Anonymous | Login | 2024-11-22 23:12 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001708 | PacketFence | captive portal | public | 2013-09-12 04:56 | 2013-09-12 17:22 | |||
Reporter | sinusoidal | |||||||
Assigned To | ||||||||
Priority | normal | Severity | major | Reproducibility | always | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | 3.6.1 | |||||||
Target Version | Fixed in Version | |||||||
Summary | 0001708: SMS messages sent to incorrect person | |||||||
Description | I mentioned an issue a while back in packetfence-users regarding receiving duplicate texts or incorrect users receiving texts. //www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg04361.html">http://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg04361.html [//www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg04361.html" target="_blank">^] It turns out that this is due to the hashing method being used in Packetfence which is causing SMS duplicates. Please see the blurb below explaining the process and why this occurs from another mailing list member that has contacted me regarding my post. I too have followed the below and have stopped receiving duplicates. I imagine the problem will only come to the foreground in large deployments where duplicates are more likely due to the number of registrants in the database. I'm not aware yet of whether this is fixed in 4.x but I guess there is a good chance it isn't so I think it's worth me creating a bug report. ==== snip ===== A quick update for you. I dug through my log messages (since I received a duplicate SMS today) and believe I have figured out what is happening. In the sms_activation.pm file within Packetfence (lib/pf/sms_activation.pm), it goes through a process when a new user registers via SMS. It appears that the user's phone number, mac address, current time, and expiration time are MD5 hashed, then converted to decimal, and then the first 4 digits are taken as the PIN. The PIN is stored in the pf MySQL table sms_activation. There is no checking for duplicate pins when it is placed in the database, and no method of checking of uniqueness in the PIN. When the PIN is returned back to the sms_activation_create_send subroutine, the PIN is sent to the send_sms subroutine, where the user's phone number is looked up from mysql from the PIN that is given. Since there is no duplicate pin checking, the database returns the first valid phone number when it finds the PIN, which can be different than the phone number submitted. This is where the "duplicate" PIN messages are coming from; a new registering user does not receive a SMS message, but someone else does. So, I'm going to be doing a few things to mitigate this. First off, I've set my PIN expiration to be very small (1 hour instead of the default super-large value of 31 days - top of sms_activation.pm), set the PIN to be 6 digits instead of 4 ( sms_activation.pm _generate_activation_code subroutine), and am cleaning out older than 1 week pins out of the database directly using the following SQL command: DELETE FROM `sms_activation` WHERE `expiration` <= DATE_SUB( NOW( ) , INTERVAL 1 WEEK) ==== snip ===== So I think some uniqueness checking needs adding in to the algorithm, as well as clearing out old pins (as with a 5 digit default pin, in large deployments, you stand a good chance of using all the pins if the database isn't purged regularly). Many thanks, Robin. | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Notes | |
(0003444) francis (administrator) 2013-09-12 17:22 |
This was fixed earlier this year : https://github.com/inverse-inc/packetfence/commit/85aa055dd04fc40d4eb378765570e940a7fcfbd8 [^] |
Issue History | |||
Date Modified | Username | Field | Change |
2013-09-12 04:56 | sinusoidal | New Issue | |
2013-09-12 17:22 | francis | Note Added: 0003444 | |
2013-09-12 17:22 | francis | Status | new => closed |
2013-09-12 17:22 | francis | Resolution | open => fixed |
Copyright © 2000 - 2012 MantisBT Group |