This is an old revision of the document!


SMS Login Architecture Current login architecture takes into consideration only Sahana Core users, i.e. users who are registered as users in the Sahana system and their record exists in the DB. Public usage for potential news alert broadcasts, or public information IVR via SMS can be implemented following the similar approach. The module is being written keeping this in mind.

Files to be added: 1. /inc/lib_security/lib_sms_auth.inc 2. /inc/lib_security/lib_sms_acl.inc 3. lib_sms_session.inc 4. lib_sms_errors.inc 5. lib_sms_process.inc 6. lib_sms_menu.inc

Changes in SQL Schema: 1. Add 1 field in table “person_uuid”. Field name: mobile_number char(32) NULL UNIQUE. Purpose: Store mobile number of the user in the format “919898989898” without using any special characters. 2. Add 2 field in table “users”. Field name: “sms_auth_status” varchar(60) NULL DEFAULT active. Purpose: To check if a particular user is authorised to communicate to Sahana Server over SMS.

Pseudocode: /** * 1. Take SMS Input from SMS Plugin's handler. We process SMS after its posted to Sahana & inserted to DB. * 2. We get the following values in the array $received_message[]: * a. ['sender'] = Caller ID * b. ['received'] = Received Timestamp * c. ['message'] = Message text * 3. Check “sender” authentication via “/inc/security/lib_sms_auth.inc” * a. if value of “sender” exists in field “mobile_number” of “person_uuid” table. * i. retrieve “p_uuid” of user * ii. check “sms_auth_status” of user with “p_uuid” in table “users” * iii. If “sms_auth_status” == active. * i. return login result as 1 * ii. proceed to message parsing & keyword check. * iv. else if [sms_auth_status!=active] * i. send_sms_error(“Sorry you are not authorised to access the Sahana SMS Server. * Kindly login or contact Sahana Administrator”) * ii. Code Terminates * b. else if value of “sender” does NOT exists in field “mobile_number” of “person_uuid” table. * i. This part checks for keyword “login username password” in the “message” and autheticates user via * “/inc/security/lib_sms_auth.inc” * ii. Parse the message by $parsed_message = _shn_msg_parse_short_message($message); * iii. Check if $parsed_message[0] == “login” then send $parsed_message to login check function

            in /lib/security/lib_sms_auth.inc

* iv. Else if $parsed_message[0] != “login” send send_sms_error(“Sorry you are not authorised to access the

            Sahana SMS Server. Kindly login or contact Sahana Administrator")

Parser Function: function _shn_msg_parse_short_message($message){

  $parsed_message=array();
  $parsed_message = explode(" ", $message);
  return $parsed_message;

}

Small Prototype in PHP Demonstrating the Login via SMS to Sahana DB

<? $message=$_GET[“msg”];

function _shn_msg_parse_short_message($message){

  $parsed_message=array();
  $parsed_message = explode(" ", $message);
  return $parsed_message;

}

$output = _shn_msg_parse_short_message($message); $count = count($output); echo “Count = $count <br \>”; print_r($output); echo ”<br \>Login Part:<br \>“; if($output[0]=='login') { $user = $output[1]; echo “User name: ”.$user; echo ”<br \>Password = “; for($i=2; $i<$count; $i++){

$password .= $output[$i];
if($i!=$count-1) $password .= " "; // to avoid additional space

}

} echo “\””.$password.“\”“; $pass = $password;

Sahana Login replace DB functions from sysconf.inc and /inc/handler_db.inc mysql_connect(“localhost”, “root”, ”“) or die(mysql_error()); mysql_select_db(“sahana”) or die(mysql_error()); Sahana Password building from lib_auth.inc

$q = "  SELECT p_uuid,salt  FROM users
                  WHERE user_name = '$user'";
// AND password = '$password_digest'";
$res=mysql_query($q) or die(mysql_error());
if(mysql_num_rows($res)==0){
	echo "User name does not exists";
              break;
}else{
	while($result = mysql_fetch_array($res)){
	$salt=$result['salt'];
	}
	echo "<br \>Salt = ".$salt."<br \>";
}
$pwd=substr($pass, 0, 4).$salt.substr($pass, 4);
// Create a digest of the password collected from the challenge
$password_digest = md5(trim($pwd));
echo "Digest : ".$password_digest;
// Formulate the SQL to find the user
$q = "  SELECT p_uuid  FROM users
                  WHERE user_name = '$user'
                  AND password = '$password_digest' and salt='{$salt}'";
$res=mysql_query($q) or die(mysql_error()); 
if(mysql_num_rows($res)==0){
	echo "<br \>Login Failed";
}else{
	echo "<br \>Login Success";
}

?>


Navigation
QR Code
QR Code dev:gsoc_2008_msg_sms_login (generated for current page)