Subversion Repositories ALCASAR

Rev

Rev 3022 | Rev 3026 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2990 rexy 1
<?php 
2
 
3003 rexy 3
/************************************************************************
4
*						ALCASAR INSCRIPTION								*
5
*																		*
3022 rexy 6
*	By K@M3L & T3RRY LaPlateforme
7
*	By Rexy																*
3003 rexy 8
*																		*
9
*	Partie back de la page d'inscription des utilisateurs				*
10
*	Récupère les infos de "email_registration_front.php					*
11
*	- Lit le fichier de configuration /usr/local/etc/alcasar.conf		*
3011 rexy 12
*	- Verifie si le login est déjà présent dans la table "radcheck"		*
13
*	- Vérifie si l'@ mail est présent dans la table "userinfo"			*
3003 rexy 14
*	- Vérifie que le domaine du mail est bien WLD (optionnel)			*
3011 rexy 15
*	- Crée l'utilisateur avec un mot de passe aléatoire					*
16
*	- Envoi l'email à l'utilisaeur et à l'admin avec date et IP			*
3003 rexy 17
*																		*
18
*************************************************************************/
2990 rexy 19
 
3022 rexy 20
/****************************************************************
21
*			GLOBAL FILE PATHS			*
22
*****************************************************************/
23
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
24
/****************************************************************
25
*			Conf files reading test			*
26
*****************************************************************/
27
$conf_files = array(CONF_FILE);
28
foreach ($conf_files as $file) {
29
	if (!file_exists($file)) {
30
		exit("Fichier $file non présent");
31
	}
32
	if (!is_readable($file)) {
33
		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
34
	}
35
}
36
/****************************************************************
37
*			Read CONF_FILE				*
38
*****************************************************************/
39
$file_conf = fopen(CONF_FILE, 'r');
40
if (!$file_conf) {
41
	exit('Error opening the file '.CONF_FILE);
42
}
43
while (!feof($file_conf)) {
44
	$buffer = fgets($file_conf, 4096);
45
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
46
		$tmp = explode('=', $buffer, 2);
47
		$conf[trim($tmp[0])] = trim($tmp[1]);
48
	}
49
}
50
fclose($file_conf);
51
$whiteDomain	= explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));
52
 
53
/****************************************
54
*			Choice of language			*
55
*****************************************/
3011 rexy 56
$Language = 'en';
57
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
58
	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
59
	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
60
}
61
if ($Language === 'fr') {
62
	$l_invalid_Email = "L'adresse email est invalide";
63
	$l_domain = "Le domaine";
64
	$l_not_authorized = "n'est pas autorisé";
65
	$l_Email_already_used = "Cette adresse email est déjà utilisée.";
3022 rexy 66
	$l_subject = "Activation de votre compte ALCASAR";
67
	$l_hello = "Bonjour";
68
	$l_automatic_mail = "Ceci est un e-mail automatique provenant d'un portail ALCASAR";
69
	$l_login = "Vos indentifiants de connexion :";
70
	$l_email = "Adresse e-mail";
71
	$l_password = "Mot de passe";
72
	$l_go_home = "Rendez-vous sur la page d'accueil";
73
	$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";
3011 rexy 74
} else {
75
	$l_invalid_Email = "Invalid Email address";
76
	$l_domain = "The domain";
77
	$l_not_authorized = "is not authorized";
78
	$l_Email_already_used = "This Email address is already used.";
3022 rexy 79
	$l_subject = "Activation of your ALCASAR account";
80
	$l_hello = "Hello";
81
	$l_automatic_mail = "This is an automatic e-mail from an ALCASAR portal";
82
	$l_login = "Your login credentials :";
83
	$l_email = "e-mail address";
84
	$l_password = "Password";
85
	$l_go_home = "Go to the home page";
86
	$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";
3011 rexy 87
}
88
 
2990 rexy 89
if (is_file("acc/manager/lib/langues.php"))
90
	include("acc/manager/lib/langues.php");
91
 
92
if(!isset($create)) $create=0;
93
if(!isset($show)) $show=0;
94
if(!isset($login)) $login = '';
95
if(!isset($cn)) $cn = '';
96
if(!isset($mail)) $mail = '';
97
if(!isset($langue_imp)) $langue_imp = '';
98
if(!isset($selected)) $selected = array();
99
if(!isset($selected['='])) $selected['='] = '';
100
 
101
require('/etc/freeradius-web/config.php');
102
require('acc/manager/lib/attrshow.php');
103
require('acc/manager/lib/defaults.php');
104
 
105
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
106
	$colspan = 2;
107
	$show_ops = 1;
108
	require('acc/manager/lib/operators.php');
109
} else {
110
	$show_ops = 0;
111
	$colspan = 1;
112
}
113
 
114
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
115
	require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
116
else{
117
	echo "<b>Could not include SQL library</b><br />\n";
118
	exit();
119
}
120
 
121
require('acc/manager/lib/functions.php');
122
if ($config['sql_use_operators'] == 'true'){
123
	include_once("acc/manager/lib/operators.php");
124
	$text = ',op';
125
	$passwd_op = ",':='";
126
}
127
 
128
$da_abort=0;
129
$op_val2 = '';
130
 
131
function GenPassword($nb_car="8")
132
{
133
// Random password
134
	$password = "";
135
	$chaine  = "aAzZeErRtTyYuUIopP152346897mMLkK";
136
	$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
137
	while($nb_car != 0) {
138
		//$i = rand(0,71);
139
		// Bug corrigé
140
		$i = rand(0,66);
141
		$password .= $chaine[$i];
142
		$nb_car--;
143
	}
144
	return $password;
145
}
146
 
147
if(isset($_POST['Fmail'])){
148
	extract($_POST);
149
	$Fmail = htmlentities(strtolower(trim($Fmail)));
150
	if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){  
3011 rexy 151
		echo "<b>$l_invalid_Email</b><br />\n";
2990 rexy 152
		exit();
153
	}
154
 
3022 rexy 155
	// Retrieve the domainName of the new user
2990 rexy 156
	list($user, $domain) = explode('@', $Fmail);
157
 
3022 rexy 158
	// check if the domainName is in the whitelist
2990 rexy 159
	if (!empty($whiteDomain)){
160
		if (!in_array($domain, $whiteDomain)){
3011 rexy 161
			echo "$l_domain $domain $l_not_authorized";
2990 rexy 162
			exit();
163
		}
164
	}
165
	$login  = $Fmail;
166
 
3022 rexy 167
	// check if the new user already exist
2990 rexy 168
	$link = @da_sql_pconnect($config);
169
	if ($link) {
170
		$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
171
		$res = @da_sql_query($link,$config, $sql);
172
	}
3022 rexy 173
	$login_check = da_sql_num_rows($res,$config);
174
	da_sql_close($link,$config);
2990 rexy 175
 
3022 rexy 176
	// check if the new user is already in the profile of an existing user 
2990 rexy 177
	$link = @da_sql_pconnect($config);
178
	if ($link) {
179
		$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
180
		$res = @da_sql_query($link,$config, $sql);
181
	}
3022 rexy 182
	$email_check = da_sql_num_rows($res,$config);
183
	da_sql_close($link,$config);
184
	if($login_check > 0) { // user already exist
3011 rexy 185
		echo "<b>$l_Email_already_used</b><br />\n";
3022 rexy 186
	} else if($email_check > 0) { // email already used
3011 rexy 187
		echo "<b>$l_Email_already_used</b><br />\n";
2990 rexy 188
	} else {
189
		$password = GenPassword();
190
 
3022 rexy 191
		// if we want to enrich the new user profile
2990 rexy 192
/*		$Fcn = "$prenom".".$nom";
193
		$Fou = "";
194
		$Fhomephone = "";
195
		$Ftelephonenumber = "";
196
		$Fmobile = "";
197
*/
198
		$link = da_sql_pconnect($config);
199
		if ($link){
200
			mysqli_set_charset($link,"utf8");
201
			if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
202
				include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
203
 
204
				$passwd = da_encrypt($password);
205
				$passwd = da_sql_escape_string($link, $passwd);
206
				$res = da_sql_query($link,$config,
207
				"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
208
				VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
209
				if (!$res || !da_sql_affected_rows($link,$res,$config)){
210
					echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
211
					$da_abort=1;
212
				}
213
 
214
				if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
215
					$res = da_sql_query($link,$config,
216
					"SELECT username FROM $config[sql_user_info_table] WHERE
217
					username = '$login';");
218
					if ($res){
219
						if (!da_sql_num_rows($res,$config)){
220
							$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
221
							$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
222
							$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
223
							$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
224
							$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
225
							$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
226
							$res = da_sql_query($link,$config,
227
							"INSERT INTO $config[sql_user_info_table]
228
							(username,name,mail,department,homephone,workphone,mobile) VALUES
229
							('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
230
							if (!$res || !da_sql_affected_rows($link,$res,$config))
231
								// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
232
								echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
233
						}
234
						else
3022 rexy 235
							echo "<b>User already exist</b><br />\n";
2990 rexy 236
					}
237
					else
238
						echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
239
				}
3022 rexy 240
				// if the new user must be in a group
2990 rexy 241
				if (isset($Fgroup) && $Fgroup != ''){
242
					$Fgroup = da_sql_escape_string($link, $Fgroup);
243
					$res = da_sql_query($link,$config,
244
					"SELECT username FROM $config[sql_usergroup_table]
245
					WHERE username = '$login' AND groupname = '$Fgroup';");
246
					if ($res){
247
						if (!da_sql_num_rows($res,$config)){
248
							$res = da_sql_query($link,$config,
249
							"INSERT INTO $config[sql_usergroup_table]
250
							(username,groupname) VALUES ('$login','$Fgroup');");
251
							if (!$res || !da_sql_affected_rows($link,$res,$config))
252
								echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
253
						}
254
						else
255
							echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
256
					}
257
					else
258
						echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
259
				}
3022 rexy 260
/*
2990 rexy 261
				if (!$da_abort){
262
					if (isset($Fgroup) && $Fgroup != '')
263
						require('acc/manager/lib/defaults.php');
264
					foreach($show_attrs as $key => $attr){
265
						if ($attrmap["$key"] == 'none')
266
							continue;
267
						if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
268
							continue;
269
						if ($attrmap["$key"] == ''){
270
							$attrmap["$key"] = $key;
271
							$attr_type["$key"] = 'replyItem';
272
							$rev_attrmap["$key"] = $key;
273
						}
274
						if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
275
							$table = "$config[sql_check_table]";
276
							$type = 1;
277
						}
278
						else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
279
							$table = "$config[sql_reply_table]";
280
							$type = 2;
281
						}
282
						$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
283
						$val = da_sql_escape_string($link, $val);
284
						$op_name = $attrmap["$key"] . '_op';
285
						$op_val = (isset($$op_name)) ? $$op_name : '';
286
						if ($op_val != ''){
287
							$op_val = da_sql_escape_string($link, $op_val);
288
							if (check_operator($op_val,$type) == -1){
289
								echo "<b>Invalid operator ($op_val) for attribute $key</b><br />\n";
290
								continue;
291
							}
292
							$op_val2 = ",'$op_val'";
293
						}
294
						$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
295
						if ($val == '' || $chkdef)
296
							continue;
297
						$sqlquery = "INSERT INTO $table (attribute,value,username $text)
298
							VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
299
						$res = da_sql_query($link,$config,$sqlquery);
300
						if (!$res || !da_sql_affected_rows($link,$res,$config))
301
							echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br />\n";
302
					}
303
				}
3022 rexy 304
*/
305
				// Creation of the email with the new user login & passwd
2990 rexy 306
				$ip = $_SERVER['REMOTE_ADDR'];
307
				$time = date_create('now')->format('d-m-Y H:i:s');
308
				$domain = $conf["DOMAIN"];
3022 rexy 309
				$hostname  = $conf["HOSTNAME"];
2990 rexy 310
				$to = $Fmail;
3023 rexy 311
				$from = $conf["MAIL_ADDR"];
3022 rexy 312
				$subject = $l_subject;
2990 rexy 313
				$message = "<!DOCTYPE html>
314
						<html>
315
							<head>	
316
								<meta charset=\"UTF-8\" />
317
							</head>
318
							<body>
3022 rexy 319
								$l_hello,<br/><br/>
320
								<p>$l_automatic_mail ($hostname.$domain)<br/>
321
								<h4>$l_login</h4>
322
								<pre>
323
									$l_email : $Fmail 
324
									Login : $login
325
									$l_password : $password
326
								</pre>
327
								<p>$l_go_home : <a href=\"https://$hostname.$domain\"></a></p>
2990 rexy 328
							</body>
329
						</html>";
330
				$header = "From: $from\n";
331
				$header .= "MIME-Version: 1.0\n";
332
				$header .= "Content-type: text/html; charset=utf-8\n";
333
				if(mail($to, $subject, $message, $header)){
334
					echo "<center>success : <b>Vous y êtes presque ! $l_user '$login' $l_created</b></center><br />";
335
					echo "<center>success : <b>Un email contenant vos informations de connexion vient de vous être envoyé.</b></center><br />";
3022 rexy 336
					// Creation of the email for the administrator (if enabled)
3023 rexy 337
					if (!empty($conf['MAIL_ADMIN']){
338
						$to = $conf['MAIL_ADMIN'];
339
						$from = $conf["MAIL_ADDR"];
3022 rexy 340
						$subject = "New registration on ALCASAR";
2990 rexy 341
						$message = "<!DOCTYPE html>
342
							<html>
343
								<head>	
344
									<meta charset=\"UTF-8\" />
345
								</head>
346
								<body>
3022 rexy 347
									Hello,<br/><br/>
348
									<p>This is an automatic e-mail from an ALCASAR portal.<br/>
349
									<h3>A new registration on <strong>$hostname.$domain</strong> has been made :</h3>
350
									<pre>
351
										@IP   :	$ip
352
										Hour :	$time
353
										Login :	$login
354
										Email :	$Fmail 
355
									</pre>
356
									<p><a href=\"https://$hostname\">$domain</a></p>
2990 rexy 357
								</body>
358
							</html>";
359
						$header = "From: $from\n";
360
						$header .= "MIME-Version: 1.0\n";
361
						$header .= "Content-type: text/html; charset=utf-8\n";
362
						mail($to, $subject, $message, $header);
363
					}
364
				} else {
3022 rexy 365
					// On smtp error, we remove the new user
366
					$link = da_sql_pconnect($config);
2990 rexy 367
					$res2 = da_sql_query($link,$config,
3022 rexy 368
						"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
2990 rexy 369
					$res3 = da_sql_query($link,$config,
370
						"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
3022 rexy 371
					echo "<b>$l_mail_error</b><br />\n";
2990 rexy 372
				}
373
			}
374
			else // Could not open encryption library file
3022 rexy 375
				echo "<b>Error during the account creation process</b><br />\n";
2990 rexy 376
		}
377
		else // Could not connect to SQL database
3022 rexy 378
			echo "<b>Error during the account creation process</b><br />\n";
379
		da_sql_close($link,$config);
2990 rexy 380
	}
381
}
382
?>