Solved

Script for ASterisk phonebook

Posted on 2015-02-10
2
123 Views
Last Modified: 2015-03-17
I found this script online and have my sql setup and all and can verify the user can login and view tables but it will not work.

I am using elastix and when i browse to this page it is just blank,

<?

$URL = 'http://192.168.2.152/';
// Choose how many results to return if search term produces a lot of output
$per_page = '10';
// Change here to match your own passwords
$mysql_conn = mysql_connect('localhost', 'rooot', 'password');
// Dont change anything from here unless you know what you are doing
mysql_select_db('asterisk', $mysql_conn );
$NAME=$_GET["name"];
$FROM=$_GET["FROM"];
$TO=$_GET["TO"];
if ( ($FROM=='') and ($TO=='') )
{
   //check to see how many
   $result= mysql_query("SELECT count(users.name) as total
                         FROM users
                         WHERE users.name LIKE '%$NAME%' ", $mysql_conn);
   $howmany = mysql_fetch_row($result);
   if ($howmany[0] > $per_page)
   {
    $start = 0;
    $index = 0;
    $total = $howmany[0];
    $remain = $per_page;
    print("\n");
    print("<YealinkIPPhoneDirectory>\n");  
    while ($start < ($total + 1))
    {
      $limitstart = 'LIMIT '.$start.','.$per_page;
      $result = mysql_query("SELECT name,extension
                             FROM users
                             WHERE name LIKE '%$NAME%' ORDER BY name $limitstart", $mysql_conn);
      $row = mysql_fetch_row($result);
      $from = $row[0];
      if (($total - $start) < $per_page) { $remain = $total - $start; }
      for ($i = 1; $i < $remain; ++$i) { $row = mysql_fetch_row($result); }
      $to = $row[0];
      print("<SoftKeyItem>\n");
      print("\t<Name>");
      print($index);          
      print("</Name>\n");
      print("\t<URL>");
      print($URL."search.php?FROM=".$from."&TO=".$to);
      print("</URL>\n");
      print("</SoftKeyItem>\n");
      $start = $start + $per_page;
      $index = $index+1;
    }
    print("</YealinkIPPhoneDirectory>\n");
   } else {
    $result = mysql_query("SELECT name,extension,extension
                           FROM users
                           WHERE users.name LIKE '%$NAME%'
                           ORDER BY name ", $mysql_conn);
    print("\n");
    print("<YealinkIPPhoneDirectory>\n");  
    while($row = mysql_fetch_row($result))
    {
      print("<DirectoryEntry>\n");
      print("\t<Name>");
      print($row[0]."- ".$row[1] );
      print("</Name>\n");
      print("\t<Telephone>");
      print($row[2]);
      print("</Telephone>\n");
      print("</DirectoryEntry>\n");
    }
    print("</YealinkIPPhoneDirectory>\n");
   }
} else {
  $result = mysql_query("SELECT name,extension,extension
                         FROM users
                         WHERE name>='$FROM' AND name<='$TO'
                         ORDER BY name", $mysql_conn);
   print("\n");
   print("<YealinkIPPhoneDirectory>\n");  
   while($row = mysql_fetch_row($result))
   {
     print("<DirectoryEntry>\n");
     print("\t<Name>");
     print($row[0]."- ".$row[1] );
     print("</Name>\n");
     print("\t<Telephone>");
     print($row[2]);
     print("</Telephone>\n");
     print("</DirectoryEntry>\n");
   }
   print("</YealinkIPPhoneDirectory>\n");
}
?>
0
Comment
Question by:desiredforsome
  • 2
2 Comments
 
LVL 19

Expert Comment

by:jools
ID: 40603132
too many "o"'s in root for the userid?

$mysql_conn = mysql_connect('localhost', 'rooot', 'password'); 

Open in new window


may need to be;

$mysql_conn = mysql_connect('localhost', 'root', 'password'); 

Open in new window

0
 
LVL 19

Accepted Solution

by:
jools earned 500 total points
ID: 40603135
just one more thing, be careful what you do with these scripts, the one above doesnt look like it validates any inputs so may be vulnerable to sql injection, if this is for yourself then that may be fine but if not then it would need tweaking.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question