add path-locking to voicemail CGI app (bug #4304)
[asterisk/asterisk.git] / contrib / scripts / vmail.cgi
1 #!/usr/bin/perl
2 #
3 # Web based Voicemail for Asterisk
4 #
5 # Copyright (C) 2002, Linux Support Services, Inc.
6 #
7 # Distributed under the terms of the GNU General Public License
8 #
9 # Written by Mark Spencer <markster@linux-support.net>
10 #
11 # (icky, I know....  if you know better perl please help!)
12 #
13 #
14 # Synchronization added by GDS Partners (www.gdspartners.com)
15 #                        Stojan Sljivic (stojan.sljivic@gdspartners.com)
16 #
17 use CGI qw/:standard/;
18 use Carp::Heavy;
19 use CGI::Carp qw(fatalsToBrowser);
20 use DBI;
21 use Fcntl qw ( O_WRONLY O_CREAT O_EXCL );
22 use Time::HiRes qw ( usleep );
23
24 $context=""; # Define here your by default context (so you dont need to put voicemail@context in the login
25
26 @validfolders = ( "INBOX", "Old", "Work", "Family", "Friends", "Cust1", "Cust2", "Cust3", "Cust4", "Cust5" );
27
28 %formats = (
29         "wav" => {
30                 name => "Uncompressed WAV",
31                 mime => "audio/x-wav",
32                 pref => 1
33         },
34         "WAV" => {
35                 name => "GSM Compressed WAV",
36                 mime => "audio/x-wav",
37                 pref => 2
38         },
39         "gsm" => {
40                 name => "Raw GSM Audio",
41                 mime => "audio/x-gsm",
42                 pref => 3
43         }
44 );
45
46 $astpath = "/_asterisk";
47
48 $stdcontainerstart = "<table align=center width=600><tr><td>\n";
49 $footer = "<hr><font size=-1><a href=\"http://www.asterisk.org\">The Asterisk Open Source PBX</a> Copyright 2004, <a href=\"http://www.digium.com\">Digium, Inc.</a></a>";
50 $stdcontainerend = "</td></tr><tr><td align=right>$footer</td></tr></table>\n";
51
52 sub lock_path() {
53
54         my($path) = @_;
55         my $rand;
56         my $rfile;
57         my $start;
58         my $res;
59         
60         $rand = rand 99999999;  
61         $rfile = "$path/.lock-$rand";
62         
63         sysopen(RFILE, $rfile, O_WRONLY | O_CREAT | O_EXCL, 0666) or return -1;
64         close(RFILE);
65         
66         $res = link($rfile, "$path/.lock");
67         $start = time;
68         if ($res == 0) {
69         while (($res == 0) && (time - $start <= 5)) {
70                 $res = link($rfile, "$path/.lock");
71                 usleep(1);
72         }
73         }
74         unlink($rfile);
75         
76         if ($res == 0) {
77                 return -1;
78         } else {
79                 return 0;
80         }
81 }
82
83 sub unlock_path() {
84
85         my($path) = @_;
86         
87         unlink("$path/.lock");
88 }
89
90 sub untaint() {
91
92         my($data) = @_;
93         
94         if ($data =~ /^([-\@\w.]+)$/) {
95                 $data = $1;
96         } else {
97                 die "Security violation.";
98         }
99         
100         return $data;
101 }
102
103 sub login_screen() {
104         print header;
105         my ($message) = @_;
106         print <<_EOH;
107
108 <TITLE>Asterisk Web-Voicemail</TITLE>
109 <BODY BGCOLOR="white">
110 $stdcontainerstart
111 <FORM METHOD="post">
112 <input type=hidden name="action" value="login">
113 <table align=center>
114 <tr><td valign=top align=center rowspan=6><img align=center src="$astpath/animlogo.gif"></td></tr>
115 <tr><td align=center colspan=2><font size=+2>Comedian Mail Login</font></td></tr>
116 <tr><td align=center colspan=2><font size=+1>$message</font></td></tr>
117 <tr><td>Mailbox:</td><td><input type=text name="mailbox"></td></tr>
118 <tr><td>Password:</td><td><input type=password name="password"></td></tr>
119 <tr><td align=right colspan=2><input value="Login" type=submit></td></tr>
120 <input type=hidden name="context" value="$context">
121 </table>
122 </FORM>
123 $stdcontainerend
124 </BODY>\n
125 _EOH
126
127 }
128
129 sub check_login()
130 {
131         local ($filename, $startcat) = @_;
132         local ($mbox, $context) = split(/\@/, param('mailbox'));
133         local $pass = param('password');
134         local $category = $startcat;
135         local @fields;
136         local $tmp;
137         local (*VMAIL);
138         if (!$category) {
139                 $category = "general";
140         }
141         if (!$context) {
142                 $context = param('context');
143         }
144         if (!$context) {
145                 $context = "default";
146         }
147         if (!$filename) {
148                 $filename = "/etc/asterisk/voicemail.conf";
149         }
150 #       print header;
151 #       print "Including <h2>$filename</h2> while in <h2>$category</h2>...\n";
152         open(VMAIL, "<$filename") || die("Bleh, no $filename");
153         while(<VMAIL>) {
154                 chomp;
155                 if (/include\s\"([^\"]+)\"$/) {
156                         ($tmp, $category) = &check_login("/etc/asterisk/$1", $category);
157                         if (length($tmp)) {
158 #                               print "Got '$tmp'\n";
159                                 return ($tmp, $category);
160                         }
161                 } elsif (/\[(.*)\]/) {
162                         $category = $1;
163                 } elsif ($category eq "general") {
164                         if (/([^\s]+)\s*\=\s*(.*)/) {
165                                 if ($1 eq "dbname") {
166                                         $dbname = $2;
167                                 } elsif ($1 eq "dbpass") {
168                                         $dbpass = $2;
169                                 } elsif ($1 eq "dbhost") {
170                                         $dbhost = $2;
171                                 } elsif ($1 eq "dbuser") {
172                                         $dbuser = $2;
173                                 }
174                         }
175                         if ($dbname and $dbpass and $dbhost and $dbuser) {
176
177                                 # db variables are present.  Use db for authentication.
178                                 my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost",$dbuser,$dbpass);
179                                 my $sth = $dbh->prepare(qq{select fullname,context from voicemail where mailbox='$mbox' and password='$pass' and context='$context'});
180                                 $sth->execute();
181                                 if (($fullname, $category) = $sth->fetchrow_array()) {;
182                                         return ($fullname ? $fullname : "Extension $mbox in $context",$category);
183                                 }
184                         }
185                 } elsif (($category ne "general") && ($category ne "zonemessages")) { 
186                         if (/([^\s]+)\s*\=\>?\s*(.*)/) {
187                                 @fields = split(/\,\s*/, $2);
188 #                               print "<p>Mailbox is $1\n";
189                                 if (($mbox eq $1) && (($pass eq $fields[0]) || ("-${pass}" eq $fields[0])) && ($context eq $category)) {
190                                         return ($fields[1] ? $fields[1] : "Extension $mbox in $context", $category);
191                                 }
192                         }
193                 }
194         }
195         close(VMAIL);
196         return ("", $category);
197 }
198
199 sub validmailbox()
200 {
201         local ($context, $mbox, $filename, $startcat) = @_;
202         local $category = $startcat;
203         local @fields;
204         local (*VMAIL);
205         if (!$context) {
206                 $context = param('context');
207         }
208         if (!$context) {
209                 $context = "default";
210         }
211         if (!$filename) {
212                 $filename = "/etc/asterisk/voicemail.conf";
213         }
214         if (!$category) {
215                 $category = "general";
216         }
217         open(VMAIL, "<$filename") || die("Bleh, no $filename");
218         while(<VMAIL>) {
219                 chomp;
220                 if (/include\s\"([^\"]+)\"$/) {
221                         ($tmp, $category) = &validmailbox($mbox, $context, "/etc/asterisk/$1");
222                         if ($tmp) {
223                                 return ($tmp, $category);
224                         }
225                 } elsif (/\[(.*)\]/) {
226                         $category = $1;
227                 } elsif ($category eq "general") {
228                         if (/([^\s]+)\s*\=\s*(.*)/) {
229                                 if ($1 eq "dbname") {
230                                         $dbname = $2;
231                                 } elsif ($1 eq "dbpass") {
232                                         $dbpass = $2;
233                                 } elsif ($1 eq "dbhost") {
234                                         $dbhost = $2;
235                                 } elsif ($1 eq "dbuser") {
236                                         $dbuser = $2;
237                                 }
238                         }
239                         if ($dbname and $dbpass and $dbhost and $dbuser) {
240
241                                 # db variables are present.  Use db for authentication.
242                                 my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost",$dbuser,$dbpass);
243                                 my $sth = $dbh->prepare(qq{select fullname,context from voicemail where mailbox='$mbox' and password='$pass' and context='$context'});
244                                 $sth->execute();
245                                 if (($fullname, $category) = $sth->fetchrow_array()) {;
246                                         return ($fullname ? $fullname : "unknown", $category);
247                                 }
248                         }
249                 } elsif (($category ne "general") && ($category ne "zonemessages") && ($category eq $context)) {
250                         if (/([^\s]+)\s*\=\>?\s*(.*)/) {
251                                 @fields = split(/\,\s*/, $2);
252                                 if (($mbox eq $1) && ($context eq $category)) {
253                                         return ($fields[2] ? $fields[2] : "unknown", $category);
254                                 }
255                         }
256                 }
257         }
258         return ("", $category);
259 }
260
261 sub mailbox_options()
262 {
263         local($context, $current, $filename, $category) = @_;
264         local (*VMAIL);
265         local $tmp2;
266         local $tmp;
267         if (!$filename) {
268                 $filename = "/etc/asterisk/voicemail.conf";
269         }
270         if (!$category) {
271                 $category = "general";
272         }
273 #       print header;
274 #       print "Including <h2>$filename</h2> while in <h2>$category</h2>...\n";
275         open(VMAIL, "<$filename") || die("Bleh, no voicemail.conf");
276         while(<VMAIL>) {
277                 chomp;
278                 s/\;.*$//;
279                 if (/include\s\"([^\"]+)\"$/) {
280                         ($tmp2, $category) = &mailbox_options($context, $current, "/etc/asterisk/$1", $category);
281 #                       print "Got '$tmp2'...\n";
282                         $tmp .= $tmp2;
283                 } elsif (/\[(.*)\]/) {
284                         $category = $1;
285                 } elsif ($category eq "general") {
286                         if (/([^\s]+)\s*\=\s*(.*)/) {
287                                 if ($1 eq "dbname") {
288                                         $dbname = $2;
289                                 } elsif ($1 eq "dbpass") {
290                                         $dbpass = $2;
291                                 } elsif ($1 eq "dbhost") {
292                                         $dbhost = $2;
293                                 } elsif ($1 eq "dbuser") {
294                                         $dbuser = $2;
295                                 }
296                         }
297                         if ($dbname and $dbpass and $dbhost and $dbuser) {
298
299                                 # db variables are present.  Use db for authentication.
300                                 my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost",$dbuser,$dbpass);
301                                 my $sth = $dbh->prepare(qq{select mailbox,fullname,context from voicemail where context='$context' order by mailbox});
302                                 $sth->execute();
303                                 while (($mailbox, $fullname, $category) = $sth->fetchrow_array()) {
304                                         $text = $mailbox;
305                                         if ($fullname) {
306                                                 $text .= " (".$fullname.")";
307                                         }
308                                         if ($mailbox eq $current) {
309                                                 $tmp .= "<OPTION SELECTED>$text</OPTION>\n";
310                                         } else {
311                                                 $tmp .= "<OPTION>$text</OPTION>\n";
312                                         }
313                                 }
314                                 return ($tmp, $category);
315                         }
316                 } elsif (($category ne "general") && ($category ne "zonemessages")) {
317                         if (/([^\s]+)\s*\=\>?\s*(.*)/) {
318                                 @fields = split(/\,\s*/, $2);
319                                 $text = "$1";
320                                 if ($fields[1]) {
321                                         $text .= " ($fields[1])";
322                                 }
323                                 if ($1 eq $current) {
324                                         $tmp .= "<OPTION SELECTED>$text</OPTION>\n";
325                                 } else {
326                                         $tmp .= "<OPTION>$text</OPTION>\n";
327                                 }
328                                 
329                         }
330                 }
331         }
332         close(VMAIL);
333         return ($tmp, $category);
334 }
335
336 sub mailbox_list()
337 {
338         local ($name, $context, $current) = @_;
339         local $tmp;
340         local $text;
341         local $tmp;
342         local $opts;
343         if (!$context) {
344                 $context = "default";
345         }
346         $tmp = "<SELECT name=\"$name\">\n";
347         ($opts) = &mailbox_options($context, $current);
348         $tmp .= $opts;
349         $tmp .= "</SELECT>\n";
350         
351 }
352
353 sub msgcount() 
354 {
355         my ($context, $mailbox, $folder) = @_;
356         my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder";
357         if (opendir(DIR, $path)) {
358                 my @msgs = grep(/^msg....\.txt$/, readdir(DIR));
359                 closedir(DIR);
360                 return sprintf "%d", $#msgs + 1;
361         }
362         return "0";
363 }
364
365 sub msgcountstr()
366 {
367         my ($context, $mailbox, $folder) = @_;
368         my $count = &msgcount($context, $mailbox, $folder);
369         if ($count > 1) {
370                 "$count messages";
371         } elsif ($count > 0) {
372                 "$count message";
373         } else {
374                 "no messages";
375         }
376 }
377 sub messages()
378 {
379         my ($context, $mailbox, $folder) = @_;
380         my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder";
381         if (opendir(DIR, $path)) {
382                 my @msgs = sort grep(/^msg....\.txt$/, readdir(DIR));
383                 closedir(DIR);
384                 return map { s/^msg(....)\.txt$/$1/; $_ } @msgs;
385         }
386         return ();
387 }
388
389 sub getcookie()
390 {
391         my ($var) = @_;
392         return cookie($var);
393 }
394
395 sub makecookie()
396 {
397         my ($format) = @_;
398         cookie(-name => "format", -value =>["$format"], -expires=>"+1y");
399 }
400
401 sub getfields()
402 {
403         my ($context, $mailbox, $folder, $msg) = @_;
404         my $fields;
405         if (open(MSG, "</var/spool/asterisk/voicemail/$context/$mailbox/$folder/msg${msg}.txt")) {
406                 while(<MSG>) {
407                         s/\#.*$//g;
408                         if (/^(\w+)\s*\=\s*(.*)$/) {
409                                 $fields->{$1} = $2;
410                         }
411                 }
412                 close(MSG);
413                 $fields->{'msgid'} = $msg;
414         } else { print "<BR>Unable to open '$msg' in '$mailbox', '$folder'\n<B>"; }
415         $fields;
416 }
417
418 sub message_prefs()
419 {
420         my ($nextaction, $msgid) = @_;
421         my $folder = param('folder');
422         my $mbox = param('mailbox');
423         my $context = param('context');
424         my $passwd = param('password');
425         my $format = param('format');
426         if (!$format) {
427                 $format = &getcookie('format');
428         }
429         print header;
430         print <<_EOH;
431
432 <TITLE>Asterisk Web-Voicemail: Preferences</TITLE>
433 <BODY BGCOLOR="white">
434 $stdcontainerstart
435 <FORM METHOD="post">
436 <table width=100% align=center>
437 <tr><td align=right colspan=3><font size=+2>Web Voicemail Preferences</font></td></tr>
438 <tr><td align=left><font size=+1>Preferred&nbsp;Audio&nbsp;Format:</font></td><td colspan=2></td></tr>
439 _EOH
440
441 foreach $fmt (sort { $formats{$a}->{'pref'} <=> $formats{$b}->{'pref'} } keys %formats) {
442         my $clicked = "checked" if $fmt eq $format;
443         print "<tr><td></td><td align=left><input type=radio name=\"format\" $clicked value=\"$fmt\"></td><td width=100%>&nbsp;$formats{$fmt}->{name}</td></tr>\n";
444 }
445
446 print <<_EOH;
447 <tr><td align=right colspan=3><input type=submit value="save settings..."></td></tr>
448 </table>
449 <input type=hidden name="action" value="$nextaction">
450 <input type=hidden name="folder" value="$folder">
451 <input type=hidden name="mailbox" value="$mbox">
452 <input type=hidden name="context" value="$context">
453 <input type=hidden name="password" value="$passwd">
454 <input type=hidden name="msgid" value="$msgid">
455 $stdcontainerend
456 </BODY>\n
457 _EOH
458
459 }
460
461 sub message_play()
462 {
463         my ($message, $msgid) = @_;
464         my $folder = param('folder');
465         my ($mbox, $context) = split(/\@/, param('mailbox'));
466         my $passwd = param('password');
467         my $format = param('format');
468         
469         my $fields;
470         if (!$context) {
471                 $context = param('context');
472         }
473         if (!$context) {
474                 $context = "default";
475         }
476         
477         my $folders = &folder_list('newfolder', $context, $mbox, $folder);
478         my $mailboxes = &mailbox_list('forwardto', $context, $mbox);
479         if (!$format) {
480                 $format = &getcookie('format');
481         }
482         if (!$format) {
483                 &message_prefs("play", $msgid);
484         } else {
485                 print header(-cookie => &makecookie($format));
486                 $fields = &getfields($context, $mbox, $folder, $msgid);
487                 if (!$fields) {
488                         print "<BR>Bah!\n";
489                         return;
490                 }
491                 my $duration = $fields->{'duration'};
492                 if ($duration) {
493                         $duration = sprintf "%d:%02d", $duration/60, $duration % 60; 
494                 } else {
495                         $duration = "<i>Unknown</i>";
496                 }
497                 print <<_EOH;
498         
499 <TITLE>Asterisk Web-Voicemail: $folder Message $msgid</TITLE>
500 <BODY BGCOLOR="white">
501 $stdcontainerstart
502 <FORM METHOD="post">
503 <table width=100% align=center>
504 <tr><td align=right colspan=3><font size=+1>$folder Message $msgid</font></td></tr>
505 _EOH
506
507                 print <<_EOH;
508 <tr><td align=center colspan=3>
509 <table>
510         <tr><td colspan=2 align=center><font size=+1>$folder <b>$msgid</b></font></td></tr>
511         <tr><td><b>Message:</b></td><td>$msgid</td></tr>\n
512         <tr><td><b>Mailbox:</b></td><td>$mbox\@$context</td></tr>\n
513         <tr><td><b>Folder:</b></td><td>$folder</td></tr>\n
514         <tr><td><b>From:</b></td><td>$fields->{callerid}</td></tr>\n
515         <tr><td><b>Duration:</b></td><td>$duration</td></tr>\n
516         <tr><td><b>Original Date:</b></td><td>$fields->{origdate}</td></tr>\n
517         <tr><td><b>Original Mailbox:</b></td><td>$fields->{origmailbox}</td></tr>\n
518         <tr><td><b>Caller Channel:</b></td><td>$fields->{callerchan}</td></tr>\n
519         <tr><td align=center colspan=2>
520         <input name="action" type=submit value="index">&nbsp;
521         <input name="action" type=submit value="delete ">&nbsp;
522         <input name="action" type=submit value="forward to -> ">&nbsp;
523         $mailboxes&nbsp;
524         <input name="action" type=submit value="save to ->">
525         $folders&nbsp;
526         <input name="action" type=submit value="play ">
527         <input name="action" type=submit value="download">
528 </td></tr>
529 <tr><td colspan=2 align=center>
530 <embed width=400 height=40 src="vmail.cgi?action=audio&folder=$folder&mailbox=$mbox&context=$context&password=$passwd&msgid=$msgid&format=$format&dontcasheme=$$.$format" autostart=yes loop=false></embed>
531 </td></tr></table>
532 </td></tr>
533 </table>
534 <input type=hidden name="folder" value="$folder">
535 <input type=hidden name="mailbox" value="$mbox">
536 <input type=hidden name="context" value="$context">
537 <input type=hidden name="password" value="$passwd">
538 <input type=hidden name="msgid" value="$msgid">
539 $stdcontainerend
540 </BODY>\n
541 _EOH
542         }
543 }
544
545 sub message_audio()
546 {
547         my ($forcedownload) = @_;
548         my $folder = param('folder');
549         my $msgid = param('msgid');
550         my $mailbox = param('mailbox');
551         my $context = param('context');
552         my $format = param('format');
553         if (!$format) {
554                 $format = &getcookie('format');
555         }
556         my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder/msg${msgid}.$format";
557
558         $msgid =~ /^\d\d\d\d$/ || die("Msgid Liar ($msgid)!");
559         grep(/^${format}$/, keys %formats) || die("Format Liar ($format)!");
560
561         # Mailbox and folder are already verified
562         if (open(AUDIO, "<$path")) {
563                 $size = -s $path;
564                 $|=1;
565                 if ($forcedownload) {
566                         print header(-type=>$formats{$format}->{'mime'}, -Content_length => $size, -attachment => "msg${msgid}.$format");
567                 } else {                
568                         print header(-type=>$formats{$format}->{'mime'}, -Content_length => $size);
569                 }
570                 
571                 while(($amt = sysread(AUDIO, $data, 4096)) > 0) {
572                         syswrite(STDOUT, $data, $amt);
573                 }
574                 close(AUDIO);
575         } else {
576                 die("Hrm, can't seem to open $path\n");
577         }
578 }
579
580 sub message_index() 
581 {
582         my ($folder, $message) = @_;
583         my ($mbox, $context) = split(/\@/, param('mailbox'));
584         my $passwd = param('password');
585         my $message2;
586         my $msgcount;   
587         my $hasmsg;
588         my $newmessages, $oldmessages;
589         my $format = param('format');
590         if (!$format) {
591                 $format = &getcookie('format');
592         }
593         if (!$context) {
594                 $context = param('context');
595         }
596         if (!$context) {
597                 $context = "default";
598         }
599         if ($folder) {
600                 $msgcount = &msgcountstr($context, $mbox, $folder);
601                 $message2 = "&nbsp;&nbsp;&nbsp;Folder '$folder' has " . &msgcountstr($context, $mbox, $folder);
602         } else {
603                 $newmessages = &msgcount($context, $mbox, "INBOX");
604                 $oldmessages = &msgcount($context, $mbox, "Old");
605                 if (($newmessages > 0) || ($oldmessages < 1)) {
606                         $folder = "INBOX";
607                 } else {
608                         $folder = "Old";
609                 }
610                 $message2 = "You have";
611                 if ($newmessages > 0) {
612                         $message2 .= " <b>$newmessages</b> NEW";
613                         if ($oldmessages > 0) {
614                                 $message2 .= "and <b>$oldmessages</b> OLD";
615                                 if ($oldmessages != 1) {
616                                         $message2 .= " messages.";
617                                 } else {
618                                         $message2 .= "message.";
619                                 }
620                         } else {
621                                 if ($newmessages != 1) {
622                                         $message2 .= " messages.";
623                                 } else {
624                                         $message2 .= " message.";
625                                 }
626                         }
627                 } else {
628                         if ($oldmessages > 0) {
629                                 $message2 .= " <b>$oldmessages</b> OLD";
630                                 if ($oldmessages != 1) {
631                                         $message2 .= " messages.";
632                                 } else {
633                                         $message2 .= " message.";
634                                 }
635                         } else {
636                                 $message2 .= " <b>no</b> messages.";
637                         }
638                 }
639         }
640         
641         my $folders = &folder_list('newfolder', $context, $mbox, $folder);
642         my $cfolders = &folder_list('changefolder', $context, $mbox, $folder);
643         my $mailboxes = &mailbox_list('forwardto', $context, $mbox);
644         print header(-cookie => &makecookie($format));
645         print <<_EOH;
646
647 <TITLE>Asterisk Web-Voicemail: $mbox\@$context $folder</TITLE>
648 <BODY BGCOLOR="white">
649 $stdcontainerstart
650 <FORM METHOD="post">
651 <table width=100% align=center>
652 <tr><td align=center colspan=2><font size=+2><I>$message</I></font></td></tr>
653 <tr><td align=right colspan=2><font size=+1><b>$folder</b> Messages</font> <input type=submit name="action" value="change to ->">$cfolders</td></tr>
654 <tr><td align=left colspan=2><font size=+1>$message2</font></td></tr>
655 </table>
656 <table width=100% align=center cellpadding=0 cellspacing=0>
657 _EOH
658
659 print "<tr><td>&nbsp;Msg</td><td>&nbsp;From</td><td>&nbsp;Duration</td><td>&nbsp;Date</td><td>&nbsp;</td></tr>\n";
660 print "<tr><td><hr></td><td><hr></td><td><hr></td><td><hr></td><td></td></tr>\n";
661 foreach $msg (&messages($context, $mbox, $folder)) {
662
663         $fields = &getfields($context, $mbox, $folder, $msg);
664         $duration = $fields->{'duration'};
665         if ($duration) {
666                 $duration = sprintf "%d:%02d", $duration / 60, $duration % 60;
667         } else {
668                 $duration = "<i>Unknown</i>";
669         }
670         $hasmsg++;
671         print "<tr><td><input type=checkbox name=\"msgselect\" value=\"$msg\">&nbsp;<b>$msg</b></td><td>$fields->{'callerid'}</td><td>$duration</td><td>$fields->{'origdate'}</td><td><input name='play$msg' alt=\"Play message $msg\" border=0 type=image align=left src=\"$astpath/play.gif\"></td></tr>\n";
672
673 }
674 if (!$hasmsg) {
675         print "<tr><td colspan=4 align=center><P><b><i>No messages</i></b><P></td></tr>";
676 }
677
678 print <<_EOH;
679 </table>
680 <table width=100% align=center>
681 <tr><td align=right colspan=2>
682         <input type="submit" name="action" value="refresh">&nbsp;
683 _EOH
684
685 if ($hasmsg) {
686 print <<_EOH;
687         <input type="submit" name="action" value="delete">&nbsp;
688         <input type="submit" name="action" value="save to ->">
689         $folders&nbsp;
690         <input type="submit" name="action" value="forward to ->">
691         $mailboxes
692 _EOH
693 }
694
695 print <<_EOH;
696 </td></tr>
697 <tr><td align=right colspan=2>
698         <input type="submit" name="action" value="preferences">
699         <input type="submit" name="action" value="logout">
700 </td></tr>
701 </table>
702 <input type=hidden name="folder" value="$folder">
703 <input type=hidden name="mailbox" value="$mbox">
704 <input type=hidden name="context" value="$context">
705 <input type=hidden name="password" value="$passwd">
706 </FORM>
707 $stdcontainerend
708 </BODY>\n
709 _EOH
710 }
711
712 sub validfolder()
713 {
714         my ($folder) = @_;
715         return grep(/^$folder$/, @validfolders);
716 }
717
718 sub folder_list()
719 {
720         my ($name, $context, $mbox, $selected) = @_;
721         my $f;
722         my $count;
723         my $tmp = "<SELECT name=\"$name\">\n";
724         foreach $f (@validfolders) {
725                 $count =  &msgcount($context, $mbox, $f);
726                 if ($f eq $selected) {
727                         $tmp .= "<OPTION SELECTED>$f ($count)</OPTION>\n";
728                 } else {
729                         $tmp .= "<OPTION>$f ($count)</OPTION>\n";
730                 }
731         }
732         $tmp .= "</SELECT>";
733 }
734
735 sub message_rename()
736 {
737         my ($context, $mbox, $oldfolder, $old, $newfolder, $new) = @_;
738         my $oldfile, $newfile;
739         return if ($old eq $new) && ($oldfolder eq $newfolder);
740
741         if ($context =~ /^(\w+)$/) {
742                 $context = $1;
743         } else {
744                 die("Invalid Context<BR>\n");
745         }
746         
747         if ($mbox =~ /^(\w+)$/) {
748                 $mbox = $1;
749         } else {
750                 die ("Invalid mailbox<BR>\n");
751         }
752         
753         if ($oldfolder =~ /^(\w+)$/) {
754                 $oldfolder = $1;
755         } else {
756                 die("Invalid old folder<BR>\n");
757         }
758         
759         if ($newfolder =~ /^(\w+)$/) {
760                 $newfolder = $1;
761         } else {
762                 die("Invalid new folder ($newfolder)<BR>\n");
763         }
764         
765         if ($old =~ /^(\d\d\d\d)$/) {
766                 $old = $1;
767         } else {
768                 die("Invalid old Message<BR>\n");
769         }
770         
771         if ($new =~ /^(\d\d\d\d)$/) {
772                 $new = $1;
773         } else {
774                 die("Invalid old Message<BR>\n");
775         }
776         
777         my $path = "/var/spool/asterisk/voicemail/$context/$mbox/$newfolder";
778         $path =~ /^(.*)$/;
779         $path = $1;
780         mkdir $path, 0770;
781         my $path = "/var/spool/asterisk/voicemail/$context/$mbox/$oldfolder";
782         opendir(DIR, $path) || die("Unable to open directory\n");
783         my @files = grep /^msg${old}\.\w+$/, readdir(DIR);
784         closedir(DIR);
785         foreach $oldfile (@files) {
786                 my $tmp = $oldfile;
787                 if ($tmp =~ /^(msg${old}.\w+)$/) {
788                         $tmp = $1;
789                         $oldfile = $path . "/$tmp";
790                         $tmp =~ s/msg${old}/msg${new}/;
791                         $newfile = "/var/spool/asterisk/voicemail/$context/$mbox/$newfolder/$tmp";
792 #                       print "Renaming $oldfile to $newfile<BR>\n";
793                         rename($oldfile, $newfile);
794                 }
795         }
796 }
797
798 sub file_copy()
799 {
800         my ($orig, $new) = @_;
801         my $res;
802         my $data;
803         $orig =~ /^(.*)$/;
804         $orig = $1;
805         $new =~ /^(.*)$/;
806         $new = $1;
807         open(IN, "<$orig") || die("Unable to open '$orig'\n");
808         open(OUT, ">$new") || DIE("Unable to open '$new'\n");
809         while(($res = sysread(IN, $data, 4096)) > 0) {
810                 syswrite(OUT, $data, $res);
811         }
812         close(OUT);
813         close(IN);
814 }
815
816 sub message_copy()
817 {
818         my ($context, $mbox, $newmbox, $oldfolder, $old, $new) = @_;
819         my $oldfile, $newfile;
820         return if ($mbox eq $newmbox);
821         
822         if ($mbox =~ /^(\w+)$/) {
823                 $mbox = $1;
824         } else {
825                 die ("Invalid mailbox<BR>\n");
826         }
827
828         if ($newmbox =~ /^(\w+)$/) {
829                 $newmbox = $1;
830         } else {
831                 die ("Invalid new mailbox<BR>\n");
832         }
833         
834         if ($oldfolder =~ /^(\w+)$/) {
835                 $oldfolder = $1;
836         } else {
837                 die("Invalid old folder<BR>\n");
838         }
839         
840         if ($old =~ /^(\d\d\d\d)$/) {
841                 $old = $1;
842         } else {
843                 die("Invalid old Message<BR>\n");
844         }
845         
846         if ($new =~ /^(\d\d\d\d)$/) {
847                 $new = $1;
848         } else {
849                 die("Invalid old Message<BR>\n");
850         }
851         
852         my $path = "/var/spool/asterisk/voicemail/$context/$newmbox";
853         $path =~ /^(.*)$/;
854         $path = $1;
855         mkdir $path, 0770;
856         my $path = "/var/spool/asterisk/voicemail/$context/$newmbox/INBOX";
857         $path =~ /^(.*)$/;
858         $path = $1;
859         mkdir $path, 0770;
860         my $path = "/var/spool/asterisk/voicemail/$context/$mbox/$oldfolder";
861         opendir(DIR, $path) || die("Unable to open directory\n");
862         my @files = grep /^msg${old}\.\w+$/, readdir(DIR);
863         closedir(DIR);
864         foreach $oldfile (@files) {
865                 my $tmp = $oldfile;
866                 if ($tmp =~ /^(msg${old}.\w+)$/) {
867                         $tmp = $1;
868                         $oldfile = $path . "/$tmp";
869                         $tmp =~ s/msg${old}/msg${new}/;
870                         $newfile = "/var/spool/asterisk/voicemail/$context/$newmbox/INBOX/$tmp";
871 #                       print "Copying $oldfile to $newfile<BR>\n";
872                         &file_copy($oldfile, $newfile);
873                 }
874         }
875 }
876
877 sub message_delete()
878 {
879         my ($context, $mbox, $folder, $msg) = @_;
880         if ($mbox =~ /^(\w+)$/) {
881                 $mbox = $1;
882         } else {
883                 die ("Invalid mailbox<BR>\n");
884         }
885         if ($context =~ /^(\w+)$/) {
886                 $context = $1;
887         } else {
888                 die ("Invalid context<BR>\n");
889         }
890         if ($folder =~ /^(\w+)$/) {
891                 $folder = $1;
892         } else {
893                 die("Invalid folder<BR>\n");
894         }
895         if ($msg =~ /^(\d\d\d\d)$/) {
896                 $msg = $1;
897         } else {
898                 die("Invalid Message<BR>\n");
899         }
900         my $path = "/var/spool/asterisk/voicemail/$context/$mbox/$folder";
901         opendir(DIR, $path) || die("Unable to open directory\n");
902         my @files = grep /^msg${msg}\.\w+$/, readdir(DIR);
903         closedir(DIR);
904         foreach $oldfile (@files) {
905                 if ($oldfile =~ /^(msg${msg}.\w+)$/) {
906                         $oldfile = $path . "/$1";
907 #                       print "Deleting $oldfile<BR>\n";
908                         unlink($oldfile);
909                 }
910         }
911 }
912
913 sub message_forward()
914 {
915         my ($toindex, @msgs) = @_;
916         my $folder = param('folder');
917         my ($mbox, $context) = split(/\@/, param('mailbox'));
918         my $newmbox = param('forwardto');
919         my $msg;
920         my $msgcount;
921         if (!$context) {
922                 $context = param('context');
923         }
924         if (!$context) {
925                 $context = "default";
926         }
927         $newmbox =~ s/(\w+)(\s+.*)?$/$1/;
928         if (!&validmailbox($context, $newmbox)) {
929                 die("Bah! Not a valid mailbox '$newmbox'\n");
930                 return "";
931         }
932         
933         my $txt;
934         $context = &untaint($context);
935         $newmbox = &untaint($newmbox);
936         my $path = "/var/spool/asterisk/voicemail/$context/$newmbox/INBOX";
937         if (&lock_path($path) == 0) {
938                 $msgcount = &msgcount($context, $newmbox, "INBOX");
939                 
940                 if ($newmbox ne $mbox) {
941 #                       print header;
942                         foreach $msg (@msgs) {
943 #                               print "Forwarding $msg from $mbox to $newmbox<BR>\n";
944                                 &message_copy($context, $mbox, $newmbox, $folder, $msg, sprintf "%04d", $msgcount);
945                                 $msgcount++;
946                         }
947                         $txt = "Forwarded messages " . join(', ', @msgs) . "to $newmbox";
948                 } else {
949                         $txt = "Can't forward messages to yourself!\n";
950                 }
951                 &unlock_path($path); 
952         } else {
953                 $txt = "Cannot forward messages: Unable to lock path.\n";
954         }
955         if ($toindex) {
956                 &message_index($folder, $txt);
957         } else {
958                 &message_play($txt, $msgs[0]);
959         }
960 }
961
962 sub message_delete_or_move()
963 {
964         my ($toindex, $del, @msgs) = @_;
965         my $txt;
966         my $path;
967         my $y, $x;
968         my $folder = param('folder');
969         my $newfolder = param('newfolder') unless $del;
970         $newfolder =~ s/^(\w+)\s+.*$/$1/;
971         my ($mbox, $context) = split(/\@/, param('mailbox'));
972         if (!$context) {
973                 $context = param('context');
974         }
975         if (!$context) {
976                 $context = "default";
977         }
978         my $passwd = param('password');
979         $context = &untaint($context);
980         $mbox = &untaint($mbox);
981         $folder = &untaint($folder);
982         my $path = "/var/spool/asterisk/voicemail/$context/$mbox/$folder";
983         if (&lock_path($path) == 0) {
984                 my $msgcount = &msgcount($context, $mbox, $folder);
985                 my $omsgcount = &msgcount($context, $mbox, $newfolder) if $newfolder;
986         #       print header;
987                 if ($newfolder ne $folder) {
988                         $y = 0;
989                         for ($x=0;$x<$msgcount;$x++) {
990                                 my $msg = sprintf "%04d", $x;
991                                 my $newmsg = sprintf "%04d", $y;
992                                 if (grep(/^$msg$/, @msgs)) {
993                                         if ($newfolder) {
994                                                 &message_rename($context, $mbox, $folder, $msg, $newfolder, sprintf "%04d", $omsgcount);
995                                                 $omsgcount++;
996                                         } else {
997                                                 &message_delete($context, $mbox, $folder, $msg);
998                                         }
999                                 } else {
1000                                         &message_rename($context, $mbox, $folder, $msg, $folder, $newmsg);
1001                                         $y++;
1002                                 }
1003                         }
1004                         if ($del) {
1005                                 $txt = "Deleted messages "  . join (', ', @msgs);
1006                         } else {
1007                                 $txt = "Moved messages "  . join (', ', @msgs) . " to $newfolder";
1008                         }
1009                 } else {
1010                         $txt = "Can't move a message to the same folder they're in already";
1011                 }
1012                 &unlock_path($path);
1013         } else {
1014                 $txt = "Cannot move/delete messages: Unable to lock path.\n";
1015         }
1016         # Not as many messages now
1017         $msgcount--;
1018         if ($toindex || ($msgs[0] >= $msgcount)) {
1019                 &message_index($folder, $txt);  
1020         } else {
1021                 &message_play($txt, $msgs[0]);
1022         }
1023 }
1024
1025 if (param()) {
1026         my $folder = param('folder');
1027         my $changefolder = param('changefolder');
1028         $changefolder =~ s/(\w+)\s+.*$/$1/;
1029         
1030         my $newfolder = param('newfolder');
1031         $newfolder =~ s/^(\w+)\s+.*$/$1/;
1032         if ($newfolder && !&validfolder($newfolder)) {
1033                 print header;
1034                 die("Bah! new folder '$newfolder' isn't a folder.");
1035         }
1036         $action = param('action');
1037         $msgid = param('msgid');
1038         if (!$action) {
1039                 my ($tmp) = grep /^play\d\d\d\d\.x$/, param;
1040                 if ($tmp =~ /^play(\d\d\d\d)/) {
1041                         $msgid = $1;
1042                         $action = "play";
1043                 } else {
1044                         print header;
1045                         print "No message?<BR>\n";
1046                         return;
1047                 }
1048         }
1049         @msgs = param('msgselect');
1050         @msgs = ($msgid) unless @msgs;
1051         {
1052                 ($mailbox) = &check_login();
1053                 if (length($mailbox)) {
1054                         if ($action eq 'login') {
1055                                 &message_index($folder, "Welcome, $mailbox");
1056                         } elsif (($action eq 'refresh') || ($action eq 'index')) {
1057                                 &message_index($folder, "Welcome, $mailbox");
1058                         } elsif ($action eq 'change to ->') {
1059                                 if (&validfolder($changefolder)) {
1060                                         $folder = $changefolder;
1061                                         &message_index($folder, "Welcome, $mailbox");
1062                                 } else {
1063                                         die("Bah!  Not a valid change to folder '$changefolder'\n");
1064                                 }
1065                         } elsif ($action eq 'play') {
1066                                 &message_play("$mailbox $folder $msgid", $msgid);
1067                         } elsif ($action eq 'preferences') {
1068                                 &message_prefs("refresh", $msgid);
1069                         } elsif ($action eq 'download') {
1070                                 &message_audio(1);
1071                         } elsif ($action eq 'play ') {
1072                                 &message_audio(0);
1073                         } elsif ($action eq 'audio') {
1074                                 &message_audio(0);
1075                         } elsif ($action eq 'delete') {
1076                                 &message_delete_or_move(1, 1, @msgs);
1077                         } elsif ($action eq 'delete ') {
1078                                 &message_delete_or_move(0, 1, @msgs);
1079                         } elsif ($action eq 'forward to ->') {
1080                                 &message_forward(1, @msgs);
1081                         } elsif ($action eq 'forward to -> ') {
1082                                 &message_forward(0, @msgs);
1083                         } elsif ($action eq 'save to ->') {
1084                                 &message_delete_or_move(1, 0, @msgs);
1085                         } elsif ($action eq 'save to -> ') {
1086                                 &message_delete_or_move(0, 0, @msgs);
1087                         } elsif ($action eq 'logout') {
1088                                 &login_screen("Logged out!\n");
1089                         }
1090                 } else {
1091                         sleep(1);
1092                         &login_screen("Login Incorrect!\n");
1093                 }
1094         }
1095 } else {
1096         &login_screen("\&nbsp;");
1097 }