]> git.defcon.no Git - hermes/blob - api/lib/user_functions.php
Made default password lenght a config option. Added permittedcalls-info to doc
[hermes] / api / lib / user_functions.php
1 <?php
2 require_once('config.php');
3 require_once('lib/common_functions.php');
4 require_once('lib/db_functions.php');
5
6 $config = get_config();
7
8 function generate_password( $length = null )
9 {
10 global $config;
11 if ( ! $length ) $length = $config['standard_password_length'];
12
13 $string = "";
14 while ( strlen( $string ) < $length )
15 {
16 $string .= crypt(substr(md5(rand().rand()), 0, $length+1));
17 $string = preg_replace( '/\W/', '', $string);
18 }
19 return substr( $string, 1, $length );
20
21 }
22
23
24 function is_kamailio_subscriber ( $user, $domain )
25 {
26 global $config;
27 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
28 $config['kamailio_subscriber_table'],
29 sql_clean( $user ),
30 sql_clean( $domain )
31 );
32 return sql_dbtest_numrows( $config['kamailio_db'], $query, 1);
33 }
34
35 function is_provision_user ( $user, $domain )
36 {
37 global $config;
38 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
39 $config['hermes_users_table'],
40 sql_clean( $user ),
41 sql_clean( $domain )
42 );
43 return sql_dbtest_numrows( $config['hermes_db'], $query, 1);
44 }
45
46 function add_kamailio_subscriber( $username, $domain, $password, $email )
47 {
48
49 global $config;
50
51 $ha1 = md5( $username . ":" . $domain . ":" . $password );
52 $ha1b = md5( $username . "@" . $domain . ":" . $domain . ":" . $password );
53
54 $query = sprintf( "INSERT INTO %s (username, domain, password, email_address, ha1, ha1b) VALUES ('%s','%s','%s', '%s', '%s', '%s')",
55 $config['kamailio_subscriber_table'],
56 sql_clean($username),
57 sql_clean($domain),
58 sql_clean($password),
59 sql_clean($email),
60 $ha1,
61 $ha1b
62 );
63 if ( ! sql_dbexec( $config['kamailio_db'], $query ) ) return false;
64 return true;
65 }
66
67 function delete_kamailio_subscriber( $username, $domain )
68 {
69 global $config;
70
71
72 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
73 $config['kamailio_subscriber_table'],
74 sql_clean($username),
75 sql_clean($domain)
76 );
77 $row = sql_dbquery_single( $config['kamailio_db'], $query );
78 if (!$row) return false;
79 $user_rowid = $row['id'];
80 if ( !$user_rowid ) return false;
81
82 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
83 $config['kamailio_subscriber_table'],
84 $user_rowid,
85 sql_clean($username),
86 sql_clean($domain)
87 );
88 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
89 return true;
90 }
91
92
93 function update_kamailio_pw ( $username, $domain, $password )
94 {
95 global $config;
96
97 if ( ! ($username && $domain && $password))
98 return false;
99
100 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
101 $config['kamailio_subscriber_table'],
102 sql_clean($password),
103 sql_clean($username),
104 sql_clean($domain)
105
106 );
107 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
108 return true;
109 }
110
111 function update_kamailio_email ( $username, $domain, $email )
112 {
113 global $config;
114
115 if ( ! ($username && $domain && $email))
116 return false;
117
118 $query = sprintf("UPDATE %s SET email_address = '%s' WHERE username = '%s' AND domain = '%s'",
119 $config['kamailio_subscriber_table'],
120 sql_clean($email),
121 sql_clean($username),
122 sql_clean($domain)
123
124 );
125 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
126 return true;
127 }
128
129
130 function add_provision_user( $username, $password, $domain, $authid, $registrar, $r_port, $proxy, $p_port, $displayname, $dialplan, $linetext )
131 { global $config;
132
133 if ( is_provision_user( $username, $password ) ) return false;
134 $query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
135 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
136 $config['hermes_users_table'],
137 sql_clean($username),
138 sql_clean($password),
139 sql_clean($displayname),
140 sql_clean($domain),
141 sql_clean($registrar),
142 $r_port,
143 sql_clean($proxy),
144 $p_port,
145 sql_clean($dialplan),
146 sql_clean($authid),
147 sql_clean($linetext)
148 );
149 if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
150 return true;
151 }
152 function get_provision_userid ( $username, $domain )
153 {
154 global $config;
155
156 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
157 $config['hermes_users_table'],
158 sql_clean($username),
159 sql_clean($domain)
160 );
161
162 $row = sql_dbquery_single( $config['hermes_db'], $query );
163 if (!$row) return false;
164 $user_rowid = $row['id'];
165 return $user_rowid;
166 }
167
168 function delete_provision_user( $username, $domain )
169 {
170 global $config;
171
172 $user_rowid = get_provision_userid( $username, $domain );
173 if ( !$user_rowid ) return false;
174
175 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
176 $config['hermes_users_table'],
177 $user_rowid,
178 sql_clean($username),
179 sql_clean($domain)
180 );
181 if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
182 return true;
183 }
184
185 function update_provision_data ( $param, $username, $domain, $data )
186 {
187 global $config;
188
189 if (! (
190 $param == "displayname" ||
191 $param == "dialplan" ||
192 $param == "linetext" ||
193 $param == "registrar" ||
194 $param == "r_port" ||
195 $param == "proxy" ||
196 $param == "p_port"
197 ) ) return -1;
198
199
200 if ( ! ($username && $domain))
201 return -1;
202
203 if ( ! is_provision_user( $username, $domain ) )
204 return -2;
205
206 $query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
207 $config['hermes_users_table'],
208 sql_clean($param),
209 sql_clean($data),
210 sql_clean($username),
211 sql_clean($domain)
212
213 );
214 $res = sql_dbexec_rows( $config['hermes_db'], $query);
215
216 if ( $res < 0 ) return -2;
217 if ( $res > 1 ) return -2;
218 return $res;
219 }
220
221 function update_provision_pw ( $username, $domain, $password )
222 {
223 global $config;
224
225 if ( ! ($username && $domain && $password))
226 return false;
227
228 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
229 $config['hermes_users_table'],
230 sql_clean($password),
231 sql_clean($username),
232 sql_clean($domain)
233
234 );
235 if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
236 return true;
237 }
238
239 function list_users ( $search = null )
240 {
241 global $config;
242 $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['hermes_users_table'] );
243
244 if ( array_key_exists ( 'search', $_POST ) )
245 {
246 $search = $_POST['search']; // TODO: Add some sanitation and input validation!
247 $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['hermes_users_table'], sql_clean( $search ) );
248 }
249
250 $result = sql_dbquery( $config['hermes_db'], $query );
251 if ( !$result ) return null;
252 $list = array();
253 while ( $row = @mysql_fetch_row( $result ) )
254 {
255 array_push( $list, array( "user" => $row[0], "displayname" => $row[1] ) );
256 }
257 return $list;
258 print json_encode( array( 'response' => 'ok', 'list' => $list ));
259
260
261 }
262 function get_userdata( $username, $domain )
263 {
264 global $config;
265 if ( is_kamailio_subscriber( $username, $domain ) // User must be present in both!
266 && is_provision_user( $username, $domain ) ) $type = 'local';
267 else if ( is_provision_user( $username, $domain ) ) $type = 'remote';
268 else return null;
269
270 $provision_data = null;
271 $kamailio_data = null;
272
273 $query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
274 $config['hermes_users_table'],
275 sql_clean($username),
276 sql_clean($domain));
277
278 $provision_data = sql_dbquery_single( $config['hermes_db'] , $query_provision );
279 if ( ! $provision_data ) return false;
280
281 if ( $type == 'local' )
282 {
283 // WARNING: Note the typo in the name of the 'permittedcalls' column!
284 $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permitedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
285 $config['kamailio_subscriber_table'],
286 sql_clean($username),
287 sql_clean($domain));
288 $kamailio_data = sql_dbquery_single( $config['kamailio_db'] , $query_kamailio );
289 if ( ! $kamailio_data ) return false;
290 }
291 $user['type'] = $type;
292 $user['username'] = $provision_data['username'];
293 $user['password'] = $provision_data['password'];
294 $user['domain'] = $provision_data['domain'];
295 $user['authid'] = $provision_data['authid'];
296 $user['registrar'] = $provision_data['registrar'];
297 $user['r_port'] = $provision_data['r_port'];
298 $user['proxy'] = $provision_data['proxy'];
299 $user['p_port'] = $provision_data['p_port'];
300 $user['dialplan'] = $provision_data['dialplan'];
301 $user['displayname'] = $provision_data['displayname'];
302 $user['linetext'] = $provision_data['linetext'];
303 if ( $type == 'local' )
304 {
305 $user['email'] = $kamailio_data['email_address'];
306 $user['ha1'] = $kamailio_data['ha1'];
307 $user['ha1b'] = $kamailio_data['ha1b'];
308 $user['rpid'] = $kamailio_data['rpid'];
309 $user['permittedcalls'] = $kamailio_data['permitedcalls'];
310 }
311
312 return $user;
313 }
314
315 ?>