//if password was defined in the system -> variables page then require the password.
if (strlen($provision['password']) > 0) {
//deny access if the password doesn't match
if ($provision['password'] != check_str($_REQUEST['password'])) {
//log the failed auth attempt to the system, to be available for fail2ban.
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
syslog(LOG_WARNING, '[' . $_SERVER['REMOTE_ADDR'] . "] provision attempt bad password for " . check_str($_REQUEST['mac']));
closelog();
usleep(rand(1000000, 3000000));
//1-3 seconds.
echo "access denied 4";
return;
}
}
//output template to string for header processing
$prov = new provision();
$prov->domain_uuid = $domain_uuid;
$prov->mac = $mac;
$prov->file = $file;
$file_contents = $prov->render();
//deliver the customized config over HTTP/HTTPS
//need to make sure content-type is correct
if ($_REQUEST['content_type'] == 'application/octet-stream') {
//format the mac address and
$mac = $prov->format_mac($mac, $device_vendor);
//replace the variable name with the value
$file_name = str_replace("{\$mac}", $mac, $file);
//set the headers
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file_name) . '"');
//if password was defined in the system -> variables page then require the password.
if (strlen($provision['password']) > 0) {
//deny access if the password doesn't match
if ($provision['password'] != check_str($_REQUEST['password'])) {
//log the failed auth attempt to the system, to be available for fail2ban.
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
syslog(LOG_WARNING, '[' . $_SERVER['REMOTE_ADDR'] . "] provision attempt bad password for " . check_str($_REQUEST['mac']));
closelog();
usleep(rand(1000000, 3000000));
//1-3 seconds.
echo "access denied 4";
return;
}
}
//output template to string for header processing
$prov = new provision();
$prov->domain_uuid = $domain_uuid;
$prov->mac = $mac;
$prov->file = $file;
$file_contents = $prov->render();
//deliver the customized config over HTTP/HTTPS
//need to make sure content-type is correct
if ($_REQUEST['content_type'] == 'application/octet-stream') {
$file_name = str_replace("{\$mac}", $mac, $file);
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file_name) . '"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
echo "<td align='right' valign='top'>\n";
echo "\t<input type='button' class='btn' id='button_back_location' name='' alt='" . $text['button-back'] . "' onclick=\"window.location='devices.php'\" value='" . $text['button-back'] . "'>\n";
if (permission_exists("device_files")) {
//get the template directory
$prov = new provision();
$prov->domain_uuid = $domain_uuid;
$template_dir = $prov->template_dir;
$files = glob($template_dir . '/' . $device_template . '/*');
//add file buttons and the file list
echo "\t\t<input type='button' class='btn' id='button_files' name='' alt='" . $text['button-files'] . "' onclick='show_files();' value='" . $text['button-files'] . "'>";
echo "\t\t<input type='button' class='btn' style='display: none;' id='button_back' name='' alt='" . $text['button-back'] . "' onclick='hide_files();' value='" . $text['button-back'] . "'> ";
echo "\t\t<select class='formfld' style='display: none; width: auto;' name='target_file' id='target_file' onchange='download(this.value)'>\n";
echo "\t\t\t<option value=''>" . $text['label-download'] . "</option>\n";
foreach ($files as $file) {
//format the mac address and
$format = new provision();
$mac = $format->format_mac($device_mac_address, $device_vendor);
//render the file name
$file_name = str_replace("{\$mac}", $mac, basename($file));
//add the select option
echo "\t\t<option value='" . basename($file) . "'>" . $file_name . "</option>\n";
}
echo "\t\t</select>\n";
//echo " <input type='button' class='btn' id='button_download' style='display: none;' alt='".$text['button-download']."' value='".$text['button-download']."' onclick='document.forms.frm.submit();'>";
}
if (permission_exists('device_add') && $action != "add") {
echo "\t<input type='button' class='btn' name='' alt='" . $text['button-copy'] . "' onclick=\"var new_mac = prompt('" . $text['message_device'] . "'); if (new_mac != null) { window.location='device_copy.php?id=" . $device_uuid . "&mac=' + new_mac; }\" value='" . $text['button-copy'] . "'>\n";
}
echo "\t<input type='button' class='btn' value='" . $text['button-save'] . "' onclick='submit_form();'>\n";
echo "</td>\n";
echo "</tr>\n";
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <*****@*****.**>
Copyright (C) 2008-2014 All Rights Reserved.
Contributor(s):
Mark J Crane <*****@*****.**>
*/
include "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
include "resources/classes/template.php";
if (if_group("admin") || if_group("superadmin")) {
//access granted
} else {
echo "access denied";
exit;
}
//output template to string for header processing
$prov = new provision();
$prov->domain_uuid = $domain_uuid;
$response = $prov->write();
