Re: [asterisk-users] PHP can't insert - Can someone please help
Its not wise to haste in posting for help without first spending sometime
thinking yourself. Your mysql syntax is not right, you can clearly see the
missing single quotes starting from 'ext-local. I would also suggest to use
a different syntax for this mysql statement, i.e. using SET instead of
VALUES, which makes the syntax much clearer, i.e. INSERT INTO `table` SET
`col1` = 'value1', `col2`= 'val2' and so on.
Zeeshan A Zakaria
--
www.ilovetovoip.com
On 2010-07-10 12:13 AM, bruce bruce bruceb...@gmail.com wrote:
Hi Guys,
I am making another module for Voicemail. I have three fields in a POST form
that have to be connected together to make it a single 10 digit number but
there is something wrong in my syntax probably.
$npaa = ('$_POST[anpa]');
$nxxa = ('$_POST[anxx]');
$blocka = ('$_POST[ablock]');
*$grplist = $npaa.$nxxa.$blocka;*
$sql=INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist,
annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing,
pre_ring)
VALUES
('$_POST[grpnum]','ringall','$_POST[grptime]','$_POST[grppre]',$grplist,'0','$_POST[postdest]','','','0','0','Ring','$_POST[pre_ring]');
It seems that $grplist is the problem. Can someone please point what is
wrong?
Error:
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'('333')(''),'0','ext-local,vmb2000,1','','','0','0','Ring','0')' at
line 3
Thanks,
Bruce
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Thank you for the amazing reply. First few lines of your e-mail was EXACTLY
getting me to where I made a mistake. I guess I didn't take the () and ' '
at their face value and was looking somewhere else for the problem.
For sanatizing you mean checking the numbers to make sure they are valid
numbers and not alphabet or other charecters? or, are you pointing the fact
that I am keeping mysql root password in plain .php file? I have done an
include of a php file which has mysql root password and that is insert as an
#incldue in the html file. So, if someone checks source for html can't see
mysql root password. Even though root is user on mysql is to accept only
from localhost.
I would really appreciate it if you can weigh in on it a bit.
Thanks,
Bruce
On Sat, Jul 10, 2010 at 7:42 AM, Gerald A geraldabli...@gmail.com wrote:
Hi Bruce,
First, your problem isn't PHP, it seems to be SQL and I'm guessing MySQL at
that.
Next, you seem to be accepting user input and not sanatizing it. DANGER
WILL ROBINSON!!!
This is bad, because it leaves you open to something known as a SQL
injection attack.
Now, as to syntax:
On Sat, Jul 10, 2010 at 12:07 AM, bruce bruce bruceb...@gmail.com wrote:
I am making another module for Voicemail. I have three fields in a POST
form that have to be connected together to make it a single 10 digit number
but there is something wrong in my syntax probably.
$npaa = ('$_POST[anpa]');
$nxxa = ('$_POST[anxx]');
$blocka = ('$_POST[ablock]');
*$grplist = $npaa.$nxxa.$blocka;*
Ok, so suppose arpa=111, anxx=222 and ablock=.
grplist would then be ('111')('333')('').
$sql=INSERT INTO findmefollow(grpnum, strategy, grptime, grppre,
grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id,
ringing, pre_ring)
VALUES
('$_POST[grpnum]','ringall','$_POST[grptime]','$_POST[grppre]',$grplist,'0','$_POST[postdest]','','','0','0','Ring','$_POST[pre_ring]');
It seems that $grplist is the problem. Can someone please point what is
wrong?
Error:
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'('333')(''),'0','ext-local,vmb2000,1','','','0','0','Ring','0')' at
line 3
Look closesly, grasshopper. See it? (Does the hint above help?) Hmmm, ok.
Let's write the line as SQL:
INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist,
annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing,
pre_ring)
VALUES
('0','ringall','0','0',('111')('333')(''),'0','0','','','0','0','Ring','0');
Clear now? You are trying to insert the raw value --
('111')('333')('') -- into your database. This can't make any sense
except as string, And this isn't one.
I think what you might have meant is to quote the _whole thing_ as a
string, and not the individual pieces. Then:
$grplist = '(.$npaa.$nxxa.$blocka.)';
and
$blocka = ($_POST[ablock]); # and for all of them above
This would make the value '(111)(333)()', which should work fine.
Now, if you really meant to add in the quotes, you'll have to quote the
quotes, which can be hard to do in good times.
Hope this helps,
Gerald.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Further to my last post, I added this to santize. I also created a new mysql
user with access to only findmefollow portion of the asterisk table for
limited access and assigned only two simultaneous connections with only 10
changes queries per hour (as I know that no more queries will be put through
probably)
if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911)
Should that suffice against SQL injections? The if condition changes the
string to number so it removes the chance of people adding
other characters and it also sticks to format NPAN or 2XX2.
Thanks
On Sat, Jul 10, 2010 at 10:21 AM, bruce bruce bruceb...@gmail.com wrote:
Thank you for the amazing reply. First few lines of your e-mail was EXACTLY
getting me to where I made a mistake. I guess I didn't take the () and ' '
at their face value and was looking somewhere else for the problem.
For sanatizing you mean checking the numbers to make sure they are valid
numbers and not alphabet or other charecters? or, are you pointing the fact
that I am keeping mysql root password in plain .php file? I have done an
include of a php file which has mysql root password and that is insert as an
#incldue in the html file. So, if someone checks source for html can't see
mysql root password. Even though root is user on mysql is to accept only
from localhost.
I would really appreciate it if you can weigh in on it a bit.
Thanks,
Bruce
On Sat, Jul 10, 2010 at 7:42 AM, Gerald A geraldabli...@gmail.com wrote:
Hi Bruce,
First, your problem isn't PHP, it seems to be SQL and I'm guessing MySQL
at that.
Next, you seem to be accepting user input and not sanatizing it. DANGER
WILL ROBINSON!!!
This is bad, because it leaves you open to something known as a SQL
injection attack.
Now, as to syntax:
On Sat, Jul 10, 2010 at 12:07 AM, bruce bruce bruceb...@gmail.comwrote:
I am making another module for Voicemail. I have three fields in a POST
form that have to be connected together to make it a single 10 digit number
but there is something wrong in my syntax probably.
$npaa = ('$_POST[anpa]');
$nxxa = ('$_POST[anxx]');
$blocka = ('$_POST[ablock]');
*$grplist = $npaa.$nxxa.$blocka;*
Ok, so suppose arpa=111, anxx=222 and ablock=.
grplist would then be ('111')('333')('').
$sql=INSERT INTO findmefollow(grpnum, strategy, grptime, grppre,
grplist, annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id,
ringing, pre_ring)
VALUES
('$_POST[grpnum]','ringall','$_POST[grptime]','$_POST[grppre]',$grplist,'0','$_POST[postdest]','','','0','0','Ring','$_POST[pre_ring]');
It seems that $grplist is the problem. Can someone please point what is
wrong?
Error:
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'('333')(''),'0','ext-local,vmb2000,1','','','0','0','Ring','0')' at
line 3
Look closesly, grasshopper. See it? (Does the hint above help?) Hmmm, ok.
Let's write the line as SQL:
INSERT INTO findmefollow(grpnum, strategy, grptime, grppre, grplist,
annmsg_id, postdest, dring, needsconf, remotealert_id, toolate_id, ringing,
pre_ring)
VALUES
('0','ringall','0','0',('111')('333')(''),'0','0','','','0','0','Ring','0');
Clear now? You are trying to insert the raw value --
('111')('333')('') -- into your database. This can't make any sense
except as string, And this isn't one.
I think what you might have meant is to quote the _whole thing_ as a
string, and not the individual pieces. Then:
$grplist = '(.$npaa.$nxxa.$blocka.)';
and
$blocka = ($_POST[ablock]); # and for all of them above
This would make the value '(111)(333)()', which should work fine.
Now, if you really meant to add in the quotes, you'll have to quote the
quotes, which can be hard to do in good times.
Hope this helps,
Gerald.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Hi Bruce, On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce bruceb...@gmail.com wrote: Further to my last post, I added this to santize. I also created a new mysql user with access to only findmefollow portion of the asterisk table for limited access and assigned only two simultaneous connections with only 10 changes queries per hour (as I know that no more queries will be put through probably) if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) Should that suffice against SQL injections? The if condition changes the string to number so it removes the chance of people adding other characters and it also sticks to format NPAN or 2XX2. There are two things -- the first is, who call this script? If it's something you control 100%, you can mitigate the risk a bit. I don't really like this tact, because if the script gets repurposed, you end up with something that could be very dangerous. The second thing is simple -- most people think small here, but you have to think big and know a bit about how PHP works. PHP strings are pretty amazing things, and one of the pesky things is that you can put all kinds of things in it. Now, if that string variable is created as a result of a form input, then that string can be anything. For a moment, think about if it $npaa = '201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty, and it would muck up further SQL injections, but now you get the idea. You should always check to make sure the data you are getting is what you are expecting, and exclude what you aren't. So, are your tests sufficient? I can't remember off the top of my head if the string - integer only considers the first number, or it considers the whole string. (PHP usually errs on the side of ease of use, so I think my snippet above would still pass your test). If your expecting only numbers, I'd write a function that ensures that only numbers are parts of the input. (And not just for the 3 above variables). Really, you should never see $_POST(var) (or any PHP CGI variable) that derives directly from user input. It takes a few minutes extra, but it'll save hours of sorting later if you get hit by a SQL injection. Hope this helps, Gerald -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] How can get user inputs from called party after dial?
Hi, I want to dial a party, play him a message and wait for his input, i.e. DTMF digits and use them to control the rest of the dial plan. How do I do it? If I use Dial it will not return until the end of the call, isn't it? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Thanks again. Apparently all POST variables come through as strings. The function you pointed out is I think already built in php as is_numeric() http://www.php.net/manual/en/function.is-numeric.php. http://php.net/manual/en/function.is-int.php http://www.php.net/manual/en/function.is-numeric.php http://www.php.net/manual/en/function.is-numeric.phpIf that runs TRUE and if I keep my =200 and !=911 or !900 I should be safe from SQL injections. And along with dial-out routes rules, I think I can make this stronger. I have my html/php file set so that the input field only takes 3 digit 3 digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop database YOUR_DATABASE'; *would fail due to big length and also I tested with inputing letters and my IF function caught it and exited. Further more, everything else (other than phone input fields) is drop down boxes with specific numbers or letters inserted in them. I should be 100% safe with those right? By using form POST there should be no other loop holes left opened right? It's not like php $_GET so people can't try typing to the browser in this format: http://www.w3schools.com/welcome.php?fname=Peterage=37 Thanks a lot, Bruce On Sat, Jul 10, 2010 at 1:41 PM, Gerald A geraldabli...@gmail.com wrote: Hi Bruce, On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce bruceb...@gmail.com wrote: Further to my last post, I added this to santize. I also created a new mysql user with access to only findmefollow portion of the asterisk table for limited access and assigned only two simultaneous connections with only 10 changes queries per hour (as I know that no more queries will be put through probably) if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911) Should that suffice against SQL injections? The if condition changes the string to number so it removes the chance of people adding other characters and it also sticks to format NPAN or 2XX2. There are two things -- the first is, who call this script? If it's something you control 100%, you can mitigate the risk a bit. I don't really like this tact, because if the script gets repurposed, you end up with something that could be very dangerous. The second thing is simple -- most people think small here, but you have to think big and know a bit about how PHP works. PHP strings are pretty amazing things, and one of the pesky things is that you can put all kinds of things in it. Now, if that string variable is created as a result of a form input, then that string can be anything. For a moment, think about if it $npaa = '201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty, and it would muck up further SQL injections, but now you get the idea. You should always check to make sure the data you are getting is what you are expecting, and exclude what you aren't. So, are your tests sufficient? I can't remember off the top of my head if the string - integer only considers the first number, or it considers the whole string. (PHP usually errs on the side of ease of use, so I think my snippet above would still pass your test). If your expecting only numbers, I'd write a function that ensures that only numbers are parts of the input. (And not just for the 3 above variables). Really, you should never see $_POST(var) (or any PHP CGI variable) that derives directly from user input. It takes a few minutes extra, but it'll save hours of sorting later if you get hit by a SQL injection. Hope this helps, Gerald -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
You need read():
http://www.voip-info.org/wiki/view/Asterisk+cmd+Read
http://www.voip-info.org/wiki/view/Asterisk+cmd+ReadIt's as easy as:
exten = s,n,Read(variable,,11)
exten = s,n,NoOp(${variable})
Above will take up to 11 digits input by user and will display it back in
NoOP on Asterisk CLI.
-Bruce
On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote:
Hi,
I want to dial a party, play him a message and wait for his input, i.e.
DTMF digits and use them to control the rest of the dial plan.
How do I do it?
If I use Dial it will not return until the end of the call, isn't it?
Thanks,
Eyal
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
Thanks, but I'm missing something here, the dial command is where?
I need to do something like:
Dial(1234)
Read(1 digit)
DoSomthing(based on digit from 1234)
And as far as I understand the Dial start the call and only come back (ig
you use the g option) after call finished.
Eyal
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce
Sent: Saturday, July 10, 2010 9:30 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] How can get user inputs from called party
after dial?
You need read():
http://www.voip-info.org/wiki/view/Asterisk+cmd+Read
It's as easy as:
exten = s,n,Read(variable,,11)
exten = s,n,NoOp(${variable})
Above will take up to 11 digits input by user and will display it back in
NoOP on Asterisk CLI.
-Bruce
On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote:
Hi,
I want to dial a party, play him a message and wait for his input, i.e. DTMF
digits and use them to control the rest of the dial plan.
How do I do it?
If I use Dial it will not return until the end of the call, isn't it?
Thanks,
Eyal
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Here is the steel strong sanitizer:
$npaa = $_POST[anpa];
$nxxa = $_POST[anxx];
$blocka = $_POST[ablock];
# Sanitize
$blocka_san = strspn($blocka, 0123456789);
*if ($blocka_san==4 is_numeric($npaa) is_numeric($nxxa)
is_numeric($blocka) $npaa=200 $nxxa=200 $npaa!=900
$npaa!=911) *
*
*
* {*
echo Number passed sanitization;
}
What do you think? :-)
-Bruce
On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce bruceb...@gmail.com wrote:
Thanks again. Apparently all POST variables come through as strings. The
function you pointed out is I think already built in php as
is_numeric() http://www.php.net/manual/en/function.is-numeric.php.
http://php.net/manual/en/function.is-int.php
http://www.php.net/manual/en/function.is-numeric.php
http://www.php.net/manual/en/function.is-numeric.phpIf that runs TRUE
and if I keep my =200 and !=911 or !900 I should be safe from SQL
injections. And along with dial-out routes rules, I think I can make this
stronger.
I have my html/php file set so that the input field only takes 3 digit 3
digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop
database YOUR_DATABASE'; *would fail due to big length and also I tested
with inputing letters and my IF function caught it and exited.
Further more, everything else (other than phone input fields) is drop down
boxes with specific numbers or letters inserted in them. I should be 100%
safe with those right?
By using form POST there should be no other loop holes left opened right?
It's not like php $_GET so people can't try typing to the browser in this
format:
http://www.w3schools.com/welcome.php?fname=Peterage=37
Thanks a lot,
Bruce
On Sat, Jul 10, 2010 at 1:41 PM, Gerald A geraldabli...@gmail.com wrote:
Hi Bruce,
On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce bruceb...@gmail.comwrote:
Further to my last post, I added this to santize. I also created a new
mysql user with access to only findmefollow portion of the asterisk table
for limited access and assigned only two simultaneous connections with only
10 changes queries per hour (as I know that no more queries will be put
through probably)
if ($npaa=200 $nxxa=200 $npaa!=900 $npaa!=911)
Should that suffice against SQL injections? The if condition changes the
string to number so it removes the chance of people adding
other characters and it also sticks to format NPAN or 2XX2.
There are two things -- the first is, who call this script? If it's
something you control 100%, you can mitigate the risk a bit. I don't really
like this tact, because if the script gets repurposed, you end up with
something that could be very dangerous.
The second thing is simple -- most people think small here, but you have
to think big and know a bit about how PHP works. PHP strings are pretty
amazing things, and one of the pesky things is that you can put all kinds of
things in it. Now, if that string variable is created as a result of a form
input, then that string can be anything. For a moment, think about if it
$npaa = '201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty,
and it would muck up further SQL injections, but now you get the idea. You
should always check to make sure the data you are getting is what you are
expecting, and exclude what you aren't.
So, are your tests sufficient? I can't remember off the top of my head if
the string - integer only considers the first number, or it considers the
whole string. (PHP usually errs on the side of ease of use, so I think my
snippet above would still pass your test). If your expecting only numbers,
I'd write a function that ensures that only numbers are parts of the input.
(And not just for the 3 above variables).
Really, you should never see $_POST(var) (or any PHP CGI variable) that
derives directly from user input.
It takes a few minutes extra, but it'll save hours of sorting later if you
get hit by a SQL injection.
Hope this helps,
Gerald
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
You need to do some reading :-)
I will give you a quick teach here. At the end of file
/etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in
/etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add
this:
[first-Dialplan]
exten = s,1,Answer
exten = s,n,Playback(Welcome)
exten = s,n,Read(numb,,10)
exten = s,n,NoOp(${numb})
And send your inbound route to context first-Dialplan so that it's triggered
when a call comes in. Then on terminal do a asterisk -r and you
will see the NoOp show the DTMF number entered. From there on you can do
anything you want with the variable ${numb}
If any part of above is unclear to you, you must consult your friend,
google, for examples of Asterisk dialplan.
-Bruce
On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.com wrote:
Thanks, but I'm missing something here, the dial command is where?
I need to do something like:
Dial(1234)
Read(1 digit)
DoSomthing(based on digit from 1234)
And as far as I understand the Dial start the call and only come back (ig
you use the g option) after call finished.
Eyal
*From:* asterisk-users-boun...@lists.digium.com [mailto:
asterisk-users-boun...@lists.digium.com] *On Behalf Of *bruce bruce
*Sent:* Saturday, July 10, 2010 9:30 PM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* Re: [asterisk-users] How can get user inputs from called party
after dial?
You need read():
http://www.voip-info.org/wiki/view/Asterisk+cmd+Read
It's as easy as:
exten = s,n,Read(variable,,11)
exten = s,n,NoOp(${variable})
Above will take up to 11 digits input by user and will display it back in
NoOP on Asterisk CLI.
-Bruce
On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com
wrote:
Hi,
I want to dial a party, play him a message and wait for his input, i.e.
DTMF digits and use them to control the rest of the dial plan.
How do I do it?
If I use Dial it will not return until the end of the call, isn't it?
Thanks,
Eyal
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
For dial you do this:
[first-Dialplan]
exten = s,1,Answer
exten = s,n,Dial(SIP/provider/111222)
exten = s,n,Playback(Welcome)
exten = s,n,Read(numb,,10)
exten = s,n,NoOp(${numb})
-Bruce
On Sat, Jul 10, 2010 at 2:51 PM, bruce bruce bruceb...@gmail.com wrote:
You need to do some reading :-)
I will give you a quick teach here. At the end of file
/etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in
/etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add
this:
[first-Dialplan]
exten = s,1,Answer
exten = s,n,Playback(Welcome)
exten = s,n,Read(numb,,10)
exten = s,n,NoOp(${numb})
And send your inbound route to context first-Dialplan so that it's
triggered when a call comes in. Then on terminal do a asterisk -r
and you will see the NoOp show the DTMF number entered. From there on you
can do anything you want with the variable ${numb}
If any part of above is unclear to you, you must consult your friend,
google, for examples of Asterisk dialplan.
-Bruce
On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.comwrote:
Thanks, but I'm missing something here, the dial command is where?
I need to do something like:
Dial(1234)
Read(1 digit)
DoSomthing(based on digit from 1234)
And as far as I understand the Dial start the call and only come back (ig
you use the g option) after call finished.
Eyal
*From:* asterisk-users-boun...@lists.digium.com [mailto:
asterisk-users-boun...@lists.digium.com] *On Behalf Of *bruce bruce
*Sent:* Saturday, July 10, 2010 9:30 PM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* Re: [asterisk-users] How can get user inputs from called party
after dial?
You need read():
http://www.voip-info.org/wiki/view/Asterisk+cmd+Read
It's as easy as:
exten = s,n,Read(variable,,11)
exten = s,n,NoOp(${variable})
Above will take up to 11 digits input by user and will display it back in
NoOP on Asterisk CLI.
-Bruce
On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com
wrote:
Hi,
I want to dial a party, play him a message and wait for his input, i.e.
DTMF digits and use them to control the rest of the dial plan.
How do I do it?
If I use Dial it will not return until the end of the call, isn't it?
Thanks,
Eyal
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
Thank you Bruce,
I think we are not on the same page.
I have an AMI script that issue an originate command, after one channel is
connected I'm in my dialplan at extensions_custom.conf (I use FreePBX).
Now I'm issuing a Dial command to the another party that when he pick up the
phone I play for him a message (using the A option in the Dial command) and
then want to wait for his input, this is the case.
Eyal
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce
Sent: Saturday, July 10, 2010 9:52 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] How can get user inputs from called party
after dial?
You need to do some reading :-)
I will give you a quick teach here. At the end of file
/etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in
/etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add
this:
[first-Dialplan]
exten = s,1,Answer
exten = s,n,Playback(Welcome)
exten = s,n,Read(numb,,10)
exten = s,n,NoOp(${numb})
And send your inbound route to context first-Dialplan so that it's triggered
when a call comes in. Then on terminal do a asterisk -r and you
will see the NoOp show the DTMF number entered. From there on you can do
anything you want with the variable ${numb}
If any part of above is unclear to you, you must consult your friend,
google, for examples of Asterisk dialplan.
-Bruce
On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.com wrote:
Thanks, but I'm missing something here, the dial command is where?
I need to do something like:
Dial(1234)
Read(1 digit)
DoSomthing(based on digit from 1234)
And as far as I understand the Dial start the call and only come back (ig
you use the g option) after call finished.
Eyal
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce
Sent: Saturday, July 10, 2010 9:30 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] How can get user inputs from called party
after dial?
You need read():
http://www.voip-info.org/wiki/view/Asterisk+cmd+Read
It's as easy as:
exten = s,n,Read(variable,,11)
exten = s,n,NoOp(${variable})
Above will take up to 11 digits input by user and will display it back in
NoOP on Asterisk CLI.
-Bruce
On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote:
Hi,
I want to dial a party, play him a message and wait for his input, i.e. DTMF
digits and use them to control the rest of the dial plan.
How do I do it?
If I use Dial it will not return until the end of the call, isn't it?
Thanks,
Eyal
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
Thank you Bruce, In the below example you sent the dialplan will stop after
Dial.
I found the solution to my problem in the M option of the Dial command that
let you run a macro BEFORE the parties are connected and continue the
dialplan based on the MACRO_RESULT.
Thanks for your help,
Eyal
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce
Sent: Saturday, July 10, 2010 9:53 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] How can get user inputs from called party
after dial?
For dial you do this:
[first-Dialplan]
exten = s,1,Answer
exten = s,n,Dial(SIP/provider/111222)
exten = s,n,Playback(Welcome)
exten = s,n,Read(numb,,10)
exten = s,n,NoOp(${numb})
-Bruce
On Sat, Jul 10, 2010 at 2:51 PM, bruce bruce bruceb...@gmail.com wrote:
You need to do some reading :-)
I will give you a quick teach here. At the end of file
/etc/asterisk/extensions_custom.conf (if you are running FreePBX) OR in
/etc/asterisk/extensions.conf (if you are running vanilla Asterisk) add
this:
[first-Dialplan]
exten = s,1,Answer
exten = s,n,Playback(Welcome)
exten = s,n,Read(numb,,10)
exten = s,n,NoOp(${numb})
And send your inbound route to context first-Dialplan so that it's triggered
when a call comes in. Then on terminal do a asterisk -r and you
will see the NoOp show the DTMF number entered. From there on you can do
anything you want with the variable ${numb}
If any part of above is unclear to you, you must consult your friend,
google, for examples of Asterisk dialplan.
-Bruce
On Sat, Jul 10, 2010 at 2:38 PM, Eyal Goltzman egoltz...@gmail.com wrote:
Thanks, but I'm missing something here, the dial command is where?
I need to do something like:
Dial(1234)
Read(1 digit)
DoSomthing(based on digit from 1234)
And as far as I understand the Dial start the call and only come back (ig
you use the g option) after call finished.
Eyal
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce
Sent: Saturday, July 10, 2010 9:30 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] How can get user inputs from called party
after dial?
You need read():
http://www.voip-info.org/wiki/view/Asterisk+cmd+Read
It's as easy as:
exten = s,n,Read(variable,,11)
exten = s,n,NoOp(${variable})
Above will take up to 11 digits input by user and will display it back in
NoOP on Asterisk CLI.
-Bruce
On Sat, Jul 10, 2010 at 2:16 PM, eyal goltzman egoltz...@gmail.com wrote:
Hi,
I want to dial a party, play him a message and wait for his input, i.e. DTMF
digits and use them to control the rest of the dial plan.
How do I do it?
If I use Dial it will not return until the end of the call, isn't it?
Thanks,
Eyal
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2991 - Release Date: 07/10/10
09:36:00
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
On Sat, 10 Jul 2010, bruce bruce wrote: You need to do some reading :-) Now that is funny -- maybe you could take your own advice and look at http://www.php.net/docs.php instead of posting please help me debug code I'm too lazy to even see if PHP says it is syntactically correct and the only relevance it has to Asterisk is I'm trying to concatenate some strings and make sure it could be a phone number requests. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How can get user inputs from called party after dial?
I was under the impression that he is new to Asterisk. No need to fuss. Hence the :-) On Sat, Jul 10, 2010 at 3:35 PM, Steve Edwards asterisk@sedwards.comwrote: On Sat, 10 Jul 2010, bruce bruce wrote: You need to do some reading :-) Now that is funny -- maybe you could take your own advice and look at http://www.php.net/docs.php instead of posting please help me debug code I'm too lazy to even see if PHP says it is syntactically correct and the only relevance it has to Asterisk is I'm trying to concatenate some strings and make sure it could be a phone number requests. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP Trunk configuration problem - fromdomain
you need to set your external IP in the sip.conf to be your public IP after NAT (assuming your talking over a public network). That way when the sip request goes out and it sees the IP address your are sending to is outside your localnets it changes the SIP header to use the x.y.z.w IP you set in the externip (i believe thats the exact spelling, but not looking at sip.conf this second). Trevor Benson A1 Networks | Network Engineer dCAP- Digium Certified Asterisk Professional LPIC-1, Network+, CNA, MCP DID (707)703-1041 Fax (707)703-1983 tben...@a-1networks.com On Jul 5, 2010, at 3:18 AM, eyal goltzman wrote: Hello, I'm trying to register to my provider sip trunk, I got from him an host IP (a.b.c.d) to connect to and my provider recognize me based on the fixed IP (x.y.z.w) he gave me (no need for username and password) In the sip.conf I add: [mytrunk] type=friend insecure=no host=a.b.c.d fromdomain=x.y.z.w qualify=3600 nat=no ; change to yes if you are behind NAT bindport=5060 bindaddr=0.0.0.0 context=default disallow=all allow=ulaw allow=alaw Now, my asterisk resides in my internal network (10.100.101.107) and in the SIP requests that sent to the provider I can see (via a sniffer) that the From and Contact fields have - sip:aster...@10.100.101.107 and not the x.y.z.w I expected to see as a result of the fromdomain=x.y.z.w. Any idea? Thanks, Eyal -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
On Sat, 10 Jul 2010, bruce bruce wrote:
Here is the steel strong sanitizer:
$npaa = $_POST[anpa];
$nxxa = $_POST[anxx];
$blocka = $_POST[ablock];
# Sanitize
$blocka_san = strspn($blocka, 0123456789);
if ($blocka_san==4 is_numeric($npaa) is_numeric($nxxa)
is_numeric($blocka) $npaa=200 $nxxa=200 $npaa!=900
$npaa!=911)
{
echo Number passed sanitization;
}
What do you think? :-)
Yuk.
On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce bruceb...@gmail.com
wrote:
Thanks again. Apparently all POST variables come through as strings.
You may want to read the relevant RFCs. Look for ENCTYPE.
The function you pointed out is I think already built in php
as is_numeric().
http://www.php.net/manual/en/function.is-numeric.php
You may want to read the function definition again. It allows plus,
exponential notation and hexadecimal notation as well.
I have my html/php file set so that the input field only takes 3 digit 3
digit 4 digit (NPA, NXX, Block) so your purposal of: '201,0); drop
database YOUR_DATABASE'; would fail due to big length and also I tested
with inputing letters and my IF function caught it and exited.
Further more, everything else (other than phone input fields) is drop
down boxes with specific numbers or letters inserted in them. I should
be 100% safe with those right?
By using form POST there should be no other loop holes left opened
right? It's not like php $_GET so people can't try typing to the browser
in this format:
You may want to read the man pages for curl and wget -- both can submit
POST requests.
--
Thanks in advance,
-
Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
