Another approach here …
TASK:
Operator requirement was to have a facility via which he can renew user account by simply sending sms to the radius system with user account name + admin password and above all only his mobile number should be authorized for this action. So basically two levels of securities are required. One is admin password, second is sender CLI , something like mac address, and this is really strong because spoofing mobile numbers is not easily possible.
This method was also required because sometimes admin is out of station and opening billing page in mobile is not an easy task dueto to complex billing pages, navigation lot of pages in order to simple renew user account, and it requires good internet connectivity as well too. What if internet facility is not available in remote part, then SMS comes really handy to perform few or basic level of task.
This post is one of my ‘Sharing Ideas’ series which are practically implementable very easily and i have done it at few networks too. I know there are always many ways to achieve the same task. I just picked the easiest one. This code can be trimmed as it contains junks as it was made quickly in the lab. You can achieve the same task with some PHP code decently but that’s not my area
SOLUTION: A simple Script !
The following bash script will do the following.
- Upon receiving of SMS , it will first verify the SENDER SMS , if not found in /temp/adminmobile.txt , then it will return error and exit, otherwise continue to next step
- It will check for the Valid admin password , if not matched with /temp/password.txt, then it will return error and exit, otherwise continue to next step
- It will then check for valid user in radius mysql users table, if not found then it will exit, otherwise continue to next step
- If all conditions matches, it will simply renew the account by adding 31 days to the account and add entries in SYSLOG events, and it will also add full invoice in the ADMIN account. It will also return the FULL reply with the actions taken to the sender.
TIP: As you can see I have used simple text file to store the admin mobile number and simple password, but its recommended to use mysql table to store the said info for better reasons.
playSMS Section:
- Login to PlaySMS
- Goto Features / Manage Command / Add Sms Command
- Create Command as showed in the image.
Pay attention to the SMSSENDER. by default playsms will add comma in between commandparm and smssender, so we will use SED to separate them : ).
SAVE the Command.
Now moving to script section
SCRIPT SECTION
Create script with any name (as mentioned in the playSMS section) and paste the date.
Just make sure you change user info like mysql id / password / text file names and location for admin mobile and admin password.
- mkdir /temp
- touch /temp/adminmobile.txt
- touch /temp/password.txt
[Now add the password and mobile number of Admin. mobile number must be in following format 923333021909]
Now create the script in /var/lib/playsms/sms_commands/1
- touch /var/lib/playsms/sms_commands/1/adrenew.sh
- chmod +x /var/lib/playsms/sms_commands/1/adrenew.sh
- nano touch /var/lib/playsms/sms_commands/1/adrenew.sh
[paste the following data and modify it as required]
# Script to renew account via sms with password and admin mobile CLI security
# Designed by Syed Jahanzaib for Test Purposes for a network
# 25th September, 2015
# aacable at hotmail dot com
# https://aacable.wordpress.com
# Script Starts Now
#!/bin/bash
SQLUSER="root"
SQLPASS="YOUR_SQL_PASSWORD"
echo $1 | sed 's/[+]/ /g' > /tmp/adminrenew
# Password file for storing Admin Password, better to use mysql query to fetch the password
PASS=`cat /tmp/adminrenew | awk {' print $1 '}`
USR=`cat /tmp/adminrenew | awk {' print $2 '}`
# File to store Admin Mobiel Number to match with the sender number
SENDER=`cat /tmp/adminrenew | awk {' print $3 '}`
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+31 days")
# LOOK FOR AUTHORIZED MOBILE NUMBER AND MATCH IT WITH LOCAL FILE
ADMINMOBILE=`cat /temp/adminmobile.txt`
if [ "$SENDER" != "$ADMINMOBILE" ]; then
echo -e "ERROR: You number is not authorized to send SMS to this sytem! Jz"
exit 0
fi
# LOOK FOR VALID PASSWORD IN LOCALFILE
PASSVALID=`cat /temp/password.txt`
if [ "$PASS" != "$PASSVALID" ]; then
echo -e "ERROR: Incorrect Admin Password!"
exit 0
fi
#LOOK FOR VALID USER IN RADIUS
USRVALID=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvid FROM radius.rm_users WHERE rm_users.username = '$USR';"`
if [ "$USRVALID" == "" ]; then
echo -e "ERROR: USER NOT FOUND!"
exit 0
fi
######################
# ACCOUNT EXPIRY CHECK
######################
TODAY=$(date +"%Y-%m-%d")
TODAYDIGIT=`echo $TODAY | sed -e 's/-//g'`
MONTH=$(date +"-%m")
CMONTH=`echo $MONTH | sed -e 's/-//g'`
MONTHYEAR=$(date +"%B-%Y")
ALPHAMONTHYEAR=`echo $MONTHYEAR #| sed -e 's/-//g'`
SRVEXPIRYFULL=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
SRVEXPIRYFULLD=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk '{print $1}' | sed 's/expiration//'`
SRVEXPIRY=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2' | sed -e 's/-//g' | sed 's/00:.*//'`
LOGOFFDATE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT lastlogoff FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2 {print $1,$2}'`
SRVID=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvid FROM radius.rm_users WHERE rm_users.username = '$USR';" |awk 'FNR == 2 {print $1}'`
SRVPRICE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT unitprice FROM radius.rm_services WHERE rm_services.srvid = $SRVID;" |awk 'FNR == 2 {print $1}' | cut -f1 -d"."`
#LOOK FOR USER ACTUAL SERVICE NAME
PKGNAME=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvname FROM radius.rm_services WHERE rm_services.srvid = '$SRVID';" |awk 'FNR == 2'`
# Look for Pakacge Quota trafficunitcomb
#PKGQUOTA=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT trafficunitcomb FROM rm_services WHERE srvid= '$SRVID';" |awk 'FNR == 2'`
#PKGQUOTAB=$(($PKGQUOTA / 1024))
########### ACCOUNT STATUS EXPIRED TODAY ACTION ############
if [ $SRVEXPIRY -eq $TODAYDIGIT ]
then
echo "Account Status: EXPIRED TODAY! Last LOGOUT date: $LOGOFFDATE"
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+31 days")
# PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo User Account = $USR
echo User Package = $PKGNAME
echo Service Price at Billing = $SRVPRICE PKR
echo -e "Next Expiry = $NEXTEXPIRYADD"
# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), '$SENDER', 'galaxy', 'Account Renewed', '$USR', '$USR renewd - $PKGNAME');"
# Add rough DATA in INVOICE for billing purpose
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit, days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum, address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark, balance, gwtransid, phone, mobile, vatpercent ) VALUES ('admin-$SENDER', '$USR', NOW(), '0', '0', '0', '0', '0', '0', '0', '0', '31', '$NEXTEXPIRYADD', '0', '0', '0', '0', '1', '$PKGNAME', '', '$TODAY', '1', '$TODAY', '', '', '', '', '', 'admin SMS renewed ', '', DATE_ADD(CURDATE(), INTERVAL '14' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '0.00', '', '', '03333021909', '0.00' );"
########### ACCOUNT STATUS EXPIRED IN PAST ACTION ############
elif [ $SRVEXPIRY -lt $TODAYDIGIT ]
then
echo "Account Status: EXPIRED on $SRVEXPIRYFULL! Last LOGOUT date: $LOGOFFDATE"
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+31 days")
# PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo User Account = $USR
echo User Package = $PKGNAME PKR
echo Service Price at Billing = $SRVPRICE PKR
echo -e "Next Expiry = $NEXTEXPIRYADD"
# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), '$SENDER', 'galaxy', '$USR', '$USR renewd - $PKGNAME');"
# Add rough DATA in INVOICE for billing purpose
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit, days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum, address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark, balance, gwtransid, phone, mobile, vatpercent ) VALUES ('admin-$SENDER', '$USR', NOW(), '0', '0', '0', '0', '0', '0', '0', '0', '31', '$NEXTEXPIRYADD', '0', '0', '0', '0', '1', '$PKGNAME', '', '$TODAY', '1', '$TODAY', '', '', '', '', '', 'admin SMS renewed ', '', DATE_ADD(CURDATE(), INTERVAL '14' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '0.00', '', '', '03333021909', '0.00' );"
# Update QUOTA for the USER
#mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET comblimit = '$PKGQUOTAB' WHERE username = '$USR';"
else
########### ACCOUNT STATUS OK! ACTION ############
echo -e "User Billing Info:"
echo "Account STATUS= OK!"
NEXTEXPIRYADD=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; select DATE_ADD(expiration, INTERVAL 31 DAY) as x from rm_users where username= '$USR';" |awk 'FNR == 2'`
# PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo User Account = $USR
echo User Package = $PKGNAME PKR
echo Service Price at Billing = $SRVPRICE PKR
echo -e "Next Expiry = $NEXTEXPIRYADD"
NEXTEXPIRYADD=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; select DATE_ADD(expiration, INTERVAL 31 DAY) as x from rm_users where username= '$USR';" |awk 'FNR == 2'`
# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD COMMENTS
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET comment = 'Last renewed by SMS $SENDER' WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), '$SENDER', 'galaxy', 'Account Renewed', '$USR renewd - $PKGNAME');"
# Add rough DATA in INVOICE for billing purpose
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit, days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum, address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark, balance, gwtransid, phone, mobile, vatpercent ) VALUES ('admin-$SENDER', '$USR', NOW(), '0', '0', '0', '0', '0', '0', '0', '0', '31', '$NEXTEXPIRYADD', '0', '0', '0', '0', '1', '$PKGNAME', '', '$TODAY', '1', '$TODAY', '', '', '', '', '', 'admin SMS renewed ', '', DATE_ADD(CURDATE(), INTERVAL '14' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '0.00', '', '', '03333021909', '0.00' );"
fi
# Script ENDs here
# Thankoooo . zaib
TEST AND RESULTS
Now send sms in following format to the radius/playSMS attached system.
adrenew YOURPASS USERNAME
and you will receive reply accordingly as showed in the image below …
:)~~
Regard’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 