mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 10:08:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Reindent and reformat the code to follow PHP-PSR2

Browse source
This commit is contained in:
Timothée Jaussoin 2020-01-08 11:21:41 +01:00
parent 6abd99e397
commit 065f0d3d8d
34 changed files with 2879 additions and 2782 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/api/account/create.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
header("Access-Control-Allow-Origin: *");
@ -29,7 +29,7 @@ include_once __DIR__ . '/../../misc/utilities.php';
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$data = json_decode(file_get_contents("php://input"));
@ -53,7 +53,7 @@ if ((!empty($data->username) || !empty($data->phone)) && (!empty($data->password
$password->password = hash_password($account->username, generate_password(), $account->domain, $password->algorithm);
} else {
$password->password = empty($data->password)
? hash_password($account->username, generate_password(), $account->domain, $password->algorithm)
? hash_password($account->username, generate_password(), $account->domain, $password->algorithm)
: $data->password;
}
if (!$password->create()) {
@ -88,5 +88,3 @@ if ((!empty($data->username) || !empty($data->phone)) && (!empty($data->password
http_response_code(400);
echo json_encode(array("message" => "Unable to create account, data is incomplete."));
}
?>

33
src/api/account/delete.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
header("Access-Control-Allow-Origin: *");
@ -31,14 +31,14 @@ $logger = Logger::getInstance();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$data = json_decode(file_get_contents("php://input"));
if (!empty($data->id) || !empty($data->username)) {
if (!empty($data->id)) {
$account->id = $data->id;
} else if (!empty($data->username)) {
} elseif (!empty($data->username)) {
$account->username = $data->username;
if (!empty($data->domain)) {
$account->domain = $data->domain;
@ -48,7 +48,7 @@ if (!empty($data->id) || !empty($data->username)) {
if ($account->getOne()) {
$password = new Password($db);
$password->account_id = $account->id;
$alias = new Alias($db);
$alias->account_id = $account->id;
@ -77,6 +77,3 @@ if (!empty($data->id) || !empty($data->username)) {
http_response_code(400);
echo json_encode(array("message" => "Unable to delete account, data is incomplete."));
}
?>

28
src/api/account/get.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
header("Access-Control-Allow-Origin: *");
@ -28,7 +28,7 @@ include_once __DIR__ . '/../../objects/alias.php';
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->id = isset($_GET['id']) ? $_GET['id'] : null;
$account->username = isset($_GET['username']) ? $_GET['username'] : null;
@ -68,5 +68,3 @@ if (!empty($account->id) && !empty($account->username) && !empty($account->domai
http_response_code(404);
echo json_encode(array("message" => "Account doesn't exist"));
}
?>

28
src/api/account/list.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
header("Access-Control-Allow-Origin: *");
@ -26,7 +26,7 @@ include_once __DIR__ . '/../../objects/account.php';
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$stmt = $account->getAll();
@ -52,5 +52,3 @@ if ($num > 0) {
http_response_code(404);
echo json_encode(array("message" => "No account found"));
}
?>

32
src/api/account/update.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
header("Access-Control-Allow-Origin: *");
@ -31,14 +31,14 @@ $logger = Logger::getInstance();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$data = json_decode(file_get_contents("php://input"));
if (!empty($data->id) || !empty($data->username)) {
if (!empty($data->id)) {
$account->id = $data->id;
} else if (!empty($data->username)) {
} elseif (!empty($data->username)) {
$account->username = $data->username;
if (!empty($data->domain)) {
$account->domain = $data->domain;
@ -53,7 +53,7 @@ if (!empty($data->id) || !empty($data->username)) {
$password = new Password($db);
$password->account_id = $account->id;
$alias = new Alias($db);
$alias->account_id = $account->id;
@ -104,5 +104,3 @@ if (!empty($data->id) || !empty($data->username)) {
http_response_code(400);
echo json_encode(array("message" => "Unable to update account, data is incomplete."));
}
?>

40
src/database/database.php
View file

@ -1,41 +1,41 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../config/config.php';
include_once __DIR__ . '/../misc/logging.php';
class Database {
class Database
{
public $conn;
public function getConnection() {
public function getConnection()
{
$this->conn = null;
try {
$this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$this->conn->exec("set names utf8");
} catch(PDOException $exception) {
} catch (PDOException $exception) {
Logger::getInstance()->error("Connection error: " . $exception->getMessage());
}
return $this->conn;
}
}
?>

171
src/misc/email.php
View file

@ -1,107 +1,110 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../config/config.php';
include_once __DIR__ . '/../misc/logging.php';
function send_email($email, $subject, $text, $html) {
$site = EMAIL_SITE;
$from = EMAIL_FROM_ADDR;
$name = EMAIL_FROM_NAME;
$to = $email;
$from = $name." <".$from.">";
$limite = "_----------=_parties_".md5(uniqid (rand()));
function send_email($email, $subject, $text, $html)
{
$site = EMAIL_SITE;
$from = EMAIL_FROM_ADDR;
$name = EMAIL_FROM_NAME;
$to = $email;
$from = $name." <".$from.">";
$headers = "Reply-to: ".$from."\n";
$headers .= "From: ".$from."\n";
$headers .= "Return-Path: ".$from."\n";
$headers .= "X-Sender: <".$site.">\n";
$headers .= "X-Mailer: PHP\n";
$headers .= "X-auth-smtp-user: ".$from." \n";
$headers .= "X-abuse-contact: ".$from." \n";
$headers .= "X-auth-smtp-user: ".$from." \n";
$headers .= "X-abuse-contact: ".$from." \n";
$headers .= "Date: ".date("D, j M Y G:i:s O")."\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"".$limite."\"";
$limite = "_----------=_parties_".md5(uniqid(rand()));
$message = "";
$headers = "Reply-to: ".$from."\n";
$headers .= "From: ".$from."\n";
$headers .= "Return-Path: ".$from."\n";
$headers .= "X-Sender: <".$site.">\n";
$headers .= "X-Mailer: PHP\n";
$headers .= "X-auth-smtp-user: ".$from." \n";
$headers .= "X-abuse-contact: ".$from." \n";
$headers .= "X-auth-smtp-user: ".$from." \n";
$headers .= "X-abuse-contact: ".$from." \n";
$headers .= "Date: ".date("D, j M Y G:i:s O")."\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"".$limite."\"";
$message .= "--".$limite."\n";
$message .= "Content-Type: text/plain; charset=\"utf-8\"\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= $text;
$message = "";
$message .= "\n\n--".$limite."\n";
$message .= "Content-Type: text/html; charset=\"utf-8\"\n";
$message .= "Content-Transfer-Encoding: 8bit;\n\n";
$message .= $html;
$message .= "--".$limite."\n";
$message .= "Content-Type: text/plain; charset=\"utf-8\"\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= $text;
$message .= "\n--".$limite."--";
$message .= "\n\n--".$limite."\n";
$message .= "Content-Type: text/html; charset=\"utf-8\"\n";
$message .= "Content-Transfer-Encoding: 8bit;\n\n";
$message .= $html;
$params = "-f" . EMAIL_FROM_ADDR . " -O DeliveryMode=b";
$result = mail($email, $subject, $message, $headers, $params);
if (!$result) {
Logger::getInstance()->error("[EMAIL] Email delivery declined !");
}
$message .= "\n--".$limite."--";
$params = "-f" . EMAIL_FROM_ADDR . " -O DeliveryMode=b";
$result = mail($email, $subject, $message, $headers, $params);
if (!$result) {
Logger::getInstance()->error("[EMAIL] Email delivery declined !");
}
}
function send_email_with_activation_link($email, $key, $username, $algo) {
if( !EMAIL_ENABLED ){
Logger::getInstance()->warning("[EMAIL] Emails are disabled");
return "WARNING_EMAILS_DISABLED";
}
function send_email_with_activation_link($email, $key, $username, $algo)
{
if (!EMAIL_ENABLED) {
Logger::getInstance()->warning("[EMAIL] Emails are disabled");
return "WARNING_EMAILS_DISABLED";
}
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
$link = $pageURL . EMAIL_ACTIVATION_LINK;
$link = str_replace("%key%", $key, $link);
$link = str_replace("%username%", $username, $link);
$link = str_replace("%algo%", $algo, $link);
Logger::getInstance()->debug("[EMAIL] Activation link is " . $link);
$body = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY);
Logger::getInstance()->debug("[EMAIL] Activation body is " . $body);
$body_html = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY_HTML);
Logger::getInstance()->debug("[EMAIL] Activation html body is " . $body_html);
send_email($email, EMAIL_ACTIVATION_SUBJECT, $body, $body_html);
Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to activate the account");
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {
$pageURL .= "s";
}
$pageURL .= "://";
$link = $pageURL . EMAIL_ACTIVATION_LINK;
$link = str_replace("%key%", $key, $link);
$link = str_replace("%username%", $username, $link);
$link = str_replace("%algo%", $algo, $link);
Logger::getInstance()->debug("[EMAIL] Activation link is " . $link);
$body = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY);
Logger::getInstance()->debug("[EMAIL] Activation body is " . $body);
$body_html = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY_HTML);
Logger::getInstance()->debug("[EMAIL] Activation html body is " . $body_html);
send_email($email, EMAIL_ACTIVATION_SUBJECT, $body, $body_html);
Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to activate the account");
}
function send_email_with_recover_key($email, $key) {
if( !EMAIL_ENABLED ){
Logger::getInstance()->warning("[EMAIL] Emails are disabled");
return "WARNING_EMAILS_DISABLED";
}
$body = str_replace("%key%", $key, EMAIL_RECOVERY_BODY);
Logger::getInstance()->debug("[EMAIL] Recovery body is " . $body);
$body_html = str_replace("%key%", $key, EMAIL_RECOVERY_BODY_HTML);
Logger::getInstance()->debug("[EMAIL] Recovery html body is " . $body_html);
send_email($email, EMAIL_RECOVERY_SUBJECT, $body, $body_html);
Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to recover the account");
}
function send_email_with_recover_key($email, $key)
{
if (!EMAIL_ENABLED) {
Logger::getInstance()->warning("[EMAIL] Emails are disabled");
return "WARNING_EMAILS_DISABLED";
}
?>
$body = str_replace("%key%", $key, EMAIL_RECOVERY_BODY);
Logger::getInstance()->debug("[EMAIL] Recovery body is " . $body);
$body_html = str_replace("%key%", $key, EMAIL_RECOVERY_BODY_HTML);
Logger::getInstance()->debug("[EMAIL] Recovery html body is " . $body_html);
send_email($email, EMAIL_RECOVERY_SUBJECT, $body, $body_html);
Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to recover the account");
}

95
src/misc/geoloc.php
View file

@ -1,60 +1,61 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../config/config.php';
class Geoloc {
static function getGeolocInfosFromIp($ip_address){
if($ip_address == "::1" || $ip_address == "127.0.0.1" || $ip_address == "localhost"){
$service_url = 'https://ipecho.net/plain';
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
$info = curl_getinfo($curl);
curl_close($curl);
Logger::getInstance()->error('Error occured during curl exec (getting public ip of server). Additionnal info: ' . var_export($info));
return false;
} else{
Logger::getInstance()->debug("Getting external public ip from ipecho.net= " . $curl_response);
$ip_address = $curl_response;
}
curl_close($curl);
}
$service_url = 'http://api.ipapi.com/' . $ip_address .'?access_key='. GEOLOC_ACCESS_KEY .'&fields=country_code,country_name';
Logger::getInstance()->debug("Getting geoloc infos for ip after parse if=" . $ip_address);
Logger::getInstance()->debug("Geoloc url = " . $service_url);
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
$info = curl_getinfo($curl);
class Geoloc
{
public static function getGeolocInfosFromIp($ip_address)
{
if ($ip_address == "::1" || $ip_address == "127.0.0.1" || $ip_address == "localhost") {
$service_url = 'https://ipecho.net/plain';
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
$info = curl_getinfo($curl);
curl_close($curl);
Logger::getInstance()->error('Error occured during curl exec (getting public ip of server). Additionnal info: ' . var_export($info));
return false;
} else {
Logger::getInstance()->debug("Getting external public ip from ipecho.net= " . $curl_response);
$ip_address = $curl_response;
}
curl_close($curl);
}
$service_url = 'http://api.ipapi.com/' . $ip_address .'?access_key='. GEOLOC_ACCESS_KEY .'&fields=country_code,country_name';
Logger::getInstance()->debug("Getting geoloc infos for ip after parse if=" . $ip_address);
Logger::getInstance()->debug("Geoloc url = " . $service_url);
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
$info = curl_getinfo($curl);
curl_close($curl);
Logger::getInstance()->error('Error occured during curl exec (geoloc). Additionnal info: ' . var_export($info));
return false;
}
curl_close($curl);
Logger::getInstance()->error('Error occured during curl exec (geoloc). Additionnal info: ' . var_export($info));
return false;
}
curl_close($curl);
Logger::getInstance()->debug('geoloc, curl response : ' . $curl_response);
$decoded = json_decode($curl_response);
Logger::getInstance()->debug('geoloc, curl response : ' . $curl_response);
$decoded = json_decode($curl_response);
return $decoded;
}
return $decoded;
}
}

131
src/misc/logging.php
View file

@ -1,88 +1,93 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../config/config.php';
class Logger {
private static $instance = null;
class Logger
{
private static $instance = null;
private $log_file;
public function __construct() {
public function __construct()
{
if (!LOGS_ENABLED) {
return;
}
if (USE_ONE_LOG_FILE) {
$this->log_file = LOG_FILE;
} else {
if (!file_exists(LOG_DIR)) {
mkdir(LOG_DIR, 0777, true);
}
$this->log_file = LOG_DIR . "/" . date('d-M-Y') . '.logs';
}
}
return;
}
if (USE_ONE_LOG_FILE) {
$this->log_file = LOG_FILE;
} else {
if (!file_exists(LOG_DIR)) {
mkdir(LOG_DIR, 0777, true);
}
$this->log_file = LOG_DIR . "/" . date('d-M-Y') . '.logs';
}
}
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new Logger();
}
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new Logger();
}
return self::$instance;
}
return self::$instance;
}
private function mylog($level, $message) {
if (!LOGS_ENABLED) {
return;
}
private function mylog($level, $message)
{
if (!LOGS_ENABLED) {
return;
}
if (is_array($message)) {
$message = implode(" ", $message);
}
if (is_array($message)) {
$message = implode(" ", $message);
}
$now = getdate();
$month = sprintf("%02d", $now["mon"]);
$day = sprintf("%02d", $now["mday"]);
$hours = sprintf("%02d", $now["hours"]);
$minutes = sprintf("%02d", $now["minutes"]);
$seconds = sprintf("%02d", $now["seconds"]);
$log_msg = "[" . $day . "/" . $month . "/" . $now["year"] . " " . $hours . ":" . $minutes . ":" . $seconds . "] [" . $level . "] " . $message . "\r\n";
$now = getdate();
$month = sprintf("%02d", $now["mon"]);
$day = sprintf("%02d", $now["mday"]);
$hours = sprintf("%02d", $now["hours"]);
$minutes = sprintf("%02d", $now["minutes"]);
$seconds = sprintf("%02d", $now["seconds"]);
$log_msg = "[" . $day . "/" . $month . "/" . $now["year"] . " " . $hours . ":" . $minutes . ":" . $seconds . "] [" . $level . "] " . $message . "\r\n";
file_put_contents($this->log_file, $log_msg, FILE_APPEND);
}
file_put_contents($this->log_file, $log_msg, FILE_APPEND);
}
function error($message) {
$this->mylog("Error", $message);
}
public function error($message)
{
$this->mylog("Error", $message);
}
function warning($message) {
$this->mylog("Warning", $message);
}
public function warning($message)
{
$this->mylog("Warning", $message);
}
function message($message) {
$this->mylog("Message", $message);
}
public function message($message)
{
$this->mylog("Message", $message);
}
function debug($message) {
$this->mylog("Debug", $message);
}
public function debug($message)
{
$this->mylog("Debug", $message);
}
}
?>

87
src/misc/results_values.php
View file

@ -1,83 +1,80 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
define ("OK", "OK");
define ("NOK", "NOK");
define ("OK_ALIAS", "OK_ALIAS");
define ("OK_ACCOUNT", "OK_ACCOUNT");
define("OK", "OK");
define("NOK", "NOK");
define("OK_ALIAS", "OK_ALIAS");
define("OK_ACCOUNT", "OK_ACCOUNT");
/* Parameter related */
define ("MISSING_PHONE_PARAM", "ERROR_PHONE_PARAMETER_NOT_FOUND");
define ("MISSING_USERNAME_PARAM", "ERROR_USERNAME_PARAMETER_NOT_FOUND");
define ("MISSING_EMAIL_PARAM", "ERROR_EMAIL_PARAMETER_NOT_FOUND");
define ("EMAIL_UNCHANGED", "ERROR_EMAIL_NEW_SAME_AS_OLD");
define("MISSING_PHONE_PARAM", "ERROR_PHONE_PARAMETER_NOT_FOUND");
define("MISSING_USERNAME_PARAM", "ERROR_USERNAME_PARAMETER_NOT_FOUND");
define("MISSING_EMAIL_PARAM", "ERROR_EMAIL_PARAMETER_NOT_FOUND");
define("EMAIL_UNCHANGED", "ERROR_EMAIL_NEW_SAME_AS_OLD");
/* Parameter not available because already in use */
define ("PHONE_TAKEN", "ERROR_ALIAS_ALREADY_IN_USE");
define ("USERNAME_TAKEN", "ERROR_ACCOUNT_ALREADY_IN_USE");
define ("EMAIL_TAKEN", "ERROR_EMAIL_ALREADY_IN_USE");
define("PHONE_TAKEN", "ERROR_ALIAS_ALREADY_IN_USE");
define("USERNAME_TAKEN", "ERROR_ACCOUNT_ALREADY_IN_USE");
define("EMAIL_TAKEN", "ERROR_EMAIL_ALREADY_IN_USE");
/* Object not found */
define ("ALIAS_NOT_FOUND", "ERROR_ALIAS_DOESNT_EXIST");
define ("ACCOUNT_NOT_FOUND", "ERROR_ACCOUNT_DOESNT_EXIST");
define ("PASSWORD_NOT_FOUND", "ERROR_PASSWORD_NOT_FOUND");
define ("USERINFO_NOT_FOUND", "ERROR_USERINFO_NOT_FOUND");
define("ALIAS_NOT_FOUND", "ERROR_ALIAS_DOESNT_EXIST");
define("ACCOUNT_NOT_FOUND", "ERROR_ACCOUNT_DOESNT_EXIST");
define("PASSWORD_NOT_FOUND", "ERROR_PASSWORD_NOT_FOUND");
define("USERINFO_NOT_FOUND", "ERROR_USERINFO_NOT_FOUND");
/* Equality check failure */
define ("KEY_DOESNT_MATCH", "ERROR_KEY_DOESNT_MATCH");
define ("PASSWORD_DOESNT_MATCH", "ERROR_PASSWORD_DOESNT_MATCH");
define ("EMAIL_DOESNT_MATCH", "ERROR_EMAIL_DOESNT_MATCH");
define ("ALIAS_DOESNT_MATCH", "ERROR_ALIAS_DOESNT_MATCH");
define("KEY_DOESNT_MATCH", "ERROR_KEY_DOESNT_MATCH");
define("PASSWORD_DOESNT_MATCH", "ERROR_PASSWORD_DOESNT_MATCH");
define("EMAIL_DOESNT_MATCH", "ERROR_EMAIL_DOESNT_MATCH");
define("ALIAS_DOESNT_MATCH", "ERROR_ALIAS_DOESNT_MATCH");
/* Disabled features */
define ("TEST_ACCOUNTS_DISABLED", "ERROR_NON_TEST_ACCOUNTS_UNAUTHORIZED");
define ("SMS_DISABLED", "ERROR_SMS_API_DISABLED");
define ("ALGO_NOT_SUPPORTED", "ERROR_ALGO_NOT_SUPPORTED");
define("TEST_ACCOUNTS_DISABLED", "ERROR_NON_TEST_ACCOUNTS_UNAUTHORIZED");
define("SMS_DISABLED", "ERROR_SMS_API_DISABLED");
define("ALGO_NOT_SUPPORTED", "ERROR_ALGO_NOT_SUPPORTED");
/* Unexpected state */
define ("ACCOUNT_ALREADY_ACTIVATED", "ERROR_ACCOUNT_ALREADY_ACTIVATED");
define ("ACCOUNT_NOT_YET_ACTIVATED", "ERROR_ACCOUNT_NOT_ACTIVATED");
define ("ACCOUNT_RECOVERY_IMPOSSIBLE", "ERROR_CANT_RECOVER_ACCOUNT");
define("ACCOUNT_ALREADY_ACTIVATED", "ERROR_ACCOUNT_ALREADY_ACTIVATED");
define("ACCOUNT_NOT_YET_ACTIVATED", "ERROR_ACCOUNT_NOT_ACTIVATED");
define("ACCOUNT_RECOVERY_IMPOSSIBLE", "ERROR_CANT_RECOVER_ACCOUNT");
/* Format error */
define ("PHONE_NOT_E164", "ERROR_PHONE_ISNT_E164");
define("PHONE_NOT_E164", "ERROR_PHONE_ISNT_E164");
/* SMS error */
define ("MAX_SMS_ALLOWED_EXCEEDED", "ERROR_MAX_SMS_EXCEEDED");
define ("SMS_API_FAILURE", "ERROR_CANT_SEND_SMS");
define("MAX_SMS_ALLOWED_EXCEEDED", "ERROR_MAX_SMS_EXCEEDED");
define("SMS_API_FAILURE", "ERROR_CANT_SEND_SMS");
/* Geoloc error */
define ("GEOLOC_FAILED", "ERROR_GEOLOC_FAILED");
define("GEOLOC_FAILED", "ERROR_GEOLOC_FAILED");
/* Other error */
define ('SHA256_PASSWORD_ALREADY_EXISTS', 'ERROR_SHA256_PASSWORD_ALREADY_EXISTS');
?>
define('SHA256_PASSWORD_ALREADY_EXISTS', 'ERROR_SHA256_PASSWORD_ALREADY_EXISTS');

278
src/misc/sms.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
// The following can't be put inside a function...
@ -31,149 +31,151 @@ include_once __DIR__ . '/utilities.php';
// Internationalization
function get_sms_string_for_lang($lang) {
global $SMS_OVH_TEMPLATE;
if (isset($SMS_OVH_TEMPLATE[$lang])) {
return $SMS_OVH_TEMPLATE[$lang];
}
Logger::getInstance()->warning("SMS template not found for lang " . $lang . ", using US template");
return SMS_OVH_US_TEMPLATE;
function get_sms_string_for_lang($lang)
{
global $SMS_OVH_TEMPLATE;
if (isset($SMS_OVH_TEMPLATE[$lang])) {
return $SMS_OVH_TEMPLATE[$lang];
}
Logger::getInstance()->warning("SMS template not found for lang " . $lang . ", using US template");
return SMS_OVH_US_TEMPLATE;
}
// SMS API
function send_sms_ovh($phone, $key, $lang) {
if (!SMS_API_ENABLED) {
Logger::getInstance()->warning("[SMS] SMS API disabled");
return SMS_DISABLED;
}
function send_sms_ovh($phone, $key, $lang)
{
if (!SMS_API_ENABLED) {
Logger::getInstance()->warning("[SMS] SMS API disabled");
return SMS_DISABLED;
}
$sms = new SmsApi(SMS_OVH_API_KEY, SMS_OVH_API_SECRET, SMS_OVH_ENDPOINT, SMS_OVH_CONSUMER_KEY);
$accounts = $sms->getAccounts();
$sms->setAccount($accounts[0]);
if (SMS_USE_SENDER) {
$senders = $sms->getSenders();
$sms = new SmsApi(SMS_OVH_API_KEY, SMS_OVH_API_SECRET, SMS_OVH_ENDPOINT, SMS_OVH_CONSUMER_KEY);
$accounts = $sms->getAccounts();
$sms->setAccount($accounts[0]);
if (SMS_USE_SENDER) {
$senders = $sms->getSenders();
/* The account must be validated in the OVH interface and by OVH itself */
if (count($senders) == 0) {
Logger::getInstance()->warning("[SMS] No sender found, creating one " . SMS_OVH_SENDER . " / " . SMS_OVH_REASON . " : " . SMS_OVH_DESC);
$sms->addSender(SMS_OVH_SENDER, SMS_OVH_REASON, SMS_OVH_DESC);
$senders = $sms->getSenders();
}
}
/* The account must be validated in the OVH interface and by OVH itself */
if (count($senders) == 0) {
Logger::getInstance()->warning("[SMS] No sender found, creating one " . SMS_OVH_SENDER . " / " . SMS_OVH_REASON . " : " . SMS_OVH_DESC);
$sms->addSender(SMS_OVH_SENDER, SMS_OVH_REASON, SMS_OVH_DESC);
$senders = $sms->getSenders();
}
}
$message = $sms->createMessage();
if (SMS_USE_SENDER && count($senders) > 0) {
foreach ($senders as $sender) {
if ($sender == SMS_OVH_SENDER) {
if ($sms->checkSender($sender)) {
// Check if sender exists and is valid, otherwise it will create an exception and sms won't be sent
Logger::getInstance()->message("[SMS] Found valid sender " . $sender . ", using it");
$message->setSender($sender);
break;
} else {
Logger::getInstance()->error("[SMS] Found sender " . $sender . " but it is not valid");
}
}
}
}
$message->addReceiver($phone);
$message->setIsMarketing(FALSE);
$message = $sms->createMessage();
if (SMS_USE_SENDER && count($senders) > 0) {
foreach ($senders as $sender) {
if ($sender == SMS_OVH_SENDER) {
if ($sms->checkSender($sender)) {
// Check if sender exists and is valid, otherwise it will create an exception and sms won't be sent
Logger::getInstance()->message("[SMS] Found valid sender " . $sender . ", using it");
$message->setSender($sender);
break;
} else {
Logger::getInstance()->error("[SMS] Found sender " . $sender . " but it is not valid");
}
}
}
}
$message->addReceiver($phone);
$message->setIsMarketing(false);
$text = get_sms_string_for_lang($lang);
$text = str_replace("#CODE#", $key, $text);
$result = $message->send($text);
$text = get_sms_string_for_lang($lang);
$text = str_replace("#CODE#", $key, $text);
$result = $message->send($text);
$credits_removed = $result['totalCreditsRemoved'];
Logger::getInstance()->message("[SMS] " . $credits_removed . " credit removed");
$invalid_receiver = $result['invalidReceivers'];
$valid_receiver = $result['validReceivers'];
if (count($invalid_receiver) > 0) {
Logger::getInstance()->error("[SMS] phone number " . $phone . " seems invalid");
} else if (count($valid_receiver) > 0) {
Logger::getInstance()->message("[SMS] " . $text . " sent to " . $phone);
} else {
Logger::getInstance()->warning("[SMS] Both valid and invalid receiver lists are empty...");
}
$credits_removed = $result['totalCreditsRemoved'];
Logger::getInstance()->message("[SMS] " . $credits_removed . " credit removed");
$invalid_receiver = $result['invalidReceivers'];
$valid_receiver = $result['validReceivers'];
if (count($invalid_receiver) > 0) {
Logger::getInstance()->error("[SMS] phone number " . $phone . " seems invalid");
} elseif (count($valid_receiver) > 0) {
Logger::getInstance()->message("[SMS] " . $text . " sent to " . $phone);
} else {
Logger::getInstance()->warning("[SMS] Both valid and invalid receiver lists are empty...");
}
}
function send_sms_legacy($phone, $password) {
if (!SMS_API_ENABLED) {
Logger::getInstance()->warning("[SMS] SMS API disabled");
return SMS_DISABLED;
}
function send_sms_legacy($phone, $password)
{
if (!SMS_API_ENABLED) {
Logger::getInstance()->warning("[SMS] SMS API disabled");
return SMS_DISABLED;
}
$url = SMS_API_URL;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_USERPWD, SMS_API_USERNAME . ":" . SMS_API_PASSWORD);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded'
));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'mobile' => $phone,
'password' => $password,
)));
$result = curl_exec($ch);
Logger::getInstance()->message("[SMS] SMS confirmation sent to " . $phone . " using password " . $password . ", request result is " . $result);
curl_close($ch);
$url = SMS_API_URL;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_USERPWD, SMS_API_USERNAME . ":" . SMS_API_PASSWORD);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded'
));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'mobile' => $phone,
'password' => $password,
)));
$result = curl_exec($ch);
Logger::getInstance()->message("[SMS] SMS confirmation sent to " . $phone . " using password " . $password . ", request result is " . $result);
curl_close($ch);
}
function send_sms($phone, $key, $lang) {
if (!SMS_API_ENABLED) {
Logger::getInstance()->warning("[SMS] SMS API disabled");
return SMS_DISABLED;
}
function send_sms($phone, $key, $lang)
{
if (!SMS_API_ENABLED) {
Logger::getInstance()->warning("[SMS] SMS API disabled");
return SMS_DISABLED;
}
if (startswith($phone, TESTS_PHONE_PREFIX)) {
Logger::getInstance()->error("[SMS] Not sending sms to fake number used for tests purposes: " . $phone);
return TEST_ACCOUNTS_DISABLED;
}
if (startswith($phone, TESTS_PHONE_PREFIX)) {
Logger::getInstance()->error("[SMS] Not sending sms to fake number used for tests purposes: " . $phone);
return TEST_ACCOUNTS_DISABLED;
}
$now_date = new DateTime('now');
$now = $now_date->getTimestamp() * 1000;
$now_date = new DateTime('now');
$now = $now_date->getTimestamp() * 1000;
$database = new Database();
$db = $database->getConnection();
$sms = new SMS($db);
$sms->phone = $phone;
$database = new Database();
$db = $database->getConnection();
$sms = new SMS($db);
$sms->phone = $phone;
if ($sms->getOne()) {
$diff = $now - $sms->last_sms;
if ($sms->count >= SMS_COUNT_LIMIT_IN_PERIOD and $diff < SMS_TIME_PERIOD) {
Logger::getInstance()->error("[SMS] Last sms was sent at " . $sms->last_sms . ", time elapsed since then is " . $diff . "ms which is less than the configured time period " . SMS_TIME_PERIOD);
return MAX_SMS_ALLOWED_EXCEEDED;
} else if ($diff >= SMS_TIME_PERIOD) {
$sms->last_sms = $now;
$sms->count = 1;
$sms->update();
} else {
$sms->count = $sms->count + 1;
$sms->update();
}
} else {
$sms->last_sms = $now;
$sms->count = 1;
$sms->create();
}
if ($sms->getOne()) {
$diff = $now - $sms->last_sms;
if ($sms->count >= SMS_COUNT_LIMIT_IN_PERIOD and $diff < SMS_TIME_PERIOD) {
Logger::getInstance()->error("[SMS] Last sms was sent at " . $sms->last_sms . ", time elapsed since then is " . $diff . "ms which is less than the configured time period " . SMS_TIME_PERIOD);
return MAX_SMS_ALLOWED_EXCEEDED;
} elseif ($diff >= SMS_TIME_PERIOD) {
$sms->last_sms = $now;
$sms->count = 1;
$sms->update();
} else {
$sms->count = $sms->count + 1;
$sms->update();
}
} else {
$sms->last_sms = $now;
$sms->count = 1;
$sms->create();
}
if (SMS_OVH_API_KEY != NULL && SMS_OVH_API_KEY != "" && SMS_OVH_API_SECRET != NULL && SMS_OVH_API_SECRET != "" && SMS_OVH_CONSUMER_KEY != NULL && SMS_OVH_CONSUMER_KEY != "" && SMS_OVH_ENDPOINT != NULL && SMS_OVH_ENDPOINT != "") {
try {
send_sms_ovh($phone, $key, $lang);
return OK;
} catch (Exception $e) {
Logger::getInstance()->error("[OVH-SMS] Exception: " . $e->getMessage());
}
} else if (SMS_API_URL != NULL && SMS_API_URL != "" && SMS_API_USERNAME != NULL && SMS_API_USERNAME != "" && SMS_API_PASSWORD != NULL && SMS_API_PASSWORD != "") {
send_sms_legacy($phone, $key);
return OK;
} else {
Logger::getInstance()->error("[SMS] No SMS API configured, discarding sms...");
return OK;
}
return SMS_API_FAILURE;
if (SMS_OVH_API_KEY != null && SMS_OVH_API_KEY != "" && SMS_OVH_API_SECRET != null && SMS_OVH_API_SECRET != "" && SMS_OVH_CONSUMER_KEY != null && SMS_OVH_CONSUMER_KEY != "" && SMS_OVH_ENDPOINT != null && SMS_OVH_ENDPOINT != "") {
try {
send_sms_ovh($phone, $key, $lang);
return OK;
} catch (Exception $e) {
Logger::getInstance()->error("[OVH-SMS] Exception: " . $e->getMessage());
}
} elseif (SMS_API_URL != null && SMS_API_URL != "" && SMS_API_USERNAME != null && SMS_API_USERNAME != "" && SMS_API_PASSWORD != null && SMS_API_PASSWORD != "") {
send_sms_legacy($phone, $key);
return OK;
} else {
Logger::getInstance()->error("[SMS] No SMS API configured, discarding sms...");
return OK;
}
return SMS_API_FAILURE;
}
?>

96
src/misc/user_info.php
View file

@ -13,64 +13,64 @@ include_once __DIR__ . '/geoloc.php';
include_once __DIR__ . '/results_values.php';
// args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
function update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo) {
function update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo)
{
Logger::getInstance()->message("update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")");
Logger::getInstance()->message("update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")");
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
Logger::getInstance()->debug("userInfo : Account after get one " . $account);
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
Logger::getInstance()->debug("userInfo : Account after get one " . $account);
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!password_match($ha1, $password->password)) {
return PASSWORD_DOESNT_MATCH;
}
if (!password_match($ha1, $password->password)) {
return PASSWORD_DOESNT_MATCH;
}
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
if (ENABLE_NEW_ACCOUNTS_GEOLOC) {
Logger::getInstance()->debug("userInfo : Account ip after enable geoloc if " . $account->ip_address);
$country_infos = Geoloc::getGeolocInfosFromIp($account->ip_address);
if ($country_infos) {
$user_info->country_code = $country_infos->country_code;
$user_info->country_name = $country_infos->country_name;
}
//error message is displayed from geoloc method.
else {
return GEOLOC_FAILED;
}
Logger::getInstance()->debug("Getting geoloc infos : country_code=".
$country_infos->country_code . ' country_name=' . $country_infos->country_name);
}
if(ENABLE_NEW_ACCOUNTS_GEOLOC){
Logger::getInstance()->debug("userInfo : Account ip after enable geoloc if " . $account->ip_address);
$country_infos = Geoloc::getGeolocInfosFromIp($account->ip_address);
if($country_infos){
$user_info->country_code = $country_infos->country_code;
$user_info->country_name = $country_infos->country_name;
}
//error message is displayed from geoloc method.
else{
return GEOLOC_FAILED;
}
Logger::getInstance()->debug("Getting geoloc infos : country_code=".
$country_infos->country_code . ' country_name=' . $country_infos->country_name);
}
$update = $user_info->getOne();
$update = $user_info->getOne();
$user_info->firstname = $firstname;
$user_info->lastname = $lastname;
$user_info->gender = $gender;
$user_info->subscribe = $subscribe;
$user_info->firstname = $firstname;
$user_info->lastname = $lastname;
$user_info->gender = $gender;
$user_info->subscribe = $subscribe;
if ($update) {
$user_info->update();
} else {
$user_info->create();
}
if ($update) {
$user_info->update();
} else {
$user_info->create();
}
return OK;
return OK;
}

250
src/misc/utilities.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../config/config.php';
@ -23,135 +23,154 @@ include_once __DIR__ . '/../objects/account.php';
include_once __DIR__ . '/logging.php';
if (EMAIL_ENABLED) {
include_once __DIR__ . '/email.php';
include_once __DIR__ . '/email.php';
}
if (SMS_API_ENABLED) {
include_once __DIR__ . '/sms.php';
include_once __DIR__ . '/sms.php';
}
define('CLEAR', 'clrtxt');
define('MD5', 'MD5');
define('SHA256', 'SHA-256');
function startswith($hay, $needle) {
return substr($hay, 0, strlen($needle)) === $needle;
function startswith($hay, $needle)
{
return substr($hay, 0, strlen($needle)) === $needle;
}
function endswith($hay, $needle) {
return $needle === "" || (($temp = strlen($hay) - strlen($needle)) >= 0 and strpos($hay, $needle, $temp) !== FALSE);
function endswith($hay, $needle)
{
return $needle === "" || (($temp = strlen($hay) - strlen($needle)) >= 0 and strpos($hay, $needle, $temp) !== false);
}
function getIp() {
$ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $ip;
}
function get_trial_expiration_date() {
$expiration_date = new DateTime('now +' . TRIAL_DURATION_DAYS . ' days');
$expiration = $expiration_date->getTimestamp() * 1000;
return $expiration;
function getIp()
{
$ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $ip;
}
function is_activated($activated) {
return $activated == "1" || $activated == 1 || $activated;
function get_trial_expiration_date()
{
$expiration_date = new DateTime('now +' . TRIAL_DURATION_DAYS . ' days');
$expiration = $expiration_date->getTimestamp() * 1000;
return $expiration;
}
function is_activated($activated)
{
return $activated == "1" || $activated == 1 || $activated;
}
// XMLRPC parameters
function check_parameter($param, $param_name = "username") {
if ($param == NULL || $param == "") {
Logger::getInstance()->warning("Parameter " . $param_name . " is missing");
return false;
}
return true;
}
function get_algo($algo) {
if ($algo == NULL || $algo == "") {
Logger::getInstance()->warning("Algo parameter wasn't found, assume " . DEFAULT_ALGORITHM);
return DEFAULT_ALGORITHM;
}
if ($algo == MD5 || $algo == SHA256 || $algo == CLEAR) {
return $algo;
}
Logger::getInstance()->error("Algo " . $algo . " is not supported");
return NULL;
function check_parameter($param, $param_name = "username")
{
if ($param == null || $param == "") {
Logger::getInstance()->warning("Parameter " . $param_name . " is missing");
return false;
}
return true;
}
function get_domain($param) {
if ($param == NULL || $param == "") {
Logger::getInstance()->warning("Domain parameter wasn't found, assume " . SIP_DOMAIN);
$param = SIP_DOMAIN;
}
return $param;
function get_algo($algo)
{
if ($algo == null || $algo == "") {
Logger::getInstance()->warning("Algo parameter wasn't found, assume " . DEFAULT_ALGORITHM);
return DEFAULT_ALGORITHM;
}
if ($algo == MD5 || $algo == SHA256 || $algo == CLEAR) {
return $algo;
}
Logger::getInstance()->error("Algo " . $algo . " is not supported");
return null;
}
function get_lang($param) {
if ($param == NULL || $param == "") {
Logger::getInstance()->warning("lang parameter wasn't found, use US");
return 'US';
} else if (strlen($param) > 2) {
$param = substr($param, 0, 2);
}
return strtoupper($param);
function get_domain($param)
{
if ($param == null || $param == "") {
Logger::getInstance()->warning("Domain parameter wasn't found, assume " . SIP_DOMAIN);
$param = SIP_DOMAIN;
}
return $param;
}
function get_lang($param)
{
if ($param == null || $param == "") {
Logger::getInstance()->warning("lang parameter wasn't found, use US");
return 'US';
} elseif (strlen($param) > 2) {
$param = substr($param, 0, 2);
}
return strtoupper($param);
}
// Password
function hash_password($user, $password, $domain, $algo) {
$hashed_password = $password;
if ($algo == "" || $algo == MD5) $hashed_password = hash("md5", $user . ":" . $domain . ":" . $password);
else if ($algo == SHA256) $hashed_password = hash("sha256", $user . ":" . $domain . ":" . $password);
else Logger::getInstance()->error("Algorithm not supported: " . $algo);
return $hashed_password;
}
function generate_password() {
$generated_password = substr(str_shuffle(GENERATED_PASSWORD_CHARACTERS), 0, GENERATED_PASSWORD_LENGTH);
return $generated_password;
}
function generate_4_digits_code() {
$generated_password = substr(str_shuffle("0123456789"), 0, 4);
return $generated_password;
function hash_password($user, $password, $domain, $algo)
{
$hashed_password = $password;
if ($algo == "" || $algo == MD5) {
$hashed_password = hash("md5", $user . ":" . $domain . ":" . $password);
} elseif ($algo == SHA256) {
$hashed_password = hash("sha256", $user . ":" . $domain . ":" . $password);
} else {
Logger::getInstance()->error("Algorithm not supported: " . $algo);
}
return $hashed_password;
}
function password_match($pwd1, $pwd2) {
if ($pwd1 != $pwd2) {
Logger::getInstance()->error("Password doesn't match");
return false;
}
return true;
function generate_password()
{
$generated_password = substr(str_shuffle(GENERATED_PASSWORD_CHARACTERS), 0, GENERATED_PASSWORD_LENGTH);
return $generated_password;
}
function is_key_matching($key, $account) {
$key_db = $account->confirmation_key;
if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) {
if ($key_db != INVALID_CONFIRMATION_KEY) {
$account->confirmation_key = INVALID_CONFIRMATION_KEY;
$account->update();
}
Logger::getInstance()->error("Key doesn't match");
return false;
}
function generate_4_digits_code()
{
$generated_password = substr(str_shuffle("0123456789"), 0, 4);
return $generated_password;
}
if (REMOVE_CONFIRMATION_KEY_AFTER_USE) {
// Key is one time only
$account->confirmation_key = INVALID_CONFIRMATION_KEY;
$account->update();
}
return true;
function password_match($pwd1, $pwd2)
{
if ($pwd1 != $pwd2) {
Logger::getInstance()->error("Password doesn't match");
return false;
}
return true;
}
function is_key_matching($key, $account)
{
$key_db = $account->confirmation_key;
if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) {
if ($key_db != INVALID_CONFIRMATION_KEY) {
$account->confirmation_key = INVALID_CONFIRMATION_KEY;
$account->update();
}
Logger::getInstance()->error("Key doesn't match");
return false;
}
if (REMOVE_CONFIRMATION_KEY_AFTER_USE) {
// Key is one time only
$account->confirmation_key = INVALID_CONFIRMATION_KEY;
$account->update();
}
return true;
}
// Time
function time_elapsed_as_string($secs) {
function time_elapsed_as_string($secs)
{
$bit = array(
'y' => $secs / 31556926 % 12,
'w' => $secs / 604800 % 52,
@ -159,12 +178,13 @@ function time_elapsed_as_string($secs) {
'h' => $secs / 3600 % 24,
'm' => $secs / 60 % 60,
's' => $secs % 60
);
foreach($bit as $k => $v)
if($v > 0) $ret[] = $v . $k;
);
foreach ($bit as $k => $v) {
if ($v > 0) {
$ret[] = $v . $k;
}
}
return join(' ', $ret);
}
?>

73
src/objects/account.php
View file

@ -1,29 +1,30 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class Account {
class Account
{
private $conn;
public $id;
public $username;
public $domain;
public $domain;
public $email;
public $activated;
public $confirmation_key;
@ -33,11 +34,13 @@ class Account {
public $expire_time;
public $alias;
public function __construct($db) {
public function __construct($db)
{
$this->conn = $db;
}
public function __toString() {
public function __toString()
{
$to_string = "Account: ";
if (!empty($this->id)) {
$to_string = $to_string . "id=" . $this->id . ", ";
@ -66,7 +69,8 @@ class Account {
return substr($to_string, 0, -2);
}
function dropTable() {
public function dropTable()
{
$query = "DROP TABLE IF EXISTS " . ACCOUNTS_DB_TABLE;
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -80,7 +84,8 @@ class Account {
return false;
}
function createTable() {
public function createTable()
{
$query = "CREATE TABLE IF NOT EXISTS " . ACCOUNTS_DB_TABLE . " (
id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT,
username VARCHAR(64) NOT NULL,
@ -105,7 +110,8 @@ class Account {
return false;
}
function delete() {
public function delete()
{
$query = "DELETE FROM " . ACCOUNTS_DB_TABLE . " WHERE id = ?";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -121,7 +127,8 @@ class Account {
return false;
}
function create() {
public function create()
{
$query = "INSERT INTO " . ACCOUNTS_DB_TABLE . " SET username=:username, domain=:domain, email=:email, activated=:activated,
confirmation_key=:confirmation_key, ip_address=:ip_address, user_agent=:user_agent, creation_time=:creation_time";
@ -164,7 +171,8 @@ class Account {
return false;
}
function update() {
public function update()
{
$query = "UPDATE " . ACCOUNTS_DB_TABLE . " SET username=:username, domain=:domain, activated=:activated";
if (!empty($this->email)) {
@ -213,7 +221,8 @@ class Account {
return false;
}
function getCount() {
public function getCount()
{
$query = "SELECT count(*) FROM " . ACCOUNTS_DB_TABLE;
$stmt = $this->conn->prepare($query);
Logger::getInstance()->debug("GetCount " . (string)$this);
@ -225,7 +234,8 @@ class Account {
return -1;
}
function getAll() {
public function getAll()
{
$query = "SELECT ac.id, ac.username, ac.domain, ac.activated, ac.confirmation_key, ac.email, al.alias FROM " . ACCOUNTS_DB_TABLE .
" ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id";
$stmt = $this->conn->prepare($query);
@ -234,24 +244,25 @@ class Account {
return $stmt;
}
function getOne() {
public function getOne()
{
$query = "SELECT ac.id, ac.username, ac.domain, ac.activated, ac.confirmation_key, ac.email, ac.ip_address, al.alias FROM " . ACCOUNTS_DB_TABLE .
" ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id";
if (!empty($this->id)) {
$query = $query . " WHERE ac.id = ?";
$this->id = htmlspecialchars(strip_tags($this->id));
} else if (!empty($this->username)) {
} elseif (!empty($this->username)) {
$query = $query . " WHERE ac.username = ?";
$this->username = htmlspecialchars(strip_tags($this->username));
if (!empty($this->domain)) {
$query = $query . " AND ac.domain = ?";
$this->domain = htmlspecialchars(strip_tags($this->domain));
}
} else if (!empty($this->email)) {
} elseif (!empty($this->email)) {
$query = $query . " WHERE ac.email = ?";
$this->email = htmlspecialchars(strip_tags($this->email));
} else if (!empty($this->confirmation_key)) {
} elseif (!empty($this->confirmation_key)) {
$query = $query . " WHERE ac.confirmation_key = ?";
$this->confirmation_key = htmlspecialchars(strip_tags($this->confirmation_key));
} else {
@ -264,14 +275,14 @@ class Account {
if (!empty($this->id)) {
$stmt->bindParam(1, $this->id);
} else if (!empty($this->username)) {
} elseif (!empty($this->username)) {
$stmt->bindParam(1, $this->username);
if (!empty($this->domain)) {
$stmt->bindParam(2, $this->domain);
}
} else if (!empty($this->email)) {
} elseif (!empty($this->email)) {
$stmt->bindParam(1, $this->email);
} else if (!empty($this->confirmation_key)) {
} elseif (!empty($this->confirmation_key)) {
$stmt->bindParam(1, $this->confirmation_key);
}
@ -298,5 +309,3 @@ class Account {
return false;
}
}
?>

78
src/objects/alias.php
View file

@ -1,36 +1,39 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class Alias {
class Alias
{
private $conn;
public $id;
public $account_id;
public $alias;
public $domain;
public function __construct($db) {
public $domain;
public function __construct($db)
{
$this->conn = $db;
}
public function __toString() {
public function __toString()
{
$to_string = "Alias: ";
if (!empty($this->id)) {
$to_string = $to_string . "id=" . $this->id . ", ";
@ -47,7 +50,8 @@ class Alias {
return substr($to_string, 0, -2);
}
function dropTable() {
public function dropTable()
{
$query = "DROP TABLE IF EXISTS " . ALIAS_DB_TABLE;
$stmt = $this->conn->prepare($query);
@ -59,7 +63,8 @@ class Alias {
return false;
}
function createTable() {
public function createTable()
{
$query = "CREATE TABLE IF NOT EXISTS " . ALIAS_DB_TABLE . " (
id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT,
account_id INTEGER(11) UNSIGNED NOT NULL,
@ -76,16 +81,17 @@ class Alias {
return false;
}
function delete() {
public function delete()
{
$query = "DELETE FROM " . ALIAS_DB_TABLE;
if (!empty($this->id)) {
$query = $query . " WHERE id = ?";
$this->id = htmlspecialchars(strip_tags($this->id));
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$query = $query . " WHERE account_id = ?";
$this->account_id = htmlspecialchars(strip_tags($this->account_id));
} else if (!empty($this->alias)) {
} elseif (!empty($this->alias)) {
$query = $query . " WHERE alias = ?";
$this->alias = htmlspecialchars(strip_tags($this->alias));
if (!empty($this->domain)) {
@ -102,9 +108,9 @@ class Alias {
if (!empty($this->id)) {
$stmt->bindParam(1, $this->id);
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$stmt->bindParam(1, $this->account_id);
} else if (!empty($this->alias)) {
} elseif (!empty($this->alias)) {
$stmt->bindParam(1, $this->alias);
if (!empty($this->domain)) {
$stmt->bindParam(2, $this->domain);
@ -119,7 +125,8 @@ class Alias {
return false;
}
function create() {
public function create()
{
$query = "INSERT INTO " . ALIAS_DB_TABLE . " SET account_id=:account_id, alias=:alias, domain=:domain";
$stmt = $this->conn->prepare($query);
@ -140,7 +147,8 @@ class Alias {
return false;
}
function update() {
public function update()
{
$query = "UPDATE " . ALIAS_DB_TABLE . " SET account_id=:account_id, alias=:alias, domain=:domain WHERE id=:id";
$stmt = $this->conn->prepare($query);
@ -164,7 +172,8 @@ class Alias {
return false;
}
function getAll() {
public function getAll()
{
$query = "SELECT id, account_id, alias, domain FROM " . ALIAS_DB_TABLE;
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -175,16 +184,17 @@ class Alias {
return $stmt;
}
function getOne() {
public function getOne()
{
$query = "SELECT id, account_id, alias, domain FROM " . ALIAS_DB_TABLE;
if (!empty($this->id)) {
$query = $query . " WHERE id = ?";
$this->id = htmlspecialchars(strip_tags($this->id));
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$query = $query . " WHERE account_id = ?";
$this->account_id = htmlspecialchars(strip_tags($this->account_id));
} else if (!empty($this->alias)) {
} elseif (!empty($this->alias)) {
$query = $query . " WHERE alias = ?";
$this->alias = htmlspecialchars(strip_tags($this->alias));
if (!empty($this->domain)) {
@ -196,15 +206,15 @@ class Alias {
}
$query = $query . " LIMIT 0,1";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$stmt = $this->conn->prepare($query);
if (!empty($this->id)) {
$stmt->bindParam(1, $this->id);
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$stmt->bindParam(1, $this->account_id);
} else if (!empty($this->alias)) {
} elseif (!empty($this->alias)) {
$stmt->bindParam(1, $this->alias);
if (!empty($this->domain)) {
$stmt->bindParam(2, $this->domain);
@ -229,5 +239,3 @@ class Alias {
return false;
}
}
?>

69
src/objects/device.php
View file

@ -1,38 +1,41 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class Device {
class Device
{
private $conn;
public $id;
public $manufacturer;
public $model;
public $status;
public $delay;
public $hardware_echo_canceller;
public function __construct($db) {
public $model;
public $status;
public $delay;
public $hardware_echo_canceller;
public function __construct($db)
{
$this->conn = $db;
}
public function __toString() {
public function __toString()
{
$to_string = "Device: ";
if (!empty($this->id)) {
$to_string = $to_string . "id=" . $this->id . ", ";
@ -55,7 +58,8 @@ class Device {
return substr($to_string, 0, -2);
}
function dropTable() {
public function dropTable()
{
$query = "DROP TABLE IF EXISTS " . DEVICES_DB_TABLE;
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -69,7 +73,8 @@ class Device {
return false;
}
function createTable() {
public function createTable()
{
$query = "CREATE TABLE IF NOT EXISTS " . DEVICES_DB_TABLE . " (
id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT,
manufacturer VARCHAR(64) NOT NULL,
@ -90,7 +95,8 @@ class Device {
return false;
}
function delete() {
public function delete()
{
$query = "DELETE FROM " . DEVICES_DB_TABLE . " WHERE id = ?";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -107,8 +113,9 @@ class Device {
return false;
}
function create() {
$query = "INSERT INTO " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status,
public function create()
{
$query = "INSERT INTO " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status,
delay=:delay, hardware_echo_canceller=:hardware_echo_canceller";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -135,13 +142,14 @@ class Device {
return false;
}
function update() {
$query = "UPDATE " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status,
public function update()
{
$query = "UPDATE " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status,
delay=:delay, hardware_echo_canceller=:hardware_echo_canceller WHERE id=:id";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$stmt = $this->conn->prepare($query);
$this->id = htmlspecialchars(strip_tags($this->id));
$this->manufacturer = htmlspecialchars(strip_tags($this->manufacturer));
$this->model = htmlspecialchars(strip_tags($this->model));
@ -164,7 +172,8 @@ class Device {
return false;
}
function getAll() {
public function getAll()
{
$query = "SELECT id, manufacturer, model, status, delay, hardware_echo_canceller FROM " . DEVICES_DB_TABLE;
$stmt = $this->conn->prepare($query);
Logger::getInstance()->debug("GetAll " . (string)$this);
@ -172,5 +181,3 @@ class Device {
return $stmt;
}
}
?>

76
src/objects/password.php
View file

@ -1,36 +1,39 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class Password {
class Password
{
private $conn;
public $id;
public $account_id;
public $password;
public $algorithm;
public function __construct($db) {
public $password;
public $algorithm;
public function __construct($db)
{
$this->conn = $db;
}
public function __toString() {
public function __toString()
{
$to_string = "Password: ";
if (!empty($this->id)) {
$to_string = $to_string . "id=" . $this->id . ", ";
@ -47,7 +50,8 @@ class Password {
return substr($to_string, 0, -2);
}
function dropTable() {
public function dropTable()
{
$query = "DROP TABLE IF EXISTS " . ACCOUNTS_ALGO_DB_TABLE;
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -61,7 +65,8 @@ class Password {
return false;
}
function createTable() {
public function createTable()
{
$query = "CREATE TABLE IF NOT EXISTS " . ACCOUNTS_ALGO_DB_TABLE . " (
id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT,
account_id INTEGER(11) UNSIGNED NOT NULL,
@ -80,13 +85,14 @@ class Password {
return false;
}
function delete() {
public function delete()
{
$query = "DELETE FROM " . ACCOUNTS_ALGO_DB_TABLE;
if (!empty($this->id)) {
$query = $query . " WHERE id = ?";
$this->id = htmlspecialchars(strip_tags($this->id));
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$query = $query . " WHERE account_id = ?";
$this->account_id = htmlspecialchars(strip_tags($this->account_id));
if (!empty($this->algorithm)) {
@ -99,11 +105,11 @@ class Password {
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$stmt = $this->conn->prepare($query);
$this->id = htmlspecialchars(strip_tags($this->id));
if (!empty($this->id)) {
$stmt->bindParam(1, $this->id);
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$stmt->bindParam(1, $this->account_id);
if (!empty($this->algorithm)) {
$stmt->bindParam(2, $this->algorithm);
@ -118,7 +124,8 @@ class Password {
return false;
}
function create() {
public function create()
{
$query = "INSERT INTO " . ACCOUNTS_ALGO_DB_TABLE . " SET account_id=:account_id, password=:password, algorithm=:algorithm";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -141,7 +148,8 @@ class Password {
return false;
}
function update() {
public function update()
{
$query = "UPDATE " . ACCOUNTS_ALGO_DB_TABLE . " SET account_id=:account_id, password=:password, algorithm=:algorithm WHERE id=:id";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -165,7 +173,8 @@ class Password {
return false;
}
function getAll() {
public function getAll()
{
$query = "SELECT id, password, algorithm FROM " . ACCOUNTS_ALGO_DB_TABLE . " WHERE account_id = ?";
$stmt = $this->conn->prepare($query);
@ -177,7 +186,8 @@ class Password {
return $stmt;
}
function getOne() {
public function getOne()
{
$query = "SELECT id, password, algorithm FROM " . ACCOUNTS_ALGO_DB_TABLE . " WHERE account_id = ?";
$this->account_id = htmlspecialchars(strip_tags($this->account_id));
@ -188,7 +198,7 @@ class Password {
$query = $query . " AND password = ?";
$this->password = htmlspecialchars(strip_tags($this->password));
}
} else if (!empty($this->password)) {
} elseif (!empty($this->password)) {
$query = $query . " AND password = ?";
$this->password = htmlspecialchars(strip_tags($this->password));
}
@ -203,7 +213,7 @@ class Password {
if (!empty($this->password)) {
$stmt->bindParam(3, $this->password);
}
} else if (!empty($this->password)) {
} elseif (!empty($this->password)) {
$stmt->bindParam(2, $this->password);
}
@ -219,10 +229,8 @@ class Password {
$this->password = $row['password'];
$this->algorithm = $row['algorithm'];
return true;
}
}
Logger::getInstance()->error($stmt->errorInfo());
return false;
}
}
?>

66
src/objects/sms.php
View file

@ -1,36 +1,39 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class SMS {
class SMS
{
private $conn;
public $id;
public $phone;
public $last_sms;
public $count;
public function __construct($db) {
public $last_sms;
public $count;
public function __construct($db)
{
$this->conn = $db;
}
public function __toString() {
public function __toString()
{
$to_string = "SMS: ";
if (!empty($this->id)) {
$to_string = $to_string . "id=" . $this->id . ", ";
@ -47,7 +50,8 @@ class SMS {
return substr($to_string, 0, -2);
}
function dropTable() {
public function dropTable()
{
$query = "DROP TABLE IF EXISTS " . SMS_DB_TABLE;
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -61,7 +65,8 @@ class SMS {
return false;
}
function createTable() {
public function createTable()
{
$query = "CREATE TABLE IF NOT EXISTS " . SMS_DB_TABLE . " (
id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT,
phone VARCHAR(64),
@ -80,7 +85,8 @@ class SMS {
return false;
}
function delete() {
public function delete()
{
$query = "DELETE FROM " . SMS_DB_TABLE . " WHERE id = ?";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -97,7 +103,8 @@ class SMS {
return false;
}
function create() {
public function create()
{
$query = "INSERT INTO " . SMS_DB_TABLE . " SET phone=:phone, last_sms=:last_sms, count=:count";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -120,12 +127,13 @@ class SMS {
return false;
}
function update() {
public function update()
{
$query = "UPDATE " . SMS_DB_TABLE . " SET phone=:phone, last_sms=:last_sms, count=:count WHERE id=:id";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$stmt = $this->conn->prepare($query);
$this->id = htmlspecialchars(strip_tags($this->id));
$this->phone = htmlspecialchars(strip_tags($this->phone));
$this->last_sms = htmlspecialchars(strip_tags($this->last_sms));
@ -144,7 +152,8 @@ class SMS {
return false;
}
function getAll() {
public function getAll()
{
$query = "SELECT id, phone, last_sms, count FROM " . SMS_DB_TABLE;
$stmt = $this->conn->prepare($query);
Logger::getInstance()->debug("GetAll " . (string)$this);
@ -152,7 +161,8 @@ class SMS {
return $stmt;
}
function getOne() {
public function getOne()
{
$query = "SELECT id, phone, last_sms, count FROM " . SMS_DB_TABLE . " WHERE phone = ?";
$stmt = $this->conn->prepare($query);
$this->phone = htmlspecialchars(strip_tags($this->phone));
@ -171,10 +181,8 @@ class SMS {
$this->last_sms = $row['last_sms'];
$this->count = $row['count'];
return true;
}
}
Logger::getInstance()->error($stmt->errorInfo());
return false;
}
}
?>

79
src/objects/user_info.php
View file

@ -1,24 +1,25 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class UserInfo {
class UserInfo
{
private $conn;
public $id;
@ -30,11 +31,13 @@ class UserInfo {
public $country_name;
public $subscribe;
public function __construct($db) {
public function __construct($db)
{
$this->conn = $db;
}
public function __toString() {
public function __toString()
{
$to_string = "UserInfo: ";
if (!empty($this->id)) {
$to_string .= "id=" . $this->id . ", ";
@ -63,7 +66,8 @@ class UserInfo {
return substr($to_string, 0, -2);
}
function dropTable() {
public function dropTable()
{
$query = "DROP TABLE IF EXISTS " . USER_INFO_DB_TABLE;
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -77,7 +81,8 @@ class UserInfo {
return false;
}
function createTable() {
public function createTable()
{
$query = "CREATE TABLE IF NOT EXISTS " . USER_INFO_DB_TABLE . " (
id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT,
account_id INTEGER(11) UNSIGNED NOT NULL,
@ -100,7 +105,8 @@ class UserInfo {
return false;
}
function delete() {
public function delete()
{
$query = "DELETE FROM " . USER_INFO_DB_TABLE . " WHERE id = ?";
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -116,11 +122,12 @@ class UserInfo {
return false;
}
function create() {
public function create()
{
$query = "INSERT INTO " . USER_INFO_DB_TABLE . " SET account_id=:account_id, firstname=:firstname, lastname=:lastname, gender=:gender, subscribe=:subscribe";
if(ENABLE_NEW_ACCOUNTS_GEOLOC){
$query .= ", country_code=:country_code, country_name=:country_name";
if (ENABLE_NEW_ACCOUNTS_GEOLOC) {
$query .= ", country_code=:country_code, country_name=:country_name";
}
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
@ -138,13 +145,12 @@ class UserInfo {
$stmt->bindParam(":gender", $this->gender);
$stmt->bindParam(":subscribe", $this->subscribe);
if(ENABLE_NEW_ACCOUNTS_GEOLOC){
if (ENABLE_NEW_ACCOUNTS_GEOLOC) {
$this->country_code = htmlspecialchars(strip_tags($this->country_code));
$this->country_name = htmlspecialchars(strip_tags($this->country_name));
$this->country_code = htmlspecialchars(strip_tags($this->country_code));
$this->country_name = htmlspecialchars(strip_tags($this->country_name));
$stmt->bindParam(":country_code", $this->country_code);
$stmt->bindParam(":country_name", $this->country_name);
$stmt->bindParam(":country_code", $this->country_code);
$stmt->bindParam(":country_name", $this->country_name);
}
Logger::getInstance()->debug("Creating " . (string)$this);
@ -156,7 +162,8 @@ class UserInfo {
return false;
}
function update() {
public function update()
{
$query = "UPDATE " . USER_INFO_DB_TABLE . " SET firstname=:firstname, lastname=:lastname, subscribe=:subscribe, gender=:gender";
$query = $query . " WHERE id=:id";
@ -184,7 +191,8 @@ class UserInfo {
return false;
}
function getAll() {
public function getAll()
{
$query = "SELECT id, account_id, firstname, lastname, gender, subscribe FROM " . USER_INFO_DB_TABLE;
$stmt = $this->conn->prepare($query);
Logger::getInstance()->debug("GetAll " . (string)$this);
@ -192,16 +200,17 @@ class UserInfo {
return $stmt;
}
function getOne() {
public function getOne()
{
$query = "SELECT id, account_id, firstname, lastname, gender, subscribe FROM " . USER_INFO_DB_TABLE;
if (!empty($this->id)) {
$query = $query . " WHERE id = ?";
$this->id = htmlspecialchars(strip_tags($this->id));
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$query = $query . " WHERE account_id = ?";
$this->account_id = htmlspecialchars(strip_tags($this->account_id));
} else if (!empty($this->lastname)) {
} elseif (!empty($this->lastname)) {
$query = $query . " WHERE lastname = ?";
$this->lastname = htmlspecialchars(strip_tags($this->lastname));
if (!empty($this->firstname)) {
@ -218,9 +227,9 @@ class UserInfo {
if (!empty($this->id)) {
$stmt->bindParam(1, $this->id);
} else if (!empty($this->account_id)) {
} elseif (!empty($this->account_id)) {
$stmt->bindParam(1, $this->account_id);
} else if (!empty($this->lastname)) {
} elseif (!empty($this->lastname)) {
$stmt->bindParam(1, $this->lastname);
if (!empty($this->firstname)) {
$stmt->bindParam(2, $this->firstname);
@ -249,5 +258,3 @@ class UserInfo {
return false;
}
}
?>

38
src/tools/create_tables.php
View file

@ -3,21 +3,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -30,35 +30,33 @@ include_once __DIR__ . '/../objects/user_info.php';
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
if (!$account->createTable()) {
Logger::getInstance()->error("Couldn't create account table");
}
$alias = new Alias($db);
if (!$alias->createTable()) {
Logger::getInstance()->error("Couldn't create alias table");
}
$device = new Device($db);
if (!$device->createTable()) {
Logger::getInstance()->error("Couldn't create device table");
}
$password = new Password($db);
if (!$password->createTable()) {
Logger::getInstance()->error("Couldn't create password table");
}
$sms = new SMS($db);
if (!$sms->createTable()) {
Logger::getInstance()->error("Couldn't create sms table");
}
$user_info = new UserInfo($db);
if (!$user_info->createTable()) {
Logger::getInstance()->error("Couldn't create user_info table");
}
?>

36
src/tools/drop_tables.php
View file

@ -3,21 +3,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -30,32 +30,32 @@ include_once __DIR__ . '/../objects/user_info.php';
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
if (!$account->dropTable()) {
Logger::getInstance()->error("Couldn't drop account table");
}
$alias = new Alias($db);
if (!$alias->dropTable()) {
Logger::getInstance()->error("Couldn't drop alias table");
}
$device = new Device($db);
if (!$device->dropTable()) {
Logger::getInstance()->error("Couldn't drop device table");
}
$password = new Password($db);
if (!$password->dropTable()) {
Logger::getInstance()->error("Couldn't drop password table");
}
$sms = new SMS($db);
if (!$sms->dropTable()) {
Logger::getInstance()->error("Couldn't drop sms table");
}
$user_info = new UserInfo($db);
if (!$user_info->dropTable()) {
Logger::getInstance()->error("Couldn't drop user_info table");

220
src/tools/migrate_accounts.php
View file

@ -3,21 +3,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -34,11 +34,11 @@ $db = $database->getConnection();
$old_db = null;
try {
$old_db = new PDO("mysql:host=" . DB_HOST . ";dbname=belledonne_proxy", DB_USER, DB_PASSWORD);
$old_db->exec("set names utf8");
} catch(PDOException $exception) {
Logger::getInstance()->error("Connection error: " . $exception->getMessage());
return;
$old_db = new PDO("mysql:host=" . DB_HOST . ";dbname=belledonne_proxy", DB_USER, DB_PASSWORD);
$old_db->exec("set names utf8");
} catch (PDOException $exception) {
Logger::getInstance()->error("Connection error: " . $exception->getMessage());
return;
}
Logger::getInstance()->message("Ready to migrate");
@ -49,8 +49,8 @@ $start_time = time();
Logger::getInstance()->message("Starting accounts migration");
$query = "SELECT ac.id, ac.login, ac.password, ac.activated, ac.email, ac.confirmation_key, ac.ip_address, ac.date_last_update, ac.user_agent, ac.firstname, ac.name, ac.gender, ac.subscribe, al.alias FROM "
. ACCOUNTS_DB_TABLE . " ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id";
$query = "SELECT ac.id, ac.login, ac.password, ac.activated, ac.email, ac.confirmation_key, ac.ip_address, ac.date_last_update, ac.user_agent, ac.firstname, ac.name, ac.gender, ac.subscribe, al.alias FROM "
. ACCOUNTS_DB_TABLE . " ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id";
$old_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$old_db->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, false); // For large sets this is mandatory
$stmt = $old_db->prepare($query);
@ -62,80 +62,80 @@ $password_created_count = 0;
$alias_created_count = 0;
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$accounts_to_migrate_count += 1;
extract($row);
$accounts_to_migrate_count += 1;
extract($row);
$account = new Account($db);
$account->username = $login;
$account->domain = SIP_DOMAIN;
$account->email = $email;
$account->activated = $activated;
$account->confirmation_key = $confirmation_key;
$account->ip_address = $ip_address;
$account->user_agent = $user_agent;
$account->creation_time = $date_last_update;
$account->expire_time = null;
$account = new Account($db);
$account->username = $login;
$account->domain = SIP_DOMAIN;
$account->email = $email;
$account->activated = $activated;
$account->confirmation_key = $confirmation_key;
$account->ip_address = $ip_address;
$account->user_agent = $user_agent;
$account->creation_time = $date_last_update;
$account->expire_time = null;
if ($account->getOne()) {
// If an account as multiple aliases we will go here
if (!empty($alias)) {
$al = new Alias($db);
$al->account_id = $account->id;
$al->alias = $alias;
$al->domain = $account->domain;
if ($account->getOne()) {
// If an account as multiple aliases we will go here
if (!empty($alias)) {
$al = new Alias($db);
$al->account_id = $account->id;
$al->alias = $alias;
$al->domain = $account->domain;
if (!$al->create()) {
Logger::getInstance()->error("Failed to create alias !");
} else {
$alias_created_count += 1;
}
}
} else {
if ($account->create()) {
$account_created_count += 1;
if (!$al->create()) {
Logger::getInstance()->error("Failed to create alias !");
} else {
$alias_created_count += 1;
}
}
} else {
if ($account->create()) {
$account_created_count += 1;
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info->firstname = $firstname;
$user_info->lastname = $name;
$user_info->gender = $gender;
$user_info->subscribe = $subscribe;
if (!$user_info->create()) {
Logger::getInstance()->error("Failed to create user_info !");
}
$pwd = new Password($db);
$pwd->account_id = $account->id;
$pwd->algorithm = 'MD5';
$pwd->password = $password;
if (!$pwd->create()) {
Logger::getInstance()->error("Failed to create password !");
} else {
$password_created_count += 1;
}
if (!empty($alias)) {
$al = new Alias($db);
$al->account_id = $account->id;
$al->alias = $alias;
$al->domain = $account->domain;
if (!$al->create()) {
Logger::getInstance()->error("Failed to create alias !");
} else {
$alias_created_count += 1;
}
}
} else {
Logger::getInstance()->error("Failed to create account !");
}
}
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info->firstname = $firstname;
$user_info->lastname = $name;
$user_info->gender = $gender;
$user_info->subscribe = $subscribe;
if (!$user_info->create()) {
Logger::getInstance()->error("Failed to create user_info !");
}
$pwd = new Password($db);
$pwd->account_id = $account->id;
$pwd->algorithm = 'MD5';
$pwd->password = $password;
if (!$pwd->create()) {
Logger::getInstance()->error("Failed to create password !");
} else {
$password_created_count += 1;
}
if (!empty($alias)) {
$al = new Alias($db);
$al->account_id = $account->id;
$al->alias = $alias;
$al->domain = $account->domain;
if (!$al->create()) {
Logger::getInstance()->error("Failed to create alias !");
} else {
$alias_created_count += 1;
}
}
} else {
Logger::getInstance()->error("Failed to create account !");
}
}
}
Logger::getInstance()->message("Accounts migration done");
Logger::getInstance()->message($accounts_to_migrate_count . " were to migrate, " . $account_created_count . " were succesfully created including "
. $password_created_count . " passwords and " . $alias_created_count . " aliases");
Logger::getInstance()->message($accounts_to_migrate_count . " were to migrate, " . $account_created_count . " were succesfully created including "
. $password_created_count . " passwords and " . $alias_created_count . " aliases");
/* **************************************************** */
@ -148,19 +148,19 @@ $sms_to_migrate_count = 0;
$sms_created_count = 0;
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$sms_to_migrate_count += 1;
extract($row);
$sms_to_migrate_count += 1;
extract($row);
$sms = new SMS($db);
$sms->phone = $phone;
$sms->last_sms = $last_sms;
$sms->count = $count;
$sms = new SMS($db);
$sms->phone = $phone;
$sms->last_sms = $last_sms;
$sms->count = $count;
if (!$sms->create()) {
Logger::getInstance()->error("Failed to create sms !");
} else {
$sms_created_count += 1;
}
if (!$sms->create()) {
Logger::getInstance()->error("Failed to create sms !");
} else {
$sms_created_count += 1;
}
}
Logger::getInstance()->message("SMS migration done");
@ -177,21 +177,21 @@ $devices_to_migrate_count = 0;
$devices_created_count = 0;
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$devices_to_migrate_count += 1;
extract($row);
$devices_to_migrate_count += 1;
extract($row);
$device = new Device($db);
$device->manufacturer = $manufacturer;
$device->model = $model;
$device->status = $status;
$device->delay = $delay;
$device->hardware_echo_canceller = $hardware_echo_canceller;
$device = new Device($db);
$device->manufacturer = $manufacturer;
$device->model = $model;
$device->status = $status;
$device->delay = $delay;
$device->hardware_echo_canceller = $hardware_echo_canceller;
if (!$device->create()) {
Logger::getInstance()->error("Failed to create device !");
} else {
$devices_created_count += 1;
}
if (!$device->create()) {
Logger::getInstance()->error("Failed to create device !");
} else {
$devices_created_count += 1;
}
}
Logger::getInstance()->message("Devices migration done");

247
src/xmlrpc/accounts.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -33,151 +33,154 @@ include_once __DIR__ . '/accounts_phone.php';
include_once __DIR__ . '/../misc/results_values.php';
// args = [username, [domain]]
function xmlrpc_is_account_used($method, $args) {
$user = $args[0];
$domain = get_domain($args[1]);
function xmlrpc_is_account_used($method, $args)
{
$user = $args[0];
$domain = get_domain($args[1]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_used(" . $user . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_used(" . $user . ", " . $domain . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if ($account->getOne()) {
return OK;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$alias = new Alias($db);
$alias->alias = $user;
$alias->domain = $domain;
if ($account->getOne()) {
return OK;
}
if ($alias->getOne()) {
return OK;
}
$alias = new Alias($db);
$alias->alias = $user;
$alias->domain = $domain;
return NOK;
if ($alias->getOne()) {
return OK;
}
return NOK;
}
// args = [username, [domain]]
function xmlrpc_is_account_activated($method, $args) {
$user = $args[0];
$domain = get_domain($args[1]);
function xmlrpc_is_account_activated($method, $args)
{
$user = $args[0];
$domain = get_domain($args[1]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_activated(" . $user . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_activated(" . $user . ", " . $domain . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
$alias = new Alias($db);
$alias->alias = $user;
$alias->domain = $domain;
if (!$account->getOne()) {
$alias = new Alias($db);
$alias->alias = $user;
$alias->domain = $domain;
if ($alias->getOne()) {
$account->id = $alias->account_id;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
} else {
return ACCOUNT_NOT_FOUND;
}
}
if ($alias->getOne()) {
$account->id = $alias->account_id;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
} else {
return ACCOUNT_NOT_FOUND;
}
}
Logger::getInstance()->message("Account activation status is " . $account->activated);
if (is_activated($account->activated)) {
return OK;
}
Logger::getInstance()->message("Account activation status is " . $account->activated);
if (is_activated($account->activated)) {
return OK;
}
return NOK;
return NOK;
}
// args = [username, key, [domain], [algo]]
function xmlrpc_recover_account_from_confirmation_key($method, $args) {
$username = $args[0];
$key = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
function xmlrpc_recover_account_from_confirmation_key($method, $args)
{
$username = $args[0];
$key = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_account_from_confirmation_key(" . $username . ", " . $domain . ", " . $key . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_account_from_confirmation_key(" . $username . ", " . $domain . ", " . $key . ", " . $algo . ")");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
if (!is_activated($account)) {
$account->activated = "1";
$account->update();
}
if (!is_activated($account)) {
$account->activated = "1";
$account->update();
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if ($password->getOne()) {
$result = array(
"password" => $password->password,
"algorithm" => $password->algorithm
);
return $result;
}
if ($password->getOne()) {
$result = array(
"password" => $password->password,
"algorithm" => $password->algorithm
);
return $result;
}
// If not found, try without algo
$password2 = new Password($db);
$password2->account_id = $account->id;
// If not found, try without algo
$password2 = new Password($db);
$password2->account_id = $account->id;
if ($password2->getOne()) {
$result = array(
"password" => $password2->password,
"algorithm" => $password2->algorithm
);
return $result;
}
if ($password2->getOne()) {
$result = array(
"password" => $password2->password,
"algorithm" => $password2->algorithm
);
return $result;
}
return PASSWORD_NOT_FOUND;
return PASSWORD_NOT_FOUND;
}
// args = []
function xmlrpc_get_accounts_count($method, $args) {
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_accounts_count()");
function xmlrpc_get_accounts_count($method, $args)
{
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_accounts_count()");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
return $account->getCount();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
return $account->getCount();
}
function xmlrpc_accounts_register_methods($server) {
xmlrpc_server_register_method($server, 'is_account_used', 'xmlrpc_is_account_used');// args = [username, [domain]], return OK or NOK
xmlrpc_server_register_method($server, 'is_account_activated', 'xmlrpc_is_account_activated');// args = [username, [domain]], return OK or NOK
xmlrpc_server_register_method($server, 'recover_account_from_confirmation_key', 'xmlrpc_recover_account_from_confirmation_key');// args = [username, key, [domain], [algo]]
function xmlrpc_accounts_register_methods($server)
{
xmlrpc_server_register_method($server, 'is_account_used', 'xmlrpc_is_account_used');// args = [username, [domain]], return OK or NOK
xmlrpc_server_register_method($server, 'is_account_activated', 'xmlrpc_is_account_activated');// args = [username, [domain]], return OK or NOK
xmlrpc_server_register_method($server, 'recover_account_from_confirmation_key', 'xmlrpc_recover_account_from_confirmation_key');// args = [username, key, [domain], [algo]]
xmlrpc_server_register_method($server, 'get_accounts_count', 'xmlrpc_get_accounts_count');//args = []
xmlrpc_server_register_method($server, 'get_accounts_count', 'xmlrpc_get_accounts_count');//args = []
xmlrpc_accounts_email_register_methods($server);
xmlrpc_accounts_phone_register_methods($server);
xmlrpc_accounts_email_register_methods($server);
xmlrpc_accounts_phone_register_methods($server);
}
?>

613
src/xmlrpc/accounts_email.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -30,380 +30,385 @@ include_once __DIR__ . '/../misc/user_info.php';
include_once __DIR__ . '/../misc/results_values.php';
// args = [username, email, [hash], useragent, [domain], [algo]]
function xmlrpc_create_email_account($method, $args) {
$user = $args[0];
$email = $args[1];
$hashed_password = $args[2];
$user_agent = $args[3];
$domain = get_domain($args[4]);
$algo = get_algo($args[5]);
function xmlrpc_create_email_account($method, $args)
{
$user = $args[0];
$email = $args[1];
$hashed_password = $args[2];
$user_agent = $args[3];
$domain = get_domain($args[4]);
$algo = get_algo($args[5]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_account(" . $user . ", " . $domain . ", " . $email . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_account(" . $user . ", " . $domain . ", " . $email . ", " . $algo . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!check_parameter($email, "email")) {
return MISSING_EMAIL_PARAM;
} else if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!check_parameter($email, "email")) {
return MISSING_EMAIL_PARAM;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if ($account->getOne()) {
return USERNAME_TAKEN;
}
if ($account->getOne()) {
return USERNAME_TAKEN;
}
if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) {
$email_account = new Account($db);
$email_account->email = $email;
if ($email_account->getOne()) {
return EMAIL_TAKEN;
}
}
if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) {
$email_account = new Account($db);
$email_account->email = $email;
if ($email_account->getOne()) {
return EMAIL_TAKEN;
}
}
if (GENERATE_PASSWORD_ENABLED) {
$hashed_password = hash_password($user, generate_password(), $domain, $algo);
}
if (GENERATE_PASSWORD_ENABLED) {
$hashed_password = hash_password($user, generate_password(), $domain, $algo);
}
$account->confirmation_key = uniqid();
$account->email = $email;
$account->user_agent = $user_agent;
$account->ip_address = getIp();
$account->confirmation_key = uniqid();
$account->email = $email;
$account->user_agent = $user_agent;
$account->ip_address = getIp();
$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
$account->create();
$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
$account->create();
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
$password->algorithm = $algo;
$password->create();
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
$password->algorithm = $algo;
$password->create();
if (CUSTOM_HOOKS) {
hook_on_account_created($account);
}
if (CUSTOM_HOOKS) {
hook_on_account_created($account);
}
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_activation_link($email, $account->confirmation_key, $account->username, $algo);
} else if (AUTO_ACTIVATE_ACCOUNT) {
//TODO
/*if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);
}*/
}
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_activation_link($email, $account->confirmation_key, $account->username, $algo);
} elseif (AUTO_ACTIVATE_ACCOUNT) {
//TODO
/*if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);
}*/
}
// args = [username, email, [hash], useragent, [domain], [algo]]
// args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
//need username + domain
// args = [username, email, [hash], useragent, [domain], [algo]]
// args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
//need username + domain
//We call this function to set the geoloc if enabled
if (ENABLE_NEW_ACCOUNTS_GEOLOC){
return update_account_user_info($account->username, $hashed_password, NULL, NULL, "unknown", '0', $account->domain, $algo);
}
//We call this function to set the geoloc if enabled
if (ENABLE_NEW_ACCOUNTS_GEOLOC) {
return update_account_user_info($account->username, $hashed_password, null, null, "unknown", '0', $account->domain, $algo);
}
return OK;
return OK;
}
// args = [username, email, md5_hash, sha256_hash, useragent, [domain]], return OK
function xmlrpc_create_email_md5_sha256_account($method, $args) {
$user = $args[0];
$email = $args[1];
$md5_hash = $args[2];
$sha256_hash = $args[3];
$user_agent = $args[4];
$domain = get_domain($args[5]);
function xmlrpc_create_email_md5_sha256_account($method, $args)
{
$user = $args[0];
$email = $args[1];
$md5_hash = $args[2];
$sha256_hash = $args[3];
$user_agent = $args[4];
$domain = get_domain($args[5]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_md5_sha256_account(" . $user . ", " . $domain . ", " . $email . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_md5_sha256_account(" . $user . ", " . $domain . ", " . $email . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!check_parameter($email, "email")) {
return MISSING_EMAIL_PARAM;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!check_parameter($email, "email")) {
return MISSING_EMAIL_PARAM;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if ($account->getOne()) {
return USERNAME_TAKEN;
}
if ($account->getOne()) {
return USERNAME_TAKEN;
}
if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) {
$email_account = new Account($db);
$email_account->email = $email;
if ($email_account->getOne()) {
return EMAIL_TAKEN;
}
}
if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) {
$email_account = new Account($db);
$email_account->email = $email;
if ($email_account->getOne()) {
return EMAIL_TAKEN;
}
}
if (GENERATE_PASSWORD_ENABLED) {
$pwd = generate_password();
$md5_hash = hash_password($user, $pwd, $domain, MD5);
$sha256_hash = hash_password($user, $pwd, $domain, SHA256);
}
if (GENERATE_PASSWORD_ENABLED) {
$pwd = generate_password();
$md5_hash = hash_password($user, $pwd, $domain, MD5);
$sha256_hash = hash_password($user, $pwd, $domain, SHA256);
}
$account->confirmation_key = uniqid();
$account->email = $email;
$account->user_agent = $user_agent;
$account->ip_address = getIp();
$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
$account->create();
$account->confirmation_key = uniqid();
$account->email = $email;
$account->user_agent = $user_agent;
$account->ip_address = getIp();
$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
$account->create();
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->password = $md5_hash;
$md5_password->algorithm = MD5;
$md5_password->create();
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->password = $md5_hash;
$md5_password->algorithm = MD5;
$md5_password->create();
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->password = $sha256_hash;
$sha256_password->algorithm = SHA256;
$sha256_password->create();
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->password = $sha256_hash;
$sha256_password->algorithm = SHA256;
$sha256_password->create();
if (CUSTOM_HOOKS) {
hook_on_account_created($account);
}
if (CUSTOM_HOOKS) {
hook_on_account_created($account);
}
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_activation_link($email, $account->confirmation_key, $account->username, SHA256);
} else if (AUTO_ACTIVATE_ACCOUNT) {
//TODO
/*if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);
}*/
}
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_activation_link($email, $account->confirmation_key, $account->username, SHA256);
} elseif (AUTO_ACTIVATE_ACCOUNT) {
//TODO
/*if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);
}*/
}
//We call this function to set the geoloc if enabled
// args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
//need username + domain
if (ENABLE_NEW_ACCOUNTS_GEOLOC){
return update_account_user_info($account->username, $md5_hash, NULL, NULL, "unknown", '0', $account->domain, MD5);
}
return OK;
//We call this function to set the geoloc if enabled
// args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
//need username + domain
if (ENABLE_NEW_ACCOUNTS_GEOLOC) {
return update_account_user_info($account->username, $md5_hash, null, null, "unknown", '0', $account->domain, MD5);
}
return OK;
}
// args = [username, key, [domain], [algo]]
function xmlrpc_activate_email_account($method, $args) {
$user = $args[0];
$key = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
function xmlrpc_activate_email_account($method, $args)
{
$user = $args[0];
$key = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_account(" . $user . ", " . $domain . ", " . $key . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_account(" . $user . ", " . $domain . ", " . $key . ", " . $algo . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
} else if ($account->activated != "0") {
return ACCOUNT_ALREADY_ACTIVATED;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
} elseif ($account->activated != "0") {
return ACCOUNT_ALREADY_ACTIVATED;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
$account->activated = "1";
$account->update();
$account->activated = "1";
$account->update();
$expiration = NULL;
// TODO
/*if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);
}*/
$expiration = null;
// TODO
/*if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);
}*/
if (CUSTOM_HOOKS) {
hook_on_account_activated($account);
}
if (CUSTOM_HOOKS) {
hook_on_account_activated($account);
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if ($password->getOne()) {
return $password->password;
}
if ($password->getOne()) {
return $password->password;
}
return PASSWORD_NOT_FOUND;
return PASSWORD_NOT_FOUND;
}
// args = [username, email, [domain]]
function xmlrpc_recover_email_account($method, $args) {
$username = $args[0];
$email = $args[1];
$domain = get_domain($args[2]);
function xmlrpc_recover_email_account($method, $args)
{
$username = $args[0];
$email = $args[1];
$domain = get_domain($args[2]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_email_account(" . $username . ", " . $email . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_email_account(" . $username . ", " . $email . ", " . $domain . ")");
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (strcasecmp($email, $account->email) != 0) { // Email case insensitive compare
return EMAIL_DOESNT_MATCH;
}
if (strcasecmp($email, $account->email) != 0) { // Email case insensitive compare
return EMAIL_DOESNT_MATCH;
}
$account->confirmation_key = uniqid();
$account->update();
$account->confirmation_key = uniqid();
$account->update();
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_recover_key($email, $account->confirmation_key);
}
if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
send_email_with_recover_key($email, $account->confirmation_key);
}
return OK;
return OK;
}
// args = [username, password, new email, [domain], [algo]]
function xmlrpc_update_email($method, $args) {
$user = $args[0];
$pwd = $args[1];
$new_email = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
function xmlrpc_update_email($method, $args)
{
$user = $args[0];
$pwd = $args[1];
$new_email = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_email(" . $user . ", " . $domain . ", " . $new_email . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_email(" . $user . ", " . $domain . ", " . $new_email . ", " . $algo . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
$hashed_old_password = hash_password($user, $pwd, $domain, $algo);
if (!password_match($password->password, $hashed_old_password)) {
return PASSWORD_DOESNT_MATCH;
}
$hashed_old_password = hash_password($user, $pwd, $domain, $algo);
if (!password_match($password->password, $hashed_old_password)) {
return PASSWORD_DOESNT_MATCH;
}
if ($account->email == $new_email) {
Logger::getInstance()->warning("New email same as previous one");
return EMAIL_UNCHANGED;
}
if ($account->email == $new_email) {
Logger::getInstance()->warning("New email same as previous one");
return EMAIL_UNCHANGED;
}
if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) {
$email_account = new Account($db);
$email_account->email = $email;
if ($email_account->getOne()) {
return EMAIL_TAKEN;
}
}
if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) {
$email_account = new Account($db);
$email_account->email = $email;
if ($email_account->getOne()) {
return EMAIL_TAKEN;
}
}
$account->email = $new_email;
if ($account->update()) {
Logger::getInstance()->message("Email updated successfully");
return OK;
}
$account->email = $new_email;
if ($account->update()) {
Logger::getInstance()->message("Email updated successfully");
return OK;
}
return NOK;
return NOK;
}
// args = [username, email, ha1, [domain], [algo]]
function xmlrpc_delete_email_account($method, $args) {
$username = $args[0];
$email = $args[1];
$ha1 = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
function xmlrpc_delete_email_account($method, $args)
{
$username = $args[0];
$email = $args[1];
$ha1 = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_email_account(" . $username . ", " . $email . ", " . $domain . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_email_account(" . $username . ", " . $email . ", " . $domain . ", " . $algo . ")");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if ($email != $account->email) {
return EMAIL_DOESNT_MATCH;
}
if ($email != $account->email) {
return EMAIL_DOESNT_MATCH;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if ($ha1 != $password->password) {
return PASSWORD_DOESNT_MATCH;
}
if ($ha1 != $password->password) {
return PASSWORD_DOESNT_MATCH;
}
if ($account->delete()) {
if ($password->delete()) {
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias->delete();
if ($account->delete()) {
if ($password->delete()) {
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias->delete();
$userinfo = new UserInfo($db);
$userinfo->account_id = $account->id;
$userinfo->delete();
$userinfo = new UserInfo($db);
$userinfo->account_id = $account->id;
$userinfo->delete();
return OK;
}
}
return OK;
}
}
return NOK;
return NOK;
}
function xmlrpc_accounts_email_register_methods($server) {
xmlrpc_server_register_method($server, 'create_email_account', 'xmlrpc_create_email_account');// args = [username, email, [hash], useragent, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'create_email_md5_sha256_account', 'xmlrpc_create_email_md5_sha256_account');// args = [username, email, md5_hash, sha256_hash, useragent, [domain]], return OK
xmlrpc_server_register_method($server, 'activate_email_account', 'xmlrpc_activate_email_account');// args = [username, key, [domain], [algo]], return ha1_password
xmlrpc_server_register_method($server, 'recover_email_account', 'xmlrpc_recover_email_account');// args = [username, email, [domain]], return OK
xmlrpc_server_register_method($server, 'update_email', 'xmlrpc_update_email');// args = [username, password, new email, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'delete_email_account', 'xmlrpc_delete_email_account');// args = [username, email, ha1, [domain], [algo]]
function xmlrpc_accounts_email_register_methods($server)
{
xmlrpc_server_register_method($server, 'create_email_account', 'xmlrpc_create_email_account');// args = [username, email, [hash], useragent, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'create_email_md5_sha256_account', 'xmlrpc_create_email_md5_sha256_account');// args = [username, email, md5_hash, sha256_hash, useragent, [domain]], return OK
xmlrpc_server_register_method($server, 'activate_email_account', 'xmlrpc_activate_email_account');// args = [username, key, [domain], [algo]], return ha1_password
xmlrpc_server_register_method($server, 'recover_email_account', 'xmlrpc_recover_email_account');// args = [username, email, [domain]], return OK
xmlrpc_server_register_method($server, 'update_email', 'xmlrpc_update_email');// args = [username, password, new email, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'delete_email_account', 'xmlrpc_delete_email_account');// args = [username, email, ha1, [domain], [algo]]
}
?>

605
src/xmlrpc/accounts_phone.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -32,380 +32,385 @@ include_once __DIR__ . '/../misc/user_info.php';
include_once __DIR__ . '/../misc/results_values.php';
// args = [phone, [username], [password], useragent, [domain], [lang], [algo]]
function xmlrpc_create_phone_account($method, $args) {
$phone = $args[0];
$user = $args[1];
$hashed_password = $args[2];
$user_agent = $args[3];
$domain = get_domain($args[4]);
$lang = get_lang($args[5]);
$algo = get_algo($args[6]);
function xmlrpc_create_phone_account($method, $args)
{
$phone = $args[0];
$user = $args[1];
$hashed_password = $args[2];
$user_agent = $args[3];
$domain = get_domain($args[4]);
$lang = get_lang($args[5]);
$algo = get_algo($args[6]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_create_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_create_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ", " . $algo . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!startswith($phone, "+")) {
Logger::getInstance()->error("Phone doesn't start by +");
return PHONE_NOT_E164;
} else if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!startswith($phone, "+")) {
Logger::getInstance()->error("Phone doesn't start by +");
return PHONE_NOT_E164;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($user)) {
$user = $phone;
}
if (!check_parameter($user)) {
$user = $phone;
}
$recover_params = array(
0 => $phone,
1 => $domain,
2 => $lang,
);
$recover_params = array(
0 => $phone,
1 => $domain,
2 => $lang,
);
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
if ($account->getOne()) {
if (RECOVER_ACCOUNT_IF_EXISTS) {
$recovered_user = xmlrpc_recover_phone_account($method, $recover_params);
if ($recovered_user == $user) {
return OK;
}
if ($account->getOne()) {
if (RECOVER_ACCOUNT_IF_EXISTS) {
$recovered_user = xmlrpc_recover_phone_account($method, $recover_params);
if ($recovered_user == $user) {
return OK;
}
return ACCOUNT_RECOVERY_IMPOSSIBLE;
}
return ACCOUNT_RECOVERY_IMPOSSIBLE;
}
return USERNAME_TAKEN;
} else if ($alias->getOne()) {
if (RECOVER_ACCOUNT_IF_EXISTS) {
$recovered_user = xmlrpc_recover_phone_account($method, $recover_params);
if ($recovered_user == $user) {
return OK;
}
return USERNAME_TAKEN;
} elseif ($alias->getOne()) {
if (RECOVER_ACCOUNT_IF_EXISTS) {
$recovered_user = xmlrpc_recover_phone_account($method, $recover_params);
if ($recovered_user == $user) {
return OK;
}
return ACCOUNT_RECOVERY_IMPOSSIBLE;
}
return ACCOUNT_RECOVERY_IMPOSSIBLE;
}
return PHONE_TAKEN;
}
return PHONE_TAKEN;
}
$pwd = $hashed_password;
if (!check_parameter($hashed_password, "hashed password")) {
$pwd = generate_password();
$hashed_password = hash_password($user, $pwd, $domain, $algo);
}
$pwd = $hashed_password;
if (!check_parameter($hashed_password, "hashed password")) {
$pwd = generate_password();
$hashed_password = hash_password($user, $pwd, $domain, $algo);
}
$account->confirmation_key = generate_4_digits_code();
$account->user_agent = $user_agent;
$account->ip_address = getIp();
$account->confirmation_key = generate_4_digits_code();
$account->user_agent = $user_agent;
$account->ip_address = getIp();
$account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0";
$account->create();
$account->create();
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
$password->algorithm = $algo;
$password->create();
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
$password->algorithm = $algo;
$password->create();
if (CUSTOM_HOOKS) {
hook_on_account_created($account);
}
if (CUSTOM_HOOKS) {
hook_on_account_created($account);
}
if (SEND_ACTIVATION_SMS) {
if (!SMS_API_ENABLED) {
// This is a hack to allow testing without sending SMS
return OK;
}
$ok = send_sms($phone, $account->confirmation_key, $lang);
return $ok;
} else if (AUTO_ACTIVATE_ACCOUNT) {
if (USE_IN_APP_PURCHASES) {
//TODO
/*$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);*/
}
}
if (SEND_ACTIVATION_SMS) {
if (!SMS_API_ENABLED) {
// This is a hack to allow testing without sending SMS
return OK;
}
$ok = send_sms($phone, $account->confirmation_key, $lang);
return $ok;
} elseif (AUTO_ACTIVATE_ACCOUNT) {
if (USE_IN_APP_PURCHASES) {
//TODO
/*$expiration = get_trial_expiration_date();
db_inapp_add_account($user, $domain, $expiration);*/
}
}
//We call this function to set the geoloc if enabled
// args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
//need username + domain
if (ENABLE_NEW_ACCOUNTS_GEOLOC){
return update_account_user_info($account->username, $hashed_password, NULL, NULL, "unknown", '0', $account->domain, $algo);
}
//We call this function to set the geoloc if enabled
// args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
//need username + domain
if (ENABLE_NEW_ACCOUNTS_GEOLOC) {
return update_account_user_info($account->username, $hashed_password, null, null, "unknown", '0', $account->domain, $algo);
}
return OK;
return OK;
}
// args = [phone, username, key, [domain], [algo]]
function xmlrpc_activate_phone_account($method, $args) {
$phone = $args[0];
$user = $args[1];
$key = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
function xmlrpc_activate_phone_account($method, $args)
{
$phone = $args[0];
$user = $args[1];
$key = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!startswith($phone, "+")) {
Logger::getInstance()->error("Phone doesn't start by +");
return PHONE_NOT_E164;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!startswith($phone, "+")) {
Logger::getInstance()->error("Phone doesn't start by +");
return PHONE_NOT_E164;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
// If this is a recovery, account is already activated, don't go through the following again
if (!is_activated($account->activated)) {
$expiration = NULL;
$account->activated = "1";
$account->update();
// If this is a recovery, account is already activated, don't go through the following again
if (!is_activated($account->activated)) {
$expiration = null;
$account->activated = "1";
$account->update();
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias->alias = $phone;
$alias->domain = $account->domain;
$alias->create();
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias->alias = $phone;
$alias->domain = $account->domain;
$alias->create();
if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
//db_inapp_add_account($user, $domain, $expiration);
//TODO
}
if (USE_IN_APP_PURCHASES) {
$expiration = get_trial_expiration_date();
//db_inapp_add_account($user, $domain, $expiration);
//TODO
}
if (CUSTOM_HOOKS) {
hook_on_account_activated($account);
}
}
if (CUSTOM_HOOKS) {
hook_on_account_activated($account);
}
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if ($password->getOne()) {
return $password->password;
}
if ($password->getOne()) {
return $password->password;
}
return PASSWORD_NOT_FOUND;
}
// args = [phone, [domain], [lang]]
function xmlrpc_recover_phone_account($method, $args) {
// Is this function overloaded
if (XMLRPC_RECOVER_PHONE_ACCOUNT_OVERLOAD === TRUE) {
return xmlrpc_recover_phone_account_overload($method, $args);
}
function xmlrpc_recover_phone_account($method, $args)
{
// Is this function overloaded
if (XMLRPC_RECOVER_PHONE_ACCOUNT_OVERLOAD === true) {
return xmlrpc_recover_phone_account_overload($method, $args);
}
$phone = $args[0];
$domain = get_domain($args[1]);
$lang = get_lang($args[2]);
$phone = $args[0];
$domain = get_domain($args[1]);
$lang = get_lang($args[2]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_phone_account(" . $phone . ", " . $domain . ", " . $lang . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_phone_account(" . $phone . ", " . $domain . ", " . $lang . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $phone;
$account->domain = $domain;
$account = new Account($db);
$account->username = $phone;
$account->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
if (!$account->getOne()) {
if ($alias->getOne()) {
$account->id = $alias->account_id;
// This time the search will be done on the id instead of couple username / domain
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
} else {
return ACCOUNT_NOT_FOUND;
}
}
if (!$account->getOne()) {
if ($alias->getOne()) {
$account->id = $alias->account_id;
// This time the search will be done on the id instead of couple username / domain
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
} else {
return ACCOUNT_NOT_FOUND;
}
}
if (SEND_ACTIVATION_SMS) {
$account->confirmation_key = generate_4_digits_code();
$account->update();
if (SEND_ACTIVATION_SMS) {
$account->confirmation_key = generate_4_digits_code();
$account->update();
if (!SMS_API_ENABLED) {
// This is a hack to allow testing without sending SMS
return $account->username;
}
$ok = send_sms($phone, $account->confirmation_key, $lang);
if ($ok != OK) {
return $ok;
}
}
if (!SMS_API_ENABLED) {
// This is a hack to allow testing without sending SMS
return $account->username;
}
$ok = send_sms($phone, $account->confirmation_key, $lang);
if ($ok != OK) {
return $ok;
}
}
return $account->username;
return $account->username;
}
// args = [username, phone, ha1, [domain], [algo]]
function xmlrpc_delete_phone_account($method, $args) {
$username = $args[0];
$phone = $args[1];
$ha1 = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
function xmlrpc_delete_phone_account($method, $args)
{
$username = $args[0];
$phone = $args[1];
$ha1 = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_phone_account(" . $username . ", " . $phone . ", " . $domain . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_phone_account(" . $username . ", " . $phone . ", " . $domain . ", " . $algo . ")");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if ($phone != $username && $phone != $account->alias) {
return ALIAS_DOESNT_MATCH;
}
if ($phone != $username && $phone != $account->alias) {
return ALIAS_DOESNT_MATCH;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if ($ha1 != $password->password) {
return PASSWORD_DOESNT_MATCH;
}
if ($ha1 != $password->password) {
return PASSWORD_DOESNT_MATCH;
}
if ($account->delete()) {
if ($password->delete()) {
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias->delete();
if ($account->delete()) {
if ($password->delete()) {
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias->delete();
$userinfo = new UserInfo($db);
$userinfo->account_id = $account->id;
$userinfo->delete();
$userinfo = new UserInfo($db);
$userinfo->account_id = $account->id;
$userinfo->delete();
return OK;
}
}
return OK;
}
}
return NOK;
return NOK;
}
// args = [phone, [domain]]
function xmlrpc_is_phone_number_used($method, $args) {
$phone = $args[0];
$domain = get_domain($args[1]);
function xmlrpc_is_phone_number_used($method, $args)
{
$phone = $args[0];
$domain = get_domain($args[1]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_phone_number_used(" . $phone . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_phone_number_used(" . $phone . ", " . $domain . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
if ($alias->getOne()) {
return OK_ALIAS;
}
if ($alias->getOne()) {
return OK_ALIAS;
}
$account = new Account($db);
$account->username = $phone;
$account->domain = $domain;
$account = new Account($db);
$account->username = $phone;
$account->domain = $domain;
if ($account->getOne()) {
return OK_ACCOUNT;
}
if ($account->getOne()) {
return OK_ACCOUNT;
}
return NOK;
return NOK;
}
// args = [username, [domain]]
function xmlrpc_get_phone_number_for_account($method, $args) {
$user = $args[0];
$domain = get_domain($args[1]);
function xmlrpc_get_phone_number_for_account($method, $args)
{
$user = $args[0];
$domain = get_domain($args[1]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_number_for_account(" . $user . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_number_for_account(" . $user . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
$alias = new Alias($db);
$alias->alias = $user;
$alias->domain = $domain;
if (!$account->getOne()) {
$alias = new Alias($db);
$alias->alias = $user;
$alias->domain = $domain;
if ($alias->getOne()) {
return $user;
}
if ($alias->getOne()) {
return $user;
}
return ACCOUNT_NOT_FOUND;
}
return ACCOUNT_NOT_FOUND;
}
$phone = $account->alias;
if ($phone == NULL) {
return ALIAS_NOT_FOUND;
}
$phone = $account->alias;
if ($phone == null) {
return ALIAS_NOT_FOUND;
}
if (RECOVER_ACCOUNT_IF_EXISTS) {
return ACCOUNT_NOT_FOUND;
}
if (RECOVER_ACCOUNT_IF_EXISTS) {
return ACCOUNT_NOT_FOUND;
}
return $phone;
return $phone;
}
function xmlrpc_accounts_phone_register_methods($server) {
xmlrpc_server_register_method($server, 'create_phone_account', 'xmlrpc_create_phone_account');// args = [phone, [username], [password], useragent, [domain], [lang], [algo]], return OK
xmlrpc_server_register_method($server, 'activate_phone_account', 'xmlrpc_activate_phone_account');// args = [phone, username, key, [domain], [algo]], return ha1_password
xmlrpc_server_register_method($server, 'recover_phone_account', 'xmlrpc_recover_phone_account');// args = [phone, [domain], [lang]], return username
xmlrpc_server_register_method($server, 'delete_phone_account', 'xmlrpc_delete_phone_account');// args = [username, phone, ha1, [domain], [algo]]
function xmlrpc_accounts_phone_register_methods($server)
{
xmlrpc_server_register_method($server, 'create_phone_account', 'xmlrpc_create_phone_account');// args = [phone, [username], [password], useragent, [domain], [lang], [algo]], return OK
xmlrpc_server_register_method($server, 'activate_phone_account', 'xmlrpc_activate_phone_account');// args = [phone, username, key, [domain], [algo]], return ha1_password
xmlrpc_server_register_method($server, 'recover_phone_account', 'xmlrpc_recover_phone_account');// args = [phone, [domain], [lang]], return username
xmlrpc_server_register_method($server, 'delete_phone_account', 'xmlrpc_delete_phone_account');// args = [username, phone, ha1, [domain], [algo]]
xmlrpc_server_register_method($server, 'is_phone_number_used', 'xmlrpc_is_phone_number_used');// args = [phone], return OK_ACCOUNT, OK_ALIAS or NOK
xmlrpc_server_register_method($server, 'get_phone_number_for_account', 'xmlrpc_get_phone_number_for_account');// args = [username, [domain]], return a phone number or an error
xmlrpc_server_register_method($server, 'is_phone_number_used', 'xmlrpc_is_phone_number_used');// args = [phone], return OK_ACCOUNT, OK_ALIAS or NOK
xmlrpc_server_register_method($server, 'get_phone_number_for_account', 'xmlrpc_get_phone_number_for_account');// args = [username, [domain]], return a phone number or an error
}
?>

289
src/xmlrpc/aliases.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -29,173 +29,176 @@ include_once __DIR__ . '/../misc/utilities.php';
include_once __DIR__ . '/../misc/results_values.php';
// args = [phone, [domain]]
function xmlrpc_is_alias_used($method, $args) {
$phone = $args[0];
$domain = get_domain($args[1]);
function xmlrpc_is_alias_used($method, $args)
{
$phone = $args[0];
$domain = get_domain($args[1]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_alias_used(" . $phone . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_is_alias_used(" . $phone . ", " . $domain . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
$database = new Database();
$db = $database->getConnection();
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
if (!$alias->getOne()) {
return ALIAS_NOT_FOUND;
}
if (!$alias->getOne()) {
return ALIAS_NOT_FOUND;
}
return OK;
return OK;
}
// args = [phone, account, [domain], [lang]]
function xmlrpc_link_phone_number_with_account($method, $args) {
$phone = $args[0];
$user = $args[1];
$domain = get_domain($args[2]);
$lang = get_lang($args[3]);
function xmlrpc_link_phone_number_with_account($method, $args)
{
$phone = $args[0];
$user = $args[1];
$domain = get_domain($args[2]);
$lang = get_lang($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_link_phone_number_with_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_link_phone_number_with_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ")");
if (!check_parameter($phone)) {
return MISSING_PHONE_PARAM;
} else if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!startswith($phone, "+")) {
return PHONE_NOT_E164;
/*} else if (db_alias_is_in_use($phone, $domain)) {
return PHONE_TAKEN;*/
}
if (!check_parameter($phone)) {
return MISSING_PHONE_PARAM;
} elseif (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!startswith($phone, "+")) {
return PHONE_NOT_E164;
/*} else if (db_alias_is_in_use($phone, $domain)) {
return PHONE_TAKEN;*/
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (SEND_ACTIVATION_SMS) {
if (!SMS_API_ENABLED) {
// This is a hack to allow testing without sending SMS
return OK;
}
$account->confirmation_key = generate_4_digits_code();
$account->update();
$ok = send_sms($phone, $account->confirmation_key, $lang);
return $ok;
}
if (SEND_ACTIVATION_SMS) {
if (!SMS_API_ENABLED) {
// This is a hack to allow testing without sending SMS
return OK;
}
$account->confirmation_key = generate_4_digits_code();
$account->update();
$ok = send_sms($phone, $account->confirmation_key, $lang);
return $ok;
}
return SMS_DISABLED;
return SMS_DISABLED;
}
// args = [phone, user, key, ha1, [domain], [algo]]
function xmlrpc_activate_phone_number_link($method, $args) {
$phone = $args[0];
$user = $args[1];
$key = $args[2];
$ha1 = $args[3];
$domain = get_domain($args[4]);
$algo = get_algo($args[5]);
function xmlrpc_activate_phone_number_link($method, $args)
{
$phone = $args[0];
$user = $args[1];
$key = $args[2];
$ha1 = $args[3];
$domain = get_domain($args[4]);
$algo = get_algo($args[5]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_number_link(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_number_link(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!is_activated($account->activated)) {
return ACCOUNT_NOT_YET_ACTIVATED;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!is_activated($account->activated)) {
return ACCOUNT_NOT_YET_ACTIVATED;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
if (!is_key_matching($key, $account)) {
return KEY_DOESNT_MATCH;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!password_match($password->password, $ha1)) {
return PASSWORD_DOESNT_MATCH;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!password_match($password->password, $ha1)) {
return PASSWORD_DOESNT_MATCH;
}
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
if ($alias->getOne()) {
$alias->account_id = $account->id;
$alias->update();
} else {
$alias->account_id = $account->id;
$alias->create();
}
if ($alias->getOne()) {
$alias->account_id = $account->id;
$alias->update();
} else {
$alias->account_id = $account->id;
$alias->create();
}
return OK;
return OK;
}
// args = [phone, [domain]]
function xmlrpc_get_alias($method, $args) {
$phone = $args[0];
$domain = get_domain($args[1]);
function xmlrpc_get_alias($method, $args)
{
$phone = $args[0];
$domain = get_domain($args[1]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_alias(" . $phone . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_alias(" . $phone . ", " . $domain . ")");
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} else if (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
if (!check_parameter($phone, "phone")) {
return MISSING_PHONE_PARAM;
} elseif (!startswith($phone, "+")) {
return PHONE_NOT_E164;
}
$database = new Database();
$db = $database->getConnection();
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
if (!$alias->getOne()) {
return ALIAS_NOT_FOUND;
}
if (!$alias->getOne()) {
return ALIAS_NOT_FOUND;
}
$account = new Account($db);
$account->id = $alias->account_id;
if ($account->getOne()) {
return $account->username;
}
$account = new Account($db);
$account->id = $alias->account_id;
if ($account->getOne()) {
return $account->username;
}
return ACCOUNT_NOT_FOUND;
return ACCOUNT_NOT_FOUND;
}
function xmlrpc_aliases_register_methods($server) {
xmlrpc_server_register_method($server, 'is_alias_used', 'xmlrpc_is_alias_used');// args = [phone, [domain]], return OK
xmlrpc_server_register_method($server, 'link_phone_number_with_account', 'xmlrpc_link_phone_number_with_account');// args = [phone, account, [domain], [lang]], return OK
xmlrpc_server_register_method($server, 'activate_phone_number_link', 'xmlrpc_activate_phone_number_link');// args = [phone, user, key, ha1, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'get_alias', 'xmlrpc_get_alias');// args = [phone, [domain]], return username
function xmlrpc_aliases_register_methods($server)
{
xmlrpc_server_register_method($server, 'is_alias_used', 'xmlrpc_is_alias_used');// args = [phone, [domain]], return OK
xmlrpc_server_register_method($server, 'link_phone_number_with_account', 'xmlrpc_link_phone_number_with_account');// args = [phone, account, [domain], [lang]], return OK
xmlrpc_server_register_method($server, 'activate_phone_number_link', 'xmlrpc_activate_phone_number_link');// args = [phone, user, key, ha1, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'get_alias', 'xmlrpc_get_alias');// args = [phone, [domain]], return username
}
?>

157
src/xmlrpc/authentication.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -29,81 +29,82 @@ include_once __DIR__ . '/../misc/utilities.php';
// The nonce is built using:
// - timestamp : nonce is valid for MIN_NONCE_VALIDITY_PERIOD seconds at minimum and twice it at maximum (our goal is one time usage anyway, typical value shall be 10 )
// - request content : the response uses only the URI, enforce the content to be the same so the nonce is actually a one time usage
// a replay is not devastating (it would just be an actual replay, not a different command to server)
// a replay is not devastating (it would just be an actual replay, not a different command to server)
// - secret key : avoid an attacker to be able to generate a valid nonce
function auth_get_valid_nonces() {
$request = file_get_contents('php://input');
$time = time();
$time -= $time%MIN_NONCE_VALIDITY_PERIOD; // our nonce will be valid at leat MIN_NONCE_VALIDITY_PERIOD seconds and max twice it, so floor the timestamp
return array(
hash_hmac("sha256", $time.':'.$request, AUTH_NONCE_KEY),
hash_hmac("sha256", $time-MIN_NONCE_VALIDITY_PERIOD.':'.$request, AUTH_NONCE_KEY));
function auth_get_valid_nonces()
{
$request = file_get_contents('php://input');
$time = time();
$time -= $time%MIN_NONCE_VALIDITY_PERIOD; // our nonce will be valid at leat MIN_NONCE_VALIDITY_PERIOD seconds and max twice it, so floor the timestamp
return array(
hash_hmac("sha256", $time.':'.$request, AUTH_NONCE_KEY),
hash_hmac("sha256", $time-MIN_NONCE_VALIDITY_PERIOD.':'.$request, AUTH_NONCE_KEY));
}
function request_authentication($realm = "sip.example.org") {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm.
'",qop="auth",nonce="' . auth_get_valid_nonces()[0] . '",opaque="' . md5($realm) . '"');
exit();
function request_authentication($realm = "sip.example.org")
{
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm.
'",qop="auth",nonce="' . auth_get_valid_nonces()[0] . '",opaque="' . md5($realm) . '"');
exit();
}
function authenticate($auth_digest, $realm = "sip.example.org") {
Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm);
// Parse the client authentication data
$default = array('nounce', 'nc', 'cnounce', 'qop', 'username', 'uri', 'response');
preg_match_all('~(\w+)="?([^",]+)"?~', $auth_digest, $matches); # $_SERVER['PHP_AUTH_DIGEST']
$data = array_combine($matches[1] + $default, $matches[2]);
function authenticate($auth_digest, $realm = "sip.example.org")
{
Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm);
// Parse the client authentication data
$default = array('nounce', 'nc', 'cnounce', 'qop', 'username', 'uri', 'response');
preg_match_all('~(\w+)="?([^",]+)"?~', $auth_digest, $matches); # $_SERVER['PHP_AUTH_DIGEST']
$data = array_combine($matches[1] + $default, $matches[2]);
// Get the password/hash from database
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $data['username'];
$account->domain = empty($data['domain']) ? SIP_DOMAIN : $data['domain'];
// Get the password/hash from database
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $data['username'];
$account->domain = empty($data['domain']) ? SIP_DOMAIN : $data['domain'];
if (!$account->getOne()) {
Logger::getInstance()->error("Couldn't find account " . (string)$account);
return false;
}
$pwd = new Password($db);
$pwd->account_id = $account->id;
$stmt = $pwd->getAll();
$num = $stmt->rowCount();
if ($num <= 0) {
Logger::getInstance()->error("Couldn't find password " . (string)$pwd);
return false;
}
if (!$account->getOne()) {
Logger::getInstance()->error("Couldn't find account " . (string)$account);
return false;
}
$pwd = new Password($db);
$pwd->account_id = $account->id;
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pwd->getAll();
$num = $stmt->rowCount();
if ($num <= 0) {
Logger::getInstance()->error("Couldn't find password " . (string)$pwd);
return false;
}
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
extract($row);
// Generate the valid response
switch ($algorithm) {
case 'CLRTXT':
$A1 = md5($data['username'].':'.$data['realm'].':'.$password);
$A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
break;
case 'MD5':
$A1 = $password; // username:realm:password
$A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
break;
case 'SHA256':
$A1 = $password; // username:realm:password
$A2 = hash('sha256', getenv('REQUEST_METHOD').':'.$data['uri']);
$valid_response = hash('sha256', $A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
break;
}
// Generate the valid response
switch ($algorithm) {
case 'CLRTXT':
$A1 = md5($data['username'].':'.$data['realm'].':'.$password);
$A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
break;
case 'MD5':
$A1 = $password; // username:realm:password
$A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
break;
case 'SHA256':
$A1 = $password; // username:realm:password
$A2 = hash('sha256', getenv('REQUEST_METHOD').':'.$data['uri']);
$valid_response = hash('sha256', $A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
break;
}
// Compare with the client response
if ($data['response'] === $valid_response) {
return true;
}
}
// Compare with the client response
if ($data['response'] === $valid_response) {
return true;
}
}
Logger::getInstance()->error("Failed to authenticate request");
return false;
Logger::getInstance()->error("Failed to authenticate request");
return false;
}
?>

70
src/xmlrpc/devices.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -23,33 +23,33 @@ include_once __DIR__ . '/../objects/device.php';
include_once __DIR__ . '/../misc/results_values.php';
// args = [manufacturer, model, status, delay, hasHEC]
function xmlrpc_add_ec_calibration_result($method, $args) {
$manufacturer = $args[0];
$model = $args[1];
$status = $args[2];
$delay = $args[3];
function xmlrpc_add_ec_calibration_result($method, $args)
{
$manufacturer = $args[0];
$model = $args[1];
$status = $args[2];
$delay = $args[3];
$hasHEC = 0;
if (count($args) == 5) {
$hasHEC = (int)$args[4];
}
$hasHEC = 0;
if (count($args) == 5) {
$hasHEC = (int)$args[4];
}
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$device = new Device($db);
$device->manufacturer = $manufacturer;
$device->model = $model;
$device->status = $status;
$device->delay = $delay;
$device->hardware_echo_canceller = $hasHEC;
$device->create();
$device = new Device($db);
$device->manufacturer = $manufacturer;
$device->model = $model;
$device->status = $status;
$device->delay = $delay;
$device->hardware_echo_canceller = $hasHEC;
$device->create();
return OK;
return OK;
}
function xmlrpc_devices_register_methods($server) {
xmlrpc_server_register_method($server, 'add_ec_calibration_result', 'xmlrpc_add_ec_calibration_result');// args = [manufacturer, model, status, delay, hasHEC]
function xmlrpc_devices_register_methods($server)
{
xmlrpc_server_register_method($server, 'add_ec_calibration_result', 'xmlrpc_add_ec_calibration_result');// args = [manufacturer, model, status, delay, hasHEC]
}
?>

633
src/xmlrpc/inapp.php
View file

@ -1,181 +1,187 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
// Google/Android specifics
// Get an access token to access Google APIs
function get_google_access_token() {
$ch = curl_init(GOOGLE_API_OAUTH_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded'
));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'client_id' => GOOGLE_PROJECT_ID,
'client_secret' => GOOGLE_PROJECT_PASSWORD,
'refresh_token' => GOOGLE_PROJECT_REFRESH_TOKEN,
'grant_type' => "refresh_token",
)));
$result = curl_exec($ch);
curl_close($ch);
function get_google_access_token()
{
$ch = curl_init(GOOGLE_API_OAUTH_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded'
));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'client_id' => GOOGLE_PROJECT_ID,
'client_secret' => GOOGLE_PROJECT_PASSWORD,
'refresh_token' => GOOGLE_PROJECT_REFRESH_TOKEN,
'grant_type' => "refresh_token",
)));
$result = curl_exec($ch);
curl_close($ch);
$json = json_decode($result, true);
$token = $json["access_token"];
mylog("[GOOGLE] Access token is " . $token);
return $token;
$json = json_decode($result, true);
$token = $json["access_token"];
mylog("[GOOGLE] Access token is " . $token);
return $token;
}
// Query Google for the expiration time given the transaction token as described here: https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
function get_expiration_for_android_token_and_subscription($token, $subscription) {
$google_access_token = get_google_access_token();
$url = "https://www.googleapis.com/androidpublisher/v2/applications/" . ANDROID_PACKAGE . "/purchases/subscriptions/" . $subscription . "/tokens/" . $token . "?access_token=" . $google_access_token;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
$result = curl_exec($ch);
curl_close($ch);
function get_expiration_for_android_token_and_subscription($token, $subscription)
{
$google_access_token = get_google_access_token();
$url = "https://www.googleapis.com/androidpublisher/v2/applications/" . ANDROID_PACKAGE . "/purchases/subscriptions/" . $subscription . "/tokens/" . $token . "?access_token=" . $google_access_token;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
$result = curl_exec($ch);
curl_close($ch);
$json = json_decode($result, true);
$expiration = $json["expiryTimeMillis"];
mylog("[GOOGLE] expire timestamp for token = " . $token . " and product id = " . $subscription . " is " . $expiration);
return $expiration . "";
$json = json_decode($result, true);
$expiration = $json["expiryTimeMillis"];
mylog("[GOOGLE] expire timestamp for token = " . $token . " and product id = " . $subscription . " is " . $expiration);
return $expiration . "";
}
// Returns 1 if the payload/signature has been issued by Google.
function check_google_signature($payload, $signature) {
$certFile = fopen(ANDROID_PUB_KEY_PATH, "r");
$cert = fread($certFile, 8192);
fclose($certFile);
$pubKeyId = openssl_get_publickey($cert);
function check_google_signature($payload, $signature)
{
$certFile = fopen(ANDROID_PUB_KEY_PATH, "r");
$cert = fread($certFile, 8192);
fclose($certFile);
$pubKeyId = openssl_get_publickey($cert);
$ok = openssl_verify($payload, base64_decode($signature), $pubKeyId, OPENSSL_ALGO_SHA1);
mylog("[GOOGLE] signature verification result is " . $ok);
return $ok;
$ok = openssl_verify($payload, base64_decode($signature), $pubKeyId, OPENSSL_ALGO_SHA1);
mylog("[GOOGLE] signature verification result is " . $ok);
return $ok;
}
// End of Google/Android specifics
// Apple/iOS specifics
function get_apple_receipt($payload) {
$ch = curl_init(APPLE_URL);
function get_apple_receipt($payload)
{
$ch = curl_init(APPLE_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET)));
$result = curl_exec($ch);
curl_close($ch);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET)));
$result = curl_exec($ch);
curl_close($ch);
mylog("[APPLE] decoded receipt is " . $result);
$json = json_decode($result, true);
mylog("[APPLE] decoded receipt is " . $result);
$json = json_decode($result, true);
$status_code = $json["status"];
if ($status_code == 21007) {
mylog("[APPLE] Error 21007 found, sending receipt to sandbox instead of production");
$ch = curl_init(APPLE_SANDBOX_URL);
$status_code = $json["status"];
if ($status_code == 21007) {
mylog("[APPLE] Error 21007 found, sending receipt to sandbox instead of production");
$ch = curl_init(APPLE_SANDBOX_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET)));
$result = curl_exec($ch);
curl_close($ch);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET)));
$result = curl_exec($ch);
curl_close($ch);
mylog("[APPLE] decoded receipt is " . $result);
$json = json_decode($result, true);
}
mylog("[APPLE] decoded receipt is " . $result);
$json = json_decode($result, true);
}
return $json;
return $json;
}
// Returns 1 if the payload/signature has been signed by Apple, else will return the error code as described here: https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1
function check_apple_signature($payload) {
$status = -1;
function check_apple_signature($payload)
{
$status = -1;
$status = $payload["status"];
mylog("[APPLE] Status in apple receipt is " . $status);
if ($status == 0) {
return 1;
}
$status = $payload["status"];
mylog("[APPLE] Status in apple receipt is " . $status);
if ($status == 0) {
return 1;
}
return $status;
return $status;
}
function parse_apple_receipt_get_expiration($user, $domain, $json) {
$last_used = db_inapp_get_last_used_field($user, $domain);
function parse_apple_receipt_get_expiration($user, $domain, $json)
{
$last_used = db_inapp_get_last_used_field($user, $domain);
$days = 0;
$receipt = $json["receipt"];
$in_app = $receipt["in_app"];
foreach($in_app as $item => $value) {
if (array_key_exists("original_purchase_date_ms", $value) and array_key_exists("product_id", $value)) {
$purchase_date = $value["original_purchase_date_ms"];
$product_id = $value["product_id"];
$days = 0;
$receipt = $json["receipt"];
$in_app = $receipt["in_app"];
foreach ($in_app as $item => $value) {
if (array_key_exists("original_purchase_date_ms", $value) and array_key_exists("product_id", $value)) {
$purchase_date = $value["original_purchase_date_ms"];
$product_id = $value["product_id"];
if ($purchase_date > $last_used) {
$days_bought = 0;
if (endswith($product_id, "1_month")) {
$days_bought = 30;
} else if (endswith($product_id, "1_year")) {
$days_bought = 365;
} else {
mylog("[ERROR] Unknown duration for product ID " . $product_id);
continue;
}
if ($purchase_date > $last_used) {
$days_bought = 0;
if (endswith($product_id, "1_month")) {
$days_bought = 30;
} elseif (endswith($product_id, "1_year")) {
$days_bought = 365;
} else {
mylog("[ERROR] Unknown duration for product ID " . $product_id);
continue;
}
if (startswith($product_id, "test.")) {
mylog("[APPLE] Test mode detected, time accelerated (1 month => 1 minute)");
$days_bought /= 43200;
}
if (startswith($product_id, "test.")) {
mylog("[APPLE] Test mode detected, time accelerated (1 month => 1 minute)");
$days_bought /= 43200;
}
if ($days_bought > 0) {
$days = $days + $days_bought;
db_inapp_update_last_used_field($user, $domain, $purchase_date);
}
}
}
}
if ($days_bought > 0) {
$days = $days + $days_bought;
db_inapp_update_last_used_field($user, $domain, $purchase_date);
}
}
}
}
if ($days <= 0) {
mylog("[WARN] [APPLE] Either no receipt or all receipts have already been consumed");
return 0;
}
$millis = 86400000 * $days;
if ($days <= 0) {
mylog("[WARN] [APPLE] Either no receipt or all receipts have already been consumed");
return 0;
}
$millis = 86400000 * $days;
$now = get_trial_expiration_date();
$expiration = db_inapp_get_expiration_date($user, $domain);
$now = get_trial_expiration_date();
$expiration = db_inapp_get_expiration_date($user, $domain);
$max = max($now, $expiration);
$expiration_date = $max + $millis;
$max = max($now, $expiration);
$expiration_date = $max + $millis;
mylog("[APPLE] Adding " . $days . " days to current expiration date (= " . $millis . " ms). New expiration date is " . $expiration_date);
mylog("[APPLE] Adding " . $days . " days to current expiration date (= " . $millis . " ms). New expiration date is " . $expiration_date);
return $expiration_date;
return $expiration_date;
}
// End of Apple/iOS specifics
@ -183,222 +189,227 @@ function parse_apple_receipt_get_expiration($user, $domain, $json) {
// XMLRPC methods
// Returns 1 if the payload/signature has been signed by either Google or Apple, depending on $os.
function check_signature($os, $payload, $signature) {
if (strcmp($os, "google") == 0) {
return check_google_signature($payload, $signature);
} elseif (strcmp($os, "apple") == 0) {
return check_apple_signature($payload);
}
return -2;
function check_signature($os, $payload, $signature)
{
if (strcmp($os, "google") == 0) {
return check_google_signature($payload, $signature);
} elseif (strcmp($os, "apple") == 0) {
return check_apple_signature($payload);
}
return -2;
}
// args = [username, ha1, [domain]]
function xmlrpc_is_account_trial($method, $args) {
$user = $args[0];
$password = $args[1];
$domain = get_domain($args[2]);
function xmlrpc_is_account_trial($method, $args)
{
$user = $args[0];
$password = $args[1];
$domain = get_domain($args[2]);
mylog("[XMLRPC] xmlrpc_is_account_trial(" . $user . ", " . $domain . ")");
mylog("[XMLRPC] xmlrpc_is_account_trial(" . $user . ", " . $domain . ")");
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
if (db_inapp_is_account_trial($user, $domain)) {
return "OK";
} else {
return "NOK";
}
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
if (db_inapp_is_account_trial($user, $domain)) {
return "OK";
} else {
return "NOK";
}
}
// args = [username, ha1, [domain]]
function xmlrpc_is_account_expired($method, $args) {
$user = $args[0];
$password = $args[1];
$domain = get_domain($args[2]);
function xmlrpc_is_account_expired($method, $args)
{
$user = $args[0];
$password = $args[1];
$domain = get_domain($args[2]);
mylog("[XMLRPC] xmlrpc_is_account_expired(" . $user . ", " . $domain . ")");
mylog("[XMLRPC] xmlrpc_is_account_expired(" . $user . ", " . $domain . ")");
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
$expiration = db_inapp_get_expiration_date($user, $domain);
$now_date = new DateTime('now');
$now = $now_date->getTimestamp() * 1000;
if ($now > $expiration) {
return "OK";
} else {
return "NOK";
}
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
$expiration = db_inapp_get_expiration_date($user, $domain);
$now_date = new DateTime('now');
$now = $now_date->getTimestamp() * 1000;
if ($now > $expiration) {
return "OK";
} else {
return "NOK";
}
}
// args = [payload, signature]
function xmlrpc_check_payload_signature($method, $args) {
$payload = $args[0];
$signature = $args[1];
function xmlrpc_check_payload_signature($method, $args)
{
$payload = $args[0];
$signature = $args[1];
mylog("[XMLRPC] xmlrpc_check_payload_signature(payload, signature)");
mylog("[XMLRPC] xmlrpc_check_payload_signature(payload, signature)");
$result = 0;
$os = "google";
$payloadJson = $payload;
if ($signature == "") {
$payloadJson = get_apple_receipt($payload);
$os = "apple";
}
$result = 0;
$os = "google";
$payloadJson = $payload;
if ($signature == "") {
$payloadJson = get_apple_receipt($payload);
$os = "apple";
}
$result = check_signature($os, $payloadJson, $signature);
$result = check_signature($os, $payloadJson, $signature);
if ($result == 1) {
return "OK";
}
return "NOK";
if ($result == 1) {
return "OK";
}
return "NOK";
}
// args = [username, ha1, [domain], payload, signature=""]
function xmlrpc_update_expiration_date($method, $args) {
$user = $args[0];
$password = $args[1];
$payload = $args[3];
$signature = $args[4];
$domain = get_domain($args[2]);
function xmlrpc_update_expiration_date($method, $args)
{
$user = $args[0];
$password = $args[1];
$payload = $args[3];
$signature = $args[4];
$domain = get_domain($args[2]);
mylog("[XMLRPC] xmlrpc_update_expiration_date(" . $user . ", " . $domain . ", payload, signature)");
mylog("[XMLRPC] xmlrpc_update_expiration_date(" . $user . ", " . $domain . ", payload, signature)");
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} else if (!db_account_is_activated($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " isn't activated");
return "ERROR_ACCOUNT_NOT_ACTIVATED";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} elseif (!db_account_is_activated($user, $domain)) {
mylog("[ERROR] User account " . $user . " / " . $domain . " isn't activated");
return "ERROR_ACCOUNT_NOT_ACTIVATED";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
$result = 0;
$os = "google";
$payloadJson = $payload;
if ($signature == "") {
$payloadJson = get_apple_receipt($payload);
$os = "apple";
}
$result = check_signature($os, $payloadJson, $signature);
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
if ($result == 1) {
$expiration_date = 0;
if (strcmp($os,"google") == 0) {
$json = json_decode($payload, true);
$token = $json["purchaseToken"];
$subscription = $json["productId"];
$expiration_date = get_expiration_for_android_token_and_subscription($token, $subscription);
} else if (strcmp($os, "apple") == 0) {
$expiration_date = parse_apple_receipt_get_expiration($user, $domain, $payloadJson);
}
$result = 0;
$os = "google";
$payloadJson = $payload;
if ($signature == "") {
$payloadJson = get_apple_receipt($payload);
$os = "apple";
}
$result = check_signature($os, $payloadJson, $signature);
if ($expiration_date >= 0) {
if ($expiration_date > 0) {
db_inapp_update_trial($user, $domain, 0);
db_inapp_update_expiration_date($user, $domain, $expiration_date);
if ($result == 1) {
$expiration_date = 0;
if (strcmp($os, "google") == 0) {
$json = json_decode($payload, true);
$token = $json["purchaseToken"];
$subscription = $json["productId"];
$expiration_date = get_expiration_for_android_token_and_subscription($token, $subscription);
} elseif (strcmp($os, "apple") == 0) {
$expiration_date = parse_apple_receipt_get_expiration($user, $domain, $payloadJson);
}
/*if (CUSTOM_HOOKS) {
hook_on_expiration_date_updated($user, $domain, $expiration_date, $payloadJson, $os);
}*/
return $expiration_date . "";
} else {
return db_inapp_get_expiration_date($user, $domain) . "";
}
} else {
mylog("[ERROR] Expiration is " . $expiration_date);
}
}
mylog("[ERROR] Couldn't verify signature of payload...");
return "ERROR_SIGNATURE_VERIFICATION_FAILED";
if ($expiration_date >= 0) {
if ($expiration_date > 0) {
db_inapp_update_trial($user, $domain, 0);
db_inapp_update_expiration_date($user, $domain, $expiration_date);
/*if (CUSTOM_HOOKS) {
hook_on_expiration_date_updated($user, $domain, $expiration_date, $payloadJson, $os);
}*/
return $expiration_date . "";
} else {
return db_inapp_get_expiration_date($user, $domain) . "";
}
} else {
mylog("[ERROR] Expiration is " . $expiration_date);
}
}
mylog("[ERROR] Couldn't verify signature of payload...");
return "ERROR_SIGNATURE_VERIFICATION_FAILED";
}
// args = [username, ha1, [domain]]
function xmlrpc_get_account_expiration($method, $args) {
$user = $args[0];
$password = $args[1];
$domain = get_domain($args[2]);
function xmlrpc_get_account_expiration($method, $args)
{
$user = $args[0];
$password = $args[1];
$domain = get_domain($args[2]);
mylog("[XMLRPC] xmlrpc_get_account_expiration(" . $user . ")");
mylog("[XMLRPC] xmlrpc_get_account_expiration(" . $user . ")");
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!check_parameter($user)) {
return "ERROR_USERNAME_PARAMETER_NOT_FOUND";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} else if (!db_account_is_activated($user, $domain)) {
mylog("[ERROR] User account " . $user . " isn't activated");
return "ERROR_ACCOUNT_NOT_ACTIVATED";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
if (!db_account_is_existing($user, $domain)) {
mylog("[ERROR] User account " . $user . " doesn't exist");
return "ERROR_ACCOUNT_DOESNT_EXIST";
} elseif (!db_account_is_activated($user, $domain)) {
mylog("[ERROR] User account " . $user . " isn't activated");
return "ERROR_ACCOUNT_NOT_ACTIVATED";
} else {
$hashed_password = hash_password($user, $password, $domain);
$db_hashed_password = db_account_get_password($user, $domain);
if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) {
mylog("[ERROR] Password doesn't match");
return "ERROR_PASSWORD_DOESNT_MATCH";
}
}
$expiration = db_inapp_get_expiration_date($user, $domain);
return $expiration . "";
if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) {
return "ERROR_NO_EXPIRATION";
}
$expiration = db_inapp_get_expiration_date($user, $domain);
return $expiration . "";
}
function xmlrpc_inapp_register_methods($server) {
xmlrpc_server_register_method($server, 'is_account_trial', 'xmlrpc_is_account_trial');// args = [username, ha1, [domain]]
xmlrpc_server_register_method($server, 'is_account_expired', 'xmlrpc_is_account_expired');// args = [username, ha1, [domain]]
xmlrpc_server_register_method($server, 'get_account_expiration', 'xmlrpc_get_account_expiration');// args = [username, ha1, [domain]]
xmlrpc_server_register_method($server, 'update_expiration_date', 'xmlrpc_update_expiration_date');// args = [username, ha1, [domain], payload, [signature]]
xmlrpc_server_register_method($server, 'check_payload_signature', 'xmlrpc_check_payload_signature');// args = [payload, signature]
function xmlrpc_inapp_register_methods($server)
{
xmlrpc_server_register_method($server, 'is_account_trial', 'xmlrpc_is_account_trial');// args = [username, ha1, [domain]]
xmlrpc_server_register_method($server, 'is_account_expired', 'xmlrpc_is_account_expired');// args = [username, ha1, [domain]]
xmlrpc_server_register_method($server, 'get_account_expiration', 'xmlrpc_get_account_expiration');// args = [username, ha1, [domain]]
xmlrpc_server_register_method($server, 'update_expiration_date', 'xmlrpc_update_expiration_date');// args = [username, ha1, [domain], payload, [signature]]
xmlrpc_server_register_method($server, 'check_payload_signature', 'xmlrpc_check_payload_signature');// args = [payload, signature]
}
?>

209
src/xmlrpc/liblinphone_tester.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -30,123 +30,124 @@ include_once __DIR__ . '/../misc/results_values.php';
// args = [user, pwd, [domain], [algo]]
// /!\ This method must be used for tests purposes only /!\
function xmlrpc_get_confirmation_key($method, $args) {
$user = $args[0];
$pwd = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
function xmlrpc_get_confirmation_key($method, $args)
{
$user = $args[0];
$pwd = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_confirmation_key(" . $user . ", " . $domain . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_confirmation_key(" . $user . ", " . $domain . ", " . $algo . ")");
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!ALLOW_TEST_ACCOUNTS) {
Logger::getInstance()->error ("Non test account unauthorized");
return TEST_ACCOUNTS_DISABLED;
} else if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!ALLOW_TEST_ACCOUNTS) {
Logger::getInstance()->error("Non test account unauthorized");
return TEST_ACCOUNTS_DISABLED;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if ($algo == CLEAR) {
$hashed_password = $pwd;
} else {
$hashed_password = hash_password($user, $pwd, $domain, $algo);
}
if ($algo == CLEAR) {
$hashed_password = $pwd;
} else {
$hashed_password = hash_password($user, $pwd, $domain, $algo);
}
if (!password_match($hashed_password, $password->password)
&& !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester....
return PASSWORD_DOESNT_MATCH;
}
if (!password_match($hashed_password, $password->password)
&& !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester....
return PASSWORD_DOESNT_MATCH;
}
if ($account->confirmation_key == INVALID_CONFIRMATION_KEY) {
// We have to generate a new one because
$account->confirmation_key = uniqid();
$account->update();
}
if ($account->confirmation_key == INVALID_CONFIRMATION_KEY) {
// We have to generate a new one because
$account->confirmation_key = uniqid();
$account->update();
}
$key = $account->confirmation_key;
Logger::getInstance()->debug("[XMLRPC] returning key = " . $key);
return $key;
$key = $account->confirmation_key;
Logger::getInstance()->debug("[XMLRPC] returning key = " . $key);
return $key;
}
// args = [user, pwd, [domain], [algo]]
// /!\ This method must be used for tests purposes only /!\
function xmlrpc_delete_account($method, $args) {
$user = $args[0];
$pwd = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
function xmlrpc_delete_account($method, $args)
{
$user = $args[0];
$pwd = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_account(" . $user . ", " . $domain . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_account(" . $user . ", " . $domain . ", " . $algo . ")");
if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
} else if (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} else if (!ALLOW_TEST_ACCOUNTS) {
return TEST_ACCOUNTS_DISABLED;
}
if ($algo == null) {
return ALGO_NOT_SUPPORTED;
} elseif (!check_parameter($user)) {
return MISSING_USERNAME_PARAM;
} elseif (!ALLOW_TEST_ACCOUNTS) {
return TEST_ACCOUNTS_DISABLED;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $user;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if ($algo == CLEAR) {
$hashed_password = $pwd;
} else {
$hashed_password = hash_password($user, $pwd, $domain, $algo);
}
if (!password_match($hashed_password, $password->password)
&& !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester....
return PASSWORD_DOESNT_MATCH;
}
if ($algo == CLEAR) {
$hashed_password = $pwd;
} else {
$hashed_password = hash_password($user, $pwd, $domain, $algo);
}
if (!password_match($hashed_password, $password->password)
&& !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester....
return PASSWORD_DOESNT_MATCH;
}
$alias = new Alias($db);
$alias->account_id = $account->id;
$alias = new Alias($db);
$alias->account_id = $account->id;
$account->delete();
$password->delete();
$alias->delete();
$account->delete();
$password->delete();
$alias->delete();
return OK;
return OK;
}
// /!\ This methods must be used for tests purposes only /!\
function xmlrpc_liblinphone_tester_register_methods($server) {
xmlrpc_server_register_method($server, 'get_confirmation_key', 'xmlrpc_get_confirmation_key');// args = [user, pwd, [domain], [algo]], return confirmation_key
xmlrpc_server_register_method($server, 'delete_account', 'xmlrpc_delete_account');// args = [user, pwd, [domain], [algo]]
function xmlrpc_liblinphone_tester_register_methods($server)
{
xmlrpc_server_register_method($server, 'get_confirmation_key', 'xmlrpc_get_confirmation_key');// args = [user, pwd, [domain], [algo]], return confirmation_key
xmlrpc_server_register_method($server, 'delete_account', 'xmlrpc_delete_account');// args = [user, pwd, [domain], [algo]]
}
?>

390
src/xmlrpc/passwords.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -30,241 +30,245 @@ include_once __DIR__ . '/../misc/utilities.php';
include_once __DIR__ . '/../misc/results_values.php';
// args = [username, old hash, new hash, [domain], [algo]]
function xmlrpc_update_password($method, $args) {
$username = $args[0];
$hashed_old_password = $args[1];
$hashed_new_password = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
function xmlrpc_update_password($method, $args)
{
$username = $args[0];
$hashed_old_password = $args[1];
$hashed_new_password = $args[2];
$domain = get_domain($args[3]);
$algo = get_algo($args[4]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")");
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
} else if ($algo == NULL) {
return ALGO_NOT_SUPPORTED;
}
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_old_password;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_old_password;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
if (!$password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
$password->password = $hashed_new_password;
if ($password->update()) {
Logger::getInstance()->message("Password updated successfully");
return OK;
}
$password->password = $hashed_new_password;
if ($password->update()) {
Logger::getInstance()->message("Password updated successfully");
return OK;
}
return NOK;
return NOK;
}
// args = [username, old hash, md5_hash, sha256_hash, [domain]]
function xmlrpc_update_passwords($method, $args) {
$username = $args[0];
$hashed_password = $args[1];
$md5_hashed_password = $args[2];
$sha256_hashed_password = $args[3];
$domain = get_domain($args[4]);
function xmlrpc_update_passwords($method, $args)
{
$username = $args[0];
$hashed_password = $args[1];
$md5_hashed_password = $args[2];
$sha256_hashed_password = $args[3];
$domain = get_domain($args[4]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_passwords(" . $username . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_passwords(" . $username . ", " . $domain . ")");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
if (!$password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
if (!$password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
// Old password is OK, now let's hash the new password for both MD5 and SHA-256
// Old password is OK, now let's hash the new password for both MD5 and SHA-256
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->algorithm = MD5;
$md5_exists = $md5_password->GetOne();
$md5_password->password = $md5_hashed_password;
if ($md5_exists) {
$md5_password->update();
} else {
$md5_password->create();
}
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->algorithm = MD5;
$md5_exists = $md5_password->GetOne();
$md5_password->password = $md5_hashed_password;
if ($md5_exists) {
$md5_password->update();
} else {
$md5_password->create();
}
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->algorithm = SHA256;
$sha256_exists = $sha256_password->GetOne();
$sha256_password->password = $sha256_hashed_password;
if ($sha256_exists) {
$sha256_password->update();
} else {
$sha256_password->create();
}
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->algorithm = SHA256;
$sha256_exists = $sha256_password->GetOne();
$sha256_password->password = $sha256_hashed_password;
if ($sha256_exists) {
$sha256_password->update();
} else {
$sha256_password->create();
}
return OK;
return OK;
}
// args = [username, old md5 hash, sha256 hash, [domain]]
function xmlrpc_upgrade_password($method, $args) {
$username = $args[0];
$md5_hash = $args[1];
$sha256_hash = $args[2];
$domain = get_domain($args[3]);
function xmlrpc_upgrade_password($method, $args)
{
$username = $args[0];
$md5_hash = $args[1];
$sha256_hash = $args[2];
$domain = get_domain($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_upgrade_password(" . $username . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_upgrade_password(" . $username . ", " . $domain . ")");
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
}
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
}
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->algorithm = SHA256;
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->algorithm = SHA256;
// There is already a SHA-256 password for this account, abort upgrade
if ($sha256_password->getOne()) {
return SHA256_PASSWORD_ALREADY_EXISTS;
}
// There is already a SHA-256 password for this account, abort upgrade
if ($sha256_password->getOne()) {
return SHA256_PASSWORD_ALREADY_EXISTS;
}
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->password = $md5_hash;
$md5_password->algorithm = MD5;
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->password = $md5_hash;
$md5_password->algorithm = MD5;
// No MD5 or wrong hash, abort
if (!$md5_password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
// No MD5 or wrong hash, abort
if (!$md5_password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
// Upgrade MD5 to SHA-256
$md5_password->password = $sha256_hash;
$md5_password->algorithm = SHA256;
if ($md5_password->update()) {
Logger::getInstance()->message("Password upgraded successfully");
return OK;
}
// Upgrade MD5 to SHA-256
$md5_password->password = $sha256_hash;
$md5_password->algorithm = SHA256;
if ($md5_password->update()) {
Logger::getInstance()->message("Password upgraded successfully");
return OK;
}
return NOK;
return NOK;
}
// args = [username, hash, [domain]]
function xmlrpc_check_authentication($method, $args) {
$username = $args[0];
$hashed_password = $args[1];
$domain = get_domain($args[2]);
function xmlrpc_check_authentication($method, $args)
{
$username = $args[0];
$hashed_password = $args[1];
$domain = get_domain($args[2]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication(" . $username . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication(" . $username . ", " . $domain . ")");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
$password = new Password($db);
$password->account_id = $account->id;
$password->password = $hashed_password;
if (!$password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
if (!$password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
return OK;
return OK;
}
// args = [username, md5_hash, sha256_hash, [domain]]
function xmlrpc_check_authentication_and_upgrade_password($method, $args) {
$username = $args[0];
$md5_hashed_password = $args[1];
$sha256_hashed_password = $args[2];
$domain = get_domain($args[3]);
function xmlrpc_check_authentication_and_upgrade_password($method, $args)
{
$username = $args[0];
$md5_hashed_password = $args[1];
$sha256_hashed_password = $args[2];
$domain = get_domain($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication_and_upgrade_password(" . $username . ", " . $domain . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication_and_upgrade_password(" . $username . ", " . $domain . ")");
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->password = $sha256_hashed_password;
$sha256_password->algorithm = SHA256;
$sha256_password = new Password($db);
$sha256_password->account_id = $account->id;
$sha256_password->password = $sha256_hashed_password;
$sha256_password->algorithm = SHA256;
if (!$sha256_password->getOne()) {
// SHA-256 doesn't exists or doesn't match, let's try MD5
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->password = $md5_hashed_password;
$md5_password->algorithm = MD5;
if (!$sha256_password->getOne()) {
// SHA-256 doesn't exists or doesn't match, let's try MD5
$md5_password = new Password($db);
$md5_password->account_id = $account->id;
$md5_password->password = $md5_hashed_password;
$md5_password->algorithm = MD5;
if (!$md5_password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
if (!$md5_password->getOne()) {
return PASSWORD_DOESNT_MATCH;
}
if ($sha256_password->id > 0) {
// SHA-256 exists, let's update it
$sha256_password->update();
} else {
$sha256_password->create();
}
}
if ($sha256_password->id > 0) {
// SHA-256 exists, let's update it
$sha256_password->update();
} else {
$sha256_password->create();
}
}
return OK;
return OK;
}
function xmlrpc_passwords_register_methods($server) {
// The below two methods are the same but with different names, update_hash was the previous one and is kept here for the time being for compatibility purposes
xmlrpc_server_register_method($server, 'update_hash', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'update_password', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'update_passwords', 'xmlrpc_update_passwords');// args = [username, old hash, md5_hash, sha256_hash, [domain]]
xmlrpc_server_register_method($server, 'upgrade_password', 'xmlrpc_upgrade_password');// args = [username, old md5 hash, sha256 hash, [domain]]
function xmlrpc_passwords_register_methods($server)
{
// The below two methods are the same but with different names, update_hash was the previous one and is kept here for the time being for compatibility purposes
xmlrpc_server_register_method($server, 'update_hash', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'update_password', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK
xmlrpc_server_register_method($server, 'update_passwords', 'xmlrpc_update_passwords');// args = [username, old hash, md5_hash, sha256_hash, [domain]]
xmlrpc_server_register_method($server, 'upgrade_password', 'xmlrpc_upgrade_password');// args = [username, old md5 hash, sha256 hash, [domain]]
xmlrpc_server_register_method($server, 'check_authentication', 'xmlrpc_check_authentication');// args = [username, hash, [domain]]
xmlrpc_server_register_method($server, 'check_authentication_and_upgrade_password', 'xmlrpc_check_authentication_and_upgrade_password');// args = [username, md5_hash, sha256_hash, [domain]]
xmlrpc_server_register_method($server, 'check_authentication', 'xmlrpc_check_authentication');// args = [username, hash, [domain]]
xmlrpc_server_register_method($server, 'check_authentication_and_upgrade_password', 'xmlrpc_check_authentication_and_upgrade_password');// args = [username, md5_hash, sha256_hash, [domain]]
}
?>

30
src/xmlrpc/provisioning.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
header("Access-Control-Allow-Origin: *");
@ -59,7 +59,7 @@ if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) {
$xml .= '<section name="' . $section . '"' . (REMOTE_PROVISIONING_OVERWRITE_ALL ? ' overwrite="true"' : '') . '>';
if (startswith($section, "proxy_config_")) {
$proxy_config_index += 1;
} else if (startswith($section, "auth_info_")) {
} elseif (startswith($section, "auth_info_")) {
$auth_info_index += 1;
}
@ -67,7 +67,7 @@ if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) {
// We need to replace any < or > by &lt; and &gt; or the xml won't be valid !
$value = str_replace("<", "&lt;", $value);
$value = str_replace(">", "&gt;", $value);
$xml .= '<entry name="' . $key . '">' . $value . '</entry>';
}
$xml .= '</section>';
@ -103,5 +103,3 @@ $xml .= '</config>';
http_response_code(200);
echo $xml;
?>

230
src/xmlrpc/user_info.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -33,137 +33,139 @@ include_once __DIR__ . '/../misc/results_values.php';
include_once __DIR__ . '/../misc/user_info.php';
// args = [username, ha1, [domain], [algo]]
function xmlrpc_get_email_account($method, $args) {
$username = $args[0];
$ha1 = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
function xmlrpc_get_email_account($method, $args)
{
$username = $args[0];
$ha1 = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_email_account(" . $username . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_email_account(" . $username . ")");
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
$account = new Account($db);
$account->username = $username;
$account->domain = $domain;
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!password_match($ha1, $password->password)) {
return PASSWORD_DOESNT_MATCH;
}
if (!password_match($ha1, $password->password)) {
return PASSWORD_DOESNT_MATCH;
}
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info->getOne();
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info->getOne();
$result = array(
"id" => $account->id,
"username" => $account->username,
"domain" => $account->domain,
"email" => $account->email,
"alias" => $account->alias,
"activated" => $account->activated,
"firstname" => $user_info->firstname,
"lastname" => $user_info->lastname,
"gender" => $user_info->gender,
"subscribe" => $user_info->subscribe
);
$result = array(
"id" => $account->id,
"username" => $account->username,
"domain" => $account->domain,
"email" => $account->email,
"alias" => $account->alias,
"activated" => $account->activated,
"firstname" => $user_info->firstname,
"lastname" => $user_info->lastname,
"gender" => $user_info->gender,
"subscribe" => $user_info->subscribe
);
return $result;
return $result;
}
// args = [tel, ha1, [domain], [algo]]
function xmlrpc_get_phone_account($method, $args) {
$phone = $args[0];
$ha1 = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
function xmlrpc_get_phone_account($method, $args)
{
$phone = $args[0];
$ha1 = $args[1];
$domain = get_domain($args[2]);
$algo = get_algo($args[3]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_account(" . $phone . ")");
Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_account(" . $phone . ")");
$database = new Database();
$db = $database->getConnection();
$database = new Database();
$db = $database->getConnection();
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$alias = new Alias($db);
$alias->alias = $phone;
$alias->domain = $domain;
$account = new Account($db);
$account = new Account($db);
if (!$alias->getOne()) {
$account->username = $phone;
$account->domain = $domain;
} else {
$account->id = $alias->account_id;
}
if (!$alias->getOne()) {
$account->username = $phone;
$account->domain = $domain;
} else {
$account->id = $alias->account_id;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
if (!$account->getOne()) {
return ACCOUNT_NOT_FOUND;
}
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
$password = new Password($db);
$password->account_id = $account->id;
$password->algorithm = $algo;
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!$password->getOne()) {
return PASSWORD_NOT_FOUND;
}
if (!password_match($ha1, $password->password)) {
return PASSWORD_DOESNT_MATCH;
}
if (!password_match($ha1, $password->password)) {
return PASSWORD_DOESNT_MATCH;
}
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info->getOne();
$user_info = new UserInfo($db);
$user_info->account_id = $account->id;
$user_info->getOne();
$result = array(
"id" => $account->id,
"username" => $account->username,
"domain" => $account->domain,
"email" => $account->email,
"alias" => $account->alias,
"activated" => $account->activated,
"firstname" => $user_info->firstname,
"lastname" => $user_info->lastname,
"gender" => $user_info->gender,
"subscribe" => $user_info->subscribe
);
$result = array(
"id" => $account->id,
"username" => $account->username,
"domain" => $account->domain,
"email" => $account->email,
"alias" => $account->alias,
"activated" => $account->activated,
"firstname" => $user_info->firstname,
"lastname" => $user_info->lastname,
"gender" => $user_info->gender,
"subscribe" => $user_info->subscribe
);
return $result;
return $result;
}
// args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
function xmlrpc_update_account_user_info($method, $args) {
$username = $args[0];
$ha1 = $args[1];
$firstname = $args[2];
$lastname = $args[3];
$gender = $args[4];
$subscribe = $args[5];
$domain = get_domain($args[6]);
$algo = get_algo($args[7]);
function xmlrpc_update_account_user_info($method, $args)
{
$username = $args[0];
$ha1 = $args[1];
$firstname = $args[2];
$lastname = $args[3];
$gender = $args[4];
$subscribe = $args[5];
$domain = get_domain($args[6]);
$algo = get_algo($args[7]);
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")");
return update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo);
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")");
return update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo);
}
function xmlrpc_user_info_register_methods($server) {
xmlrpc_server_register_method($server, 'get_email_account', 'xmlrpc_get_email_account'); // args = [username, ha1, [domain], [algo]]
xmlrpc_server_register_method($server, 'get_phone_account', 'xmlrpc_get_phone_account'); // args = [tel, ha1, [domain], [algo]]
xmlrpc_server_register_method($server, 'update_account_user_info', 'xmlrpc_update_account_user_info'); // args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
function xmlrpc_user_info_register_methods($server)
{
xmlrpc_server_register_method($server, 'get_email_account', 'xmlrpc_get_email_account'); // args = [username, ha1, [domain], [algo]]
xmlrpc_server_register_method($server, 'get_phone_account', 'xmlrpc_get_phone_account'); // args = [tel, ha1, [domain], [algo]]
xmlrpc_server_register_method($server, 'update_account_user_info', 'xmlrpc_update_account_user_info'); // args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]]
}
?>

154
src/xmlrpc/xmlrpc.php
View file

@ -1,21 +1,21 @@
<?php
/*
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
Flexisip Account Manager is a set of tools to manage SIP accounts.
Copyright (C) 2019 Belledonne Communications SARL, All rights reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once __DIR__ . '/../database/database.php';
@ -30,71 +30,75 @@ include_once __DIR__ . '/passwords.php';
include_once __DIR__ . '/user_info.php';
$request = file_get_contents("php://input");
if (empty($request)) Logger::getInstance()->error("Request is empty");
if (empty($request)) {
Logger::getInstance()->error("Request is empty");
}
$server = xmlrpc_server_create();
if (!$server) die("Couldn't create server");
if (!$server) {
die("Couldn't create server");
}
if (USE_DIGEST_AUTH) {
$headers = getallheaders();
$xml = simplexml_load_string($request);
$request_type = $xml->methodName;
$headers = getallheaders();
$xml = simplexml_load_string($request);
$request_type = $xml->methodName;
$unauthenticated_requests = array(
// email accounts
0 => 'create_email_account',
1 => 'create_email_md5_sha256_account',
2 => 'activate_email_account',
3 => 'recover_email_account',
$unauthenticated_requests = array(
// email accounts
0 => 'create_email_account',
1 => 'create_email_md5_sha256_account',
2 => 'activate_email_account',
3 => 'recover_email_account',
// phone accounts
4 => 'create_phone_account',
5 => 'activate_phone_account',
6 => 'recover_phone_account',
7 => 'is_phone_number_used',
8 => 'get_phone_number_for_account',
// accounts
9 => 'get_confirmation_key',
10 => 'is_account_used',
11 => 'is_account_activated',
12 => 'recover_account_from_confirmation_key',
13 => 'get_accounts_count',
// aliases
14 => 'is_alias_used',
15 => 'link_phone_number_with_account',
16 => 'get_alias',
// devices
17 => 'add_ec_calibration_result',
);
// phone accounts
4 => 'create_phone_account',
5 => 'activate_phone_account',
6 => 'recover_phone_account',
7 => 'is_phone_number_used',
8 => 'get_phone_number_for_account',
// Get authentication header if there is one
if (!empty($headers['Auth-Digest'])) {
Logger::getInstance()->debug("Auth-Digest = " . $headers['Auth-Digest']);
$authorization = $headers['Auth-Digest'];
} elseif (!empty($headers['Authorization'])) {
Logger::getInstance()->debug("Authorization = " . $headers['Authorization']);
$authorization = $headers['Authorization'];
}
// accounts
9 => 'get_confirmation_key',
10 => 'is_account_used',
11 => 'is_account_activated',
12 => 'recover_account_from_confirmation_key',
13 => 'get_accounts_count',
// Authentication
if (in_array($request_type, $unauthenticated_requests) == FALSE) {
if (!empty($authorization)) {
$authentication_status = authenticate(AUTH_REALM);
// aliases
14 => 'is_alias_used',
15 => 'link_phone_number_with_account',
16 => 'get_alias',
if ($authentication_status == TRUE) {
Logger::getInstance()->debug("Authentication successful for " . $headers['From']);
} else {
Logger::getInstance()->debug("Authentication failed for " . $headers['From']);
request_authentication(AUTH_REALM);
}
} else {
Logger::getInstance()->debug("No authentication header for " . $headers['From']);
request_authentication(AUTH_REALM);
}
}
// devices
17 => 'add_ec_calibration_result',
);
// Get authentication header if there is one
if (!empty($headers['Auth-Digest'])) {
Logger::getInstance()->debug("Auth-Digest = " . $headers['Auth-Digest']);
$authorization = $headers['Auth-Digest'];
} elseif (!empty($headers['Authorization'])) {
Logger::getInstance()->debug("Authorization = " . $headers['Authorization']);
$authorization = $headers['Authorization'];
}
// Authentication
if (in_array($request_type, $unauthenticated_requests) == false) {
if (!empty($authorization)) {
$authentication_status = authenticate(AUTH_REALM);
if ($authentication_status == true) {
Logger::getInstance()->debug("Authentication successful for " . $headers['From']);
} else {
Logger::getInstance()->debug("Authentication failed for " . $headers['From']);
request_authentication(AUTH_REALM);
}
} else {
Logger::getInstance()->debug("No authentication header for " . $headers['From']);
request_authentication(AUTH_REALM);
}
}
}
xmlrpc_accounts_register_methods($server);
@ -104,17 +108,15 @@ xmlrpc_passwords_register_methods($server);
xmlrpc_user_info_register_methods($server);
if (USE_IN_APP_PURCHASES) {
include_once __DIR__ . '/inapp.php';
xmlrpc_inapp_register_methods($server);
include_once __DIR__ . '/inapp.php';
xmlrpc_inapp_register_methods($server);
}
if (ALLOW_TEST_ACCOUNTS) {
include_once __DIR__ . '/liblinphone_tester.php';
xmlrpc_liblinphone_tester_register_methods($server);
include_once __DIR__ . '/liblinphone_tester.php';
xmlrpc_liblinphone_tester_register_methods($server);
}
if ($request) {
$options = array('output_type' => 'xml', 'version' => 'auto');
echo xmlrpc_server_call_method($server, $request, null, $options);
$options = array('output_type' => 'xml', 'version' => 'auto');
echo xmlrpc_server_call_method($server, $request, null, $options);
}
?>