Re: [asterisk-users] PHP can't insert - Can someone please help
Its not wise to haste in posting for help without first spending sometime thinking yourself. Your mysql syntax is not right, you can clearly see the missing single quotes starting from 'ext-local. I would also suggest to use a different syntax for this mysql statement, i.e. using SET instead of VALUES, which makes the syntax much clearer, i.e. INSERT INTO `table` SET `col1` = 'value1', `col2`= 'val2' and so on. Zeeshan A Zakaria -- www.ilovetovoip.com On 2010-07-10 12:13 AM, bruce bruce bruceb...@gmail.com wrote: Hi Guys, I am making another module for Voicemail. I have three fields in a POST form that have to be connected together to make it a single 10 digit number but there is something wrong in my syntax probably. $npaa = ('$_POST[anpa]'); $nxxa = ('$_POST[anxx]'); $blocka = ('$_POST[ablock]'); *$grplist = $npaa.$nxxa.$blocka;* $sql=INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing, pre_ring) VALUES ('$_POST[grpnum]','ringall','$_POST[grptime]','$_POST[grppre]',$grplist,'0','$_POST[postdest]','','','0','0','Ring','$_POST[pre_ring]'); It seems that $grplist is the problem. Can someone please point what is wrong? Error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('333')(''),'0','ext-local,vmb2000,1','','','0','0','Ring','0')' at line 3 Thanks, Bruce -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Thank you for the amazing reply. First few lines of your e-mail was EXACTLY getting me to where I made a mistake. I guess I didn't take the () and ' ' at their face value and was looking somewhere else for the problem. For sanatizing you mean checking the numbers to make sure they are valid numbers and not alphabet or other charecters? or, are you pointing the fact that I am keeping mysql root password in plain .php file? I have done an include of a php file which has mysql root password and that is insert as an #incldue in the html file. So, if someone checks source for html can't see mysql root password. Even though root is user on mysql is to accept only from localhost. I would really appreciate it if you can weigh in on it a bit. Thanks, Bruce On Sat, Jul 10, 2010 at 7:42 AM, Gerald A geraldabli...@gmail.com wrote: Hi Bruce, First, your problem isn't PHP, it seems to be SQL and I'm guessing MySQL at that. Next, you seem to be accepting user input and not sanatizing it. DANGER WILL ROBINSON!!! This is bad, because it leaves you open to something known as a SQL injection attack. Now, as to syntax: On Sat, Jul 10, 2010 at 12:07 AM, bruce bruce bruceb...@gmail.com wrote: I am making another module for Voicemail. I have three fields in a POST form that have to be connected together to make it a single 10 digit number but there is something wrong in my syntax probably. $npaa = ('$_POST[anpa]'); $nxxa = ('$_POST[anxx]'); $blocka = ('$_POST[ablock]'); *$grplist = $npaa.$nxxa.$blocka;* Ok, so suppose arpa=111, anxx=222 and ablock=. grplist would then be ('111')('333')(''). $sql=INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing, pre_ring) VALUES ('$_POST[grpnum]','ringall','$_POST[grptime]','$_POST[grppre]',$grplist,'0','$_POST[postdest]','','','0','0','Ring','$_POST[pre_ring]'); It seems that $grplist is the problem. Can someone please point what is wrong? Error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('333')(''),'0','ext-local,vmb2000,1','','','0','0','Ring','0')' at line 3 Look closesly, grasshopper. See it? (Does the hint above help?) Hmmm, ok. Let's write the line as SQL: INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing, pre_ring) VALUES ('0','ringall','0','0',('111')('333')(''),'0','0','','','0','0','Ring','0'); Clear now? You are trying to insert the raw value -- ('111')('333')('') -- into your database. This can't make any sense except as string, And this isn't one. I think what you might have meant is to quote the _whole thing_ as a string, and not the individual pieces. Then: $grplist = '(.$npaa.$nxxa.$blocka.)'; and $blocka = ($_POST[ablock]); # and for all of them above This would make the value '(111)(333)()', which should work fine. Now, if you really meant to add in the quotes, you'll have to quote the quotes, which can be hard to do in good times. Hope this helps, Gerald. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Further to my last post, I added this to santize. I also created a new mysql user with access to only findmefollow portion of the asterisk table for limited access and assigned only two simultaneous connections with only 10 changes queries per hour (as I know that no more queries will be put through probably) if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) Should that suffice against SQL injections? The if condition changes the string to number so it removes the chance of people adding other characters and it also sticks to format NPAN or 2XX2. Thanks On Sat, Jul 10, 2010 at 10:21 AM, bruce bruce bruceb...@gmail.com wrote: Thank you for the amazing reply. First few lines of your e-mail was EXACTLY getting me to where I made a mistake. I guess I didn't take the () and ' ' at their face value and was looking somewhere else for the problem. For sanatizing you mean checking the numbers to make sure they are valid numbers and not alphabet or other charecters? or, are you pointing the fact that I am keeping mysql root password in plain .php file? I have done an include of a php file which has mysql root password and that is insert as an #incldue in the html file. So, if someone checks source for html can't see mysql root password. Even though root is user on mysql is to accept only from localhost. I would really appreciate it if you can weigh in on it a bit. Thanks, Bruce On Sat, Jul 10, 2010 at 7:42 AM, Gerald A geraldabli...@gmail.com wrote: Hi Bruce, First, your problem isn't PHP, it seems to be SQL and I'm guessing MySQL at that. Next, you seem to be accepting user input and not sanatizing it. DANGER WILL ROBINSON!!! This is bad, because it leaves you open to something known as a SQL injection attack. Now, as to syntax: On Sat, Jul 10, 2010 at 12:07 AM, bruce bruce bruceb...@gmail.comwrote: I am making another module for Voicemail. I have three fields in a POST form that have to be connected together to make it a single 10 digit number but there is something wrong in my syntax probably. $npaa = ('$_POST[anpa]'); $nxxa = ('$_POST[anxx]'); $blocka = ('$_POST[ablock]'); *$grplist = $npaa.$nxxa.$blocka;* Ok, so suppose arpa=111, anxx=222 and ablock=. grplist would then be ('111')('333')(''). $sql=INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing, pre_ring) VALUES ('$_POST[grpnum]','ringall','$_POST[grptime]','$_POST[grppre]',$grplist,'0','$_POST[postdest]','','','0','0','Ring','$_POST[pre_ring]'); It seems that $grplist is the problem. Can someone please point what is wrong? Error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('333')(''),'0','ext-local,vmb2000,1','','','0','0','Ring','0')' at line 3 Look closesly, grasshopper. See it? (Does the hint above help?) Hmmm, ok. Let's write the line as SQL: INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing, pre_ring) VALUES ('0','ringall','0','0',('111')('333')(''),'0','0','','','0','0','Ring','0'); Clear now? You are trying to insert the raw value -- ('111')('333')('') -- into your database. This can't make any sense except as string, And this isn't one. I think what you might have meant is to quote the _whole thing_ as a string, and not the individual pieces. Then: $grplist = '(.$npaa.$nxxa.$blocka.)'; and $blocka = ($_POST[ablock]); # and for all of them above This would make the value '(111)(333)()', which should work fine. Now, if you really meant to add in the quotes, you'll have to quote the quotes, which can be hard to do in good times. Hope this helps, Gerald. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Hi Bruce, On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce bruceb...@gmail.com wrote: Further to my last post, I added this to santize. I also created a new mysql user with access to only findmefollow portion of the asterisk table for limited access and assigned only two simultaneous connections with only 10 changes queries per hour (as I know that no more queries will be put through probably) if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) Should that suffice against SQL injections? The if condition changes the string to number so it removes the chance of people adding other characters and it also sticks to format NPAN or 2XX2. There are two things -- the first is, who call this script? If it's something you control 100%, you can mitigate the risk a bit. I don't really like this tact, because if the script gets repurposed, you end up with something that could be very dangerous. The second thing is simple -- most people think small here, but you have to think big and know a bit about how PHP works. PHP strings are pretty amazing things, and one of the pesky things is that you can put all kinds of things in it. Now, if that string variable is created as a result of a form input, then that string can be anything. For a moment, think about if it $npaa = '201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty, and it would muck up further SQL injections, but now you get the idea. You should always check to make sure the data you are getting is what you are expecting, and exclude what you aren't. So, are your tests sufficient? I can't remember off the top of my head if the string - integer only considers the first number, or it considers the whole string. (PHP usually errs on the side of ease of use, so I think my snippet above would still pass your test). If your expecting only numbers, I'd write a function that ensures that only numbers are parts of the input. (And not just for the 3 above variables). Really, you should never see $_POST(var) (or any PHP CGI variable) that derives directly from user input. It takes a few minutes extra, but it'll save hours of sorting later if you get hit by a SQL injection. Hope this helps, Gerald -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] How can get user inputs from called party after dial?
Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Thanks again. Apparently all POST variables come through as strings. The function you pointed out is I think already built in php as is_numeric() http://www.php.net/manual/en/function.is-numeric.php. http://php.net/manual/en/function.is-int.php http://www.php.net/manual/en/function.is-numeric.php http://www.php.net/manual/en/function.is-numeric.phpIf that runs TRUE and if I keep my =200 and !=911 or !900 I should be safe from SQL injections. And along with dial-out routes rules, I think I can make this stronger. I have my html/php file set so that the input field only takes 3 digit 3 digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop database YOUR_DATABASE'; *would fail due to big length and also I tested with inputing letters and my IF function caught it and exited. Further more, everything else (other than phone input fields) is drop down boxes with specific numbers or letters inserted in them. I should be 100% safe with those right? By using form POST there should be no other loop holes left opened right? It's not like php $_GET so people can't try typing to the browser in this format: http://www.w3schools.com/welcome.php?fname=Peterage=37 Thanks a lot, Bruce On Sat, Jul 10, 2010 at 1:41 PM, Gerald A geraldabli...@gmail.com wrote: Hi Bruce, On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce bruceb...@gmail.com wrote: Further to my last post, I added this to santize. I also created a new mysql user with access to only findmefollow portion of the asterisk table for limited access and assigned only two simultaneous connections with only 10 changes queries per hour (as I know that no more queries will be put through probably) if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) Should that suffice against SQL injections? The if condition changes the string to number so it removes the chance of people adding other characters and it also sticks to format NPAN or 2XX2. There are two things -- the first is, who call this script? If it's something you control 100%, you can mitigate the risk a bit. I don't really like this tact, because if the script gets repurposed, you end up with something that could be very dangerous. The second thing is simple -- most people think small here, but you have to think big and know a bit about how PHP works. PHP strings are pretty amazing things, and one of the pesky things is that you can put all kinds of things in it. Now, if that string variable is created as a result of a form input, then that string can be anything. For a moment, think about if it $npaa = '201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty, and it would muck up further SQL injections, but now you get the idea. You should always check to make sure the data you are getting is what you are expecting, and exclude what you aren't. So, are your tests sufficient? I can't remember off the top of my head if the string - integer only considers the first number, or it considers the whole string. (PHP usually errs on the side of ease of use, so I think my snippet above would still pass your test). If your expecting only numbers, I'd write a function that ensures that only numbers are parts of the input. (And not just for the 3 above variables). Really, you should never see $_POST(var) (or any PHP CGI variable) that derives directly from user input. It takes a few minutes extra, but it'll save hours of sorting later if you get hit by a SQL injection. Hope this helps, Gerald -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
You need read(): http://www.voip-info.org/wiki/view/Asterisk+cmd+Read http://www.voip-info.org/wiki/view/Asterisk+cmd+ReadIt's as easy as: exten = s,n,Read(variable,,11) exten = s,n,NoOp(${variable}) Above will take up to 11 digits input by user and will display it back in NoOP on Asterisk CLI. -Bruce On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote: Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
Thanks, but I'm missing something here, the dial command is where? I need to do something like: Dial(1234) Read(1 digit) DoSomthing(based on digit from 1234) And as far as I understand the Dial start the call and only come back (ig you use the g option) after call finished. Eyal From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce Sent: Saturday, July 10, 2010 9:30 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] How can get user inputs from called party after dial? You need read(): http://www.voip-info.org/wiki/view/Asterisk+cmd+Read It's as easy as: exten = s,n,Read(variable,,11) exten = s,n,NoOp(${variable}) Above will take up to 11 digits input by user and will display it back in NoOP on Asterisk CLI. -Bruce On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote: Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Here is the steel strong sanitizer: $npaa = $_POST[anpa]; $nxxa = $_POST[anxx]; $blocka = $_POST[ablock]; # Sanitize $blocka_san = strspn($blocka, 0123456789); *if ($blocka_san==4 is_numeric($npaa) is_numeric($nxxa) is_numeric($blocka) $npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) * * * * {* echo Number passed sanitization; } What do you think? :-) -Bruce On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce bruceb...@gmail.com wrote: Thanks again. Apparently all POST variables come through as strings. The function you pointed out is I think already built in php as is_numeric() http://www.php.net/manual/en/function.is-numeric.php. http://php.net/manual/en/function.is-int.php http://www.php.net/manual/en/function.is-numeric.php http://www.php.net/manual/en/function.is-numeric.phpIf that runs TRUE and if I keep my =200 and !=911 or !900 I should be safe from SQL injections. And along with dial-out routes rules, I think I can make this stronger. I have my html/php file set so that the input field only takes 3 digit 3 digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop database YOUR_DATABASE'; *would fail due to big length and also I tested with inputing letters and my IF function caught it and exited. Further more, everything else (other than phone input fields) is drop down boxes with specific numbers or letters inserted in them. I should be 100% safe with those right? By using form POST there should be no other loop holes left opened right? It's not like php $_GET so people can't try typing to the browser in this format: http://www.w3schools.com/welcome.php?fname=Peterage=37 Thanks a lot, Bruce On Sat, Jul 10, 2010 at 1:41 PM, Gerald A geraldabli...@gmail.com wrote: Hi Bruce, On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce bruceb...@gmail.comwrote: Further to my last post, I added this to santize. I also created a new mysql user with access to only findmefollow portion of the asterisk table for limited access and assigned only two simultaneous connections with only 10 changes queries per hour (as I know that no more queries will be put through probably) if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) Should that suffice against SQL injections? The if condition changes the string to number so it removes the chance of people adding other characters and it also sticks to format NPAN or 2XX2. There are two things -- the first is, who call this script? If it's something you control 100%, you can mitigate the risk a bit. I don't really like this tact, because if the script gets repurposed, you end up with something that could be very dangerous. The second thing is simple -- most people think small here, but you have to think big and know a bit about how PHP works. PHP strings are pretty amazing things, and one of the pesky things is that you can put all kinds of things in it. Now, if that string variable is created as a result of a form input, then that string can be anything. For a moment, think about if it $npaa = '201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty, and it would muck up further SQL injections, but now you get the idea. You should always check to make sure the data you are getting is what you are expecting, and exclude what you aren't. So, are your tests sufficient? I can't remember off the top of my head if the string - integer only considers the first number, or it considers the whole string. (PHP usually errs on the side of ease of use, so I think my snippet above would still pass your test). If your expecting only numbers, I'd write a function that ensures that only numbers are parts of the input. (And not just for the 3 above variables). Really, you should never see $_POST(var) (or any PHP CGI variable) that derives directly from user input. It takes a few minutes extra, but it'll save hours of sorting later if you get hit by a SQL injection. Hope this helps, Gerald -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
You need to do some reading :-) I will give you a quick teach here. At the end of file /etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in /etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add this: [first-Dialplan] exten = s,1,Answer exten = s,n,Playback(Welcome) exten = s,n,Read(numb,,10) exten = s,n,NoOp(${numb}) And send your inbound route to context first-Dialplan so that it's triggered when a call comes in. Then on terminal do a asterisk -r and you will see the NoOp show the DTMF number entered. From there on you can do anything you want with the variable ${numb} If any part of above is unclear to you, you must consult your friend, google, for examples of Asterisk dialplan. -Bruce On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.com wrote: Thanks, but I'm missing something here, the dial command is where? I need to do something like: Dial(1234) Read(1 digit) DoSomthing(based on digit from 1234) And as far as I understand the Dial start the call and only come back (ig you use the g option) after call finished. Eyal *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *bruce bruce *Sent:* Saturday, July 10, 2010 9:30 PM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] How can get user inputs from called party after dial? You need read(): http://www.voip-info.org/wiki/view/Asterisk+cmd+Read It's as easy as: exten = s,n,Read(variable,,11) exten = s,n,NoOp(${variable}) Above will take up to 11 digits input by user and will display it back in NoOP on Asterisk CLI. -Bruce On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote: Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
For dial you do this: [first-Dialplan] exten = s,1,Answer exten = s,n,Dial(SIP/provider/111222) exten = s,n,Playback(Welcome) exten = s,n,Read(numb,,10) exten = s,n,NoOp(${numb}) -Bruce On Sat, Jul 10, 2010 at 2:51 PM, bruce bruce bruceb...@gmail.com wrote: You need to do some reading :-) I will give you a quick teach here. At the end of file /etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in /etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add this: [first-Dialplan] exten = s,1,Answer exten = s,n,Playback(Welcome) exten = s,n,Read(numb,,10) exten = s,n,NoOp(${numb}) And send your inbound route to context first-Dialplan so that it's triggered when a call comes in. Then on terminal do a asterisk -r and you will see the NoOp show the DTMF number entered. From there on you can do anything you want with the variable ${numb} If any part of above is unclear to you, you must consult your friend, google, for examples of Asterisk dialplan. -Bruce On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.comwrote: Thanks, but I'm missing something here, the dial command is where? I need to do something like: Dial(1234) Read(1 digit) DoSomthing(based on digit from 1234) And as far as I understand the Dial start the call and only come back (ig you use the g option) after call finished. Eyal *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *bruce bruce *Sent:* Saturday, July 10, 2010 9:30 PM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] How can get user inputs from called party after dial? You need read(): http://www.voip-info.org/wiki/view/Asterisk+cmd+Read It's as easy as: exten = s,n,Read(variable,,11) exten = s,n,NoOp(${variable}) Above will take up to 11 digits input by user and will display it back in NoOP on Asterisk CLI. -Bruce On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote: Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
Thank you Bruce, I think we are not on the same page. I have an AMI script that issue an originate command, after one channel is connected I'm in my dialplan at extensions_custom.conf (I use FreePBX). Now I'm issuing a Dial command to the another party that when he pick up the phone I play for him a message (using the A option in the Dial command) and then want to wait for his input, this is the case. Eyal From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce Sent: Saturday, July 10, 2010 9:52 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] How can get user inputs from called party after dial? You need to do some reading :-) I will give you a quick teach here. At the end of file /etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in /etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add this: [first-Dialplan] exten = s,1,Answer exten = s,n,Playback(Welcome) exten = s,n,Read(numb,,10) exten = s,n,NoOp(${numb}) And send your inbound route to context first-Dialplan so that it's triggered when a call comes in. Then on terminal do a asterisk -r and you will see the NoOp show the DTMF number entered. From there on you can do anything you want with the variable ${numb} If any part of above is unclear to you, you must consult your friend, google, for examples of Asterisk dialplan. -Bruce On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.com wrote: Thanks, but I'm missing something here, the dial command is where? I need to do something like: Dial(1234) Read(1 digit) DoSomthing(based on digit from 1234) And as far as I understand the Dial start the call and only come back (ig you use the g option) after call finished. Eyal From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce Sent: Saturday, July 10, 2010 9:30 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] How can get user inputs from called party after dial? You need read(): http://www.voip-info.org/wiki/view/Asterisk+cmd+Read It's as easy as: exten = s,n,Read(variable,,11) exten = s,n,NoOp(${variable}) Above will take up to 11 digits input by user and will display it back in NoOP on Asterisk CLI. -Bruce On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote: Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
Thank you Bruce, In the below example you sent the dialplan will stop after Dial. I found the solution to my problem in the M option of the Dial command that let you run a macro BEFORE the parties are connected and continue the dialplan based on the MACRO_RESULT. Thanks for your help, Eyal From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce Sent: Saturday, July 10, 2010 9:53 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] How can get user inputs from called party after dial? For dial you do this: [first-Dialplan] exten = s,1,Answer exten = s,n,Dial(SIP/provider/111222) exten = s,n,Playback(Welcome) exten = s,n,Read(numb,,10) exten = s,n,NoOp(${numb}) -Bruce On Sat, Jul 10, 2010 at 2:51 PM, bruce bruce bruceb...@gmail.com wrote: You need to do some reading :-) I will give you a quick teach here. At the end of file /etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in /etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add this: [first-Dialplan] exten = s,1,Answer exten = s,n,Playback(Welcome) exten = s,n,Read(numb,,10) exten = s,n,NoOp(${numb}) And send your inbound route to context first-Dialplan so that it's triggered when a call comes in. Then on terminal do a asterisk -r and you will see the NoOp show the DTMF number entered. From there on you can do anything you want with the variable ${numb} If any part of above is unclear to you, you must consult your friend, google, for examples of Asterisk dialplan. -Bruce On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.com wrote: Thanks, but I'm missing something here, the dial command is where? I need to do something like: Dial(1234) Read(1 digit) DoSomthing(based on digit from 1234) And as far as I understand the Dial start the call and only come back (ig you use the g option) after call finished. Eyal From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce Sent: Saturday, July 10, 2010 9:30 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] How can get user inputs from called party after dial? You need read(): http://www.voip-info.org/wiki/view/Asterisk+cmd+Read It's as easy as: exten = s,n,Read(variable,,11) exten = s,n,NoOp(${variable}) Above will take up to 11 digits input by user and will display it back in NoOP on Asterisk CLI. -Bruce On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote: Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10 09:36:00 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
On Sat, 10 Jul 2010, bruce bruce wrote: You need to do some reading :-) Now that is funny -- maybe you could take your own advice and look at http://www.php.net/docs.php instead of posting please help me debug code I'm too lazy to even see if PHP says it is syntactically correct and the only relevance it has to Asterisk is I'm trying to concatenate some strings and make sure it could be a phone number requests. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
I was under the impression that he is new to Asterisk. No need to fuss. Hence the :-) On Sat, Jul 10, 2010 at 3:35 PM, Steve Edwards asterisk@sedwards.comwrote: On Sat, 10 Jul 2010, bruce bruce wrote: You need to do some reading :-) Now that is funny -- maybe you could take your own advice and look at http://www.php.net/docs.php instead of posting please help me debug code I'm too lazy to even see if PHP says it is syntactically correct and the only relevance it has to Asterisk is I'm trying to concatenate some strings and make sure it could be a phone number requests. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP Trunk configuration problem - fromdomain
you need to set your external IP in the sip.conf to be your public IP after NAT (assuming your talking over a public network). That way when the sip request goes out and it sees the IP address your are sending to is outside your localnets it changes the SIP header to use the x.y.z.w IP you set in the externip (i believe thats the exact spelling, but not looking at sip.conf this second). Trevor Benson A1 Networks | Network Engineer dCAP- Digium Certified Asterisk Professional LPIC-1, Network+, CNA, MCP DID (707)703-1041 Fax (707)703-1983 tben...@a-1networks.com On Jul 5, 2010, at 3:18 AM, eyal goltzman wrote: Hello, I'm trying to register to my provider sip trunk, I got from him an host IP (a.b.c.d) to connect to and my provider recognize me based on the fixed IP (x.y.z.w) he gave me (no need for username and password) In the sip.conf I add: [mytrunk] type=friend insecure=no host=a.b.c.d fromdomain=x.y.z.w qualify=3600 nat=no ; change to yes if you are behind NAT bindport=5060 bindaddr=0.0.0.0 context=default disallow=all allow=ulaw allow=alaw Now, my asterisk resides in my internal network (10.100.101.107) and in the SIP requests that sent to the provider I can see (via a sniffer) that the From and Contact fields have - sip:aster...@10.100.101.107 and not the x.y.z.w I expected to see as a result of the fromdomain=x.y.z.w. Any idea? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
On Sat, 10 Jul 2010, bruce bruce wrote: Here is the steel strong sanitizer: $npaa = $_POST[anpa]; $nxxa = $_POST[anxx]; $blocka = $_POST[ablock]; # Sanitize $blocka_san = strspn($blocka, 0123456789); if ($blocka_san==4 is_numeric($npaa) is_numeric($nxxa) is_numeric($blocka) $npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) { echo Number passed sanitization; } What do you think? :-) Yuk. On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce bruceb...@gmail.com wrote: Thanks again. Apparently all POST variables come through as strings. You may want to read the relevant RFCs. Look for ENCTYPE. The function you pointed out is I think already built in php as is_numeric(). http://www.php.net/manual/en/function.is-numeric.php You may want to read the function definition again. It allows plus, exponential notation and hexadecimal notation as well. I have my html/php file set so that the input field only takes 3 digit 3 digit 4 digit (NPA, NXX, Block) so your purposal of: '201,0); drop database YOUR_DATABASE'; would fail due to big length and also I tested with inputing letters and my IF function caught it and exited. Further more, everything else (other than phone input fields) is drop down boxes with specific numbers or letters inserted in them. I should be 100% safe with those right? By using form POST there should be no other loop holes left opened right? It's not like php $_GET so people can't try typing to the browser in this format: You may want to read the man pages for curl and wget -- both can submit POST requests. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users