function vm_movfile($extension, $src_folder, $dst_folder, $src_file)
{
// Prevent path traversal
if (preg_match('/\\.\\.\\//', $extension)) {
return false;
}
if (preg_match('/\\.\\.\\//', $src_folder)) {
return false;
}
if (preg_match('/\\.\\.\\//', $dst_folder)) {
return false;
}
if (preg_match('/\\.\\.\\//', $src_file)) {
return false;
}
$DST_Extension = vm_files($extension, $dst_folder);
// Get a list with all messages
$DST_Extension = array_pop($DST_Extension);
// Pop the last message from the list
$DST_Extension = $DST_Extension['no'];
// Get the msg# of this last message
$DST_Extension = $DST_Extension + 1;
// Increment it to find a new msg#
$dst_file = str_pad($DST_Extension, 4, "0", STR_PAD_LEFT);
// Pad zeros until we have 4 chars in msg#
$vm_path_src = '/var/spool/asterisk/voicemail/default/' . $extension . '/' . $src_folder;
$vm_path_dst = '/var/spool/asterisk/voicemail/default/' . $extension . '/' . $dst_folder;
$valid_ext = array('wav', 'WAV', 'gsm', 'txt');
foreach ($valid_ext as $ext) {
exec("mv '{$vm_path_src}/msg{$src_file}.{$ext}' '{$vm_path_dst}/msg{$dst_file}.{$ext}'", $output);
}
}
function Voicemail()
{
global $mysqli;
$session =& $_SESSION['User_Voicemail'];
$smarty = smarty_init(dirname(__FILE__) . '/templates');
// Init message (Message)
$Message = isset($_REQUEST['msg']) ? $_REQUEST['msg'] : "";
// Init no element on page (PageSize)
$PageSize = 50;
// Init current folder (Path)
if ($_REQUEST['Path'] != '') {
$Path = $_REQUEST['Path'];
} elseif ($session['Path']) {
$Path = $session['Path'];
} else {
$Path = 'INBOX';
}
$session['Path'] = $Path;
if ($_REQUEST['action'] == 'delete' && $_REQUEST['Messages']) {
foreach ($_REQUEST['Messages'] as $Message) {
vm_delfile($_SESSION['_USER']['Extension'], $Path, $Message);
}
}
if ($_REQUEST['action'] == 'move' && $_REQUEST['Messages']) {
foreach ($_REQUEST['Messages'] as $Message) {
vm_movfile($_SESSION['_USER']['Extension'], $Path, $_REQUEST['MoveFolder'], $Message);
}
}
// Init sort order (Order)
if ($session['Sort'] == $_REQUEST['Sort']) {
$Order = $session['Order'] == "asc" ? "desc" : "asc";
} elseif ($session['Sort'] != $_REQUEST['Sort']) {
$Order = 'asc';
}
$session['Order'] = $Order;
// Init sort field (Sort)
if (isset($_REQUEST['Sort'])) {
$Sort = $_REQUEST['Sort'];
} else {
$Sort = 'no';
}
$session['Sort'] = $Sort;
// Init listing start (Start)
if (isset($_REQUEST['Start'])) {
$Start = $_REQUEST['Start'];
} else {
$Start = 0;
}
// Init available mailboxes
$query = "\n\t\tSELECT\n\t\t\tLPAD(Extension,5,' ') AS Extension,\n\t\t\tName\n\t\tFROM\n\t\t\tExtensions\n\t\tORDER BY\n\t\t\tExtension\n\t";
$result = $mysqli->query($query) or die($mysqli->error);
$Folders = vm_folders($_SESSION['_USER']['Extension']);
$Messages = vm_files($_SESSION['_USER']['Extension'], $Path);
$Total = count($Messages);
array_order($Messages, $Sort, $Order);
$Messages = array_slice($Messages, $Start, $PageSize);
$End = $Start + count($Messages);
$smarty->assign('Folders', $Folders);
$smarty->assign('Messages', $Messages);
$smarty->assign('Sort', $Sort);
$smarty->assign('Order', $Order);
$smarty->assign('Start', $Start);
$smarty->assign('End', $End);
$smarty->assign('Total', $Total);
$smarty->assign('PageSize', $PageSize);
$smarty->assign('Message', $Message);
$smarty->assign('Hilight', isset($_REQUEST['hilight']) ? $_REQUEST['hilight'] : "");
$smarty->assign('Path', $Path);
return $smarty->fetch('Voicemail.tpl');
}