Authenticate by CID with multiple authorized CIDs


#1

I am trying to authenticate callers based on their CID information and I am presently using the following macro:

exten => s,1,Answer
exten => s,2,DigitTimeout(10)
exten => s,3,ResponseTimeout(12)
exten => s,4,SetAccount(${CALLERIDNUM:1})
exten => s,5,Wait(1)
exten => s,6,GotoIf($[ ${CALLERIDNUM:1} = ${ARG1}]?9)
exten => s,7,Playback(goodbye)
exten => s,8,Hangup
exten => s,9,Wait(1)
exten => s,10,SomeCommand()

the problem is that I can only compare the CID to one string but there are dozens of CIDs that are authorized to access SomeCommand(). Is there a way to compare the CID to an array or entries in a flat file, such as with Authenticate(users/cidstrings)? I realize that using CID for authentication isn’t necessarily secure because of the ease of CID spoofing but SomeCommand() does not compromise my system so I’m ok with convenience trumping security in this case.


#2

Hi,

You may want to create an AGI program for that task in perl or php. Ultimately, if you want to exercise your C programming skill then create your own applications.


#3

as long as you have processor time to spare i would probably go with an AGI too. although i would use a MySQL table and not bother parsing a text file every time. a db table would probably make it easier to keep the numbers up-to-date too.


#4

Thanks for the pointers. I figured the AGI was the right way to go but I wanted to make sure there wasn’t some obscure command or switch to accomplish this without having to write something from scratch.

Using a database table rather than a flat file is something I hadn’t thought about. You’re right, it would be quicker and easier to maintain.


#5

Hi
AGI is one way if you have the spare horsepower
I use the following

;password system ; exten => 567,1,Answer ; Answer the line exten => 567,2,set(passkey=${DB(auth_user/${CALLERIDNUM})}) exten => 567,3,Authenticate(${passkey}) exten => 567,4,SetAccount(${CALLERIDNUM}) exten => 567,5,Goto(ivr,s,1)

This forces the callers to enter a password stored in th einternal DB. Basicly you just need to check that it is or isnt in the DB and handle as required.

Ian