WebSVN – ALCASAR – Diff – /web/acc/manager/lib/sql/create_user.php


<?php
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
else{
	echo "<b>Could not include SQL library</b><br>\n";
	exit();
}
include_once('../lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
	include_once("../lib/operators.php");
	$text = ',op';
	$passwd_op = ",':='";
}
 
$da_abort=0;
$op_val2 = '';
$link = da_sql_pconnect($config);
if ($link){
	mysqli_set_charset($link,"utf8");
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
		include_once("../lib/crypt/$config[general_encryption_method].php");
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
		//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
		if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
			$user_ip = exec('sudo chilli_query list | grep '.escapeshellarg($login)." |  cut -d' ' -f2");
			//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
			if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
				exec('sudo chilli_query authorize mac '.escapeshellarg($login));
			}
		}
 
		/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
		$passwd_imp = $passwd;
		/*Fin Ajout*/
		$passwd = da_encrypt($passwd);
		$passwd = da_sql_escape_string($link, $passwd);
		$res = da_sql_query($link,$config,
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
			$da_abort=1;
		}
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_user_info_table] WHERE
			username = '$login';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_user_info_table]
					(username,name,mail,department,homephone,workphone,mobile) VALUES
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
				}
				else
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
			}
			else
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (isset($Fgroup) && $Fgroup != ''){
			$Fgroup = da_sql_escape_string($link, $Fgroup);
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_usergroup_table]
			WHERE username = '$login' AND groupname = '$Fgroup';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_usergroup_table]
					(username,groupname) VALUES ('$login','$Fgroup');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
				}
				else
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
			}
			else
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (!$da_abort){
			if (isset($Fgroup) && $Fgroup != '')
				require('../lib/defaults.php');
			foreach($show_attrs as $key => $attr){
				if ($attrmap["$key"] == 'none')
					continue;
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
					continue;
				if ($attrmap["$key"] == ''){
					$attrmap["$key"] = $key;
					$attr_type["$key"] = 'replyItem';
					$rev_attrmap["$key"] = $key;
				}
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
					$table = "$config[sql_check_table]";
					$type = 1;
				}
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
					$table = "$config[sql_reply_table]";
					$type = 2;
				}
				$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
				/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
				if($key == "Session-Timeout") $sto_imp = $val;
				if($key == "Max-All-Session") $mas_imp = $val;
				if($key == "Max-Daily-Session") $mds_imp = $val;
				if($key == "Max-Monthly-Session") $mms_imp = $val;
				/*Fin Ajout*/
				$val = da_sql_escape_string($link, $val);
				$op_name = $attrmap["$key"] . '_op';
				$op_val = (isset($$op_name)) ? $$op_name : '';
				if ($op_val != ''){
					$op_val = da_sql_escape_string($link, $op_val);
					if (check_operator($op_val,$type) == -1){
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
						continue;
					}
					$op_val2 = ",'$op_val'";
				}
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
				if ($val == '' || $chkdef)
					continue;
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
				$res = da_sql_query($link,$config,$sqlquery);
				if (!$res || !da_sql_affected_rows($link,$res,$config))
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
			}
		}
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
	}
	else
		echo "<b>Could not open encryption library file</b><br>\n";
}
else
	echo "<b>Could not connect to SQL database</b><br>\n";
?>
 

Subversion Repositories ALCASAR

(root)/web/acc/manager/lib/sql/create_user.php @ 2698 – Rev 2299 → 2384

Rev 2299		Rev 2384
1	`<?php`	1	`<?php`
2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`	2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`
3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`	3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`
4	`else{`	4	`else{`
5	`echo "<b>Could not include SQL library</b><br>\n";`	5	`echo "<b>Could not include SQL library</b><br>\n";`
6	`exit();`	6	`exit();`
7	`}`	7	`}`
8	`include_once('../lib/functions.php');`	8	`include_once('../lib/functions.php');`
9	`if ($config['sql_use_operators'] == 'true'){`	9	`if ($config['sql_use_operators'] == 'true'){`
10	`include_once("../lib/operators.php");`	10	`include_once("../lib/operators.php");`
11	`$text = ',op';`	11	`$text = ',op';`
12	`$passwd_op = ",':='";`	12	`$passwd_op = ",':='";`
13	`}`	13	`}`
-		14
14	`$da_abort=0;`	15	`$da_abort=0;`
15	`$op_val2 = '';`	16	`$op_val2 = '';`
16	`$link = da_sql_pconnect($config);`	17	`$link = da_sql_pconnect($config);`
17	`if ($link){`	18	`if ($link){`
18	`mysqli_set_charset($link,"utf8");`	19	`mysqli_set_charset($link,"utf8");`
19	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`	20	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`
20	`include_once("../lib/crypt/$config[general_encryption_method].php");`	21	`include_once("../lib/crypt/$config[general_encryption_method].php");`
21		-
22	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`	-
23	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`	-
24	`$output = array();`	-
25	`if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:\|\-]?){6}/', $login))`	-
26	`{`	-
27	`exec("sudo chilli_query list \| grep ".escapeshellarg($login)." \| cut -d' ' -f2", $output);`	-
28	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`	-
29	`if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false )`	-
30	`{`	-
31	`exec("sudo chilli_query dhcp-release ".escapeshellarg($login)); //dhcp-down`	-
32	`}`	-
33	`}`	-
34	`unset($output);`	-
35		22
-		23	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`
-		24	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`
-		25	`if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:\|\-]?){6}$/', $login)) {`
-		26	`$user_ip = exec('sudo chilli_query list \| grep '.escapeshellarg($login)." \| cut -d' ' -f2");`
-		27	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`
-		28	`if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {`
-		29	`exec('sudo chilli_query authorize mac '.escapeshellarg($login));`
-		30	`}`
-		31	`}`
36		32
37	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`	33	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`
38	`$passwd_imp = $passwd;`	34	`$passwd_imp = $passwd;`
39	`/Fin Ajout/`	35	`/Fin Ajout/`
40	`$passwd = da_encrypt($passwd);`	36	`$passwd = da_encrypt($passwd);`
41	`$passwd = da_sql_escape_string($link, $passwd);`	37	`$passwd = da_sql_escape_string($link, $passwd);`
42	`$res = da_sql_query($link,$config,`	38	`$res = da_sql_query($link,$config,`
43	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`	39	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`
44	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`	40	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`
45	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`	41	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`
46	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`	42	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`
47	`$da_abort=1;`	43	`$da_abort=1;`
48	`}`	44	`}`
49	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`	45	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`
50	`$res = da_sql_query($link,$config,`	46	`$res = da_sql_query($link,$config,`
51	`"SELECT username FROM $config[sql_user_info_table] WHERE`	47	`"SELECT username FROM $config[sql_user_info_table] WHERE`
52	`username = '$login';");`	48	`username = '$login';");`
53	`if ($res){`	49	`if ($res){`
54	`if (!da_sql_num_rows($res,$config)){`	50	`if (!da_sql_num_rows($res,$config)){`
55	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`	51	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`
56	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`	52	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`
57	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`	53	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`
58	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`	54	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`
59	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`	55	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`
60	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`	56	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`
61	`$res = da_sql_query($link,$config,`	57	`$res = da_sql_query($link,$config,`
62	`"INSERT INTO $config[sql_user_info_table]`	58	`"INSERT INTO $config[sql_user_info_table]`
63	`(username,name,mail,department,homephone,workphone,mobile) VALUES`	59	`(username,name,mail,department,homephone,workphone,mobile) VALUES`
64	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`	60	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`
65	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	61	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
66	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	62	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
67	`}`	63	`}`
68	`else`	64	`else`
69	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`	65	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`
70	`}`	66	`}`
71	`else`	67	`else`
72	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	68	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
73	`}`	69	`}`
74	`if (isset($Fgroup) && $Fgroup != ''){`	70	`if (isset($Fgroup) && $Fgroup != ''){`
75	`$Fgroup = da_sql_escape_string($link, $Fgroup);`	71	`$Fgroup = da_sql_escape_string($link, $Fgroup);`
76	`$res = da_sql_query($link,$config,`	72	`$res = da_sql_query($link,$config,`
77	`"SELECT username FROM $config[sql_usergroup_table]`	73	`"SELECT username FROM $config[sql_usergroup_table]`
78	`WHERE username = '$login' AND groupname = '$Fgroup';");`	74	`WHERE username = '$login' AND groupname = '$Fgroup';");`
79	`if ($res){`	75	`if ($res){`
80	`if (!da_sql_num_rows($res,$config)){`	76	`if (!da_sql_num_rows($res,$config)){`
81	`$res = da_sql_query($link,$config,`	77	`$res = da_sql_query($link,$config,`
82	`"INSERT INTO $config[sql_usergroup_table]`	78	`"INSERT INTO $config[sql_usergroup_table]`
83	`(username,groupname) VALUES ('$login','$Fgroup');");`	79	`(username,groupname) VALUES ('$login','$Fgroup');");`
84	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	80	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
85	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`	81	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`
86	`}`	82	`}`
87	`else`	83	`else`
88	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`	84	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`
89	`}`	85	`}`
90	`else`	86	`else`
91	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`	87	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`
92	`}`	88	`}`
93	`if (!$da_abort){`	89	`if (!$da_abort){`
94	`if (isset($Fgroup) && $Fgroup != '')`	90	`if (isset($Fgroup) && $Fgroup != '')`
95	`require('../lib/defaults.php');`	91	`require('../lib/defaults.php');`
96	`foreach($show_attrs as $key => $attr){`	92	`foreach($show_attrs as $key => $attr){`
97	`if ($attrmap["$key"] == 'none')`	93	`if ($attrmap["$key"] == 'none')`
98	`continue;`	94	`continue;`
99	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`	95	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`
100	`continue;`	96	`continue;`
101	`if ($attrmap["$key"] == ''){`	97	`if ($attrmap["$key"] == ''){`
102	`$attrmap["$key"] = $key;`	98	`$attrmap["$key"] = $key;`
103	`$attr_type["$key"] = 'replyItem';`	99	`$attr_type["$key"] = 'replyItem';`
104	`$rev_attrmap["$key"] = $key;`	100	`$rev_attrmap["$key"] = $key;`
105	`}`	101	`}`
106	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`	102	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`
107	`$table = "$config[sql_check_table]";`	103	`$table = "$config[sql_check_table]";`
108	`$type = 1;`	104	`$type = 1;`
109	`}`	105	`}`
110	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`	106	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`
111	`$table = "$config[sql_reply_table]";`	107	`$table = "$config[sql_reply_table]";`
112	`$type = 2;`	108	`$type = 2;`
113	`}`	109	`}`
114	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`	110	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`
115	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`	111	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`
116	`if($key == "Session-Timeout") $sto_imp = $val;`	112	`if($key == "Session-Timeout") $sto_imp = $val;`
117	`if($key == "Max-All-Session") $mas_imp = $val;`	113	`if($key == "Max-All-Session") $mas_imp = $val;`
118	`if($key == "Max-Daily-Session") $mds_imp = $val;`	114	`if($key == "Max-Daily-Session") $mds_imp = $val;`
119	`if($key == "Max-Monthly-Session") $mms_imp = $val;`	115	`if($key == "Max-Monthly-Session") $mms_imp = $val;`
120	`/Fin Ajout/`	116	`/Fin Ajout/`
121	`$val = da_sql_escape_string($link, $val);`	117	`$val = da_sql_escape_string($link, $val);`
122	`$op_name = $attrmap["$key"] . '_op';`	118	`$op_name = $attrmap["$key"] . '_op';`
123	`$op_val = (isset($$op_name)) ? $$op_name : '';`	119	`$op_val = (isset($$op_name)) ? $$op_name : '';`
124	`if ($op_val != ''){`	120	`if ($op_val != ''){`
125	`$op_val = da_sql_escape_string($link, $op_val);`	121	`$op_val = da_sql_escape_string($link, $op_val);`
126	`if (check_operator($op_val,$type) == -1){`	122	`if (check_operator($op_val,$type) == -1){`
127	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`	123	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`
128	`continue;`	124	`continue;`
129	`}`	125	`}`
130	`$op_val2 = ",'$op_val'";`	126	`$op_val2 = ",'$op_val'";`
131	`}`	127	`}`
132	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`	128	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`
133	`if ($val == '' \|\| $chkdef)`	129	`if ($val == '' \|\| $chkdef)`
134	`continue;`	130	`continue;`
135	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`	131	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`
136	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`	132	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`
137	`$res = da_sql_query($link,$config,$sqlquery);`	133	`$res = da_sql_query($link,$config,$sqlquery);`
138	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	134	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
139	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`	135	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`
140	`}`	136	`}`
141	`}`	137	`}`
142	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`	138	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`
143	`}`	139	`}`
144	`else`	140	`else`
145	`echo "<b>Could not open encryption library file</b><br>\n";`	141	`echo "<b>Could not open encryption library file</b><br>\n";`
146	`}`	142	`}`
147	`else`	143	`else`
148	`echo "<b>Could not connect to SQL database</b><br>\n";`	144	`echo "<b>Could not connect to SQL database</b><br>\n";`
149	`?>`	145	`?>`
150		146