The current time on this system is $now.

Too many wrong attempts to login, wait until $next_try (over $remains seconds) and try again.

If you forgot your password please contact your system administrator for obtaining a new one. "; exit; } } function auth_validatelogin() { global $d_cli, $d_card, $prepaid_login, $cust_form, $codeFilter, $aNumberFilter,$login_for; global $CDRTool; global $otp_error, $otpasswd; global $verbose; global $DATASOURCES; $username = $_POST["username"]; $sendotp = $_POST["sendotp"]; $password = $_POST["password"]; $challenge = $_POST["challenge"]; $response = $_POST["response"]; $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"]; if(isset($username)) { $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml" } $uid = false; if ($username) { $username=trim($username); if (preg_match ("/\@/",$username)) { $a=explode("@",$username); $domainAuth = new DomainAuthLocal(); $ret=$domainAuth->validate($a[0],$a[1],$password); if ($ret[0]) { foreach ($ret[2] as $allowedDS) { $CDRTool[dataSourcesAllowed][]=$allowedDS; } if ($ret[1] == "subscriber") { $CDRTool[filter][aNumber] = $username; $this->auth["perm"] = "callsearch,statistics,showPrice,showCallerId"; } else { $CDRTool[filter][domain] = $a[1]; $this->auth["perm"] = "callsearch,statistics,showPrice,showCallerId"; } } return $ret[0]; } else { $username_sql=addslashes($username); $this->db->query("select * from auth_user where username = '$username_sql' and expire > NOW()"); $this->db->next_record(); $otp_enabled_db =$this->db->f('otp_enable'); $otp_email =$this->db->f('email'); $otp_tel =$this->db->f('tel'); $otp_passwd =$this->db->f('otp_passwd'); $otp_passwd_md5 =md5($this->db->f('otp_passwd')); if ($sendotp) { if ($otp_email || $otp_tel) { $interval="15"; print "

Sending OneTimePassword "; $random_otp=random_passwd_gen(); $expire_otp= date("Y-m-d H:i:s", mktime(date("H"),date("i")+$interval,0,date("m") ,date("d"),date("Y"))); $update="update auth_user set otp_passwd='$random_otp', otp_expire = '$expire_otp' where username = '$username_sql' "; if ($this->db->query($update)) { if ($otp_email) { $body=sprintf("%s valid until %s CET (GMT+1) requested from %s",$random_otp,$expire_otp,$_SERVER['REMOTE_ADDR']); mail($otp_email, "OTP for CDRTool", $body, "From: support@ag-projects.com"); } if ($otp_tel) { $body=sprintf("Password is %s valid until %s CET (GMT+1) from %s",$random_otp,$expire_otp,$_SERVER['REMOTE_ADDR']); $otp_tel=preg_replace("/[^0-9+]/","",$otp_tel); otp_sms($otp_tel, $body,"1"); } print "

Password will expire at: $expire_otp (in $interval minutes)
"; } } else { print "

No OTP recipient exists for this account. "; } } $this->db->query(sprintf(" select *,UNIX_TIMESTAMP(otp_expire) as timestamp_otp , UNIX_TIMESTAMP() as timestamp_now ". " from %s ". " where username = '%s' " . " and expire > NOW() " , $this->database_table, addslashes($username))); $this->db->next_record(); $uid = $this->db->f("user_id"); $perm = $this->db->f("perms"); $pass = $this->db->f("password"); $pass_md5 = md5($this->db->f("password")); $otp_passwd = $this->db->f("otp_passwd"); if (strlen($this->db->f('otp_passwd'))) { $otp_passwd_md5 =md5($this->db->f('otp_passwd')); } else { $otp_passwd_md5="garbage"; } $timestamp_otp = $this->db->f("timestamp_otp"); $timestamp_now = $this->db->f("timestamp_now"); $CDRTool['loginName'] = $this->db->f("name"); $CDRTool['loginEmail'] = $this->db->f("email"); $_dataSourcesAllowed = explode(",",$this->db->f("sources")); $_datasourceDefined = array_keys($DATASOURCES); $CDRTool['dataSourcesAllowed'] = array_intersect($_dataSourcesAllowed,$_datasourceDefined); // limits per CDRTool login account $CDRTool['filter']['user_id'] = $this->db->f("user_id"); $CDRTool['filter']['aNumber'] = $this->db->f('aNumberFilter'); $CDRTool['filter']['displayA'] = $this->db->f('display_cli'); $CDRTool['filter']['domain'] = $this->db->f('domainFilter'); $CDRTool['filter']['gateway'] = $this->db->f('gatewayFilter'); $CDRTool['filter']['compid'] = $this->db->f('compidFilter'); $CDRTool['filter']['cscode'] = $this->db->f('cscodeFilter'); if (preg_match("/^(\d+)\.(\d+)$/",$this->db->f('impersonate'),$m)) { $CDRTool['filter']['reseller'] = $m[2]; } else if (preg_match("/^(\d+)$/",$this->db->f('impersonate'),$m)) { $CDRTool['filter']['reseller'] = $m[1]; } else { $CDRTool['filter']['reseller'] = ''; } $CDRTool['impersonate'] = $this->db->f('impersonate'); if ($this->db->f('only_after_date') && $this->db->f('only_after_date') != "0000-00-00") { $CDRTool[filter][after_date]=$this->db->f('only_after_date'); } $expected_response = md5("$username:$pass_md5:$challenge"); $expect_otp=md5("$username:$otp_passwd_md5:$challenge"); ## True when JS is disabled if ($response == "") { if ($password == $pass || ($password == $otp_passwd && $timestamp_otp > $timestamp_now)) { $this->auth["perm"] = $perm; return $uid; } else { return false; } } else { ## Response is set, JS is enabled // we check if either otp or normal password match //print "

$response == $expected_response

$response == $expect_otp"; if ($expected_response == $response || ($response == $expect_otp && $timestamp_otp > $timestamp_now)) { $this->auth["perm"] = $perm; return $uid; } else { return false; } } } } } } class CDRTool_Perm extends Perm { var $classname = "CDRTool_Perm"; var $permissions = array( "admin" => 1, "callsearch" => 2, "statistics" => 4, "sqlquery" => 8, "soapclient" => 16, "rates" => 32, "showCallerId" => 64, "showPrice" => 128, "provisioning" => 256, "readonly" => 512 ); function perm_invalid($does_have, $must_have) { global $perm, $auth, $sess; global $_PHPLIB; include($_PHPLIB["libdir"] . "perminvalid.phtml"); } } class SIP_Subscriber_Session extends Session { var $classname = "SIP_Subscriber_Session"; var $auto_init = "SIP_setup.inc"; var $cookiename = "SIPCookie2"; ## defaults to classname var $magic = "3333jhjjjss13"; ## ID seed var $mode = "cookie"; ## We propagate session IDs with cookies var $fallback_mode = "get"; var $allowcache = "public"; var $lifetime = 0; ## 0 = do session cookies, else minutes var $that_class = "CDRTool_CT_Sql"; ## name of data storage container var $gc_probability = 5; } class SIP_Subscriber_Auth extends Auth { // use this auth for SIP accounts var $classname = "SIP_Subscriber_Auth"; var $lifetime = 0; var $magic = "d66mmmg111dsgzz"; ## Challenge seed function auth_loginform() { global $sess; global $max_login_attempts; $username = $_POST["username"]; $password = $_POST["password"]; $challenge = $_POST["challenge"]; $step = $_POST["step"]; $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"]; $sess->register("challenge"); if (!$challenge) { $challenge = md5(uniqid($this->magic)); } include("sip_login.phtml"); } function auth_validatelogin() { global $SIP; $username = $_POST["username"]; $password = $_POST["password"]; $challenge = $_POST["challenge"]; $response = $_POST["response"]; if(isset($username)) { $this->auth["uname"]=$username; } $a=explode("@",$username); $domain= $a[1]; if (count($a) !=2 ) return false; global $domainFilters, $resellerFilters, $soapEngines ; require_once('SOAP/Client.php'); require("/etc/cdrtool/ngnpro_engines.inc"); require_once("ngnpro_soap_library.php"); $SIP['account'] = $username; if ($domainFilters[$domain]['sip_engine']) { $SIP['engine'] = $domainFilters[$domain]['sip_engine']; } else if ($domainFilters['default']['sip_engine']) { $SIP['engine']=$domainFilters['default']['sip_engine']; } else { print "Error: cannot authenticate SIP subscriber, no domainFilter defined in ngnpro_engines.inc"; return false; } printf ("Engine=%s",$SIP['engine']); $this->SOAPlogin=array( "username" => $soapEngines[$SIP['engine']]['username'], "password" => $soapEngines[$SIP['engine']]['password'], "admin" => true ); $this->SoapAuth = array('auth', $this->SOAPlogin , 'urn:AGProjects:NGNPro', 0, ''); $this->SipPort = new WebService_NGNPro_SipPort($soapEngines[$SIP['engine']]['url']); $this->SipPort->setOpt('curl', CURLOPT_TIMEOUT, 5); $this->SipPort->setOpt('curl', CURLOPT_SSL_VERIFYPEER, 0); $this->SipPort->setOpt('curl', CURLOPT_SSL_VERIFYHOST, 0); $this->SipPort->addHeader($this->SoapAuth); $result = $this->SipPort->getAccount(array("username" =>$a[0],"domain" =>$domain)); if (PEAR::isError($result)) { $error_msg = $result->getMessage(); $error_fault= $result->getFault(); $error_code = $result->getCode(); printf ("

Error from %s (SipPort): %s (%s): %s",$soapEngines[$SIP['engine']]['url'],$error_msg, $error_fault->detail->exception->errorcode,$error_fault->detail->exception->errorstring); return false; } $pass_md5 = md5($result->password); $expected_response = md5("$username:$pass_md5:$challenge"); $SIP['customer'] = $result->customer; $SIP['reseller'] = $result->reseller; if ($expected_response == $response) { return true; } else { return false; } } } function otp_sms($tel,$message,$hideoutput) { $tel=preg_replace("/[^0-9]/","",$tel); $tel="+".$tel; $message=substr($message,0,135); if (!$tel || !$message) return 0; $cmd="/usr/bin/sms --destination $tel --message \"$message\""; exec($cmd,$output,$returnCode); if ($returnCode == "0") { if (!$hideoutput) { print "

"; printf (_("SMS sent succesfully to %s. "), $tel); } } else { print "

"; print ""; print "OTP "; print _("Error"); } } function random_passwd_gen() { # Calculating random password $alf=array("a","b","c","d","e","f", "h","i","j","k","l","m", "n","p","r","s","t","w", "x","y","1","2","3","4", "5","6","7","8","9"); while($i < 5) { srand((double)microtime()*1000000); $randval = rand(0,28); $random_otp="$random_otp"."$alf[$randval]"; $i++; } return $random_otp; } function dprint($msg="") { global $verbose; if ($verbose) { print "
$msg\n"; } } function dprint_r($obj) { global $verbose; if ($verbose) { print "

\n";
        print_r($obj);
        print "

\n"; } } function checkEmail($email) { global $verbose; dprint ("checkEmail($email) "); if (stristr($email,"-.") || !preg_match("/^[a-zA-Z0-9][a-zA-Z0-9_.-]*@([a-zA-Z0-9][a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}$/i",$email)) { return 0; } return 1; } class OpenSIPS_DomainAuth { function OpenSIPS_DomainAuth () { $this->userDB = new DB_opensips; $this->allowedDataSourcesSubscriber = array('opensips_radius','sip_trace','media_trace'); } function validate ($user, $domain, $password) { $ha1 = md5($user. ':' . $domain . ':' . $password); $query = sprintf("SELECT * FROM subscriber WHERE username = '%s' AND domain = '%s' AND ( password = '%s' or ha1 = '%s') ", addslashes($user), addslashes($domain), addslashes($password), addslashes($ha1) ); if ($this->userDB->query($query)) { $this->userDB->next_record(); $uid = $this->userDB->f('username'); if ($uid) { return array($uid, "subscriber", $this->allowedDataSourcesSubscriber); } } } } class SipThor_DomainAuth { function SipThor_DomainAuth () { $this->userDB = new DB_sipthor; $this->allowedDataSourcesSubscriber = array('sipthor','sip_trace_thor','media_trace_thor'); } function validate ($user, $domain, $password) { $query = sprintf("SELECT * FROM sip_accounts WHERE username = '%s' AND domain = '%s' ", addslashes($user), addslashes($domain) ); if ($this->userDB->query($query)) { $this->userDB->next_record(); $profile=json_decode($this->userDB->f('profile'),'true'); if ($profile['password'] == $password) { $uid = $this->userDB->f('username'); if ($uid) { return array($uid, "subscriber", $this->allowedDataSourcesSubscriber); } } } } } class pageLayout { function showLoginForm(&$parentAuth) { global $username, $otp_error, $CDRTool; $auth=$parentAuth; print " "; $url=$auth->url(); print "
"; $this->hasAGProjectslogo=1; $logo=$CDRTool['tld']."/images/CDRTool.gif"; print ""; print "

"; print " "; print "

Please identify yourself with username and password. "; if ($CDRTool[provider][sampleLoginSubscriber]) { $sampleLoginSubscriber = $CDRTool[provider][sampleLoginSubscriber]; } else { $sampleLoginSubscriber="account@example.com"; } if ($CDRTool[provider][sampleLoginDomain]) { $sampleLoginDomain = $CDRTool[provider][sampleLoginDomain]; } else { $sampleLoginDomain="client2.eurovoice.ro"; } $web_username=$auth->auth["uname"]; print " Subscriber account (e.g. $sampleLoginSubscriber) Domain account (e.g. $sampleLoginDomain) Administrator account
Username:
Password:
If you make use of One Time Passwords: Fill in your username Press the Send OTP button Collect the password Fill it in the password field Press the Login Now button to login

"; if ( isset($username)) { if (!$sendotp || $username) { print "

Invalid username/password combination. $otp_error

"; $spam=new DB_CDRTool; $query="select * from spam where ip = '$_SERVER[REMOTE_ADDR]'"; $spam->query($query); if (!$spam->num_rows()) { $query=sprintf("insert into spam (ip,tries,login,stamp) values ('%s','1','%s','%s') ",$_SERVER[REMOTE_ADDR],addslashes($username),time()); } else { $query=sprintf("update spam set tries = tries +1 where ip = '%s'", $_SERVER[REMOTE_ADDR]); } $spam->query($query); } else { print "Please fill in your One Time Password!"; } } print "

"; } function showHeader($title='') { } function showTopMenu($title='') { global $DATASOURCES, $CDRTool, $cdr_source, $perm; $version=trim(file_get_contents('version')); print " "; if (is_readable($CDRTool['Path']."/images/logo.gif")) { printf ("",$CDRTool['tld']); } else if (is_readable($CDRTool['Path']."/images/logo.jpg")) { printf ("",$CDRTool['tld']); } else if (is_readable($CDRTool['Path']."/images/logo.png")) { printf ("",$CDRTool['tld']); } else { $this->hasAGProjectslogo=1; print ""; } print "

"; printf ("",$CDRTool['tld']); print "

"; print " $title"; print " "; print $DATASOURCES[$cdr_source]['name']; print " "; print " "; print " "; print " "; if ($perm->have_perm("callsearch")) { print " CDRs "; } if ($perm->have_perm("rates")) { print " | Rating"; print " | Prepaid"; print " | Quota"; } if ($perm->have_perm("statistics")) { print " | Network"; print " | Sessions"; print " | Usage"; } if ($perm->have_perm("admin")) { print " | Replication"; } if ($perm->have_perm("provisioning")) { print " | Provisioning"; } print " | Accounts"; print " | Logs"; $now_print=Date("Y-m-d H:i:s",time()); $tz=$CDRTool['provider']['timezone']; print " | $now_print | v. $version"; print " "; printf ("Logout %s",$CDRTool['loginName']); print "

"; } function showTopMenuSubscriber($title="") { global $DATASOURCES, $CDRTool, $cdr_source, $perm; $version=trim(file_get_contents(version)); print "

"; print " $title"; print " "; print $DATASOURCES[$cdr_source]['name']; print " "; print " "; print " "; print " "; if ($perm->have_perm("callsearch")) { print " Call detail records"; } $now_print=Date("Y-m-d H:i:s",time()); $tz=getenv('TZ'); print " | $now_print ($tz) | v. $version"; print " "; printf ("Logout %s",$CDRTool['loginName']); print "

"; } function showLegalNotice () { global $loginname, $CDRTool; $CDRTool_company=$CDRTool[provider][name]; $legalNotice="Legal Notice". "\n\n". "This software is intended for the use of $CDRTool_company, ". "resellers of $CDRTool_company and the customers of $CDRTool_company. ". "The use of this software by any natural or legal person that does ". "not belong to $CDRTool_company, its Resellers or is a not a ". "customer of $CDRTool_company or its resellers is therefore ". "expressly prohibited.". "\n\n". "All the information stored on, and accessible through this software ". "are personal data protected as such by international and domestic ". "legislation relating to the processing of personal data and ". "the protection of the right to privacy. For these reasons: ". "1. This software shall exclusively be used to the extent that it ". "is necessary for the provision of services to $CDRTool_company ". "customers and its resellers; ". "2. No information displayed on, and accessible through this software ". "shall be communicated to any natural or legal person outside ". "$CDRTool_company and its resellers, without prejudice to the ". "possibility for competent authorities (namely government bodies, ". "courts, regulatory authorities) to be informed of billing or ". "traffic data in conformity with the applicable legislation. ". "\n\n"; $loginName=$CDRTool[loginName]; $this->hasAGProjectslogo=1; print "

Terms and conditions $legalNotice You are logged in as $loginname If you agree with the Terms and Conditions, press on I agree button to continue.

"; } function showFooter() { global $CDRTool; if (!$CDRTool['filter']['aNumber'] && !$this->hasAGProjectslogo) { $thisYear=date("Y",time()); print "

"; } } function showLogout ($loginname) { print "

Logout You have been logged in as $loginname. You have been logged out. Login again

"; } } function unLockTables ($dbid) { $dbid->query("unlock tables"); } function changeLanguage() { } function RandomString($len=11) { $alf=array("a","b","c","d","e","f", "h","i","j","k","l","m", "n","p","r","s","t","w", "x","y","1","2","3","4", "5","6","7","8","9"); $i=0; while($i < $len) { srand((double)microtime()*1000000); $randval = rand(0,28); $string="$string"."$alf[$randval]"; $i++; } return $string; } function RandomNumber($len=5,$skipzero=false) { $alf=array("1","2","3","4","5", "9","8","7","6"); if (!$skipzero) $alf[]="0"; $i=0; while($i < $len) { srand((double)microtime()*1000000); $randval = rand(0,9); $string="$string"."$alf[$randval]"; $i++; } return $string; } function microtime_float() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } function sec2hms ($duration) { // return seconds in HH:MM:SS format $sum1=$duration; $duration_print=""; $duration_hour=floor($sum1/3600); if ($duration_hour > 0) { $sum1=$sum1-($duration_hour*3600); $duration_print="$duration_hour:"; } $duration_min=floor($sum1/60); if ($duration_min > 0) { $sum1=$sum1-($duration_min*60); if ($duration_min < 10) { $duration_min="0"."$duration_min"; } $duration_print="$duration_print"."$duration_min:"; } else { $duration_print="$duration_print"."00:"; } if ($sum1< 10 ) { $duration_sec="0"."$sum1"; } else { $duration_sec=$sum1; } $duration_print="$duration_print"."$duration_sec"; return $duration_print; } ?>