Talk:Using iptables and PHP to create a captive portal

What command should I use to force a mac address to be redirected to the login page once they've signed up ? for example; I'd like people to re-sign up after 24h.

You just need to remove the rule from iptables using the -D switch. For example:

iptables -D internet -t nat -m mac --mac-source 12:34:56:78:90:ab -j RETURN

If you want to do that from apache/PHP you will need to add that to the sudo rules.

You'll also need to remove the MAC address from any file or database it's stored in.

Retaining the user's destination URL

For those wondering how to fully grab the original destination the user was going for you just need to drop a couple things in your Apache config and pull different variables when they first hit index.php (Or whatever the signup page is.)

These go in your main Apache config (Not any folder directive):

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_HOST} !^server1 [NC]
RewriteRule . http://server1/getinternet/index.php/%{HTTP_HOST}%{REQUEST_URI}?%{QUERY_STRING} [L,R]

The "server1" there is your local server, and "getinternet" is the folder where the files are for signing up (That way you can put other stuff on the server, like say an Intranet page). Don't forget to have enabled the Rewrite engine in Apache before dropping these lines in.

Then, in index.php you'd put this little block:

if ($_GET['dest'])
{
	$_SESSION['dest']=$_GET['dest'];
}
elseif ($_SERVER['PATH_INFO'] && $_SERVER['QUERY_STRING'])
{
	$_SESSION['dest']=$_SERVER['PATH_INFO']."?".$_SERVER['QUERY_STRING'];
}
else
{
	unset($_SESSION['dest']);
}

When it comes out the bottom, you get $_SESSION['dest'] populated with their original destination, be it passed from $_GET or from that Rewrite rule. And, if they didn't pass a destination, it's unset so you can just dump them to a "Hey! You're in!" page or something of the like.