You are here: start » dev » gsoc_2008_msg_sms_login

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
dev:gsoc_2008_msg_sms_login [2008/06/07 00:08]
ajay_kumar created 		dev:gsoc_2008_msg_sms_login [2009/07/06 20:36] (current)
Line 1: Line 1:
-SMS Login Architecture +====== SMS Login Architecture ====== 
-Current login architecture takes into consideration only Sahana Core users, i.e. users who are registered as users in the Sahana system and their record exists in the DB.+ 
 +**Author:** Ajay Kumar [ ajuonline at gmail dot com]\\ 
 +**Created:** 2008/06/07 05:56\\ 
 +**Link Back:** [[dev:gsoc2008_msg_plans|GSoC 2008 Messaging Module]] 
 + 
 +Current login architecture takes into consideration only Sahana Core users, i.e. users who are registered as users in the Sahana system and their record exists in the DB.\\
 Public usage for potential news alert broadcasts, or public information IVR via SMS can be implemented following the similar approach. The module is being written keeping this in mind. Public usage for potential news alert broadcasts, or public information IVR via SMS can be implemented following the similar approach. The module is being written keeping this in mind.
  
  
-Files to be added: 
-1. /inc/lib_security/lib_sms_auth.inc 
-2. /inc/lib_security/lib_sms_acl.inc 
-3. lib_sms_session.inc 
-4. lib_sms_errors.inc 
-5. lib_sms_process.inc 
-6. lib_sms_menu.inc 
  
-Changes in SQL Schema: 
-1. Add 1 field in table "person_uuid". Field name: mobile_number char(32) NULL UNIQUE. Purpose: Store mobile number of the user in the format "919898989898" without using any special characters. 
-2. Add 2 field in table "users". Field name: "sms_auth_status" varchar(60) NULL DEFAULT active. Purpose: To check if a particular user is authorised to communicate to Sahana Server over SMS. 
  
-Pseudocode: 
-/** 
- * 1. Take SMS Input from SMS Plugin's handler. We process SMS after its posted to Sahana & inserted to DB. 
- * 2. We get the following values in the array $received_message[]: 
-    a. ['sender'] = Caller ID 
-    b. ['received'] = Received Timestamp 
-    c. ['message'] = Message text 
- * 3. Check "sender" authentication via "/inc/security/lib_sms_auth.inc" 
-    a. if value of "sender" exists in field "mobile_number" of "person_uuid" table. 
-       i.   retrieve "p_uuid" of user 
-       ii.  check "sms_auth_status" of user with "p_uuid" in table "users" 
-       iii. If "sms_auth_status" == active. 
-            i.  return login result as 1 
-            ii. proceed to message parsing & keyword check. 
-       iv.  else if [sms_auth_status!=active] 
-            i.  send_sms_error("Sorry you are not authorised to access the Sahana SMS Server. 
-                Kindly login or contact Sahana Administrator") 
-            ii. Code Terminates 
-    b. else if value of "sender" does NOT exists in field "mobile_number" of "person_uuid" table. 
-       i.   This part checks for keyword "login username password" in the "message" and autheticates user via  
-            "/inc/security/lib_sms_auth.inc" 
-       ii.  Parse the message by $parsed_message = _shn_msg_parse_short_message($message); 
-       iii. Check if $parsed_message[0] == "login" then send $parsed_message to login check function  
-              in /lib/security/lib_sms_auth.inc 
-       iv.  Else if $parsed_message[0] != "login" send send_sms_error("Sorry you are not authorised to access the  
-              Sahana SMS Server. Kindly login or contact Sahana Administrator") 
  
-Parser Function: 
-function _shn_msg_parse_short_message($message){ 
-    $parsed_message=array(); 
-    $parsed_message = explode(" ", $message); 
-    return $parsed_message; 
-} 
  
-Small Prototype in PHP Demonstrating the Login via SMS to Sahana DB  
  
-<? 
-$message=$_GET["msg"]; 
  
 +
 +===== Files to be added: =====
 +
 +  - **/mod/msg/lib_sms_main.inc** [Base structure committed to CVS]
 +     - __Purpose of File:__ Main include file for the SMS System calls other files and performs functions
 +  - **/mod/msg/lib_sms_handler.inc** [Base structure committed to CVS]
 +     - __Purpose of File:__ Handles all communication as a result of SMS input. Parse SMS, Check keywords, Trigger corresponding functions as per SMS input
 +  - **/mod/msg/lib_sms_session.inc**
 +     - __Purpose of File:__ Provide SMS Based Session management based on caller ID/mobile number
 +  - **/inc/lib_security/lib_sms_auth.inc** [Base structure committed to CVS]
 +     - {{dev:june_14_2008-01_24_am_working_code_sms_auth.png|Check Screenshot of working code}}
 +     - __Purpose of File:__ Provide SMS Based Authorisation as per Sahana Framework draws from lib_auth.inc
 +  - **/inc/lib_security/lib_sms_acl.inc**
 +     - __Purpose of File:__ Provide SMS Based Authentication and assigns role to User as per Sahana Framework draws from lib_acl.inc
 +  - **/mod/msg/lib_sms_errors.inc** [Base structure committed to CVS]
 +     - __Purpose of File:__ Errors sent to users as output via SMS on receiving SMS input.
 +  - **/mod/msg/lib_sms_menu.inc**
 +     - __Purpose of File:__ SMS Menu sent to users
 +
 +
 +
 +===== Changes in SQL Schema: =====
 +
 +  - Add 1 field in table "person_uuid". Field name: mobile_number char(32) NULL UNIQUE. Purpose: Store mobile number of the user in the format "919898989898" without using any special characters.
 +  - Add 1 field in table "users". Field name: "sms_auth_status" varchar(60) NULL DEFAULT active. Purpose: To check if a particular user is authorised to communicate to Sahana Server over SMS.
 +
 +** This needs to be done in one of the messaging tables. Still to figure out where and how exactly.
 +
 +
 +===== Pseudocode: =====
 +
 +
 +  - Take SMS Input from SMS Plugin's handler. We process SMS after its posted to Sahana & inserted to DB.
 +  - We get the following values in the array $received_message[]:
 +     - ['sender'] = Caller ID
 +     - ['received'] = Received Timestamp
 +     - ['message'] = Message text
 +  - Check "sender" session state/authenticated state
 +     - if "sender" has a VALID and AUTHENTICATED session
 +        - If "senders" "menu_state" EXISTS in "session" i.e. last menu accessed by SMS to resume processing of SMS input
 +        - If "senders" "menu_state" NOT EXISTS in "session", we process incoming SMS from Scratch
 +  - If "sender" session is INVALID and UNAUTHENTICATED, the check authentication via "/inc/security/lib_sms_auth.inc"
 +     - if value of "sender" exists in field "mobile_number" of "person_uuid" table.
 +        - retrieve "p_uuid" of user
 +        - check "sms_auth_status" of user with "p_uuid" in table "users"
 +        - If "sms_auth_status" == active.
 +           - return login result as 1
 +           - proceed to message parsing & keyword check.
 +        - else if [sms_auth_status!=active]
 +           - send_sms_error("Sorry you are not authorised to access the Sahana SMS Server. Kindly login or contact Sahana Administrator")
 +           - Code Terminates
 +     - else if value of "sender" does NOT exists in field "mobile_number" of "person_uuid" table.
 +        - This part checks for keyword "login username password" in the "message" and autheticates user via "/inc/security/lib_sms_auth.inc"
 +        - Parse the message by $parsed_message = _shn_msg_parse_short_message($message);
 +        - Check if $parsed_message[0] == "login" then send $parsed_message to login check function in /lib/security/lib_sms_auth.inc
 +        - Else if $parsed_message[0] != "login" send send_sms_error("Sorry you are not authorised to access the Sahana SMS Server. Kindly login or contact Sahana Administrator")
 +
 +==== Parser Function: ====
 +
 +<code php>
 function _shn_msg_parse_short_message($message){ function _shn_msg_parse_short_message($message){
-    $parsed_message=array(); +     $parsed_message=array(); 
-    $parsed_message = explode(" ", $message); +     $parsed_message = explode(" ", $message); 
-    return $parsed_message; +     return $parsed_message; 
-}+ } 
 +</code>
  
-$output _shn_msg_parse_short_message($message); +==== Small Prototype in PHP Demonstrating the Login via SMS to Sahana DB ==== 
-$count count($output); + 
-echo "Count $count <br \>"; +
-print_r($output); +
-echo "<br \>Login Part:<br \>"; +
-if($output[0]=='login'+
-+
-$user $output[1]; +
-echo "User name: ".$user; +
-echo "<br \>Password "; +
-for($i=2; $i<$count; $i++){ +
-  $password .= $output[$i]; +
-  if($i!=$count-1) $password .= " "; // to avoid additional space +
-}+
  
-} +<code php> 
-echo "\"".$password."\""; +         <? 
-$pass = $password;+         $message=$_GET["msg"];
  
-//Sahana Login replace DB functions from sysconf.inc and /inc/handler_db.inc +         function _shn_msg_parse_short_message($message)
-mysql_connect("localhost", "root", ""or die(mysql_error()); +             $parsed_message=array(); 
-mysql_select_db("sahana") or die(mysql_error());+             $parsed_message = explode(" ", $message); 
 +             return $parsed_message; 
 +         }
  
-//Sahana Password building from lib_auth.inc +         $output _shn_msg_parse_short_message($message); 
- $ SELECT p_uuid,salt  FROM users +         $count count($output)
-                    WHERE user_name '$user'"+         echo "Count = $count <br \>"; 
- // AND password '$password_digest'"; +         print_r($output); 
- $res=mysql_query($q) or die(mysql_error()); +         echo "<br \>Login Part:<br \>"; 
- if(mysql_num_rows($res)==0){ +         if($output[0]=='login') 
- echo "User name does not exists"; +         
-                break+         $user = $output[1]; 
- }else{ +         echo "User name".$user
- while($result mysql_fetch_array($res)){ +         echo "<br \>Password = "
- $salt=$result['salt']; +         for($i=2; $i<$count; $i++){ 
- +           $password .= $output[$i]; 
- echo "<br \>Salt ".$salt."<br \>"; +           if($i!=$count-1) $password ." "; // to avoid additional space 
- }+         }
  
- $pwd=substr($pass, 0, 4).$salt.substr($pass, 4);+         } 
 +         echo "\"".$password."\""; 
 +         $pass = $password;
  
- // Create a digest of the password collected from the challenge +         //Sahana Login replace DB functions from sysconf.inc and /inc/handler_db.inc 
- $password_digest = md5(trim($pwd)); +         mysql_connect("localhost", "root", "") or die(mysql_error()); 
- echo "Digest : ".$password_digest; +         mysql_select_db("sahana") or die(mysql_error());
- // Formulate the SQL to find the user +
- $q =  SELECT p_uuid  FROM users +
-                    WHERE user_name = '$user' +
-                    AND password = '$password_digest' and salt='{$salt}'"+
- $res=mysql_query($q) or die(mysql_error());  +
- if(mysql_num_rows($res)==0)+
- echo "<br \>Login Failed"; +
- }else{ +
- echo "<br \>Login Success"; +
- }+
  
 +         //Sahana Password building from lib_auth.inc
 +          $q = "  SELECT p_uuid,salt  FROM users
 +                             WHERE user_name = '$user'";
 +          $res=mysql_query($q) or die(mysql_error());
 +          if(mysql_num_rows($res)==0){
 +          echo "User name does not exists";
 +                         break;
 +          }else{
 +          while($result = mysql_fetch_array($res)){
 +          $salt=$result['salt'];
 +          }
 +          echo "<br \>Salt = ".$salt."<br \>"; 
 +          }
 +
 +          $pwd=substr($pass, 0, 4).$salt.substr($pass, 4);
 +
 +          // Create a digest of the password collected from the challenge 
 +          $password_digest = md5(trim($pwd)); 
 +          echo "Digest : ".$password_digest; 
 +          // Formulate the SQL to find the user 
 +          $q = "  SELECT p_uuid  FROM users \\
 +                             WHERE user_name = '$user'
 +                             AND password = '$password_digest' and salt='{$salt}'";
 +          $res=mysql_query($q) or die(mysql_error());
 +          if(mysql_num_rows($res)==0){ 
 +          echo "<br \>Login Failed"; 
 +          }else{ 
 +          echo "<br \>Login Success";
 +          }
 ?> ?>
 +</code>
 +
 +* --- //[[ajuonline at gmail dot com|Ajay Kumar]] 2008/06/07 05:39//

Trace:

Navigation
QR Code
QR Code dev:gsoc_2008_msg_sms_login (generated for current page)