X-Git-Url: https://git.defcon.no/?a=blobdiff_plain;f=api%2Fuser.php;h=e8099d9dfebcfbe479f840c277d043c5b8fe10b9;hb=e3ea78bd48d210947fcfcb73977e6a34e6b31293;hp=101431769466154a51dd93381a7c6f445069c81a;hpb=5e06b6865a488899dc997fbd3ee2d22e9c5569f4;p=hermes

diff --git a/api/user.php b/api/user.php
index 1014317..e8099d9 100644
--- a/api/user.php
+++ b/api/user.php
@@ -1,5 +1,32 @@
 <?php
+/*
+#  Copyright (c) 2012, GjÃ¸vik University College
+#  All rights reserved.
+
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are met:
+#      * Redistributions of source code must retain the above copyright
+#        notice, this list of conditions and the following disclaimer.
+#      * Redistributions in binary form must reproduce the above copyright
+#        notice, this list of conditions and the following disclaimer in the
+#        documentation and/or other materials provided with the distribution.
+#      * Neither the name of the GjÃ¸vik University College nor the
+#        names of its contributors may be used to endorse or promote products
+#        derived from this software without specific prior written permission.
+#       
+#  THIS SOFTWARE IS PROVIDED BY GjÃ¸vik University College ''AS IS'' AND ANY
+#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+#  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+#  DISCLAIMED. IN NO EVENT SHALL GjÃ¸vik University College BE LIABLE FOR ANY
+#  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+#  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+#  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
 require_once('config.php');
+require_once('lib/auth_base.php');
 require_once('lib/user_functions.php');
 require_once('lib/common_functions.php');
 require_once('lib/db_functions.php');
@@ -18,6 +45,7 @@ if ( !$config['sql_link'] )
 	print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
 	exit;
 }
+token_auth();
 
 //*************************************************************************************	
 	switch ( $_SERVER['PATH_INFO'] )
@@ -27,19 +55,19 @@ if ( !$config['sql_link'] )
 			// user: authentication username, SIP-username without domain component
 			// domain: Domain/realm of the user. username + '@' + domain == SIP address.
 
-			if ( array_key_exists('user', $_GET) ||
-				( array_key_exists('username', $_GET) && array_key_exists('domain', $_GET )))
+			if ( array_key_exists('user', $_POST) ||
+				( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST )))
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -50,9 +78,9 @@ if ( !$config['sql_link'] )
 
 				// Now, do funky stuff.
 				/*
-				Test if user exists in both 'kamailio.subscribers' and 'provision.users'
+				Test if user exists in both 'kamailio.subscribers' and 'hermes.users'
 					* Return 'response' => 'ok', 'type' => 'local', 'user' => complete user object.
-				Test if user exists in 'provision.user' only
+				Test if user exists in 'hermes.user' only
 					* Return 'response' => 'ok', 'type' => 'remote', 'user' => complete user object.
 				If user does is neither local nor remote
 					* Return 'response' => 'failed' with 'cause' => 'nonexistant'
@@ -73,6 +101,40 @@ if ( !$config['sql_link'] )
 			else
 				print json_encode ( array( 'response' => 'invalid') );
 			break;
+
+		case "/location":
+			if ( array_key_exists('user', $_POST) ||
+				( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST )))
+			{
+				$username = "";
+				$domain = "";
+				if ( array_key_exists('username', $_POST) )
+				{
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
+				}
+				else
+				{
+					$user = split_sipaddress($_POST['user']);
+					if ( !$user )
+					{
+						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
+						break;
+					}
+					list ( $username, $domain ) = $user;
+				}
+				$location = get_locations( $username, $domain );
+				if ( $location == null )
+				{
+					print json_encode( array( 'response' => 'failed', 'cause' => 'offline' ));
+					break;
+				}
+				print json_encode( array( 'response' => 'ok', 'locations' => $location ));
+			}
+			else
+				print json_encode ( array( 'response' => 'invalid') );
+			break;
+
 		case "/list":
 			/* 
 			Simply list all users in user@domain format 
@@ -85,8 +147,8 @@ if ( !$config['sql_link'] )
 			   * SQL SELECT CONCAT() WHERE CONCAT() must be used *shrug*
 			   */
 			$search = null;
-			if ( array_key_exists ( 'search', $_GET ) ) 
-				$search = $_GET['search']; // TODO: Add some sanitation and input validation!
+			if ( array_key_exists ( 'search', $_POST ) ) 
+				$search = $_POST['search']; // TODO: Add some sanitation and input validation!
 			$list = list_users( $search );
 			print json_encode( array( 'response' => 'ok', 'list' => $list ));
 			break;
@@ -99,20 +161,20 @@ if ( !$config['sql_link'] )
 				email
 
 			Verify that domain is local (lookup in the 'kamailio.domain' table.
-			Verify that the username is available (nonexistant for domain in kamilio.subscribers (and provision.users?))
+			Verify that the username is available (nonexistant for domain in kamilio.subscribers (and hermes.users?))
 				* Autocreate password
 				* Add username, domain, email and created password to the 'kamailio.subscriber' table
-				* Get the registrar+port, proxy+port from the 'provision.servers' table.
+				* Get the registrar+port, proxy+port from the 'hermes.servers' table.
 				* standard dialplan from configuration.
-				* Add to the 'provision.users' table:
+				* Add to the 'hermes.users' table:
 					username -> username
 					password -> generated password
 					displayname -> displayname
 					domain -> domain
-					registrar -> provision.servers.registrar
-					r_port -> provision.servers.r_port
-					proxy -> provision.servers.proxy
-					p_port -> provision.servers.p_port
+					registrar -> hermes.servers.registrar
+					r_port -> hermes.servers.r_port
+					proxy -> hermes.servers.proxy
+					p_port -> hermes.servers.p_port
 					authid -> username
 					dialplan -> standard dialplan
 					linetext -> username
@@ -122,20 +184,20 @@ if ( !$config['sql_link'] )
 			*/
 			// Test required parameters:
 			if ( 
-				( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) || array_key_exists('user', $_GET) )
-				&& array_key_exists( 'displayname', $_GET ) 
-				&& array_key_exists( 'email', $_GET ) )
+				( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) || array_key_exists('user', $_POST) )
+				&& array_key_exists( 'displayname', $_POST ) 
+				&& array_key_exists( 'email', $_POST ) )
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -145,8 +207,8 @@ if ( !$config['sql_link'] )
 				}
 
 				$password = generate_password();
-				$displayname = $_GET['displayname'];
-				$email = $_GET['email'];
+				$displayname = $_POST['displayname'];
+				$email = $_POST['email'];
 
 				if (  !is_kamailio_domain( $domain ) )
 				{
@@ -207,9 +269,10 @@ if ( !$config['sql_link'] )
 					delete_provision_user( $username, $domain );
 					// Give errormessage, and quit.
 					print json_encode( array( 'response' => 'failed', 'cause' => 'dbfail', 'detail' => 'Failed to read recently added data. Operations rolled back' ) );
-	
+					break;
 				}
 				print json_encode( array( 'response' => 'ok', 'user' => $userdata ));
+				break;
 			}
 			else 
 				print json_encode( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
@@ -230,13 +293,13 @@ if ( !$config['sql_link'] )
 				linetext
 			
 			Verify that the domain is not a local kamailio domain (REMOTE user..)
-			Verify that the username+domain is not already registered in 'provision.users'.
+			Verify that the username+domain is not already registered in 'hermes.users'.
 				* If r_port is empty, set to 5060
 				* If proxy/port is empty, set to registrar/port
 				* If authid is empty, set to username
 				* If dialplan is empty, set to standard dialplan
 				* If linetext is empty, set to username@domain
-				* Add to the 'provision.users' table:
+				* Add to the 'hermes.users' table:
 					username -> username
 					password -> supplied password
 					displayname -> displayname
@@ -255,21 +318,21 @@ if ( !$config['sql_link'] )
 
 			// Test required parameters:
 			if ( 
-				( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) || array_key_exists('user', $_GET) )
-				&& array_key_exists( 'displayname', $_GET )
-				&& array_key_exists( 'password', $_GET )
-				&& array_key_exists( 'registrar', $_GET ) )
+				( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) || array_key_exists('user', $_POST) )
+				&& array_key_exists( 'displayname', $_POST )
+				&& array_key_exists( 'password', $_POST )
+				&& array_key_exists( 'registrar', $_POST ) )
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -278,16 +341,16 @@ if ( !$config['sql_link'] )
 					list ( $username, $domain ) = $user;
 				}
 
-				$password = $_GET['password'];
-				$displayname = $_GET['displayname'];
-				$registrar = $_GET['registrar'];
-				$r_port = ( array_key_exists('r_port', $_GET) ) ? $_GET['r_port'] : 5060;
+				$password = $_POST['password'];
+				$displayname = $_POST['displayname'];
+				$registrar = $_POST['registrar'];
+				$r_port = ( array_key_exists('r_port', $_POST) ) ? $_POST['r_port'] : 5060;
 
-				$proxy = ( array_key_exists('proxy', $_GET) ) ? $_GET['proxy'] : $registrar;
-				$p_port = ( array_key_exists('p_port', $_GET) ) ? $_GET['p_port'] : $r_port;
-				$authid = ( array_key_exists('authid', $_GET) ) ? $_GET['authid'] : $username;
-				$dialplan = ( array_key_exists('dialplan', $_GET) ) ? $_GET['dialplan'] : $config['standard_dialplan'];
-				$linetext = ( array_key_exists('linetext', $_GET) ) ? $_GET['linetext'] : $username . '@' . $domain;
+				$proxy = ( array_key_exists('proxy', $_POST) ) ? $_POST['proxy'] : $registrar;
+				$p_port = ( array_key_exists('p_port', $_POST) ) ? $_POST['p_port'] : $r_port;
+				$authid = ( array_key_exists('authid', $_POST) ) ? $_POST['authid'] : $username;
+				$dialplan = ( array_key_exists('dialplan', $_POST) ) ? $_POST['dialplan'] : $config['standard_dialplan'];
+				$linetext = ( array_key_exists('linetext', $_POST) ) ? $_POST['linetext'] : $username . '@' . $domain;
 
 				if ( is_kamailio_domain( $domain ) )
 				{
@@ -328,9 +391,10 @@ if ( !$config['sql_link'] )
 					delete_provision_user( $username, $domain );
 					// Give errormessage, and quit.
 					print json_encode( array( 'response' => 'failed', 'cause' => 'dbfail', 'detail' => 'Failed to read recently added data. Operations rolled back' ) );
-	
+					break;
 				}
 				print json_encode( array( 'response' => 'ok', 'user' => $userdata ));
+				break;
 			}
 			else 
 				print json_encode( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
@@ -340,9 +404,9 @@ if ( !$config['sql_link'] )
 			Required parameters should be...
 				( username & domain ) | user
 			
-			* Verify that no associations/relations exist in 'provision.phones'
-			* Verify that the user exists in 'provision.users'
-				* Remove from 'provision.users'
+			* Verify that no associations/relations exist in 'hermes.phones'
+			* Verify that the user exists in 'hermes.users'
+				* Remove from 'hermes.users'
 				* Test to see of user exists in 'kamailio.subscriber'.
 					* Remove from 'kamailio.subscribers'
 					* Return response' => 'ok', 'type' => 'local'
@@ -352,20 +416,20 @@ if ( !$config['sql_link'] )
 			* If no such user exists, return 'response' => 'failed' with 'cause' => 'nonexistant'
 			* On other failures, return 'response' => 'failed' with 'cause' => 'error' (may set 'detail' => 'message')
 			*/
-			if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-				|| array_key_exists('user', $_GET) )
+			if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+				|| array_key_exists('user', $_POST) )
 
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -403,29 +467,29 @@ if ( !$config['sql_link'] )
 				( username & domain ) | user
 				password
 			
-			* Verify that no associations/relations exist in 'provision.phones'
+			* Verify that no associations/relations exist in 'hermes.phones'
 			* Verify that the user exists ...
-				* Test to see of user exists in 'provision.users'
+				* Test to see of user exists in 'hermes.users'
 				* Test to see of user exists in 'kamailio.subscriber'.
 			* If no such user exists, return 'response' => 'failed' with 'cause' => 'nonexistant'
-			* Update user passwords in 'provision' and 'kamailio' as appropriate
+			* Update user passwords in 'hermes' and 'kamailio' as appropriate
 			* On other failures, return 'response' => 'failed' with 'cause' => 'error' (may set 'detail' => 'message')
 			*/
-			if (	array_key_exists('password', $_GET) &&
-				( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-					|| array_key_exists('user', $_GET) ))
+			if (	array_key_exists('password', $_POST) &&
+				( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+					|| array_key_exists('user', $_POST) ))
 
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -433,7 +497,7 @@ if ( !$config['sql_link'] )
 					}
 					list ( $username, $domain ) = $user;
 				}
-				$password = $_GET['password'];
+				$password = $_POST['password'];
 
 				// Check compatibility of password? TODO...
 				// Fetch old password for rollback? TODO...
@@ -476,21 +540,21 @@ if ( !$config['sql_link'] )
 				( username & domain ) | user
 				email
 			*/
-			if (	array_key_exists('email', $_GET) &&
-				( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-					|| array_key_exists('user', $_GET) ))
+			if (	array_key_exists('email', $_POST) &&
+				( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+					|| array_key_exists('user', $_POST) ))
 
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -498,7 +562,7 @@ if ( !$config['sql_link'] )
 					}
 					list ( $username, $domain ) = $user;
 				}
-				$email = $_GET['email'];
+				$email = $_POST['email'];
 
 				// Check for user in kamailio
 				if ( is_kamailio_subscriber( $username, $domain ) )
@@ -528,28 +592,28 @@ if ( !$config['sql_link'] )
 			Required parameters should be...
 				( username & domain ) | user
 			
-			* Verify that no associations/relations exist in 'provision.phones'
+			* Verify that no associations/relations exist in 'hermes.phones'
 			* Verify that the user exists ...
-				* Test to see of user exists in 'provision.users'
+				* Test to see of user exists in 'hermes.users'
 				* Test to see of user exists in 'kamailio.subscriber'.
 			* If no such user exists, return 'response' => 'failed' with 'cause' => 'nonexistant'
 			* Get update parameters, and change as appropriate ;)
 			* On other failures, return 'response' => 'failed' with 'cause' => 'error' (may set 'detail' => 'message')
 			*/
-			if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-				|| array_key_exists('user', $_GET) )
+			if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+				|| array_key_exists('user', $_POST) )
 
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -569,9 +633,9 @@ if ( !$config['sql_link'] )
 				$params = array('displayname', 'dialplan', 'linetext', 'registrar', 'r_port', 'proxy', 'p_port');
 				foreach ( $params as $p )
 				{
-					if ( array_key_exists($p, $_GET ) )
+					if ( array_key_exists($p, $_POST ) )
 					{
-						$data = $_GET[$p];
+						$data = $_POST[$p];
 						$t = update_provision_data($p, $username, $domain, $data);
 						if ( $t != true )
 						{
@@ -615,20 +679,20 @@ if ( !$config['sql_link'] )
 				print json_encode( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
 			break;
 		case "/available":
-			if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-				|| array_key_exists('user', $_GET) )
+			if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+				|| array_key_exists('user', $_POST) )
 
 			{
 				$username = "";
 				$domain = "";
-				if ( array_key_exists('username', $_GET) )
+				if ( array_key_exists('username', $_POST) )
 				{
-					$username = $_GET['username'];
-					$domain = $_GET['domain'];
+					$username = $_POST['username'];
+					$domain = $_POST['domain'];
 				}
 				else
 				{
-					$user = split_sipaddress($_GET['user']);
+					$user = split_sipaddress($_POST['user']);
 					if ( !$user )
 					{
 						print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );