Subversion Repositories ALCASAR

Rev

Rev 3173 | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2990 rexy 1
<?php 
2
 
3003 rexy 3
/************************************************************************
4
*						ALCASAR INSCRIPTION								*
5
*																		*
3022 rexy 6
*	By K@M3L & T3RRY LaPlateforme
7
*	By Rexy																*
3003 rexy 8
*																		*
9
*	Partie back de la page d'inscription des utilisateurs				*
10
*	Récupère les infos de "email_registration_front.php					*
11
*	- Lit le fichier de configuration /usr/local/etc/alcasar.conf		*
3011 rexy 12
*	- Verifie si le login est déjà présent dans la table "radcheck"		*
13
*	- Vérifie si l'@ mail est présent dans la table "userinfo"			*
3003 rexy 14
*	- Vérifie que le domaine du mail est bien WLD (optionnel)			*
3011 rexy 15
*	- Crée l'utilisateur avec un mot de passe aléatoire					*
16
*	- Envoi l'email à l'utilisaeur et à l'admin avec date et IP			*
3003 rexy 17
*																		*
18
*************************************************************************/
2990 rexy 19
 
3022 rexy 20
/****************************************************************
21
*			GLOBAL FILE PATHS			*
22
*****************************************************************/
23
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
24
/****************************************************************
25
*			Conf files reading test			*
26
*****************************************************************/
27
$conf_files = array(CONF_FILE);
28
foreach ($conf_files as $file) {
29
	if (!file_exists($file)) {
30
		exit("Fichier $file non présent");
31
	}
32
	if (!is_readable($file)) {
33
		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
34
	}
35
}
36
/****************************************************************
37
*			Read CONF_FILE				*
38
*****************************************************************/
39
$file_conf = fopen(CONF_FILE, 'r');
40
if (!$file_conf) {
41
	exit('Error opening the file '.CONF_FILE);
42
}
43
while (!feof($file_conf)) {
44
	$buffer = fgets($file_conf, 4096);
45
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
46
		$tmp = explode('=', $buffer, 2);
47
		$conf[trim($tmp[0])] = trim($tmp[1]);
48
	}
49
}
50
fclose($file_conf);
51
$whiteDomain	= explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));
3026 rexy 52
$adminMail		= $conf['MAIL_ADMIN'];
3037 rexy 53
$typeMail		= $conf['MAIL_TYPE'];
54
$fromMail		= $conf['MAIL_ADDR'];
3038 rexy 55
$organism		= $conf['ORGANISM'];
3022 rexy 56
 
57
/****************************************
58
*			Choice of language			*
59
*****************************************/
3011 rexy 60
$Language = 'en';
61
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
62
	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
63
	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
64
}
65
if ($Language === 'fr') {
3038 rexy 66
	$l_invalid_Email = "L'adresse e-mail est invalide";
3011 rexy 67
	$l_domain = "Le domaine";
68
	$l_not_authorized = "n'est pas autorisé";
3038 rexy 69
	$l_Email_already_used = "Cette adresse e-mail est déjà utilisée.";
3022 rexy 70
	$l_subject = "Activation de votre compte ALCASAR";
71
	$l_hello = "Bonjour";
3038 rexy 72
	$l_automatic_mail = "Ceci est un e-mail automatique provenant du portail ALCASAR : $organism";
73
	$l_login = "Voici vos indentifiants de connexion :";
3022 rexy 74
	$l_password = "Mot de passe";
3038 rexy 75
	$l_mail_success = "Un mot de passe vient d'être envoyé à votre adresse e-mail.";
3022 rexy 76
	$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";
3070 rexy 77
} else if ($Language === 'es') {
78
	$l_invalid_Email = "Dirección de correo electrónico no válida";
79
	$l_domain = "El dominio";
80
	$l_not_authorized = "no está autorizado";
81
	$l_Email_already_used = "Esta dirección de correo electrónico ya está utilizada.";
82
	$l_subject = "Activación de su cuenta ALCASAR";
83
	$l_hello = "Hola";
84
	$l_automatic_mail = "Este es un correo electrónico automático del portal ALCASAR : $organism";
85
	$l_login = "Estas son sus credenciales de acceso:";
86
	$l_password = "Contraseña";
87
	$l_mail_success = "Se ha enviado una contraseña a su dirección de correo electrónico.";
88
	$l_mail_error = "Error al enviar el correo electrónico. Renueve su registro o póngase en contacto con su administrador.";
3011 rexy 89
} else {
90
	$l_invalid_Email = "Invalid Email address";
91
	$l_domain = "The domain";
92
	$l_not_authorized = "is not authorized";
93
	$l_Email_already_used = "This Email address is already used.";
3022 rexy 94
	$l_subject = "Activation of your ALCASAR account";
95
	$l_hello = "Hello";
3038 rexy 96
	$l_automatic_mail = "This is an automatic e-mail from ALCASAR portal : $organism";
97
	$l_login = "Here are your login credentials :";
3022 rexy 98
	$l_password = "Password";
3038 rexy 99
	$l_mail_success = "A password has been sent to your e-mail address";
3022 rexy 100
	$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";
3011 rexy 101
}
102
 
2990 rexy 103
if(!isset($create)) $create=0;
104
if(!isset($show)) $show=0;
105
if(!isset($login)) $login = '';
106
if(!isset($cn)) $cn = '';
107
if(!isset($mail)) $mail = '';
108
if(!isset($langue_imp)) $langue_imp = '';
109
if(!isset($selected)) $selected = array();
110
if(!isset($selected['='])) $selected['='] = '';
111
 
112
require('/etc/freeradius-web/config.php');
113
require('acc/manager/lib/attrshow.php');
114
require('acc/manager/lib/defaults.php');
115
 
116
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
117
	$colspan = 2;
118
	$show_ops = 1;
119
	require('acc/manager/lib/operators.php');
120
} else {
121
	$show_ops = 0;
122
	$colspan = 1;
123
}
124
 
125
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
126
	require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
127
else{
128
	echo "<b>Could not include SQL library</b><br />\n";
129
	exit();
130
}
131
 
132
require('acc/manager/lib/functions.php');
133
if ($config['sql_use_operators'] == 'true'){
134
	include_once("acc/manager/lib/operators.php");
135
	$text = ',op';
136
	$passwd_op = ",':='";
137
}
138
 
139
$da_abort=0;
140
$op_val2 = '';
141
 
142
function GenPassword($nb_car="8")
143
{
144
// Random password
145
	$password = "";
146
	$chaine  = "aAzZeErRtTyYuUIopP152346897mMLkK";
147
	$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
148
	while($nb_car != 0) {
149
		//$i = rand(0,71);
150
		// Bug corrigé
151
		$i = rand(0,66);
152
		$password .= $chaine[$i];
153
		$nb_car--;
154
	}
155
	return $password;
156
}
157
 
158
if(isset($_POST['Fmail'])){
3183 rexy 159
	extract($_POST,EXTR_SKIP);
2990 rexy 160
	$Fmail = htmlentities(strtolower(trim($Fmail)));
161
	if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){  
3011 rexy 162
		echo "<b>$l_invalid_Email</b><br />\n";
2990 rexy 163
		exit();
164
	}
165
 
3022 rexy 166
	// Retrieve the domainName of the new user
2990 rexy 167
	list($user, $domain) = explode('@', $Fmail);
168
 
3022 rexy 169
	// check if the domainName is in the whitelist
2990 rexy 170
	if (!empty($whiteDomain)){
171
		if (!in_array($domain, $whiteDomain)){
3011 rexy 172
			echo "$l_domain $domain $l_not_authorized";
2990 rexy 173
			exit();
174
		}
175
	}
176
	$login  = $Fmail;
177
 
3022 rexy 178
	// check if the new user already exist
2990 rexy 179
	$link = @da_sql_pconnect($config);
180
	if ($link) {
181
		$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
182
		$res = @da_sql_query($link,$config, $sql);
183
	}
3022 rexy 184
	$login_check = da_sql_num_rows($res,$config);
185
	da_sql_close($link,$config);
2990 rexy 186
 
3022 rexy 187
	// check if the new user is already in the profile of an existing user 
2990 rexy 188
	$link = @da_sql_pconnect($config);
189
	if ($link) {
190
		$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
191
		$res = @da_sql_query($link,$config, $sql);
192
	}
3022 rexy 193
	$email_check = da_sql_num_rows($res,$config);
194
	da_sql_close($link,$config);
195
	if($login_check > 0) { // user already exist
3011 rexy 196
		echo "<b>$l_Email_already_used</b><br />\n";
3022 rexy 197
	} else if($email_check > 0) { // email already used
3011 rexy 198
		echo "<b>$l_Email_already_used</b><br />\n";
2990 rexy 199
	} else {
200
		$password = GenPassword();
201
 
3022 rexy 202
		// if we want to enrich the new user profile
2990 rexy 203
/*		$Fcn = "$prenom".".$nom";
204
		$Fou = "";
205
		$Fhomephone = "";
206
		$Ftelephonenumber = "";
207
		$Fmobile = "";
208
*/
209
		$link = da_sql_pconnect($config);
210
		if ($link){
211
			mysqli_set_charset($link,"utf8");
212
			if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
213
				include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
214
 
215
				$passwd = da_encrypt($password);
216
				$passwd = da_sql_escape_string($link, $passwd);
217
				$res = da_sql_query($link,$config,
218
				"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
219
				VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
220
				if (!$res || !da_sql_affected_rows($link,$res,$config)){
221
					echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
222
					$da_abort=1;
223
				}
224
 
225
				if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
226
					$res = da_sql_query($link,$config,
227
					"SELECT username FROM $config[sql_user_info_table] WHERE
228
					username = '$login';");
229
					if ($res){
230
						if (!da_sql_num_rows($res,$config)){
231
							$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
232
							$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
233
							$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
234
							$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
235
							$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
236
							$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
237
							$res = da_sql_query($link,$config,
238
							"INSERT INTO $config[sql_user_info_table]
239
							(username,name,mail,department,homephone,workphone,mobile) VALUES
240
							('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
241
							if (!$res || !da_sql_affected_rows($link,$res,$config))
242
								// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
243
								echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
244
						}
245
						else
3022 rexy 246
							echo "<b>User already exist</b><br />\n";
2990 rexy 247
					}
248
					else
249
						echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
250
				}
3022 rexy 251
				// if the new user must be in a group
2990 rexy 252
				if (isset($Fgroup) && $Fgroup != ''){
253
					$Fgroup = da_sql_escape_string($link, $Fgroup);
254
					$res = da_sql_query($link,$config,
255
					"SELECT username FROM $config[sql_usergroup_table]
256
					WHERE username = '$login' AND groupname = '$Fgroup';");
257
					if ($res){
258
						if (!da_sql_num_rows($res,$config)){
259
							$res = da_sql_query($link,$config,
260
							"INSERT INTO $config[sql_usergroup_table]
261
							(username,groupname) VALUES ('$login','$Fgroup');");
262
							if (!$res || !da_sql_affected_rows($link,$res,$config))
263
								echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
264
						}
265
						else
266
							echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
267
					}
268
					else
269
						echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
270
				}
3022 rexy 271
				// Creation of the email with the new user login & passwd
2990 rexy 272
				$ip = $_SERVER['REMOTE_ADDR'];
273
				$time = date_create('now')->format('d-m-Y H:i:s');
274
				$domain = $conf["DOMAIN"];
3022 rexy 275
				$hostname  = $conf["HOSTNAME"];
2990 rexy 276
				$to = $Fmail;
3037 rexy 277
				if ($typeMail == "3") { // using an existing @mail
278
					$from = $fromMail; }
279
				else {
280
					$from = "administrator";
281
				}
3022 rexy 282
				$subject = $l_subject;
2990 rexy 283
				$message = "<!DOCTYPE html>
3038 rexy 284
<html>
3062 rexy 285
	<head>
286
		<meta charset=\"utf-8\">
3038 rexy 287
	</head>
288
		<body>
289
			$l_hello,<br/>
290
			<p>$l_automatic_mail<br/>
291
			<h3>$l_login</h3>
292
			<pre>
293
				Login : $login
294
				$l_password : $password
295
			</pre>
296
		</body>
297
</html>";
2990 rexy 298
				$header = "From: $from\n";
299
				$header .= "MIME-Version: 1.0\n";
300
				$header .= "Content-type: text/html; charset=utf-8\n";
301
				if(mail($to, $subject, $message, $header)){
3038 rexy 302
					echo "<center>success : <b>$l_mail_success</b><br>";
303
					if (!empty($adminMail)){ // Creation of the email for the administrator (if enabled)
3026 rexy 304
						$to = $adminMail;
3022 rexy 305
						$subject = "New registration on ALCASAR";
2990 rexy 306
						$message = "<!DOCTYPE html>
3038 rexy 307
<html>
3062 rexy 308
	<head>
309
		<meta charset=\"utf-8\">
3038 rexy 310
	</head>
311
	<body>
3062 rexy 312
		Hello,<br>
313
		<p>$l_automatic_mail<br>
3038 rexy 314
		<h3>A new registration on ALCASAR '$organism' has been made :</h3>
315
		<pre>
316
			@IP   : $ip
317
			Hour  : $time
318
			Login : $login
319
			Email : $Fmail
320
		</pre>
321
	</body>
322
</html>";
2990 rexy 323
						mail($to, $subject, $message, $header);
324
					}
325
				} else {
3022 rexy 326
					// On smtp error, we remove the new user
327
					$link = da_sql_pconnect($config);
2990 rexy 328
					$res2 = da_sql_query($link,$config,
3022 rexy 329
						"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
2990 rexy 330
					$res3 = da_sql_query($link,$config,
331
						"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
3022 rexy 332
					echo "<b>$l_mail_error</b><br />\n";
2990 rexy 333
				}
334
			}
335
			else // Could not open encryption library file
3022 rexy 336
				echo "<b>Error during the account creation process</b><br />\n";
2990 rexy 337
		}
338
		else // Could not connect to SQL database
3022 rexy 339
			echo "<b>Error during the account creation process</b><br />\n";
340
		da_sql_close($link,$config);
2990 rexy 341
	}
342
}
343
?>