vicidial.org

Hi,

We have a Vici server installed about 3 years ago from the version 10.0.1.iso. This shows
Version: 2.14b0.5
SVN Version: 3594
DB Schema Version: 1724
And I set up a new server, using the ViciBox_V12.x86_64-12.0.2.iso which shows these versions:
Version: 2.14b0.5
SVN Version: 3909
DB Schema Version: 1724
On the old server, we're able to get the users logged in with a URL like

Code: Select all

http://serverip/agc/vicidial.php?VD_login=MyUsername&VD_pass=MyPassword&phone_login=PhoneUsername&phone_pass=PhonePassword&VD_campaign=1234

I did a wireshark capture during a login, and it seems to login with just a GET request using that URL.
On the new server, the same URL brings up a blank page. If I add relogin=YES to the parameters, like this

Code: Select all

http://serverip/agc/vicidial.php?relogin=YES&VD_login=MyUsername&VD_pass=MyPassword&phone_login=PhoneUsername&phone_pass=PhonePassword&VD_campaign=1234

Then it brings up a login page but doesn't login automatically, the user needs to click the "Submit" button which triggers a POST request to the web server.
Is there any way to make it work with just the GET URL ? Perhaps adding other parameters ? This is important because we call this URL from an application.
I know the login page has some more parameters like "LOGINvarONE=&LOGINvarTWO=&LOGINvarTHREE=&LOGINvarFOUR=&LOGINvarFIVE=&hide_relogin_fields=" but they don't seem to make a difference in this case.

Many thanks for any suggestions.

Please remember to include your BUILD for Vicidial (the full Version Info includes Build). Otherwise, well done posting your specs.

Two options as I see it:

1) Modify the vicidial.php page to automatically submit if one extra parameter of your choice is present (fairly simple javascript or php code change). This does, however, cause your system to have custom code that will not survive an upgrade

2) Create a new "auto-login.php" page which is not part of Vicidial and point your url to that page, and on that page set up a "bounce" routine with javascript which takes the provided parameters and POSTs them to the actual vicidial.php page. No custom Vicidial code required, will survive an upgrade. Could also be used as a web-balancer with a bit of additional code.

After that of course, you could contact The Vicidial Group and request a feature "autologin=yes" that would permanently imbue this in the core of Vicidial.

You could also have someone dig deeper and see if it's already possible, but I do not think it is presently possible without custom code. We have some clients who have requested a custom "which agents are on which campaigns" page where they can drag agents to different campaigns. This process requires auto-login of the agent session on the new campaign, and that required custom code when we wrote it. The customer acknowledged that "telling" 50 people to move to a new campaign rarely resulted in all 50 actually changing, but forcing the move on an interface was 100% successful. LOL

Thanks for the reply, WIlliam.
The build numbers are:
- old server BUILD: 250103-0843
- new server BUILD: 250210-1701
As I mentioned, this autologin was (and still is) working on the old server, without any custom code, while on the new server it just takes me to the login page.
Just for the sake of testing, I installed another server using the old build and didn't make any customizations on it. The auto login works.
So it feels like this is either a bug, or a feature that was introduced in the new version and perhaps I need to change a setting somewhere to make it behave like the old build. I've been digging for days trying to find that setting but everything I can think of is set up the same between the 2 (now 3) servers.

It was most likely a "fixed bug" that allowed use of a GET value where it should have required POST and now auto-login is blocked if you only used a GET. Also they have (over time) updated the authorization routine which may have had a fix that blocked this thing you think was a feature but may have actually been a ... bug. LOL (I could be wrong, haven't looked).

At the top of all the web pages php code is a section that gathers GET/POST information. That section explicitly collects the information whether GET or POST is used (by checking both methods). But at some point a decision has to be made to actually initiate the login process, which may simply be a Submit button (POST? GET?) and may have changed or may have tested to see if we're in POST mode or perhaps even just if Submit was POSTed.

Shouldn't be too hard to track down whether it's a missing value (because "get" rather than "post" so not allowed) or an explicitly missing value that was previously not required or even a logical test to see if POST occurred. Would not be hard at all to fix in code (rather than creating a bounce php page), but I strongly suspect you'd need to fix it in code forever since I suspect it's not an accident. Agents need to hit "submit" to log in.

Happy Hunting!