Hotspot Variables - [SOLVED]

begreat · Tue Jan 11, 2011 5:30 pm

Hi i was trying to change a few thing on my Hospot page, but i can't seem to find the codes i need.

I would like to know if there is any way to have the login form present and working in all of the hotspot's pages (except the alogin.html of course) and allow the user to login from it, or if the users are only allowed to login from the login.html page?

Also if there is a way to login from any hospot page, i would like to know the variables that i can use to check the user status (Logged in or not) for the If-Then-Else variables that i want to use.

This is an example of the If-Then-Else that i want to use:

If "user logged in":

Show user info like username, IP and MAC

If "user not logged in":

Show the login Form and some info like IP and MAC

This is my current hotspot page:

hotspot1.JPG

hotspot2.JPG

Thank you for your attention, best regards,
Paulo Brinca.

dssmiktik · Tue Jan 11, 2011 9:42 pm

It's even simpler then that. Basically the hotspot will do the work for you. It will display login.html if the user is not logged in, and display rstatus.html (or status.html) if the user is logged in, automatically when requesting the router.

More info here: http://wiki.mikrotik.com/wiki/Manual:Cu ... vlet_Pages

begreat · Tue Jan 11, 2011 10:15 pm

I have seen that link, but thanks anyway...

One of the questions is if the user has to login from the login.html or not.

My hotspot has standalone user registration, wich means that users create their accounts to use the internet (yes, it is a free hotspot, no charges). After that they will stay in the registration page with the login form, but that login is not working right now...

The other question is related to the detection of the user status.

Since this hotspot will have more contents i would like to allow users to browse the different hotspot pages and have their account info on the top if they are logged in, or the login form if they are not logged in.

I have tryed with the logged-in variable, but without sucess.

An example would help since i have been around this all day, and may be doing something wrong

thank you for your time.

fewi · Wed Jan 12, 2011 12:16 am

The user logs in by submitting - via POST or GET - the username and password variables to /login. It is irrelevant what the referrer is for that resource.

All variables are available on all pages served by the Hotspot servlet.

begreat · Wed Jan 12, 2011 12:46 am

I am not going to question you, but could you please download my hotspot template and test it to check, i am not able to login from the User registration page (called "registar.html").

Files removed...

fewi · Wed Jan 12, 2011 12:49 am

I don't have anything on this machine that can read RAR files. Please post the source code of the HTML page that is giving you trouble in line wrapped in

 tags.

begreat · Wed Jan 12, 2011 12:58 am

Here you go:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt" lang="pt">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="skin/normal/css/css.css" type="text/css" />
<title>Picom&aacute;tica Wireless - A sua liga&ccedil;&atilde;o ao mundo - Bem Vindo(a)</title>
<script type="text/javascript" src="javascript/publicidade.js"></script>
</head>

<body>
<!-- Inicio do Wrapper -->
<!-- Inicio do Script -->
<div id="script" style="display:none">
$(if chap-id)
	<form name="sendin" action="$(link-login-only)" method="post">
		<input type="hidden" name="username">
		<input type="hidden" name="password">
		<input type="hidden" name="dst" value="$(link-orig)">

		<input type="hidden" name="popup" value="true">
	</form>
	<script language="JavaScript" src="javascript/md5.js">
	</script>
	<script language="JavaScript">
	<!--
	    function doLogin() {
		document.sendin.username.value = document.login.username.value;
		document.sendin.password.value = hexMD5('$(chap-id)' + document.login.password.value + '$(chap-challenge)');
		document.sendin.submit();
		return false;
	    }
	//-->
	</script>
$(endif)
</div>
<!-- Fim do Script -->
<!-- Inicio do Wrapper -->
<table id="wrapper" border="0" cellspacing="0" cellpadding="0">
	<tr>
		<td id="bordatopoleft" align="center" valign="top"></td>
		<!-- Inicio do Site -->
		<td id="site">
			<!-- Inicio do Header -->
			<table id="header" border="0" cellspacing="0" cellpadding="0">
				<tr>
					<td id="logo" valign="middle" class="semborda">
					<a href=""><img src="skin/normal/imagens/logo.png" title="Picomatica Wireless" alt="Picomatica Wireless" class="semborda" /></a>
			    	</td>
					<td id="utilizador">
						<div id="login">
							<form name="login" action="$(link-login-only)" method="post" $(if chap-id) onSubmit="return doLogin()" $(endif)>
								<table width="300" border="0">
									<tr>
										<td colspan="2"><label class="verde">Autentica&ccedil;&atilde;o:</label></td>
									</tr>
									<tr>
										<td width="150"><label>Nome de Utilizador:</label></td>
										<td><label>Senha:</label></td>
									</tr>
									<tr>
										<td width="150"><input name="username" value="$(username)" type="text" size="19" /></td>
										<td><input name="password" value="" type="password" size="19" /></td>
									</tr>
									<tr>
										<td width="150"><label>Endereço IP:</label></td>
										<td><label>Endereço MAC:</label></td>
									</tr>
									<tr>
										<td width="150">$(ip)</td>
										<td>$(mac)</td>
									</tr>
									<tr>
										<td colspan="2" class="direita">
											<input type="hidden" name="dst" value="$(link-orig)">
											<input type="hidden" name="popup" value="true">
											<input class="botao" type="submit" value="Entrar"/>
										</td>
									</tr>
								</table>
							</form>
						</div>	
                    </td>
				</tr>
				<tr>
                	<td id="idioma" valign="bottom">
							<table id="idiomadentro" border="0" cellspacing="0" cellpadding="0">
								<tr>
   								  <td><a href="login.html"><img src="imagens/flags/pt.jpg" class="semborda" width="20" height="12" alt="Portugês" longdesc="Altera o idioma para Português" /></a>&nbsp;<a href="en/login.html" style="display:none"><img src="imagens/flags/en.jpg" class="semborda" width="20" height="12" alt="Inglês" longdesc="Altera i idioma para Inglês" /></a></td>
  								</tr>
							</table>
					</td>
					<td id="navegacao" valign="bottom">
						<ul class="navegacao">
							<li><a href="registar.html" title="Registo de Utilizador" class="current">Registo de Utilizador</a></li>
							<li><a href="login.html" title="P&aacute;gina Inicial" class="other">Autentica&ccedil;&atilde;o</a></li>
						</ul>
					</td>
				</tr>
			</table>
			<!-- Fim do Header -->
    </td>
		<td id="bordatoporight" align="center" valign="top"></td>
	</tr>
	<tr>
		<td id="bordaleft" align="center" valign="top"></td>
		<td>

			<!-- Inicio do Corpo -->
			<table id="corpo" border="0" cellspacing="0" cellpadding="0">
				<tr>
					<td>
					<!-- Inicio da Esquerda -->
						<table id="esquerda" border="0" cellpadding="0" cellspacing="0">
							<tr>
								<td>
                                	<div class="justificadosite">
                                		<h1>Publicidade:</h1>
										<div align="center">
											<script type="text/javascript">
											show_banners('lateral');
                                        	</script><br />
											<script type="text/javascript">
											show_banners('lateral');
                                        	</script><br />
											<script type="text/javascript">
											show_banners('lateral');
                                        	</script><br />
											<script type="text/javascript">
											show_banners('lateral');
                                        	</script><br />
											<script type="text/javascript">
											show_banners('lateral');
                                        	</script><br />
											<script type="text/javascript">
											show_banners('lateral');
                                        	</script><br />
                                        </div>
									</div>
								</td>
							</tr>
						</table>
						<!-- Fim da Esquerda -->
						<!-- Inicio dos Conteúdos -->
						<table id="principal" border="0" cellpadding="0" cellspacing="0">
							<tr>
								<td>
                                	<div class="justificadosite">
										<br />
										<div align="center">
										<script type="text/javascript">
										show_banners('fundo');
										</script><br />
										</div>
										<div class="separador"></div>
                                        <p align="center">
											Página de registo desactivada por motivos de segurança
										</p>
										<div class="separador"></div>
                                        <br />
										<div align="center">
										<script type="text/javascript">
										show_banners('fundo');
										</script><br />
										</div>
									</div>
								</td>
							</tr>
						</table>
						<!-- Fim dos Conteúdos -->
                        <!-- Inicio da Direita -->
						<table id="direita" border="0" cellpadding="0" cellspacing="0">
							<tr>
								<td>
									<div class="justificadosite">
                    					<h1>Colaboradores:</h1>
										<div align="center">
                                    		<img src="imagens/logojunta.png" alt="Junta de Freguesia das Lajes do Pico" title="Junta de Freguesia das Lajes do Pico" width="150" height="157" border="0" class="semborda" /><br /><br />
											<a href="http://www.redespt.com/" target="_blank"><img src="imagens/logoofficelan.png" alt="Officelan,LDA" title="Officelan,LDA" width="150" height="61" border="0" /></a>
	  									</div>
                                    </div>
								</td>
							</tr>
						</table>
                        <!-- Fim da Direita -->
					</td>
				</tr>
                <!-- Fim do Corpo -->
                <!-- Inicio do Fundo -->
                <tr>
					<td>
						<table id="fundo" border="0" cellspacing="0" cellpadding="0">
							<tr>
								<td id="fundodentro">
									<p><strong>Picom&aacute;tica Wireless - A sua liga&ccedil;&atilde;o ao mundo </strong>&copy; 2009 - Todos os direitos reservados.</p>
								</td>
							</tr>
						</table>
					</td>
				</tr>
			<!-- Fim do Fundo -->
            </table>
			<!-- Fim do Corpo -->
		</td>
		<td id="bordaright" align="center" valign="top"></td>
	</tr>
</table>
<!-- Fim do Site -->
</body>
</html>

fewi · Wed Jan 12, 2011 2:23 am

That should work. Turn on Hotspot debugging and see if you can see the login attempts, and what errors are thrown.

begreat · Wed Jan 12, 2011 2:43 am

I will do that tomorrow, since right now it is 23:43h here in the Azores.

Thank you for your time, i will post some news tomorrow.

Wed Jan 12, 2011 12:38 pm

I don't have anything on this machine that can read RAR files.

I recommend 7zip. It reads all archive formats and it's free and stable software with no ads. And RAR is a good format, better than ZIP. I think 7zip's own format could be even better than RAR but not sure.

SurferTim · Wed Jan 12, 2011 1:06 pm

Just my advice, since I use login-by=http-chap and fewi uses login-by=http-pap, insure the md5.js file is in the correct directory. In your html code:

<script language="JavaScript" src="javascript/md5.js">
</script>

In this case, the md5.js file should be in the /hotspot/javascript/ directory. If it is in the same directory as the login.html doc (like on the router in the /hotspot directory), it should be
src="/md5.js"

@normis: Thanks for the tip on 7zip!

begreat · Wed Jan 12, 2011 1:26 pm

Thanks SurferTim the md5.js is inside the javascript folder, and this code is the same as the login.html, the only thing that changes is the content of <table id="principal" border="0" cellpadding="0" cellspacing="0"></table>

Since the "login.html" is working, the "registar.html" should also be allowing the user to login from there...

I would like to know if i post the files can someone please take a look at the code and possibly test it in their hotspot...

@normis - Do you wan't me to remove the code from above and place a .txt file with it?

Thank you.

SurferTim · Wed Jan 12, 2011 1:55 pm

Did you do what fewi suggested? Try the login from that page and check the log. I'm fairly certain fewi will ask if you tried that. You should be able to test it by calling it from a client machine.
http://192.168.0.1/registrar.html
Change the ip to your router's hotspot address.

You are aware that the hotspot will call login.html when the requested page is redirected. You will either need to rename your doc login.html, or redirect the login.html page to your new page with Javascript.

ADD: I don't know if the variables $(chap-id) and $(chap-challenge) will be correct on the registrar.html doc. You might want to "View Source" on that page when it loads to insure those are there.

fewi · Wed Jan 12, 2011 4:29 pm

What Tim said. Always check the logs when testing. Also, try it with PAP instead of CHAP and see if that works to determine if the md5 algorithm is the root of your issue.

begreat · Wed Jan 12, 2011 4:58 pm

That either is way over my head or i'm not getting the big picture here

...

I will look for more information on that subject and then make some testing...

Right now i have a machine set up for testing, when i try to login from the "registar.html" on the browser i get the error:

web browser did not send challenge response (try again, enable JavaScript)

And on the Mikrotik Log i get the error:

begreat (192.168.12.136):login failed: no chap for http-chap login method

fewi · Wed Jan 12, 2011 5:41 pm

That means there's either a problem how you're integrating the md5.js, or the $(chap-id) variables aren't getting populated as Tim hinted towards. Look at the page in source view on the test client and see if the variable is filled out - if it's not, CHAP can't work.

A simple "no worries" workaround would be if you had an SSL certificate you can use on the Hotspot. PAP is perfectly safe over SSL/TLS, and pages for PAP are much easier to write and debug than CHAP ones.

begreat · Wed Jan 12, 2011 6:21 pm

On the test pc i have, the code view of the login.html shows this:

<!-- Inicio do Script -->
<div id="script" style="display:none">
 
	<form name="sendin" action="http://hotspot.picomatica.dom/login" method="post">
		<input type="hidden" name="username">
		<input type="hidden" name="password">
		<input type="hidden" name="dst" value="">
 
		<input type="hidden" name="popup" value="true">
	</form>
	<script language="JavaScript" src="javascript/md5.js">
	</script>
	<script language="JavaScript">
	<!--
	    function doLogin() {
		document.sendin.username.value = document.login.username.value;
		document.sendin.password.value = hexMD5('\075' + document.login.password.value + '\143\273\017\226\171\317\337\325\301\362\230\110\174\130\360\321');
		document.sendin.submit();
		return false;
	    }
	//-->
	</script>
 
</div>
<!-- Fim do Script -->

and the code view of the registar.html shows this:

<!-- Inicio do Script -->
<div id="script" style="display:none">
 
</div>
<!-- Fim do Script -->

begreat · Wed Jan 12, 2011 7:55 pm

That means there's either a problem how you're integrating the md5.js, or the $(chap-id) variables aren't getting populated as Tim hinted towards. Look at the page in source view on the test client and see if the variable is filled out - if it's not, CHAP can't work.

A simple "no worries" workaround would be if you had an SSL certificate you can use on the Hotspot. PAP is perfectly safe over SSL/TLS, and pages for PAP are much easier to write and debug than CHAP ones.

I don't know if it makes a difference, but i have my own RadiusManager license from DMASoftLAB.

SurferTim · Wed Jan 12, 2011 8:18 pm

If there was no "function doLogin" script, then the $(chap-id) variable was blank. You will need to replace the login.html with your page. I would save the original login.html page in case you need a reference for your new page, and something to go back to if yours doesn't work like you expected.

Then try again. Same thing. Check "View Source", then try the login and check the log.

I enable the hotspot and radius logging when testing.

/system logging
add topics=hotspot action=memory
add topics=radius action=memory

begreat · Thu Jan 13, 2011 3:25 am

If there was no "function doLogin" script

There is a "function doLogin" script, the page's HTML is a few posts above.

I have checked everything (according to my knowledge), and i can't find the error, it should be working, but for some reason users can only login using the login.html file, no other file allows the users to login, imagine i would like the user to login from login2.html while login.html had some hotspot intro...

SurferTim · Thu Jan 13, 2011 4:20 am

and the code view of the registar.html shows this:
Code:

<div id="script" style="display:none">

</div>

This is what you posted from registrar.html. Where is the function doLogin? It isn't there because $(chap-id) is blank or not defined. That is what these two lines of code do. If $(chap-id) is blank or not defined, nothing is displayed between these two lines:

$(if chap-id)
(javascript routine here)
$(endif)

The hotspot web server sends the doLogin function only if $(chap-id) is not blank.

begreat · Thu Jan 13, 2011 1:03 pm

This is what you posted from registrar.html. Where is the function doLogin?

Sorry, i thought that you meant that there was no function doLogin inside the registar.html original code, not on the resulting html from the users point of view.

You are correct, when the user tries to login, the only place that the $(chap-id) is defined is in the login.html i have added the variable to the html code to see the result and it is blank on the rest of the pages...

SurferTim · Thu Jan 13, 2011 1:14 pm

I think I see what you want, but I don't know what you want the page difference based upon. Is there some hotspot variable that you want to use, like $(error)? For example, $(error) is blank on the first page load, but if the user enters a bad user or password, it won't be. You could have two pages in one using $(error). But the file will need to be login.html.

$(if error)
(page code that is displayed after login fail)
$(else)
(page code displayed initially)
$(endif)

begreat · Thu Jan 13, 2011 1:22 pm

An active demo would be better, check this out:

http://www.picomatica.info/hotspot/login.html

All i want is to be able to login from any of those 2 pages (and of couse, after finding the mistake, be able to login from any other pages i want to add)

I can send you the html files if you have the possibility to test them on any hotspot...

SurferTim · Thu Jan 13, 2011 1:28 pm

Do you have a problem renaming registrar.html to login.html and uploading it to the router? Download the original login.html document to your computer as a backup, then change registrar.html to login.html, and upload it to the router.

If the user is already logged in, the login.html page will not be called. Only gets called again on login fail.

BTW, that would be a very good looking login page!

ADD: Test it on your router! Come on! Take a chance!!

The worst that could happen is it doesn't work, and you upload the original login.html.
Live up to your user name: BE GREAT!

begreat · Thu Jan 13, 2011 1:39 pm

That's the thing, that was the firs thing i have done, and it works, otherwise i wouldn't be here bothering you guys

.

That's one of the reasons that i have started this topic, to find out why is it that if i change the name of the html file, the login stops working.

The first page i created was the login.html, the other pages are copies, the only part that changes is the contents part, the part between this:


....
....
....


all the rest is exactly the same in all pages...

I can send you the hotspot files, if you want to change this template for your use...

SurferTim · Thu Jan 13, 2011 1:48 pm

How does it fail? How does it respond when you try a login? One of these?

invalid username or password
web browser did not send challenge response (try again, enable JavaScript)
RADIUS server is not responding

begreat · Thu Jan 13, 2011 1:51 pm

It was posted above:

Right now i have a machine set up for testing, when i try to login from the "registar.html" on the browser i get the error:

web browser did not send challenge response (try again, enable JavaScript)

And on the Mikrotik Log i get the error:

begreat (192.168.12.136):login failed: no chap for http-chap login method

We can use the chat system that is on the hotspot page, it's not just a demo, it's working...

SurferTim · Thu Jan 13, 2011 1:58 pm

Then the page is working except the md5 encryption. I know it seems like I am asking for the same stuff over and over, but as you do changes, things might change. If you still have the new login.html on the router, get the login page and "View Source". Insure the doLogin script is there on that code. It will not be there if you try it as registrar.html, only as login.html as a redirect by the hotspot.

Insure the md5.js file is in the right place! Look in "/file" and insure the md5.js file is
hotspot/javascript/md5.js

ADD: Try putting a leading slash on the src here:
<script language="JavaScript" src="/javascript/md5.js">

begreat · Thu Jan 13, 2011 2:01 pm

i am going to download the hotspot files and place them on the http://www.picomatica.info/hotspot2/login.html

begreat · Thu Jan 13, 2011 2:03 pm

It's done, you can check the files on the MK Hotspot, and the ones i am changing...

I will now rename the "registar.html" to "login.html" and upload it to the MK Hotspot again, just to be shure...

I will add the leading slash as you suggested but this template was made exactly as a template, only one region is changeable, meaning that if the md5,js file is correct to the login.html, it is correct to the registar.html

the only thing that changes is the name of the file and the contents as i mentioned above...

begreat · Thu Jan 13, 2011 2:09 pm

That doesn't do anything, the problem can´t be there, because it doesn't even loads the file, the problem is with the:

$(if chap-id)
...
...
...
$(endif)

SurferTim · Thu Jan 13, 2011 2:14 pm

OK. I downloaded your code, installed it on my router, changed ONLY the location of md5.js, and I logged in. No problem!

begreat · Thu Jan 13, 2011 2:23 pm

OK. I downloaded your code, installed it on my router, changed ONLY the location of md5.js, and I logged in. No problem!

Using witch file? login.html or registar.html ?

Can you please test it usein only my hotspot files?

Download all the hotspot files from: http://www.picomatica.info/stuff/hotspot.rar

SurferTim · Thu Jan 13, 2011 2:30 pm

I did a "View Source" on this link:
http://www.picomatica.info/hotspot2/login.html
I changed only this in that code:

<script language="JavaScript" src="/md5.js">

Uploaded it to my router, and logged in with it.

begreat · Thu Jan 13, 2011 2:36 pm

The login.html works fine.

The question here is, why can't i do the login fron the registar.html, if you download the files you will for shure have a different view...

At the moment i have a welcome page and a user self registration page (none of them are exclusivly for login purposes), of course that i want the users to be able to login from both pages (and a couple of others that i will add, like advertise requests for example), without having to come back to the login.html page (otherwise there is no sense on having the login form on the top right corner of all pages).

SurferTim · Thu Jan 13, 2011 2:44 pm

The page the hotspot web server displays on login is login.html. That is the only doc it will put the chap-id and chap-challenge on. If you want more options that that, you might want to consider an external php-enabled web server to host the login.html (or registrar.html) document.
http://wiki.mikrotik.com/wiki/HotSpot_e ... login_page

ADD: Except they would need to be login.php or registrar.php on the external server.

begreat · Thu Jan 13, 2011 5:23 pm

So there is no way to do that from inside the hotspot ?!? And i have to "POST" all the variables from file to file?

If i want the username to be visible in the login.php and in the registar.php i have to use the post of the variables ?!?

Can't i do the same as any website, you login from wherever you want (inside the website of course), and then have the possibility to browse inside that website.

Like in this forum for example, you login and you can see your username in the top right corner. You can also browse the forum viewing your username in all pages, that is what i want to do with my hotspot

SurferTim · Thu Jan 13, 2011 5:27 pm

No php on the hotspot web server. It must be an external php web server.

begreat · Thu Jan 13, 2011 5:35 pm

No php on the hotspot web server. It must be an external php web server.

The html file will POST the variables like this:

<html>
<head><title>...</title></head>
<body>
$(if chap-id)
<noscript>
<center><b>JavaScript required. Enable JavaScript to continue.</b></center>
</noscript>
$(endif)
<center>If you are not redirected in a few seconds, click 'continue' below<br>
<form name="redirect" action="http://xx.xx.xx.xx/logintest.php" method="post">
<input type="hidden" name="mac" value="$(mac)">
<input type="hidden" name="ip" value="$(ip)">
<input type="hidden" name="username" value="$(username)">
<input type="hidden" name="link-login" value="$(link-login)">
<input type="hidden" name="link-orig" value="$(link-orig)">
<input type="hidden" name="error" value="$(error)">
<input type="hidden" name="chap-id" value="$(chap-id)">
<input type="hidden" name="chap-challenge" value="$(chap-challenge)">
<input type="hidden" name="link-login-only" value="$(link-login-only)">
<input type="hidden" name="link-orig-esc" value="$(link-orig-esc)">
<input type="hidden" name="mac-esc" value="$(mac-esc)">
<input type="submit" value="continue">
</form>
<script language="JavaScript">
<!--
   document.redirect.submit();
//-->
</script></center>
</body>
</html>

Then it will go to the login.php wich has this inside:

<?php
	$mac=$_POST['mac'];
	$ip=$_POST['ip'];
	$username=$_POST['username'];
	$linklogin=$_POST['link-login'];
	$linkorig=$_POST['link-orig'];
	$error=$_POST['error'];
?>
<html>
<body>
<h2>Logintest.php Test</h2>
Mac: <?php echo $mac ?><br>
IP: <?php echo $ip ?><br>
Username: <?php echo $username ?><br>
Link-login: <?php echo $linklogin ?><br>
Link-orig: <?php echo $linkorig ?><br>
Error: <?php echo $error ?><br>
</body>
</html>

So far so good, but imagine i want to go from there to advertise.php, will the variables be filled like for login.php?

begreat · Thu Jan 13, 2011 5:37 pm

To add my external php server to Walled Garde IP will this work:

/ip hotspot walled-garden ip
add action=accept disabled=no dst-host=www.picomatica.info/

Assuming the hotspot files will be here: http://www.picomatica.info/hotspot

This way it will add dynamic firewall and NAT rules, is that correct?

SurferTim · Thu Jan 13, 2011 5:48 pm

I would enter that URL in "/ip hotspot walled-garden", but if you do that, it will work.

begreat · Thu Jan 13, 2011 5:54 pm

It currently is in Walled-Garden, before i login to the hotspot i can access to http://www.picomatica.info/.

That is how my live support chat system works, but i have followed your tutorial: http://wiki.mikrotik.com/wiki/HotSpot_e ... login_page

And got nothing, it fails to load the hotspot, normaly the address is http://picomatica.hotspot.dom/login?dst ... ogle.pt%2F

after those changes it automaticly "opens" http://www.google.pt/ (without success of course, an error is shown)

SurferTim · Thu Jan 13, 2011 6:01 pm

The login link should be inserted by the php server into the login.php code in the example. I don't use a dns-name entry in the hotspot profile, so mine shows the login ip.

Bear in mind, the dns-name must be a valid URL format. I hear Windows has a bad time with malformed URLs in that entry.

begreat · Thu Jan 13, 2011 6:04 pm

i have tried my php server IP also intead of http://www.picomatica.info/logintest.php i have tried http://192.168.11.1/logintest.php but the same thing happens.

SurferTim · Thu Jan 13, 2011 6:06 pm

If it is not displaying the logintest.php page, then the reason is probably in the php server. Did you change the logintest.php document permissions to "execute by all" in the php server?

begreat · Thu Jan 13, 2011 6:08 pm

Ok, done some more testing and if i open the browser (on the hotspot test client) it doesn't automatically redirects me to the http://www.picomatica.info/logintest.php
but if i manually enter http://picomatica.hotspot.dom/login it will redirect me and the values will appear...

A bit strange but i am looking for a solution for that.

begreat · Thu Jan 13, 2011 6:18 pm

I think i found the problem, i thought that it would be enough to have the login.html onle inside the hotspot folder, but it seems that i was wrong

I have to have all the files in there and have the login.html do the redirect...

SurferTim · Thu Jan 13, 2011 6:20 pm

That is correct. You must move all pictures, md5.js, and any other files required (like css stylesheet pages) to the external php server. All local references in the login webpage count on it.

begreat · Thu Jan 13, 2011 6:23 pm

Yes and also have the redirect.html inside the hotspot folder of mikrotik, that is something that is not mentioned on the tutorial : http://wiki.mikrotik.com/wiki/HotSpot_e ... login_page

SurferTim · Thu Jan 13, 2011 6:32 pm

Only the login.html page is redirected. I should have been a little clearer on that. Only the login.php page and any files used in it, like pictures, etc. All other pages should be in the router's "/hotspot" folder, and will be called by the hotspot if needed, like alogin.html, status.html, etc.

begreat · Thu Jan 13, 2011 6:45 pm

In that case what excatly will the external PHP do ? If all the files are in the hotspot folder inside mikrotik i will have no control over the login and all that

That way i will have the same problem but on a different location

begreat · Thu Jan 13, 2011 7:04 pm

On the external login.php, i am getting a login error:

Invalid username or password

And i have the md5.js in the correct path, otherwise the error would be:

web browser did not send challenge response (try again, enable JavaScript)

begreat · Thu Jan 13, 2011 7:30 pm

I am that close to get this to work, i just need to figure out why is it that i can't login from the login.php, why am i getting this "invalid username or password" error, any ideas?

begreat · Thu Jan 13, 2011 9:48 pm

The $(chap-id) is returnig "\\000" instead of "\000" and the same for $(chap-challenge).

Both are geting a duplicated "\"

begreat · Thu Jan 13, 2011 11:02 pm

Ok a friend of mine found the solution for this problem and i am now able to login from the login.php.

He used a function to remove one of the "\":

function clear($code) { return str_replace('\\\\', '\\', $code); }

And then filtered the variables like this:

$chapid=clear($_POST['chap-id']);
$chapchallenge=clear($_POST['chap-challenge']);

Hope it helps...

SurferTim · Fri Jan 14, 2011 1:06 pm

I don't know where you are talking about double backslashes. This is your post with both the $(chap-id) and $(chap-challenge) values , and neither has a double backslash.

document.sendin.password.value = hexMD5('\075' + document.login.password.value + '\143\273\017\226\171\317\337\325\301\362\230\110\174\130\360\321');

Are the extra backslashes added when the form on login.html is sent to the login.php page?

ADD: I just checked the code on two versions of php (I have multiple servers), and neither version adds an additional backslash.

begreat · Fri Jan 14, 2011 5:57 pm

Are the extra backslashes added when the form on login.html is sent to the login.php page?.

Exactly, it creates a duplicated backslash at the login.php

SurferTim · Fri Jan 14, 2011 6:31 pm

I cannot reproduce that error. Can you please post the login.html code you are currently using to redirect to the external server? I will use it too.

begreat · Fri Jan 14, 2011 6:52 pm

Here you go:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt" lang="pt">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Picom&aacute;tica Wireless - A sua liga&ccedil;&atilde;o ao mundo - Bem Vindo(a)</title>
</head>

<body>
$(if chap-id)
<noscript>
<center><b>É necessário o JavaScript. Active-o para continuar.</b></center>
</noscript>
$(endif)
<center>Hotspot em fase de teste, pedimos desculpa pelo incomodo.<br />Se nada acontecer nos próximos segundos clique em "continuar"<br />
<form name="redirect" action="http://www.picomatica.info/hotspot/login.php" method="post">
<input type="hidden" name="mac" value="$(mac)">
<input type="hidden" name="ip" value="$(ip)">
<input type="hidden" name="username" value="$(username)">
<input type="hidden" name="link-login" value="$(link-login)">
<input type="hidden" name="link-orig" value="$(link-orig)">
<input type="hidden" name="error" value="$(error)">
<input type="hidden" name="chap-id" value="$(chap-id)">
<input type="hidden" name="chap-challenge" value="$(chap-challenge)">
<input type="hidden" name="link-login-only" value="$(link-login-only)">
<input type="hidden" name="link-orig-esc" value="$(link-orig-esc)">
<input type="hidden" name="mac-esc" value="$(mac-esc)">
<input type="submit" value="Continuar">
</form>
<script language="JavaScript">
<!--
   document.redirect.submit();
//-->
</script></center>
</body>
</html>

SurferTim · Fri Jan 14, 2011 7:11 pm

I still cannot duplicate your error. I used this new section of code in login.html, and it shows one backslash. After the </form> tag, I used this to view the values:

</form>
<br>
id: $(chap-id)<br>
challenge: $(chap-challenge)<br>
<script language="JavaScript">
<!--
   setTimeout("document.redirect.submit();",5000);
//-->
</script></center>

It displays the chap-id and chap-challenge, then waits 5 seconds before submitting the form so you can see if the values have double backslashes or not. And check if only the first backslash is doubled, or are all of them double?

I would really like to figure out why it isn't working with your setup so I can modify my wiki article.

begreat · Fri Jan 14, 2011 9:06 pm

I have tested that before, it only duplicates the backslash once it gets to the login.php, and yes it duplicates all the backslashes, $(chap-id) and $(chap-challenge) like this:

CHAP id: \\023
CHAP challenge: \\105\\353\\246\\107\\246\\075\\233\\321\\257\\155\\177\\237\\243\\205\\062\\111

SurferTim · Fri Jan 14, 2011 9:39 pm

I think I found the challenge. Check your /etc/php.ini file for this entry
magic_quotes_gpc=on
It should be
magic_quotes_gpc=off
All my magic_quotes_xxx in that file are set to off.

begreat · Fri Jan 14, 2011 9:42 pm

I can do that, but you should mention that in your Wiki as this installation is unmodified, so the default value is magic_quotes_gpc=on, other users may bump in the same problem...

SurferTim · Fri Jan 14, 2011 9:48 pm

According to the sources I found on the internet, that will not be the case in PHP6. The magic_quotes_xxx will be deprecated. It apparently has caused some real challenges. It was originally used to protect SQL databases from sending commands that may corrupt or allow access to the database. PHP users now recommend you use the individual database protection code rather than this.

I will mention this in the wiki article. Thanks!

begreat · Fri Jan 14, 2011 9:52 pm

Changing that will generate error's in my Joomla installation, and it is a bit unsafe against sql injection, i will have to keep the original configuration and use the function my friend suggested...

For now everything is working fine, i am going to use PHP sessionid to store the users variables, so that users can browse between pages and still be able to login from any of them...

I will post some news after that is complete.

Best regards

ADD:

You have posted some info before i could finish my message.

You should consider what i wrote above about joomla for example. Other users may use joomla as well and then star having problems with it...

Thank you for all your help, and for the great Wiki. Best regards.

SurferTim · Fri Jan 14, 2011 9:59 pm

I use MySQL with php, and php has very good sql injection protection routines if you know how to use them, and use them.

The wiki has been changed. I may add your code to the wiki for those that use JoomLa and require the injection protection.

begreat · Fri Jan 14, 2011 10:01 pm

I just think that you should give users the option, let them decide how they want to do it, then if something goes wrong it's their responsibility.

SurferTim · Fri Jan 14, 2011 10:11 pm

I like your thinking.

It is done. Check the wiki article and see if I missed anything.

begreat · Fri Jan 14, 2011 10:23 pm

That's it, it's perfect that way...

I will post some news after i finish the migration of the hotspot system from the mikrotik's HTML to my own PHP web server.

Thank you for your help, best regards.

SurferTim · Sat Jan 15, 2011 2:39 pm

I think I may have found a way to have more than one login page. I tried this today and it worked ok. In login.html:

$(if link-orig == http://www.google.com/)
<form name="redirect" action="http://xx.xx.xx.xx/google.php" method="post">
$(else)
<form name="redirect" action="http://xx.xx.xx.xx/login.php" method="post">
$(endif)

This redirects the login page depending on the original URL request. In this example, if I tried to go to google, I was redirected to the Google login page (google.php), otherwise it redirects to the default login page (login.php). The website should NOT be in your walled garden. It must redirect through login.html to get the correct chapid and chapchallenge.

Would that help you?

begreat · Sat Jan 15, 2011 3:05 pm

It could work, but i rather use the php to do all that then use the html

I have the login form in every pages (except the ones that are availiable after login), that way i need to have the mikrotik hotspot variables always present, witch in html would mean post them all the time the user changes page, doing it that way would be a lot harder.

What i have done right now is, redirected the user using your Wiki, witch post's all the variables, but instead of receiving the variables like in your Wiki, i have made some changes, instead of this:

<?php
   $mac=$_POST['mac'];
   $ip=$_POST['ip'];
   $username=$_POST['username'];
   $linklogin=$_POST['link-login'];
   $linkorig=$_POST['link-orig'];
   $error=$_POST['error'];
   $chapid=$_POST['chap-id'];
   $chapchallenge=$_POST['chap-challenge'];
   $linkloginonly=$_POST['link-login-only'];
   $linkorigesc=$_POST['link-orig-esc'];
   $macesc=$_POST['mac-esc'];
?>

I have this:

<?php
	session_start();
	$ipcheck					=$_SERVER['REMOTE_ADDR'];
	$ipinicio					= "192.168.11.1";
	$ipfim						= "192.168.12.254";
	$verificarorigem			=$_POST['link-login-only'];
	$loginurl					='http://hotspot.picomatica.dom/login';
	if ($verificarorigem == 'http://hotspot.picomatica.dom/login') {
	function limpa($code) { return str_replace('\\\\', '\\', $code); };
	$_SESSION['mac']			=$_POST['mac'];
	$_SESSION['ip']				=$_POST['ip'];
	$_SESSION['username']		=$_POST['username'];
	$_SESSION['linklogin']		=$_POST['link-login'];
	$_SESSION['linkorig']		=$_POST['link-orig'];
	$_SESSION['error']			=$_POST['error'];
	$_SESSION['chapid'] 		=limpa($_POST['chap-id']);
	$_SESSION['chapchallenge']	=limpa($_POST['chap-challenge']);
	$_SESSION['linkorigesc']	=$_POST['link-orig-esc'];
	$_SESSION['macesc']			=$_POST['mac-esc'];
	}
	else { }
?>

This way i have it now working as i .
I am now tweaking the php code for hotspot pages. For example i have added IP range filters, right now only someone inside my hotspot interface can see the contents of these url's:

http://picomatica.info/hotspot/
http://picomatica.info/hotspot/en/

begreat · Mon Jan 17, 2011 12:41 pm

All the pages are working fine, but now i'm going to try something even better.

I'm going to try to integrate the mikrotik code to the radius manager code, so that the users can use Radius Manager to manage their accounts and login to mikrotik as well.

I will keep you guys posted, best regards.

SurferTim · Mon Jan 17, 2011 12:58 pm

I use FreeRADIUS, and that is how my customers create and manage their own accounts. PHP works well with MySQL databases. I hear RadiusManager is based on FreeRADIUS, so you should have little problems, except for the double slashes from magic_quotes_gpc. The MySQL database for FreeRADIUS is called "radius". Gee, how creative!

begreat · Mon Jan 17, 2011 1:21 pm

I don't know about their bases, what i have found out is that every PHP file of Radius Manager is encrypted by IonCube, i can change the html TPL files, let's see what i can do...

It's a lot of work for a free hotspot but it has to be done

begreat · Tue Jan 18, 2011 11:48 pm

Ok, i have a question that may sound a bit crazy...

Can i integrate the mikrotik login form in the user.php of the radius manager, in order that when a user log's in, the form is sent to 2 places at the same time?
That way he get's authenticated on the hotspot and on the radius manager system at the same time?

fewi · Tue Jan 18, 2011 11:51 pm

In order for a user to be logged into the Hotspot you HAVE to submit the credentials to http(s)://router_name_or_ip/login?username=username&password=password.

You can use various tricks on the RADIUS server web interface to submit those credentials depending on what you can do on that system (like editing the login action there to spawn a popup to that URL, or to redirect the user there via JavaScript or meta refreshes) - but that's outside of RouterOS entirely.

begreat · Wed Jan 19, 2011 12:10 am

@fewi - Do you and SurferTim live here?

I am already outsite the RouterOS, i have the login system working perfectly. But the user has to login to everything separately.

Right now the user can login to the hotspot using http://www.picomatica.info/hotspot2/login.php (not accessible to external IP's only range: 192.168.12.1 - 192.168.12.254)

One login form in one file (login.php) to the Mikrotik Hotspot login, and another form in another file (user.php) for the RadiusManager user account login...

The RadiusManager is in http://www.picomatica.info/hotspot/

So what i want is to use the http://www.picomatica.info/hotspot/user.php to allow the user to login on the RadiusManager system (which allows the user to change account password, account details...) but at the same time when the from is sent have it also sent to mikrotik, so that the user can browse the internet...

begreat · Wed Jan 19, 2011 12:35 am

Perhaps i should start a new topic for this issue...

ADD: I have created a new topic for the last issue http://forum.mikrotik.com/viewtopic.php?f=2&t=48410

Who is online