[asterisk-users] To Asterisk AMI Gurus - Tacking issue with originate

Tzafrir Cohen tzafrir.cohen at xorcom.com
Fri Dec 18 04:20:44 CST 2009 

On Thu, Dec 17, 2009 at 08:29:55PM -0500, Bruce Nik wrote:
> Hello Everyone,
> 
> I am making a simple index.php file which will allow a web user to enter his
> $phoneNumb, $dialNumb, and callerID ($spoofNumb) and get the call bridged.
> Following is the index.php and the contents of extensions_custom.conf. When
> I submit the form nothing happens. I don't even see Manager Connected msg.
> Your input will be much appreciated. I am thinking I have some syntax
> problem.

Time to debug the PHP part, then. This looks like an apache/PHP
question...

> 
> /etc/asterisk/extensions_custom.conf
> *[testphp]
> exten => _X.,1,Answer()
> exten => _X.,n,Dial(SIP/testTrunk/${EXTEN})
> exten => _X.,n,Hangup()*
> 
> *
> *
> *
> *
> *
> *****************************************************************************************************
> *
> /var/www/html/clickncall/index.php
> <html>
> <head>
> <title>ClicknCall</title>
> </head>
> <body><br><br>
> <div align="center">
> 
> <?php
> 
> $sys_ip = "127.0.0.1";
> $User_str = "testphp";
> $Secret_str = "testphp";
> 
> if ($_POST['x']) {
> $oSocket = fsockopen($sys_ip, 5038, $errnum, $errdesc) or die("Connection to
> host failed");
> 
> fputs($oSocket, "Action: login\r\n");
> fputs($oSocket, "Username: $User_str\r\n");
> fputs($oSocket, "Secret: $Secret_str\r\n\r\n");
> fputs($oSocket, "Events: off\r\n\r\n");
> fputs($oSocket, "Action: originate\r\n");
> fputs($oSocket, "Channel: SIP/testTrunk/$phoneNumb\r\n");
> fputs($oSocket, "Exten: $dialNumb\r\n");

And you get those variables from where?

Are they submitted in the form?

(And if so: if you don't remove strange characters such as '\r\n' from
them, the user can use them to submit complete manager requests).

> fputs($oSocket, "Context: testphp\r\n");
> fputs($oSocket, "Priority: 1\r\n\r\n");
> fputs($oSocket, "Timeout: 10000\r\n");
> fputs($oSocket, "CallerId: $spoofNumb\r\n");
> fputs($oSocket, "Async: true\r\n");
> fputs($oSocket, "Action: Logoff\r\n\r\n");
> 
> fclose($oSocket);
> 
> print $_POST['x'];
> 
> } else {
>   print "<form method=\"post\"action=\"$_SERVER[PHP_SELF]\">";
>   print "<br>";
>   print "PHONE Number: <input type=\"text\"name=\"phoneNumb\">";
>   print "<br>";
>   print "PARTY Number: <input type=\"text\"name=\"dialNumb\">";
>   print "<br>";
>   print "FORGE Number: <input type=\"text\"name=\"spoofNumb\">";
>   print "<br>";
>   print "<input type=\"Submit\" value=\"                         Dial
>                      \">";
>   print "</form>";
> 
> } ?>
> 
> </div>
> </body>
> </html>
> 
> ************************************************************************************
> */etc/asterisk/manager_custom.conf*
> [testphp]
> secret = testphp
> deny=0.0.0.0/0.0.0.0
> permit=127.0.0.1/255.255.255.0
> read = system,call,log,verbose,command,agent,user
> write = system,call,log,verbose,command,agent,user

To slightly reduce the chance of abuse:

read=
write=call

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-users mailing list