stackoom
  简体   繁体   中英

Caller ID in Asterisk for user identification

 原文  2012-10-10 19:19:13       sip/ voip/ asterisk

Question

I am new to Asterisk, so forgive me if this question has an obvious answer that I have simply overlooked.

I am making a mix between a personal ads and a voicemail service, where I want each user to be able to submit an ad that others can respond to by recording messages that go into this users inbox. My original thought was to base this purely on the CALLERID(num) value, but quickly discovered that this is a bit unreliable. Sometimes when I would call in it'd say anonymous, other times it would give me a bunch of zero's, other times it would show me my real phone number, and once it actually gave me just random digits. I do have a wait call after answering but before my first soundf ile is triggered, in my pickup context. I am wondering what the best way to approach this is? Do I ask the user to enter their phone number, and then generate a code based upon this that will then serve as a password when you call back? Do I attempt to use CALLERID(num) to detect returning users, or is this not adviseable from a security perspective?

Preferably, I would like to avoid using a code altogether but I am told that it is relatively easy to spoof phone numbers to hack into someone else's inbox. Note that I do not plan to allow direct SIP calls, only through a PSTN/SIP provider where the IP address is on a whitelist. Any tips on how to approach this would be highly appreciated. Basically I want to make it as easy as possible for my users, but maintain high security.

I also wanted to know whether there is a function to check if a string contains only digits? This would be useful as a sanity check before I look up the phone number in the MySql database, if I do decide to use CALLERID(num) in this way.

My very basic, and unfinished dialplan is below: 

[verify]

exten => blastbay,1,Answer(1000)

; A few simple sanity checks, but not very good ones.
same => n,GotoIf($["${CALLERID(num)}" != "0000000000"]?nextcheck)

; If we have only zero's, try waiting another second.
same => n,Wait(1)
same => n,GotoIf($["${CALLERID(num)}" = "0000000000"]?rejected)

same => n(nextcheck),GotoIf($["${CALLERID(num)}" = ""]?rejected)
same => n,GotoIf($["${CALLERID(num)}" = "anonymous"]?rejected)
same => n,GotoIf($["${CALLERID(num)}" = "unavailable"]?rejected)
same => n,GotoIf($["${CALLERID(num)}" = "protected"]?rejected)
same => n,GotoIf($[${LEN(${CALLERID(num)})}<5]?rejected)
same => n,Goto(welcome,welcomespeech,1)

same => n(rejected),Playback(/usr/phone/rejected)
same => n,Hangup()

[welcome]
include => mainmenu
exten => welcomespeech,1,BackGround(/usr/phone/welcome)
same => n,Goto(mainmenu,menuspeech,1)

[mainmenu]
exten => menuspeech,1,BackGround(/usr/phone/mainmenu)
same => n,WaitExten(5)

exten => 1,1,Goto(information,infospeech,1)
exten => i,1,Goto(menuspeech,1)
exten => t,1,Goto(menuspeech,1)

[information]
exten => infospeech,1,BackGround(/usr/phone/information)
same => n,Goto(mainmenu,menuspeech,1)
exten => #,1,Goto(mainmenu,menuspeech,1)
exten => i,1,Goto(mainmenu,menuspeech,1)

2 answers

solution1
 3  2012-10-11 07:07:30

One command that is often overlooked is the "Authenticate" command... so you could build a mechanism that assigns a user a number-based UID, and then a PIN. Drop the PIN into a file where the name is the UID, and then when they call in, READ their UID, Authenticate(uid_file_name), and if they enter the correct PIN via Authenticate, let them have access.

solution2
 0 ACCPTED  2012-10-10 20:31:07

I am making a mix between a personal ads and a voicemail service, where I want each user to be able to submit an ad that others can respond to by recording messages that go into this users inbox.

Therefore you could use Record() , Playback() and Voicemail() .

  • Record() to record the Ad,
  • Playback() the Ad,
  • Voicemail() for the Users to record their Voicemail

If you want more Access Control, i would recommend to use PHP AGI or use the AstDB .

Yes, it's easy to spoof a Number, for access control, something like an Access Code, with Read you read DTMF Input as a Variable, maybe combined with a CallerID Number based filter, sounds like an good idea.

I also wanted to know whether there is a function to check if a string contains only digits?

You could use REGEX for this, ie. in a macro: 

; Arg1: CALLERID(num)
[macro-dblookup]
exten => s,1,Set(isnumber=${REGEX("[0-9]" ${ARG1})})
exten => s,2,GotoIf($["${isnumber}" = "1"]?4)
exten => s,3,MacroExit()
exten => s,4,NoOp("Do something with number here")
exten => s,5,NoOp("...Db Lookup...")

In the Dialpan you can call the macro-dblookup like this: 

exten => 012345678,1,Noop("...")
exten => 012345678,n,Macro(dblookup,${CALLERID(num)})

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Asterisk Attended Transfer: How to Retain Caller ID Identify caller id, hung up, call back with asterisk Separate Twilio caller ID asterisk SIP User-to-User Asterisk dynamic user agents on PSTN Sipdroid Authorization Username vs Caller Id Freeswitch wrong caller id number after bridge Getting Asterisk Dialplan user list on the android application How to login user to asterisk & maintain user/agent session? Asterisk 13.10.0 does not detect user input. DTMF not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM