Agc Vicidial.php May 2026

New REST endpoints (vicidial_agc_api.php) protected via existing session/auth to:

Server-side AGC processing interface:

Logging: insert into agc_call_logs after processing; for client-side, the browser will POST metrics each X seconds and at call end.

Performance guardrails:

Security:

If an agc vicidial.php process freezes, attach strace:

strace -p (PID of agc process) -s 1024

This shows if it’s stuck on a database query, a filesystem operation, or an Asterisk socket read.

<?php
// agc_vicidial.php
// Version: 1.0
// Description: AGC integration script for Vicidial
include_once('/etc/astguiclient.conf');
include_once('/usr/share/php/DB.php');
// Connect to Vicidial DB
$db = DB::connect("mysql://$conf['db_user']:$conf['db_pass']@$conf['db_host']/$conf['db_name']"); agc vicidial.php
// Retrieve incoming variables (from GET/POST or STDIN)
$phone_number = $_GET['phone_number'] ?? '';
$lead_id = $_GET['lead_id'] ?? 0;
$campaign_id = $_GET['campaign_id'] ?? '';
// Function to query AGC server
function get_agc_content($lead_id, $campaign_id) 
$agc_api_url = "http://agc-server.local/api/v1/content";
$payload = json_encode([
'lead_id' => $lead_id,
'campaign' => $campaign_id
]);
$ch = curl_init($agc_api_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
return json_decode($response, true);


// Main logic
if ($phone_number && $lead_id) 
$agc_data = get_agc_content($lead_id, $campaign_id);
// Example: Override CallerID with AGC provided value
if (!empty($agc_data['dynamic_callerid'])) 
    echo "callerid_number=" . $agc_data['dynamic_callerid'] . "\n";
// Example: Inject pre-call audio file
if (!empty($agc_data['audio_file'])) 
    echo "custom_audio=" . $agc_data['audio_file'] . "\n";
// Log to AGC database
$insert = "INSERT INTO agc_call_log (lead_id, phone_number, campaign_id, response_data, call_time) 
           VALUES (?, ?, ?, ?, NOW())";
$db->query($insert, [$lead_id, $phone_number, $campaign_id, json_encode($agc_data)]);

 else 
// Fallback to standard Vicidial dialing
echo "status=continue\n";
?>

A common point of confusion for newcomers is that there isn't just one vicidial.php. Depending on the version of Vicidial you are running (SVN trunk, version 2.14, 3.x, etc.), the functionality may be split or renamed. Common variations you might see include:

Note: Always check your specific version's file structure, as the Vicidial community frequently optimizes code organization.

To secure agc vicidial.php, implement the following: New REST endpoints (vicidial_agc_api

Input Validation Whitelist: For function, only allow known values (NEXT_CALL, PAUSE, etc.). Reject anything else.

Disable Error Display: Set display_errors = Off and log errors internally.

Network Segmentation: Place the VICIdial web server in a DMZ; restrict database access to only the web server.

Regular Updates: Apply VICIdial patches or consider hardened forks (e.g., GoAutoDial VICIdial).

Vicidial’s vicidial.php accepts many parameters (e.g., phone, exten, callerid). An attacker could potentially inject Asterisk commands if input is not sanitized. Verify your version is up-to-date (release 2.14+ includes strong sanitization).

Ensure the agc vicidial.php process runs under the asterisk user, not root. Check with:

ps aux | grep "agc vicidial.php" | grep -v grep