* find an existing entry and delete it */
-	for ($i = 0; $i < count($cpdb); $i++) {
-		if(!strcasecmp($cpdb[$i][2],$clientip)) {
-			if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
-				RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
-									   $cpdb[$i][4], // username
-									   $cpdb[$i][5], // sessionid
-									   $cpdb[$i][0], // start time
-									   $radiusservers[0]['ipaddr'],
-									   $radiusservers[0]['acctport'],
-									   $radiusservers[0]['key'],
-									   $cpdb[$i][2], // clientip
-									   $cpdb[$i][3], // clientmac
-									   13); // Port Preempted
-			}
-			mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
-			unset($cpdb[$i]);
-			break;
-		}
-	}	
-
-	/* encode password in Base64 just in case it contains commas */
-	$bpassword = base64_encode($password);
-	$cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $clientuser, $sessionid, $bpassword, $session_timeout, $idle_timeout, $session_terminate_time);
-
-	/* rewrite information to database */
-	captiveportal_write_db($cpdb);
-
-	/* write next rule number */
-	$fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w");
-	if ($fd) {
-		$ruleno++;
-		if ($ruleno > 19899)
-			$ruleno = 10000;	/* wrap around */
-		fwrite($fd, $ruleno);
-		fclose($fd);
-	}
-	
-	captiveportal_unlock();
-	
-	/* redirect user to desired destination */
-	if ($url_redirection)
-		$my_redirurl = $url_redirection;
-	else if ($config['captiveportal']['redirurl'])
-		$my_redirurl = $config['captiveportal']['redirurl'];
-	else
-		$my_redirurl = $redirurl;
-	
-	if(isset($config['captiveportal']['logoutwin_enable'])) {
-		
-		if (isset($config['captiveportal']['httpslogin']))
-			$logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
-		else
-			$logouturl = "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/";
-		
-		echo <<<EOD
+    global $redirurl, $g, $config;
+
+    if ((isset($config['captiveportal']['noconcurrentlogins'])) && ($clientuser != 'unauthenticated'))
+        kick_concurrent_logins($clientuser);
+
+    captiveportal_lock();
+    
+    $ruleno = get_next_ipfw_ruleno();
+
+    /* generate unique session ID */
+    $tod = gettimeofday();
+    $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
+    
+    /* add ipfw rules for layer 3 */
+    exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
+    exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
+    
+    /* add ipfw rules for layer 2 */
+    if (!isset($config['captiveportal']['nomacfilter'])) {
+        $l2ruleno = $ruleno + 10000;
+        exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in");
+        exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out");
+    }
+    
+    /* read in client database */
+    $cpdb = captiveportal_read_db();
+    
+    $radiusservers = captiveportal_get_radius_servers();
+
+    /* find an existing entry and delete it */
+    for ($i = 0; $i < count($cpdb); $i++) {
+        if(!strcasecmp($cpdb[$i][2],$clientip)) {
+            if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
+                RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+                                       $cpdb[$i][4], // username
+                                       $cpdb[$i][5], // sessionid
+                                       $cpdb[$i][0], // start time
+                                       $radiusservers[0]['ipaddr'],
+                                       $radiusservers[0]['acctport'],
+                                       $radiusservers[0]['key'],
+                                       $cpdb[$i][2], // clientip
+                                       $cpdb[$i][3], // clientmac
+                                       13); // Port Preempted
+            }
+            mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+            unset($cpdb[$i]);
+            break;
+        }
+    }    
+
+    /* encode password in Base64 just in case it contains commas */
+    $bpassword = base64_encode($password);
+    $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $clientuser, $sessionid, $bpassword, $session_timeout, $idle_timeout, $session_terminate_time);
+
+    /* rewrite information to database */
+    captiveportal_write_db($cpdb);
+
+    /* write next rule number */
+    $fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w");
+    if ($fd) {
+        $ruleno++;
+        if ($ruleno > 19899)
+            $ruleno = 10000;    /* wrap around */
+        fwrite($fd, $ruleno);
+        fclose($fd);
+    }
+    
+    captiveportal_unlock();
+    
+    /* redirect user to desired destination */
+    if ($url_redirection)
+        $my_redirurl = $url_redirection;
+    else if ($config['captiveportal']['redirurl'])
+        $my_redirurl = $config['captiveportal']['redirurl'];
+    else
+        $my_redirurl = $redirurl;
+    
+    if(isset($config['captiveportal']['logoutwin_enable'])) {
+        
+        if (isset($config['captiveportal']['httpslogin']))
+            $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
+        else
+            $logouturl = "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/";
+        
+        echo <<<EOD
 <HTML>
 <HEAD><TITLE>Redirecting...</TITLE></HEAD>
 <BODY>
@@ -331,18 +331,18 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = null, $sessio
 <!--
 LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64');
 if (LogoutWin) {
-	LogoutWin.document.write('<HTML>');
-	LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
-	LogoutWin.document.write('<BODY BGCOLOR="#435370">');
-	LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
-	LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
-	LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">');
-	LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">');
-	LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
-	LogoutWin.document.write('</FORM>');
-	LogoutWin.document.write('</DIV></BODY>');
-	LogoutWin.document.write('</HTML>');
-	LogoutWin.document.close();
+    LogoutWin.document.write('<HTML>');
+    LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
+    LogoutWin.document.write('<BODY BGCOLOR="#435370">');
+    LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
+    LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
+    LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">');
+    LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">');
+    LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
+    LogoutWin.document.write('</FORM>');
+    LogoutWin.document.write('</DIV></BODY>');
+    LogoutWin.document.write('</HTML>');
+    LogoutWin.document.close();
 }
 
 document.location.href="{$my_redirurl}";
@@ -352,11 +352,11 @@ document.location.href="{$my_redirurl}";
 </HTML>
 
 EOD;
-	} else {
-		header("Location: " . $my_redirurl); 
-	}
-	
-	return $sessionid;
+    } else {
+        header("Location: " . $my_redirurl); 
+    }
+    
+    return $sessionid;
 }
 
 /* Ensure that only one username is used by one client at a time
@@ -364,78 +364,78 @@ EOD;
  */
 function kick_concurrent_logins($user) {
 
-	captiveportal_lock();
+    captiveportal_lock();
 
-	/* read database */
-	$cpdb = captiveportal_read_db();
+    /* read database */
+    $cpdb = captiveportal_read_db();
 
-	captiveportal_unlock();
+    captiveportal_unlock();
 
-	if (isset($cpdb)) {
-		/* find duplicate entry */
-		for ($i = 0; $i < count($cpdb); $i++) {
-			if ($cpdb[$i][4] == $user) {
-				/* This user was already logged in */
-				disconnect_client($cpdb[$i][5],"CONCURRENT LOGIN - TERMINATING OLD SESSION",13);
-			}
-		}
-	}
+    if (isset($cpdb)) {
+        /* find duplicate entry */
+        for ($i = 0; $i < count($cpdb); $i++) {
+            if ($cpdb[$i][4] == $user) {
+                /* This user was already logged in */
+                disconnect_client($cpdb[$i][5],"CONCURRENT LOGIN - TERMINATING OLD SESSION",13);
+            }
+        }
+    }
 }
 
 /* remove a single client by session ID
    by Dinesh Nair
  */
 function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) {
-	
-	global $g, $config;
-	
-	captiveportal_lock();
-	
-	/* read database */
-	$cpdb = captiveportal_read_db();
-	
-	$radiusservers = captiveportal_get_radius_servers();
-	
-	/* find entry */	
-	for ($i = 0; $i < count($cpdb); $i++) {
-		if ($cpdb[$i][5] == $sessionid) {
-			/* this client needs to be deleted - remove ipfw rules */
-			if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
-				RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
-									   $cpdb[$i][4], // username
-									   $cpdb[$i][5], // sessionid
-									   $cpdb[$i][0], // start time
-									   $radiusservers[0]['ipaddr'],
-									   $radiusservers[0]['acctport'],
-									   $radiusservers[0]['key'],
-									   $cpdb[$i][2], // clientip
-									   $cpdb[$i][3], // clientmac
-									   $term_cause);
-			}
-			mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
-			captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason);
-			unset($cpdb[$i]);
-			break;
-		}
-	}
-	
-	/* rewrite information to database */
-	captiveportal_write_db($cpdb);
-	
-	captiveportal_unlock();
+    
+    global $g, $config;
+    
+    captiveportal_lock();
+    
+    /* read database */
+    $cpdb = captiveportal_read_db();
+    
+    $radiusservers = captiveportal_get_radius_servers();
+    
+    /* find entry */    
+    for ($i = 0; $i < count($cpdb); $i++) {
+        if ($cpdb[$i][5] == $sessionid) {
+            /* this client needs to be deleted - remove ipfw rules */
+            if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
+                RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+                                       $cpdb[$i][4], // username
+                                       $cpdb[$i][5], // sessionid
+                                       $cpdb[$i][0], // start time
+                                       $radiusservers[0]['ipaddr'],
+                                       $radiusservers[0]['acctport'],
+                                       $radiusservers[0]['key'],
+                                       $cpdb[$i][2], // clientip
+                                       $cpdb[$i][3], // clientmac
+                                       $term_cause);
+            }
+            mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+            captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason);
+            unset($cpdb[$i]);
+            break;
+        }
+    }
+    
+    /* rewrite information to database */
+    captiveportal_write_db($cpdb);
+    
+    captiveportal_unlock();
 }
 
 function get_next_ipfw_ruleno() {
 
-	global $g;
+    global $g;
 
-	/* get next ipfw rule number */
-	if (file_exists("{$g['vardb_path']}/captiveportal.nextrule"))
-		$ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule"));
-	if (!$ruleno)
-		$ruleno = 10000;	/* first rule number */
+    /* get next ipfw rule number */
+    if (file_exists("{$g['vardb_path']}/captiveportal.nextrule"))
+        $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule"));
+    if (!$ruleno)
+        $ruleno = 10000;    /* first rule number */
 
-	return $ruleno;
+    return $ruleno;
 }
 
 ?>
diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc
index 6e95e10..2f27f16 100644
--- a/captiveportal/radius_accounting.inc
+++ b/captiveportal/radius_accounting.inc
@@ -1,68 +1,68 @@
 <?php
 /*
-	$Id$
-	part of m0n0wall (http://m0n0.ch/wall)
-	
-	Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
-	All rights reserved.
-	
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-	
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-	
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-	
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-
-	// This version of radius_accounting.inc has been modified by
-	// Rob Parker <rob.parker@keycom.co.uk>. Changes made include:
-	// * now sends Framed-IP-Address (client IP)
-	// * now sends Called-Station-ID (NAS IP)
-	// * now sends Calling-Station-ID (client IP)
-
-	// This version of radius_accounting.inc has been modified by
-	// Jonathan De Graeve <jonathan@imelda.be>. Changes made include:
-	// - RFC2869 (Radius Extensions)
-	// * now sends Acct-Input-Gigawords
-	// * now sends Acct-Output-Gigawords
-	// * full implementation of nas-ip/nas_mac and called/calling-station ids
+    $Id$
+    part of m0n0wall (http://m0n0.ch/wall)
+    
+    Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+    All rights reserved.
+    
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+    
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+    
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+    
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+
+    // This version of radius_accounting.inc has been modified by
+    // Rob Parker <rob.parker@keycom.co.uk>. Changes made include:
+    // * now sends Framed-IP-Address (client IP)
+    // * now sends Called-Station-ID (NAS IP)
+    // * now sends Calling-Station-ID (client IP)
+
+    // This version of radius_accounting.inc has been modified by
+    // Jonathan De Graeve <jonathan@imelda.be>. Changes made include:
+    // - RFC2869 (Radius Extensions)
+    // * now sends Acct-Input-Gigawords
+    // * now sends Acct-Output-Gigawords
+    // * full implementation of nas-ip/nas_mac and called/calling-station ids
 
 */
 
 function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac) {
-	# $debug = 1 ;
-	global $config;
+    # $debug = 1 ;
+    global $config;
 
-	exec("/bin/hostname", $nasHostname) ;
-	if(!$nasHostname[0])
-		$nasHostname[0] = "m0n0wall" ;
+    exec("/bin/hostname", $nasHostname) ;
+    if(!$nasHostname[0])
+        $nasHostname[0] = "m0n0wall" ;
 
-	$fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
-	if(!$fd) 
-		return 1 ; /* error return */
-	
-	/* set 5 second timeout on socket i/o */
-	stream_set_timeout($fd, 5) ;
+    $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
+    if(!$fd) 
+        return 1 ; /* error return */
+    
+    /* set 5 second timeout on socket i/o */
+    stream_set_timeout($fd, 5) ;
 
-	$nas_mac = get_interface_mac($config['interfaces']['wan']['if']); // This function is defined in radius_authentication.inc
-	$nas_port = $ruleno - 10000;
-	$ip_exp=explode(".",$clientip);
-	$radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
+    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); // This function is defined in radius_authentication.inc
+    $nas_port = $ruleno - 10000;
+    $ip_exp=explode(".",$clientip);
+    $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
 
-        switch($radiusvendor) {
+    switch($radiusvendor) {
 
         case 'cisco':
         $calledstationid = $clientmac;
@@ -70,133 +70,133 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp
         break;
 
         default:
-	$calledstationid = $nas_mac;
+        $calledstationid = $nas_mac;
         $callingstationid = $clientmac;
-	}
-
-	if ($debug)
-	    echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
-
-	/* Initialise rand function, make it more random */
-	srand((double)microtime() * 1000000);
-
-	$thisidentifier=rand()%256;
-
-	$length=4+				// header
-		16+				// auth code
-		6+				// service type
-		2+strlen($username)+		// username
-		2+strlen($nasHostname[0])+			// nasIdentifier
-		6+				// nasPort
-		6+				// nasPortType
-		6+				// Acct Status Type
-		6+				// Acct RADIUS Authenticated
-		2+strlen($sessionid)+	// Acct SessionID
+    }
+
+    if ($debug)
+        echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+
+    /* Initialise rand function, make it more random */
+    srand((double)microtime() * 1000000);
+
+    $thisidentifier=rand()%256;
+
+    $length=4+                // header
+        16+                // auth code
+        6+                // service type
+        2+strlen($username)+        // username
+        2+strlen($nasHostname[0])+            // nasIdentifier
+        6+                // nasPort
+        6+                // nasPortType
+        6+                // Acct Status Type
+        6+                // Acct RADIUS Authenticated
+        2+strlen($sessionid)+    // Acct SessionID
                 2+strlen($calledstationid)+              //Called-Station-ID
                 2+strlen($callingstationid)+    //Calling-Station-ID
-		6;				// Framed-IP-Address
-
-	//          v   v   v     v   v   v     v     v     v     1   v
-	// Line #   1   2   3     4   5   6     7     8     9     0   E
-	$data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCa*CCa*CCCCCC",
-	    4,$thisidentifier,$length/256,$length%256,		// header
-	    0,0,0,0,						// authcode
-	    6,6,0,0,0,1,					// service type
-	    1,2+strlen($username),$username,			// username
-	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier
-	    5,6,0,0,0,$nas_port,					// nasPort
-	    61,6,0,0,0,15,						// nasPortType = Ethernet
-		40,6,0,0,0,1,						// Acct Status Type = Start
-		45,6,0,0,0,1,						// Acct RADIUS Authenticated
-		44,2+strlen($sessionid),$sessionid,	// Acct Session ID
+        6;                // Framed-IP-Address
+
+    //          v   v   v     v   v   v     v     v     v     1   v
+    // Line #   1   2   3     4   5   6     7     8     9     0   E
+    $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCa*CCa*CCCCCC",
+        4,$thisidentifier,$length/256,$length%256,        // header
+        0,0,0,0,                        // authcode
+        6,6,0,0,0,1,                    // service type
+        1,2+strlen($username),$username,            // username
+        32,2+strlen($nasHostname[0]),$nasHostname[0],    // nasIdentifier
+        5,6,0,0,0,$nas_port,                    // nasPort
+        61,6,0,0,0,15,                        // nasPortType = Ethernet
+        40,6,0,0,0,1,                        // Acct Status Type = Start
+        45,6,0,0,0,1,                        // Acct RADIUS Authenticated
+        44,2+strlen($sessionid),$sessionid,    // Acct Session ID
                 30,2+strlen($calledstationid),$calledstationid, //Called-Station-ID
                 31,2+strlen($callingstationid),$callingstationid,                               //Calling-Station-ID
-		8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]	//Framed-IP-Address
-	    );
-
-	/* Generate Accounting Request Authenticator */
-	$RA = md5($data.$radiuskey) ;
-
-	//          v   v v     v   v   v     v     v     v     1   v
-	// Line #   1   2 3     4   5   6     7     8     9     0   E
-	$data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCa*CCa*CCCCCC",
-	    4,$thisidentifier,$length/256,$length%256,		// header
-	    $RA,						// authcode
-	    6,6,0,0,0,1,					// service type
-	    1,2+strlen($username),$username,			// username
-	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier
-	    5,6,0,0,0,$nas_port,						// nasPort
-	    61,6,0,0,0,15,						// nasPortType = Ethernet
-		40,6,0,0,0,1,						// Acct Status Type = Start
-		45,6,0,0,0,1,						// Acct RADIUS Authenticated
-		44,2+strlen($sessionid),$sessionid,	// Acct Session ID
+        8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]    //Framed-IP-Address
+        );
+
+    /* Generate Accounting Request Authenticator */
+    $RA = md5($data.$radiuskey) ;
+
+    //          v   v v     v   v   v     v     v     v     1   v
+    // Line #   1   2 3     4   5   6     7     8     9     0   E
+    $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCa*CCa*CCCCCC",
+        4,$thisidentifier,$length/256,$length%256,        // header
+        $RA,                        // authcode
+        6,6,0,0,0,1,                    // service type
+        1,2+strlen($username),$username,            // username
+        32,2+strlen($nasHostname[0]),$nasHostname[0],    // nasIdentifier
+        5,6,0,0,0,$nas_port,                        // nasPort
+        61,6,0,0,0,15,                        // nasPortType = Ethernet
+        40,6,0,0,0,1,                        // Acct Status Type = Start
+        45,6,0,0,0,1,                        // Acct RADIUS Authenticated
+        44,2+strlen($sessionid),$sessionid,    // Acct Session ID
                 30,2+strlen($calledstationid),$calledstationid, //Called-Station-ID
                 31,2+strlen($callingstationid),$callingstationid,                               //Calling-Station-ID
-		8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]	//Framed-IP-Address
-	    );
+        8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]    //Framed-IP-Address
+        );
 
-	if($debug) {
-		echo "username is $username with len " . strlen($username) ."\n" ;
-		echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
-	}	
+    if($debug) {
+        echo "username is $username with len " . strlen($username) ."\n" ;
+        echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
+    }    
 
-	$ret = fwrite($fd,$data) ;
-	if( !$ret || ($ret != $length) ) 
-		return 1; /* error return */
+    $ret = fwrite($fd,$data) ;
+    if( !$ret || ($ret != $length) ) 
+        return 1; /* error return */
 
-	if ($debug)
-	    echo "<br>writing $length bytes<hr>\n";
+    if ($debug)
+        echo "<br>writing $length bytes<hr>\n";
 
-	$readdata = fgets($fd,2) ; /* read 1 byte */
-	$status = socket_get_status($fd) ;
-	fclose($fd) ;
+    $readdata = fgets($fd,2) ; /* read 1 byte */
+    $status = socket_get_status($fd) ;
+    fclose($fd) ;
 
-	if($status['timed_out'])
-		$retvalue = 1 ;
-	else
-		$retvalue = ord($readdata) ;
+    if($status['timed_out'])
+        $retvalue = 1 ;
+    else
+        $retvalue = ord($readdata) ;
 
-	return $retvalue ;
-	// 5 -> Accounting-Response
-	// See RFC2866 for this.
+    return $retvalue ;
+    // 5 -> Accounting-Response
+    // See RFC2866 for this.
 }
 
 function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) {
-	# $debug = 1 ;
-	global $config;
-
-	$stop_time = (empty($stop_time)) ? time() : $stop_time;
-
-	exec("/bin/hostname", $nasHostname) ;
-	if(!$nasHostname[0])
-		$nasHostname[0] = "quewall" ;
-
-	$input_pkts = $input_bytes = $input_gigawords = $output_pkts = $output_bytes = $output_gigawords = 0 ;
-
-	exec("/sbin/ipfw show {$ruleno}", $ipfw) ;	
-	preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;
-	$input_pkts = $matches[2] ;
-	$input_bytes = remainder($matches[3]) ;
-	$input_gigawords = gigawords($matches[3]) ;
-
-	unset($matches) ;
-	preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;
-	$output_pkts = $matches[2] ;
-	$output_bytes = remainder($matches[3]) ;
-	$output_gigawords = gigawords($matches[3]) ;
-
-	$fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
-	if(!$fd) 
-		return 1 ; /* error return */
-	
-	/* set 5 second timeout on socket i/o */
-	stream_set_timeout($fd, 5) ;
-
-	$nas_port = $ruleno - 10000;
-	$nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
-	$ip_exp=explode(".",$clientip);
-	$session_time = $stop_time - $start_time;
-	$radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
+    # $debug = 1 ;
+    global $config;
+
+    $stop_time = (empty($stop_time)) ? time() : $stop_time;
+
+    exec("/bin/hostname", $nasHostname) ;
+    if(!$nasHostname[0])
+        $nasHostname[0] = "quewall" ;
+
+    $input_pkts = $input_bytes = $input_gigawords = $output_pkts = $output_bytes = $output_gigawords = 0 ;
+
+    exec("/sbin/ipfw show {$ruleno}", $ipfw) ;    
+    preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;
+    $input_pkts = $matches[2] ;
+    $input_bytes = remainder($matches[3]) ;
+    $input_gigawords = gigawords($matches[3]) ;
+
+    unset($matches) ;
+    preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;
+    $output_pkts = $matches[2] ;
+    $output_bytes = remainder($matches[3]) ;
+    $output_gigawords = gigawords($matches[3]) ;
+
+    $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
+    if(!$fd) 
+        return 1 ; /* error return */
+    
+    /* set 5 second timeout on socket i/o */
+    stream_set_timeout($fd, 5) ;
+
+    $nas_port = $ruleno - 10000;
+    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
+    $ip_exp=explode(".",$clientip);
+    $session_time = $stop_time - $start_time;
+    $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
 
         switch($radiusvendor) {
 
@@ -208,138 +208,138 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
         default:
         $calledstationid = $nas_mac;
         $callingstationid = $clientmac;
-	}
-
-	if ($debug)
-	    echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
-
-	/* Initialise rand function, make it more random */
-	srand((double)microtime() * 1000000);
-
-	$thisidentifier=rand()%256;
-
-	$length=4+				// header
-		16+				// auth code
-		6+				// service type
-		2+strlen($username)+		// username
-		2+strlen($nasHostname[0])+			// nasIdentifier
-		6+				// nasPort
-		6+				// nasPortType
-		6+				// Acct Status Type
-		6+				// Acct RADIUS Authenticated
-		2+strlen($sessionid)+	// Acct SessionID
-		6+				// Acct terminate
-		6+				// Session time
-		6+				// input bytes
-		6+				// input packets
-		6+				// input gigawords
-		6+				// output bytes
-		6+				// output packets
-		6+				// output gigawords
-		2+strlen($calledstationid)+		//Called-Station-ID
-		2+strlen($callingstationid)+	//Calling-Station-ID
-		6;			//Framed-IP-Address
-
-	if ($interimupdate)
-		$acctstatustype = 3;
-	else
-		$acctstatustype = 2;
-
-	//          v   v   v     v   v   v     v     v     v     1   1  1  1  1  1  1  1  1  v
-	// Line #   1   2   3     4   5   6     7     8     9     0   1  2  3  4  5  6  7  8  E
-	$data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
-	    4,$thisidentifier,$length/256,$length%256,		// header
-	    0,0,0,0,						// authcode
-	    6,6,0,0,0,1,					// service type
-	    1,2+strlen($username),$username,			// username
-	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier
-	    5,6,0,0,0,$nas_port,					// nasPort
-	    61,6,0,0,0,15,						// nasPortType = Ethernet
-		40,6,0,0,0,$acctstatustype,			// Acct Status Type
-		45,6,0,0,0,1,						// Acct RADIUS Authenticated
-		44,2+strlen($sessionid),$sessionid,	// Acct Session ID
-		49,6,$term_cause,		// Acct Terminate
-		46,6,$session_time,			// Session Time
-		42,6,$input_bytes,	// Input Octets
-		47,6,$input_pkts,	// Input Packets
-		52,6,$input_gigawords,	// Input Gigawords
-		43,6,$output_bytes, // Output Octets
-		48,6,$output_pkts,	// Output Packets
-		53,6,$output_gigawords,	// Output Gigawords
-		30,2+strlen($calledstationid),$calledstationid,	//Called-Station-ID
-		31,2+strlen($callingstationid),$callingstationid,				//Calling-Station-ID
-		8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]	//Framed-IP-Address
-	    );
-
-	/* Generate Accounting Request Authenticator */
-	$RA = md5($data.$radiuskey) ;
-
-	//          v   v v     v   v   v     v     v     v     1   1  1  1  1  1  1  1  1  v
-	// Line #   1   2 3     4   5   6     7     8     9     0   1  2  3  4  5  6  7  8  E
-	$data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
-	    4,$thisidentifier,$length/256,$length%256,		// header
-	    $RA,						// authcode
-	    6,6,0,0,0,1,					// service type
-	    1,2+strlen($username),$username,			// username
-	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier
-	    5,6,0,0,0,$nas_port,					// nasPort
-	    61,6,0,0,0,15,						// nasPortType = Ethernet
-		40,6,0,0,0,$acctstatustype,			// Acct Status Type
-		45,6,0,0,0,1,						// Acct RADIUS Authenticated
-		44,2+strlen($sessionid),$sessionid,	// Acct Session ID
-		49,6,$term_cause,		// Acct Terminate
-		46,6,$session_time,			// Session Time
-		42,6,$input_bytes,	// Input Octets
-		47,6,$input_pkts,	// Input Packets
-		52,6,$input_gigawords,	// Input Gigawords
-		43,6,$output_bytes, // Output Octets
-		48,6,$output_pkts,	// Output Packets
-		53,6,$output_gigawords,	// Output Gigawords
-		30,2+strlen($calledstationid),$calledstationid,	//Called-Station-ID
-		31,2+strlen($callingstationid),$callingstationid,				//Calling-Station-ID
-		8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]	//Framed-IP-Address
-	    );
-
-	if($debug) {
-		echo "username is $username with len " . strlen($username) ."\n" ;
-		echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
-	}	
-
-	$ret = fwrite($fd,$data) ;
-	if( !$ret || ($ret != $length) ) 
-		return 1; /* error return */
-
-	if ($debug)
-	    echo "<br>writing $length bytes<hr>\n";
-
-	$readdata = fgets($fd,2) ; /* read 1 byte */
-	$status = socket_get_status($fd) ;
-	fclose($fd) ;
-
-	if($status['timed_out'])
-		$retvalue = 1 ;
-	else
-		$retvalue = ord($readdata) ;
-
-	return $retvalue ;
-	// 5 -> Accounting-Response
-	// See RFC2866 for this.
+    }
+
+    if ($debug)
+        echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+
+    /* Initialise rand function, make it more random */
+    srand((double)microtime() * 1000000);
+
+    $thisidentifier=rand()%256;
+
+    $length=4+                // header
+        16+                // auth code
+        6+                // service type
+        2+strlen($username)+        // username
+        2+strlen($nasHostname[0])+            // nasIdentifier
+        6+                // nasPort
+        6+                // nasPortType
+        6+                // Acct Status Type
+        6+                // Acct RADIUS Authenticated
+        2+strlen($sessionid)+    // Acct SessionID
+        6+                // Acct terminate
+        6+                // Session time
+        6+                // input bytes
+        6+                // input packets
+        6+                // input gigawords
+        6+                // output bytes
+        6+                // output packets
+        6+                // output gigawords
+        2+strlen($calledstationid)+        //Called-Station-ID
+        2+strlen($callingstationid)+    //Calling-Station-ID
+        6;            //Framed-IP-Address
+
+    if ($interimupdate)
+        $acctstatustype = 3;
+    else
+        $acctstatustype = 2;
+
+    //          v   v   v     v   v   v     v     v     v     1   1  1  1  1  1  1  1  1  v
+    // Line #   1   2   3     4   5   6     7     8     9     0   1  2  3  4  5  6  7  8  E
+    $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
+        4,$thisidentifier,$length/256,$length%256,        // header
+        0,0,0,0,                        // authcode
+        6,6,0,0,0,1,                    // service type
+        1,2+strlen($username),$username,            // username
+        32,2+strlen($nasHostname[0]),$nasHostname[0],    // nasIdentifier
+        5,6,0,0,0,$nas_port,                    // nasPort
+        61,6,0,0,0,15,                        // nasPortType = Ethernet
+        40,6,0,0,0,$acctstatustype,            // Acct Status Type
+        45,6,0,0,0,1,                        // Acct RADIUS Authenticated
+        44,2+strlen($sessionid),$sessionid,    // Acct Session ID
+        49,6,$term_cause,        // Acct Terminate
+        46,6,$session_time,            // Session Time
+        42,6,$input_bytes,    // Input Octets
+        47,6,$input_pkts,    // Input Packets
+        52,6,$input_gigawords,    // Input Gigawords
+        43,6,$output_bytes, // Output Octets
+        48,6,$output_pkts,    // Output Packets
+        53,6,$output_gigawords,    // Output Gigawords
+        30,2+strlen($calledstationid),$calledstationid,    //Called-Station-ID
+        31,2+strlen($callingstationid),$callingstationid,                //Calling-Station-ID
+        8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]    //Framed-IP-Address
+        );
+
+    /* Generate Accounting Request Authenticator */
+    $RA = md5($data.$radiuskey) ;
+
+    //          v   v v     v   v   v     v     v     v     1   1  1  1  1  1  1  1  1  v
+    // Line #   1   2 3     4   5   6     7     8     9     0   1  2  3  4  5  6  7  8  E
+    $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
+        4,$thisidentifier,$length/256,$length%256,        // header
+        $RA,                        // authcode
+        6,6,0,0,0,1,                    // service type
+        1,2+strlen($username),$username,            // username
+        32,2+strlen($nasHostname[0]),$nasHostname[0],    // nasIdentifier
+        5,6,0,0,0,$nas_port,                    // nasPort
+        61,6,0,0,0,15,                        // nasPortType = Ethernet
+        40,6,0,0,0,$acctstatustype,            // Acct Status Type
+        45,6,0,0,0,1,                        // Acct RADIUS Authenticated
+        44,2+strlen($sessionid),$sessionid,    // Acct Session ID
+        49,6,$term_cause,        // Acct Terminate
+        46,6,$session_time,            // Session Time
+        42,6,$input_bytes,    // Input Octets
+        47,6,$input_pkts,    // Input Packets
+        52,6,$input_gigawords,    // Input Gigawords
+        43,6,$output_bytes, // Output Octets
+        48,6,$output_pkts,    // Output Packets
+        53,6,$output_gigawords,    // Output Gigawords
+        30,2+strlen($calledstationid),$calledstationid,    //Called-Station-ID
+        31,2+strlen($callingstationid),$callingstationid,                //Calling-Station-ID
+        8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3]    //Framed-IP-Address
+        );
+
+    if($debug) {
+        echo "username is $username with len " . strlen($username) ."\n" ;
+        echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
+    }    
+
+    $ret = fwrite($fd,$data) ;
+    if( !$ret || ($ret != $length) ) 
+        return 1; /* error return */
+
+    if ($debug)
+        echo "<br>writing $length bytes<hr>\n";
+
+    $readdata = fgets($fd,2) ; /* read 1 byte */
+    $status = socket_get_status($fd) ;
+    fclose($fd) ;
+
+    if($status['timed_out'])
+        $retvalue = 1 ;
+    else
+        $retvalue = ord($readdata) ;
+
+    return $retvalue ;
+    // 5 -> Accounting-Response
+    // See RFC2866 for this.
 }
 
 function gigawords($bytes) {
 
-	/* We use BCMath functions since normal integers don't work with so large numbers */
-	$gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ;
+    /* We use BCMath functions since normal integers don't work with so large numbers */
+    $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ;
 
-	return $gigawords;
+    return $gigawords;
 }
 
 function remainder($bytes) {
 
-	/* Calculate the bytes we are going to send to the radius. */
-	$bytes = bcmod($bytes, 2147483647);
+    /* Calculate the bytes we are going to send to the radius. */
+    $bytes = bcmod($bytes, 2147483647);
 
-	return $bytes;
+    return $bytes;
 }
 
 
diff --git a/captiveportal/radius_accounting_v2.inc b/captiveportal/radius_accounting_v2.inc
index 5ab4422..c663ada 100644
--- a/captiveportal/radius_accounting_v2.inc
+++ b/captiveportal/radius_accounting_v2.inc
@@ -43,33 +43,71 @@ any other GPL-like (LGPL, GPL2) License.
     * Sending of Called-Station-ID (NAS IP)
     * Sending of Calling-Station-ID (client IP)
     * RADIUS Extensions (RFC2869) => Acct-(Input|Output)-Gigawords
-    * TODO implementation of different Acct-Terminate-Cause (Disconnect reason) (should be changed in index.php)
 
 */
 
-/* 
+/*
 RADIUS ACCOUNTING START 
 -----------------------
 */
 
-function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip) {
-    global $debug;
+function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac) {
+
+    global $config;
+
+    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); // This function is defined in radius_authentication.inc
+    $nas_port = $ruleno - 10000;
+    $ip_exp=explode(".",$clientip);
+    $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
+
+    switch($radiusvendor) {
 
+        case 'cisco':
+        $calledstationid = $clientmac;
+        $callingstationid = $clientip;
+        break;
+
+        default:
+        $calledstationid = $nas_mac;
+        $callingstationid = $clientmac;
+    }
+
+    if ($debug)
+        echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+
+// Create our instance
 $racct = new Auth_RADIUS_Acct_Start;
-$racct->addServer($radiusip, $radiusport, $radiuskey);
+
 /* Different Authentication options
+ *
+ * Its possible todo other authentication methods but still do radius accounting
+
  RADIUS_AUTH_RADIUS => authenticated via Radius
  RADIUS_AUTH_LOCAL => authenicated local
  RADIUS_AUTH_REMOTE => authenticated remote
-*/
+
+ */
 
 $racct->authentic = RADIUS_AUTH_RADIUS;
+
+// Construct data package
+$racct->addServer($radiusip, $radiusport, $radiuskey);
 $racct->username = $username;
-$status = $racct->start();
-if(PEAR::isError($status)) {
+
+if (PEAR::isError($racct->start())) {
+    $retvalue['acct_val'] = 1;
+    $retvalue['error'] = $rauth->getMessage();
     if ($debug)
-    printf("Radius start: %s<br>\n", $status->getMessage());
-    exit;
+        printf("Radius start: %s<br>\n", $retvalue['error']);
+
+    /* Old code:
+     $status = $racct->start();
+     if(PEAR::isError($status)) {
+         if ($debug)
+             printf("Radius start: %s<br>\n", $status->getMessage());
+             exit;
+     }
+     */
 }
 
 /*
@@ -83,24 +121,30 @@ $racct->putAttribute(RADIUS_NAS_PORT, 0);
 $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
 $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); 
 $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip); 
-$result = $racct->send();
-if (PEAR::isError($result)) {
-    $retvalue = 1;   
-if ($debug)
-    printf("Radius send failed: %s<br>\n", $result->getMessage());
-} else if ($result === true) {
-    $retvalue = 5 ;
-    if ($debug)
-    printf("Radius Accounting succeeded<br>\n") ;
-} else {
-    $retvalue = 1 ;
-    if ($debug)
-    printf("Radius Accounting rejected<br>\n") ;
-}
-
-$racct->close();
-
-return $retvalue ;
+    // Send request
+
+    $result = $racct->send();
+    if (PEAR::isError($result)) {
+        $retvalue['acct_val'] = 1;
+        $retvalue['error'] = $result->getMessage();
+        if ($debug)
+            printf("Radius send failed: %s<br>\n", $retvalue['error']);
+    } else if ($result === true) {
+        $retvalue['acct_val'] = 5 ;
+        if ($debug)
+            printf("Radius Accounting succeeded<br>\n");
+    } else {
+        $retvalue['acct_val'] = 1 ;
+        if ($debug)
+            printf("Radius Accounting rejected<br>\n");
+    }
+
+    // close OO RADIUS_ACCOUNTING
+    $racct->close();
+
+    return $retvalue ;
+    // 5 -> Accounting-Response
+    // See RFC2866 for this.
 
 }
 
@@ -109,34 +153,13 @@ RADIUS ACCOUNTING STOP/UPDATE
 -----------------------------
 */
 
-p
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false,$radius_term_cause = "RADIUS_TERM_IDLE_TIMEOUT") {
-    global $debug;
-
-    exec("/bin/hostname", $nasHostname) ;
-    if(!$nasHostname[0])
-            $nasHostname[0] = "quewall" ;
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) {
+    global $config;
 
-    $input_pkts = $input_bytes = $input_gigawords = $output_pkts = $output_bytes = $output_gigawords = 0 ;
+    $stop_time = (empty($stop_time)) ? time() : $stop_time;
 
-    exec("/sbin/ipfw show {$ruleno}", $ipfw) ;
-    preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;
-    $input_pkts = $matches[2] ;
-    $input_bytes = remainder($matches[3]); 
-    $input_gigawords = gigawords($matches[3]);
-
-    unset($matches) ;
-    preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;
-    $output_pkts = $matches[2] ;
-    $output_bytes = remainder($matches[3]);
-    $output_gigawords = gigawords($matches[3]);
-
-
-    $nas_ip = get_current_wan_address();
-    $nas_ip_exp = explode(".",$nas_ip);
     $nas_port = $ruleno - 10000;
     $nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
-    $ip_exp=explode(".",$clientip);
     $session_time = $stop_time - $start_time;
     $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null
 
@@ -148,24 +171,40 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
     if ($interimupdate)
         $racct = new_Auth_RADIUS_Acct_Update;
     else
-        $racct = new_Auth_RADIUS_Acct_Stop; 
+        $racct = new_Auth_RADIUS_Acct_Stop;
+
+/*
+ * Currently disabled
+Add support for more then one radiusserver. 
+At most 10 servers may be specified. 
+When multiple servers are given, they are tried in round-robin fashion until a valid response is received 
+
+foreach ($radiusservers as $radsrv) {
+
+    // Add a new server to our instance
+    $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
+
+}
+*/
+
+$racct->authentic = RADIUS_AUTH_RADIUS;
 
 // Construct data package
 $racct->addServer($radiusip, $radiusport, $radiuskey);
 $racct->username = $username;
 
-
-$status = $racct->start();
-if(PEAR::isError($status)) {
+if (PEAR::isError($racct->start())) {
+    $retvalue['acct_val'] = 1;
+    $retvalue['error'] = $rauth->getMessage();
     if ($debug)
-    printf("Radius start: %s<br>\n", $status->getMessage());
-    exit;
+        printf("Radius start: %s<br>\n", $retvalue['error']);
 }
+
 // you can put any additional attributes here
 //$racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
 
-// Do the accounting style as configured in GUI
-	switch($radiusvendor) {
+    // Do the accounting style as configured in GUI
+    switch($radiusvendor) {
 
         case 'cisco':
         $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $clientmac);
@@ -175,10 +214,10 @@ if(PEAR::isError($status)) {
         default:
         $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $nas_mac);
         $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientmac);
-	}
+    }
 
-	// Default attributes
-	$rauth->putAttribute(RADIUS_NAS_PORT, $nas_port)
+    // Default attributes
+    $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port)
 
 $session_time = $stop_time - $start_time;
 // We have 2 ways to set the session-time, we will see which one to use in a later version
@@ -197,29 +236,34 @@ $racct->putAttribute(RADIUS_ACCT_INPUT_GIGAWORDS, $input_gigawords);
 $racct->putAttribute(RADIUS_ACCT_OUTPUT_PACKETS, $output_pkts);
 $racct->putAttribute(RADIUS_ACCT_OUTPUT_OCTETS, $output_bytes);
 $racct->putAttribute(RADIUS_ACCT_OUTPUT_GIGAWORDS, $output_gigawords);
+
 if (!$interimupdate)
 $racct->putAttribute(RADIUS_ACCT_TERMINATE_CAUSE, $radius_term_cause);
 
-$result = $racct->send();
-if (PEAR::isError($result)) {
-    $retvalue = 1;
-    if ($debug)
-    printf("Radius send failed: %s<br>\n", $result->getMessage());
-} else if ($result === true) {
-    $retvalue = 5 ;
-    if ($debug)
-    printf("Radius Accounting succeeded<br>\n");
-} else {
-    $retvalue = 1 ;
-    if ($debug)
-    printf("Radius Accounting rejected<br>\n");
-}
-
-$racct->close();
-
-return $retvalue ;
-// 5 -> Accounting-Response
-// See RFC2866 for this.
+    // Send request
+
+    $result = $racct->send();
+    if (PEAR::isError($result)) {
+        $retvalue['acct_val'] = 1;
+        $retvalue['error'] = $result->getMessage();
+        if ($debug)
+            printf("Radius send failed: %s<br>\n", $retvalue['error']);
+    } else if ($result === true) {
+        $retvalue['acct_val'] = 5 ;
+        if ($debug)
+            printf("Radius Accounting succeeded<br>\n");
+    } else {
+        $retvalue['acct_val'] = 1 ;
+        if ($debug)
+            printf("Radius Accounting rejected<br>\n");
+    }
+
+    // close OO RADIUS_ACCOUNTING
+    $racct->close();
+
+    return $retvalue ;
+    // 5 -> Accounting-Response
+    // See RFC2866 for this.
 
 }
 
@@ -230,20 +274,65 @@ function get_nas_ip() {
         return $config['interfaces']['wan']['ipaddr'];   
 }
 
+/**
+ * This function will calculate the traffic produced by a host
+ * based on its firewall rule
+ *
+ * Will be moved to in captiveportal.inc
+ * so that we can implement user volume limits
+ *
+ * Point of view: Client
+ *
+ */
+
+function volumeCalculation($ruleno) {
+
+    $volume = array();
+
+    /* Ingress */
+    exec("/sbin/ipfw show {$ruleno}", $ipfw);
+    preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches);
+    $volume['input_pkts'] = $matches[2];
+    $volume['input_bytes'] = $matches[3];
+    /* These functions will be moved to the accounting part
+    $volume['input_bytes_radius'] = remainder($matches[3]);
+    $volume['input_gigawords'] = gigawords($matches[3]);
+    */
+
+    /* Flush internal buffer */
+    unset($matches);
+
+    /* Outgress */
+    preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches);
+    $volume['output_pkts'] = $matches[2];
+    $volume['output_bytes'] = $matches[3];
+    /* These functions will be moved to the accounting part
+    $volume['output_bytes_radius'] = remainder($matches[3]);
+    $volume['output_gigawords'] = gigawords($matches[3]);
+    */
+
+    return $volume;
+}
+
+/**
+ * Radius Volume Helpers
+ *
+ */
+
 function gigawords($bytes) {
-        /* We use BCMath functions since normal integers don't work */
-        $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 4294967295);
-    
-        return $gigawords;
+
+    /* We use BCMath functions since normal integers don't work with so large numbers */
+    $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ;
+
+    return $gigawords;
 }
 
 function remainder($bytes) {
-        /* Calculate the remainder */
-        $bytes = bcmod($bytes, 4294967295);
 
-        return $bytes;
-}
+    /* Calculate the bytes we are going to send to the radius. */
+    $bytes = bcmod($bytes, 2147483647);
 
-        
+    return $bytes;
+}
 
 ?>
diff --git a/captiveportal/radius_authentication.inc b/captiveportal/radius_authentication.inc
index 204a9d1..a732bbb 100644
--- a/captiveportal/radius_authentication.inc
+++ b/captiveportal/radius_authentication.inc
@@ -51,14 +51,14 @@ RADIUS AUTHENTICATION
 */
 
 function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) {
-	global $config;
+    global $config;
 
-	/* Initialisation of variables - Constructor */
-	$retvalue = array();
-	$retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null;
-	$nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
-	$nas_port = $ruleno - 10000;
-	$radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
+    /* Initialisation of variables - Constructor */
+    $retvalue = array();
+    $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null;
+    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
+    $nas_port = $ruleno - 10000;
+    $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
 
     exec("/bin/hostname", $nasHostname) ;
     if(!$nasHostname[0])
@@ -74,9 +74,9 @@ When multiple servers are given, they are tried in round-robin fashion until a v
 
 foreach ($radiusservers as $radsrv) {
 
-	// Add a new server to our instance
-	$rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
-	
+    // Add a new server to our instance
+    $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
+    
 }
 
 $rauth->username = $username;
@@ -87,20 +87,20 @@ if (!$rauth->start()) {
     $retvalue['auth_val'] = 1;
     $retvalue['error'] = $rauth->getError(); 
     if ($debug)
-    printf("Radius start: %s<br>\n", $retvalue['error']);
+        printf("Radius start: %s<br>\n", $retvalue['error']);
 }
 else {
 
-	// 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius
-	// 2 -> Access-Accept
-	// 3 -> Access-Reject
-	// See RFC2865 for this.
+    // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius
+    // 2 -> Access-Accept
+    // 3 -> Access-Reject
+    // See RFC2865 for this.
 
-	/*
-	 * We put our attributes in here
-	 */
+    /*
+     * We put our attributes in here
+     */
 
-	switch($radiusvendor) {
+    switch($radiusvendor) {
 
         case 'cisco':
         $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $clientmac);
@@ -110,49 +110,49 @@ else {
         default:
         $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $nas_mac);
         $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientmac);
-	}
-
-	// Default attributes
-	$rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);
-
-	// Send request
-
-	$result = $rauth->send();
-	if (PEAR::isError($result)) {
-	    $retvalue['auth_val'] = 1;
-	    $retvalue['error'] = $result->getMessage();
-	    if ($debug)
-	    printf("Radius send failed: %s<br>\n", $retvalue['error']);
-	} else if ($result === true) {
-	    $retvalue['auth_val'] = 2;
-	    if ($debug)
-	    printf("Radius Auth succeeded<br>\n");
-	} else {
-	    $retvalue['auth_val'] = 3;
-	    if ($debug)
-	    printf("Radius Auth rejected<br>\n");
-	}
-
-	// Get attributes, even if auth failed.
-	// We will push the results in the retvalue array
-	if (!$rauth->getAttributes()) {
-	    $retvalue['error'] = $rauth->getError();
-	    if ($debug)
-	    printf("Radius getAttributes: No attributes<br>\n", $retvalue['error']);
-	} else {
-	    $retvalue = array_merge($retvalue,$rauth->listAttributes());
-	    if ($debug) {
-	        if (!$rauth->listAttributes())
-	            printf("No Attributes<br>\n");
-	        else
-	        print_r($rauth->listAttributes());
-	    }
-	    // We convert the session_terminate_time to unixtimestamp if its set before returning the whole array to our caller
-	    if (!empty($retvalue['session_terminate_time'])) {
-		$stt = &$retvalue['session_terminate_time'];
-		$stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt)));
- 	    }
-	}
+    }
+
+    // Default attributes
+    $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);
+
+    // Send request
+
+    $result = $rauth->send();
+    if (PEAR::isError($result)) {
+        $retvalue['auth_val'] = 1;
+        $retvalue['error'] = $result->getMessage();
+        if ($debug)
+            printf("Radius send failed: %s<br>\n", $retvalue['error']);
+    } else if ($result === true) {
+        $retvalue['auth_val'] = 2;
+        if ($debug)
+            printf("Radius Auth succeeded<br>\n");
+    } else {
+        $retvalue['auth_val'] = 3;
+        if ($debug)
+            printf("Radius Auth rejected<br>\n");
+    }
+
+    // Get attributes, even if auth failed.
+    // We will push the results in the retvalue array
+    if (!$rauth->getAttributes()) {
+        $retvalue['error'] = $rauth->getError();
+        if ($debug)
+            printf("Radius getAttributes: No attributes<br>\n", $retvalue['error']);
+    } else {
+        $retvalue = array_merge($retvalue,$rauth->listAttributes());
+        if ($debug) {
+            if (!$rauth->listAttributes())
+                printf("No Attributes<br>\n");
+            else
+            print_r($rauth->listAttributes());
+        }
+        // We convert the session_terminate_time to unixtimestamp if its set before returning the whole array to our caller
+        if (!empty($retvalue['session_terminate_time'])) {
+        $stt = &$retvalue['session_terminate_time'];
+        $stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt)));
+         }
+    }
      }
 
      // close OO RADIUS_AUTHENTICATION