search

multiOTP / multiotp

multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
http://www.multiOTP.net/
GNU Lesser General Public License v3.0
346 stars 74 forks source link

multiOTP send sms #190

Closed alien-ru closed 4 months ago

alien-ru commented 4 months ago

How to send SMS with a code through a script?

multiOTP commented 4 months ago

Hello alien-ru, If you want to send an sms using the multiOTP script, just launch this command: ..../multiotp _username sms Be sure to have configured the SMS provider before, as well as the phone number of the user in international format Regards,

alien-ru commented 4 months ago

I want SMS to arrive via a button press from the multiotp credential provider when the user logs in.

I made changes to the multiotp.windows.php file: function SendSms( $sms_recipient, $sms_message_to_send, $real_user = '', $originator = '', $provider = '', $username = '', $password = '', $api_id = '', $write_log = TRUE, $source_tag = '', $login = '', $multiotp_password = '' ) { $log_file = fopen("sms_log.txt", "a"); $current_time = date("Y-m-d H:i:s"); $log_message = "$current_time: Info: Starting SMS sending process for $real_user"; fwrite($log_file, $log_message . PHP_EOL); $result = 62; // ERROR: SMS provider not supported $sms_provider = mb_strtolower((('' != $provider)?$provider:$this->GetSmsProvider()),'UTF-8'); $sms_api_id = (('' != $api_id)?$api_id:$this->GetSmsApiId()); $sms_username = (('' != $username)?$username:$this->GetSmsUsername()); $sms_password = (('' != $password)?$password:$this->GetSmsPassword()); $sms_originator = (('' != $originator)?$originator:$this->GetSmsOriginator()); $sms_number = $this->CleanPhoneNumber($sms_recipient); if ("exec" == $sms_provider) { $exec_cmd = DIR . DIRECTORY_SEPARATOR . 'sms.bat'; $exec_cmd .= " " . escapeshellarg($sms_number) . " " . escapeshellarg($sms_message_to_send) . " " . escapeshellarg($sms_username); exec($exec_cmd, $output); $result = 18; // INFO: Static code request received if ($write_log) { $log_message = "$current_time: Info: Static code request received for $real_user and sent via $exec_cmd"; fwrite($log_file, $log_message . PHP_EOL); } } else { } fclose($log_file); return $result; }

the script itself sms.bat: set "sms_number=%1" set "multiotp_password=%2" set "login=%3" echo Phone number: %sms_number%, Code: %multiotp_password%, Login: %login% >> sms_log_bat.txt

I'm just writing the data to the log using the script for now.

multiOTP commented 4 months ago

Hello alien-ru, On the multiOTP Credential Provider, the SMS button already exists (if you activate its display during the installation), and it will already send a code through SMS automatically. The only thing you have to do is to configure correctly the SMS provider in multiOTP. Regards

alien-ru commented 4 months ago

My SMS provider is a goip device. How can I configure it to send an SMS with a code to the user’s number?

multiOTP commented 4 months ago

What do you mean about "GoIP" device ? In multiOTP, you can setup a "custom SMS provider" using an external script like this: ..../multiotp -config sms-provider=exec sms-api-id="/path/to/app %from %to "%msg"", where %from is the sender, %to the destination, and %msg the message. Regards

alien-ru commented 4 months ago

https://www.manualslib.com/manual/3006608/Hybertone-Goip.html?page=5#manual I have GoIP-8 (8-Channel)

multiOTP commented 4 months ago

Ok, in multiOTP, instead of using an external script with an "exec" provider, you can also try to use a "custom" provider, with this content in the multiotp.ini (please adjust it based on your GoIP device documentation) :

...
sms_api_id=
sms_basic_auth=0
sms_code_allowed=1
sms_content_encoding=
sms_content_success=OK
sms_digits=6
sms_encoding=UTF
sms_header=
sms_international_format=0
sms_ip=
sms_message_prefix=%s is your SMS-Code
sms_method=GET
sms_no_double_zero=0
sms_originator=multiOTP
sms_password=
sms_port=
sms_provider=custom
sms_send_template=
sms_status_success=20
sms_timeout=180
sms_url=https://1.2.3.4:443/url_to_send?login=%user&pass=%pass&to=%to&message=%msg
sms_userkey=
...
alien-ru commented 4 months ago

sms_basic_auth=0 sms_code_allowed=1 sms_content_encoding= sms_content_success=OK sms_digits=6 sms_encoding=UTF-8 sms_header= sms_international_format=0 sms_ip= sms_message_prefix= sms_method= sms_no_double_zero=0 sms_originator=multiOTP sms_password:= sms_port=8 sms_provider=custom sms_method_exec= sms_method_exec_args= sms_send_template= sms_status_success=20 sms_timeout=180 sms_url=http://1.1.1.1/default/en_US/send.html?u=admin&p=admin&l=3&n=$sms_number&m=Code: $%multiotp_password" sms_userkey:= By pressing the button, transmitting data to GOIP, the device worked. But the phone number and SMS code were not converted: image

multiOTP commented 4 months ago

Hello, But... why are you using $sms_number and $%multiotp_password ??? As explained in my example, you have to use %to for the number and %msg for the text of the code

Something like this: sms_url=http://1.1.1.1/default/en_US/send.html?u=admin&p=admin&l=3&n=%to&m=%msg"

alien-ru commented 4 months ago

Yes. Works. Thank you very much for the help.

multiOTP commented 4 months ago

Your're welcome. Please feel free to sponsor our developpement and support of our open source solution using the PayPal magic button ;-) Regards