I'm starting a small WISP and have chosen RouterOS hotspot as my gateway/user management. I was looking for any free/simple ways to accept credit cards and automatically create accounts on the MikroTik.
I've come up with a solution that some of you may be interested in.
If this has already been done, let me know!!!

What is is:
Quick web based interface to MikroTik RouterOS

Requirements:
Windows 2000 or better
A paypal account
Apache webserver and PHP, both free

What it does:
---Account Creation Module---
Allows user to select one of three account types (24 hours pass, 1 or 2 hours, 1 month)
Passes appropriate price and product information to PayPal
Once the user pays at PayPal (they don't need a paypal account) they are redirected to a page where they can create a new account or add credit to their old one.
Automatically creates/updates the user account
Allows user to check status and time remaining on their account

---User Management Module---
Quick and easy listing, creating, modifying, removing, of users.

Bonus:
Very easy to setup, one or two hours
No RADIUS server needed
No dedicated box required runs on any machine
No merchant gateway account necessary

The Bad:
Very ugly UI right now
Poorly written PHPSL (PHP as a second language)
Based on telnet (problem with PHP SSH module, hopefully fixed soon)
Probably buggy and insecure

Has this already been done? Is there interest in something like this? I wrote it to fit my need of running an automated hotspot without forking over alot of cash or spending time learning the free linux solutions.

I would be interested in hearing more about this. Please e-mail me at mikrotik@rikerconsulting.com. Thank you.

~ Jason M. Weber

I would as well, tonycaban@caban.org.uk

I think anyone running a hotspot would be very interested, we've been looking for a solution for some time now.

jay@netsurfusa.net

me to....please mail me prowebmasterku@yahoo.co.id
dont forget

Me to please - onlysunnys@hotmail.com

Oh pleeeezee, count me in! email: klemen.verdnik@gmail.com

I just want to know how you managed to get to the hotspot users database with PHP?

Mail me too pls kalin7 at gmail dot com

But when are you sending? We are waiting

I would suggest that you post this on the How to - sticky. so it can be consolidated with the other how-to's.

More power!

Robert S.

Me also?

bowtieguy at gmail dot com

Apologies that I haven't contacted any of you yet. I just got a bunch of equipment in and I've had a whole lot of sleepless nights. As soon as I can get some basic documentation together I'll post/send the info. Glad to see there is a market for this. Anyway, until I can get some stuff together a good starting place is installing Apache 2 for windows (http://httpd.apache.org/download.cgi), PHP 5 (http://www.php.net/downloads.php) and then looking at the PHP scripts for telnet (http://www.geckotribe.com/php-telnet/) and Paypal integration (http://www.micahcarrick.com/v2/content/view/1/3/).

My function for adding the user then looks like this:

function AddUser($name, $pass, $profile, $comment, $uptime, $bi, $bo, $disabled) {
$comment="\"".$comment."\"";
$pass="\"".$pass."\"";
$command_temp="ip hotspot user add name=".$name." password=".$pass." profile=".$profile;
$command_temp=$command_temp." limit-uptime=".$uptime." limit-bytes-in=".$bi." limit-bytes-out=".$bo." comment=".$comment;
$command_temp=$command_temp." disabled=".$disabled;
return $command_temp;
}

You would use a web form to gather the info, this function aggregates in to the proper RouterOS command, and then then returned for it to be passed on to the telnet program and executed.

So has anyone got it to work correctly yet and care to share the wisdom?

Still clueless

Robert S.

Still clueless and hoping for more info/results

Apologies that I haven't contacted any of you yet. I just got a bunch of equipment in and I've had a whole lot of sleepless nights. As soon as I can get some basic documentation together I'll post/send the info. Glad to see there is a market for this. Anyway, until I can get some stuff together a good starting place is installing Apache 2 for windows (http://httpd.apache.org/download.cgi), PHP 5 (http://www.php.net/downloads.php) and then looking at the PHP scripts for telnet (http://www.geckotribe.com/php-telnet/) and Paypal integration (http://www.micahcarrick.com/v2/content/view/1/3/).

My function for adding the user then looks like this:

function AddUser($name, $pass, $profile, $comment, $uptime, $bi, $bo, $disabled) {
$comment="\"".$comment."\"";
$pass="\"".$pass."\"";
$command_temp="ip hotspot user add name=".$name." password=".$pass." profile=".$profile;
$command_temp=$command_temp." limit-uptime=".$uptime." limit-bytes-in=".$bi." limit-bytes-out=".$bo." comment=".$comment;
$command_temp=$command_temp." disabled=".$disabled;
return $command_temp;
}

You would use a web form to gather the info, this function aggregates in to the proper RouterOS command, and then then returned for it to be passed on to the telnet program and executed.

Basically you setup a HTTP server like he recommended, create a webform so the user can enter information such as: name, billing address, rate plans, etc. Use the above script to take the entered data in the webform and create the user in the mikrotik's hotspot server by generating the RouterOS syntax and entering it via telnet.. He also provided a link to integrate paypal to accept payments.

I think it would be easier, scalable, and more secure if you used an external RADIUS server and designed the webform around RADIUS and then set the mikrotik up to get authentication from the RADIUS server.

One security issue I notice right away is telnet being used to enter in client data, because it sends authentication, as well as all other data in plain text.

RADIUS has secure authentication protocols, and really doesn't require much to run... just RAM and some harddrive space..

The thing is you still need an externel box to run the webserver... If you got that then why not just use RADIUS?

Not trying to slam your efforts, just trying to offer some constructive critisism and think of the cost savings/benefits of the suggested system.

The real value would be creating the web interface and RAIDUS server for "out of the box" mikrotik integration.

re: Telnet...I don't recall if I mentioned in the original write up, but the SSH implementation in the current PHP package for windows is broken.
In my environment the server was directly connected to the MikroTik so there was no threat of someone sniffing the traffic.

My original goal was to provide a free billing and user management hotspot solution on windows. There's stuff out there for Linux but it can be complicated and everyone already has a windows box sitting around that can do double duty. There are no good free RADIUS servers for Windows and the "cheap" ones start at $600. To do what you describe requires the RADIUS server to work with an SQL database. None of the free RADIUS servers for windows support SQL databases. It is possible to manipulate a flat text file, storing non-radius attributes as comments in the file, etc... however, FreeRadius for windows only reads the user file on startup. The Multitech free RADIUS server will reread the user file every minute, but it does not support some of the MikroTik custom attributes.

I got pretty far in to the telnet interface before leaving it to work on a solution with text based RADIUS user files. When I quit, the user could sign himself up and pay with CC and also credit time to an existing account. It would check to see the user account didn't already exist, etc... The main problem is that it was slow because each time a telnet command was issued the program would have to pause to ensure it had recieved the response before continuing. This made each executed command take at least a second. It may not seem like much, but some of the operations required multiple commands to be run.

Wireless Orbit is getting ready to rollout a new version of their hotspot management service that will support Mikrotik. They charge a very reasonable ~$40/month per AP. Some seem to be wary of a remotely hosted authentication solution but I've been testing it over a bad satellite link and it is working fine. They provide far more redundancy than I ever could. Unfortunately, this will noit come out until the end of November and I need to find something in the Interim. I'm planning to use the homegrown telnet solution until that time.

If I ever do come up with something complete and documented enough to share, I will be sure to post it here.

Hi Bokad

We are starting a small WISP here to and planning to setup several "Local Hotspots" with RouterOS and linked up with backbone links exclusively via wireless, I would be highly interested in what you are doing too because we were planning to give the billing and authentication to a third party company.But it would be good if we can do it in house.My background here is mainly R&d in antennas for 0 to 30dbi and been doing antenna designs for several years now. Ive setup serveral APs with backbone links covering approxmatly 80sq km and 100% of our antennas are made here, from parabolics to omini for 2.4ghz to 5.8 peer to peer and APs


Cheers!!!

Bokad, I would highly suggest just posting what you have so far under GNU or something, then everyone can contribute to the project. You could probably even get it set up under a SourceForge project.

I understand everything else but the hangup I have is a lack of understanding quite how to work with PayPal. Even spending time on Micah Carrick's site I'm just not "getting" that part.

~ Jason

Has anyone tried this RadiusManager Software? The only thing I could not get from the website if how they integrate the billing stuff. Also, a time limiting option would help. I have sent a query to them...havnt received a reply yet.
Waiting...will post asap.

http://www.dmasoftlab.com/index.php?cont=radman

Dont bother with the link above....

Here's the reply:

Hello!

Radius Manager doesn't handles credit cards. It is normally used for
ISP's which Mikrotik Access Points. Ask us for more questions if something
is not clear enough.

Regards,
Viktor K.