最近一直在研究磊科系列的web认证,通过几天的琢磨,现在大致方案已经出来了。先放出思路工大家参考。
先在公告里面填写如下内容,目的是为了跳转到第三方的认证系统。
- <style type="text/css">body{display:none;}</style> //隐藏自带的认证界面
- <script language="javascript" type="text/javascript">window.location.href="http://wifiyun.duapp.com/";</script> //跳转到第三方认证系统
复制代码
然后第三认证系统判断是来自电脑还是ipad、手机之类的。并跳转到相应的认证页面。
当用户向第三方认证提交用户名和密码后,由认证服务器访问路由器的以下地址取到客户端的MAC地址(认证过程中磊科自带的WEB认证会传递url、内网ip这几个,用传递过来的内网ip在返回的数据中查找客户的MAC)。从而进行判断该用户的授权是否到期,到期的话则跳转到认证首页或者是提示用户进行续费。
- POST:路由外网IP/router/filter_hosts_dump.cgi?noneed=noneed 该地址需要携带cookies访问
- [{"ip":"192.168.1.164","conn_count":"3","up_speed":"0","down_speed":"0","up_byte":"2334","down_byte":"2852","lan":"WLAN","host_name":"android-
- 379a065","is_normal":"1","sys_info":"","mac_err":"0","mac":"6C-F3-73-70-A1-6E","mac_t":"-","up_time":
- {"day":"0","hour":"0","min":"16","sec":"45"},"user_group_name":"","up_speed_limited":"0","down_speed_limited":"0","up_speed_qos":"0","down_speed_qos":"0","is_default":"0","conn_
- limited":"0","upnp":"0","in_black_list":"0","in_white_list":"0"},
- {"ip":"192.168.1.154","conn_count":"13","up_speed":"0","down_speed":"0","up_byte":"1427","down_byte":"1493","lan":"WLAN","host_name":"","is_normal":"1","sys_info":"","mac_err":"
- 0","mac":"78-F7-BE-3B-6B-47","mac_t":"-","up_time":
- {"day":"0","hour":"0","min":"0","sec":"17"},"user_group_name":"","up_speed_limited":"0","down_speed_limited":"0","up_speed_qos":"0","down_speed_qos":"0","is_default":"0","conn_l
- imited":"0","upnp":"0","in_black_list":"0","in_white_list":"0"}]
复制代码
如果所有检测都通过的话,路由器则再次访问如下地址完成登录验证。
- POST:路由外网IP/router/l7_web_auth.cgi?user=xxx&pass=xxx&ip=192.168.1.154 (xxx为多用户不限制时间的内置验证账号)
复制代码
整个认证系统我们可以用php+mysql编写,验证部分全部用php curl访问,防止在数据传递的过程中遭到泄露或者是爬虫的抓取。登录部分的账号按如下测试:
另外还要对第三方认证系统的网站进行域名授权,不然路由器是没办法访问网址的。
整个过程是复杂化了点,但是可以代替磊科自带的那个丑陋界面,而且还可以接入第三代支付平台进行自主注册授权,所以复杂了点还是有作用的。认证系统的代码部分我还没全部完成,有些对方对我来说还是有点难度,各位就不要逼着我行代码了。
|