Adding User to Userman via PHP

RouterOS Scripting
1

Hi
I’m currently using User Manager for AAA in MikroTIK RouterOS v6 right now. My organization will have about 300+ existing user and all stored in a MySQL Database. It would be difficult to add it one by one. My plan is to add the users using PHP script. Is there anyway to add Userman user using PHP API?
Thank You

2

Sure. There are at least 3 ways (as in “PHP clients”) in fact. I’d reccomend the one from my signature, for obvious reasons.

Assuming you have a DB table called “users” with “username” and “password” columns (where the password is NOT hashed), you can do it like:

<?php
use PEAR2\Net\RouterOS;

require_once 'PEAR2_Net_RouterOS-1.0.0b3.phar';

$client = new RouterOS\Client('192.168.0.1', 'admin', 'password');
$mysqli = new mysqli('localhost', 'root', '', 'db');

$addRequest = new RouterOS\Request('/tool user-manager user add');

$users = $mysqli->query('SELECT `username`, `password` FROM `users`');

while ($user = $users->fetch_object()) {
    $addRequest
        ->setArgument('name', $user->username)
        ->setArgument('password', $user->password);
    $client($addRequest);
}

If the passwords in your DB are hashed (as they should’ve been BTW), you’ll have to either ask users to reenter their password (which you can do transparently at your current login form, after warning them they have to login at least once within a certain time window before their account becomes invalid), which you can then enter in the router OR you could generate a random password that you somehow then give to each user, and let them change it once they are logged in.

3

Great! Looking forward to try that one.
Thanks for your reply. It helps so much

4

Thanks! I will try that soon.

5

Besides username and password, any other arguments? For example, is there argument to define which group the user belongs to?

Thank You

6

I’m not really sure, as I’m not using the user-manager myself.

You can open up a terminal window, then type “/tool user-manager user add ?” to see what each user can have. In general, you can hit “?” from a terminal window to see possiblities from your current point onwards.

AFAIK, each user can be associated with a “customer”, and one customer can have many users… the idea being that the “customer” relates to “who’s paying” while the “user” relates to “who’s logging in” (e.g. one person paying for two user names).

7

Ok, thank you for your information

8

By the way, which password should be used, WebFig or Userman?

9

You mean for login to the API?

The RouterOS login passwords… you know, those at the “/user” menu. I believe they’re shared by WebFig.

10

It does not work, maybe the command is wrong?
Thank you

11

Does the part up to

<?php
use PEAR2\Net\RouterOS;

require_once 'PEAR2_Net_RouterOS-1.0.0b3.phar';

$client = new RouterOS\Client('192.168.0.1', 'admin', 'password');

work? Are there any error messages in PHP, or is it working fine, but without the effect?

If you’re not sure, add some “try{} catch{}”, e.g.

<?php
use PEAR2\Net\RouterOS;

require_once 'PEAR2_Net_RouterOS-1.0.0b3.phar';

try {
    $client = new RouterOS\Client('192.168.0.1', 'admin', 'password');
    $mysqli = new mysqli('localhost', 'root', '', 'db');

    $addRequest = new RouterOS\Request('/tool user-manager user add');

    $users = $mysqli->query('SELECT `username`, `password` FROM `users`');

    while ($user = $users->fetch_object()) {
        $addRequest
            ->setArgument('name', $user->username)
            ->setArgument('password', $user->password);
        $client($addRequest);
    }
} catch (RouterOS\SocketException $e) {
    echo 'Connection to RouterOS failed... ' . $e;
} catch (RouterOS\DataFlowException $e) {
    echo $e->getMessage();//Wrong username or password; probably
} catch (Exception $e) {
    echo 'Unknown exception... ' . $e; //Connection fail to MySQL; probably
}



EDIT: Wait… I had installed user-manager since my last reply, and now I can see that to add a user, you MUST associate it with a customer, so THAT is the problem.

12

It worked fine, thank you. Apparently the Userman console didn’t directly refreshes its users list.

13

Hi,
I wish to create user accounts in Mikrotik user manager using a PHP API, I followed your above instruction, applied the code snipet provided above and got a load of error. kindly look at this and advise me.


Connection to RouterOS failed... exception 'PEAR2\Net\Transmitter\SocketException' with message 'Failed to connect with socket.' in phar://C:/xampp/htdocs/switchonwifi/PEAR2_Net_RouterOS-1.0.0b4.phar/PEAR2_Net_RouterOS-1.0.0b4/src/PEAR2/Net/Transmitter/TcpClient.php:199 Stack trace: #0 phar://C:/xampp/htdocs/switchonwifi/PEAR2_Net_RouterOS-1.0.0b4.phar/PEAR2_Net_RouterOS-1.0.0b4/src/PEAR2/Net/Transmitter/TcpClient.php(160): PEAR2\Net\Transmitter\TcpClient->createException('Failed to conne...', 8) #1 phar://C:/xampp/htdocs/switchonwifi/PEAR2_Net_RouterOS-1.0.0b4.phar/PEAR2_Net_RouterOS-1.0.0b4/src/PEAR2/Net/RouterOS/Communicator.php(149): PEAR2\Net\Transmitter\TcpClient->__construct('192.168.88.1', 8728, false, NULL, 'admin/eketapwd', '', NULL) #2 phar://C:/xampp/htdocs/switchonwifi/PEAR2_Net_RouterOS-1.0.0b4.phar/PEAR2_Net_RouterOS-1.0.0b4/src/PEAR2/Net/RouterOS/Client.php(142): PEAR2\Net\RouterOS\Communicator->__construct('192.168.88.1', 8728, false, NULL, 'admin/eketapwdpwd', '', NULL) #3 C:\xampp\htdocs\switchonwifi\library\common.php(172): PEAR2\Net\RouterOS\Client->__construct('192.168.88.1', 'admin', 'eketapwd') #4 C:\xampp\htdocs\switchonwifi\library\common.php(136): common->addtoMikrotik('08010310', '123') #5 C:\xampp\htdocs\switchonwifi\library\common.php(69): common->createAccount(0) #6 C:\xampp\htdocs\switchonwifi\library\common.php(56): common->getModule('22af645d1859cb5...') #7 C:\xampp\htdocs\switchonwifi\index.php(15): common->getPages('p') #8 {main} Next exception 'PEAR2\Net\RouterOS\SocketException' with message 'Error connecting to RouterOS' in phar://C:/xampp/htdocs/switchonwifi/PEAR2_Net_RouterOhtS-1.0.0b4.phar/PEAR2_Net_RouterOS-1.0.0b4/src/PEAR2/Net/RouterOS/Communicator.php:151 Stack trace: #0 phar://C:/xampp/htdocs/switchonwifi/PEAR2_Net_RouterOS-1.0.0b4.phar/PEAR2_Net_RouterOS-1.0.0b4/src/PEAR2/Net/RouterOS/Client.php(142): PEAR2\Net\RouterOS\Communicator->__construct('192.168.88.1', 8728, false, NULL, 'admin/eketapwd', '', NULL) #1 C:\xampp\htdocs\switchonwifi\library\common.php(172): PEAR2\Net\RouterOS\Client->__construct('192.168.88.1', 'admin', 'eketapwd') #2 C:\xampp\htdocs\switchonwifi\library\common.php(136): common->addtoMikrotik('08010310', '123') #3 C:\xampp\htdocs\switchonwifi\library\common.php(69): common->createAccount(0) #4 C:\xampp\htdocs\switchonwifi\library\common.php(56): common->getModule('22af645d1859cb5...') #5 C:\xampp\htdocs\switchonwifi\index.php(15): common->getPages('p') #6 {main}

I truly need to get this right.

Thanks alot.

14

Check your firewall settings. It must allow php-cgi.exe and/or Apache’s “httpd.exe” to make outgoing connections.

15

I think my firewall settings are ok and should allow this action, but what specific settings do you think I should put in place?

16

Like I said, whitelist php-cgi.exe and httpd.exe to make outgoing connections to any ip/port they want. That’s the setting(s) you need to make. Here’s how.

Alternatively, to make sure it’s not a firewall issue, consider temporarily turning off your firewall altogether. If you have an Antivirus that includes a firewall, turn that off too.

If it’s not a firewall issue, the next thing to check is that you have enabled the API service in RouterOS (under “/ip service”).

17

I have enable API, and the errors have stop. But, I just can not find the users I created in the User list of Mikrotik Usermanager.

18

As I noted in my last post before you showed up,

EDIT: Wait… I had installed user-manager since my last reply, and now I can see that to add a user, you MUST associate it with a customer, so THAT is the problem.

So… add a customer first, and include its ID into a “customer” argument.

The code above was written with version b3 of my client in mind. In b4, you can also do it as:

<?php
use PEAR2\Net\RouterOS;

require_once 'PEAR2_Net_RouterOS-1.0.0b4.phar';

$util = new RouterOS\Util($client = new RouterOS\Client('192.168.88.1', 'admin', 'password'));

$util->changeMenu('/tool user-manager customer');
$customerId = $util->add(array('login' => 'customer1'));

$util->changeMenu('.. user');
$util->add(array('customer' => $customerId, 'name' => 'username1'));
19

Thanks for the update, but I tried it using standard parameters but it didnt register a user. the code is below:

 $tdata=800*(1024*1024);
            $upl=800*(1024*1024);
           $util = new RouterOS\Util($client = new RouterOS\Client('xxx.xxx.xx.xxx', 'xxxx', 'xxxx'));
           $util->changeMenu('/tool user-manager customer');
            $customerId = $util->add(array('login' => 'customer1'));

            $util->changeMenu('.. user');
            $util->add(array('customer' => $customerId, 'name' =>$usr, 'password'=>$pwd, 
                        'limit-bytes-out'=>$tdata,'limit-bytes-in'=>$tdata, 
                        'limit-bytes-total'=>$tdata,'limit-uptime'=> '2w'
                ));

All I want to do is create users, assign them to a Profile, or directly set their time and data limits.
Looking forward to your assistance. Thanks

20

User-manager is not the same as hotspot.

Looking at the help of the “add” command, I don’t see it having any of those “limit-*” arguments.

Check out valid values from terminal by typing “?” after the command, e.g.
/tool user-manager user add ?As for how do you set such limits when using user-manager in general… I don’t know.