OpenNDS voucher.txt


I installed the simple voucher solution on openNDS. I created the ndslog folder in the temp directory and within it the voucher.txt file containing the voucher codes.

When I use a code it deletes it from the voucher list.

Does it work well?
Or am I not configuring it correctly?
Should it delete the code or write next to it which user used it? Why does it delete it?

you tell us ...

if the voucher list contains available codes, deleting the used ones, sounds fairly logical ?

Yes. It is logical to delete the codes used. What I don't understand is that last time it didn't delete, it just added numbers that the code had already been used. If I deleted those numbers I could use the code again.

ok, so it works in the opposite way ...

unless there's a setting somewhere, that reverses the functionality.

I don't know. It's okay that it works that way. I like this solution better. I just don't understand what the system is setting it based on.

that's what the manual's for ...

As discussed elsewhere, the Theme_voucher script was developed as a template by a member of the community for other developers to take as a starting point for their own project.
As such it has been tested and works as designed but is not suitable for a production environment as it stands as it would require some externally mounted storage.

It is a fairly simple ash script so if you want to know how it works, just read the script.

I have a smart lock that can be opened via the web. I use this system so that if someone knows my wifi password, they can't access the lock. That's why security was important to me. I don't want to use the code for large-scale operations. It's important that it works and is secure.

What does this have to do with voucher.txt?

It is important that no extra code can be added to the list by an external attack.

Like I said, what does this have to do with voucher.txt?

For clarity, voucher.txt is the voucher roll file for a voucher system, theme_voucher, that was developed by a community member as a template for one particular node of operation of openNDS so that other developers can use it as a starting point for their own projects.

It is open source, so I suggest you read the script and if you find any security issues then open an issue at opennds/opennds on Github.

If they've managed to get access the file, with the codes, them accessing it, will be the least of your problems.

1 Like

while on the topic of openNDS I read the docs and under "how openNDS works" in brackets you have FAS, PREAUTH, and THEME_SPEC. Do they need to work together or does THEME_SPEC supersede FAS/PREATH? I have peeked briefly inside the scripts with FAS being PHP and THEME_SPEC being bash and they seem to have duplicate functionality so wondering if I should only work in THEME_SPEC mode if I want to create a highly customized splash page.


They are all alternate methods of generating dynamic html page sequences.
PreAuth and ThemeSpec are both methods that use the openNDS built in web server. ThemeSpec is a template script method with all the basic functionality already done for you. You just need to decide what credentials you want to collect and how you want to verify them.
ThemeSpec is the default method and the Click to Continue theme is what you get after installing.

the function I want to add a conditional based on $clientip to select a themespec file and want to do a MAC -> IP address lookup but can't seem to find the location of the data file reported in the syslog:

syslog: Adding 22:a7:02:cc:f3:a2 token 5f0b3c8c to client list

where can I find this data so I can do a MAC -> IP address lookup?

This forum thread is about voucher.txt.

I suggest that to get specific help with openNDS, you should open an Issue on Github: