Subversion Repositories ALCASAR

Rev

Rev 3011 | Rev 3023 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2990 rexy 1
<?php 
2
 
3003 rexy 3
/************************************************************************
4
*						ALCASAR INSCRIPTION								*
5
*																		*
3022 rexy 6
*	By K@M3L & T3RRY LaPlateforme
7
*	By Rexy																*
3003 rexy 8
*																		*
9
*	Partie back de la page d'inscription des utilisateurs				*
10
*	Récupère les infos de "email_registration_front.php					*
11
*	- Lit le fichier de configuration /usr/local/etc/alcasar.conf		*
3011 rexy 12
*	- Verifie si le login est déjà présent dans la table "radcheck"		*
13
*	- Vérifie si l'@ mail est présent dans la table "userinfo"			*
3003 rexy 14
*	- Vérifie que le domaine du mail est bien WLD (optionnel)			*
3011 rexy 15
*	- Crée l'utilisateur avec un mot de passe aléatoire					*
16
*	- Envoi l'email à l'utilisaeur et à l'admin avec date et IP			*
3003 rexy 17
*																		*
18
*************************************************************************/
2990 rexy 19
 
3022 rexy 20
/****************************************************************
21
*			GLOBAL FILE PATHS			*
22
*****************************************************************/
23
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
24
/****************************************************************
25
*			Conf files reading test			*
26
*****************************************************************/
27
$conf_files = array(CONF_FILE);
28
foreach ($conf_files as $file) {
29
	if (!file_exists($file)) {
30
		exit("Fichier $file non présent");
31
	}
32
	if (!is_readable($file)) {
33
		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
34
	}
35
}
36
/****************************************************************
37
*			Read CONF_FILE				*
38
*****************************************************************/
39
$file_conf = fopen(CONF_FILE, 'r');
40
if (!$file_conf) {
41
	exit('Error opening the file '.CONF_FILE);
42
}
43
while (!feof($file_conf)) {
44
	$buffer = fgets($file_conf, 4096);
45
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
46
		$tmp = explode('=', $buffer, 2);
47
		$conf[trim($tmp[0])] = trim($tmp[1]);
48
	}
49
}
50
fclose($file_conf);
51
$whiteDomain	= explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));
52
$adminMail		= $conf['MAIL_ADMIN'];
53
 
54
/****************************************
55
*			Choice of language			*
56
*****************************************/
3011 rexy 57
$Language = 'en';
58
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
59
	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
60
	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
61
}
62
if ($Language === 'fr') {
63
	$l_invalid_Email = "L'adresse email est invalide";
64
	$l_domain = "Le domaine";
65
	$l_not_authorized = "n'est pas autorisé";
66
	$l_Email_already_used = "Cette adresse email est déjà utilisée.";
3022 rexy 67
	$l_subject = "Activation de votre compte ALCASAR";
68
	$l_hello = "Bonjour";
69
	$l_automatic_mail = "Ceci est un e-mail automatique provenant d'un portail ALCASAR";
70
	$l_login = "Vos indentifiants de connexion :";
71
	$l_email = "Adresse e-mail";
72
	$l_password = "Mot de passe";
73
	$l_go_home = "Rendez-vous sur la page d'accueil";
74
	$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";
3011 rexy 75
} else {
76
	$l_invalid_Email = "Invalid Email address";
77
	$l_domain = "The domain";
78
	$l_not_authorized = "is not authorized";
79
	$l_Email_already_used = "This Email address is already used.";
3022 rexy 80
	$l_subject = "Activation of your ALCASAR account";
81
	$l_hello = "Hello";
82
	$l_automatic_mail = "This is an automatic e-mail from an ALCASAR portal";
83
	$l_login = "Your login credentials :";
84
	$l_email = "e-mail address";
85
	$l_password = "Password";
86
	$l_go_home = "Go to the home page";
87
	$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";
3011 rexy 88
}
89
 
2990 rexy 90
if (is_file("acc/manager/lib/langues.php"))
91
	include("acc/manager/lib/langues.php");
92
 
93
if(!isset($create)) $create=0;
94
if(!isset($show)) $show=0;
95
if(!isset($login)) $login = '';
96
if(!isset($cn)) $cn = '';
97
if(!isset($mail)) $mail = '';
98
if(!isset($langue_imp)) $langue_imp = '';
99
if(!isset($selected)) $selected = array();
100
if(!isset($selected['='])) $selected['='] = '';
101
 
102
require('/etc/freeradius-web/config.php');
103
require('acc/manager/lib/attrshow.php');
104
require('acc/manager/lib/defaults.php');
105
 
106
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
107
	$colspan = 2;
108
	$show_ops = 1;
109
	require('acc/manager/lib/operators.php');
110
} else {
111
	$show_ops = 0;
112
	$colspan = 1;
113
}
114
 
115
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
116
	require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
117
else{
118
	echo "<b>Could not include SQL library</b><br />\n";
119
	exit();
120
}
121
 
122
require('acc/manager/lib/functions.php');
123
if ($config['sql_use_operators'] == 'true'){
124
	include_once("acc/manager/lib/operators.php");
125
	$text = ',op';
126
	$passwd_op = ",':='";
127
}
128
 
129
$da_abort=0;
130
$op_val2 = '';
131
 
132
function GenPassword($nb_car="8")
133
{
134
// Random password
135
	$password = "";
136
	$chaine  = "aAzZeErRtTyYuUIopP152346897mMLkK";
137
	$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
138
	while($nb_car != 0) {
139
		//$i = rand(0,71);
140
		// Bug corrigé
141
		$i = rand(0,66);
142
		$password .= $chaine[$i];
143
		$nb_car--;
144
	}
145
	return $password;
146
}
147
 
148
if(isset($_POST['Fmail'])){
149
	extract($_POST);
150
	$Fmail = htmlentities(strtolower(trim($Fmail)));
151
	if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){  
3011 rexy 152
		echo "<b>$l_invalid_Email</b><br />\n";
2990 rexy 153
		exit();
154
	}
155
 
3022 rexy 156
	// Retrieve the domainName of the new user
2990 rexy 157
	list($user, $domain) = explode('@', $Fmail);
158
 
3022 rexy 159
	// check if the domainName is in the whitelist
2990 rexy 160
	if (!empty($whiteDomain)){
161
		if (!in_array($domain, $whiteDomain)){
3011 rexy 162
			echo "$l_domain $domain $l_not_authorized";
2990 rexy 163
			exit();
164
		}
165
	}
166
	$login  = $Fmail;
167
 
3022 rexy 168
	// check if the new user already exist
2990 rexy 169
	$link = @da_sql_pconnect($config);
170
	if ($link) {
171
		$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
172
		$res = @da_sql_query($link,$config, $sql);
173
	}
3022 rexy 174
	$login_check = da_sql_num_rows($res,$config);
175
	da_sql_close($link,$config);
2990 rexy 176
 
3022 rexy 177
	// check if the new user is already in the profile of an existing user 
2990 rexy 178
	$link = @da_sql_pconnect($config);
179
	if ($link) {
180
		$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
181
		$res = @da_sql_query($link,$config, $sql);
182
	}
3022 rexy 183
	$email_check = da_sql_num_rows($res,$config);
184
	da_sql_close($link,$config);
185
	if($login_check > 0) { // user already exist
3011 rexy 186
		echo "<b>$l_Email_already_used</b><br />\n";
3022 rexy 187
	} else if($email_check > 0) { // email already used
3011 rexy 188
		echo "<b>$l_Email_already_used</b><br />\n";
2990 rexy 189
	} else {
190
		$password = GenPassword();
191
 
3022 rexy 192
		// if we want to enrich the new user profile
2990 rexy 193
/*		$Fcn = "$prenom".".$nom";
194
		$Fou = "";
195
		$Fhomephone = "";
196
		$Ftelephonenumber = "";
197
		$Fmobile = "";
198
*/
199
		$link = da_sql_pconnect($config);
200
		if ($link){
201
			mysqli_set_charset($link,"utf8");
202
			if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
203
				include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
204
 
205
				$passwd = da_encrypt($password);
206
				$passwd = da_sql_escape_string($link, $passwd);
207
				$res = da_sql_query($link,$config,
208
				"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
209
				VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
210
				if (!$res || !da_sql_affected_rows($link,$res,$config)){
211
					echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
212
					$da_abort=1;
213
				}
214
 
215
				if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
216
					$res = da_sql_query($link,$config,
217
					"SELECT username FROM $config[sql_user_info_table] WHERE
218
					username = '$login';");
219
					if ($res){
220
						if (!da_sql_num_rows($res,$config)){
221
							$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
222
							$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
223
							$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
224
							$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
225
							$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
226
							$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
227
							$res = da_sql_query($link,$config,
228
							"INSERT INTO $config[sql_user_info_table]
229
							(username,name,mail,department,homephone,workphone,mobile) VALUES
230
							('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
231
							if (!$res || !da_sql_affected_rows($link,$res,$config))
232
								// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
233
								echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
234
						}
235
						else
3022 rexy 236
							echo "<b>User already exist</b><br />\n";
2990 rexy 237
					}
238
					else
239
						echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
240
				}
3022 rexy 241
				// if the new user must be in a group
2990 rexy 242
				if (isset($Fgroup) && $Fgroup != ''){
243
					$Fgroup = da_sql_escape_string($link, $Fgroup);
244
					$res = da_sql_query($link,$config,
245
					"SELECT username FROM $config[sql_usergroup_table]
246
					WHERE username = '$login' AND groupname = '$Fgroup';");
247
					if ($res){
248
						if (!da_sql_num_rows($res,$config)){
249
							$res = da_sql_query($link,$config,
250
							"INSERT INTO $config[sql_usergroup_table]
251
							(username,groupname) VALUES ('$login','$Fgroup');");
252
							if (!$res || !da_sql_affected_rows($link,$res,$config))
253
								echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
254
						}
255
						else
256
							echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
257
					}
258
					else
259
						echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
260
				}
3022 rexy 261
/*
2990 rexy 262
				if (!$da_abort){
263
					if (isset($Fgroup) && $Fgroup != '')
264
						require('acc/manager/lib/defaults.php');
265
					foreach($show_attrs as $key => $attr){
266
						if ($attrmap["$key"] == 'none')
267
							continue;
268
						if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
269
							continue;
270
						if ($attrmap["$key"] == ''){
271
							$attrmap["$key"] = $key;
272
							$attr_type["$key"] = 'replyItem';
273
							$rev_attrmap["$key"] = $key;
274
						}
275
						if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
276
							$table = "$config[sql_check_table]";
277
							$type = 1;
278
						}
279
						else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
280
							$table = "$config[sql_reply_table]";
281
							$type = 2;
282
						}
283
						$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
284
						$val = da_sql_escape_string($link, $val);
285
						$op_name = $attrmap["$key"] . '_op';
286
						$op_val = (isset($$op_name)) ? $$op_name : '';
287
						if ($op_val != ''){
288
							$op_val = da_sql_escape_string($link, $op_val);
289
							if (check_operator($op_val,$type) == -1){
290
								echo "<b>Invalid operator ($op_val) for attribute $key</b><br />\n";
291
								continue;
292
							}
293
							$op_val2 = ",'$op_val'";
294
						}
295
						$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
296
						if ($val == '' || $chkdef)
297
							continue;
298
						$sqlquery = "INSERT INTO $table (attribute,value,username $text)
299
							VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
300
						$res = da_sql_query($link,$config,$sqlquery);
301
						if (!$res || !da_sql_affected_rows($link,$res,$config))
302
							echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br />\n";
303
					}
304
				}
3022 rexy 305
*/
306
				// Creation of the email with the new user login & passwd
2990 rexy 307
				$ip = $_SERVER['REMOTE_ADDR'];
308
				$time = date_create('now')->format('d-m-Y H:i:s');
309
				$domain = $conf["DOMAIN"];
3022 rexy 310
				$hostname  = $conf["HOSTNAME"];
2990 rexy 311
				$to = $Fmail;
3022 rexy 312
				$from = "administrator";
313
				$subject = $l_subject;
2990 rexy 314
				$message = "<!DOCTYPE html>
315
						<html>
316
							<head>	
317
								<meta charset=\"UTF-8\" />
318
							</head>
319
							<body>
3022 rexy 320
								$l_hello,<br/><br/>
321
								<p>$l_automatic_mail ($hostname.$domain)<br/>
322
								<h4>$l_login</h4>
323
								<pre>
324
									$l_email : $Fmail 
325
									Login : $login
326
									$l_password : $password
327
								</pre>
328
								<p>$l_go_home : <a href=\"https://$hostname.$domain\"></a></p>
2990 rexy 329
							</body>
330
						</html>";
331
				$header = "From: $from\n";
332
				$header .= "MIME-Version: 1.0\n";
333
				$header .= "Content-type: text/html; charset=utf-8\n";
334
				if(mail($to, $subject, $message, $header)){
335
					echo "<center>success : <b>Vous y êtes presque ! $l_user '$login' $l_created</b></center><br />";
336
					echo "<center>success : <b>Un email contenant vos informations de connexion vient de vous être envoyé.</b></center><br />";
3022 rexy 337
					// Creation of the email for the administrator (if enabled)
2990 rexy 338
					if (!empty($adminMail)){
339
						$to = $adminMail;
3022 rexy 340
						$from = "administrator";
341
						$subject = "New registration on ALCASAR";
2990 rexy 342
						$message = "<!DOCTYPE html>
343
							<html>
344
								<head>	
345
									<meta charset=\"UTF-8\" />
346
								</head>
347
								<body>
3022 rexy 348
									Hello,<br/><br/>
349
									<p>This is an automatic e-mail from an ALCASAR portal.<br/>
350
									<h3>A new registration on <strong>$hostname.$domain</strong> has been made :</h3>
351
									<pre>
352
										@IP   :	$ip
353
										Hour :	$time
354
										Login :	$login
355
										Email :	$Fmail 
356
									</pre>
357
									<p><a href=\"https://$hostname\">$domain</a></p>
2990 rexy 358
								</body>
359
							</html>";
360
						$header = "From: $from\n";
361
						$header .= "MIME-Version: 1.0\n";
362
						$header .= "Content-type: text/html; charset=utf-8\n";
363
						mail($to, $subject, $message, $header);
364
					}
365
				} else {
3022 rexy 366
					// On smtp error, we remove the new user
367
					$link = da_sql_pconnect($config);
2990 rexy 368
					$res2 = da_sql_query($link,$config,
3022 rexy 369
						"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
2990 rexy 370
					$res3 = da_sql_query($link,$config,
371
						"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
3022 rexy 372
					echo "<b>$l_mail_error</b><br />\n";
2990 rexy 373
				}
374
			}
375
			else // Could not open encryption library file
3022 rexy 376
				echo "<b>Error during the account creation process</b><br />\n";
2990 rexy 377
		}
378
		else // Could not connect to SQL database
3022 rexy 379
			echo "<b>Error during the account creation process</b><br />\n";
380
		da_sql_close($link,$config);
2990 rexy 381
	}
382
}
383
?>