Authenticating PHP against RADIUS

From FreeAuth Wiki

[edit] Authenticating PHP against RADIUS

It is fairly easy to setup PHP to authenticate against RADIUS, you will however need a copy of php that supports sockets, enabling that if you need it is beyond the scope of this document.

[edit] Getting some code

You will need to grab this file which actually does the communication with the RADIUS server. You may need to alter the top of the file for your RADIUS settings.

[edit] Example code

Below is an example login page that includes the above file.

<?
	//set $errmsg to empty string to avoid possible forcing on some systems
	//allowing markup to be sent to user-agent
	$errmsg = 'Login FAILED';

	if(isset($_POST['process']) && $_POST['process'] != )
	{
		//only bother requiring file (same directory) if there's work to do
		require('radauth.php');
		$user = trim(strip_tags($_POST['username']));
		$pass = trim(strip_tags($_POST['password']));
		// 2 -> Access-Accept
		// 3 -> Access-Reject
		if(($retval = RADIUS_AUTHENTICATION($user,$pass)) == 2)
			$errmsg = 'Login OK';
	}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?
	if($errmsg != )
		echo '<p>'.$errmsg.'</p>';

	//escape html and other potential XSS, this isn't done above as 
	//$_POST vars are passed straight to the RADIUS_AUTHENTICATION()
	$username = htmlentities(trim(strip_tags($_REQUEST['username'])));
	//don't echo password, this could be cached, or grabbed using javascript
?>
<form method="post" action="<?=$PHP_SELF?>" ACCEPTCHARSET="utf-8">
Username: <input type="text" name="username" value="<?=$username?>">

Password: <input type="text" name="password">

<input type="submit" name="process" value="Submit">
</form>
</body>
</html>