script for certain profile

namo · August 5, 2010, 2:43pm

I have Mikrotik RouterOS v4.11 with hotspot. normally users are forwarded from the login page to status page.
I have noticed that for each profile, you can have a script on logon or logout. Can you write a script so users with certain profile can be forwarded to different page after login or at least extra page pop-out.

fewi · August 5, 2010, 2:51pm

No.

You can control the page users are redirected to by either:

uploading alogin.html, this will be shown after successful login if it exists
editing redirect.html, this is shown after successful logins (but also in other situations) if alogin.html does not exist
forcing a ‘dst’ parameter to be submitted to the /login servlet, if alogin.html does not exist and redirect.html is left in the original state the user will be redirected to the URL that parameter is set to.

namo · August 6, 2010, 12:38pm

what kind of script that can be added to the users on a specific profile at the login?

fewi · August 6, 2010, 1:05pm

Any script. Scripts can’t redirect users, though.

dssmiktik · August 8, 2010, 2:38am

Maybe Javascript for alogin.html? Then you could use it to do a page redirect, and possibly query RouterOS values through API using Javascript (if it exists) to redirect based on a query.

I haven’t tested this myself, just a thought.

Another thought is you could use this to do session handling as well through session cookies + Javascript for Hotspot (would be very secure compared to simple MAC based authentication.

I hope this is along the lines of your post. Like I mentioned, I haven’t tested this at all, but may be worth researching into.

namo · August 8, 2010, 11:44am

you seems to be talking about something different. I am taking about hotspot and username and password login. After login, I want to direct people in certain user profile to different page than the rest of the users

fewi · August 8, 2010, 12:26pm

I think this is possible with dynamic address lists.

I will try and figure it out next week.

dssmiktik · August 9, 2010, 1:15am

namo,
I was referring to the same thing you inquired about. Basically you’re looking for a certain “group” of users to redirect to a specific page based on some criteria, correct? I know Javascript thing was a bit out there, although it might work, but I’ve never tried it so I thought I’d mention it anyway.
EDIT: redirecting based on user profile specifically is not supported directly. (it’s a lot of hard work to get working)

fewi,
If his criteria is in fact IP based, address lists would do the trick.

Also, if the criteria is a variable in the hotspot pages, you could use that to redirect.
Ex. to redirect based on username:
alogin.html:

<html>
<head>
<title>Page Title</title>
$(if username == john)
<meta http-equiv="refresh" content="0; url=http://$(hostname)/group1/alogin.html">
$(elif username == dizzy)
<meta http-equiv="refresh" content="0; url=http://$(hostname)/group2/alogin.html">
...
$(else)
<meta http-equiv="refresh" content="0; url=http://$(hostname)/allothers/alogin.html">
$(endif)
</head>
<body>
</body>
</html>

See this page for more details.

Something like this should work. I hope this is more along the lines of what you’re after.

fewi · August 9, 2010, 3:33am

You can add an address list to user profiles that users are automatically added to on login. It would then be possible to redirect to some easily recognizable tuplet in alogin.html and in turn again redirect towards the IP proxy on a specific port based on address list, which then again in turn redirects to the final page. That way any user account belonging to that profile gets that redirect and you don’t have to hard code anything in alogin.html - though if you only have a few user profiles, what you posted is definitely the simpler and more elegant solution. If you have fewer than 5 changes a month or so I’d go for that.

Basic idea of mine, untested, don’t have access to a router right now:

alogin.html does a meta refresh to http://172.16.0.1:12345, where that is an IP not used anywhere on your network.

The real final landing page sits on a webserver at 1.1.1.1

/ip hotspot user profile
set [find name=group1] address-list=group1
set [find name=group2] address-list=group2

/ip firewall nat
add chain=dstnat dst-address=172.16.0.1 dst-port=12345 protocol=tcp src-address-list=group1 action=redirect to-port=10000
add chain=dstnat dst-address=172.16.0.1 dst-port=12345 protocol=tcp src-address-list=group2 action=redirect to-port=10001

/ip proxy 
set port=10000,10001

/ip proxy access
add action=allow local-port=10000 disabled=no dst-address=1.1.1.1
add action=deny local-port=10000 disabled=no redirect-to="http://my.server.com/landingPageGroup1.html"
add action=allow local-port=10001 disabled=no dst-address=1.1.1.1
add action=deny local-port=10001 disabled=no redirect-to="http://my.server.com/landingPageGroup2.html"

Something like that, anyways.