WebSVN – ALCASAR – Diff – /web/acc/manager/lib/sql/create_user.php


<?php
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
else{
	echo "<b>Could not include SQL library</b><br>\n";
	exit();
}
include_once('../lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
	include_once("../lib/operators.php");
	$text = ',op';
	$passwd_op = ",':='";
}
 
$da_abort=0;
$op_val2 = '';
$link = da_sql_pconnect($config);
if ($link){
	mysqli_set_charset($link,"utf8");
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
		include_once("../lib/crypt/$config[general_encryption_method].php");
 
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
		//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
		if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
			$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
			//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
			if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
				exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
			}
		}
 
		$passwd = da_encrypt($passwd);
		$passwd = da_sql_escape_string($link, $passwd);
		$res = da_sql_query($link,$config,
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
			$da_abort=1;
		}
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_user_info_table] WHERE
			username = '$login';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_user_info_table]
					(username,name,mail,department,homephone,workphone,mobile) VALUES
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
				}
				else
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
			}
			else
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (isset($Fgroup) && $Fgroup != ''){
			$Fgroup = da_sql_escape_string($link, $Fgroup);
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_usergroup_table]
			WHERE username = '$login' AND groupname = '$Fgroup';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_usergroup_table]
					(username,groupname) VALUES ('$login','$Fgroup');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
				}
				else
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
			}
			else
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (!$da_abort){
			if (isset($Fgroup) && $Fgroup != '')
				require('../lib/defaults.php');
			foreach($show_attrs as $key => $attr){
				if ($attrmap["$key"] == 'none')
					continue;
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
					continue;
				if ($attrmap["$key"] == ''){
					$attrmap["$key"] = $key;
					$attr_type["$key"] = 'replyItem';
					$rev_attrmap["$key"] = $key;
				}
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
					$table = "$config[sql_check_table]";
					$type = 1;
				}
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
					$table = "$config[sql_reply_table]";
					$type = 2;
				}
				$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
				$val = da_sql_escape_string($link, $val);
				$op_name = $attrmap["$key"] . '_op';
				$op_val = (isset($$op_name)) ? $$op_name : '';
				if ($op_val != ''){
					$op_val = da_sql_escape_string($link, $op_val);
					if (check_operator($op_val,$type) == -1){
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
						continue;
					}
					$op_val2 = ",'$op_val'";
				}
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
				if ($val == '' || $chkdef)
					continue;
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
				$res = da_sql_query($link,$config,$sqlquery);
				if (!$res || !da_sql_affected_rows($link,$res,$config))
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
			}
		}
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
	}
	else
		echo "<b>Could not open encryption library file</b><br>\n";
}
else
	echo "<b>Could not connect to SQL database</b><br>\n";
?>
 

Subversion Repositories ALCASAR

(root)/web/acc/manager/lib/sql/create_user.php @ 509 – Rev 2698 → 2843

Rev 2698		Rev 2843
1	`<?php`	1	`<?php`
2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`	2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`
3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`	3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`
4	`else{`	4	`else{`
5	`echo "<b>Could not include SQL library</b><br>\n";`	5	`echo "<b>Could not include SQL library</b><br>\n";`
6	`exit();`	6	`exit();`
7	`}`	7	`}`
8	`include_once('../lib/functions.php');`	8	`include_once('../lib/functions.php');`
9	`if ($config['sql_use_operators'] == 'true'){`	9	`if ($config['sql_use_operators'] == 'true'){`
10	`include_once("../lib/operators.php");`	10	`include_once("../lib/operators.php");`
11	`$text = ',op';`	11	`$text = ',op';`
12	`$passwd_op = ",':='";`	12	`$passwd_op = ",':='";`
13	`}`	13	`}`
14		14
15	`$da_abort=0;`	15	`$da_abort=0;`
16	`$op_val2 = '';`	16	`$op_val2 = '';`
17	`$link = da_sql_pconnect($config);`	17	`$link = da_sql_pconnect($config);`
18	`if ($link){`	18	`if ($link){`
19	`mysqli_set_charset($link,"utf8");`	19	`mysqli_set_charset($link,"utf8");`
20	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`	20	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`
21	`include_once("../lib/crypt/$config[general_encryption_method].php");`	21	`include_once("../lib/crypt/$config[general_encryption_method].php");`
22		22
23	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`	23	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`
24	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`	24	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`
25	`if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:\|\-]?){6}$/', $login)) {`	25	`if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:\|\-]?){6}$/', $login)) {`
26	`$user_ip = exec('sudo /usr/sbin/chilli_query list \| awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));`	26	`$user_ip = exec('sudo /usr/sbin/chilli_query list \| awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));`
27	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`	27	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`
28	`if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {`	28	`if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {`
29	`exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));`	29	`exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));`
30	`}`	30	`}`
31	`}`	31	`}`
32		32
33	`$passwd = da_encrypt($passwd);`	33	`$passwd = da_encrypt($passwd);`
34	`$passwd = da_sql_escape_string($link, $passwd);`	34	`$passwd = da_sql_escape_string($link, $passwd);`
35	`$res = da_sql_query($link,$config,`	35	`$res = da_sql_query($link,$config,`
36	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`	36	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`
37	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`	37	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`
38	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`	38	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`
39	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`	39	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`
40	`$da_abort=1;`	40	`$da_abort=1;`
41	`}`	41	`}`
42	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`	42	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`
43	`$res = da_sql_query($link,$config,`	43	`$res = da_sql_query($link,$config,`
44	`"SELECT username FROM $config[sql_user_info_table] WHERE`	44	`"SELECT username FROM $config[sql_user_info_table] WHERE`
45	`username = '$login';");`	45	`username = '$login';");`
46	`if ($res){`	46	`if ($res){`
47	`if (!da_sql_num_rows($res,$config)){`	47	`if (!da_sql_num_rows($res,$config)){`
48	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`	48	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`
49	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`	49	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`
50	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`	50	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`
51	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`	51	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`
52	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`	52	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`
53	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`	53	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`
54	`$res = da_sql_query($link,$config,`	54	`$res = da_sql_query($link,$config,`
55	`"INSERT INTO $config[sql_user_info_table]`	55	`"INSERT INTO $config[sql_user_info_table]`
56	`(username,name,mail,department,homephone,workphone,mobile) VALUES`	56	`(username,name,mail,department,homephone,workphone,mobile) VALUES`
57	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`	57	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`
58	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	58	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
59	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	59	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
60	`}`	60	`}`
61	`else`	61	`else`
62	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`	62	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`
63	`}`	63	`}`
64	`else`	64	`else`
65	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	65	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
66	`}`	66	`}`
67	`if (isset($Fgroup) && $Fgroup != ''){`	67	`if (isset($Fgroup) && $Fgroup != ''){`
68	`$Fgroup = da_sql_escape_string($link, $Fgroup);`	68	`$Fgroup = da_sql_escape_string($link, $Fgroup);`
69	`$res = da_sql_query($link,$config,`	69	`$res = da_sql_query($link,$config,`
70	`"SELECT username FROM $config[sql_usergroup_table]`	70	`"SELECT username FROM $config[sql_usergroup_table]`
71	`WHERE username = '$login' AND groupname = '$Fgroup';");`	71	`WHERE username = '$login' AND groupname = '$Fgroup';");`
72	`if ($res){`	72	`if ($res){`
73	`if (!da_sql_num_rows($res,$config)){`	73	`if (!da_sql_num_rows($res,$config)){`
74	`$res = da_sql_query($link,$config,`	74	`$res = da_sql_query($link,$config,`
75	`"INSERT INTO $config[sql_usergroup_table]`	75	`"INSERT INTO $config[sql_usergroup_table]`
76	`(username,groupname) VALUES ('$login','$Fgroup');");`	76	`(username,groupname) VALUES ('$login','$Fgroup');");`
77	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	77	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
78	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`	78	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`
79	`}`	79	`}`
80	`else`	80	`else`
81	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`	81	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`
82	`}`	82	`}`
83	`else`	83	`else`
84	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`	84	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`
85	`}`	85	`}`
86	`if (!$da_abort){`	86	`if (!$da_abort){`
87	`if (isset($Fgroup) && $Fgroup != '')`	87	`if (isset($Fgroup) && $Fgroup != '')`
88	`require('../lib/defaults.php');`	88	`require('../lib/defaults.php');`
89	`foreach($show_attrs as $key => $attr){`	89	`foreach($show_attrs as $key => $attr){`
90	`if ($attrmap["$key"] == 'none')`	90	`if ($attrmap["$key"] == 'none')`
91	`continue;`	91	`continue;`
92	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`	92	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`
93	`continue;`	93	`continue;`
94	`if ($attrmap["$key"] == ''){`	94	`if ($attrmap["$key"] == ''){`
95	`$attrmap["$key"] = $key;`	95	`$attrmap["$key"] = $key;`
96	`$attr_type["$key"] = 'replyItem';`	96	`$attr_type["$key"] = 'replyItem';`
97	`$rev_attrmap["$key"] = $key;`	97	`$rev_attrmap["$key"] = $key;`
98	`}`	98	`}`
99	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`	99	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`
100	`$table = "$config[sql_check_table]";`	100	`$table = "$config[sql_check_table]";`
101	`$type = 1;`	101	`$type = 1;`
102	`}`	102	`}`
103	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`	103	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`
104	`$table = "$config[sql_reply_table]";`	104	`$table = "$config[sql_reply_table]";`
105	`$type = 2;`	105	`$type = 2;`
106	`}`	106	`}`
107	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`	107	`$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';`
108	`$val = da_sql_escape_string($link, $val);`	108	`$val = da_sql_escape_string($link, $val);`
109	`$op_name = $attrmap["$key"] . '_op';`	109	`$op_name = $attrmap["$key"] . '_op';`
110	`$op_val = (isset($$op_name)) ? $$op_name : '';`	110	`$op_val = (isset($$op_name)) ? $$op_name : '';`
111	`if ($op_val != ''){`	111	`if ($op_val != ''){`
112	`$op_val = da_sql_escape_string($link, $op_val);`	112	`$op_val = da_sql_escape_string($link, $op_val);`
113	`if (check_operator($op_val,$type) == -1){`	113	`if (check_operator($op_val,$type) == -1){`
114	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`	114	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`
115	`continue;`	115	`continue;`
116	`}`	116	`}`
117	`$op_val2 = ",'$op_val'";`	117	`$op_val2 = ",'$op_val'";`
118	`}`	118	`}`
119	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`	119	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`
120	`if ($val == '' \|\| $chkdef)`	120	`if ($val == '' \|\| $chkdef)`
121	`continue;`	121	`continue;`
122	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`	122	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`
123	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`	123	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`
124	`$res = da_sql_query($link,$config,$sqlquery);`	124	`$res = da_sql_query($link,$config,$sqlquery);`
125	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	125	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
126	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`	126	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`
127	`}`	127	`}`
128	`}`	128	`}`
129	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`	129	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`
130	`}`	130	`}`
131	`else`	131	`else`
132	`echo "<b>Could not open encryption library file</b><br>\n";`	132	`echo "<b>Could not open encryption library file</b><br>\n";`
133	`}`	133	`}`
134	`else`	134	`else`
135	`echo "<b>Could not connect to SQL database</b><br>\n";`	135	`echo "<b>Could not connect to SQL database</b><br>\n";`
136	`?>`	136	`?>`
137		137