<?php
+/*
+# Copyright (c) 2012, Gjøvik University College
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# * Neither the name of the Gjøvik University College nor the
+# names of its contributors may be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY Gjøvik University College ''AS IS'' AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL Gjøvik University College BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
require_once('config.php');
require_once('lib/common_functions.php');
require_once('lib/db_functions.php');
$config = get_config();
-function generate_password( $length = 24 )
+function generate_password( $length = null )
{
+ global $config;
+ if ( ! $length ) $length = $config['standard_password_length'];
+
$string = "";
while ( strlen( $string ) < $length )
- $string .= substr(md5(rand().rand()), 0, $length);
- return substr( $string, 0, $length );
+ {
+ $string .= crypt(substr(md5(rand().rand()), 0, $length+1));
+ $string = preg_replace( '/\W/', '', $string);
+ }
+ return substr( $string, 1, $length );
}
{
global $config;
$query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean( $user ),
sql_clean( $domain )
);
- return sql_dbtest_numrows( $config['provision_db'], $query, 1);
+ return sql_dbtest_numrows( $config['hermes_db'], $query, 1);
}
function add_kamailio_subscriber( $username, $domain, $password, $email )
if ( is_provision_user( $username, $password ) ) return false;
$query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($username),
sql_clean($password),
sql_clean($displayname),
sql_clean($authid),
sql_clean($linetext)
);
- if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
return true;
}
function get_provision_userid ( $username, $domain )
global $config;
$query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($username),
sql_clean($domain)
);
- $row = sql_dbquery_single( $config['provision_db'], $query );
+ $row = sql_dbquery_single( $config['hermes_db'], $query );
if (!$row) return false;
$user_rowid = $row['id'];
return $user_rowid;
if ( !$user_rowid ) return false;
$query = sprintf( "DELETE FROM %s WHERE id = %d AND username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
$user_rowid,
sql_clean($username),
sql_clean($domain)
);
- if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
+ if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
return true;
}
return -2;
$query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($param),
sql_clean($data),
sql_clean($username),
sql_clean($domain)
);
- $res = sql_dbexec_rows( $config['provision_db'], $query);
+ $res = sql_dbexec_rows( $config['hermes_db'], $query);
if ( $res < 0 ) return -2;
if ( $res > 1 ) return -2;
return false;
$query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($password),
sql_clean($username),
sql_clean($domain)
);
- if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
+ if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
return true;
}
function list_users ( $search = null )
{
global $config;
- $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
+ $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['hermes_users_table'] );
- if ( array_key_exists ( 'search', $_GET ) )
+ if ( array_key_exists ( 'search', $_POST ) )
{
- $search = $_GET['search']; // TODO: Add some sanitation and input validation!
- $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
+ $search = $_POST['search']; // TODO: Add some sanitation and input validation!
+ $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['hermes_users_table'], sql_clean( $search ) );
}
- $result = sql_dbquery( $config['provision_db'], $query );
+ $result = sql_dbquery( $config['hermes_db'], $query );
if ( !$result ) return null;
$list = array();
- while ( $row = mysql_fetch_row( $result ) )
+ while ( $row = @mysql_fetch_row( $result ) )
{
array_push( $list, array( "user" => $row[0], "displayname" => $row[1] ) );
}
$kamailio_data = null;
$query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
- $config['provision_users_table'],
+ $config['hermes_users_table'],
sql_clean($username),
sql_clean($domain));
- $provision_data = sql_dbquery_single( $config['provision_db'] , $query_provision );
+ $provision_data = sql_dbquery_single( $config['hermes_db'] , $query_provision );
if ( ! $provision_data ) return false;
if ( $type == 'local' )
{
// WARNING: Note the typo in the name of the 'permittedcalls' column!
- $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permitedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
+ $query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permittedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
$config['kamailio_subscriber_table'],
sql_clean($username),
sql_clean($domain));
$user['ha1'] = $kamailio_data['ha1'];
$user['ha1b'] = $kamailio_data['ha1b'];
$user['rpid'] = $kamailio_data['rpid'];
- $user['permittedcalls'] = $kamailio_data['permitedcalls'];
+ $user['permittedcalls'] = $kamailio_data['permittedcalls'];
}
return $user;