X-Git-Url: https://git.defcon.no/?a=blobdiff_plain;f=api%2Flib%2Fuser_functions.php;h=c8556f149476fd04fcb3f2bb243f1ed92f92018e;hb=7ba75390b050c627e8466d046dfcdc83bd2d1ab6;hp=3a53c88582967c099745c638737e799eea5efc6d;hpb=5564b3420c5316743e1cbc63be96735880d2153e;p=hermes

diff --git a/api/lib/user_functions.php b/api/lib/user_functions.php
index 3a53c88..c8556f1 100644
--- a/api/lib/user_functions.php
+++ b/api/lib/user_functions.php
@@ -1,16 +1,48 @@
 <?php
+/*
+#  Copyright (c) 2012, Gjøvik University College
+#  All rights reserved.
+
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are met:
+#      * Redistributions of source code must retain the above copyright
+#        notice, this list of conditions and the following disclaimer.
+#      * Redistributions in binary form must reproduce the above copyright
+#        notice, this list of conditions and the following disclaimer in the
+#        documentation and/or other materials provided with the distribution.
+#      * Neither the name of the Gjøvik University College nor the
+#        names of its contributors may be used to endorse or promote products
+#        derived from this software without specific prior written permission.
+#  
+#  THIS SOFTWARE IS PROVIDED BY Gjøvik University College ''AS IS'' AND ANY
+#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+#  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+#  DISCLAIMED. IN NO EVENT SHALL Gjøvik University College BE LIABLE FOR ANY
+#  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+#  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+#  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
 require_once('config.php');
 require_once('lib/common_functions.php');
 require_once('lib/db_functions.php');
 
 $config = get_config();
 
-function generate_password( $length = 24 )
+function generate_password( $length = null )
 {
+	global $config;
+	if ( ! $length ) $length = $config['standard_password_length'];
+
 	$string = "";
 	 while ( strlen( $string ) < $length )
-		$string .= substr(md5(rand().rand()), 0, $length);
-	return substr( $string, 0, $length );
+	 {
+		$string .= crypt(substr(md5(rand().rand()), 0, $length+1));
+		$string = preg_replace( '/\W/', '', $string);
+	 }
+	return substr( $string, 1, $length );
 
 }
 
@@ -30,11 +62,11 @@ function is_provision_user ( $user, $domain )
 {
 	global $config;
 	$query = sprintf("SELECT username FROM %s WHERE username = '%s' AND domain = '%s'",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		sql_clean( $user ),
 		sql_clean( $domain )
 	);
-	return sql_dbtest_numrows( $config['provision_db'], $query, 1);
+	return sql_dbtest_numrows( $config['hermes_db'], $query, 1);
 }
 
 function add_kamailio_subscriber( $username, $domain, $password, $email )
@@ -127,7 +159,7 @@ function add_provision_user( $username, $password, $domain, $authid, $registrar,
 	if ( is_provision_user( $username, $password ) ) return false;
 	$query = sprintf ("INSERT INTO %s ( username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext )
 		VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s')",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		sql_clean($username), 
 		sql_clean($password), 
 		sql_clean($displayname), 
@@ -140,7 +172,7 @@ function add_provision_user( $username, $password, $domain, $authid, $registrar,
 		sql_clean($authid), 
 		sql_clean($linetext)
 	);
-	if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+	if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
 	return true;
 }
 function get_provision_userid ( $username, $domain )
@@ -148,12 +180,12 @@ function get_provision_userid ( $username, $domain )
 	global $config;
 
 	$query = sprintf("SELECT id FROM %s WHERE username = '%s' AND domain = '%s'",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		sql_clean($username),
 		sql_clean($domain)
 	);
 
-	$row = sql_dbquery_single( $config['provision_db'], $query );
+	$row = sql_dbquery_single( $config['hermes_db'], $query );
 	if  (!$row) return false;
 	$user_rowid = $row['id'];
 	return $user_rowid;
@@ -167,12 +199,12 @@ function delete_provision_user( $username, $domain )
 	if ( !$user_rowid ) return false;
 
 	$query = sprintf( "DELETE FROM  %s WHERE id = %d AND username = '%s' AND domain = '%s'",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		$user_rowid,
 		sql_clean($username),
 		sql_clean($domain)
 	);
-	if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
+	if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
 	return true;
 }
 
@@ -198,14 +230,14 @@ function update_provision_data ( $param, $username, $domain, $data )
 		return -2;
 
 	$query = sprintf("UPDATE %s SET %s = '%s' WHERE username = '%s' AND domain = '%s'",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		sql_clean($param),
 		sql_clean($data),
 		sql_clean($username),
 		sql_clean($domain)
 	
 	);
-	$res = sql_dbexec_rows( $config['provision_db'], $query);
+	$res = sql_dbexec_rows( $config['hermes_db'], $query);
 
 	if ( $res < 0 ) return -2;
 	if ( $res > 1 ) return -2;
@@ -220,28 +252,28 @@ function update_provision_pw ( $username, $domain, $password )
 		return false;
 
 	$query = sprintf("UPDATE %s SET password = '%s' WHERE username = '%s' AND domain = '%s'",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		sql_clean($password),
 		sql_clean($username),
 		sql_clean($domain)
 	
 	);
-	if ( sql_dbexec_rows( $config['provision_db'], $query) != 1 ) return false;
+	if ( sql_dbexec_rows( $config['hermes_db'], $query) != 1 ) return false;
 	return true;
 }
 
 function list_users ( $search = null )
 {
 	global $config;
-	$query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
+	$query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['hermes_users_table'] );
 
-	if ( array_key_exists ( 'search', $_GET ) )
+	if ( array_key_exists ( 'search', $_POST ) )
 	{
-		$search = $_GET['search']; // TODO: Add some sanitation and input validation!
-		$query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
+		$search = $_POST['search']; // TODO: Add some sanitation and input validation!
+		$query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['hermes_users_table'], sql_clean( $search ) );
 	}
 
-	$result = sql_dbquery( $config['provision_db'], $query );
+	$result = sql_dbquery( $config['hermes_db'], $query );
 	if ( !$result ) return null;
 	$list = array();
 	while ( $row = @mysql_fetch_row( $result ) )
@@ -265,17 +297,17 @@ function get_userdata( $username, $domain )
 	$kamailio_data = null;
 
 	$query_provision = sprintf ("SELECT id, username, password, displayname, domain, registrar, r_port, proxy, p_port, dialplan, authid, linetext FROM %s WHERE username = '%s' AND domain = '%s'",
-		$config['provision_users_table'],
+		$config['hermes_users_table'],
 		sql_clean($username),
 		sql_clean($domain));
 
-	$provision_data = sql_dbquery_single( $config['provision_db'] , $query_provision );
+	$provision_data = sql_dbquery_single( $config['hermes_db'] , $query_provision );
 	if ( ! $provision_data ) return false;
 
 	if ( $type == 'local' )
 	{
 		// WARNING: Note the typo in the name of the 'permittedcalls' column!
-		$query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permitedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
+		$query_kamailio = sprintf ("SELECT id, username, domain, password, email_address, ha1, ha1b, rpid, permittedcalls FROM %s WHERE username = '%s' AND domain = '%s'",
 			$config['kamailio_subscriber_table'],
 			sql_clean($username),
 			sql_clean($domain));
@@ -300,7 +332,7 @@ function get_userdata( $username, $domain )
 		$user['ha1']   = $kamailio_data['ha1'];
 		$user['ha1b']  = $kamailio_data['ha1b'];
 		$user['rpid']  = $kamailio_data['rpid'];
-		$user['permittedcalls'] = $kamailio_data['permitedcalls'];
+		$user['permittedcalls'] = $kamailio_data['permittedcalls'];
 	}
 
 	return $user;