Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
mflorell wrote:If you send an email in to support@vicidial.com, then mcargile will send you the instructions for using the beta VICIphone WebRTC phone. We have several clients and non-clients using it in production at this point, and it seems to be fairly stable when using Asterisk 11 servers.
<?php
if (!($_SESSION["SSID"])) {
session_start();
$_SESSION["SSID"]=session_id();
}
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// MySQL Server:
$dbIP="127.0.0.1";
$dbUN="cron";
$dbPW="1234";
$dbDB="asterisk";
// Twilio account:
$sid = "AC52284e2************0c26f7d29a45a";
$token = "b120ced************59b54cc1e93a";
function logit($msg) {
$logdate=date('Y-m-d');
$log='/srv/www/htdocs/logs/wan-login_' . $logdate . '.log';
$dt=date('Y-m-d H:i:s');
$f=fopen($log, 'a');
fwrite($f,"$dt\t$msg\n");
fclose($f);
}
?>
<?php
include "wan-login-include.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>3-Factor Wan Login</title>
</head>
<body>
<form action="wan-login-validateLogin.php" method="post">
User Login: <input type="text" maxlength="30" size="20" name="unm"></div>
User Password: <input type="password" maxlength="30" size="20" name="pwd"></div>
<?php
$sid=$_SESSION["SSID"];
$inv=$_SESSION["inv"];
// the $_SESSION["inv"] keeps track of re-attempts
if ($inv==1) {
echo '<B>Invalid Username or Password</B><BR>';
}
?>
<input type="submit" class="submit button" value="Submit">
</body>
</html>
<?php
include "wan-login-include.php";
$mysqli = new mysqli($dbIP, $dbUN, $dbPW, $dbDB);
// test if session un/pw are set from a failed OTC attempt
if (isset($_SESSION["unm"])) {
$unm=$_SESSION["unm"];
} else {
$unm=$mysqli->real_escape_string($_REQUEST["unm"]);
}
if (isset($_SESSION["pwd"])) {
$pwd=$_SESSION["pwd"];
} else {
$pwd=$mysqli->real_escape_string($_REQUEST["pwd"]);
}
$qry="select user_id from vicidial_users where user='$unm' and pass='$pwd'";
$res = $mysqli->query($qry);
if (!$res) {
die('Query failed: ' . $mysqli->error . '<br/>');
}
$row = $res->fetch_row();
$uid=$row[0];
$nr=$res->num_rows;
if ($res->num_rows==1) {
$uid=$row[0];
$_SESSION["inv"]=0;
$_SESSION["pwd"]=$pwd;
$_SESSION["unm"]=$unm;
$_SESSION["uid"]=$uid;
$ssid=$_SESSION["SSID"];
$otc=getOTC($uid);
logit("validateLogin: OTC $otc for $uid @ session $ssid");
$_SESSION["otc"]=$otc;
header("Location: wan-loginOTC.php");
die("UNAUTHORIZED");
} else {
$_SESSION["inv"]=1;
header("Location: wan-login.php");
die("UNAUTHORIZED");
}
exit();
function getOTC($uid) {
$url="https://127.0.0.1/wan-login-sendOTC.php";
$curlSession = curl_init();
curl_setopt($curlSession, CURLOPT_URL, $url);
curl_setopt($curlSession, CURLOPT_HEADER, FALSE);
curl_setopt($curlSession, CURLOPT_POST, TRUE);
curl_setopt($curlSession, CURLOPT_POSTFIELDS, "uid=$uid");
curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($curlSession, CURLOPT_TIMEOUT,5000);
curl_setopt($curlSession, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, FALSE);
$response = curl_exec($curlSession);
curl_close($curlSession);
logit("wan-login-sendOTC: OTC=$response");
return $response;
}
?>
<?php
include "wan-login-include.php";
require_once "sms/Twilio/autoload.php";
$client = new Twilio\Rest\Client($sid, $token);
$mysqli = new mysqli($dbIP, $dbUN, $dbPW, $dbDB);
$uid=$_REQUEST["uid"];
$ssid=session_id();
//$sid=$_SESSION["SSID"];
//echo "Session: $sid<br>UID: $uid<br>";
logit("wan-login-sendOTC:: $uid for session $ssid");
$query="select custom_one from vicidial_users where user_id=$uid;";
$res = $mysqli->query($query);
if (!$res) {
logit('Query failed: ' . $mysqli->error );
}
$row = $res->fetch_row();
$sms_phone=$row[0];
$nr=$res->num_rows;
$otc=rand(1000,9999);
if ($res->num_rows==1) {
try {
$message = $client->messages->create(
$sms_phone,
array(
'from' => '+17275551212',
'body' => "Access Code: $otc",
'statusCallback' => "http://requestb.in/1cnux861"
)
);
} catch (Exception $e) {
logit($e->getMessage());
}
$x=logit("$message\t$sms_phone\t$otc");
//var_dump($message);
}
echo $otc;
exit();
<?php
include "wan-login-include.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>3-Factor Wan Login</title>
</head>
<body>
<form action="wan-login-validateOTC.php" method="post">
<?php
$inv=$_SESSION["inv"];
$unm=$_SESSION["unm"];
$otc=$_SESSION["otc"];
if ($inv==2) {
//user entered incorrect OTC
$instruction='<B>IVALID ACCESS CODE! A new 4-digit code has been sent to your phone.<br>Enter it below and click Submit.</B><BR><BR>';
} else {
$instruction='<B>A 4-digit code has been sent to your phone.<br>Enter it below and click Submit.</B><BR><BR>';
}
if (is_numeric($otc)) {
echo $instruction;
echo 'User Login: <input class="inputarea" type="text" maxlength="30" size="20" value=".' . $unm . '" name="unm"></div>';
echo 'Access Code: <input class="inputarea" type="text" maxlength="30" size="20" name="userotc"></div>';
echo '<input type="submit" class="submit button" value="Submit">';
} else {
echo '<B>You are not authorized for remote access.<br>Please contact your supervisor.</B><BR><BR>';
}
?>
</html>
<?php
include "wan-login-include.php";
$mysqli = new mysqli($dbIP, $dbUN, $dbPW, $dbDB);
$unm=$_SESSION["unm"];
$pwd=$_SESSION["pwd"];
$uid=$_SESSION["uid"];
$userOTC=$_REQUEST["userotc"];
$otc=$_SESSION["otc"];
// test OTC
if ($otc==$userOTC) {
logit("validateOTC: Valid OTC $otc for $uid @ session $ssid");
// need best way to login user since we already have UN/PW
header("Location: index.html");
} else {
$_SESSION["inv"]=2;
logit("validateOTC: Invalid OTC $otc for $uid @ session $ssid");
header("Location: wan-loginOTC.php");
}
?>
Users browsing this forum: No registered users and 24 guests