SOLVED Send Provisioning Request to Phone

Status
Not open for further replies.

Caleb

Member
Sep 12, 2017
42
17
8
WA, USA
We have a bunch of GXP2130's and a GXP2160, all provisioned using FusionPBX. We've allowed users to customize the Virtual Multi-Purpose Keys and Multi-Purpose Keys on the phones using FusionPBX (see http://www.pbxforums.com/threads/assign-device-to-user.485/#post-1929), but FusionPBX doesn't have a way to allow users to cause the phone to re-provision itself without having access to the Registrations page (which we definitely do not want). The other less-than-optimal situation is that the "Provision" button on the Registrations page causes the phone to reboot instead of just redownloading the file. The web UI on these phones has a "Provision" link that causes it to redownload the file without rebooting the phone. After researching the Action URI Support, as well as watching the network activity in Chrome when I click that link in the phone's web UI, I've figured out how to accomplish the same from another device on the network.

Essentially, the URL is in the format: http://<phone_ip>/cgi-bin/api-sys_operation?passcode=<phone_admin_password>&request=PROV
HTTPS accomplishes the same thing if you have that enabled. I highly recommend you do to make it a bit harder for the admin password to be exposed.

Our provisioning settings utilize a "admin_password" variable (under the Provision section in Default Settings) that sets the phone's admin password for us. With that in mind we edited the user_device_edit.php file (a custom file discussed in the thread linked to above) by adding the following code just before the script returns the header to redirect the browser to the (user_)device_edit.php page (should be around line 330 - 335):
$sql = "select * from v_devices ";
$sql .= "where device_uuid = '$device_uuid' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$device = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset ($prep_statement, $sql);
$device_ip = $device[0]["device_provisioned_ip"];
if (isset($device[0]["device_vendor"]) && ($device[0]["device_vendor"] == "grandstream") && isset($device[0]["device_provisioned_ip"]) && (strlen($device[0]["device_provisioned_ip"]) > 0) ){

$admin_password = $_SESSION["provision"]["admin_password"]["text"];
$context = [ 'http' => [ 'method' => 'GET' ], 'ssl' => [ 'verify_peer' => false, 'allow_self_signed'=> true, 'verify_peer_name' => false ] ];
$context = stream_context_create($context);
file_get_contents("https://$device_ip/cgi-bin/api-sys_operation?passcode=$admin_password&request=PROV", false, $context);
}
 
Status
Not open for further replies.