PROJECT: Auto-activation WiFi (wifionline.in) — Grandstream GWN7605LR GOAL: When a guest connects to SSID and pays on the portal, their device should be automatically authorized on the GWN AP (no manual SMS/voucher input). FLOW: 1) GWN captive portal external URL must redirect connecting clients to: https://wifionline.in/portal/payment?ap_mac={apmac}&client_mac={clientmac}&client_ip={ip} (Ensure URL template includes client_mac or device identifier.) 2) Portal page /portal/payment: - Read GET params: client_mac, ap_mac, client_ip. - Display plans (₹10 -> 10GB/1day, ₹20 -> 20GB/2day, ₹50 -> 50GB/7day, ₹100 -> 300GB/30day). - On user click, open Razorpay checkout (or chosen gateway). - Create order in local DB: order_id, amount, client_mac, ap_mac, client_ip, status=pending. 3) Payment gateway: - Use Razorpay (recommended) or equivalent. - Provide webhook endpoint: POST https://wifionline.in/webhook/payment - Webhook must be verified with signature (Razorpay signature verification). 4) Webhook handler logic: - Verify signature and payment success. - Find order by order_id and ensure status pending. - Determine plan by amount; compute expiry (seconds) and bytes (max_bytes). - Call GWN Cloud API to authorize the device (bind to client_mac) or create a voucher tied to client_mac. • Use GWN Cloud API with stored API token (Bearer). • If GWN Cloud supports direct MAC authorization, use that endpoint; otherwise create a time-limited voucher assigned to that MAC. - Update order status = paid, store GWN response (voucher id or authorization id), store expiry timestamp. 5) Immediate effect: - GWN controller authorizes client_mac → AP grants internet access instantly. - Optionally log success on a simple admin page. 6) Admin panel (simple): - View orders, filter by date/phone/mac/plan. - Show authorization id, expiry, bytes used (if API provides usage). SECURITY & INFRA: - Host on HTTPS (SSL). - Store Razorpay keys & GWN token in environment variables (.env). - Use basic DB (MySQL). - Handle concurrency and idempotency (webhook may be retried). NOTES FOR GWN API: - Use GWN Cloud developer token. - Typical actions needed: • Create a voucher with max_bytes & expire_time and restrict to client_mac OR • Directly set client_mac as allowed/whitelisted for the SSID for the given period/bytes. - If GWN Cloud cannot bind voucher to MAC, alternative: create voucher and immediately call API to force-login (some controllers allow immediate session create). Developer to check GWN API docs. DELIVERABLES: 1) Working portal page for payment. 2) Webhook handler that authorizes MAC on payment success. 3) Instructions to configure GWN captive portal External Portal URL. 4) Simple Admin page. 5) Deployment on existing hosting.