]> git.defcon.no Git - hermes/blob - api/lib/user_functions.php
Changed sql_dbquery to return result on zero rows. Resulted in some patchings. Added...
[hermes] / api / lib / user_functions.php
1 <?php
2 require_once('config.php');
3 require_once('lib/common_functions.php');
4 require_once('lib/db_functions.php');
5
6 $config = get_config();
7
8 function generate_password( $length = 24 )
9 {
10 $string = "";
11 while ( strlen( $string ) < $length )
12 $string .= substr(md5(rand().rand()), 0, $length);
13 return substr( $string, 0, $length );
14
15 }
16
17
18 function is_kamailio_subscriber ( $user, $domain )
19 {
20 global $config;
21 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
22 $config['kamailio_subscriber_table'],
23 sql_clean( $user ),
24 sql_clean( $domain )
25 );
26 return sql_dbtest_numrows( $config['kamailio_db'], $query, 1);
27 }
28
29 function is_provision_user ( $user, $domain )
30 {
31 global $config;
32 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
33 $config['provision_users_table'],
34 sql_clean( $user ),
35 sql_clean( $domain )
36 );
37 return sql_dbtest_numrows( $config['provision_db'], $query, 1);
38 }
39
40 function add_kamailio_subscriber( $username, $domain, $password, $email )
41 {
42
43 global $config;
44
45 $ha1 = md5( $username . ":" . $domain . ":" . $password );
46 $ha1b = md5( $username . "@" . $domain . ":" . $domain . ":" . $password );
47
48 $query = sprintf( "INSERT INTO %s (username, domain, password, email_address, ha1, ha1b) VALUES ('%s','%s','%s', '%s', '%s', '%s')",
49 $config['kamailio_subscriber_table'],
50 sql_clean($username),
51 sql_clean($domain),
52 sql_clean($password),
53 sql_clean($email),
54 $ha1,
55 $ha1b
56 );
57 if ( ! sql_dbexec( $config['kamailio_db'], $query ) ) return false;
58 return true;
59 }
60
61 function delete_kamailio_subscriber( $username, $domain )
62 {
63 global $config;
64
65
66 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
67 $config['kamailio_subscriber_table'],
68 sql_clean($username),
69 sql_clean($domain)
70 );
71 $row = sql_dbquery_single( $config['kamailio_db'], $query );
72 if (!$row) return false;
73 $user_rowid = $row['id'];
74 if ( !$user_rowid ) return false;
75
76 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
77 $config['kamailio_subscriber_table'],
78 $user_rowid,
79 sql_clean($username),
80 sql_clean($domain)
81 );
82 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
83 return true;
84 }
85
86
87 function update_kamailio_pw ( $username, $domain, $password )
88 {
89 global $config;
90
91 if ( ! ($username && $domain && $password))
92 return false;
93
94 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
95 $config['kamailio_subscriber_table'],
96 sql_clean($password),
97 sql_clean($username),
98 sql_clean($domain)
99
100 );
101 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
102 return true;
103 }
104
105 function update_kamailio_email ( $username, $domain, $email )
106 {
107 global $config;
108
109 if ( ! ($username && $domain && $email))
110 return false;
111
112 $query = sprintf("UPDATE %s SET email_address = '%s' WHERE username = '%s' AND domain = '%s'",
113 $config['kamailio_subscriber_table'],
114 sql_clean($email),
115 sql_clean($username),
116 sql_clean($domain)
117
118 );
119 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
120 return true;
121 }
122
123
124 function add_provision_user( $username, $password, $domain, $authid, $registrar, $r_port, $proxy, $p_port, $displayname, $dialplan, $linetext )
125 { global $config;
126
127 if ( is_provision_user( $username, $password ) ) return false;
128 $query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
129 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
130 $config['provision_users_table'],
131 sql_clean($username),
132 sql_clean($password),
133 sql_clean($displayname),
134 sql_clean($domain),
135 sql_clean($registrar),
136 $r_port,
137 sql_clean($proxy),
138 $p_port,
139 sql_clean($dialplan),
140 sql_clean($authid),
141 sql_clean($linetext)
142 );
143 if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
144 return true;
145 }
146 function get_provision_userid ( $username, $domain )
147 {
148 global $config;
149
150 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
151 $config['provision_users_table'],
152 sql_clean($username),
153 sql_clean($domain)
154 );
155
156 $row = sql_dbquery_single( $config['provision_db'], $query );
157 if (!$row) return false;
158 $user_rowid = $row['id'];
159 return $user_rowid;
160 }
161
162 function delete_provision_user( $username, $domain )
163 {
164 global $config;
165
166 $user_rowid = get_provision_userid( $username, $domain );
167 if ( !$user_rowid ) return false;
168
169 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
170 $config['provision_users_table'],
171 $user_rowid,
172 sql_clean($username),
173 sql_clean($domain)
174 );
175 if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
176 return true;
177 }
178
179 function update_provision_data ( $param, $username, $domain, $data )
180 {
181 global $config;
182
183 if (! (
184 $param == "displayname" ||
185 $param == "dialplan" ||
186 $param == "linetext" ||
187 $param == "registrar" ||
188 $param == "r_port" ||
189 $param == "proxy" ||
190 $param == "p_port"
191 ) ) return -1;
192
193
194 if ( ! ($username && $domain))
195 return -1;
196
197 if ( ! is_provision_user( $username, $domain ) )
198 return -2;
199
200 $query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
201 $config['provision_users_table'],
202 sql_clean($param),
203 sql_clean($data),
204 sql_clean($username),
205 sql_clean($domain)
206
207 );
208 $res = sql_dbexec_rows( $config['provision_db'], $query);
209
210 if ( $res < 0 ) return -2;
211 if ( $res > 1 ) return -2;
212 return $res;
213 }
214
215 function update_provision_pw ( $username, $domain, $password )
216 {
217 global $config;
218
219 if ( ! ($username && $domain && $password))
220 return false;
221
222 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
223 $config['provision_users_table'],
224 sql_clean($password),
225 sql_clean($username),
226 sql_clean($domain)
227
228 );
229 if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
230 return true;
231 }
232
233 function list_users ( $search = null )
234 {
235 global $config;
236 $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
237
238 if ( array_key_exists ( 'search', $_GET ) )
239 {
240 $search = $_GET['search']; // TODO: Add some sanitation and input validation!
241 $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
242 }
243
244 $result = sql_dbquery( $config['provision_db'], $query );
245 if ( !$result ) return null;
246 $list = array();
247 while ( $row = @mysql_fetch_row( $result ) )
248 {
249 array_push( $list, array( "user" => $row[0], "displayname" => $row[1] ) );
250 }
251 return $list;
252 print json_encode( array( 'response' => 'ok', 'list' => $list ));
253
254
255 }
256 function get_userdata( $username, $domain )
257 {
258 global $config;
259 if ( is_kamailio_subscriber( $username, $domain ) // User must be present in both!
260 && is_provision_user( $username, $domain ) ) $type = 'local';
261 else if ( is_provision_user( $username, $domain ) ) $type = 'remote';
262 else return null;
263
264 $provision_data = null;
265 $kamailio_data = null;
266
267 $query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
268 $config['provision_users_table'],
269 sql_clean($username),
270 sql_clean($domain));
271
272 $provision_data = sql_dbquery_single( $config['provision_db'] , $query_provision );
273 if ( ! $provision_data ) return false;
274
275 if ( $type == 'local' )
276 {
277 // WARNING: Note the typo in the name of the 'permittedcalls' column!
278 $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permitedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
279 $config['kamailio_subscriber_table'],
280 sql_clean($username),
281 sql_clean($domain));
282 $kamailio_data = sql_dbquery_single( $config['kamailio_db'] , $query_kamailio );
283 if ( ! $kamailio_data ) return false;
284 }
285 $user['type'] = $type;
286 $user['username'] = $provision_data['username'];
287 $user['password'] = $provision_data['password'];
288 $user['domain'] = $provision_data['domain'];
289 $user['authid'] = $provision_data['authid'];
290 $user['registrar'] = $provision_data['registrar'];
291 $user['r_port'] = $provision_data['r_port'];
292 $user['proxy'] = $provision_data['proxy'];
293 $user['p_port'] = $provision_data['p_port'];
294 $user['dialplan'] = $provision_data['dialplan'];
295 $user['displayname'] = $provision_data['displayname'];
296 $user['linetext'] = $provision_data['linetext'];
297 if ( $type == 'local' )
298 {
299 $user['email'] = $kamailio_data['email_address'];
300 $user['ha1'] = $kamailio_data['ha1'];
301 $user['ha1b'] = $kamailio_data['ha1b'];
302 $user['rpid'] = $kamailio_data['rpid'];
303 $user['permittedcalls'] = $kamailio_data['permitedcalls'];
304 }
305
306 return $user;
307 }
308
309 ?>