{"id":13469171,"url":"https://github.com/mhaas/fbwlan","last_synced_at":"2025-09-23T10:51:10.641Z","repository":{"id":28166882,"uuid":"31667947","full_name":"mhaas/fbwlan","owner":"mhaas","description":"A simple, easy social wlan hotspot. Exchange internet access for Facebook check-ins","archived":false,"fork":false,"pushed_at":"2017-09-25T09:25:09.000Z","size":98,"stargazers_count":107,"open_issues_count":17,"forks_count":56,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-09-20T18:54:56.260Z","etag":null,"topics":["facebook","gateway","hotspot","social-hotspot","wifidog"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhaas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-04T16:46:04.000Z","updated_at":"2024-08-14T21:43:51.000Z","dependencies_parsed_at":"2022-07-31T07:47:57.199Z","dependency_job_id":null,"html_url":"https://github.com/mhaas/fbwlan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mhaas/fbwlan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaas%2Ffbwlan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaas%2Ffbwlan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaas%2Ffbwlan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaas%2Ffbwlan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhaas","download_url":"https://codeload.github.com/mhaas/fbwlan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaas%2Ffbwlan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276562601,"owners_count":25664430,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-23T02:00:09.130Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["facebook","gateway","hotspot","social-hotspot","wifidog"],"created_at":"2024-07-31T15:01:28.376Z","updated_at":"2025-09-23T10:51:10.613Z","avatar_url":"https://github.com/mhaas.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"# FB WLAN Hotspot #\n\nA simple, easy social wlan hotspot. This script works as an auth\nserver for Wifidog. If a user checks in to your business' location\non Facebook, they get free wifi in exchange.\n\n\n## Features ##\n\n* Lets users exchange a Facebook check-in for Wifi\n* No Facebook, no problem: give out the access code\n* Lightweight: does one thing only\n* Uses the [Flight framework](http://flightphp.com/)\n* Based on [Pure.css](http://purecss.io/)\n* Compatible with [Wifidog (Protocol V1)](http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1)\n  - Possibly CoovaChilli via [*chilli_proxy*](http://coova.org/CoovaChilli/Proxy))\n\n## Why another auth server? ##\n\nQuite simply because there are no other working solutions.\nSome scripts which claim to use Facebook for hotspot authentication\nare available in the wild. For [Authpuppy](http://www.authpuppy.org/),\nthere is a [third-party plugin for Facebook authentication](https://code.launchpad.net/~alliancecsf-dev/authpuppy/apAuthFacebookPlugin).\nAuthpuppy itself is quite unmaintained and uses the outdated Symfony 1.x\nframework. Additionally, there is no check-in functionality out of the box.\n\nThere's also the [Wifidog auth server](https://github.com/wifidog/wifidog-auth)\nwhich requires PostgreSQL. I don't have a web host capable of PostgreSQL, so\nthat was not acceptable either. The Wifidog auth server also does\nnot support Facebook.\n\nThere are more attempts at integrating Facebook login into a open-source\nhotspot. [Kikiauth](https://github.com/hongquan/KikiAuth) is promising, yet\nabandoned by its author. The problem here is themultitude of IP addresses\nused by Facebook which makes it hard to whitelist all ressources necessary.\nI solve this problem with the ipset feature of [Dnsmasq](http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html)\nbased on a recommendation by [jow on the OpenWRT forums](https://forum.openwrt.org/viewtopic.php?pid=235631#p235631).\n\nThe [socialwifi project by mengning](https://github.com/mengning/socialwifi)\nrequires tomcat and other java stuff.\n\n[social-hotspot](https://github.com/acanthus2000/social-hotspot) comes quite\nclose to my requirements. It connects to Facebook and either asks the user\nto like a page or to check in. On the gateway, NoCatSplash captures the user.\nThe problem here is that the Facebook app provides no real security: the user\ncan always log in by [POST-ing the correct form](https://github.com/acanthus2000/social-hotspot/blob/master/index.php#L37)\nto NoCatSplash. Although this is unlikely to pose a real problem as there\nare unlikely to be any security implications, I didn't like this way\nof handling authentication client-side.\n\nIn my implementation, the gateway (Wifidog) verifies that the\nFacebook app (this script) actually granted access to the user.\n\nSeveral commercial implementations are also available. Facebook themselves\noffer [Facebook Wifi](https://www.facebook.com/help/126760650808045/). The\noffer looks good on paper, with affordable devices like the D-Link DIR-865L\nand the Netgear R6300 (v2). Some research reveals that\nthe Facebook Wifi implementation\n[always enables HTTPS](http://forum1.netgear.com/showpost.php?p=493554\u0026postcount=12).\nThis means that many smartphone apps will always work and the user might not\neven notice there is captive portal.\n\nOther vendors charge unreasonable monthly fees for their services.\n\n\n## Limitations ##\n\nSocial hotspots typically rely on an [AAA (Authentication, Authorization\nand Accounting) server](http://en.wikipedia.org/wiki/RADIUS#Protocol_components).\nQuite simply, there is no **Accounting**. Although Wifidog will occasionally\nupdate this script with bandwidth usage information, the data is simply discarded.\n\nThere is also no real **Authentication**: the script does not remember who used\nthe hotspot. Facebook is only used to post a message and no details such as user\nnames or emails are retained.\n\nRegarding **Authorization**: an user is authorized to access the internet\nonce they successfully check in via Facebook or if they provide the access\ncode.\n\nIn some jurisdictions, you must keep track of who uses your network. In this\ncase, this script is probably not for you. (Pull requests welcome!)\n\n## Requirements ##\n\nFor this script:\n\n* Webhost with some space\n* PHP 5.4 (or maybe 5.3)\n* 1 MySQL database\n* lftp client\n\nFor the gateway:\n\n* Router capable of running\n  - [OpenWRT](http://www.openwrt.org) or possibly DD-WRT\n  - [Wifidog](http://dev.wifidog.org/)\n\n## Install ##\n\nCopy the example config file to config.php and edit to suit your needs.\n\n    cp config-example.php config.php\n    vim config.php\n\nThe entries should be self-explanatory. To use this app, you need to create\nan app in Facebook. During the app creation process, select \"Website\" as\nplatform and select \"create app id\". Proceed to enter the domain where this\nscript will be hosted as app domain. Copy the app id and the app secret\nto *config.php*. For testing, this is good enough. Once you have verified\nthat everything works, you need to [submit your app for review](https://developers.facebook.com/docs/apps/review).\nFacebook recently introduced this review process for apps which post\non behalf of the user.\n\nIf you have lftp installed, you can use the upload script. Create a file with\nlogin details:\n    \n    cat \u003c\u003cEOF \u003e upload_creds.sh \n    USER=\"my-ftp-user\"\n    PASS=\"my-ftp-pass\"\n    SITE=\"sftp://my-ftp-host/dir/\"\n    EOF\n\nRun the upload script:\n\n    bash upload.sh\n\nIf you do not have lftp, simply upload the files manually with your FTP\nclient of choice. See *upload.lftp* for details. In particular, make sure\nto rename *htaccess* to *.htaccess*.\n\nOnce you have the files uploaded, you can test the script by opening\nthe website in your browser. If you want to test the Facebook integration,\nprovide some fake gateway details like this:\n\n    http://example.xyz/login?gw_id=foo\u0026gw_address=localhost\u0026gw_port=8080\n\nOnce you went through the login, you will be redirected to http://localhost:8080/.\nDon't be scared by the error message (you probably have no server running there!),\nit means everything is working.\n\nIf you get a HTTP 500 error, a possible reason is related to .htaccess. For my\nApache 2.4 server, I had to adjust some RewriteRules. If these don't work for\nyou, refer to the [original .htaccess for Flight](http://flightphp.com/install).\nIf that doesn't work, consult the error logs of your webserver.\n\n## Configuring Wifidog ##\n\nWifidog lives on the gateway/router and intercepts requests made by\nclients.\n\nThe following instructions assume you have already configured the network\non your gateway. Typically, you have a wlan interface running without\nencryption called \"MyPlace Guest\". Isolating clients from each other is\nprobably a good idea. See the [OpenWRT wiki for details.](http://wiki.openwrt.org/doc/uci/wireless)\n\nThe script is a drop-in replacement for the Wifidog auth server.\nMake sure to set up **GatewayInterface** and **ExternalInterface**\nin */etc/wifidog.conf*. The **AuthServer** directive is set up as follows\nif the script is installed on http://example.xyz/fbwlan/:\n\n    AuthServer {\n        Hostname example.xyz\n        Path /fbwlan/\n    }\n\nMake sure to set the correct hostname and path!\n\n## Allowing Access to Facebook ##\n\nAs described above, Facebook uses many different IP addresses. Due to the way\nthe content distribution networks work, the same host name may resolve to\ndifferent addresses. This is why it's impractical to just whitelist\nindividual IP addresses. However, [http://ipset.netfilter.org/](ipsets)\ntogether with dnsmasq solve this problem nicely.\n\nOn OpenWRT 14.07 (Barrier Breaker), the default dnsmasq version does not\nsupport ipset. Install dnsmasq-full instead\n\n    opkg update\n    opkg install dnsmasq-full\n\nOn boot, we need to create the ipset where we store the IP addresses.\nThis must happen before dnsmasq can populate them. A simple way\nto handle this is to edit */etc/firewall.user* and add the following\nline to the end:\n    \n    ipset create fb hash:ip\n\nThen, edit */etc/dnsmasq.conf* and tell dnsmasq to store any IPs for\nFacebook in the **fb** ipset. Add this to end of the file:\n\n    ipset=/facebook.com/fbcdn.net/akamaihd.net/fb\n\nFinally, allow the **fb** ipset in the firewall. Add this under the\n**FirewallRuleSet unknown-users** section in */etc/wifidog.conf*\n\n    FirewallRule allow to-ipset fb\n\n### Testing the setup ###\nStart wifidog and reload the firewall:\n\n    fw3 reload\n    /etc/init.d/dnsmasq restart\n    /etc/init.d/wifidog start\n    sleep 10\n    /etc/init.d/wifidog-fw-extra\n\nOpen any non-HTTPS website in your browser and you should be redirected to\nthe captive portal.\n\n### Starting Wifidog automatically \u0026 reliably ###\n\nIn my testing on Barrier Breaker, the default wifidog init script failed\nto bring up Wifidog. Apparently, Wifidog starts before the interfaces are up\nand quits. However, we can (re-)start wifidog automatically on Wifi changes.\nI took the opportunity to rewrite the Wifidog init script to use the new\n[procd](http://wiki.openwrt.org/inbox/procd-init-scripts) init system.\nThe distinct advantage here is the process supervision:\nif Wifidog crashes, it is automatically restarted. I originally hoped\nto reload Wifidog automatically on interface changes via the **netdev**\nparam, but that didn't work.\n\n    cat \u003c\u003cEOF \u003e /etc/init.d/wifidog\n    #!/bin/sh /etc/rc.common\n    # Copyright (C) 2006 OpenWrt.org\n    START=65\n\n    USE_PROCD=1\n\n    EXTRA_COMMANDS=\"status\"\n    EXTRA_HELP=\"        status Print the status of the service\"\n\n    start_service() {\n        procd_open_instance\n        # -s: log to syslog\n        # -f: run in foreground\n        procd_set_param command /usr/bin/wifidog -s -f\n        procd_set_param respawn # respawn automatically if something died\n        procd_set_param file /etc/wifidog.conf\n        procd_close_instance\n        # wait for firewall rules to be setup\n        /etc/init.d/wifidog-fw-extra enabled \u0026\u0026 /etc/init.d/wifidog-fw-extra restart \u0026\n\n    }\n    # TODO: wdctl supports reload without disconnecting users\n    EOF\n    chmod +x /etc/init.d/wifidog\n\nNote that the script backgrounds the call to  *wifidog-fw-extra*. Otherwise, the firewall\nwill be set up before Wifidog which will then promptly discard the rules.\n\nTo ensure that Wifidog is restarted on interface changes, we create the\nfollowing hotplug script:\n\n    cat \u003c\u003cEOF \u003e/etc/hotplug.d/iface/30-wifidog\n    #!/bin/sh\n    # Based on firewall.hotplug\n    [ \"$ACTION\" = ifup -o \"$ACTION\" = ifupdate ] || exit 0\n    [ \"$ACTION\" = ifupdate -a -z \"$IFUPDATE_ADDRESSES\" -a -z \"$IFUPDATE_DATA\" ] \u0026\u0026 exit 0\n\n    /etc/init.d/wifidog enabled || exit 0\n    logger -t wifidog \"Reloading wifidog due to $ACTION of $INTERFACE ($DEVICE)\"\n    /etc/init.d/wifidog restart\n    EOF\n    chmod +x /etc/hotplug.d/iface/30-wifidog\n\nNote that you can see the logger output with the  *logread* command.\n\nNow enable the init scripts to make Wifidog start on boot:\n\n    /etc/init.d/wifidog enable\n    /etc/init.d/wifidog-fw-extra enable\n\nThe downside to this method is that Wifidog is restarted multiple times. In\naddition, the firewall is called repeatedly and slows down the boot process\ndue to the *sleep 10* call. The upside is that it works.\n\n\n\n\n\n\n\n## License ##\n\nFBWLAN is licensed under the AGPL. The files in views/* bear no\ncopyright notice for practical reasons, but they carry the same\nlicense. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaas%2Ffbwlan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhaas%2Ffbwlan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaas%2Ffbwlan/lists"}