最近一直在研究磊科系列的web认证,通过几天的琢磨,现在大致方案已经出来了。先放出思路工大家参考。6 E, ]1 T: A6 f0 W4 T
% i4 Z! J$ U: P/ k/ a% R {1 o先在公告里面填写如下内容,目的是为了跳转到第三方的认证系统。; k' s" S, C( u" X* Y
- <style type="text/css">body{display:none;}</style> //隐藏自带的认证界面% j; f* ?! v. t1 N
- <script language="javascript" type="text/javascript">window.location.href="http://wifiyun.duapp.com/";</script> //跳转到第三方认证系统
, z7 ?4 L' u" j+ O0 K+ _& e% O; v4 E8 w1 m3 c, W3 K
. w6 I [* k# a) i# p6 H, @
4 D" g6 X- ]& i5 I7 f) n* r, `
然后第三认证系统判断是来自电脑还是ipad、手机之类的。并跳转到相应的认证页面。; a7 h& g; {% |4 s2 F, l8 t' ?- q
! q2 P! N8 L$ [/ S8 T
* O( c7 Q, p* z# B R5 V/ L, _7 j
5 D# J: s2 w6 A. Y; E
当用户向第三方认证提交用户名和密码后,由认证服务器访问路由器的以下地址取到客户端的MAC地址(认证过程中磊科自带的WEB认证会传递url、内网ip这几个,用传递过来的内网ip在返回的数据中查找客户的MAC)。从而进行判断该用户的授权是否到期,到期的话则跳转到认证首页或者是提示用户进行续费。
# _6 \+ _% }. V, j1 y- v" I5 A
0 d& ?) l' `# ~/ }# e& m- C# T- 3 W S6 M$ k* W: O# J. m2 h
- POST:路由外网IP/router/filter_hosts_dump.cgi?noneed=noneed 该地址需要携带cookies访问& B+ X+ y$ N' U! M* g+ g
4 a* \" o, W, X. ^
$ _& h7 _! Q1 }4 u3 D2 X1 c- [{"ip":"192.168.1.164","conn_count":"3","up_speed":"0","down_speed":"0","up_byte":"2334","down_byte":"2852","lan":"WLAN","host_name":"android-/ d: @- I8 \3 C1 m' O) M
- 2 |$ w+ N6 Z5 J" T5 k \
- 379a065","is_normal":"1","sys_info":"","mac_err":"0","mac":"6C-F3-73-70-A1-6E","mac_t":"-","up_time":! w/ p) y! }3 Y& H, \6 [* [
5 r M1 z9 J) X- X1 H- {"day":"0","hour":"0","min":"16","sec":"45"},"user_group_name":"","up_speed_limited":"0","down_speed_limited":"0","up_speed_qos":"0","down_speed_qos":"0","is_default":"0","conn_, f$ o# }/ J# L. r% I; y
3 }6 U4 {4 P" J# K- limited":"0","upnp":"0","in_black_list":"0","in_white_list":"0"},
9 x& M3 y9 q F: L4 C
; U X& ^! B/ }- ]: D+ C7 u- {"ip":"192.168.1.154","conn_count":"13","up_speed":"0","down_speed":"0","up_byte":"1427","down_byte":"1493","lan":"WLAN","host_name":"","is_normal":"1","sys_info":"","mac_err":"
8 ?) n6 s& m- E/ r+ t - + c( i+ o! b2 R+ c* w. p
- 0","mac":"78-F7-BE-3B-6B-47","mac_t":"-","up_time":9 c& r* Z8 i7 V, t6 O
- 1 K! H! C6 T+ [6 F
- {"day":"0","hour":"0","min":"0","sec":"17"},"user_group_name":"","up_speed_limited":"0","down_speed_limited":"0","up_speed_qos":"0","down_speed_qos":"0","is_default":"0","conn_l
; u% D- B0 |9 X6 e; m( y7 i
+ J' c2 A$ X- ?8 E7 o) O( V/ a' @- imited":"0","upnp":"0","in_black_list":"0","in_white_list":"0"}]
" s" N: V$ E" @; Q% F1 r如果所有检测都通过的话,路由器则再次访问如下地址完成登录验证。
/ e) K* [$ j. @ {* z1 |6 B" \0 K8 A8 f; ], b
- POST:路由外网IP/router/l7_web_auth.cgi?user=xxx&pass=xxx&ip=192.168.1.154 (xxx为多用户不限制时间的内置验证账号)
整个认证系统我们可以用php+mysql编写,验证部分全部用php curl访问,防止在数据传递的过程中遭到泄露或者是爬虫的抓取。登录部分的账号按如下测试:$ c$ k5 y* v# g9 u u9 u3 `( G
6 A+ c+ H5 _' T6 z3 {0 E+ I0 R
, m+ w U0 P! T) U$ }' |4 C4 a
8 _2 d2 t3 W4 d; ~1 A8 K另外还要对第三方认证系统的网站进行域名授权,不然路由器是没办法访问网址的。; e$ `: ~! k! G+ R
$ u; |/ p5 n( V% V2 n/ O4 Z! @4 H+ B0 R# r6 u
}- x: ^$ }7 R4 X/ p& L4 @) u0 j/ |2 e" L. n' E
3 l8 G# y- C! R1 i" R: Z
; J7 D0 A$ }, C* y$ l& {5 W整个过程是复杂化了点,但是可以代替磊科自带的那个丑陋界面,而且还可以接入第三代支付平台进行自主注册授权,所以复杂了点还是有作用的。认证系统的代码部分我还没全部完成,有些对方对我来说还是有点难度,各位就不要逼着我行代码了。5 e# d: R& ? Z7 E% j/ o
( |0 y# b, k: y$ W$ F |
粤公网安备44152102000001号 
发表于 2013-11-1 11:00:13
