WebSVN – ALCASAR – Diff – /web/email_registration_back.php


<?php 
 
/************************************************************************
*						ALCASAR INSCRIPTION								*
*																		*
*	By K@M3L & T3RRY LaPlateforme
*	By Rexy																*
*																		*
*	Partie back de la page d'inscription des utilisateurs				*
*	Récupère les infos de "email_registration_front.php					*
*	- Lit le fichier de configuration /usr/local/etc/alcasar.conf		*
*	- Verifie si le login est déjà présent dans la table "radcheck"		*
*	- Vérifie si l'@ mail est présent dans la table "userinfo"			*
*	- Vérifie que le domaine du mail est bien WLD (optionnel)			*
*	- Crée l'utilisateur avec un mot de passe aléatoire					*
*	- Envoi l'email à l'utilisaeur et à l'admin avec date et IP			*
*																		*
*************************************************************************/
 
/****************************************************************
*			GLOBAL FILE PATHS			*
*****************************************************************/
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
/****************************************************************
*			Conf files reading test			*
*****************************************************************/
$conf_files = array(CONF_FILE);
foreach ($conf_files as $file) {
	if (!file_exists($file)) {
		exit("Fichier $file non présent");
	}
	if (!is_readable($file)) {
		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
	}
}
/****************************************************************
*			Read CONF_FILE				*
*****************************************************************/
$file_conf = fopen(CONF_FILE, 'r');
if (!$file_conf) {
	exit('Error opening the file '.CONF_FILE);
}
while (!feof($file_conf)) {
	$buffer = fgets($file_conf, 4096);
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
		$tmp = explode('=', $buffer, 2);
		$conf[trim($tmp[0])] = trim($tmp[1]);
	}
}
fclose($file_conf);
$whiteDomain	= explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));
$adminMail		= $conf['MAIL_ADMIN'];
$typeMail		= $conf['MAIL_TYPE'];
$fromMail		= $conf['MAIL_ADDR'];
$organism		= $conf['ORGANISM'];
 
/****************************************
*			Choice of language			*
*****************************************/
$Language = 'en';
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
}
if ($Language === 'fr') {
	$l_invalid_Email = "L'adresse e-mail est invalide";
	$l_domain = "Le domaine";
	$l_not_authorized = "n'est pas autorisé";
	$l_Email_already_used = "Cette adresse e-mail est déjà utilisée.";
	$l_subject = "Activation de votre compte ALCASAR";
	$l_hello = "Bonjour";
	$l_automatic_mail = "Ceci est un e-mail automatique provenant du portail ALCASAR : $organism";
	$l_login = "Voici vos indentifiants de connexion :";
	$l_password = "Mot de passe";
	$l_mail_success = "Un mot de passe vient d'être envoyé à votre adresse e-mail.";
	$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";
} else if ($Language === 'es') {
	$l_invalid_Email = "Dirección de correo electrónico no válida";
	$l_domain = "El dominio";
	$l_not_authorized = "no está autorizado";
	$l_Email_already_used = "Esta dirección de correo electrónico ya está utilizada.";
	$l_subject = "Activación de su cuenta ALCASAR";
	$l_hello = "Hola";
	$l_automatic_mail = "Este es un correo electrónico automático del portal ALCASAR : $organism";
	$l_login = "Estas son sus credenciales de acceso:";
	$l_password = "Contraseña";
	$l_mail_success = "Se ha enviado una contraseña a su dirección de correo electrónico.";
	$l_mail_error = "Error al enviar el correo electrónico. Renueve su registro o póngase en contacto con su administrador.";
} else {
	$l_invalid_Email = "Invalid Email address";
	$l_domain = "The domain";
	$l_not_authorized = "is not authorized";
	$l_Email_already_used = "This Email address is already used.";
	$l_subject = "Activation of your ALCASAR account";
	$l_hello = "Hello";
	$l_automatic_mail = "This is an automatic e-mail from ALCASAR portal : $organism";
	$l_login = "Here are your login credentials :";
	$l_password = "Password";
	$l_mail_success = "A password has been sent to your e-mail address";
	$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";
}
 
if(!isset($create)) $create=0;
if(!isset($show)) $show=0;
if(!isset($login)) $login = '';
if(!isset($cn)) $cn = '';
if(!isset($mail)) $mail = '';
if(!isset($langue_imp)) $langue_imp = '';
if(!isset($selected)) $selected = array();
if(!isset($selected['='])) $selected['='] = '';
 
require('/etc/freeradius-web/config.php');
require('acc/manager/lib/attrshow.php');
require('acc/manager/lib/defaults.php');
 
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
	$colspan = 2;
	$show_ops = 1;
	require('acc/manager/lib/operators.php');
} else {
	$show_ops = 0;
	$colspan = 1;
}
 
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
	require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
else{
	echo "<b>Could not include SQL library</b><br />\n";
	exit();
}
 
require('acc/manager/lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
	include_once("acc/manager/lib/operators.php");
	$text = ',op';
	$passwd_op = ",':='";
}
 
$da_abort=0;
$op_val2 = '';
 
function GenPassword($nb_car="8")
{
// Random password
	$password = "";
	$chaine  = "aAzZeErRtTyYuUIopP152346897mMLkK";
	$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
	while($nb_car != 0) {
		//$i = rand(0,71);
		// Bug corrigé
		$i = rand(0,66);
		$password .= $chaine[$i];
		$nb_car--;
	}
	return $password;
}
 
if(isset($_POST['Fmail'])){
	extract($_POST);
	$Fmail = htmlentities(strtolower(trim($Fmail)));
	if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){  
		echo "<b>$l_invalid_Email</b><br />\n";
		exit();
	}
	
	// Retrieve the domainName of the new user
	list($user, $domain) = explode('@', $Fmail);
 
	// check if the domainName is in the whitelist
	if (!empty($whiteDomain)){
		if (!in_array($domain, $whiteDomain)){
			echo "$l_domain $domain $l_not_authorized";
			exit();
		}
	}
	$login  = $Fmail;
	
	// check if the new user already exist
	$link = @da_sql_pconnect($config);
	if ($link) {
		$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
		$res = @da_sql_query($link,$config, $sql);
	}
	$login_check = da_sql_num_rows($res,$config);
	da_sql_close($link,$config);
	
	// check if the new user is already in the profile of an existing user 
	$link = @da_sql_pconnect($config);
	if ($link) {
		$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
		$res = @da_sql_query($link,$config, $sql);
	}
	$email_check = da_sql_num_rows($res,$config);
	da_sql_close($link,$config);
	if($login_check > 0) { // user already exist
		echo "<b>$l_Email_already_used</b><br />\n";
	} else if($email_check > 0) { // email already used
		echo "<b>$l_Email_already_used</b><br />\n";
	} else {
		$password = GenPassword();
		
		// if we want to enrich the new user profile
/*		$Fcn = "$prenom".".$nom";
		$Fou = "";
		$Fhomephone = "";
		$Ftelephonenumber = "";
		$Fmobile = "";
*/
		$link = da_sql_pconnect($config);
		if ($link){
			mysqli_set_charset($link,"utf8");
			if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
				include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
 
				$passwd = da_encrypt($password);
				$passwd = da_sql_escape_string($link, $passwd);
				$res = da_sql_query($link,$config,
				"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
				VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
				if (!$res || !da_sql_affected_rows($link,$res,$config)){
					echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
					$da_abort=1;
				}
 
				if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
					$res = da_sql_query($link,$config,
					"SELECT username FROM $config[sql_user_info_table] WHERE
					username = '$login';");
					if ($res){
						if (!da_sql_num_rows($res,$config)){
							$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
							$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
							$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
							$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
							$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
							$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
							$res = da_sql_query($link,$config,
							"INSERT INTO $config[sql_user_info_table]
							(username,name,mail,department,homephone,workphone,mobile) VALUES
							('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
							if (!$res || !da_sql_affected_rows($link,$res,$config))
								// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
								echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
						}
						else
							echo "<b>User already exist</b><br />\n";
					}
					else
						echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
				}
				// if the new user must be in a group
				if (isset($Fgroup) && $Fgroup != ''){
					$Fgroup = da_sql_escape_string($link, $Fgroup);
					$res = da_sql_query($link,$config,
					"SELECT username FROM $config[sql_usergroup_table]
					WHERE username = '$login' AND groupname = '$Fgroup';");
					if ($res){
						if (!da_sql_num_rows($res,$config)){
							$res = da_sql_query($link,$config,
							"INSERT INTO $config[sql_usergroup_table]
							(username,groupname) VALUES ('$login','$Fgroup');");
							if (!$res || !da_sql_affected_rows($link,$res,$config))
								echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
						}
						else
							echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
					}
					else
						echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
				}
				// Creation of the email with the new user login & passwd
				$ip = $_SERVER['REMOTE_ADDR'];
				$time = date_create('now')->format('d-m-Y H:i:s');
				$domain = $conf["DOMAIN"];
				$hostname  = $conf["HOSTNAME"];
				$to = $Fmail;
				if ($typeMail == "3") { // using an existing @mail
					$from = $fromMail; }
				else {
					$from = "administrator";
				}
				$subject = $l_subject;
				$message = "<!DOCTYPE html>
<html>
	<head>
		<meta charset=\"utf-8\">
	</head>
		<body>
			$l_hello,<br/>
			<p>$l_automatic_mail<br/>
			<h3>$l_login</h3>
			<pre>
				Login : $login
				$l_password : $password
			</pre>
		</body>
</html>";
				$header = "From: $from\n";
				$header .= "MIME-Version: 1.0\n";
				$header .= "Content-type: text/html; charset=utf-8\n";
				if(mail($to, $subject, $message, $header)){
					echo "<center>success : <b>$l_mail_success</b><br>";
					if (!empty($adminMail)){ // Creation of the email for the administrator (if enabled)
						$to = $adminMail;
						$subject = "New registration on ALCASAR";
						$message = "<!DOCTYPE html>
<html>
	<head>
		<meta charset=\"utf-8\">
	</head>
	<body>
		Hello,<br>
		<p>$l_automatic_mail<br>
		<h3>A new registration on ALCASAR '$organism' has been made :</h3>
		<pre>
			@IP   : $ip
			Hour  : $time
			Login : $login
			Email : $Fmail
		</pre>
	</body>
</html>";
						mail($to, $subject, $message, $header);
					}
				} else {
					// On smtp error, we remove the new user
					$link = da_sql_pconnect($config);
					$res2 = da_sql_query($link,$config,
						"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
					$res3 = da_sql_query($link,$config,
						"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
					echo "<b>$l_mail_error</b><br />\n";
				}
			}
			else // Could not open encryption library file
				echo "<b>Error during the account creation process</b><br />\n";
		}
		else // Could not connect to SQL database
			echo "<b>Error during the account creation process</b><br />\n";
		da_sql_close($link,$config);
	}
}
?>
 

Rev 3062	Rev 3070
1	`<?php`	1	`<?php`
2		2
3	`/************************************************************************`	3	`/************************************************************************`
4	`* ALCASAR INSCRIPTION *`	4	`* ALCASAR INSCRIPTION *`
5	`* *`	5	`* *`
6	`* By K@M3L & T3RRY LaPlateforme`	6	`* By K@M3L & T3RRY LaPlateforme`
7	`* By Rexy *`	7	`* By Rexy *`
8	`* *`	8	`* *`
9	`* Partie back de la page d'inscription des utilisateurs *`	9	`* Partie back de la page d'inscription des utilisateurs *`
10	`* Récupère les infos de "email_registration_front.php *`	10	`* Récupère les infos de "email_registration_front.php *`
11	`* - Lit le fichier de configuration /usr/local/etc/alcasar.conf *`	11	`* - Lit le fichier de configuration /usr/local/etc/alcasar.conf *`
12	`* - Verifie si le login est déjà présent dans la table "radcheck" *`	12	`* - Verifie si le login est déjà présent dans la table "radcheck" *`
13	`* - Vérifie si l'@ mail est présent dans la table "userinfo" *`	13	`* - Vérifie si l'@ mail est présent dans la table "userinfo" *`
14	`* - Vérifie que le domaine du mail est bien WLD (optionnel) *`	14	`* - Vérifie que le domaine du mail est bien WLD (optionnel) *`
15	`* - Crée l'utilisateur avec un mot de passe aléatoire *`	15	`* - Crée l'utilisateur avec un mot de passe aléatoire *`
16	`* - Envoi l'email à l'utilisaeur et à l'admin avec date et IP *`	16	`* - Envoi l'email à l'utilisaeur et à l'admin avec date et IP *`
17	`* *`	17	`* *`
18	`*************************************************************************/`	18	`*************************************************************************/`
19		19
20	`/****************************************************************`	20	`/****************************************************************`
21	`* GLOBAL FILE PATHS *`	21	`* GLOBAL FILE PATHS *`
22	`*****************************************************************/`	22	`*****************************************************************/`
23	`define('CONF_FILE', '/usr/local/etc/alcasar.conf');`	23	`define('CONF_FILE', '/usr/local/etc/alcasar.conf');`
24	`/****************************************************************`	24	`/****************************************************************`
25	`* Conf files reading test *`	25	`* Conf files reading test *`
26	`*****************************************************************/`	26	`*****************************************************************/`
27	`$conf_files = array(CONF_FILE);`	27	`$conf_files = array(CONF_FILE);`
28	`foreach ($conf_files as $file) {`	28	`foreach ($conf_files as $file) {`
29	`if (!file_exists($file)) {`	29	`if (!file_exists($file)) {`
30	`exit("Fichier $file non présent");`	30	`exit("Fichier $file non présent");`
31	`}`	31	`}`
32	`if (!is_readable($file)) {`	32	`if (!is_readable($file)) {`
33	`exit("Vous n'avez pas les droits de lecture sur le fichier $file");`	33	`exit("Vous n'avez pas les droits de lecture sur le fichier $file");`
34	`}`	34	`}`
35	`}`	35	`}`
36	`/****************************************************************`	36	`/****************************************************************`
37	`* Read CONF_FILE *`	37	`* Read CONF_FILE *`
38	`*****************************************************************/`	38	`*****************************************************************/`
39	`$file_conf = fopen(CONF_FILE, 'r');`	39	`$file_conf = fopen(CONF_FILE, 'r');`
40	`if (!$file_conf) {`	40	`if (!$file_conf) {`
41	`exit('Error opening the file '.CONF_FILE);`	41	`exit('Error opening the file '.CONF_FILE);`
42	`}`	42	`}`
43	`while (!feof($file_conf)) {`	43	`while (!feof($file_conf)) {`
44	`$buffer = fgets($file_conf, 4096);`	44	`$buffer = fgets($file_conf, 4096);`
45	`if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {`	45	`if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {`
46	`$tmp = explode('=', $buffer, 2);`	46	`$tmp = explode('=', $buffer, 2);`
47	`$conf[trim($tmp[0])] = trim($tmp[1]);`	47	`$conf[trim($tmp[0])] = trim($tmp[1]);`
48	`}`	48	`}`
49	`}`	49	`}`
50	`fclose($file_conf);`	50	`fclose($file_conf);`
51	`$whiteDomain = explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));`	51	`$whiteDomain = explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));`
52	`$adminMail = $conf['MAIL_ADMIN'];`	52	`$adminMail = $conf['MAIL_ADMIN'];`
53	`$typeMail = $conf['MAIL_TYPE'];`	53	`$typeMail = $conf['MAIL_TYPE'];`
54	`$fromMail = $conf['MAIL_ADDR'];`	54	`$fromMail = $conf['MAIL_ADDR'];`
55	`$organism = $conf['ORGANISM'];`	55	`$organism = $conf['ORGANISM'];`
56		56
57	`/****************************************`	57	`/****************************************`
58	`* Choice of language *`	58	`* Choice of language *`
59	`*****************************************/`	59	`*****************************************/`
60	`$Language = 'en';`	60	`$Language = 'en';`
61	`if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {`	61	`if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {`
62	`$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);`	62	`$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);`
63	`$Language = strtolower(substr(chop($Langue[0]), 0, 2));`	63	`$Language = strtolower(substr(chop($Langue[0]), 0, 2));`
64	`}`	64	`}`
65	`if ($Language === 'fr') {`	65	`if ($Language === 'fr') {`
66	`$l_invalid_Email = "L'adresse e-mail est invalide";`	66	`$l_invalid_Email = "L'adresse e-mail est invalide";`
67	`$l_domain = "Le domaine";`	67	`$l_domain = "Le domaine";`
68	`$l_not_authorized = "n'est pas autorisé";`	68	`$l_not_authorized = "n'est pas autorisé";`
69	`$l_Email_already_used = "Cette adresse e-mail est déjà utilisée.";`	69	`$l_Email_already_used = "Cette adresse e-mail est déjà utilisée.";`
70	`$l_subject = "Activation de votre compte ALCASAR";`	70	`$l_subject = "Activation de votre compte ALCASAR";`
71	`$l_hello = "Bonjour";`	71	`$l_hello = "Bonjour";`
72	`$l_automatic_mail = "Ceci est un e-mail automatique provenant du portail ALCASAR : $organism";`	72	`$l_automatic_mail = "Ceci est un e-mail automatique provenant du portail ALCASAR : $organism";`
73	`$l_login = "Voici vos indentifiants de connexion :";`	73	`$l_login = "Voici vos indentifiants de connexion :";`
74	`$l_password = "Mot de passe";`	74	`$l_password = "Mot de passe";`
75	`$l_mail_success = "Un mot de passe vient d'être envoyé à votre adresse e-mail.";`	75	`$l_mail_success = "Un mot de passe vient d'être envoyé à votre adresse e-mail.";`
76	`$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";`	76	`$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";`
-		77	`} else if ($Language === 'es') {`
-		78	`$l_invalid_Email = "Dirección de correo electrónico no válida";`
-		79	`$l_domain = "El dominio";`
-		80	`$l_not_authorized = "no está autorizado";`
-		81	`$l_Email_already_used = "Esta dirección de correo electrónico ya está utilizada.";`
-		82	`$l_subject = "Activación de su cuenta ALCASAR";`
-		83	`$l_hello = "Hola";`
-		84	`$l_automatic_mail = "Este es un correo electrónico automático del portal ALCASAR : $organism";`
-		85	`$l_login = "Estas son sus credenciales de acceso:";`
-		86	`$l_password = "Contraseña";`
-		87	`$l_mail_success = "Se ha enviado una contraseña a su dirección de correo electrónico.";`
-		88	`$l_mail_error = "Error al enviar el correo electrónico. Renueve su registro o póngase en contacto con su administrador.";`
77	`} else {`	89	`} else {`
78	`$l_invalid_Email = "Invalid Email address";`	90	`$l_invalid_Email = "Invalid Email address";`
79	`$l_domain = "The domain";`	91	`$l_domain = "The domain";`
80	`$l_not_authorized = "is not authorized";`	92	`$l_not_authorized = "is not authorized";`
81	`$l_Email_already_used = "This Email address is already used.";`	93	`$l_Email_already_used = "This Email address is already used.";`
82	`$l_subject = "Activation of your ALCASAR account";`	94	`$l_subject = "Activation of your ALCASAR account";`
83	`$l_hello = "Hello";`	95	`$l_hello = "Hello";`
84	`$l_automatic_mail = "This is an automatic e-mail from ALCASAR portal : $organism";`	96	`$l_automatic_mail = "This is an automatic e-mail from ALCASAR portal : $organism";`
85	`$l_login = "Here are your login credentials :";`	97	`$l_login = "Here are your login credentials :";`
86	`$l_password = "Password";`	98	`$l_password = "Password";`
87	`$l_mail_success = "A password has been sent to your e-mail address";`	99	`$l_mail_success = "A password has been sent to your e-mail address";`
88	`$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";`	100	`$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";`
89	`}`	101	`}`
90		102
91	`if(!isset($create)) $create=0;`	103	`if(!isset($create)) $create=0;`
92	`if(!isset($show)) $show=0;`	104	`if(!isset($show)) $show=0;`
93	`if(!isset($login)) $login = '';`	105	`if(!isset($login)) $login = '';`
94	`if(!isset($cn)) $cn = '';`	106	`if(!isset($cn)) $cn = '';`
95	`if(!isset($mail)) $mail = '';`	107	`if(!isset($mail)) $mail = '';`
96	`if(!isset($langue_imp)) $langue_imp = '';`	108	`if(!isset($langue_imp)) $langue_imp = '';`
97	`if(!isset($selected)) $selected = array();`	109	`if(!isset($selected)) $selected = array();`
98	`if(!isset($selected['='])) $selected['='] = '';`	110	`if(!isset($selected['='])) $selected['='] = '';`
99		111
100	`require('/etc/freeradius-web/config.php');`	112	`require('/etc/freeradius-web/config.php');`
101	`require('acc/manager/lib/attrshow.php');`	113	`require('acc/manager/lib/attrshow.php');`
102	`require('acc/manager/lib/defaults.php');`	114	`require('acc/manager/lib/defaults.php');`
103		115
104	`if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {`	116	`if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {`
105	`$colspan = 2;`	117	`$colspan = 2;`
106	`$show_ops = 1;`	118	`$show_ops = 1;`
107	`require('acc/manager/lib/operators.php');`	119	`require('acc/manager/lib/operators.php');`
108	`} else {`	120	`} else {`
109	`$show_ops = 0;`	121	`$show_ops = 0;`
110	`$colspan = 1;`	122	`$colspan = 1;`
111	`}`	123	`}`
112		124
113	`if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))`	125	`if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))`
114	`require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");`	126	`require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");`
115	`else{`	127	`else{`
116	`echo "<b>Could not include SQL library</b><br />\n";`	128	`echo "<b>Could not include SQL library</b><br />\n";`
117	`exit();`	129	`exit();`
118	`}`	130	`}`
119		131
120	`require('acc/manager/lib/functions.php');`	132	`require('acc/manager/lib/functions.php');`
121	`if ($config['sql_use_operators'] == 'true'){`	133	`if ($config['sql_use_operators'] == 'true'){`
122	`include_once("acc/manager/lib/operators.php");`	134	`include_once("acc/manager/lib/operators.php");`
123	`$text = ',op';`	135	`$text = ',op';`
124	`$passwd_op = ",':='";`	136	`$passwd_op = ",':='";`
125	`}`	137	`}`
126		138
127	`$da_abort=0;`	139	`$da_abort=0;`
128	`$op_val2 = '';`	140	`$op_val2 = '';`
129		141
130	`function GenPassword($nb_car="8")`	142	`function GenPassword($nb_car="8")`
131	`{`	143	`{`
132	`// Random password`	144	`// Random password`
133	`$password = "";`	145	`$password = "";`
134	`$chaine = "aAzZeErRtTyYuUIopP152346897mMLkK";`	146	`$chaine = "aAzZeErRtTyYuUIopP152346897mMLkK";`
135	`$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";`	147	`$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";`
136	`while($nb_car != 0) {`	148	`while($nb_car != 0) {`
137	`//$i = rand(0,71);`	149	`//$i = rand(0,71);`
138	`// Bug corrigé`	150	`// Bug corrigé`
139	`$i = rand(0,66);`	151	`$i = rand(0,66);`
140	`$password .= $chaine[$i];`	152	`$password .= $chaine[$i];`
141	`$nb_car--;`	153	`$nb_car--;`
142	`}`	154	`}`
143	`return $password;`	155	`return $password;`
144	`}`	156	`}`
145		157
146	`if(isset($_POST['Fmail'])){`	158	`if(isset($_POST['Fmail'])){`
147	`extract($_POST);`	159	`extract($_POST);`
148	`$Fmail = htmlentities(strtolower(trim($Fmail)));`	160	`$Fmail = htmlentities(strtolower(trim($Fmail)));`
149	`if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){`	161	`if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){`
150	`echo "<b>$l_invalid_Email</b><br />\n";`	162	`echo "<b>$l_invalid_Email</b><br />\n";`
151	`exit();`	163	`exit();`
152	`}`	164	`}`
153		165
154	`// Retrieve the domainName of the new user`	166	`// Retrieve the domainName of the new user`
155	`list($user, $domain) = explode('@', $Fmail);`	167	`list($user, $domain) = explode('@', $Fmail);`
156		168
157	`// check if the domainName is in the whitelist`	169	`// check if the domainName is in the whitelist`
158	`if (!empty($whiteDomain)){`	170	`if (!empty($whiteDomain)){`
159	`if (!in_array($domain, $whiteDomain)){`	171	`if (!in_array($domain, $whiteDomain)){`
160	`echo "$l_domain $domain $l_not_authorized";`	172	`echo "$l_domain $domain $l_not_authorized";`
161	`exit();`	173	`exit();`
162	`}`	174	`}`
163	`}`	175	`}`
164	`$login = $Fmail;`	176	`$login = $Fmail;`
165		177
166	`// check if the new user already exist`	178	`// check if the new user already exist`
167	`$link = @da_sql_pconnect($config);`	179	`$link = @da_sql_pconnect($config);`
168	`if ($link) {`	180	`if ($link) {`
169	`$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";`	181	`$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";`
170	`$res = @da_sql_query($link,$config, $sql);`	182	`$res = @da_sql_query($link,$config, $sql);`
171	`}`	183	`}`
172	`$login_check = da_sql_num_rows($res,$config);`	184	`$login_check = da_sql_num_rows($res,$config);`
173	`da_sql_close($link,$config);`	185	`da_sql_close($link,$config);`
174		186
175	`// check if the new user is already in the profile of an existing user`	187	`// check if the new user is already in the profile of an existing user`
176	`$link = @da_sql_pconnect($config);`	188	`$link = @da_sql_pconnect($config);`
177	`if ($link) {`	189	`if ($link) {`
178	`$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";`	190	`$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";`
179	`$res = @da_sql_query($link,$config, $sql);`	191	`$res = @da_sql_query($link,$config, $sql);`
180	`}`	192	`}`
181	`$email_check = da_sql_num_rows($res,$config);`	193	`$email_check = da_sql_num_rows($res,$config);`
182	`da_sql_close($link,$config);`	194	`da_sql_close($link,$config);`
183	`if($login_check > 0) { // user already exist`	195	`if($login_check > 0) { // user already exist`
184	`echo "<b>$l_Email_already_used</b><br />\n";`	196	`echo "<b>$l_Email_already_used</b><br />\n";`
185	`} else if($email_check > 0) { // email already used`	197	`} else if($email_check > 0) { // email already used`
186	`echo "<b>$l_Email_already_used</b><br />\n";`	198	`echo "<b>$l_Email_already_used</b><br />\n";`
187	`} else {`	199	`} else {`
188	`$password = GenPassword();`	200	`$password = GenPassword();`
189		201
190	`// if we want to enrich the new user profile`	202	`// if we want to enrich the new user profile`
191	`/* $Fcn = "$prenom".".$nom";`	203	`/* $Fcn = "$prenom".".$nom";`
192	`$Fou = "";`	204	`$Fou = "";`
193	`$Fhomephone = "";`	205	`$Fhomephone = "";`
194	`$Ftelephonenumber = "";`	206	`$Ftelephonenumber = "";`
195	`$Fmobile = "";`	207	`$Fmobile = "";`
196	`*/`	208	`*/`
197	`$link = da_sql_pconnect($config);`	209	`$link = da_sql_pconnect($config);`
198	`if ($link){`	210	`if ($link){`
199	`mysqli_set_charset($link,"utf8");`	211	`mysqli_set_charset($link,"utf8");`
200	`if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){`	212	`if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){`
201	`include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");`	213	`include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");`
202		214
203	`$passwd = da_encrypt($password);`	215	`$passwd = da_encrypt($password);`
204	`$passwd = da_sql_escape_string($link, $passwd);`	216	`$passwd = da_sql_escape_string($link, $passwd);`
205	`$res = da_sql_query($link,$config,`	217	`$res = da_sql_query($link,$config,`
206	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`	218	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`
207	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`	219	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`
208	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`	220	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`
209	`echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";`	221	`echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";`
210	`$da_abort=1;`	222	`$da_abort=1;`
211	`}`	223	`}`
212		224
213	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`	225	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`
214	`$res = da_sql_query($link,$config,`	226	`$res = da_sql_query($link,$config,`
215	`"SELECT username FROM $config[sql_user_info_table] WHERE`	227	`"SELECT username FROM $config[sql_user_info_table] WHERE`
216	`username = '$login';");`	228	`username = '$login';");`
217	`if ($res){`	229	`if ($res){`
218	`if (!da_sql_num_rows($res,$config)){`	230	`if (!da_sql_num_rows($res,$config)){`
219	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`	231	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`
220	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`	232	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`
221	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`	233	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`
222	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`	234	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`
223	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`	235	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`
224	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`	236	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`
225	`$res = da_sql_query($link,$config,`	237	`$res = da_sql_query($link,$config,`
226	`"INSERT INTO $config[sql_user_info_table]`	238	`"INSERT INTO $config[sql_user_info_table]`
227	`(username,name,mail,department,homephone,workphone,mobile) VALUES`	239	`(username,name,mail,department,homephone,workphone,mobile) VALUES`
228	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`	240	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`
229	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	241	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
230	`// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.`	242	`// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.`
231	`echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";`	243	`echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";`
232	`}`	244	`}`
233	`else`	245	`else`
234	`echo "<b>User already exist</b><br />\n";`	246	`echo "<b>User already exist</b><br />\n";`
235	`}`	247	`}`
236	`else`	248	`else`
237	`echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";`	249	`echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";`
238	`}`	250	`}`
239	`// if the new user must be in a group`	251	`// if the new user must be in a group`
240	`if (isset($Fgroup) && $Fgroup != ''){`	252	`if (isset($Fgroup) && $Fgroup != ''){`
241	`$Fgroup = da_sql_escape_string($link, $Fgroup);`	253	`$Fgroup = da_sql_escape_string($link, $Fgroup);`
242	`$res = da_sql_query($link,$config,`	254	`$res = da_sql_query($link,$config,`
243	`"SELECT username FROM $config[sql_usergroup_table]`	255	`"SELECT username FROM $config[sql_usergroup_table]`
244	`WHERE username = '$login' AND groupname = '$Fgroup';");`	256	`WHERE username = '$login' AND groupname = '$Fgroup';");`
245	`if ($res){`	257	`if ($res){`
246	`if (!da_sql_num_rows($res,$config)){`	258	`if (!da_sql_num_rows($res,$config)){`
247	`$res = da_sql_query($link,$config,`	259	`$res = da_sql_query($link,$config,`
248	`"INSERT INTO $config[sql_usergroup_table]`	260	`"INSERT INTO $config[sql_usergroup_table]`
249	`(username,groupname) VALUES ('$login','$Fgroup');");`	261	`(username,groupname) VALUES ('$login','$Fgroup');");`
250	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	262	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
251	`echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";`	263	`echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";`
252	`}`	264	`}`
253	`else`	265	`else`
254	`echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";`	266	`echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";`
255	`}`	267	`}`
256	`else`	268	`else`
257	`echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";`	269	`echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";`
258	`}`	270	`}`
259	`// Creation of the email with the new user login & passwd`	271	`// Creation of the email with the new user login & passwd`
260	`$ip = $_SERVER['REMOTE_ADDR'];`	272	`$ip = $_SERVER['REMOTE_ADDR'];`
261	`$time = date_create('now')->format('d-m-Y H:i:s');`	273	`$time = date_create('now')->format('d-m-Y H:i:s');`
262	`$domain = $conf["DOMAIN"];`	274	`$domain = $conf["DOMAIN"];`
263	`$hostname = $conf["HOSTNAME"];`	275	`$hostname = $conf["HOSTNAME"];`
264	`$to = $Fmail;`	276	`$to = $Fmail;`
265	`if ($typeMail == "3") { // using an existing @mail`	277	`if ($typeMail == "3") { // using an existing @mail`
266	`$from = $fromMail; }`	278	`$from = $fromMail; }`
267	`else {`	279	`else {`
268	`$from = "administrator";`	280	`$from = "administrator";`
269	`}`	281	`}`
270	`$subject = $l_subject;`	282	`$subject = $l_subject;`
271	`$message = "<!DOCTYPE html>`	283	`$message = "<!DOCTYPE html>`
272	`<html>`	284	`<html>`
273	`<head>`	285	`<head>`
274	`<meta charset=\"utf-8\">`	286	`<meta charset=\"utf-8\">`
275	`</head>`	287	`</head>`
276	`<body>`	288	`<body>`
277	`$l_hello,<br/>`	289	`$l_hello,<br/>`
278	`<p>$l_automatic_mail<br/>`	290	`<p>$l_automatic_mail<br/>`
279	`<h3>$l_login</h3>`	291	`<h3>$l_login</h3>`
280	`<pre>`	292	`<pre>`
281	`Login : $login`	293	`Login : $login`
282	`$l_password : $password`	294	`$l_password : $password`
283	`</pre>`	295	`</pre>`
284	`</body>`	296	`</body>`
285	`</html>";`	297	`</html>";`
286	`$header = "From: $from\n";`	298	`$header = "From: $from\n";`
287	`$header .= "MIME-Version: 1.0\n";`	299	`$header .= "MIME-Version: 1.0\n";`
288	`$header .= "Content-type: text/html; charset=utf-8\n";`	300	`$header .= "Content-type: text/html; charset=utf-8\n";`
289	`if(mail($to, $subject, $message, $header)){`	301	`if(mail($to, $subject, $message, $header)){`
290	`echo "<center>success : <b>$l_mail_success</b><br>";`	302	`echo "<center>success : <b>$l_mail_success</b><br>";`
291	`if (!empty($adminMail)){ // Creation of the email for the administrator (if enabled)`	303	`if (!empty($adminMail)){ // Creation of the email for the administrator (if enabled)`
292	`$to = $adminMail;`	304	`$to = $adminMail;`
293	`$subject = "New registration on ALCASAR";`	305	`$subject = "New registration on ALCASAR";`
294	`$message = "<!DOCTYPE html>`	306	`$message = "<!DOCTYPE html>`
295	`<html>`	307	`<html>`
296	`<head>`	308	`<head>`
297	`<meta charset=\"utf-8\">`	309	`<meta charset=\"utf-8\">`
298	`</head>`	310	`</head>`
299	`<body>`	311	`<body>`
300	`Hello,<br>`	312	`Hello,<br>`
301	`<p>$l_automatic_mail<br>`	313	`<p>$l_automatic_mail<br>`
302	`<h3>A new registration on ALCASAR '$organism' has been made :</h3>`	314	`<h3>A new registration on ALCASAR '$organism' has been made :</h3>`
303	`<pre>`	315	`<pre>`
304	`@IP : $ip`	316	`@IP : $ip`
305	`Hour : $time`	317	`Hour : $time`
306	`Login : $login`	318	`Login : $login`
307	`Email : $Fmail`	319	`Email : $Fmail`
308	`</pre>`	320	`</pre>`
309	`</body>`	321	`</body>`
310	`</html>";`	322	`</html>";`
311	`mail($to, $subject, $message, $header);`	323	`mail($to, $subject, $message, $header);`
312	`}`	324	`}`
313	`} else {`	325	`} else {`
314	`// On smtp error, we remove the new user`	326	`// On smtp error, we remove the new user`
315	`$link = da_sql_pconnect($config);`	327	`$link = da_sql_pconnect($config);`
316	`$res2 = da_sql_query($link,$config,`	328	`$res2 = da_sql_query($link,$config,`
317	`"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");`	329	`"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");`
318	`$res3 = da_sql_query($link,$config,`	330	`$res3 = da_sql_query($link,$config,`
319	`"DELETE FROM $config[sql_check_table] WHERE username = '$login';");`	331	`"DELETE FROM $config[sql_check_table] WHERE username = '$login';");`
320	`echo "<b>$l_mail_error</b><br />\n";`	332	`echo "<b>$l_mail_error</b><br />\n";`
321	`}`	333	`}`
322	`}`	334	`}`
323	`else // Could not open encryption library file`	335	`else // Could not open encryption library file`
324	`echo "<b>Error during the account creation process</b><br />\n";`	336	`echo "<b>Error during the account creation process</b><br />\n";`
325	`}`	337	`}`
326	`else // Could not connect to SQL database`	338	`else // Could not connect to SQL database`
327	`echo "<b>Error during the account creation process</b><br />\n";`	339	`echo "<b>Error during the account creation process</b><br />\n";`
328	`da_sql_close($link,$config);`	340	`da_sql_close($link,$config);`
329	`}`	341	`}`
330	`}`	342	`}`
331	`?>`	343	`?>`
332		344

Subversion Repositories ALCASAR

(root)/web/email_registration_back.php – Rev 3062 → 3070