can someone try to tell me the difficulty level of this kind of wifi captive portal setup.
im knowledgeable in networking, not much in php/mysql but enough skills to setup my own webserver. and a 4/10 knowledge in radius.
here's the scenario
1) a user will be directed in a captive portal page upon connecting in guest_ssid
2) a registration page will appear and the user will input a couple of fields (e.g email, name, etc.).
3) after submitting it will allow access to the network (valid only for 3hours with 512Kb bandwidth)
i understand that i needed the ff:
radius for (accounting and bandwidth limitting)
apache for webserver
mysql for user storage
pfsense for the redirection to the portal / wall garden
1) and so, i followed a guide in which i managed to install freeradius with mysql and apache.
i have a table called radius with these tables
Tables in radius
radacct
radcheck
radgroupcheck
radgroupreply
radpostauth
radreply
radusergroup
as i understand in the document, i should place my accounts inside radcheck table.
+----+----------+----------------+----+-------+
| id | username | attribute | op | value |
+----+----------+----------------+----+-------+
| 1 | john | Cleartext-Pass | := | 12345 |
+----+----------+----------------+----+-------+
2) then inside my /var/www/html are login.php login_success.php check_login.php
Check_login.php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="radius"; // Database name
$tbl_name="radcheck"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$Cleartext-Pass")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
!! all php codes here are working using my other database; which consisted only a table and user and password fields !!
i guess my question is, how do i make my php login work on a freeradius that is using mysql as a user storage? - not even sure if i placed the syntax/values correctly in my php
and how do i implement session limit (3hours) and bandwidth limiting in freeradius?
Related
I have this issue my previous post had lot of visits from facebook and they started to add query string to their outbound urls (eg. ?fbclid=IwAR26j_D60TXYnGASbu27ABBdZduNInguL4mp_nK7eqxm6UklZEpWt8jkZM4) so in my stats each visit from Facebook is unique url (some of them have more then one visit so maybe they are shares). I've added redirect for future visitors:
RewriteCond %{QUERY_STRING} fbclid=.+
RewriteRule (.*) /$1?fbclid= [R=302,L]
but I also want to change the urls in Piwik database (only one last post), but I have trouble to find where urls are saved, I've visited the post from incognito mode (because I have cookie set to not track my visits) so I have one url without value.
Piwik have support, but it's for pay subscription for businesses (I have free version), they also have GitHub issues but those are for bugs, so I don't know where to ask this besides StackOverflow.
What I've tried this:
mysql> select * from piwik_log_action where name = 'jcubic.pl/2018/10/pytania-rekrutacyjne-css.html?fbclid='
# this is post after redirect
+----------+----------------------------------------------------------+------------+------+------------+
| idaction | name | hash | type | url_prefix |
+----------+----------------------------------------------------------+------------+------+------------+
| 2246 | jcubic.pl/2018/10/pytania-rekrutacyjne-css.html?fbclid= | 4170874330 | 1 | 2 |
+----------+----------------------------------------------------------+------------+------+------------+
mysql> update piwik_log_link_visit_action
set idaction_url = 2246
where idaction_url in (select idaction
from piwik_log_action
where name like '%pytania-rekrutacyjne-css.html?fbclid=%' and name <> 'jcubic.pl/2018/10/pytania-rekrutacyjne-css.html?fbclid=')
the query was successful adn the adaction_url get updated for all records. But when I've refreshed the Piwki report, I still get pages with fbclid query string with value.
Does anyone have knowledge about Piwik (old version 3.0.0 before it got renamed to matomo) and know how to change the urls in DB?
It seems that my Piwik installation have delete old logs enabled and Piwk is creating Archive based on logs for Report. They are in its own table with data as blob and according to FAQ you should not re-build the archive if you have delete old logs enabled.
But just in case if you don't have this enabled, here are queries I've executed that should update all data and DB and then you can try to re-process Archive from logs as in FAQ.
Here are queries I've executed:
update piwik_log_visit set visit_exit_idaction_url = 2246
where visit_exit_idaction_url in (select idaction
from piwik_log_action
where name like '%pytania-rekrutacyjne-css.html?fbclid=%' and name <> 'jcubic.pl/2018/10/pytania-rekrutacyjne-css.html?fbclid=')
update piwik_log_visit set visit_entry_idaction_url = 2246
where visit_entry_idaction_url in (select idaction
from piwik_log_action
where name like '%pytania-rekrutacyjne-css.html?fbclid=%' and name <> 'jcubic.pl/2018/10/pytania-rekrutacyjne-css.html?fbclid=')
Also in archive.org there are still docs for DB schema
I am in the process of setting up a wordpress website that connects to a relay chatroom with an integrated login system, I have connected the database which is working fine however its not allowing the authentication for the users to happen.
The query that i am running in the configuration is:
"SELECT `user_email` AS `email` FROM `wp_users` WHERE `user_login` = #a# AND `user_pass` = MD5(#p#)"
What i am wanting to do is basically have the query check that the user_login exists and then authenticates with the password.
The error that i am currently receiving is as follows:
COMMAND: username#host.host used IDENTIFY and failed to identify to nonexistent account username
This is totally puzzling me now
WordPress doesn't use MD5. So your query is wrong. You can't do it with MySQL only. But you can do it with PHP.
Here is one simple way to achieve it:
Step 1:
Grab class-phpass.php file from WordPress installation (wp-includes directory) and paste it to the neighbour to your request sender file. And use this piece of code there:
require_once("class-phpass.php");
$wp_hasher = new PasswordHash(8, true);
$password='open_password_to_check_here';
$hashed_password='hashed_password_from_mysql'; //select user_pass from wp_users where user_login=#a#;
$result=$wp_hasher->CheckPassword($password,$hashed_password));
//if result is true, then auth is OK.
Alternatively (and the best way) you can use WP REST API, which contains auth process.
Assume there is client and a server
Client:: Android mobile
Server:: AWS server
Server has mysql database installed in it
Database name:: Person
Tables in person Database:: "sam" and "carl"
Now mobile sends a request...
How to write an SQL query so that if mobile sends request i/p as
"sam" display all the values of sam table
But if the mobile sends an i/p as carl then dipslay all the values
of carl table
[Note]
I have used statement SELECT * FROM TABLE_NAME
What i am trying to achieve is a condition response when a client request comes in
I/p means :: say i get carl as ip .... i want to perform one query else sam as input ... i want to perform another query
what query statement should i need to write ?
hope i am stating my problem correctly
Thanks
First, you have to get the IP address of the Android client in your server code. In PHP (source):
$client_ip = $_SERVER['REMOTE_ADDR']
Or, if you have multiple Apache web servers behind ELB (source):
$http_headers = apache_request_headers();
$client_ip = $http_headers["X-Forwarded-For"];
Now your PHP code can choose which query to run according to the value of $client_ip. If the address is Sam's, run select * from sam, if it is Carl's, run select * from carl. If it's an unknown IP address, then you can respond with an error message.
Anyway, I don't think IP-based identification is a good idea. If Carl or Sam reboots his Android phone, its IP address will change, and the connection will no longer work.
There are problems with your database design, too. For example, if your current Sam and Carl tables contain chat messages, then the following schema would be better:
- User table: ID, Name, IPAddress
- Message table: ID, UserID, SendingTime, Text
For these tables, the query which lists the messages of the current user would look like this:
SELECT User.Name, Message.SendingTime, Message.Text
FROM User, Message
WHERE User.ID = Message.UserID AND User.IPAddress = 'xxx.xxx.xxx.xxx'
Here 'xxx.xxx.xxx.xxx' would be the value of $client_ip.
For this u have to require one more table where you store IP address and their table name and create query like this
Select tableName from IPTable where ip= 'xxx.xxx.xxx.xxx'
and using that table name in your second query
select * from tablename
SELECT `aversio`.`module`.`module` AS `module`
FROM
`projectmodule`
JOIN `module` ON `aversio`.`projectmodule`.`moduleID` = `aversio`.`module`.`moduleID`
JOIN `project` ON `aversio`.`project`.`projectID` = `aversio`.`projectmodule`.`projectID`
WHERE `aversio`.`module`.`actief` = _utf8'1'
AND `aversio`.`projectmodule`.`verwijderd` = _utf8'0'
AND `aversio`.`projectmodule`.`verwijderd` = _utf8'0'
MYSQL Error : There is no 'aversio'#'%' registered
What this error mean
That actually looks like a permissions issue, like you are trying to connect as aversio to a MySQL server instance which is not configured to allow that user from any (%) domain.
The syntax 'aversio'#'%' looks like the format 'username'#'host', and mysql uses % as the catch-all (any) host wildcard.
Make sure that you create the MySQL user named aversio, and give them the correct permissions on your DB.
EDIT:
IIRC, a user of that name may exist, but with a different domain (i.e. the users table is keyed on the combo of user and host. I've seen this kind of thing happen when I move code from a dev server to a staging server and try to connect fro mthe new host, having forgotten to modify the permissions in MySQL.
We recently switched to an RDS instance and noticed that bunch of our database tasks were getting triggered 4 hours earlier than needed. On investigating further, the problem is caused by the default time-zone setting (UTC) on the RDS instance. Since this setting can not be altered, we would like to fix the issue on the code level globally across all our applications using this database instance. I tried to set the time-zone on the db instance I create to 'US/Eastern' by using
set GLOBAL time_zone = 'US/Eastern'" OR
set time_zone = 'US/Eastern'"
But that generates an error "Database error: Unknown or incorrect time zone: 'US/Eastern'"
What do you think I am doing wrong here? Does anyone has used any other solutions ?
Unfortunately it's not possible to set the default_timezone in the RDS DB ParameterGroups so your attempt was the right direction already.
$ rds-describe-db-parameters default | grep "time_zone"
DBPARAMETER default_time_zone engine-default string static false
To set the global value via SET GLOBAL you need to have the SUPER privilege which is not granted to you as a RDS user.
The only way to set the time_zone is on a per-connection basis
mysql> SET time_zone = timezone;
On my machines I've tried US/Eastern successfully but I got a quite old generation running.
To determine the timezones you have available log into your box
mysql -h yourboxhost.rds.amazonaws.com -u <youruser> -p
and type
mysql> SELECT * FROM mysql.time_zone_name;
You should get a list of installed and valid timezone names you can set on your instance
+----------------------------------------+--------------+
| Name | Time_zone_id |
+----------------------------------------+--------------+
| Africa/Abidjan | 1 |
| Africa/Accra | 2 |
| Africa/Addis_Ababa | 3 |
| Africa/Algiers | 4 |
| Africa/Asmara | 5 |
| Africa/Asmera | 6 |
| Africa/Bamako | 7 |
| Africa/Bangui | 8 |
| Africa/Banjul | 9 |
| Africa/Bissau | 10 |
| Africa/Blantyre | 11 |
| Africa/Brazzaville | 12 |
| Africa/Bujumbura | 13 |
| Africa/Cairo | 14 |
etc...
You have to set the time_zone each time you connect to your database server
For example if you use the php Mysqli extension you can do this
$mysqli = mysqli_init();
mysqli_options($mysqli,MYSQLI_INIT_COMMAND,"SET time_zone = 'Africa/Brazzaville'" );
mysqli_real_connect($mysqli,$host, $user, $pass,$dbName) or die ('Unable to connect');
Otherwise just manually ( in terms of let your database connector do it ) execute the SET time_zone = '<YOUR_DESIRED_TIMEZONE>' Query right after you've connected to your database
The time_zone setting of RDS database instances can now be modified: https://aws.amazon.com/de/premiumsupport/knowledge-center/rds-change-time-zone/
I did the following steps, So that I could change the timezone
login to RDS and Create New Parameter Group.
Edit the newly created Parameter Group
Set timezone Ex:Asia/Calcutta and Save Changes
Modify RDS instance, change DB's Parameter Group to newly created parameter group
Save And Reboot RDS instance
tldr;
Create a "shared" schema that all your users have EXECUTE access to, create a SPROC that modifies the session timezone and modify the init_connect MySQL parameter to call it.
As Ryan Weir pointed out in his excellent answer in a duplicate question this should probably be avoided if possible. If, however, you are like me and want to implement it for the sake of convenience and sanity then I took Ryan's solution and made a few modifications.
If you have multiple users setup in MySQL with varying permissions then simply putting the sproc in the mysql schema might have problems. To solve this I created a new schema called "shared" and gave all my users EXECUTE access to this schema. I then created the following stored procedure.
DROP PROCEDURE IF EXISTS shared.store_time_zone;
CREATE PROCEDURE shared.`store_time_zone`()
IF NOT (POSITION('rdsadmin#' IN CURRENT_USER()) = 1) THEN
SET SESSION time_zone = 'US/Pacific';
END IF;
I prefer to set 'US/Pacific' to handle daylight savings but you should test this to make sure your MySQL instance recognizes it first. Just execute the following query SET SESSION time_zone = 'US/Pacific'; to make sure it works. To look up your timezone execute SELECT * FROM mysql.time_zone_name;
At this point I recommend testing the permissions before you go modifying the paramter group and potential break everything. Simply connect to the DB (preferably with a user that has low level permissions and/or is commonly used) and execute the following queries.
CALL shared.store_time_zone;
select now();
Hopefully you didn't get any errors and the correct time showed up.
Next you will need to modify the init_connect parameter in the DB Parameter Group that your RDS instance is using. You can do this in the RDS web console, through the API or the command line utility. If you use the command line it will look like this:
$ rds-modify-db-parameter-group PARAMGROUP --parameters "name=init_connect, value='CALL shared.store_time_zone', method=immediate"
If you do it through the web console then you just need to change the value of init_connect.
CALL shared.store_time_zone
Go back to your RDS instance in the web console and scroll the details pane down to the DB Parameter Group. It should say something like (applying) or (in-sync). Once it is (in-sync) go test everything out to make sure there are no problems.
If at this point you run into problems and need to roll things back then I recommend setting the init_connect value to something harmless like:
SET SESSION time_zone = '-00:00';
Setting it back to blank is impossible to do from the web console. See this thread for more details on why one can't restore the empty value for the DB parameter
#Thomas Paine's solution works for me except I had to user user() instead of current_user() as inside the context of init_connect current_user() returns the master RDS user. (By master I do not mean rdsadmin which is the real root user but the user created with the DB instance with most privileges.)