// Pseudo-logic from vicidial.php function get_adaptive_score($agent_id) $calls_today = get_calls_taken($agent_id); $talk_time_avg = get_average_talk_time($agent_id); $pause_time_today = get_total_pause($agent_id);$score = $calls_today * 1.0 + $talk_time_avg * 0.5 - $pause_time_today * 0.8; return $score; // Lower score = more available
Lower score = more available agent.
The system recalculates this before every call. agc vicidialphp work
Agents’ scores are cached for performance. To reset:
mysql -e "UPDATE vicidial_agent_log SET agc_score=0 WHERE logindate=CURDATE();"
| Vulnerability | Risk | Mitigation |
|---------------|------|-------------|
| SQL Injection | High (older versions prior to 2.14) | Use prepared statements; upgrade to ≥2.14-830a. |
| Cross-Site Scripting (XSS) | Medium (lead fields not sanitized) | Apply htmlspecialchars() on lead name, phone, notes. |
| Session fixation | Medium | Regenerate session_id after login. |
| Unauthorized API access | High (admin.php, vicidial.php with ?user= param) | Enable IP whitelisting and API_ALLOW system setting. | // Pseudo-logic from vicidial
The polling mechanism in vicidial.php creates N × polling rate MySQL queries (e.g., 200 agents × 1 req/sec = 200 QPS just for polling). This leads to:
Mitigations:
When a lead says "Call me in 30 days", AGC updates the vicidial_list callback date. Exactly 30 days later, the hopper generator re-injects that lead, and vicidial.php presents it to an agent with a note: "Follow up – previous interest."
In a ratio/predictive campaign, the dialer pushes a call to the agent. In a manual campaign, the agent clicks "Dial Next".
vicidial.php sends a request to agc/functions.php with parameters like CALLING_LIST and CAMPAIGN_ID. AGC replies with a lead ID and phone number. Lower score = more available agent
© 2022 Retro Bowl