click2dial.cgi automation script

[chrisr@cmrowling.com]

Hi all

my interest in the click2dial chi has culminated in me creating a perl script to automate the call.
requirements:

1 database server
2 web server that can run perl scripts
3 web page with form fields and submit button that can call script

I have all of these running on an ubuntu server

perl script follows
************************************************** ***********************
#! /usr/bin/perl -wT
#epygi quadro oriented dialer script. call from button on form field for
#phone number, parameter needs be called "dialme"
#Australian so long distance number not needed

use DBI;
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use LWP::UserAgent;
use URI;
use HTTP::Request::Common qw(POST);

#make it hard to overload
my $cgi = new CGI;
$CGI::POST_MAX=1024 * 10;

#get the number
$dialme = param('dialme');
$dialme=~tr/0-9//cd; #regex to strip out all non digits

#Check Arguments
if (!$dialme) {
print STDERR "Error: Needs numbers in field";
exit(1);
}
if (length($dialme) < 8) {
print STDERR "Not enough numbers in field";
exit(1);
}
if (length($dialme) > 10) {
print STDERR "Too many numbers in field";
exit(1);
}



#get ip of calling browser

$remoteadd =$cgi->remote_host();
my $rem_add = qq($remoteadd);

#lookup password and extension in database/hash/password key pair

$thissql = "select ext_no, pword, svr_addr, svr_type from ip_phones
where ext_address = \'$rem_add\'";

$host = 'localhost';
#$driver = 'Pg';
#$port = '5432';
$dbname = 'my_db_name';
#$options = '';
$username = 'my_user_name';
$password = 'my_password';


$dbh = DBI->connect("dbi:Pg:dbname=$dbname;host=$host", $username,
$password, {AutoCommit => 0, RaiseError => 1, PrintError => 1}) or die
$dbh->errstr;


( $ext_no, $pword, $svr_addr, $svr_type ) =
$dbh->selectrow_array($thissql);


# well was it an allowed IP address? If not quit
if (!$ext_no) {
print STDERR "not an allowed IP address";
exit(1);
}

#create URI

#no spaces in bit from http: on if parses incorrectly on forum
my $voip_uri =
"http://$svr_addr/clicktodial.cgi?user=$ext_no&pass=$pword&caller=pb x:$ext_no&dest=tel:$dialme&message=fadinghope.wav"

#now send the uri

my $agent = LWP::UserAgent->new(timeout => 10);

my $response = $agent->post($voip_uri);

if ($response->is_error){

print STDERR $response->error_as_HTML;
print STDERR $voip_uri;
exit (1);
}

exit 0;
#end perl script dialer.pl
Notes:
needs to be in script directory of your web site.
ownership on Ubuntu requires minimum of group ownership by www-data
eg sudo chown my_username:www-data dialer.pl
needs to executable eg sudo +x dialer.pl

***********************end script stuff***********************************
Database stuff

the table structure i used on my_data_base structure is as follows (postgresql example)

CREATE TABLE ip_phones
(
ext_address character varying(30) NOT NULL,
ext_no character varying(3) NOT NULL,
pword character varying(140) NOT NULL,
svr_addr character varying(128) NOT NULL DEFAULT '172.30.0.1'::character varying,
svr_type character varying(25) NOT NULL DEFAULT 'epygi'::character varying,
CONSTRAINT ext_address_pkey PRIMARY KEY (ext_address)
)

Notes
create a readonly user named my_user with password my_password.
get ip address of computer (ext_address field) beside your extension (ext_no field).
the password (pword) is the all numbers one.
If the epygi is at the usual location the default svr_addr in the table is fine. The svr_type is only there in case i ever have to code for an asterisk box for some other user…
You can have more than one address point at the same extension (eg for remote extension via vpn).
For postgresql gurus, you do not need string type field as primary key, I think pgsql does support ipv4 addresses as field type (means you can use placeholders)
***********************end database stuff********************************
HTML
sample html code for page to make the script fire - a testing page only, form field in <body>

<h2>Phone tester</h2>
<p>enter number</p>
<form name="dialer" action="../scripts/dialer.pl" method="post" accept-charset="utf-8">
Dial me:<input type="text" name="dialme" maxlength=10
<input type="submit" value="Dial"/><Br />
</form>

Notes
on ubuntu apache2 logs in var/logs/apache2/error.log proved pretty useful for debugging

************************************************** *************************************
to do
1. convert to https so passwords are not sniffable
2. get rid of rest of server side bugs.
3. convert sql request to bound parameter to prevent sql injection (but cannot see how they could overcome stripping of non digit numbers in regex).

recommendations
only use this in secure lan environment, ie on lan side of epygi to prevent packet sniffing (server with 2 network cards).

now all your users need is a browser and the operating system they use is irrelevant. server may be another issue...

regards
Chris

[chrisr@cmrowling.com]

just checking it and it is now broken
will post update when I have worked through the issues (main one seems to be that selectrow_array no longer accepts bind parameters) plus myriad of minor glitches