. */ header("Access-Control-Allow-Origin: *"); include_once __DIR__ . '/../misc/utilities.php'; include_once __DIR__ . '/../objects/account.php'; include_once __DIR__ . '/../objects/password.php'; include_once __DIR__ . '/authentication.php'; $logger = Logger::getInstance(); if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) { $headers = getallheaders(); $authorization = null; // Get authentication header if there is one if (!empty($headers['Auth-Digest'])) { $logger->debug("Auth-Digest = " . $headers['Auth-Digest']); $authorization = $headers['Auth-Digest']; } elseif (!empty($headers['Authorization'])) { $logger->debug("Authorization = " . $headers['Authorization']); $authorization = $headers['Authorization']; } if (!empty($authorization)) { $authentication_status = authenticate($authorization, AUTH_REALM); if ($authentication_status != null) { Logger::getInstance()->debug("Authentication successful"); } else { Logger::getInstance()->debug("Authentication failed"); request_authentication(AUTH_REALM); } } else { Logger::getInstance()->debug("No authentication header"); request_authentication(AUTH_REALM); } } if (isset($_GET['qrcode']) && $_GET['qrcode'] == 1) { $query = $_GET; $query['qrcode'] = 0; $query_result = http_build_query($query); $data = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?" . $query_result; // https://github.com/tecnickcom/tc-lib-barcode GPLv3 require __DIR__ . '/../vendor/tecnickcom/tc-lib-barcode/resources/autoload.php'; $barcode = new \Com\Tecnick\Barcode\Barcode(); $bobj = $barcode->getBarcodeObj( 'QRCODE,H', // barcode type and additional comma-separated parameters $data, // data string to encode -4, // bar width (use absolute or negative value as multiplication factor) -4, // bar height (use absolute or negative value as multiplication factor) 'black', // foreground color array(-2, -2, -2, -2) // padding (use absolute or negative values as multiplication factors) )->setBackgroundColor('white'); // background color header("Content-Type: text/html; charset=UTF-8"); echo $bobj->getHtmlDiv(); return; } header("Content-Type: application/xml; charset=UTF-8"); $xml = ''; $xml .= ''; $proxy_config_index = 0; $auth_info_index = 0; if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) { $rc_array = parse_ini_file(REMOTE_PROVISIONING_DEFAULT_CONFIG, true); foreach ($rc_array as $section => $values) { $xml .= '

'; if (startswith($section, "proxy_config_")) { $proxy_config_index += 1; } elseif (startswith($section, "auth_info_")) { $auth_info_index += 1; } foreach ($values as $key => $value) { // We need to replace any < or > by < and > or the xml won't be valid ! $value = str_replace("<", "<", $value); $value = str_replace(">", ">", $value); $xml .= '' . $value . ''; } $xml .= '

'; } } $username = isset($_GET['username']) ? $_GET['username'] : null; $domain = isset($_GET['domain']) ? $_GET['domain'] : SIP_DOMAIN; $transport = isset($_GET['transport']) ? $_GET['transport'] : REMOTE_PROVISIONING_DEFAULT_TRANSPORT; if (!empty($username)) { if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) { if ($username != $authentication_status) { $logger->error("User " . $authentication_status . " is trying to impersonate another user: " . $username); header('HTTP/1.1 403 Forbidden: Authenticated username and provisioning username mismatch'); exit(); } } $ha1 = isset($_GET['ha1']) ? $_GET['ha1'] : null; $algo = isset($_GET['algorithm']) ? $_GET['algorithm'] : DEFAULT_ALGORITHM; if (REMOTE_PROVISIONING_ONE_TIME_PASSWORD) { $database = new Database(); $db = $database->getConnection(); $account = new Account($db); $account->username = $username; $account->domain = $domain; if ($account->getOne()) { if (!is_activated($account->activated)) { $password = new Password($db); $password->account_id = $account->id; $password->algorithm = $algo; if ($password->getOne()) { $new_password = generate_password(); $ha1 = hash_password($username, $new_password, $domain, $algo); $password->password = $ha1; if (!$password->update()) { $logger->error("Failed to update password for account id " . $account->id); } } else { $logger->error("Password not found for account id " . $account->id); } $account->activated = "1"; if (!$account->update()) { $logger->error("Failed to activate account id " . $account->id); } } else { $logger->message("Account id " . $account->id . " is already activated"); } } } $xml .= '

'; $xml .= '<sip:' . $username . '@' . $domain . '>'; $xml .= '<sip:' . $domain . ';transport=' . $transport . '>'; $xml .= '<sip:' . $domain . ';transport=' . $transport . '>'; $xml .= '1'; $xml .= '

'; if (!empty($ha1)) { $xml .= '

'; $xml .= '' . $username . ''; $xml .= '' . $ha1 . ''; $xml .= '' . $domain . ''; $xml .= '' . $algo . ''; $xml .= '

'; } } $xml .= ''; http_response_code(200); echo $xml;