phpagi SVN
Brought to you by:
masham
Menu
▾
▴
[r3]: / trunk / docs / README.phpagi-asmanager Maximize Restore History
219 lines (149 with data), 6.0 kB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 | phpagi-asmanager: an Asterisk Manager class written in PHP Matthew Asham <matthewa@bcwireless.net> http://phpagi.sourceforge.net ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ SECURITY ------------------------------------------------------------------------------ Validation: ******If asterisk is running as root, the manager interface may allow the execution of arbitrary shell commands as root. If the user can update any configuration file that can execute arbitrary command (like the dialplan), the system may be compromised. Also, look out for command injection. Consider the following example: $as->Events($_POST['events_status']); We expect either 'on' or 'off', but the attacker uses: "\r\n\r\nAction: Command\r\nCommand: database put forward 54321 19005551212"; Validation is a *must* for all user data. Username and Secret: Storing the username and secret in the config file will isolate them from your code. Isolation of username and secret in the config file does not mean that the script cannot simple read the config file. The config file must be readable by the script. CREATING A NEW INSTANCE OF THE CLASS ------------------------------------------------------------------------------ The class can be created standalone of phpagi.php, or through phpagi. STANDALONE: require "phpagi-asmanager.php"; $as = new AGI_AsteriskManager(); FROM PHPAGI: require "phpagi.php"; $agi = new AGI(); $as = $agi->new_AsteriskManager(); Notes: * If the class is created using $agi->new_AsteriskManager(), AGI_AsteriskManager will use the parent phpagi for logging to the Asterisk console. * phpagi.php will include phpagi-asmanager.php by itself. * If phpagi-asmanager.php is included _before_ phpagi.php, phpagi.php will not attempt to re-include it. * If phpagi.php tries to include phpagi-asmanager.php but is unable to do so, an error will be echoed to the asterisk console and the script will continue running normally. in this case the return value of new_AsteriskManager() will be FALSE. ------------------------------------------------------------------------------ CONFIGURATION ------------------------------------------------------------------------------ phpagi-asmanager uses the same configuration file as phpagi.conf (usually /etc/asterisk/phpagi.conf). All configuration information specific to phpagi-asmanager is contained in the [asmanager] section of the .conf file. supported directives: [asmanager] # server to connect to server=localhost # default manager port port=5038 #username for login username=me_and_only_me #password for login secret=i_am_not_telling ------------------------------------------------------------------------------ CONNECTING ------------------------------------------------------------------------------ $res = $as->connect("localhost", "username", "password"); if($res == FALSE) { echo "Connection failed.\n"; } elseif($res == TRUE){ echo "Connection established.\n"; } A port can also be specified for the hostname. eg: $res = $as->connect("my.asterisk.server:1234", "username", "port"); If the no parameters are specified, the defaults from the config will be used. ------------------------------------------------------------------------------ DISCONNECTING ------------------------------------------------------------------------------ $as->disconnect(); ------------------------------------------------------------------------------ SENDING REQUESTS ------------------------------------------------------------------------------ $as->send_request($eventname, $arrayofparameterstopass); send_request() calls wait_request and returns an array of returned data from the manager. If something went wrong, it returns false. wait_request() shouldn't need to be called from a script directly unless you are implementing merely an event listener. wait_request() will also detect events and dispatch any registered event handlers for the event. examples: $res = $as->send_request('EventName', array('Channel'=>'Zap/1/16045551212', 'SomeParameter'=>'data')); echo "Dump of returned data:\n"; foreach($res as $var=>$val) echo "$var = $val\n"; $res['Response'] will generally be 'Success' on success and 'Error' on failure. But this is not always true. If $res['Response'] == 'Follows', a multi-line response will be stored in $res['data']. Several manager commands have been aliased for convenience. See below. ------------------------------------------------------------------------------ EVENTS ------------------------------------------------------------------------------ TODO: non-blocking socket i/o. The class uses event callbacks to process events received from the manager. The event callback prototype looks like: function dump_event($ecode, $data, $server, $port) { echo "received event '$ecode' from $server:$port\n"; print_r($data); } To register an event call back: $as->add_event_handler('eventname', 'eventfunction'); eg: $as->add_event_handler('registry', 'dump_event'); The special eventname "*" can also be registered. any eventname not specifically registered will be handled by the "*" handler. If no "*" handler is defined, the event will be silently ignored. ------------------------------------------------------------------------------ PRECANNED FUNCTIONS ------------------------------------------------------------------------------ The following Manager functions have been aliased for convenience: AbsoluteTimeout ChangeMonitor Command Events ExtensionState GetVar Hangup IAXPeers ListCommands Logoff MailboxCount MailboxStatus Monitor Originate ParkedCalls Ping Queues QueueStatus Redirect SetCDRUserField SetVar SIPpeers Status StopMontor ZapDialOffhook ZapDNDoff ZapDNDon ZapHangup ZapTransfer |
