Using SMS CLI option in playSMS to enhance security for SMS base renewal

0
323

cli

TASK:

Operator requirement was to have a facility via which he can renew user account by simply sending sms to the radius system with user account name + admin password and above all only his mobile number should be authorized for this action. So basically two levels of securities are  required. One is admin password, second is sender CLI , something like mac address, and this is really strong because spoofing mobile numbers is not easily possible.

This method was also required because sometimes admin is out of station and opening billing page in mobile is not an easy task dueto to complex billing pages, navigation lot of pages in order to simple renew user account, and it requires good internet connectivity as well too. What if internet facility is not available in remote part, then SMS comes really handy to perform few or basic level of task.

This post is one of my ‘Sharing Ideas’  series which are practically implementable very easily and i have done it at few networks too. I know there are always many ways to achieve the same task. I just picked the easiest one. This code can be trimmed as it contains junks as it was made quickly in the lab. You can achieve the same task with some PHP code decently but that’s not my area

 


 

 

SOLUTION: A simple Script !

The following bash script will do the following.

  1. Upon receiving of SMS , it will first verify the SENDER SMS , if not found in /temp/adminmobile.txt , then it will return error and exit, otherwise continue to next step
  2. It will check for the Valid admin password , if not matched with /temp/password.txt, then it will return error and exit, otherwise continue to next step
  3. It will then check for valid user in radius mysql users table, if not found then it will exit, otherwise continue to next step
  4. If all conditions matches, it will simply renew the account by adding 31 days to the account and add entries in SYSLOG events, and it will also add full invoice in the ADMIN account. It will also return the FULL reply with the actions taken to the sender.

TIP: As you can see I have used simple text file to store the admin mobile number and simple password, but its recommended to use mysql table to store the said info for better reasons.


 

 

playSMS Section:

  • Login to PlaySMS
  • Goto Features / Manage Command / Add Sms Command
  • Create Command as showed in the image.

playsms-renewal commandPay attention to the SMSSENDER. by default playsms will add comma in between commandparm and smssender, so we will use SED to separate them : ).
SAVE the Command.

Now moving to script section


 

SCRIPT SECTION

Create script with any name (as mentioned in the playSMS section) and paste the date.
Just make sure you change user info like mysql id / password / text file names and location for admin mobile and admin password.

  • mkdir /temp
  • touch /temp/adminmobile.txt
  • touch /temp/password.txt

[Now add the password and mobile number of Admin. mobile number must be in following format  923333021909]

Now create the script in /var/lib/playsms/sms_commands/1

  • touch /var/lib/playsms/sms_commands/1/adrenew.sh
  • chmod +x /var/lib/playsms/sms_commands/1/adrenew.sh
  • nano touch /var/lib/playsms/sms_commands/1/adrenew.sh

[paste the following data and modify it as required]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Script to renew account via sms with password and admin mobile CLI security
# Designed by Syed Jahanzaib for Test Purposes for a network
# 25th September, 2015
# aacable at hotmail dot com
# Script Starts Now
#!/bin/bash
SQLUSER="root"
SQLPASS="YOUR_SQL_PASSWORD"
echo $1 | sed 's/[+]/ /g' > /tmp/adminrenew
# Password file for storing Admin Password, better to use mysql query to fetch the password
PASS=`cat /tmp/adminrenew | awk {' print $1 '}`
USR=`cat /tmp/adminrenew | awk {' print $2 '}`
# File to store Admin Mobiel Number to match with the sender number
SENDER=`cat /tmp/adminrenew | awk {' print $3 '}`
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+31 days")
# LOOK FOR AUTHORIZED MOBILE NUMBER AND MATCH IT WITH LOCAL FILE
ADMINMOBILE=`cat /temp/adminmobile.txt`
if [ "$SENDER"  != "$ADMINMOBILE" ]; then
echo -e "ERROR: You number is not authorized to send SMS to this sytem! Jz"
exit 0
fi
# LOOK FOR VALID PASSWORD IN LOCALFILE
PASSVALID=`cat /temp/password.txt`
if [ "$PASS"  != "$PASSVALID" ]; then
echo -e "ERROR: Incorrect Admin Password!"
exit 0
fi
#LOOK FOR VALID USER IN RADIUS
USRVALID=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvid FROM radius.rm_users WHERE rm_users.username = '$USR';"`
if [ "$USRVALID" == "" ]; then
echo -e "ERROR: USER NOT FOUND!"
exit 0
fi
######################
# ACCOUNT EXPIRY CHECK
######################
TODAY=$(date +"%Y-%m-%d")
TODAYDIGIT=`echo $TODAY  | sed -e 's/-//g'`
MONTH=$(date +"-%m")
CMONTH=`echo $MONTH  | sed -e 's/-//g'`
MONTHYEAR=$(date +"%B-%Y")
ALPHAMONTHYEAR=`echo $MONTHYEAR #| sed -e 's/-//g'`
SRVEXPIRYFULL=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
SRVEXPIRYFULLD=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk '{print $1}' | sed 's/expiration//'`
SRVEXPIRY=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2' | sed -e 's/-//g' | sed 's/00:.*//'`
LOGOFFDATE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT lastlogoff FROM radius.rm_users WHERE username = '$USR';"  |awk 'FNR == 2 {print $1,$2}'`
SRVID=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvid FROM radius.rm_users WHERE rm_users.username = '$USR';" |awk 'FNR == 2 {print $1}'`
SRVPRICE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius;  SELECT unitprice FROM radius.rm_services WHERE rm_services.srvid = $SRVID;" |awk 'FNR == 2 {print $1}' | cut -f1 -d"."`
#LOOK FOR USER ACTUAL SERVICE NAME
PKGNAME=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvname FROM radius.rm_services WHERE rm_services.srvid = '$SRVID';" |awk 'FNR == 2'`
# Look for Pakacge Quota trafficunitcomb
#PKGQUOTA=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT trafficunitcomb FROM rm_services WHERE srvid= '$SRVID';" |awk 'FNR == 2'`
#PKGQUOTAB=$(($PKGQUOTA / 1024))
########### ACCOUNT STATUS EXPIRED TODAY ACTION ############
if [ $SRVEXPIRY -eq $TODAYDIGIT ]
then
echo "Account Status: EXPIRED TODAY! Last LOGOUT date: $LOGOFFDATE"
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+31 days")
# PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo User Account  = $USR
echo User Package = $PKGNAME
echo Service Price at Billing = $SRVPRICE PKR
echo -e "Next Expiry =  $NEXTEXPIRYADD"
# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), '$SENDER', 'galaxy', 'Account Renewed', '$USR', '$USR renewd - $PKGNAME');"
# Add rough DATA in INVOICE for billing purpose
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit, days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum, address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark, balance, gwtransid, phone, mobile, vatpercent ) VALUES ('admin-$SENDER', '$USR', NOW(), '0', '0', '0', '0', '0', '0', '0', '0', '31', '$NEXTEXPIRYADD', '0', '0', '0', '0', '1', '$PKGNAME', '', '$TODAY', '1', '$TODAY', '', '', '', '', '', 'admin SMS renewed ', '', DATE_ADD(CURDATE(), INTERVAL '14' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '0.00', '', '', '03333021909', '0.00' );"
########### ACCOUNT STATUS EXPIRED IN PAST ACTION ############
elif [ $SRVEXPIRY -lt $TODAYDIGIT ]
then
echo "Account Status: EXPIRED on $SRVEXPIRYFULL! Last LOGOUT date: $LOGOFFDATE"
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+31 days")
# PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo User Account  = $USR
echo User Package = $PKGNAME PKR
echo Service Price at Billing = $SRVPRICE PKR
echo -e "Next Expiry =  $NEXTEXPIRYADD"
# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), '$SENDER', 'galaxy', '$USR', '$USR renewd - $PKGNAME');"
# Add rough DATA in INVOICE for billing purpose
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit, days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum, address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark, balance, gwtransid, phone, mobile, vatpercent ) VALUES ('admin-$SENDER', '$USR', NOW(), '0', '0', '0', '0', '0', '0', '0', '0', '31', '$NEXTEXPIRYADD', '0', '0', '0', '0', '1', '$PKGNAME', '', '$TODAY', '1', '$TODAY', '', '', '', '', '', 'admin SMS renewed ', '', DATE_ADD(CURDATE(), INTERVAL '14' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '0.00', '', '', '03333021909', '0.00' );"
# Update QUOTA for the USER
#mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET comblimit = '$PKGQUOTAB' WHERE username = '$USR';"
else
########### ACCOUNT STATUS OK! ACTION ############
echo -e "User Billing Info:"
echo "Account STATUS= OK!"
NEXTEXPIRYADD=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; select DATE_ADD(expiration, INTERVAL 31 DAY) as x from rm_users where username= '$USR';" |awk 'FNR == 2'`
# PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo User Account  = $USR
echo User Package = $PKGNAME PKR
echo Service Price at Billing = $SRVPRICE PKR
echo -e "Next Expiry =  $NEXTEXPIRYADD"
NEXTEXPIRYADD=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; select DATE_ADD(expiration, INTERVAL 31 DAY) as x from rm_users where username= '$USR';" |awk 'FNR == 2'`
# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD COMMENTS
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET comment = 'Last renewed by SMS $SENDER'  WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), '$SENDER', 'galaxy', 'Account Renewed', '$USR renewd - $PKGNAME');"
# Add rough DATA in INVOICE for billing purpose
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit, days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum, address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark, balance, gwtransid, phone, mobile, vatpercent ) VALUES ('admin-$SENDER', '$USR', NOW(), '0', '0', '0', '0', '0', '0', '0', '0', '31', '$NEXTEXPIRYADD', '0', '0', '0', '0', '1', '$PKGNAME', '', '$TODAY', '1', '$TODAY', '', '', '', '', '', 'admin SMS renewed ', '', DATE_ADD(CURDATE(), INTERVAL '14' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '0.00', '', '', '03333021909', '0.00' );"
fi
# Script ENDs here
# Thankoooo . zaib

 

TEST AND RESULTS

Now send sms in following format to the radius/playSMS attached system.

adrenew YOURPASS USERNAME

and you will receive reply accordingly as showed in the image below …

2015-09-26 05.16.45


 

:)~~

Regard’s

NO COMMENTS