php script to modify cico dhcp pool

Question

I'm trying to automate a process of a modem provisioning system. the code below is my attempt with the exception of a form that i did not list that is passing the variables.

the DB portion of the script is working well. however the telnet portion is not making it into the router as I had hoped can anyone shed some light on this. if I break the telnet portion out and run it via cli it works.

<?

include("config.php");
//setting up db connection
try{
$dbh = new PDO("mysql:host=$host;dbname=$db", $mun, $mpass);
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );


 $stmt = $dbh->prepare("INSERT INTO cust_info(firstname, lastname, staddr, city, phone,      acct, ipaddr, hwaddr, cliid, bootfile)
        VALUES (:firstname, :lastname, :staddr, :city, :phone, :acct, :ipaddr, :hwaddr, :cliid, :bootfile)");

        $stmt->bindParam(':firstname', $_POST['firstname']);
        $stmt->bindParam(':lastname', $_POST['lastname']);
        $stmt->bindParam(':staddr', $_POST['staddr']);
        $stmt->bindParam(':city', $_POST['city']);
        $stmt->bindParam(':phone', $_POST['phone']);
        $stmt->bindParam(':acct', $_POST['acct']);
        $stmt->bindParam(':ipaddr', $_POST['ipaddr']);
        $stmt->bindParam(':hwaddr', $_POST['hwaddr']);
        $stmt->bindParam(':cliid', $_POST['cliid']);
        $stmt->bindParam(':bootfile', $_POST['bootfile']);

        $stmt->execute();
echo "done";
}
catch(PDOException $e)
{
echo 'failed: ' . $e->getMessage();
}


$bootfile = $_POST['bootfile'];
$cliid = $_POST['cliid'];
$ipaddr = $_POST['ipaddr'];
$hwaddr = $_POST['hwaddr'];

//Process data from form into cmts

$connection = fsockopen($router_ip, $port, $errno, $errstr, $timeout);

if(!$connection)
{
echo "Connection failed\n";
exit();
}
else
{
fputs($connection, "$username\r");
fputs($connection, "$password\r");
// using term length 0 to keep  pause or more prompt from eating input
fputs($connection, "term length 0\r");
fputs($connection, "enable\r");
fputs($connection, "$password\r");
fputs($connection, "clear ip dhcp binding $ipaddr\r");
fputs($connection, "configure terminal\r");
fputs($connection, "ip dhcp pool $cliid\r");
fputs($connection, "host $ipaddr 255.255.255.0\r");
fputs($connection, "client-identifier $cliid\r");
fputs($connection, "bootfile $bootfile\r");
fputs($connection, "exit\r\n");
fputs($connection, "exit\r\n");
fputs($connection, "clear cable modem 172.16.16.248 reset\r\n");
fputs($connection, "show cable modem remote | inc $hwaddr\r");
fputs($connection, "exit\r");
}
{
fgets($connection, 128);
}
stream_set_timeout($connection, 2);
$timeoutCount = 0;
while (!feof($connection))
{
$content = fgets($connection, 128);
echo $content."<br>";

}
$info = stream_get_meta_data($connection);
if ($info['timed_out'])
{
// If timeout of connection info has got a value, the router not returning a output.
$timeoutCount++;
// We want to count, how many times repeating.
}
 if ($timeoutCount >2)
 {
 // If repeating more than 2 times,
 break;
 // the connection terminating..
 }

 ?>

Your `check_input()` function is terrifying. See this: http://stackoverflow.com/a/7810880/362536 You are wide open to SQL injection attacks. Learn to use prepared/parameterized queries to avoid this problem entirely. — Brad, May 12 '13 at 05:17
Thank you Brad I'll look into that this morning, I'm new to php so any advice that anyone can offer I'll take openly. — user2374268, May 12 '13 at 15:09
The main thing is to make sure that you are only using the escaping function that you need for the context in which you need it. There is no such thing as a magic function that makes something "safe". All you are doing there is cluttering up your data without adding any security. Use the appropriate function for the context. Then, learn PDO and prepared/parameterized queries so that you don't have to worry about SQL injection. — Brad, May 12 '13 at 18:41
Your DB code looks good! Now for the connection part... you mentioned that it works when in its own script. Are you executing that script differently? Do you see the "done" echo after the initial DB insert? If your script is getting to the part where you open the socket, try using a packet sniffer such as Wireshark to see what is going on with that connection. — Brad, May 13 '13 at 23:14
@Brad Brad thanks for the help. code is working as intended now tcpdump showed the router was killing the telnet session. I added fgets to see both sides of the conversation. discovered that part of my commands were being used to push through pause/more prompts. if you see anything else that you would do differently or improve on please let me know. I will not take offence and welcome the corrections. — user2374268, May 14 '13 at 03:18
I think that the only thing I would do differently would be to use TFTP to send your config (if possible). But, what you have seems to be fine if you use `fgets()` to ensure that the login and what not succeeds. — Brad, May 14 '13 at 04:08
Good idea that I have hadnt thought of I'll investigate that option down the road, Thanks again for all your help. — user2374268, May 14 '13 at 05:10

score 0 · Accepted Answer · answered May 17 '13 at 03:36

0

Brad gave me the hints I needed to come to the required results thanks again

answered May 17 '13 at 03:36

user2374268

31
4

php script to modify cico dhcp pool

1 Answers1