script to send email when a hotspot user login

Ehman · January 23, 2013, 6:57pm

Hi, I need a script that sends a email to me, everything a new hotspot user logs in, but that email must only be send once, not everytime the user logs in, or else I might end up with a 1000 emails in one week.

and another cool option to add would be if it can filter users names before emailing, like to only email if a username start with “AD…” or something like that, the purpose of this is to track how many vouchers get used from a certain batch

can someone help me with this please?

skot · January 24, 2013, 6:12am

What you are asking should be possible. A few questions:

Do you use the User Manager with the hotspot? I don’t know if this would affect the process… but it might.

Is your hotspot set up so that you are able to use the On Login / On Logout scripts under User Profiles? This would probably be the way to do it…
hs user profile scripts.png
Once the users are logged in the first time, this record will need to be stored somewhere. How long do you want this record to exist? 1 month, 1 year?

Ehman · January 24, 2013, 8:47am

I use freeraduis on server

I would like it to store for 1 month

skot · January 24, 2013, 11:43pm

I have not worked with Freeradius… so the question is:

If you put this script in the On Login box (picture earlier), do you start seeing logs of users logging in?

/log info "$user just logged in, triggered On Login script";

Also, do active hotspot users show up in IP > Hotspot > Active tab?

Ehman · January 25, 2013, 9:22am

skot:

I have not worked with Freeradius… so the question is:

If you put this script in the On Login box (picture earlier), do you start seeing logs of users logging in?
/log info "$user just logged in, triggered On Login script";
Also, do active hotspot users show up in IP > Hotspot > Active tab?

yes, “user just logged in, triggered On Login script” pops in the log when someone logs in

and yep, everything show in the active taps

skot · January 25, 2013, 10:10pm

Something like this may work for you. The script checks each hotspot login. New firewall rules are added that attempt to add the user to the Firewall’s Address List for X number of days. Users are filtered by whatever string you choose. This was tested on a stock hotspot without any other custom firewall rules, so it’s possible that customized firewall rules could interfere. One thing to keep in mind is that dynamic Address List entries are created, and they are not persistent if the router reboots.

Instructions:

Edit the CONFIG section at the top of the script
You may need to edit the /tool e-mail… code further down in the script, in case your email settings are different
Paste this script in IP > Hotspot > User Profiles > Scripts > On Login
Tools > Email might need to be configured for sending email

Tested on v5.22

# CONFIG --------------------------------------------\

# Email address to send to
:local emailaddress "email@domain.com";

# How long user stays in Address List
:local timeout 30d;

# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, remove everything between the quotes :local nameFilter "";
:local nameFilter "AD";

# END CONFIG ----------------------------------------/



# if username starts with nameFilter, proceed
if ([:find "$user" "$nameFilter"] = 0) do={
	/log info "[HOTSPOT] - $user - logged in, matches name filter";

# Set date and time variables
	:local date [/system clock get date];
	:local time [/system clock get time];
# get user IP
	:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
	:local emailsubject;
	:local emailbody;

# if user does NOT exist in Address List
	:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
		/log info "[HOTSPOT] - $user - not found in Address List";

# add firewall rules that will add dynamic address list entry
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";

		:local counter 0;
# number of times to attempt to add user to Address List before giving up	
		:local limit 60;
# delay between attempts
		:local delaytime 5s;
# loop a number of times to check if user is added to Address List	
		:while (counter < $limit) do={
			:set counter ($counter + 1);
			/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks		
			:delay $delaytime;
# if Address List entry is found, proceed
			:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
				/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
				:set emailsubject "New Hotspot Login ($user)";
				:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
				:set counter ($limit+10);
			} else={
# if we have reached the limit of times to check, send email
				:if ($counter = $limit) do={
					/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
					:set emailsubject "New Hotspot Login ERROR ($user)";
					:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
				}
			}
		}
# remove firewall rules afterwards
		/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
		/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list	
	} else={
		/log info "[HOTSPOT] - $user - already in Address List";
	}
# if user does not match name filter	
} else={
	/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}

Ehman · January 26, 2013, 1:25pm

skot:

Something like this may work for you. The script checks each hotspot login. New firewall rules are added that attempt to add the user to the Firewall’s Address List for X number of days. Users are filtered by whatever string you choose. This was tested on a stock hotspot without any other custom firewall rules, so it’s possible that customized firewall rules could interfere. One thing to keep in mind is that dynamic Address List entries are created, and they are not persistent if the router reboots.

Instructions:

Edit the CONFIG section at the top of the script
You may need to edit the /tool e-mail… code further down in the script, in case your email settings are different
Paste this script in IP > Hotspot > User Profiles > Scripts > On Login
Tools > Email might need to be configured for sending email

Tested on v5.22

# CONFIG --------------------------------------------\

# Email address to send to
:local emailaddress "email@domain.com";

# How long user stays in Address List
:local timeout 30d;

# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, remove everything between the quotes :local nameFilter "";
:local nameFilter "AD";

# END CONFIG ----------------------------------------/



# if username starts with nameFilter, proceed
if ([:find "$user" "$nameFilter"] = 0) do={
	/log info "[HOTSPOT] - $user - logged in, matches name filter";

# Set date and time variables
	:local date [/system clock get date];
	:local time [/system clock get time];
# get user IP
	:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
	:local emailsubject;
	:local emailbody;

# if user does NOT exist in Address List
	:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
		/log info "[HOTSPOT] - $user - not found in Address List";

# add firewall rules that will add dynamic address list entry
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";

		:local counter 0;
# number of times to attempt to add user to Address List before giving up	
		:local limit 60;
# delay between attempts
		:local delaytime 5s;
# loop a number of times to check if user is added to Address List	
		:while (counter < $limit) do={
			:set counter ($counter + 1);
			/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks		
			:delay $delaytime;
# if Address List entry is found, proceed
			:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
				/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
				:set emailsubject "New Hotspot Login ($user)";
				:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
				:set counter ($limit+10);
			} else={
# if we have reached the limit of times to check, send email
				:if ($counter = $limit) do={
					/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
					:set emailsubject "New Hotspot Login ERROR ($user)";
					:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
				}
			}
		}
# remove firewall rules afterwards
		/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
		/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list	
	} else={
		/log info "[HOTSPOT] - $user - already in Address List";
	}
# if user does not match name filter	
} else={
	/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}

woooooow, this is a epic script, it works great!, is there a way that I can add more filter words to it? ..it seems like the logins isn’t case sensitive, thats also a problem, so if someone enters “ad” it still logins but no email

skot · January 30, 2013, 12:10am

Yes.

The full script is further down, but here are some of the changes. You can now add more filter strings. Edit the following array to include the ones you want. Current it’s set to allow any combination of “AD”:

:local nameFilter ("AD","ad","Ad","aD");

You can add or remove ones you don’t want, just make sure to enclose each one in quotes and separate them with a comma (no comma after the last one).

If you want to allow all users, change it to:

:local nameFilter ("");

NOTE: You’ll need to replace the entire script, as some of the structure has changed.

v2

# CONFIG --------------------------------------------\

# Email address to send to
:local emailaddress "email@domain.com";

# How long user stays in Address List
:local timeout 30d;

# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");

# END CONFIG ----------------------------------------/



# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
	if ([:find "$user" "$i"] = 0) do={
		:set match 1;
	}
}
if ($match = 1) do={
	/log info "[HOTSPOT] - $user - logged in, matches name filter";

# Set date and time variables
	:local date [/system clock get date];
	:local time [/system clock get time];
# get user IP
	:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
	:local emailsubject;
	:local emailbody;

# if user does NOT exist in Address List
	:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
		/log info "[HOTSPOT] - $user - not found in Address List";

# add firewall rules that will add dynamic address list entry
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";

		:local counter 0;
# number of times to attempt to add user to Address List before giving up	
		:local limit 60;
# delay between attempts
		:local delaytime 5s;
# loop a number of times to check if user is added to Address List	
		:while (counter < $limit) do={
			:set counter ($counter + 1);
			/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks		
			:delay $delaytime;
# if Address List entry is found, proceed
			:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
				/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
				:set emailsubject "New Hotspot Login ($user)";
				:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
				:set counter ($limit+10);
			} else={
# if we have reached the limit of times to check, send email
				:if ($counter = $limit) do={
					/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
					:set emailsubject "New Hotspot Login ERROR ($user)";
					:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
				}
			}
		}
# remove firewall rules afterwards
		/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
		/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list	
	} else={
		/log info "[HOTSPOT] - $user - already in Address List";
	}
# if user does not match name filter, log info
} else={
	/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}

Ehman · January 30, 2013, 12:16am

skot:

Yes.

The full script is further down, but here are some of the changes. You can now add more filter strings. Edit the following array to include the ones you want. Current it’s set to allow any combination of “AD”:

:local nameFilter ("AD","ad","Ad","aD");

You can add or remove ones you don’t want, just make sure to enclose each one in quotes and separate them with a comma (no comma after the last one).

If you want to allow all users, change it to:

:local nameFilter ("");

NOTE: You’ll need to replace the entire script, as some of the structure has changed.

v2

# CONFIG --------------------------------------------\

# Email address to send to
:local emailaddress "email@domain.com";

# How long user stays in Address List
:local timeout 30d;

# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");

# END CONFIG ----------------------------------------/



# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
	if ([:find "$user" "$i"] = 0) do={
		:set match 1;
	}
}
if ($match = 1) do={
	/log info "[HOTSPOT] - $user - logged in, matches name filter";

# Set date and time variables
	:local date [/system clock get date];
	:local time [/system clock get time];
# get user IP
	:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
	:local emailsubject;
	:local emailbody;

# if user does NOT exist in Address List
	:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
		/log info "[HOTSPOT] - $user - not found in Address List";

# add firewall rules that will add dynamic address list entry
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
		/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";

		:local counter 0;
# number of times to attempt to add user to Address List before giving up	
		:local limit 60;
# delay between attempts
		:local delaytime 5s;
# loop a number of times to check if user is added to Address List	
		:while (counter < $limit) do={
			:set counter ($counter + 1);
			/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks		
			:delay $delaytime;
# if Address List entry is found, proceed
			:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
				/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
				:set emailsubject "New Hotspot Login ($user)";
				:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
				:set counter ($limit+10);
			} else={
# if we have reached the limit of times to check, send email
				:if ($counter = $limit) do={
					/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
					:set emailsubject "New Hotspot Login ERROR ($user)";
					:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
				}
			}
		}
# remove firewall rules afterwards
		/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
		/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list	
	} else={
		/log info "[HOTSPOT] - $user - already in Address List";
	}
# if user does not match name filter, log info
} else={
	/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}

thx for your time, its epic awesome script

skot · January 30, 2013, 2:40am

You are welcome! Enjoy…

Ehman · February 6, 2013, 1:22am

Hi mate, I’ve found a problem while testing out the script on my hotspot, when I’ve got login by MAC enabled, it messes around with your script and stops it from working with logins, but as soon as I take login by MAC off, it works 100%, so what can be the problem? …I used login by MAC on some of my devices like a blackberry and roaming devices and I really want it to work with login by MAC enabled. …can you check it out please?

on the log, it says:
[HOTSPOT] - user1 - logged in - matches name filter

but under the Address list that user is not listed, only the mac user are from my blackberry

Ehman · February 7, 2013, 12:09am

can anyone please help me, to make this script work with “login by MAC” enabled, because login by mac totally freaks out the script.

skot · February 8, 2013, 12:00am

How are you adding the MAC users?

Do you add user to IP Bindings with Type:Bypassed (http://forum.mikrotik.com/t/hotspot-mac-by-radius-auth/22546/1). When I use this method, the client is bypassed, so there is no login. Therefore, script does not run.
Do you add new User with Name as MAC address and blank password (http://forum.mikrotik.com/t/hotspot-mac-by-radius-auth/22546/1). The script works when I use this method.

Or are you using a different method?

Ehman · February 8, 2013, 12:33am

Hi

The users is added in the database of Radius Mananger 4, its using freeradius

I don’t add any users on the routers itself, its only NAS devices in my setup

I think the system takes the mac adddress and makes it a username, and on the Hotspot Server Profile, under MAC Auth. Password… its just blank, no password needed

everything is added on the radius server side

for some reason when a device logs in by MAC, it just crashes the script from continuing

Under address list:
2C:A8:35:83:5B:4C - HSLOGIN,feb/07/2013,22:04:48

and after this, it just says:

User1 logged in, matches name filter

and then the script stops, but if I unticked login by MAC. then the script works 100%, so that just weird to me

skot · February 8, 2013, 2:43am

So, are you saying that after the first MAC user logs in, then the script stops working for all users? Hmm…

Ehman · February 8, 2013, 2:46am

Yip, exactly mate, and I don’t understand why it does that

skot · February 9, 2013, 6:56pm

From what I can figure out, the script hangs up on the $user variable… not sure why because it would correctly work the first time. So, I converted $user to a string and used the string instead throughout the script. Now it seems to be working. Let me know if this works!

v3

# CONFIG --------------------------------------------\

# Email address to send to
:local emailaddress "email@domain.com";

# How long user stays in Address List
:local timeout 30d;

# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");

# END CONFIG ----------------------------------------/

:local userStr [:tostr $user];

# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
   if ([:find "$userStr" "$i"] = 0) do={
      :set match 1;
   }
}
if ($match = 1) do={
   /log info "[HOTSPOT] - $userStr - logged in, matches name filter";

# Set date and time variables
   :local date [/system clock get date];
   :local time [/system clock get time];
# get user IP
   :local ip [/ip hotspot active get [find user="$userStr"] address];
# delcare a few variables
   :local emailsubject;
   :local emailbody;

# if user does NOT exist in Address List
   :if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 0) do={
      /log info "[HOTSPOT] - $userStr - not found in Address List";

# add firewall rules that will add dynamic address list entry
      /ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$userStr - HSLOGIN";
      /ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$userStr - HSLOGIN";

      :local counter 0;
# number of times to attempt to add user to Address List before giving up   
      :local limit 60;
# delay between attempts
      :local delaytime 5s;
# loop a number of times to check if user is added to Address List   
      :while (counter < $limit) do={
         :set counter ($counter + 1);
         /log info "[HOTSPOT] - $userStr - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks      
         :delay $delaytime;
# if Address List entry is found, proceed
         :if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 1) do={
            /log info "[HOTSPOT] - $userStr - user has been added to Address List, sending email";
# set email subject and body variables
            :set emailsubject "New Hotspot Login ($userStr)";
            :set emailbody "User: $userStr\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
            :set counter ($limit+10);
         } else={
# if we have reached the limit of times to check, send email
            :if ($counter = $limit) do={
               /log info "[HOTSPOT] - $userStr - failed to add user to Address List, sending email";
# set email subject and body variables
               :set emailsubject "New Hotspot Login ERROR ($userStr)";
               :set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $userStr\r\n$time, $date\r\nIP: $ip\r\n";
            }
         }
      }
# remove firewall rules afterwards
      /ip firewall filter remove [find comment="$userStr - HSLOGIN"];
# send email
      /tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list   
   } else={
      /log info "[HOTSPOT] - $userStr - already in Address List";
   }
# if user does not match name filter, log info
} else={
   /log info "[HOTSPOT] - $userStr - logged in, does not match name filter";
}

Ehman · February 9, 2013, 7:19pm

skot:

From what I can figure out, the script hangs up on the $user variable… not sure why because it would correctly work the first time. So, I converted $user to a string and used the string instead throughout the script. Now it seems to be working. Let me know if this works!

v3

# CONFIG --------------------------------------------\

# Email address to send to
:local emailaddress "email@domain.com";

# How long user stays in Address List
:local timeout 30d;

# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");

# END CONFIG ----------------------------------------/

:local userStr [:tostr $user];

# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
   if ([:find "$userStr" "$i"] = 0) do={
      :set match 1;
   }
}
if ($match = 1) do={
   /log info "[HOTSPOT] - $userStr - logged in, matches name filter";

# Set date and time variables
   :local date [/system clock get date];
   :local time [/system clock get time];
# get user IP
   :local ip [/ip hotspot active get [find user="$userStr"] address];
# delcare a few variables
   :local emailsubject;
   :local emailbody;

# if user does NOT exist in Address List
   :if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 0) do={
      /log info "[HOTSPOT] - $userStr - not found in Address List";

# add firewall rules that will add dynamic address list entry
      /ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$userStr - HSLOGIN";
      /ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$userStr - HSLOGIN";

      :local counter 0;
# number of times to attempt to add user to Address List before giving up   
      :local limit 60;
# delay between attempts
      :local delaytime 5s;
# loop a number of times to check if user is added to Address List   
      :while (counter < $limit) do={
         :set counter ($counter + 1);
         /log info "[HOTSPOT] - $userStr - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks      
         :delay $delaytime;
# if Address List entry is found, proceed
         :if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 1) do={
            /log info "[HOTSPOT] - $userStr - user has been added to Address List, sending email";
# set email subject and body variables
            :set emailsubject "New Hotspot Login ($userStr)";
            :set emailbody "User: $userStr\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
            :set counter ($limit+10);
         } else={
# if we have reached the limit of times to check, send email
            :if ($counter = $limit) do={
               /log info "[HOTSPOT] - $userStr - failed to add user to Address List, sending email";
# set email subject and body variables
               :set emailsubject "New Hotspot Login ERROR ($userStr)";
               :set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $userStr\r\n$time, $date\r\nIP: $ip\r\n";
            }
         }
      }
# remove firewall rules afterwards
      /ip firewall filter remove [find comment="$userStr - HSLOGIN"];
# send email
      /tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list   
   } else={
      /log info "[HOTSPOT] - $userStr - already in Address List";
   }
# if user does not match name filter, log info
} else={
   /log info "[HOTSPOT] - $userStr - logged in, does not match name filter";
}

I use the option:
:local nameFilter (“”);

I’m going to test it out now

Ehman · February 9, 2013, 7:31pm

everything seems to work 100% now, thx mate

skot · February 9, 2013, 9:55pm

YW