Subversion Repositories ALCASAR

Rev

Rev 2226 | Rev 2384 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1805 clement.si 1 
<?php
325 richard 2 
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
3 
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
4 
else{
5 
	echo "<b>Could not include SQL library</b><br>\n";
6 
	exit();
7 
}
8 
include_once('../lib/functions.php');
1805 clement.si 9 
if ($config['sql_use_operators'] == 'true'){
1091 stephane 10 
	include_once("../lib/operators.php");
325 richard 11 
	$text = ',op';
12 
	$passwd_op = ",':='";
13 
}
14 
$da_abort=0;
15 
$op_val2 = '';
1805 clement.si 16 
$link = da_sql_pconnect($config);
325 richard 17 
if ($link){
1878 raphael.pi 18 
	mysqli_set_charset($link,"utf8");
325 richard 19 
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
1091 stephane 20 
		include_once("../lib/crypt/$config[general_encryption_method].php");
2096 raphael.pi 21 
 
22 
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
23 
        //Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
24 
        $output = array();
25 
        if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:|\-]?){6}/', $login))
26 
        {
2299 tom.houday 27 
                exec("sudo chilli_query list | grep ".escapeshellarg($login)." |  cut -d' ' -f2", $output);
2096 raphael.pi 28 
                //on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
29 
                if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false )
30 
                {
2299 tom.houday 31 
                        exec("sudo chilli_query dhcp-release ".escapeshellarg($login)); //dhcp-down
2096 raphael.pi 32 
                }
33 
        }
2299 tom.houday 34 
        unset($output);
2096 raphael.pi 35 
 
36 
 
509 richard 37 
		/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
508 richard 38 
		$passwd_imp = $passwd;
39 
		/*Fin Ajout*/
325 richard 40 
		$passwd = da_encrypt($passwd);
1805 clement.si 41 
		$passwd = da_sql_escape_string($link, $passwd);
42 
		$res = da_sql_query($link,$config,
325 richard 43 
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
44 
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
1805 clement.si 45 
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
325 richard 46 
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
47 
			$da_abort=1;
48 
		}
1805 clement.si 49 
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
50 
			$res = da_sql_query($link,$config,
325 richard 51 
			"SELECT username FROM $config[sql_user_info_table] WHERE
52 
			username = '$login';");
53 
			if ($res){
1805 clement.si 54 
				if (!da_sql_num_rows($res,$config)){
55 
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
56 
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
57 
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
58 
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
59 
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
60 
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
61 
					$res = da_sql_query($link,$config,
325 richard 62 
					"INSERT INTO $config[sql_user_info_table]
63 
					(username,name,mail,department,homephone,workphone,mobile) VALUES
64 
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
1805 clement.si 65 
					if (!$res || !da_sql_affected_rows($link,$res,$config))
325 richard 66 
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
67 
				}
68 
				else
69 
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
70 
			}
71 
			else
72 
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
73 
		}
1805 clement.si 74 
		if (isset($Fgroup) && $Fgroup != ''){
75 
			$Fgroup = da_sql_escape_string($link, $Fgroup);
76 
			$res = da_sql_query($link,$config,
325 richard 77 
			"SELECT username FROM $config[sql_usergroup_table]
78 
			WHERE username = '$login' AND groupname = '$Fgroup';");
79 
			if ($res){
1805 clement.si 80 
				if (!da_sql_num_rows($res,$config)){
81 
					$res = da_sql_query($link,$config,
325 richard 82 
					"INSERT INTO $config[sql_usergroup_table]
83 
					(username,groupname) VALUES ('$login','$Fgroup');");
1805 clement.si 84 
					if (!$res || !da_sql_affected_rows($link,$res,$config))
325 richard 85 
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
86 
				}
87 
				else
88 
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
89 
			}
90 
			else
91 
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
92 
		}
93 
		if (!$da_abort){
1805 clement.si 94 
			if (isset($Fgroup) && $Fgroup != '')
325 richard 95 
				require('../lib/defaults.php');
96 
			foreach($show_attrs as $key => $attr){
97 
				if ($attrmap["$key"] == 'none')
98 
					continue;
1377 richard 99 
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
100 
					continue;
325 richard 101 
				if ($attrmap["$key"] == ''){
102 
					$attrmap["$key"] = $key;
103 
					$attr_type["$key"] = 'replyItem';
104 
					$rev_attrmap["$key"] = $key;
105 
				}
1805 clement.si 106 
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
325 richard 107 
					$table = "$config[sql_check_table]";
108 
					$type = 1;
109 
				}
1805 clement.si 110 
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
325 richard 111 
					$table = "$config[sql_reply_table]";
112 
					$type = 2;
113 
				}
1805 clement.si 114 
				$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
509 richard 115 
				/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
508 richard 116 
				if($key == "Session-Timeout") $sto_imp = $val;
901 richard 117 
				if($key == "Max-All-Session") $mas_imp = $val;
508 richard 118 
				if($key == "Max-Daily-Session") $mds_imp = $val;
119 
				if($key == "Max-Monthly-Session") $mms_imp = $val;
120 
				/*Fin Ajout*/
1805 clement.si 121 
				$val = da_sql_escape_string($link, $val);
325 richard 122 
				$op_name = $attrmap["$key"] . '_op';
1805 clement.si 123 
				$op_val = (isset($$op_name)) ? $$op_name : '';
325 richard 124 
				if ($op_val != ''){
1805 clement.si 125 
					$op_val = da_sql_escape_string($link, $op_val);
325 richard 126 
					if (check_operator($op_val,$type) == -1){
127 
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
508 richard 128 
						continue;
325 richard 129 
					}
130 
					$op_val2 = ",'$op_val'";
131 
				}
1805 clement.si 132 
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
133 
				if ($val == '' || $chkdef)
325 richard 134 
					continue;
1805 clement.si 135 
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
136 
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
137 
				$res = da_sql_query($link,$config,$sqlquery);
138 
				if (!$res || !da_sql_affected_rows($link,$res,$config))
325 richard 139 
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
140 
			}
141 
		}
2226 richard 142 
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
325 richard 143 
	}
144 
	else
145 
		echo "<b>Could not open encryption library file</b><br>\n";
146 
}
147 
else
148 
	echo "<b>Could not connect to SQL database</b><br>\n";
149 
?>