Subversion Repositories ALCASAR

Rev

Rev 3026 | Rev 3038 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2990 rexy 1
<?php 
2
 
3003 rexy 3
/************************************************************************
4
*						ALCASAR INSCRIPTION								*
5
*																		*
3022 rexy 6
*	By K@M3L & T3RRY LaPlateforme
7
*	By Rexy																*
3003 rexy 8
*																		*
9
*	Partie back de la page d'inscription des utilisateurs				*
10
*	Récupère les infos de "email_registration_front.php					*
11
*	- Lit le fichier de configuration /usr/local/etc/alcasar.conf		*
3011 rexy 12
*	- Verifie si le login est déjà présent dans la table "radcheck"		*
13
*	- Vérifie si l'@ mail est présent dans la table "userinfo"			*
3003 rexy 14
*	- Vérifie que le domaine du mail est bien WLD (optionnel)			*
3011 rexy 15
*	- Crée l'utilisateur avec un mot de passe aléatoire					*
16
*	- Envoi l'email à l'utilisaeur et à l'admin avec date et IP			*
3003 rexy 17
*																		*
18
*************************************************************************/
2990 rexy 19
 
3022 rexy 20
/****************************************************************
21
*			GLOBAL FILE PATHS			*
22
*****************************************************************/
23
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
24
/****************************************************************
25
*			Conf files reading test			*
26
*****************************************************************/
27
$conf_files = array(CONF_FILE);
28
foreach ($conf_files as $file) {
29
	if (!file_exists($file)) {
30
		exit("Fichier $file non présent");
31
	}
32
	if (!is_readable($file)) {
33
		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
34
	}
35
}
36
/****************************************************************
37
*			Read CONF_FILE				*
38
*****************************************************************/
39
$file_conf = fopen(CONF_FILE, 'r');
40
if (!$file_conf) {
41
	exit('Error opening the file '.CONF_FILE);
42
}
43
while (!feof($file_conf)) {
44
	$buffer = fgets($file_conf, 4096);
45
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
46
		$tmp = explode('=', $buffer, 2);
47
		$conf[trim($tmp[0])] = trim($tmp[1]);
48
	}
49
}
50
fclose($file_conf);
51
$whiteDomain	= explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));
3026 rexy 52
$adminMail		= $conf['MAIL_ADMIN'];
3037 rexy 53
$typeMail		= $conf['MAIL_TYPE'];
54
$fromMail		= $conf['MAIL_ADDR'];
3022 rexy 55
 
56
/****************************************
57
*			Choice of language			*
58
*****************************************/
3011 rexy 59
$Language = 'en';
60
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
61
	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
62
	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
63
}
64
if ($Language === 'fr') {
65
	$l_invalid_Email = "L'adresse email est invalide";
66
	$l_domain = "Le domaine";
67
	$l_not_authorized = "n'est pas autorisé";
68
	$l_Email_already_used = "Cette adresse email est déjà utilisée.";
3022 rexy 69
	$l_subject = "Activation de votre compte ALCASAR";
70
	$l_hello = "Bonjour";
71
	$l_automatic_mail = "Ceci est un e-mail automatique provenant d'un portail ALCASAR";
72
	$l_login = "Vos indentifiants de connexion :";
73
	$l_email = "Adresse e-mail";
74
	$l_password = "Mot de passe";
75
	$l_go_home = "Rendez-vous sur la page d'accueil";
76
	$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";
3011 rexy 77
} else {
78
	$l_invalid_Email = "Invalid Email address";
79
	$l_domain = "The domain";
80
	$l_not_authorized = "is not authorized";
81
	$l_Email_already_used = "This Email address is already used.";
3022 rexy 82
	$l_subject = "Activation of your ALCASAR account";
83
	$l_hello = "Hello";
84
	$l_automatic_mail = "This is an automatic e-mail from an ALCASAR portal";
85
	$l_login = "Your login credentials :";
86
	$l_email = "e-mail address";
87
	$l_password = "Password";
88
	$l_go_home = "Go to the home page";
89
	$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";
3011 rexy 90
}
91
 
2990 rexy 92
if (is_file("acc/manager/lib/langues.php"))
93
	include("acc/manager/lib/langues.php");
94
 
95
if(!isset($create)) $create=0;
96
if(!isset($show)) $show=0;
97
if(!isset($login)) $login = '';
98
if(!isset($cn)) $cn = '';
99
if(!isset($mail)) $mail = '';
100
if(!isset($langue_imp)) $langue_imp = '';
101
if(!isset($selected)) $selected = array();
102
if(!isset($selected['='])) $selected['='] = '';
103
 
104
require('/etc/freeradius-web/config.php');
105
require('acc/manager/lib/attrshow.php');
106
require('acc/manager/lib/defaults.php');
107
 
108
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
109
	$colspan = 2;
110
	$show_ops = 1;
111
	require('acc/manager/lib/operators.php');
112
} else {
113
	$show_ops = 0;
114
	$colspan = 1;
115
}
116
 
117
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
118
	require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
119
else{
120
	echo "<b>Could not include SQL library</b><br />\n";
121
	exit();
122
}
123
 
124
require('acc/manager/lib/functions.php');
125
if ($config['sql_use_operators'] == 'true'){
126
	include_once("acc/manager/lib/operators.php");
127
	$text = ',op';
128
	$passwd_op = ",':='";
129
}
130
 
131
$da_abort=0;
132
$op_val2 = '';
133
 
134
function GenPassword($nb_car="8")
135
{
136
// Random password
137
	$password = "";
138
	$chaine  = "aAzZeErRtTyYuUIopP152346897mMLkK";
139
	$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
140
	while($nb_car != 0) {
141
		//$i = rand(0,71);
142
		// Bug corrigé
143
		$i = rand(0,66);
144
		$password .= $chaine[$i];
145
		$nb_car--;
146
	}
147
	return $password;
148
}
149
 
150
if(isset($_POST['Fmail'])){
151
	extract($_POST);
152
	$Fmail = htmlentities(strtolower(trim($Fmail)));
153
	if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){  
3011 rexy 154
		echo "<b>$l_invalid_Email</b><br />\n";
2990 rexy 155
		exit();
156
	}
157
 
3022 rexy 158
	// Retrieve the domainName of the new user
2990 rexy 159
	list($user, $domain) = explode('@', $Fmail);
160
 
3022 rexy 161
	// check if the domainName is in the whitelist
2990 rexy 162
	if (!empty($whiteDomain)){
163
		if (!in_array($domain, $whiteDomain)){
3011 rexy 164
			echo "$l_domain $domain $l_not_authorized";
2990 rexy 165
			exit();
166
		}
167
	}
168
	$login  = $Fmail;
169
 
3022 rexy 170
	// check if the new user already exist
2990 rexy 171
	$link = @da_sql_pconnect($config);
172
	if ($link) {
173
		$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
174
		$res = @da_sql_query($link,$config, $sql);
175
	}
3022 rexy 176
	$login_check = da_sql_num_rows($res,$config);
177
	da_sql_close($link,$config);
2990 rexy 178
 
3022 rexy 179
	// check if the new user is already in the profile of an existing user 
2990 rexy 180
	$link = @da_sql_pconnect($config);
181
	if ($link) {
182
		$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
183
		$res = @da_sql_query($link,$config, $sql);
184
	}
3022 rexy 185
	$email_check = da_sql_num_rows($res,$config);
186
	da_sql_close($link,$config);
187
	if($login_check > 0) { // user already exist
3011 rexy 188
		echo "<b>$l_Email_already_used</b><br />\n";
3022 rexy 189
	} else if($email_check > 0) { // email already used
3011 rexy 190
		echo "<b>$l_Email_already_used</b><br />\n";
2990 rexy 191
	} else {
192
		$password = GenPassword();
193
 
3022 rexy 194
		// if we want to enrich the new user profile
2990 rexy 195
/*		$Fcn = "$prenom".".$nom";
196
		$Fou = "";
197
		$Fhomephone = "";
198
		$Ftelephonenumber = "";
199
		$Fmobile = "";
200
*/
201
		$link = da_sql_pconnect($config);
202
		if ($link){
203
			mysqli_set_charset($link,"utf8");
204
			if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
205
				include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
206
 
207
				$passwd = da_encrypt($password);
208
				$passwd = da_sql_escape_string($link, $passwd);
209
				$res = da_sql_query($link,$config,
210
				"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
211
				VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
212
				if (!$res || !da_sql_affected_rows($link,$res,$config)){
213
					echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
214
					$da_abort=1;
215
				}
216
 
217
				if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
218
					$res = da_sql_query($link,$config,
219
					"SELECT username FROM $config[sql_user_info_table] WHERE
220
					username = '$login';");
221
					if ($res){
222
						if (!da_sql_num_rows($res,$config)){
223
							$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
224
							$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
225
							$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
226
							$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
227
							$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
228
							$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
229
							$res = da_sql_query($link,$config,
230
							"INSERT INTO $config[sql_user_info_table]
231
							(username,name,mail,department,homephone,workphone,mobile) VALUES
232
							('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
233
							if (!$res || !da_sql_affected_rows($link,$res,$config))
234
								// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
235
								echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
236
						}
237
						else
3022 rexy 238
							echo "<b>User already exist</b><br />\n";
2990 rexy 239
					}
240
					else
241
						echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
242
				}
3022 rexy 243
				// if the new user must be in a group
2990 rexy 244
				if (isset($Fgroup) && $Fgroup != ''){
245
					$Fgroup = da_sql_escape_string($link, $Fgroup);
246
					$res = da_sql_query($link,$config,
247
					"SELECT username FROM $config[sql_usergroup_table]
248
					WHERE username = '$login' AND groupname = '$Fgroup';");
249
					if ($res){
250
						if (!da_sql_num_rows($res,$config)){
251
							$res = da_sql_query($link,$config,
252
							"INSERT INTO $config[sql_usergroup_table]
253
							(username,groupname) VALUES ('$login','$Fgroup');");
254
							if (!$res || !da_sql_affected_rows($link,$res,$config))
255
								echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
256
						}
257
						else
258
							echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
259
					}
260
					else
261
						echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
262
				}
3022 rexy 263
/*
2990 rexy 264
				if (!$da_abort){
265
					if (isset($Fgroup) && $Fgroup != '')
266
						require('acc/manager/lib/defaults.php');
267
					foreach($show_attrs as $key => $attr){
268
						if ($attrmap["$key"] == 'none')
269
							continue;
270
						if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
271
							continue;
272
						if ($attrmap["$key"] == ''){
273
							$attrmap["$key"] = $key;
274
							$attr_type["$key"] = 'replyItem';
275
							$rev_attrmap["$key"] = $key;
276
						}
277
						if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
278
							$table = "$config[sql_check_table]";
279
							$type = 1;
280
						}
281
						else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
282
							$table = "$config[sql_reply_table]";
283
							$type = 2;
284
						}
285
						$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
286
						$val = da_sql_escape_string($link, $val);
287
						$op_name = $attrmap["$key"] . '_op';
288
						$op_val = (isset($$op_name)) ? $$op_name : '';
289
						if ($op_val != ''){
290
							$op_val = da_sql_escape_string($link, $op_val);
291
							if (check_operator($op_val,$type) == -1){
292
								echo "<b>Invalid operator ($op_val) for attribute $key</b><br />\n";
293
								continue;
294
							}
295
							$op_val2 = ",'$op_val'";
296
						}
297
						$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
298
						if ($val == '' || $chkdef)
299
							continue;
300
						$sqlquery = "INSERT INTO $table (attribute,value,username $text)
301
							VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
302
						$res = da_sql_query($link,$config,$sqlquery);
303
						if (!$res || !da_sql_affected_rows($link,$res,$config))
304
							echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br />\n";
305
					}
306
				}
3022 rexy 307
*/
308
				// Creation of the email with the new user login & passwd
2990 rexy 309
				$ip = $_SERVER['REMOTE_ADDR'];
310
				$time = date_create('now')->format('d-m-Y H:i:s');
311
				$domain = $conf["DOMAIN"];
3022 rexy 312
				$hostname  = $conf["HOSTNAME"];
2990 rexy 313
				$to = $Fmail;
3037 rexy 314
				if ($typeMail == "3") { // using an existing @mail
315
					$from = $fromMail; }
316
				else {
317
					$from = "administrator";
318
				}
3022 rexy 319
				$subject = $l_subject;
2990 rexy 320
				$message = "<!DOCTYPE html>
321
						<html>
322
							<head>	
323
								<meta charset=\"UTF-8\" />
324
							</head>
325
							<body>
3022 rexy 326
								$l_hello,<br/><br/>
327
								<p>$l_automatic_mail ($hostname.$domain)<br/>
328
								<h4>$l_login</h4>
329
								<pre>
330
									$l_email : $Fmail 
331
									Login : $login
332
									$l_password : $password
333
								</pre>
334
								<p>$l_go_home : <a href=\"https://$hostname.$domain\"></a></p>
2990 rexy 335
							</body>
336
						</html>";
337
				$header = "From: $from\n";
338
				$header .= "MIME-Version: 1.0\n";
339
				$header .= "Content-type: text/html; charset=utf-8\n";
340
				if(mail($to, $subject, $message, $header)){
341
					echo "<center>success : <b>Vous y êtes presque ! $l_user '$login' $l_created</b></center><br />";
3037 rexy 342
					echo "<center>success : <b>Un email contenant vos informations de connexion vient d'être envoyé.</b></center><br />";
343
					echo "Info : to = $to ; header = $header<br />";
3022 rexy 344
					// Creation of the email for the administrator (if enabled)
3026 rexy 345
					if (!empty($adminMail)){
346
						$to = $adminMail;
347
						$from = "administrator";
3022 rexy 348
						$subject = "New registration on ALCASAR";
2990 rexy 349
						$message = "<!DOCTYPE html>
350
							<html>
351
								<head>	
352
									<meta charset=\"UTF-8\" />
353
								</head>
354
								<body>
3022 rexy 355
									Hello,<br/><br/>
356
									<p>This is an automatic e-mail from an ALCASAR portal.<br/>
357
									<h3>A new registration on <strong>$hostname.$domain</strong> has been made :</h3>
358
									<pre>
359
										@IP   :	$ip
360
										Hour :	$time
361
										Login :	$login
362
										Email :	$Fmail 
363
									</pre>
364
									<p><a href=\"https://$hostname\">$domain</a></p>
2990 rexy 365
								</body>
366
							</html>";
367
						$header = "From: $from\n";
368
						$header .= "MIME-Version: 1.0\n";
369
						$header .= "Content-type: text/html; charset=utf-8\n";
370
						mail($to, $subject, $message, $header);
371
					}
372
				} else {
3022 rexy 373
					// On smtp error, we remove the new user
374
					$link = da_sql_pconnect($config);
2990 rexy 375
					$res2 = da_sql_query($link,$config,
3022 rexy 376
						"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
2990 rexy 377
					$res3 = da_sql_query($link,$config,
378
						"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
3022 rexy 379
					echo "<b>$l_mail_error</b><br />\n";
2990 rexy 380
				}
381
			}
382
			else // Could not open encryption library file
3022 rexy 383
				echo "<b>Error during the account creation process</b><br />\n";
2990 rexy 384
		}
385
		else // Could not connect to SQL database
3022 rexy 386
			echo "<b>Error during the account creation process</b><br />\n";
387
		da_sql_close($link,$config);
2990 rexy 388
	}
389
}
390
?>