#!/bin/bash

#   update-passwords (c) Copyright 2012-2017, Ward Mundy & Associates LLC. All Rights Reserved.
#
#   update-passwords is licensed under the GPL2 license
#
#   For a copy of license, see /root/COPYING


MYSQL_PASSWD="passw0rd"
PLATFORM="Incredible PBX"

clear
echo " "
echo "Very secure passwords are critically important for Incredible PBX!"
echo "Create passwords as if your bank account was at stake. IT IS!"
echo "Users have gotten \$100,000 phone bills with insecure passwords."
echo "You don't want to be one of them! Remember, it's your phone bill."
echo " "

echo "First, create a VERY SECURE root password for your $PLATFORM."
echo "Anyone with your root password can discover ALL of your passwords."
passwd
echo "FreePBX admin password is just as critical as your root password."
echo -n "Enter new FreePBX admin password for $PLATFORM: "
read freepbxpw
echo "FreePBX admin password: $freepbxpw"
echo " "

echo "Next, create a VERY SECURE admin password for Web Applications."
echo "These include apps like AsteriDex and Telephone Reminders."
echo -n "Enter new Apache admin password for $PLATFORM: "
read apachepw
echo "Apache admin password: $apachepw"
echo " "

echo -n "Enter new ARI admin password for $PLATFORM: "
read aripw
echo "ARI admin password: $aripw"
echo " "

echo -n "Enter email address for delivery of Fail2Ban notifications: "
read F2Bemail
echo "Fail2Ban email delivery address: $F2Bemail"
echo " "

echo "A default extension (701) has been created with Incredible PBX."
echo "Anyone with your extension password can make calls on your nickel."
echo -n "Enter new password for extension 701 on $PLATFORM: "
read ext701pw
echo "Extension 701 password: $ext701pw"
echo " "

echo -n "Enter email address for delivery of ext. 701 voicemails: "
read ext701email
echo "Extension 701 email delivery address: $ext701email"
echo " "

echo -n "Enter NUMERIC password for ext. 701 voicemail access: "
read ext701vm
echo "Extension 701 voicemail password: $ext701vm"
echo " "

echo "Make sure your server is always protected by Travelin' Man 3 firewall!"
echo " "
echo "Telephone reminders can also be created by dialing 123 from any phone."
echo "With your Reminders password, anyone can set up calls to anywhere."
echo -n "Enter NUMERIC password for Telephone Reminders access: "
read reminderspw
echo "Telephone Reminders (dial 123) access password: $reminderspw"
echo " "

read -p "If these are correct, press any key to continue or ctrl-C to exit"
echo " "

if [[ -z $freepbxpw ]]; then
 echo "FreePBX admin password cannot be blank. Exiting..."
 exit
fi
if [[ -z $apachepw ]]; then
 echo "Apache admin password cannot be blank. Exiting..."
 exit
fi
if [[ -z $aripw ]]; then
 echo "ARI admin password cannot be blank. Exiting..."
 exit
fi
if [[ -z $F2Bemail ]]; then
 echo "Fail2Ban email address cannot be blank. Exiting..."
 exit
fi
if [[ -z $ext701pw ]]; then
 echo "Extension 701 password cannot be blank. Exiting..."
 exit
fi
if [[ -z $ext701vm ]]; then
 echo "Extension 701 voicemail password cannot be blank. Exiting..."
 exit
fi
if [[ -z $ext701email ]]; then
 echo "Extension 701 email delivery address cannot be blank. Exiting..."
 exit
fi
if [[ -z $reminderspw ]]; then
 echo "Telephone Reminders access password  cannot be blank. Exiting..."
 exit
fi

clear

echo "Updating passwords..."
freepbxpwsha1=`echo -n $freepbxpw | sha1sum | cut -d' ' -f1`
mysql -uroot -p$MYSQL_PASSWD asterisk -e "update ampusers set password_sha1 = '$freepbxpwsha1' where username = 'admin' limit 1"
mysql -uroot -p$MYSQL_PASSWD asterisk -e "update freepbx_settings set value = '$aripw' where keyword = 'ARI_ADMIN_PASSWORD' limit 1"
mysql -uroot -p$MYSQL_PASSWD asterisk -e "update freepbx_settings set value = 'admin' where keyword = 'ARI_ADMIN_USERNAME' limit 1"
mysql -uroot -p$MYSQL_PASSWD asterisk -e "update sip set data='$ext701pw' where id='701' and keyword='secret' limit 1"

htpasswd -cb /etc/pbx/wwwpasswd admin $apachepw

sed -i 's|701 =|;701 =|' /etc/asterisk/voicemail.conf
sed -i 's|1234 =|;1234 =|' /etc/asterisk/voicemail.conf
echo "701 => $ext701vm,701,$ext701email,,attach=yes|saycid=yes|envelope=yes|delete=no" > /tmp/email.txt
sed -i '/\[default\]/r /tmp/email.txt' /etc/asterisk/voicemail.conf
rm -f /tmp/email.txt

sed -i "s|you@example.com|$F2Bemail|" /etc/fail2ban/jail.conf
sed -i "s|fail2ban@example.com|$F2Bemail|" /etc/fail2ban/jail.conf
echo "Restarting Fail2Ban..."
service fail2ban restart

sed -i '\:// BEGIN Reminders:,\:// END Reminders:d' /etc/asterisk/extensions_custom.conf
echo ";# // BEGIN Reminders" > /tmp/reminders.txt
echo "exten => 123,1,Answer" >> /tmp/reminders.txt
echo "exten => 123,2,Wait(1)" >> /tmp/reminders.txt
echo "exten => 123,3,Authenticate($reminderspw)" >> /tmp/reminders.txt
echo "exten => 123,4,Goto(reminder,s,1)" >> /tmp/reminders.txt
echo ";# // END Reminders" >> /tmp/reminders.txt
echo " " >> /tmp/reminders.txt
sed -i '/\[from-internal-custom\]/r /tmp/reminders.txt' /etc/asterisk/extensions_custom.conf
rm -f /tmp/reminders.txt

echo "Reloading FreePBX..."
/var/lib/asterisk/bin/module_admin reload
asterisk -rx "dialplan reload"

touch /etc/pbx/.passwords

echo "Done."
