]> git.defcon.no Git - hermes/blob - api/lib/user_functions.php
Permitedcalls is now called permittedcalls in the DB. Fixed a failure-failure resulti...
[hermes] / api / lib / user_functions.php
1 <?php
2 /*
3 # Copyright (c) 2012, Gjøvik University College
4 # All rights reserved.
5
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions are met:
8 # * Redistributions of source code must retain the above copyright
9 # notice, this list of conditions and the following disclaimer.
10 # * Redistributions in binary form must reproduce the above copyright
11 # notice, this list of conditions and the following disclaimer in the
12 # documentation and/or other materials provided with the distribution.
13 # * Neither the name of the Gjøvik University College nor the
14 # names of its contributors may be used to endorse or promote products
15 # derived from this software without specific prior written permission.
16 #
17 # THIS SOFTWARE IS PROVIDED BY Gjøvik University College ''AS IS'' AND ANY
18 # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 # DISCLAIMED. IN NO EVENT SHALL Gjøvik University College BE LIABLE FOR ANY
21 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28 require_once('config.php');
29 require_once('lib/common_functions.php');
30 require_once('lib/db_functions.php');
31
32 $config = get_config();
33
34 function generate_password( $length = null )
35 {
36 global $config;
37 if ( ! $length ) $length = $config['standard_password_length'];
38
39 $string = "";
40 while ( strlen( $string ) < $length )
41 {
42 $string .= crypt(substr(md5(rand().rand()), 0, $length+1));
43 $string = preg_replace( '/\W/', '', $string);
44 }
45 return substr( $string, 1, $length );
46
47 }
48
49
50 function is_kamailio_subscriber ( $user, $domain )
51 {
52 global $config;
53 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
54 $config['kamailio_subscriber_table'],
55 sql_clean( $user ),
56 sql_clean( $domain )
57 );
58 return sql_dbtest_numrows( $config['kamailio_db'], $query, 1);
59 }
60
61 function is_provision_user ( $user, $domain )
62 {
63 global $config;
64 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
65 $config['hermes_users_table'],
66 sql_clean( $user ),
67 sql_clean( $domain )
68 );
69 return sql_dbtest_numrows( $config['hermes_db'], $query, 1);
70 }
71
72 function add_kamailio_subscriber( $username, $domain, $password, $email )
73 {
74
75 global $config;
76
77 $ha1 = md5( $username . ":" . $domain . ":" . $password );
78 $ha1b = md5( $username . "@" . $domain . ":" . $domain . ":" . $password );
79
80 $query = sprintf( "INSERT INTO %s (username, domain, password, email_address, ha1, ha1b) VALUES ('%s','%s','%s', '%s', '%s', '%s')",
81 $config['kamailio_subscriber_table'],
82 sql_clean($username),
83 sql_clean($domain),
84 sql_clean($password),
85 sql_clean($email),
86 $ha1,
87 $ha1b
88 );
89 if ( ! sql_dbexec( $config['kamailio_db'], $query ) ) return false;
90 return true;
91 }
92
93 function delete_kamailio_subscriber( $username, $domain )
94 {
95 global $config;
96
97
98 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
99 $config['kamailio_subscriber_table'],
100 sql_clean($username),
101 sql_clean($domain)
102 );
103 $row = sql_dbquery_single( $config['kamailio_db'], $query );
104 if (!$row) return false;
105 $user_rowid = $row['id'];
106 if ( !$user_rowid ) return false;
107
108 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
109 $config['kamailio_subscriber_table'],
110 $user_rowid,
111 sql_clean($username),
112 sql_clean($domain)
113 );
114 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
115 return true;
116 }
117
118
119 function update_kamailio_pw ( $username, $domain, $password )
120 {
121 global $config;
122
123 if ( ! ($username && $domain && $password))
124 return false;
125
126 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
127 $config['kamailio_subscriber_table'],
128 sql_clean($password),
129 sql_clean($username),
130 sql_clean($domain)
131
132 );
133 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
134 return true;
135 }
136
137 function update_kamailio_email ( $username, $domain, $email )
138 {
139 global $config;
140
141 if ( ! ($username && $domain && $email))
142 return false;
143
144 $query = sprintf("UPDATE %s SET email_address = '%s' WHERE username = '%s' AND domain = '%s'",
145 $config['kamailio_subscriber_table'],
146 sql_clean($email),
147 sql_clean($username),
148 sql_clean($domain)
149
150 );
151 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
152 return true;
153 }
154
155
156 function add_provision_user( $username, $password, $domain, $authid, $registrar, $r_port, $proxy, $p_port, $displayname, $dialplan, $linetext )
157 { global $config;
158
159 if ( is_provision_user( $username, $password ) ) return false;
160 $query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
161 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
162 $config['hermes_users_table'],
163 sql_clean($username),
164 sql_clean($password),
165 sql_clean($displayname),
166 sql_clean($domain),
167 sql_clean($registrar),
168 $r_port,
169 sql_clean($proxy),
170 $p_port,
171 sql_clean($dialplan),
172 sql_clean($authid),
173 sql_clean($linetext)
174 );
175 if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
176 return true;
177 }
178 function get_provision_userid ( $username, $domain )
179 {
180 global $config;
181
182 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
183 $config['hermes_users_table'],
184 sql_clean($username),
185 sql_clean($domain)
186 );
187
188 $row = sql_dbquery_single( $config['hermes_db'], $query );
189 if (!$row) return false;
190 $user_rowid = $row['id'];
191 return $user_rowid;
192 }
193
194 function delete_provision_user( $username, $domain )
195 {
196 global $config;
197
198 $user_rowid = get_provision_userid( $username, $domain );
199 if ( !$user_rowid ) return false;
200
201 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
202 $config['hermes_users_table'],
203 $user_rowid,
204 sql_clean($username),
205 sql_clean($domain)
206 );
207 if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
208 return true;
209 }
210
211 function update_provision_data ( $param, $username, $domain, $data )
212 {
213 global $config;
214
215 if (! (
216 $param == "displayname" ||
217 $param == "dialplan" ||
218 $param == "linetext" ||
219 $param == "registrar" ||
220 $param == "r_port" ||
221 $param == "proxy" ||
222 $param == "p_port"
223 ) ) return -1;
224
225
226 if ( ! ($username && $domain))
227 return -1;
228
229 if ( ! is_provision_user( $username, $domain ) )
230 return -2;
231
232 $query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
233 $config['hermes_users_table'],
234 sql_clean($param),
235 sql_clean($data),
236 sql_clean($username),
237 sql_clean($domain)
238
239 );
240 $res = sql_dbexec_rows( $config['hermes_db'], $query);
241
242 if ( $res < 0 ) return -2;
243 if ( $res > 1 ) return -2;
244 return $res;
245 }
246
247 function update_provision_pw ( $username, $domain, $password )
248 {
249 global $config;
250
251 if ( ! ($username && $domain && $password))
252 return false;
253
254 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
255 $config['hermes_users_table'],
256 sql_clean($password),
257 sql_clean($username),
258 sql_clean($domain)
259
260 );
261 if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
262 return true;
263 }
264
265 function list_users ( $search = null )
266 {
267 global $config;
268 $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['hermes_users_table'] );
269
270 if ( array_key_exists ( 'search', $_POST ) )
271 {
272 $search = $_POST['search']; // TODO: Add some sanitation and input validation!
273 $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['hermes_users_table'], sql_clean( $search ) );
274 }
275
276 $result = sql_dbquery( $config['hermes_db'], $query );
277 if ( !$result ) return null;
278 $list = array();
279 while ( $row = @mysql_fetch_row( $result ) )
280 {
281 array_push( $list, array( "user" => $row[0], "displayname" => $row[1] ) );
282 }
283 return $list;
284 print json_encode( array( 'response' => 'ok', 'list' => $list ));
285
286
287 }
288 function get_userdata( $username, $domain )
289 {
290 global $config;
291 if ( is_kamailio_subscriber( $username, $domain ) // User must be present in both!
292 && is_provision_user( $username, $domain ) ) $type = 'local';
293 else if ( is_provision_user( $username, $domain ) ) $type = 'remote';
294 else return null;
295
296 $provision_data = null;
297 $kamailio_data = null;
298
299 $query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
300 $config['hermes_users_table'],
301 sql_clean($username),
302 sql_clean($domain));
303
304 $provision_data = sql_dbquery_single( $config['hermes_db'] , $query_provision );
305 if ( ! $provision_data ) return false;
306
307 if ( $type == 'local' )
308 {
309 // WARNING: Note the typo in the name of the 'permittedcalls' column!
310 $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permittedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
311 $config['kamailio_subscriber_table'],
312 sql_clean($username),
313 sql_clean($domain));
314 $kamailio_data = sql_dbquery_single( $config['kamailio_db'] , $query_kamailio );
315 if ( ! $kamailio_data ) return false;
316 }
317 $user['type'] = $type;
318 $user['username'] = $provision_data['username'];
319 $user['password'] = $provision_data['password'];
320 $user['domain'] = $provision_data['domain'];
321 $user['authid'] = $provision_data['authid'];
322 $user['registrar'] = $provision_data['registrar'];
323 $user['r_port'] = $provision_data['r_port'];
324 $user['proxy'] = $provision_data['proxy'];
325 $user['p_port'] = $provision_data['p_port'];
326 $user['dialplan'] = $provision_data['dialplan'];
327 $user['displayname'] = $provision_data['displayname'];
328 $user['linetext'] = $provision_data['linetext'];
329 if ( $type == 'local' )
330 {
331 $user['email'] = $kamailio_data['email_address'];
332 $user['ha1'] = $kamailio_data['ha1'];
333 $user['ha1b'] = $kamailio_data['ha1b'];
334 $user['rpid'] = $kamailio_data['rpid'];
335 $user['permittedcalls'] = $kamailio_data['permitedcalls'];
336 }
337
338 return $user;
339 }
340
341 ?>