Hotspot and external server login

RouterOS General
1

Im having some trouble sending the login information back to the MT hotspot device. I got all the redirecting done to my external server. In the form part of the html i tried :

action=“http://hotspotrouter/login

That only redirected my back to the external page so then i decided to tried to implement my own automatic login page using code from the original login.html on the MT device. For some reason my values aren’t being translated right by the MT. Just to test this, in the form of my automatic login page, i used :

and i get a textbox with the word ‘$(username)’ in it. I’ve also tried variations like <?=$_POST['username']?>, $username, %username%…i am not very experienced in html, so im not sure what is wrong. Does mikrotik use different syntax to retrieve posted values?

Oh, btw, i read the manual with the redirect to external and back to login. I get the same thing where is sends me back tot he external server.

Thanks guys.

-Jonathan

2

Not sure what’s happening, you need to make sure it all happens between the client and the NAS. Here’s what I use, which is very similar to what’s in the manual:

Server IP: 2.2.2.2
NAS IP (client facing/hotspot): 1.1.1.1

On the MTRouter:

<html>
<title>...</title>
<body>
<form name="redirect" action="https://2.2.2.2/login.cgi" method="post">
<input type="hidden" name="mac" value="$(mac)">
<input type="hidden" name="ip" value="$(ip)">
<input type="hidden" name="hostname" value="$(hostname)">
<input type="hidden" name="user" value="$(username)">
<input type="hidden" name="link-login" value="$(link-login)">
<input type="hidden" name="link-orig" value="$(link-orig)">
<input type="hidden" name="error" value="$(error)">
</form>
<script language="JavaScript">
<!--
	document.redirect.submit();
//-->
</script>
</body>
</html>

The values are substituted for the real ones by the NAS and submitted to the external server. The script on the server uses the values provided to do various things and then displays the following back to the user for them to submit (you can have this automatically submit as above if you want, up to you)

On the external server (which is loaded by the client’s browser):

<form name="login" action="https://1.1.1.1/login" method="post">
<input type="hidden" name="user" value="username">
<input type="hidden" name="password" value="password">
<input type="hidden" name="mac" value="00:00:00:00:00:00">
<input type="hidden" name="popup" value="false">
<input type="hidden" name="ssl-login" value="yes">
<input type="hidden" name="dst" value="http://www.google.com.au">
<input type="submit" name="login" value="Continue">
3

So when i use that external script what prohibits the NAS(client) from being redirected back to the external server. The redirect script from above is named login.html correct? If thats the case do i just force the hotspot unauth users to redirect.html and leave the login.html the same? Im just not too clear on this procedure.

4

To log a client in, you need to get them to submit their credentials to the ‘login’ script on the NAS. If it makes it easier to understand, you can refer to it as login.cgi too.

Ie:

<form name="login" action="https://hotspot_address/login.cgi" method="post">
<input type="hidden" name="user" value="username">
<input type="hidden" name="password" value="password"> 
<input type="submit" name="login" value="Continue">

The external server doesn’t actually talk directly to the Router via any means apart from RADIUS. It does everything via the clients browser.

5

Ok, so just to clarify this. On my hotspot device, i have the redirect script saved as login.html. And on the external server, i have the script you specified saved as login.cgi. Therefore, the process is :

  1. User opens web browser.
  2. User redirected to external login.
  3. User inputs info and hits submit.
  4. the username and password are sent to the hotspot device?
  5. then the hotspot device does its thing with radius.


    The whole step 4 is foggy. FYI, i have this thing working without the external server. I’m just not sure how the hotspot device grabs the values being posted to it from the external login page. When i tried this, the page on my hotspot device didn’t know what those values were. Or at least i didn’t know the syntax for grabbing posted values.

Also, i have a version of the login.html that automatically submits itself with a hardcoded user/pass. When i rename this file say to autologin.html and create the redirect in the old login.html it won’t login. It gives me an error ‘document.sendin.username’ is null or not an object

I’ve done a bit of programming and this just strikes me as very odd…

This is the code, probably ugly. 8^) just learning this html and javascript stuff.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>mikrotik hotspot > login</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="expires" content="-1" />
<style type="text/css">
body {color: #737373; font-size: 10px; font-family: verdana;}

textarea,input,select {
background-color: #FDFBFB;
border: 1px solid #BBBBBB;
padding: 2px;
margin: 1px;
font-size: 14px;
color: #808080;
}

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 10px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 14px; color: #7A7A7A; }
</style>

</head>

<body>
$(if chap-id)
	<form name="sendin" action="$(link-login-only)" method="post">
		<input type="hidden" name="username" />
		<input type="hidden" name="password" />
		<input type="hidden" name="dst" value="$(link-orig)" />
		<input type="hidden" name="popup" value="true" />
	</form>

	<script type="text/javascript" src="/md5.js"></script>
	<script type="text/javascript">
	<!--
	    function doLogin() {
		document.sendin.username.value = document.login.username.value;
		document.sendin.password.value = hexMD5('$(chap-id)' + document.login.password.value + '$(chap-challenge)');
		document.sendin.submit();
		return false;
	    }
	//-->
	</script>
$(endif)

<div align="center">
<a href="$(link-login-only)?target=lv&dst=$(link-orig-esc)">Latviski</a>
</div>

<table width="100%" style="margin-top: 10%;">
	<tr>
	<td align="center" valign="middle">
		<div class="notice" style="color: #c1c1c1; font-size: 9px">Please log on to use the mikrotik hotspot service<br />$(if trial == 'yes')Free trial available, <a style="color: #FF8080"href="$(link-login-only)?dst=$(link-orig-esc)&username=T-$(mac-esc)">click here</a>.$(endif)</div><br />
		<table width="240" height="240" style="border: 1px solid #cccccc; padding: 0px;" cellpadding="0" cellspacing="0">
			<tr>
				<td align="center" valign="bottom" height="175" colspan="2">
					<form name="login" action="$(link-login-only)" method="get"
					    $(if chap-id) onSubmit="return doLogin()" $(endif)>
						<input type="hidden" name="dst" value="$(link-orig)" />
						<input type="hidden" name="popup" value="true" />

							<table width="100" style="background-color: #ffffff">
								<tr><td align="right">login</td>
										<td><input style="width: 80px" name="username" type="text" value="admin"/></td>
								</tr>
								<tr><td align="right">password</td>
										<td><input style="width: 80px" name="password" type="password"/></td>
								</tr>
								<tr><td>&nbsp;</td>
										<td><input type="submit" value="OK" /></td>
								</tr>
							</table>
							<script type="text/javascript">
							<!--
								document.sendin.username.value = document.login.username.value;
								document.sendin.password.value = hexMD5('$(chap-id)' + document.login.password.value + '$(chap-challenge)');
								document.sendin.submit();
							//-->
							</script>

					</form>
				</td>
			</tr>
			<tr><td align="center"><a href="http://www.mikrotik.com" target="_blank" style="border: none;"><img src="/img/logobottom.png" alt="mikrotik" /></a></td></tr>
		</table>

	<br /><div style="color: #c1c1c1; font-size: 9px">Powered by mikrotik routeros &copy; 2005 mikrotik</div>
	$(if error)<br /><div style="color: #FF8080; font-size: 9px">$(error)</div>$(endif)
	</td>
	</tr>
</table>
</body>
</html>

Btw, thanks for your help bjohns.

6

Here’s a image I threw together that illustrates the process:

The remote server code I posted above isn’t the whole thing - there is more involved - essentially grabbing the values passed from the Router and building a form the user can click on to log in with.

I might actually knock up a quick and dirty perl cgi script that demonstrates this.

7

On the external code i kinda figured that. I have a working login.php on my external server that grabs the values from the redirect with <?=_POST['values of whatever']?> Its just when i post information back to the MT i can’t seem to grab the values or hardcode the values in my own page that automatically submits. Also, does Mikrotik support php script? Thanks again.