Subversion Repositories ALCASAR

Rev

Rev 3038 | Rev 3070 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2990 rexy 1
<?php 
2
 
3003 rexy 3
/************************************************************************
4
*						ALCASAR INSCRIPTION								*
5
*																		*
3022 rexy 6
*	By K@M3L & T3RRY LaPlateforme
7
*	By Rexy																*
3003 rexy 8
*																		*
9
*	Partie back de la page d'inscription des utilisateurs				*
10
*	Récupère les infos de "email_registration_front.php					*
11
*	- Lit le fichier de configuration /usr/local/etc/alcasar.conf		*
3011 rexy 12
*	- Verifie si le login est déjà présent dans la table "radcheck"		*
13
*	- Vérifie si l'@ mail est présent dans la table "userinfo"			*
3003 rexy 14
*	- Vérifie que le domaine du mail est bien WLD (optionnel)			*
3011 rexy 15
*	- Crée l'utilisateur avec un mot de passe aléatoire					*
16
*	- Envoi l'email à l'utilisaeur et à l'admin avec date et IP			*
3003 rexy 17
*																		*
18
*************************************************************************/
2990 rexy 19
 
3022 rexy 20
/****************************************************************
21
*			GLOBAL FILE PATHS			*
22
*****************************************************************/
23
define('CONF_FILE', '/usr/local/etc/alcasar.conf');
24
/****************************************************************
25
*			Conf files reading test			*
26
*****************************************************************/
27
$conf_files = array(CONF_FILE);
28
foreach ($conf_files as $file) {
29
	if (!file_exists($file)) {
30
		exit("Fichier $file non présent");
31
	}
32
	if (!is_readable($file)) {
33
		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
34
	}
35
}
36
/****************************************************************
37
*			Read CONF_FILE				*
38
*****************************************************************/
39
$file_conf = fopen(CONF_FILE, 'r');
40
if (!$file_conf) {
41
	exit('Error opening the file '.CONF_FILE);
42
}
43
while (!feof($file_conf)) {
44
	$buffer = fgets($file_conf, 4096);
45
	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
46
		$tmp = explode('=', $buffer, 2);
47
		$conf[trim($tmp[0])] = trim($tmp[1]);
48
	}
49
}
50
fclose($file_conf);
51
$whiteDomain	= explode(" ", strtolower(trim($conf['MAIL_WHITEDOMAIN'])));
3026 rexy 52
$adminMail		= $conf['MAIL_ADMIN'];
3037 rexy 53
$typeMail		= $conf['MAIL_TYPE'];
54
$fromMail		= $conf['MAIL_ADDR'];
3038 rexy 55
$organism		= $conf['ORGANISM'];
3022 rexy 56
 
57
/****************************************
58
*			Choice of language			*
59
*****************************************/
3011 rexy 60
$Language = 'en';
61
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
62
	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
63
	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
64
}
65
if ($Language === 'fr') {
3038 rexy 66
	$l_invalid_Email = "L'adresse e-mail est invalide";
3011 rexy 67
	$l_domain = "Le domaine";
68
	$l_not_authorized = "n'est pas autorisé";
3038 rexy 69
	$l_Email_already_used = "Cette adresse e-mail est déjà utilisée.";
3022 rexy 70
	$l_subject = "Activation de votre compte ALCASAR";
71
	$l_hello = "Bonjour";
3038 rexy 72
	$l_automatic_mail = "Ceci est un e-mail automatique provenant du portail ALCASAR : $organism";
73
	$l_login = "Voici vos indentifiants de connexion :";
3022 rexy 74
	$l_password = "Mot de passe";
3038 rexy 75
	$l_mail_success = "Un mot de passe vient d'être envoyé à votre adresse e-mail.";
3022 rexy 76
	$l_mail_error = "Erreur lors de l'envoi du mail. Renouvelez votre inscription ou contactez votre administrateur.";
3011 rexy 77
} else {
78
	$l_invalid_Email = "Invalid Email address";
79
	$l_domain = "The domain";
80
	$l_not_authorized = "is not authorized";
81
	$l_Email_already_used = "This Email address is already used.";
3022 rexy 82
	$l_subject = "Activation of your ALCASAR account";
83
	$l_hello = "Hello";
3038 rexy 84
	$l_automatic_mail = "This is an automatic e-mail from ALCASAR portal : $organism";
85
	$l_login = "Here are your login credentials :";
3022 rexy 86
	$l_password = "Password";
3038 rexy 87
	$l_mail_success = "A password has been sent to your e-mail address";
3022 rexy 88
	$l_mail_error = "Error while sending the email. Renew your registration or contact your administrator.";
3011 rexy 89
}
90
 
2990 rexy 91
if(!isset($create)) $create=0;
92
if(!isset($show)) $show=0;
93
if(!isset($login)) $login = '';
94
if(!isset($cn)) $cn = '';
95
if(!isset($mail)) $mail = '';
96
if(!isset($langue_imp)) $langue_imp = '';
97
if(!isset($selected)) $selected = array();
98
if(!isset($selected['='])) $selected['='] = '';
99
 
100
require('/etc/freeradius-web/config.php');
101
require('acc/manager/lib/attrshow.php');
102
require('acc/manager/lib/defaults.php');
103
 
104
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
105
	$colspan = 2;
106
	$show_ops = 1;
107
	require('acc/manager/lib/operators.php');
108
} else {
109
	$show_ops = 0;
110
	$colspan = 1;
111
}
112
 
113
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
114
	require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
115
else{
116
	echo "<b>Could not include SQL library</b><br />\n";
117
	exit();
118
}
119
 
120
require('acc/manager/lib/functions.php');
121
if ($config['sql_use_operators'] == 'true'){
122
	include_once("acc/manager/lib/operators.php");
123
	$text = ',op';
124
	$passwd_op = ",':='";
125
}
126
 
127
$da_abort=0;
128
$op_val2 = '';
129
 
130
function GenPassword($nb_car="8")
131
{
132
// Random password
133
	$password = "";
134
	$chaine  = "aAzZeErRtTyYuUIopP152346897mMLkK";
135
	$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
136
	while($nb_car != 0) {
137
		//$i = rand(0,71);
138
		// Bug corrigé
139
		$i = rand(0,66);
140
		$password .= $chaine[$i];
141
		$nb_car--;
142
	}
143
	return $password;
144
}
145
 
146
if(isset($_POST['Fmail'])){
147
	extract($_POST);
148
	$Fmail = htmlentities(strtolower(trim($Fmail)));
149
	if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){  
3011 rexy 150
		echo "<b>$l_invalid_Email</b><br />\n";
2990 rexy 151
		exit();
152
	}
153
 
3022 rexy 154
	// Retrieve the domainName of the new user
2990 rexy 155
	list($user, $domain) = explode('@', $Fmail);
156
 
3022 rexy 157
	// check if the domainName is in the whitelist
2990 rexy 158
	if (!empty($whiteDomain)){
159
		if (!in_array($domain, $whiteDomain)){
3011 rexy 160
			echo "$l_domain $domain $l_not_authorized";
2990 rexy 161
			exit();
162
		}
163
	}
164
	$login  = $Fmail;
165
 
3022 rexy 166
	// check if the new user already exist
2990 rexy 167
	$link = @da_sql_pconnect($config);
168
	if ($link) {
169
		$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
170
		$res = @da_sql_query($link,$config, $sql);
171
	}
3022 rexy 172
	$login_check = da_sql_num_rows($res,$config);
173
	da_sql_close($link,$config);
2990 rexy 174
 
3022 rexy 175
	// check if the new user is already in the profile of an existing user 
2990 rexy 176
	$link = @da_sql_pconnect($config);
177
	if ($link) {
178
		$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
179
		$res = @da_sql_query($link,$config, $sql);
180
	}
3022 rexy 181
	$email_check = da_sql_num_rows($res,$config);
182
	da_sql_close($link,$config);
183
	if($login_check > 0) { // user already exist
3011 rexy 184
		echo "<b>$l_Email_already_used</b><br />\n";
3022 rexy 185
	} else if($email_check > 0) { // email already used
3011 rexy 186
		echo "<b>$l_Email_already_used</b><br />\n";
2990 rexy 187
	} else {
188
		$password = GenPassword();
189
 
3022 rexy 190
		// if we want to enrich the new user profile
2990 rexy 191
/*		$Fcn = "$prenom".".$nom";
192
		$Fou = "";
193
		$Fhomephone = "";
194
		$Ftelephonenumber = "";
195
		$Fmobile = "";
196
*/
197
		$link = da_sql_pconnect($config);
198
		if ($link){
199
			mysqli_set_charset($link,"utf8");
200
			if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
201
				include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
202
 
203
				$passwd = da_encrypt($password);
204
				$passwd = da_sql_escape_string($link, $passwd);
205
				$res = da_sql_query($link,$config,
206
				"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
207
				VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
208
				if (!$res || !da_sql_affected_rows($link,$res,$config)){
209
					echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
210
					$da_abort=1;
211
				}
212
 
213
				if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
214
					$res = da_sql_query($link,$config,
215
					"SELECT username FROM $config[sql_user_info_table] WHERE
216
					username = '$login';");
217
					if ($res){
218
						if (!da_sql_num_rows($res,$config)){
219
							$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
220
							$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
221
							$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
222
							$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
223
							$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
224
							$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
225
							$res = da_sql_query($link,$config,
226
							"INSERT INTO $config[sql_user_info_table]
227
							(username,name,mail,department,homephone,workphone,mobile) VALUES
228
							('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
229
							if (!$res || !da_sql_affected_rows($link,$res,$config))
230
								// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
231
								echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
232
						}
233
						else
3022 rexy 234
							echo "<b>User already exist</b><br />\n";
2990 rexy 235
					}
236
					else
237
						echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
238
				}
3022 rexy 239
				// if the new user must be in a group
2990 rexy 240
				if (isset($Fgroup) && $Fgroup != ''){
241
					$Fgroup = da_sql_escape_string($link, $Fgroup);
242
					$res = da_sql_query($link,$config,
243
					"SELECT username FROM $config[sql_usergroup_table]
244
					WHERE username = '$login' AND groupname = '$Fgroup';");
245
					if ($res){
246
						if (!da_sql_num_rows($res,$config)){
247
							$res = da_sql_query($link,$config,
248
							"INSERT INTO $config[sql_usergroup_table]
249
							(username,groupname) VALUES ('$login','$Fgroup');");
250
							if (!$res || !da_sql_affected_rows($link,$res,$config))
251
								echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
252
						}
253
						else
254
							echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
255
					}
256
					else
257
						echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
258
				}
3022 rexy 259
				// Creation of the email with the new user login & passwd
2990 rexy 260
				$ip = $_SERVER['REMOTE_ADDR'];
261
				$time = date_create('now')->format('d-m-Y H:i:s');
262
				$domain = $conf["DOMAIN"];
3022 rexy 263
				$hostname  = $conf["HOSTNAME"];
2990 rexy 264
				$to = $Fmail;
3037 rexy 265
				if ($typeMail == "3") { // using an existing @mail
266
					$from = $fromMail; }
267
				else {
268
					$from = "administrator";
269
				}
3022 rexy 270
				$subject = $l_subject;
2990 rexy 271
				$message = "<!DOCTYPE html>
3038 rexy 272
<html>
3062 rexy 273
	<head>
274
		<meta charset=\"utf-8\">
3038 rexy 275
	</head>
276
		<body>
277
			$l_hello,<br/>
278
			<p>$l_automatic_mail<br/>
279
			<h3>$l_login</h3>
280
			<pre>
281
				Login : $login
282
				$l_password : $password
283
			</pre>
284
		</body>
285
</html>";
2990 rexy 286
				$header = "From: $from\n";
287
				$header .= "MIME-Version: 1.0\n";
288
				$header .= "Content-type: text/html; charset=utf-8\n";
289
				if(mail($to, $subject, $message, $header)){
3038 rexy 290
					echo "<center>success : <b>$l_mail_success</b><br>";
291
					if (!empty($adminMail)){ // Creation of the email for the administrator (if enabled)
3026 rexy 292
						$to = $adminMail;
3022 rexy 293
						$subject = "New registration on ALCASAR";
2990 rexy 294
						$message = "<!DOCTYPE html>
3038 rexy 295
<html>
3062 rexy 296
	<head>
297
		<meta charset=\"utf-8\">
3038 rexy 298
	</head>
299
	<body>
3062 rexy 300
		Hello,<br>
301
		<p>$l_automatic_mail<br>
3038 rexy 302
		<h3>A new registration on ALCASAR '$organism' has been made :</h3>
303
		<pre>
304
			@IP   : $ip
305
			Hour  : $time
306
			Login : $login
307
			Email : $Fmail
308
		</pre>
309
	</body>
310
</html>";
2990 rexy 311
						mail($to, $subject, $message, $header);
312
					}
313
				} else {
3022 rexy 314
					// On smtp error, we remove the new user
315
					$link = da_sql_pconnect($config);
2990 rexy 316
					$res2 = da_sql_query($link,$config,
3022 rexy 317
						"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
2990 rexy 318
					$res3 = da_sql_query($link,$config,
319
						"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
3022 rexy 320
					echo "<b>$l_mail_error</b><br />\n";
2990 rexy 321
				}
322
			}
323
			else // Could not open encryption library file
3022 rexy 324
				echo "<b>Error during the account creation process</b><br />\n";
2990 rexy 325
		}
326
		else // Could not connect to SQL database
3022 rexy 327
			echo "<b>Error during the account creation process</b><br />\n";
328
		da_sql_close($link,$config);
2990 rexy 329
	}
330
}
331
?>