[SR-Users] User accounting
Alex Balashov
abalashov at evaristesys.com
Thu Sep 6 16:08:31 CEST 2012
No problem!
As always, be mindful of security; some of the parameters can be easily
spoofed or manipulated by someone who knows what they're doing. If
you're taking their values and throwing them straight into a SQL
statement unsanitised, these values can form the basis of a SQL
injection attack.
This is why the Kamailio route script also offers something called
transformations, which you can think of essentially as string
functions/methods that can be applied to any variable.
They are listed here:
http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x
In particular, the transformation that I had in mind for you was:
http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x#sescapecommon
So, when putting, for instance, $ua into the DB, you might consider
applying the {s.escape.common} transformation to it. Instead of $ua,
use $(ua{s.escape.common}).
-- Alex
On 09/06/2012 10:04 AM, Ali Jawad wrote:
> Thank you Alex, I got where I need to. Appreciated.
> Regards
>
> On Thu, Sep 6, 2012 at 4:30 PM, Alex Balashov <abalashov at evaristesys.com
> <mailto:abalashov at evaristesys.com>> wrote:
>
> On 09/06/2012 09:25 AM, Ali Jawad wrote:
>
> How do I get the variables for username,agent and IP.
>
>
> This information comes from pseudovariables ("PVs"), which are
> basically parts of the SIP message that are parsed by Kamailio and
> exposed inside the config script environment as read-only (and in a
> cases, mutable) variables.
>
> Take a look at the full list here:
>
> http://www.kamailio.org/__dokuwiki/doku.php/__pseudovariables:3.1.x
> <http://www.kamailio.org/dokuwiki/doku.php/pseudovariables:3.1.x>
>
> The ones you are looking for are:
>
> (1) $au - for authentication username, or $fU for From URI user part.
>
> (2) $ua - user agent identifier, if present. A good way to check if
> it is present is to check for the existence of the User-Agent
> header, which is not a mandatory header:
>
> $var(ua) = '';
>
> if(is_present_hf("User-Agent")__)
> $var(ua) = $ua;
>
> # Log $var(ua)...
>
> (3) $si - source IP of the request being processed.
>
>
> -- Alex
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 235 E Ponce de Leon Ave
> Suite 106
> Decatur, GA 30030
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
>
> _________________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users
> <http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>
>
>
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
--
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
More information about the sr-users
mailing list