$config = get_config();
+// Default length 24 characters to provide a long password
+// that still is short enough that Cisco SPA phones can use it
function generate_password( $length = 24 )
{
$string = "";
while ( strlen( $string ) < $length )
- $string .= substr(md5(rand().rand()), 0, $length);
- return substr( $string, 0, $length );
+ {
+ $string .= crypt(substr(md5(rand().rand()), 0, $length+1));
+ $string = preg_replace( '/\W/', '', $string);
+ }
+ return substr( $string, 1, $length );
}
{
global $config;
$query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean( $user ),
sql_clean( $domain )
);
- return sql_dbtest_numrows( $config['provision_db'], $query, 1);
+ return sql_dbtest_numrows( $config['hermes_db'], $query, 1);
}
function add_kamailio_subscriber( $username, $domain, $password, $email )
if ( is_provision_user( $username, $password ) ) return false;
$query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($username),
sql_clean($password),
sql_clean($displayname),
sql_clean($authid),
sql_clean($linetext)
);
- if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
return true;
}
function get_provision_userid ( $username, $domain )
global $config;
$query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($username),
sql_clean($domain)
);
- $row = sql_dbquery_single( $config['provision_db'], $query );
+ $row = sql_dbquery_single( $config['hermes_db'], $query );
if (!$row) return false;
$user_rowid = $row['id'];
return $user_rowid;
if ( !$user_rowid ) return false;
$query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
$user_rowid,
sql_clean($username),
sql_clean($domain)
);
- if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
+ if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
return true;
}
return -2;
$query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($param),
sql_clean($data),
sql_clean($username),
sql_clean($domain)
);
- $res = sql_dbexec_rows( $config['provision_db'], $query);
+ $res = sql_dbexec_rows( $config['hermes_db'], $query);
if ( $res < 0 ) return -2;
if ( $res > 1 ) return -2;
return false;
$query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($password),
sql_clean($username),
sql_clean($domain)
);
- if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
+ if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
return true;
}
function list_users ( $search = null )
{
global $config;
- $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
+ $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['hermes_users_table'] );
- if ( array_key_exists ( 'search', $_GET ) )
+ if ( array_key_exists ( 'search', $_POST ) )
{
- $search = $_GET['search']; // TODO: Add some sanitation and input validation!
- $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
+ $search = $_POST['search']; // TODO: Add some sanitation and input validation!
+ $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['hermes_users_table'], sql_clean( $search ) );
}
- $result = sql_dbquery( $config['provision_db'], $query );
+ $result = sql_dbquery( $config['hermes_db'], $query );
if ( !$result ) return null;
$list = array();
- while ( $row = mysql_fetch_row( $result ) )
+ while ( $row = @mysql_fetch_row( $result ) )
{
array_push( $list, array( "user" => $row[0], "displayname" => $row[1] ) );
}
$kamailio_data = null;
$query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($username),
sql_clean($domain));
- $provision_data = sql_dbquery_single( $config['provision_db'] , $query_provision );
+ $provision_data = sql_dbquery_single( $config['hermes_db'] , $query_provision );
if ( ! $provision_data ) return false;
if ( $type == 'local' )
git.defcon.no / hermes / blobdiff