Wednesday, April 17, 2013

PhpMyPrepaid on Fedora 18

network phpmyprepaid

After installed YFI and Easyhotspot as hotspot system billing, it's time to try another hotspot system billing, and I use Fedora 18 as Operating System. Phpmyprepaid, is interface hotspot system billing designed to work with a MySQL database and FreeRadius. Phpmyprepaid has not developed yet. The final version is phpmyprepaid 0.4-RC3, came out in April 2009. It is the oldest than others. (CMIIW)
Let's to begin.
As usually, after  installing fedora 18 with minimalist package, continue to configure network. Make sure some variable is exist.
vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=dhcp
PEERDNS=yes
PEERROUTES=yes
DEFROUTE=yes
NAME=eth0
ONBOOT=yes
vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eth1
ONBOOT=yes

Service network restart.
I assume it's connected to internet. If not, don't ever think to continue to next stages.

Install epel to get extra packages.
yum install wget
cd /usr/local
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm2cpio epel-release-6-8.noarch.rpm | cpio -idmv
cp ./etc/yum.repos.d/epel-testing.repo ./etc/yum.repos.d/epel.repo /etc/yum.repos.d/
cp ./etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 /etc/pki/rpm-gpg/

Update and install another packages
yum repolist
yum update
yum install mc vim unzip zip gcc gcc-c++ make git svn nano tar net-snmp-utils net-tools
yum install mysql-server php httpd php-mysql php-xml php-gd php-pear rrdtool net-snmp
yum install patch mod_ssl openssl dnsmasq perl-Digest-MD5
systemctl stop firewalld
systemctl disable firewalld
yum  install iptables-services iptables-utils
yum install  system-config-firewall-tui system-config-firewall

Make service automatically, find disable service, and make it enable.
systemctl -t service
systemctl list-unit-files | grep service
systemctl enable iptables
systemctl enable snmpd
systemctl enable snmptrapd
systemctl enable mysqld
systemctl enable httpd
systemctl enable dnsmasq
systemctl enable radiusd
systemctl list-unit-files | grep service
reboot

Edit php.ini
mcedit /etc/php.ini

Check in /etc/php.ini, make sure some variable below
short_open_tag = On
date.timezone = Asia/Makassar

Install Chillispot & haserl
cd /usr/local
wget http://www.chillispot.info/download/chillispot-1.1.0.tar.gz
wget http://www.0xf8.org/wp-content/uploads/2011/09/chillispot-1.1.0-tun.c_defined.diff
wget http://www.0xf8.org/wp-content/uploads/2011/09/chillispot-1.1.0-md5.c.diff
ls
tar zxvf chillispot-1.1.0.tar.gz
cd chillispot-1.1.0
 ./configure
patch -p1 < /usr/local/chillispot-1.1.0-tun.c_defined.diff
patch -p1 < /usr/local/chillispot-1.1.0-md5.c.diff
make
make install
cp /usr/local/chillispot-1.1.0/doc/firewall.iptables /etc/
cp /usr/local/chillispot-1.1.0/doc/chilli.init /etc/init.d/chillispot
chmod 755 /etc/init.d/chillispot
cp /usr/local/chillispot-1.1.0/doc/chilli.conf /etc/
cp /usr/local/chillispot-1.1.0/doc/hotspotlogin.cgi /var/www/cgi-bin/
ln -s /usr/local/sbin/chilli /usr/sbin/
chkconfig --add chillispot
chkconfig --level 235 chillispot on
chkconfig --list
wget http://sourceforge.net/projects/haserl/files/haserl-devel/0.9.27/haserl-0.9.27.tar.gz/download
mv download  haserl-0.9.27.tar.gz
tar zxvf haserl-0.9.27.tar.gz
cd haserl-0.9.27
./configure; make; make install
ln -s /usr/local/bin/haserl /usr/sbin/

Edit firewall.iptables file ( /etc/firewall.iptables ).
#!/bin/sh
#
# Firewall script for ChilliSpot
# A Wireless LAN Access Point Controller
#
# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
# $INTIF (eth1) as the internal interface (access points).
#
#
# SUMMARY
# * All connections originating from chilli are allowed.
# * Only ssh is allowed in on external interface.
# * Nothing is allowed in on internal interface.
# * Forwarding is allowed to and from the external interface, but disallowed
#   to and from the internal interface.
# * NAT is enabled on the external interface.
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
#Flush all rules
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
#Set default behaviour
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m conntrack --ctstate  RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
#Allow ICMP echo on other interfaces (input).
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Make file rc.local, so firewall.iptables file will run automatically when booting.
vim /etc/rc.d/rc.local
#!/bin/bash
/etc/firewall.iptables
chmod 755 /etc/rc.d/rc.local

Edit /etc/chilli.conf
net 192.168.182.0/24
dns1 8.8.8.8
dns2 8.8.4.4
domain Ngeri.co.id
radiuslisten 127.0.0.1
radiusserver1 127.0.0.1
radiusserver2 127.0.0.1
radiusauthport 1812
radiusacctport 1813
radiussecret testing123
dhcpif eth1
uamserver https://192.168.182.1/cgi-bin/hotspotlogin.cgi
uamhomepage http://192.168.182.1:3990/prelogin
uamsecret greatsecret
uamlisten 192.168.182.1
uamport 3990
coaport 3799

Edit /etc/init.d/chillispot. Make sure a line below is uncomment.
echo 1 > /proc/sys/net/ipv4/ip_forward
service chillispot restart

Install Freeradius 2.1.12
# yum install freeradius freeradius-mysql freeradius-utils
Edit /etc/raddb/clients.conf and in the client "localhost" section make sure you have,
ipaddr = 127.0.0.1
secret = testing123
nastype = other
Edit /etc/raddb/radiusd.conf and in the "modules" section make sure,
$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf

Then, in the "instantiate" section, add,
chillispot_max_bytes
noresetcounter

Then in /etc/raddb/sites-enabled/default in the authorise section, uncomment "sql"  and add the new counters,
sql
chillispot_max_bytes
noresetcounter

And then later in /etc/raddb/sites-enabled/default in the "accounting" section uncomment the sql. do the same for "session" & "post auth" section
sql

Edit the /etc/raddb/sql/mysql/counter.conf file and in that at the end, add the following,
sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"
}

Edit /etc/raddb/sql.conf file, at the sql section, make sure you have configuration,
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "localhost"
        #port = 3306
        login = "phpmyprepaid"
        password = "phpmyprepaidpasswd"
        radius_db = "phpmyprepaiddb"

Do check the status of the freeradius, with the command radiusd-X
service radiusd stop
radius -X

Install phpmyprepaid
Download phpmyprepaid that I have fixed, at....
Download phpmyprepaid from sourcheforge.net, then extract it.  
unzip phpmyprepaid.zip
mv phpmyprepaid /var/www/
ln -s /var/www/phpmyprepaid/www /var/www/html/hotspot

Create database phpmyprepaid,
mysql –u root –p
mysql>create database phpmyprepaiddb;
mysql>CREATE USER 'phpmyprepaid'@'localhost';
mysql>SET PASSWORD FOR 'phpmyprepaid'@'localhost' = PASSWORD('phpmyprepaidpasswd');
mysql>GRANT ALL ON phpmyprepaiddb.* to 'phpmyprepaid'@'localhost';
mysql -u root -p phpmyprepaiddb < /var/www/phpmyprepaid/phpmyprepaiddb.sql

Update : 
To install PhpMyprepaid, look at posting http://myconfigure.blogspot.com/2013/04/how-to-fix-phpmyprepaid-04rc3.html. I know you can install phpmyprepaid, easily. Because I've already explained in details about it.

Then edit /var/www/cgi-bin/hotspotlogin.cgi and make sure uncomment, both variable below,
$uamsecret = "greatsecret";
$userpassword=1;

And, at last, testing with browsing to http://<your ipaddress>/hotspot. If all running normally, It should be appear login page for administrator. Input username and password.
Username : admin
Password : admin123

Then on computer client should get ip address, and when browsing could redirect to login page. Good luck…!!!

Licence : PhpMyprepaid is under GNU General Public License (GPL)

24 comments:

  1. when i testing with browsing to http:///hotspot page.I found Forbidden

    You don't have permission to access /hotspot on this server.How can i fix!!!!

    ReplyDelete
    Replies
    1. Did you do this..
      mv phpmyprepaid /var/www/
      ln -s /var/www/phpmyprepaid/www /var/www/html/hotspot.
      Then browsing to http:///hotspot
      For example, In my case I go to http://10.10.10.247/hotspot

      Delete
    2. Yes i did the following two step
      mv phpmyprepaid /var/www/
      ln -s /var/www/phpmyprepaid/www /var/www/html/hotspot.

      Delete
    3. check at /etc/httpd/conf/httpd.conf. make sure DocumentRoot "/var/www/html"
      check again at folder /var/www/html/
      link hotspot is exist ?

      Delete
    4. I already checked but face the same error.

      Delete
    5. do you use fedora ? or another linux ??
      try another way,
      cp -Rf /var/www/phpmyprepaid/www /var/www/html/
      then browsing to http://your-ip-address/www/

      Delete
    6. I used fedora 18.Now Solve the problem but can't login with username=admin,password=admin123.and find following error on login page.

      = '5.1') { // date_default_timezone_set('UTC'); //echo date_default_timezone_get(); } if (!file_exists("./phpmyprepaid.conf.php")) header("Location: ./install/setup.php"); else { include('config.inc.php'); // detect installation dir $file_install_acces = 0; if (file_exists("./install/setup.php")){ $error_msg = "Installation Directory '". getcwd() ."/install/' is accessible. Delete this directory to prevent security problem. Please change directory permissions for'". getcwd(). "' with chmod 755 '". getcwd(). "' "; $file_install_acces = 1; } Session::start(); if (isset($_GET["disconnect"])) { $oreon = & $_SESSION["oreon"]; Session::stop(); Session::start(); } if (isset($_SESSION["oreon"])) { // already connected include("lang/en.php"); $msg_error = $lang['already_logged']; unset($_SESSION["oreon"]); } else { if (isset($_POST["submit"])) { $oreon_db = new OreonDatabase($conf_pra['host'], $conf_pra['user'] ,$conf_pra['password'] ,$conf_pra['db'] ); if (($user_id = $oreon_db->checkUser(addslashes($_POST["useralias"]), $_POST["password"]))) { $user = new User($oreon_db->getUser($user_id)); $_SESSION["oreon"] = new oreon($user, $oreon_db); system("echo \"[" . time() . "] LOGIN from ". $_SERVER["REMOTE_ADDR"] . ";;" . addslashes($_POST["useralias"]) . "\" >> ./include/log/" . date("Ymd") . ".txt"); $_SESSION["oreon"]->add_new_session(session_id(), $_SESSION["oreon"]->user->get_id()); header("Location: ./phpmyprepaid.php"); } else system("echo \"[" . time() . "] Err LOGIN from ". $_SERVER["REMOTE_ADDR"] . ";;" . addslashes($_POST["useralias"]) . "\" >> ./include/log/" . date("Ymd") . ".txt"); } } ?>

      Thanks for your patience.:)

      Delete
    7. I used fedora 18.Now i can browsing to http://ip-address/www but can't login to phpmypreaid.I used username=admin,Password=admin123.

      Delete
    8. to fix the error...
      Check in /etc/php.ini, make sure some variable below
      short_open_tag = On
      date.timezone = Asia/Makassar --->> change with your timezone.

      Delete
    9. download and use phpmyprepaid from 4shared, that I have fixed... follow installation phpmyprepaid like above, until finish.

      Delete
    10. Yes i am downloading phpmyprepaid from your 4shared link but see the same problem.So i report u.Anyway thanks for your job.
      Good Luck.

      Delete
  2. I am also trying to get Phpmyprepaid running with Freeradius 2.x !
    There is a problem with the link to 4shared. I can't download "your" updated phpmyprepaid.zip :( :(
    Anyway, thank you for the job and the hope you give me ;)
    best regards

    ReplyDelete
    Replies
    1. update : try this...
      http://www.4shared.com/zip/N3IhoM-U/phpmyprepaid.html...
      if you are using the original phpmyprepaid... look at how to use that, at http://myconfigure.blogspot.com/2013/04/how-to-fix-phpmyprepaid-04rc3_16.html

      Delete
  3. I face error on installation phpmyprepaid step and can't solve.Can you explain me more detail from this step.

    Regards,

    ReplyDelete
  4. When i browsing to http://ip-address/www page.it's ok but cannot login to phpmyprepaid.

    ReplyDelete
  5. I did everything follow your instruction and at final stage my client computer can't get dhcp ip address from server. Any suggestion

    ReplyDelete
  6. chillispot service is running.

    ReplyDelete
    Replies
    1. 1. check cable rj45 / lan,
      2. make sure chillispot have configured, and running...
      3. check with command, ifconfig... do you see interface tun0 and up ??
      4. try to input ip address in interface computer client, manually, according ip address tun0 / in one NetworkID. and then do command ping.
      5. prey to God.

      Delete
  7. Thanks for sharing youir thoughts on lose weight game. Regards

    my homepage :: free weight loss pills

    ReplyDelete