]> git.defcon.no Git - hermes/blob - api/lib/user_functions.php
git.defcon.no / hermes / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
First stab at auth. Flow-changes to make things sort'a work
[hermes] / api / lib / user_functions.php
1 <?php
2 require_once('config.php');
3 require_once('lib/common_functions.php');
4 require_once('lib/db_functions.php');
5
6 $config = get_config();
7
8 // Default length 24 characters to provide a long password
9 // that still is short enough that Cisco SPA phones can use it
10 function generate_password( $length = 24 )
11 {
12 $string = "";
13 while ( strlen( $string ) < $length )
14 {
15 $string .= crypt(substr(md5(rand().rand()), 0, $length));
16 $string = preg_replace( '/\W/', '', $string);
17 }
18 return substr( $string, 0, $length );
19
20 }
21
22
23 function is_kamailio_subscriber ( $user, $domain )
24 {
25 global $config;
26 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
27 $config['kamailio_subscriber_table'],
28 sql_clean( $user ),
29 sql_clean( $domain )
30 );
31 return sql_dbtest_numrows( $config['kamailio_db'], $query, 1);
32 }
33
34 function is_provision_user ( $user, $domain )
35 {
36 global $config;
37 $query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
38 $config['provision_users_table'],
39 sql_clean( $user ),
40 sql_clean( $domain )
41 );
42 return sql_dbtest_numrows( $config['provision_db'], $query, 1);
43 }
44
45 function add_kamailio_subscriber( $username, $domain, $password, $email )
46 {
47
48 global $config;
49
50 $ha1 = md5( $username . ":" . $domain . ":" . $password );
51 $ha1b = md5( $username . "@" . $domain . ":" . $domain . ":" . $password );
52
53 $query = sprintf( "INSERT INTO %s (username, domain, password, email_address, ha1, ha1b) VALUES ('%s','%s','%s', '%s', '%s', '%s')",
54 $config['kamailio_subscriber_table'],
55 sql_clean($username),
56 sql_clean($domain),
57 sql_clean($password),
58 sql_clean($email),
59 $ha1,
60 $ha1b
61 );
62 if ( ! sql_dbexec( $config['kamailio_db'], $query ) ) return false;
63 return true;
64 }
65
66 function delete_kamailio_subscriber( $username, $domain )
67 {
68 global $config;
69
70
71 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
72 $config['kamailio_subscriber_table'],
73 sql_clean($username),
74 sql_clean($domain)
75 );
76 $row = sql_dbquery_single( $config['kamailio_db'], $query );
77 if (!$row) return false;
78 $user_rowid = $row['id'];
79 if ( !$user_rowid ) return false;
80
81 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
82 $config['kamailio_subscriber_table'],
83 $user_rowid,
84 sql_clean($username),
85 sql_clean($domain)
86 );
87 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
88 return true;
89 }
90
91
92 function update_kamailio_pw ( $username, $domain, $password )
93 {
94 global $config;
95
96 if ( ! ($username && $domain && $password))
97 return false;
98
99 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
100 $config['kamailio_subscriber_table'],
101 sql_clean($password),
102 sql_clean($username),
103 sql_clean($domain)
104
105 );
106 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
107 return true;
108 }
109
110 function update_kamailio_email ( $username, $domain, $email )
111 {
112 global $config;
113
114 if ( ! ($username && $domain && $email))
115 return false;
116
117 $query = sprintf("UPDATE %s SET email_address = '%s' WHERE username = '%s' AND domain = '%s'",
118 $config['kamailio_subscriber_table'],
119 sql_clean($email),
120 sql_clean($username),
121 sql_clean($domain)
122
123 );
124 if ( sql_dbexec_rows( $config['kamailio_db'], $query) != 1 ) return false;
125 return true;
126 }
127
128
129 function add_provision_user( $username, $password, $domain, $authid, $registrar, $r_port, $proxy, $p_port, $displayname, $dialplan, $linetext )
130 { global $config;
131
132 if ( is_provision_user( $username, $password ) ) return false;
133 $query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
134 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
135 $config['provision_users_table'],
136 sql_clean($username),
137 sql_clean($password),
138 sql_clean($displayname),
139 sql_clean($domain),
140 sql_clean($registrar),
141 $r_port,
142 sql_clean($proxy),
143 $p_port,
144 sql_clean($dialplan),
145 sql_clean($authid),
146 sql_clean($linetext)
147 );
148 if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
149 return true;
150 }
151 function get_provision_userid ( $username, $domain )
152 {
153 global $config;
154
155 $query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
156 $config['provision_users_table'],
157 sql_clean($username),
158 sql_clean($domain)
159 );
160
161 $row = sql_dbquery_single( $config['provision_db'], $query );
162 if (!$row) return false;
163 $user_rowid = $row['id'];
164 return $user_rowid;
165 }
166
167 function delete_provision_user( $username, $domain )
168 {
169 global $config;
170
171 $user_rowid = get_provision_userid( $username, $domain );
172 if ( !$user_rowid ) return false;
173
174 $query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
175 $config['provision_users_table'],
176 $user_rowid,
177 sql_clean($username),
178 sql_clean($domain)
179 );
180 if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
181 return true;
182 }
183
184 function update_provision_data ( $param, $username, $domain, $data )
185 {
186 global $config;
187
188 if (! (
189 $param == "displayname" ||
190 $param == "dialplan" ||
191 $param == "linetext" ||
192 $param == "registrar" ||
193 $param == "r_port" ||
194 $param == "proxy" ||
195 $param == "p_port"
196 ) ) return -1;
197
198
199 if ( ! ($username && $domain))
200 return -1;
201
202 if ( ! is_provision_user( $username, $domain ) )
203 return -2;
204
205 $query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
206 $config['provision_users_table'],
207 sql_clean($param),
208 sql_clean($data),
209 sql_clean($username),
210 sql_clean($domain)
211
212 );
213 $res = sql_dbexec_rows( $config['provision_db'], $query);
214
215 if ( $res < 0 ) return -2;
216 if ( $res > 1 ) return -2;
217 return $res;
218 }
219
220 function update_provision_pw ( $username, $domain, $password )
221 {
222 global $config;
223
224 if ( ! ($username && $domain && $password))
225 return false;
226
227 $query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
228 $config['provision_users_table'],
229 sql_clean($password),
230 sql_clean($username),
231 sql_clean($domain)
232
233 );
234 if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
235 return true;
236 }
237
238 function list_users ( $search = null )
239 {
240 global $config;
241 $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
242
243 if ( array_key_exists ( 'search', $_GET ) )
244 {
245 $search = $_GET['search']; // TODO: Add some sanitation and input validation!
246 $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
247 }
248
249 $result = sql_dbquery( $config['provision_db'], $query );
250 if ( !$result ) return null;
251 $list = array();
252 while ( $row = @mysql_fetch_row( $result ) )
253 {
254 array_push( $list, array( "user" => $row[0], "displayname" => $row[1] ) );
255 }
256 return $list;
257 print json_encode( array( 'response' => 'ok', 'list' => $list ));
258
259
260 }
261 function get_userdata( $username, $domain )
262 {
263 global $config;
264 if ( is_kamailio_subscriber( $username, $domain ) // User must be present in both!
265 && is_provision_user( $username, $domain ) ) $type = 'local';
266 else if ( is_provision_user( $username, $domain ) ) $type = 'remote';
267 else return null;
268
269 $provision_data = null;
270 $kamailio_data = null;
271
272 $query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
273 $config['provision_users_table'],
274 sql_clean($username),
275 sql_clean($domain));
276
277 $provision_data = sql_dbquery_single( $config['provision_db'] , $query_provision );
278 if ( ! $provision_data ) return false;
279
280 if ( $type == 'local' )
281 {
282 // WARNING: Note the typo in the name of the 'permittedcalls' column!
283 $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permitedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
284 $config['kamailio_subscriber_table'],
285 sql_clean($username),
286 sql_clean($domain));
287 $kamailio_data = sql_dbquery_single( $config['kamailio_db'] , $query_kamailio );
288 if ( ! $kamailio_data ) return false;
289 }
290 $user['type'] = $type;
291 $user['username'] = $provision_data['username'];
292 $user['password'] = $provision_data['password'];
293 $user['domain'] = $provision_data['domain'];
294 $user['authid'] = $provision_data['authid'];
295 $user['registrar'] = $provision_data['registrar'];
296 $user['r_port'] = $provision_data['r_port'];
297 $user['proxy'] = $provision_data['proxy'];
298 $user['p_port'] = $provision_data['p_port'];
299 $user['dialplan'] = $provision_data['dialplan'];
300 $user['displayname'] = $provision_data['displayname'];
301 $user['linetext'] = $provision_data['linetext'];
302 if ( $type == 'local' )
303 {
304 $user['email'] = $kamailio_data['email_address'];
305 $user['ha1'] = $kamailio_data['ha1'];
306 $user['ha1b'] = $kamailio_data['ha1b'];
307 $user['rpid'] = $kamailio_data['rpid'];
308 $user['permittedcalls'] = $kamailio_data['permitedcalls'];
309 }
310
311 return $user;
312 }
313
314 ?>
Hermes is a framework for managing a Kamailio SIP VoIP infrastructure.