1. Looking for an SMS gateway
2. Writing a solution on the web, which, when the user contacts it, will issue an authorization page with a phone number and a password that will need to be entered.
3. On *WRT firmware, you raise the hotspot. Set it up so that the user is redirected to your authorization page with form
4 when connecting. Add this site to the walled garden.
Algorithm:
1. The user connects to the network
2. The user is redirected to your authorization page
3. the user enters a phone number there
4. Your web server generates a random password (preferably only numbers) and sends it through the SMS gateway to the number specified by the user.
5. The user enters a password in the form on the site, and clicks the "login" button
6. By clicking on this button, your web part will redirect the user to the face of the router with authorization parameters (192.168.1.1/login?user=***&pass=* *)
7. Profit
Z.Y. You can simply enter one account on all routers and authorize all users under the same login and password, but this is a hole and especially smart people can simply remember / copy the authorization link and freely bypass your system.
Or you can install freeradius, for example, and generate an arbitrary login-password combination in the database, then send the user to the router with this data, and the router will contact the radius server, and if it matches, log in. And records then to delete from a DB that under them it would be impossible to be authorized repeatedly. In this case, it will be impossible to forge a username and password.