backlog add

[hermes] / api / lib / user_functions.php

<?php
/*
#  Copyright (c) 2012, Gjøvik University College
#  All rights reserved.

#  Redistribution and use in source and binary forms, with or without
#  modification, are permitted provided that the following conditions are met:
#      * Redistributions of source code must retain the above copyright
#        notice, this list of conditions and the following disclaimer.
#      * Redistributions in binary form must reproduce the above copyright
#        notice, this list of conditions and the following disclaimer in the
#        documentation and/or other materials provided with the distribution.
#      * Neither the name of the Gjøvik University College nor the
#        names of its contributors may be used to endorse or promote products
#        derived from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY Gjøvik University College ''AS IS'' AND ANY
#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#  DISCLAIMED. IN NO EVENT SHALL Gjøvik University College BE LIABLE FOR ANY
#  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
require_once('config.php');
require_once('lib/common_functions.php');
require_once('lib/db_functions.php');

$config = get_config();

function generate_password( $length = null )
{
        global $config;
        if ( ! $length ) $length = $config['standard_password_length'];

        $string = "";
         while ( strlen( $string ) < $length )
         {
                $string .= crypt(substr(md5(rand().rand()), 0, $length+1));
                $string = preg_replace( '/\W/', '', $string);
         }
        return substr( $string, 1, $length );

}


function is_kamailio_subscriber ( $user, $domain )
{
        global $config;
        $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
                $config['kamailio_subscriber_table'],
                sql_clean( $user ),
                sql_clean( $domain )
        );
        return sql_dbtest_numrows( $config['kamailio_db'], $query, 1);
}

function is_provision_user ( $user, $domain )
{
        global $config;
        $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
                $config['hermes_users_table'],
                sql_clean( $user ),
                sql_clean( $domain )
        );
        return sql_dbtest_numrows( $config['hermes_db'], $query, 1);
}

function add_kamailio_subscriber( $username, $domain, $password, $email )
{

        global $config;

        $ha1  = md5( $username . ":" . $domain . ":" . $password );
        $ha1b = md5( $username . "@" . $domain . ":" . $domain . ":" . $password );

        $query = sprintf( "INSERT INTO %s (username, domain, password, email_address, ha1, ha1b) VALUES ('%s','%s','%s', '%s', '%s', '%s')",
                $config['kamailio_subscriber_table'],
                sql_clean($username),
                sql_clean($domain),
                sql_clean($password),
                sql_clean($email),
                $ha1,
                $ha1b
        );
        if ( ! sql_dbexec( $config['kamailio_db'], $query ) ) return false;
        return true;
}

function delete_kamailio_subscriber( $username, $domain )
{
        global $config;


        $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
                $config['kamailio_subscriber_table'],
                sql_clean($username),
                sql_clean($domain)
        );
        $row = sql_dbquery_single( $config['kamailio_db'], $query );
        if  (!$row) return false;
        $user_rowid = $row['id'];
        if ( !$user_rowid ) return false;

        $query = sprintf( "DELETE FROM  %s WHERE id = %d AND username = '%s' AND domain = '%s'",
                $config['kamailio_subscriber_table'],
                $user_rowid,
                sql_clean($username),
                sql_clean($domain)
        );
        if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
        return true;
}


function update_kamailio_pw ( $username, $domain, $password )
{
        global $config;

        if ( ! ($username && $domain && $password))
                return false;

        $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
                $config['kamailio_subscriber_table'],
                sql_clean($password),
                sql_clean($username),
                sql_clean($domain)
        
        );
        if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
        return true;
}

function update_kamailio_email ( $username, $domain, $email )
{
        global $config;

        if ( ! ($username && $domain && $email))
                return false;

        $query = sprintf("UPDATE %s SET email_address = '%s' WHERE username = '%s' AND domain = '%s'",
                $config['kamailio_subscriber_table'],
                sql_clean($email),
                sql_clean($username),
                sql_clean($domain)
        
        );
        if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
        return true;
}


function add_provision_user( $username, $password, $domain, $authid, $registrar, $r_port, $proxy, $p_port, $displayname, $dialplan, $linetext )
{       global $config;

        if ( is_provision_user( $username, $password ) ) return false;
        $query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
                VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
                $config['hermes_users_table'],
                sql_clean($username), 
                sql_clean($password), 
                sql_clean($displayname), 
                sql_clean($domain), 
                sql_clean($registrar), 
                $r_port, 
                sql_clean($proxy), 
                $p_port, 
                sql_clean($dialplan), 
                sql_clean($authid), 
                sql_clean($linetext)
        );
        if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
        return true;
}
function get_provision_userid ( $username, $domain )
{
        global $config;

        $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
                $config['hermes_users_table'],
                sql_clean($username),
                sql_clean($domain)
        );

        $row = sql_dbquery_single( $config['hermes_db'], $query );
        if  (!$row) return false;
        $user_rowid = $row['id'];
        return $user_rowid;
}

function delete_provision_user( $username, $domain )
{
        global $config;

        $user_rowid = get_provision_userid( $username, $domain );
        if ( !$user_rowid ) return false;

        $query = sprintf( "DELETE FROM  %s WHERE id = %d AND username = '%s' AND domain = '%s'",
                $config['hermes_users_table'],
                $user_rowid,
                sql_clean($username),
                sql_clean($domain)
        );
        if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
        return true;
}

function update_provision_data ( $param, $username, $domain, $data )
{
        global $config;

        if (! (
                $param == "displayname" ||
                $param == "dialplan" ||
                $param == "linetext" ||
                $param == "registrar" ||
                $param == "r_port" ||
                $param == "proxy" ||
                $param == "p_port"
                ) ) return -1;


        if ( ! ($username && $domain))
                return -1;

        if ( ! is_provision_user( $username, $domain ) )
                return -2;

        $query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
                $config['hermes_users_table'],
                sql_clean($param),
                sql_clean($data),
                sql_clean($username),
                sql_clean($domain)
        
        );
        $res = sql_dbexec_rows( $config['hermes_db'], $query);

        if ( $res < 0 ) return -2;
        if ( $res > 1 ) return -2;
        return  $res;
}

function update_provision_pw ( $username, $domain, $password )
{
        global $config;

        if ( ! ($username && $domain && $password))
                return false;

        $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
                $config['hermes_users_table'],
                sql_clean($password),
                sql_clean($username),
                sql_clean($domain)
        
        );
        if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
        return true;
}

function list_users ( $search = null )
{
        global $config;
        $query = sprintf("SELECT CONCAT(username, '@', domain), displayname, username, domain FROM %s ORDER BY username,domain", $config['hermes_users_table'] );

        if ( array_key_exists ( 'search', $_POST ) )
        {
                $search = $_POST['search']; // TODO: Add some sanitation and input validation!
                $query = sprintf("SELECT CONCAT(username, '@', domain), displayname, username, domain FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['hermes_users_table'], sql_clean( $search ) );
        }

        $result = sql_dbquery( $config['hermes_db'], $query );
        if ( !$result ) return null;
        $list = array();
        while ( $row = @mysql_fetch_row( $result ) )
        {
                $online = is_online( $row[2], $row[3] ) ? online : offline;
                array_push( $list, array( "user" => $row[0], "displayname" => $row[1], "status" => $online ) );
        }
        return $list;
        print json_encode( array( 'response' => 'ok', 'list' => $list ));


}
function get_userdata( $username, $domain )
{
        global $config;
        if ( is_kamailio_subscriber( $username, $domain ) // User must be present in both!
                && is_provision_user( $username, $domain ) ) $type = 'local';
        else if ( is_provision_user( $username, $domain ) ) $type = 'remote';
        else return null;

        $provision_data = null;
        $kamailio_data = null;

        $query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
                $config['hermes_users_table'],
                sql_clean($username),
                sql_clean($domain));

        $provision_data = sql_dbquery_single( $config['hermes_db'] , $query_provision );
        if ( ! $provision_data ) return false;

        if ( $type == 'local' )
        {
                // WARNING: Note the typo in the name of the 'permittedcalls' column!
                $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permittedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
                        $config['kamailio_subscriber_table'],
                        sql_clean($username),
                        sql_clean($domain));
                $kamailio_data = sql_dbquery_single( $config['kamailio_db'] , $query_kamailio );
                if ( ! $kamailio_data ) return false;
        }
        $user['type'] = $type;
        $user['username']    = $provision_data['username'];
        $user['password']    = $provision_data['password'];
        $user['domain']      = $provision_data['domain'];
        $user['authid']      = $provision_data['authid'];
        $user['registrar']   = $provision_data['registrar'];
        $user['r_port']      = $provision_data['r_port'];
        $user['proxy']       = $provision_data['proxy'];
        $user['p_port']      = $provision_data['p_port'];
        $user['dialplan']    = $provision_data['dialplan'];
        $user['displayname'] = $provision_data['displayname'];
        $user['linetext']    = $provision_data['linetext'];
        if ( $type == 'local' )
        {
                $user['email'] = $kamailio_data['email_address'];
                $user['ha1']   = $kamailio_data['ha1'];
                $user['ha1b']  = $kamailio_data['ha1b'];
                $user['rpid']  = $kamailio_data['rpid'];
                $user['permittedcalls'] = $kamailio_data['permittedcalls'];
        }

        return $user;
}

function get_locations( $username, $domain )
{
        global $config;

        $query = sprintf ("SELECT contact, UNIX_TIMESTAMP(expires) as expires, user_agent, socket FROM %s WHERE username = '%s' AND (domain = '%s' OR domain is NULL)",
                $config['kamailio_location_table'],
                sql_clean($username),
                sql_clean($domain));

        $result = sql_dbquery( $config['kamailio_db'], $query );
        if ( !$result ) return null;
        $list = array();
        while ( $row = @mysql_fetch_row( $result ) )
        {
                array_push( $list, array( "contact" => $row[0], "expires" => $row[1], "useragent" => $row[2] ) );
        }
        return $list;
}

function is_online( $username, $domain )
{
        if ( get_locations( $username, $domain ) != null ) return true;
        else return false;
}

?>