how to login from external server using api

hi, i need to build an external hotspot using API and php because i want to add some other options to my hotspot

i want to know how i can login to mikrotik server using API, i mean i need to make login form on my php server and the user can use this form to login to my hotspot server

is this possible or not ??

No. It’s not possible for the API to perform login of hotspot users.

In fact, the login can ONLY be performed from the hotspot’s web page. You could adjust it so as to perform it against a RADIUS server instead of the router itself… but the login itself is still triggered by the router’s login page.

BTW, looking at it in 6.4, it seems that you do have the ability to copy someone’s active session as another active session… yeah, I don’t know why you’d do that if you can’t alter the resulting session either.

@MikroTik
How about either adding this ability, or explicitly clarifying it’s not possible somewhere in the manual? This is becoming a very frequent question.

ok thnx man :smiley:

+1 (again!)

@Mikrotik: As your products get better, more of us will be migrating from enterprise (read Green Box) solutions and this is something that is needed to allow support/NOC staff the ability to log users into the hotspot that are having problems viewing a portal (or maybe cant be arsed to click login).

I did it but without Api

if any one want to know how just tell me and i will try to explain my code

but he will suffer a lot from my bad english :slight_smile:

Let me guess…

You made login.html redirect to your custom web page.
On your custom web page, you have a form with an “action” attribute pointed back at the login page (this time so that a login is performed)?

Or what?

yes i did it
but i used onsubmit event to execute javascript function before form submission this function takes the username and password then send them to check.php

in check.php i can do what i want and if i want to stop login I use return false to stop the form submission then print the error inside the errors div

i hope you can understand what i mean

Ah. AJAX (pre-)authentication. Got it.

Keep in mind that with this fashion, the check.php would not be triggered if the device doesn’t support JavaScript or if the user (for one reason or another) decides to run it off - They would still login thanks to the form’s submission of course.

If you want to prevent that, you should set up an on-login script, in which you would do something like:

/tool fetch url="http://example.com/check.php?username=$user"

i.e. let MikroTik do the authentication… but keep a note of it using your web server.

i have a good solution if the client browser don’t support javascript

i will make the form display:none; and i will make another div with display:block; and i will write inside this div a message say " Your browser must support javascript " or something like that

and i will write javascript code like this

$(document).load(function(){
$('#msgDivId').hide();
$('#formId').show();
});

now if the browser support javascript the javascript code will be executed and that’s mean the message div will disappear and the login form will appear

if the browser doesn’t support javascript the javascript code will not be executed and that’s mean the message div will still appear and the login form will still disappear .

are you understand what i mean ?

Yes. That’s the best approach for everything that doesn’t involve server (or in this case “router”) interaction, be it HTML5 video, animations and what not - to assume no JavaScript, and then use JavaScript to remove the “extra” HTML for when you don’t have JavaScript.

Still. When talking about authentication, or anything that would normally involve a server call, a user with even basic understanding of HTTP can bypass it by using something like cURL to “forge” the HTTP request needed to perform the authentication.

So… something like:

curl -d "username=myUsername&password=myPassword" "http://router-ip/login.html"

(which, if I was a customer of your network, I might place in my system’s startup, as a way of avoiding typing my username and password every time)

Sure, that’s a slightly higher barrier of entry, and thus you’ll have fewer users who would do that (probably just Linux enthusiasts, if you have any in your network; or a bastard like myself :stuck_out_tongue:), but the point is they’ll bypass your check.php, so you should expect some misalignment between the two, and honor the router’s word over check.php’s word in terms of “is the user logged in”.