how can I "unlock" the internet (in PHP)?

RouterOS Scripting
1

hi in a captive portal with sites allowed in walled garden, after login, how can I “unlock” the internet (in PHP)?

2

I am guessing this is related to your other thread.
Other reader, read this: http://forum.mikrotik.com/t/where-can-i-find-the-ip-address/81625/1

3

yes. Sorry perhaps I should have to do only one thread?

4

Just trying to help whoever else may read this forum.

As for your question. I have no idea what your asking.
More information is needed.

Also, if this has nothing to do with Mikrotik scripting, I would suggest you ask in the Beginner Basics forum section.
But most of your questions seem to have very little to do with Mikrotik, so I don’t know.

5

It’s not exactly related to the other question.

And to answer this question of yours… What you’re trying to do is not possible “directly” via PHP (or any other language). You can’t login a hotspot user (or any kind of user) remotely, and to log in is the thing one does to unlock the internet.

The only way to log in is if the client device ITSELF sends an HTTP request to the router, with the username and password as part of the request.

You can have a form on your web server that will look and feel different, and you can also configure the router so that it redirects to that page before and after login, but DURING login - once the user presses that login button on your web page - your form must send the request back to the router, where it’s up to the router to verify the credentials, and either decline login or let the user in.

6

after logging in via social networks, users are redirected to a PHP page that gets the data from the profile … Then?

7

Well… If your application knows that the facebook login was a success, and is somehow notified about it…

You could use the API to create a temporary hotspot username and password (also set the account to remove itself on log out), and then redirect the user to the router with the generated username and password in the URL.

That way, the “real” credentials are the ones randomly generated by your app, but since they’re generated as a response to the facebook login, and the user is never presented a separate login form, it looks to the user as if their facebook login “unlocked the internet”.

8

yes! but how?

9

Well, once PHP can connect to the router (i.e. once we solve your other problem):

$addRequest = new RouterOS\Request('/ip hotspot user add');
$addRequest
    //->setArgument('profile', 'facebook') //Maybe?

    //The line below might be needed so that the router and facebook login expire together.
    //Otherwise, the router login will persist even after the facebook login has expired.
    //->setArgument('limit-uptime', ($facebookExpiresIn - time()) . 's')

    ->setArgument('name', 'FACEBOOK_' . $facebookUserID) //The prefix is in case you have non-facebook users on the router.
    ->setArgument('password', $facebookAccessToken);

$client($addRequest);

$routerQuery = http_build_query(
    array(
        //'dst' => $_SEVER['HTTP_REFERER'], //Optional.
        'username' => 'FACEBOOK_' . $facebookUserID,
        'password' => $facebookAccessToken
    )
);
header('Location: http://192.168.5.1/login?' .  $routerQuery);

But prior to having that code, also add to your users profile’s on-logout script:
/ip hotspot user remove $userIf you have non-facebook users on the same router, you’ll want to create a separate profile for facebook users, and only add the above to that profile.

10 
header('Location: http://192.168.5.1/login?' .  $routerQuery);

I don’t understand which page is that and what should I do there

11

Dude!

At this point, you’re asking me to make the entire login system for you… At least try to get the pieces you’ll be working with.


The entire code above should be part of the web page that receives the login information from facebook, after the point you’ve actually received the session information. How do you do that, you should check with facebook’s API.

The IP in the header() call should be your router’s LAN IP address, as seen by the guest computer, since what you’re doing with header(‘Location:…’) is instructing the browser to make a new HTTP request, and THAT request must be to the local hotspot router.

12

NoNo wait I had already done this part. What I was wondering is:
once I create the hotspot user after login, he is still stuck in the walled garden, how can I “unlock” him?
Sorry for the bad English

13

That’s what the header() call does - it makes the client device send a separate HTTP request to the router. The router will “unlock” the client device if the username and password are correct… Which they are certain to be in this case, since you just generated them earlier in the same file.

Once a user has logged in with the hotspot, they have internet access.

I’ve used the local IP of your MikroTik router, as we’ve seen it in the other topic, so you should NOT need change anything on that line.

14

ok so since the router can’t interpret php I imagine that there is some javascript that “unlocks” the client device… how?

15

There’s no programming code of any sort. You can’t login/unlock a user remotely in any fashion. Not with PHP, not with JavaScript, not with anything else.

That’s what I’ve been trying to tell you since the start of this topic.

The entire procedure above is a workaround for the absence of any PHP/JavaScript/[any-other-programming-language] means to cause a login/unlock.

The idea is that the guest computer will send an HTTP request to RouterOS with a username and password, without the user actually “seeing” a form on their screen. RouterOS has it’s own internal means of checking the username and password that you (from the web server) can’t change or trigger.

The ONLY way to log into hotspot is for a client device to send an HTTP request to RouterOS which logs them in. A device cannot cause another device to be logged in. You keep asking if you can make the web server authenticate the client device, and I keep telling you RouterOS does not allow that. The web server can only log in the web server, and only the client device can log in the client device.

I’m starting to run out of ways to explain this…

OK, one last attempt… Check the following image:
FACEBOOK_AUTH.png
Each network request is denoted with a number. The device making the request is with a blue square, and the device that responds to this request is with a red circle.

I’m telling you RouterOS login can only happen between the two devices on step 5. It can’t happen between any other two devices.

16

ok if I have understood is the http request which gives users access to …
So I have a problem with this because after the http request I get redirected to the captive portal page

17

You should be able to configure RouterOS so that it appends the originally requested URL to the URL of the PHP page (the one which will in turn request login from Facebook). That URL can in turn be placed in the “dst” query parameter, near the end of the PHP code snippet above (see the commented line).

With those two pieces in place, after login, the user will be redirected to the page they requested originally.

18

So:
1 - I have user, password ($user, $pwd)
2 - I create the hotspot user
$addRequest = new RouterOS\Request(‘/ip hotspot user add’);
$addRequest
->setArgument(‘name’, $user)
->setArgument(‘password’, $psw);
$client($addRequest);3 - Which http request for logging user in?

19

The next one.

The one that your web server won’t make, but which the client device will make when you ask them to do so with the header() call.

20

This?

$routerQuery = http_build_query(
    array(
        'username' => $user,
        'password' => $psw
    )
);
header('Location: http://192.168.5.1/login?'.$routerQuery);

:confused: