diff --git a/phplib/local.inc b/phplib/local.inc
index bc0e71b..9694037 100644
--- a/phplib/local.inc
+++ b/phplib/local.inc
@@ -1,1549 +1,1566 @@
register("challenge");
if (!$challenge) {
$challenge = md5(uniqid($this->magic));
}
$query=sprintf("select * from spam where ip = '%s'", addslashes($_SERVER['REMOTE_ADDR']));
$this->db->query($query);
if ($this->db->num_rows()) {
$this->db->next_record();
$spam_login_ip = $this->db->f('ip');
$spam_login_tries = $this->db->f('tries');
$spam_login_stamp = $this->db->f('stamp');
$next_try = $spam_login_stamp+120;
$remains = $next_try-time();
$next_try = Date("Y-m-d H:i:s", $next_try);
$now = Date("Y-m-d H:i:s", time());
}
if ($remains < 0) {
$query=sprintf("delete from spam where ip = '%s'", addslashes($spam_login_ip));
if ($this->db->query($query)) {
unset($spam_login_tries);
}
}
if ($spam_login_tries < $max_login_attempts) {
$title="Login";
if (is_readable("/etc/cdrtool/local/header.phtml")) {
include("/etc/cdrtool/local/header.phtml");
} else {
include("$CDRTool[Path]/header.phtml");
}
$layout = new pageLayoutLocal();
$layout->showLoginForm($this);
$layout->showFooter();
} else {
if ($spam_login_tries == $max_login_attempts) {
$log_time=Date("Y-m-d H:i:s", time());
$log_query=sprintf(
"insert into log (date,login,ip,description,results) values ('%s','%s','%s','%s attempts to wrong login', 'IP blocked until %s')",
addslashes($log_time),
addslashes($username),
addslashes($_SERVER['REMOTE_ADDR']),
addslashes($spam_login_tries),
addslashes($next_try)
);
$this->db->query($log_query);
}
$new_stamp=time();
$query=sprintf(
"update spam set tries = tries + 1 where ip = '%s' ",
addslashes($_SERVER['REMOTE_ADDR'])
);
$this->db->query($query);
print "
The current time on this system is $now.
Too many wrong attempts to login, wait until $next_try (over $remains seconds) and try again.
If you forgot your password please contact your system administrator for obtaining a new one.
";
exit;
}
}
function auth_validatelogin()
{
global $d_cli, $d_card, $prepaid_login, $cust_form, $codeFilter, $aNumberFilter,$login_for;
global $CDRTool;
global $otp_error, $otpasswd;
global $verbose;
global $DATASOURCES;
$username = isset($_POST["username"]) ? $_POST["username"] : '';
$sendotp = isset($_POST["sendotp"]) ? $_POST["sendotp"] : '';
$password = isset($_POST["password"]) ? $_POST["password"] : '';
$challenge = isset($_POST["challenge"]) ? $_POST["challenge"] : '';
$response = isset($_POST["response"]) ? $_POST["response"] : '';
$response_ha1 = isset($_POST["response_ha1"]) ? $_POST["response_ha1"] : '';
$REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
//dprint_r("response: $response");
require_once 'PEAR.php';
if ($username) {
$this->auth["uname"]=$username; ## This provides access for "loginform.ihtml"
}
$uid = false;
if ($username) {
$username = trim($username);
if (preg_match ("/\@/",$username)) {
$a = explode("@", $username);
$domainAuth = new DomainAuthLocal();
$ret=$domainAuth->validate($a[0], $a[1], $password, $response_ha1, $otp_yubikey);
//dprint("here");
//dprint_r($ret);
if ($ret[0]) {
foreach ($ret[2] as $allowedDS) {
$CDRTool[dataSourcesAllowed][]=$allowedDS;
}
if ($ret[1] == "subscriber") {
$CDRTool[filter][aNumber] = $username;
$this->auth["perm"] = "callsearch,statistics,showPrice,showCallerId";
} else {
$CDRTool[filter][domain] = $a[1];
$this->auth["perm"] = "callsearch,statistics,showPrice,showCallerId";
}
}
return $ret[0];
} else {
$query = sprintf(
"select * from auth_user where (username = '%s' or (yubikey='%s' and yubikey !='')) and expire > NOW()",
addslashes($username),
addslashes($yubi_id)
);
$this->db->query($query);
$this->db->next_record();
$otp_enabled_db = $this->db->f('otp_enable');
$otp_email = $this->db->f('email');
$otp_tel = $this->db->f('tel');
$otp_passwd = $this->db->f('otp_passwd');
$otp_passwd_md5 = md5($this->db->f('otp_passwd'));
if ($sendotp) {
if ($otp_email || $otp_tel) {
$interval="15";
print "
Sending OneTimePassword ";
$random_otp = random_passwd_gen();
$expire_otp = date("Y-m-d H:i:s", mktime(date("H"), date("i") + $interval, 0, date("m") ,date("d"), date("Y")));
$update = sprintf(
"UPDATE auth_user SET otp_passwd='%s', otp_expire = '%s' WHERE username = '%s'",
addslashes($random_otp),
addslashes($expire_otp),
addslashes($username)
);
if ($this->db->query($update)) {
if ($otp_email) {
$body=sprintf("%s valid until %s CET (GMT+1) requested from %s", $random_otp, $expire_otp, $_SERVER['REMOTE_ADDR']);
mail($otp_email, "OTP for CDRTool", $body, "From: support@ag-projects.com");
}
if ($otp_tel) {
$body = sprintf("Password is %s valid until %s CET (GMT+1) from %s", $random_otp, $expire_otp, $_SERVER['REMOTE_ADDR']);
$otp_tel=preg_replace("/[^0-9+]/", "", $otp_tel);
otp_sms($otp_tel, $body, "1");
}
print "
Password will expire at: $expire_otp (in $interval minutes)
";
}
} else {
print "
No OTP recipient exists for this account. ";
}
}
$this->db->query(
sprintf(
"SELECT *,UNIX_TIMESTAMP(otp_expire) as timestamp_otp, UNIX_TIMESTAMP() as timestamp_now FROM %s
WHERE (username = '%s' OR (yubikey='%s' AND yubikey != '')) AND expire > NOW()",
addslashes($this->database_table),
addslashes($username),
addslashes($yubi_id)
)
);
$this->db->next_record();
$uid = $this->db->f("user_id");
$perm = $this->db->f("perms");
$yubikey = $this->db->f("yubikey");
$auth_method = $this->db->f("auth_method");
$user_db = $this->db->f("username");
$aclFilter = array();
foreach (explode(" ", $this->db->f("aclFilter")) as $ip) {
$ip = trim($ip);
if ($ip) {
$aclFilter[] = $ip;
}
}
$acl_filter = false;
if ($aclFilter) {
$acl_filter = true;
foreach ($aclFilter as $f) {
if (startsWith($_SERVER['REMOTE_ADDR'], $f)) {
$acl_filter = false;
break;
}
}
}
if ($acl_filter) {
$log = sprintf("CDRTool login with username %s using method %s from IP %s denied by ACL", $username, $auth_method, $_SERVER['REMOTE_ADDR']);
syslog(LOG_NOTICE, $log);
return false;
}
if ($CDRTool['provider']['clear_text_passwords'] != 1) {
// Update hashed pass if none set and we need hashed ones
if ($this->db->f("password_hashed") == '' && $this->db->f("password") != '') {
$newpassmd5=md5($this->db->f("password"));
$this->db->query(
sprintf(
"UPDATE %s SET password_hashed='%s', password='' WHERE username='%s'",
addslashes($this->database_table),
addslashes($newpassmd5),
addslashes($username)
)
);
$pass = $newpassmd5;
$pass_md5 = $newpassmd5;
} else {
$pass = $this->db->f("password_hashed");
$pass_md5 = $this->db->f("password_hashed");
}
} else {
$pass = $this->db->f("password");
$pass_md5 = md5($this->db->f("password"));
}
$otp_passwd = $this->db->f("otp_passwd");
if (strlen($this->db->f('otp_passwd'))) {
$otp_passwd_md5 = md5($this->db->f('otp_passwd'));
} else {
$otp_passwd_md5 = "garbage";
}
$timestamp_otp = $this->db->f("timestamp_otp");
$timestamp_now = $this->db->f("timestamp_now");
$CDRTool['loginName'] = $this->db->f("name");
$CDRTool['loginEmail'] = $this->db->f("email");
$_dataSourcesAllowed = explode(",", $this->db->f("sources"));
$_datasourceDefined = array_keys($DATASOURCES);
$CDRTool['dataSourcesAllowed'] = array_intersect($_dataSourcesAllowed, $_datasourceDefined);
// limits per CDRTool login account
$CDRTool['filter']['user_id'] = $this->db->f("user_id");
$CDRTool['filter']['aNumber'] = $this->db->f('aNumberFilter');
$CDRTool['filter']['displayA'] = $this->db->f('display_cli');
$CDRTool['filter']['domain'] = $this->db->f('domainFilter');
$CDRTool['filter']['gateway'] = $this->db->f('gatewayFilter');
$CDRTool['filter']['compid'] = $this->db->f('compidFilter');
$CDRTool['filter']['cscode'] = $this->db->f('cscodeFilter');
if (preg_match("/^(\d+)\.(\d+)$/", $this->db->f('impersonate'), $m)) {
$CDRTool['filter']['customer'] = $m[1];
$CDRTool['filter']['reseller'] = $m[2];
} else if (preg_match("/^(\d+)$/", $this->db->f('impersonate'), $m)) {
$CDRTool['filter']['customer'] = $m[1];
$CDRTool['filter']['reseller'] = $m[1];
} else {
$CDRTool['filter']['customer'] = '';
$CDRTool['filter']['reseller'] = '';
}
$CDRTool['impersonate'] = $this->db->f('impersonate');
if ($this->db->f('afterDateFilter') && $this->db->f('afterDateFilter') != "0000-00-00") {
$CDRTool['filter']['after_date']=$this->db->f('afterDateFilter');
}
if ($CDRTool['filter']['customer']) {
// get soap credentials from NGNPro database
global $soapEngines ;
require_once('SOAP/Client.php');
require("/etc/cdrtool/ngnpro_engines.inc");
require_once("ngnpro_soap_library.php");
$this->SOAPlogin=array(
"username" => $soapEngines[$CDRTool['ngnpro_reseller_engine']]['username'],
"password" => $soapEngines[$CDRTool['ngnpro_reseller_engine']]['password'],
"admin" => true
);
$this->SoapAuth = array('auth', $this->SOAPlogin , 'urn:AGProjects:NGNPro', 0, '');
$this->CustomerPort = new WebService_NGNPro_CustomerPort($soapEngines[$CDRTool['ngnpro_reseller_engine']]['url']);
$this->CustomerPort->setOpt('curl', CURLOPT_TIMEOUT, 5);
$this->CustomerPort->setOpt('curl', CURLOPT_SSL_VERIFYPEER, 0);
$this->CustomerPort->setOpt('curl', CURLOPT_SSL_VERIFYHOST, 0);
$filter = array('customer' => intval($CDRTool['filter']['customer']));
$range = array('start' => 0,'count' => 1);
$orderBy = array('attribute' => 'customer', 'direction' => 'ASC');
$Query=array('filter' => $filter,'orderBy' => $orderBy,'range' => $range);
// Call function
$this->CustomerPort->addHeader($this->SoapAuth);
$result = $this->CustomerPort->getCustomers($Query);
if ((new PEAR)->isError($result)) {
$error_msg = $result->getMessage();
$error_fault= $result->getFault();
$error_code = $result->getCode();
$log = sprintf(
"SOAP request error from %s: %s (%s): %s",
$this->SoapEngine->SOAPurl,
$error_msg,
$error_fault->detail->exception->errorcode,
$error_fault->detail->exception->errorstring
);
syslog(LOG_NOTICE, $log);
} else {
if (count($result->accounts) == 1) {
if ($result->accounts[0]->impersonate) {
// get the credentials of the impersonate field
$filter = array('customer' => intval($result->accounts[0]->impersonate), 'reseller' => intval($result->accounts[0]->reseller));
$range = array('start' => 0,'count' => 1);
$orderBy = array('attribute' => 'customer', 'direction' => 'ASC');
$Query=array('filter' => $filter,'orderBy' => $orderBy,'range' => $range);
// Call function
$this->CustomerPort->addHeader($this->SoapAuth);
$result = $this->CustomerPort->getCustomers($Query);
if ((new PEAR)->isError($result)) {
$error_msg = $result->getMessage();
$error_fault= $result->getFault();
$error_code = $result->getCode();
$log = sprintf(
"SOAP request error from %s: %s (%s): %s",
$this->SoapEngine->SOAPurl,
$error_msg,
$error_fault->detail->exception->errorcode,
$error_fault->detail->exception->errorstring
);
syslog(LOG_NOTICE, $log);
} else {
if (count($result->accounts) == 1) {
$CDRTool["soap_username"] = $result->accounts[0]->username;
$CDRTool["soap_password"] = $result->accounts[0]->password;
} else {
print "
Error retrieving customer data from the provisioning server, there is no such impersonate id. ";
}
}
} else {
$CDRTool["soap_username"] = $result->accounts[0]->username;
$CDRTool["soap_password"] = $result->accounts[0]->password;
}
} else {
print "
Error retrieving customer data from the provisioning server, there is no such customer id. ";
}
}
}
$expected_response = md5("$username:$pass_md5:$challenge");
$expect_otp=md5("$username:$otp_passwd_md5:$challenge");
//print_r($result);
## True when JS is disabled
if ($response == "") {
if ($CDRTool['provider']['clear_text_passwords']!= 1) {
$password=md5($password);
}
if ($password == $pass
|| ($password == $otp_passwd && $timestamp_otp > $timestamp_now)
) {
$log=sprintf("CDRTool login with username %s using method %s from IP %s", $username, $auth_method, $_SERVER['REMOTE_ADDR']);
syslog(LOG_NOTICE, $log);
if ($this->db->f("yubikey") == '' && $otp_yubikey != '') {
$this->db->query(
sprintf(
"UPDATE %s SET yubikey='%s' WHERE username='%s'",
addslashes($this->database_table),
addslashes($otp_yubikey),
addslashes($username)
)
);
}
$this->auth["perm"] = $perm;
return $uid;
} else {
return false;
}
} else {
## Response is set, JS is enabled
// we check if either otp or normal password match
//print "
$response == $expected_response
$response == $expect_otp";
if ($expected_response == $response
|| ($response == $expect_otp && $timestamp_otp > $timestamp_now)
) {
$log=sprintf("CDRTool login with username %s using method %s from IP %s", $username, $auth_method, $_SERVER['REMOTE_ADDR']);
syslog(LOG_NOTICE, $log);
if ($this->db->f("yubikey") == '' && $otp_yubikey != '') {
$this->db->query(
sprintf(
"UPDATE %s SET yubikey='%s' WHERE username='%s'",
addslashes($this->database_table),
addslashes($otp_yubikey),
addslashes($username)
)
);
}
$this->auth["perm"] = $perm;
return $uid;
} else {
return false;
}
}
}
}
}
}
class CDRTool_Perm extends Perm
{
public $classname = "CDRTool_Perm";
public $permissions = array(
"admin" => 1,
"callsearch" => 2,
"statistics" => 4,
"sqlquery" => 8,
"soapclient" => 16,
"rates" => 32,
"showCallerId" => 64,
"showPrice" => 128,
"provisioning" => 256,
"readonly" => 512,
"sessions" => 1024
);
function perm_invalid($does_have, $must_have)
{
global $perm, $auth, $sess;
global $_PHPLIB;
include($_PHPLIB["libdir"] . "perminvalid.phtml");
}
}
class SIP_Subscriber_Session extends Session
{
public $classname = "SIP_Subscriber_Session";
public $auto_init = "SIP_setup.inc";
public $cookiename = "SIPCookie2"; ## defaults to classname
public $magic = "3333jhjjjss13"; ## ID seed
public $mode = "cookie"; ## We propagate session IDs with cookies
public $fallback_mode = "get";
public $allowcache = "public";
public $lifetime = 0; ## 0 = do session cookies, else minutes
public $that_class = "CDRTool_CT_Sql"; ## name of data storage container
public $gc_probability = 5;
}
class SIP_Subscriber_Auth extends Auth
{
// use this auth for SIP accounts
public $classname = "SIP_Subscriber_Auth";
public $lifetime = 0;
public $magic = "d66mmmg111dsgzz"; ## Challenge seed
function auth_loginform()
{
global $sess;
global $max_login_attempts;
$username = $_POST["username"];
$password = $_POST["password"];
$challenge = $_POST["challenge"];
$step = $_POST["step"];
$REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
$yubikey_p = $_POST['yubikey'];
$sess->register("challenge");
if (!$challenge) {
$challenge = md5(uniqid($this->magic));
}
include("sip_login.phtml");
}
function auth_validatelogin()
{
global $SIP;
$username = isset($_POST["username"]) ? $_POST["username"] : '';
$password = isset($_POST["password"]) ? $_POST["password"] : '';
$challenge = isset($_POST["challenge"]) ? $_POST["challenge"] : '';
$response = isset($_POST["response"]) ? $_POST["response"] : '';
$response_ha1= isset($_POST["response_ha1"]) ? $_POST["response_ha1"] : '';
require_once 'PEAR.php';
if ($username) {
$this->auth["uname"] = $username;
}
$a = explode("@", $username);
$domain = $a[1];
if (count($a) != 2) {
return false;
}
global $domainFilters, $resellerFilters, $soapEngines ;
require_once('SOAP/Client.php');
require("/etc/cdrtool/ngnpro_engines.inc");
require_once("ngnpro_soap_library.php");
$SIP['account'] = $username;
if ($domainFilters[$domain]['sip_engine']) {
$SIP['engine'] = $domainFilters[$domain]['sip_engine'];
} else if ($domainFilters['default']['sip_engine']) {
$SIP['engine'] = $domainFilters['default']['sip_engine'];
} else {
print "Error: cannot authenticate SIP subscriber, no domainFilter defined in ngnpro_engines.inc";
return false;
}
$this->SOAPlogin=array(
"username" => $soapEngines[$SIP['engine']]['username'],
"password" => $soapEngines[$SIP['engine']]['password'],
"admin" => true
);
$this->SoapAuth = array('auth', $this->SOAPlogin , 'urn:AGProjects:NGNPro', 0, '');
$this->SipPort = new WebService_NGNPro_SipPort($soapEngines[$SIP['engine']]['url']);
$this->SipPort->setOpt('curl', CURLOPT_TIMEOUT, 5);
$this->SipPort->setOpt('curl', CURLOPT_SSL_VERIFYPEER, 0);
$this->SipPort->setOpt('curl', CURLOPT_SSL_VERIFYHOST, 0);
$this->SipPort->addHeader($this->SoapAuth);
$result = $this->SipPort->getAccount(array("username" =>$a[0],"domain" =>$domain));
if ((new PEAR)->isError($result)) {
$error_msg = $result->getMessage();
$error_fault= $result->getFault();
$error_code = $result->getCode();
$log = printf(
"SOAP error from %s (SipPort): %s (%s): %s",
$soapEngines[$SIP['engine']]['url'],
$error_msg,
$error_fault->detail->exception->errorcode,
$error_fault->detail->exception->errorstring
);
syslog(LOG_NOTICE, $log);
return false;
}
//dprint_r($result->properties);
$web_password='';
foreach ($result->properties as $_property) {
if ($_property->name == 'web_password') {
$web_password=$_property->value;
break;
}
if ($_property->name == 'yubikey') {
$yubikey=$_property->value;
break;
}
}
if (!$web_password) $web_password = $result->password;
$pass_md5 = md5($web_password);
$expected_response = md5("$username:$pass_md5:$challenge");
$SIP['customer'] = $result->customer;
$SIP['reseller'] = $result->reseller;
$parts = explode(':', $pass_md5);
dprint_r($result);
dprint($expected_response);
dprint($parts['0']);
if ($result->ha1 && $result->ha1 == $response_ha1) {
$log=sprintf("SIP settings page: %s logged in from %s", $username, $_SERVER['REMOTE_ADDR']);
syslog(LOG_NOTICE, $log);
return true;
}
if ($pass_md5 && $parts[0] == $response_ha1) {
$log=sprintf("SIP settings page: %s logged in from %s", $username, $_SERVER['REMOTE_ADDR']);
syslog(LOG_NOTICE, $log);
return true;
}
if ($expected_response == $response) {
$log=sprintf("SIP settings page: %s logged in from %s", $username, $_SERVER['REMOTE_ADDR']);
syslog(LOG_NOTICE, $log);
return true;
}
return false;
}
}
function otp_sms($tel, $message, $hideoutput)
{
$tel=preg_replace("/[^0-9]/", "", $tel);
$tel="+".$tel;
$message = substr($message, 0, 135);
if (!$tel || !$message) {
return 0;
}
$cmd="/usr/bin/sms --destination $tel --message \"$message\"";
exec($cmd, $output, $returnCode);
if ($returnCode == "0") {
if (!$hideoutput) {
print "
";
printf(_("SMS sent succesfully to %s. "), $tel);
}
} else {
print "
";
print "";
print "OTP ";
print _("Error");
}
}
function random_passwd_gen()
{
# Calculating random password
$alf=array("a","b","c","d","e","f",
"h","i","j","k","l","m",
"n","p","r","s","t","w",
"x","y","1","2","3","4",
"5","6","7","8","9");
while ($i < 5) {
srand((double)microtime() * 1000000);
$randval = rand(0, 28);
$random_otp="$random_otp"."$alf[$randval]";
$i++;
}
return $random_otp;
}
function is_cli()
{
return defined('STDIN')
|| php_sapi_name() === "cli"
|| (stristr(PHP_SAPI, 'cgi') && getenv('TERM'))
|| (empty($_SERVER['REMOTE_ADDR']) && !isset($_SERVER['HTTP_USER_AGENT']) && count($_SERVER['argv']) > 0);
}
function dprint($msg = "")
{
global $verbose;
global $browserLogger;
if ($verbose) {
if (is_cli()) {
print "$msg\n";
} else {
$browserLogger->debug($msg);
//print " $msg\n";
}
}
}
+function object_to_array($object) {
+ if (is_object($object)) {
+ return array_map(__FUNCTION__, get_object_vars($object));
+ } else if (is_array($object)) {
+ return array_map(__FUNCTION__, $object);
+ } else {
+ return $object;
+ }
+}
+
function dprint_r($obj)
{
global $verbose;
+ global $browserLogger;
if ($verbose) {
- print "
\n";
- print_r($obj);
- print "
\n";
+ if (is_cli()) {
+ print "
\n";
+ print_r($obj);
+ print "
\n";
+ } else {
+ $array = json_decode(json_encode($obj), true);
+ $array = get_object_vars($obj);
+ $browserLogger->debug('Object:', object_to_array($obj));
+ }
}
}
function dprint_sql($sql = "")
{
global $verbose;
require_once('SqlFormatter.php');
if ($verbose) {
echo SqlFormatter::format($sql);
}
}
function iso8859_1_to_utf8($s)
{
$s .= $s;
$len = \strlen($s);
for ($i = $len >> 1, $j = 0; $i < $len; ++$i, ++$j) {
switch (true) {
case $s[$i] < "\x80": $s[$j] = $s[$i]; break;
case $s[$i] < "\xC0": $s[$j] = "\xC2"; $s[++$j] = $s[$i]; break;
default: $s[$j] = "\xC3"; $s[++$j] = \chr(\ord($s[$i]) - 64); break;
}
}
return substr($s, 0, $j);
}
function checkEmail($email)
{
global $verbose;
dprint("checkEmail($email)");
if (stristr($email, "-.")
|| !preg_match("/^[a-zA-Z0-9][a-zA-Z0-9_.-]*@([a-zA-Z0-9][a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}$/i", $email)
) {
return 0;
}
return 1;
}
function checkSipAccount($account)
{
$regexp = "/^\+?[a-zA-Z0-9_\-\.]+@[a-zA-Z0-9_\-\.]/i";
dprint($regexp);
if (!preg_match($regexp, $account)) {
return false;
}
return true;
}
class OpenSIPS_DomainAuth
{
function OpenSIPS_DomainAuth()
{
$this->userDB = new DB_opensips;
$this->allowedDataSourcesSubscriber = array('opensips_radius','sip_trace','media_trace');
}
function validate($user, $domain, $password)
{
$ha1 = md5($user. ':' . $domain . ':' . $password);
$query = sprintf(
"SELECT * FROM subscriber WHERE username = '%s' AND domain = '%s' AND (password = '%s' or ha1 = '%s') ",
addslashes($user),
addslashes($domain),
addslashes($password),
addslashes($ha1)
);
if ($this->userDB->query($query)) {
$this->userDB->next_record();
$uid = $this->userDB->f('username');
if ($uid) {
return array($uid, "subscriber", $this->allowedDataSourcesSubscriber);
}
}
}
}
class SipThor_DomainAuth
{
function SipThor_DomainAuth()
{
$this->userDB = new DB_sipthor;
$this->allowedDataSourcesSubscriber = array('sipthor','sip_trace_thor','media_trace_thor');
}
function validate($user, $domain, $password, $response, $otp_yubikey)
{
$query = sprintf(
"SELECT * FROM sip_accounts WHERE username = '%s' AND domain = '%s'",
addslashes($user),
addslashes($domain)
);
require_once 'PEAR.php';
if ($this->userDB->query($query)) {
$this->userDB->next_record();
$profile = json_decode($this->userDB->f('profile'), 'true');
$check_password = $profile['password'];
$check_password_ha1=$profile['ha1'];
if ($profile['properties']['web_password']) {
$web_pass=$profile['properties']['web_password'];
if (strstr($web_pass, ":")) {
$split = explode(":", $web_pass);
//if (preg_match('/^[a-f0-9]{32}$/', split[0])) {
$check_web_password=$split[0];
//}
} else {
$check_web_password = $profile['properties']['web_password'];
}
}
$check_password_md5 = md5("$check_password");
$expected_response_pass = md5("$user:$domain:$check_password");
$expected_response_pass_ha1 = md5("$user:$domain:$check_password_ha1");
$expected_response_web = $check_password;
//dprint($expected_response_pass_ha1);
if ($expected_response_pass == $response) {
$uid = $this->userDB->f('username');
if ($uid) {
return array($uid, "subscriber", $this->allowedDataSourcesSubscriber);
}
} else if ($check_password == $password) {
$uid = $this->userDB->f('username');
if ($uid) {
return array($uid, "subscriber", $this->allowedDataSourcesSubscriber);
}
} else if ($expected_response_web == $response) {
$uid = $this->userDB->f('username');
if ($uid) {
return array($uid, "subscriber", $this->allowedDataSourcesSubscriber);
}
} else if ($expected_response_pass_ha1 == $response) {
$uid = $this->userDB->f('username');
if ($uid) {
return array($uid, "subscriber", $this->allowedDataSourcesSubscriber);
}
}
}
}
}
class pageLayout
{
function showLoginForm(&$parentAuth)
{
global $username, $otp_error, $CDRTool;
$auth = $parentAuth;
$username = $auth->auth["uname"];
print "
";
$url = $auth->url();
print "
";
}
function showLegalNotice()
{
global $loginname, $CDRTool;
$CDRTool_company = $CDRTool['provider']['name'];
$legalNotice="Legal Notice".
"\n\n".
"This software is intended for the use of $CDRTool_company, ".
"resellers of $CDRTool_company and the customers of $CDRTool_company. ".
"The use of this software by any natural or legal person that does ".
"not belong to $CDRTool_company, its Resellers or is a not a ".
"customer of $CDRTool_company or its resellers is therefore ".
"expressly prohibited.".
"\n\n".
"All the information stored on, and accessible through this software ".
"are personal data protected as such by international and domestic ".
"legislation relating to the processing of personal data and ".
"the protection of the right to privacy. For these reasons: ".
"1. This software shall exclusively be used to the extent that it ".
"is necessary for the provision of services to $CDRTool_company ".
"customers and its resellers; ".
"2. No information displayed on, and accessible through this software ".
"shall be communicated to any natural or legal person outside ".
"$CDRTool_company and its resellers, without prejudice to the ".
"possibility for competent authorities (namely government bodies, ".
"courts, regulatory authorities) to be informed of billing or ".
"traffic data in conformity with the applicable legislation. ".
"\n\n";
$loginName=$CDRTool['loginName'];
$this->hasAGProjectslogo=1;
print "
Terms and conditions
";
}
function showFooter()
{
global $CDRTool;
if (!$CDRTool['filter']['aNumber'] && !$this->hasAGProjectslogo) {
$thisYear = date("Y", time());
print "