WebSVN – ALCASAR – Diff – /web/acc/manager/lib/sql/create_user.php


<?php
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
else{
	echo "<b>Could not include SQL library</b><br>\n";
	exit();
}
include_once('../lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
	include_once("../lib/operators.php");
	$text = ',op';
	$passwd_op = ",':='";
}
 
$da_abort=0;
$op_val2 = '';
$link = da_sql_pconnect($config);
if ($link){
	mysqli_set_charset($link,"utf8");
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
		include_once("../lib/crypt/$config[general_encryption_method].php");
 
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
		//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
		if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
			$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
			//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
			if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
				exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
			}
		}
 
		/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
		$passwd_imp = $passwd;
		/*Fin Ajout*/
		$passwd = da_encrypt($passwd);
		$passwd = da_sql_escape_string($link, $passwd);
		$res = da_sql_query($link,$config,
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
			$da_abort=1;
		}
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_user_info_table] WHERE
			username = '$login';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_user_info_table]
					(username,name,mail,department,homephone,workphone,mobile) VALUES
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
				}
				else
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
			}
			else
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (isset($Fgroup) && $Fgroup != ''){
			$Fgroup = da_sql_escape_string($link, $Fgroup);
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_usergroup_table]
			WHERE username = '$login' AND groupname = '$Fgroup';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_usergroup_table]
					(username,groupname) VALUES ('$login','$Fgroup');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
				}
				else
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
			}
			else
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (!$da_abort){
			if (isset($Fgroup) && $Fgroup != '')
				require('../lib/defaults.php');
			foreach($show_attrs as $key => $attr){
				if ($attrmap["$key"] == 'none')
					continue;
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
					continue;
				if ($attrmap["$key"] == ''){
					$attrmap["$key"] = $key;
					$attr_type["$key"] = 'replyItem';
					$rev_attrmap["$key"] = $key;
				}
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
					$table = "$config[sql_check_table]";
					$type = 1;
				}
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
					$table = "$config[sql_reply_table]";
					$type = 2;
				}
				$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
				/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
				if($key == "Session-Timeout") $sto_imp = $val;
				if($key == "Max-All-Session") $mas_imp = $val;
				if($key == "Max-Daily-Session") $mds_imp = $val;
				if($key == "Max-Monthly-Session") $mms_imp = $val;
				/*Fin Ajout*/
				$val = da_sql_escape_string($link, $val);
				$op_name = $attrmap["$key"] . '_op';
				$op_val = (isset($$op_name)) ? $$op_name : '';
				if ($op_val != ''){
					$op_val = da_sql_escape_string($link, $op_val);
					if (check_operator($op_val,$type) == -1){
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
						continue;
					}
					$op_val2 = ",'$op_val'";
				}
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
				if ($val == '' || $chkdef)
					continue;
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
				$res = da_sql_query($link,$config,$sqlquery);
				if (!$res || !da_sql_affected_rows($link,$res,$config))
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
			}
		}
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
	}
	else
		echo "<b>Could not open encryption library file</b><br>\n";
}
else
	echo "<b>Could not connect to SQL database</b><br>\n";
?>
 

Subversion Repositories ALCASAR

(root)/web/acc/manager/lib/sql/create_user.php @ 2698 – Rev 2384 → 2392

Rev 2384		Rev 2392
1	`<?php`	1	`<?php`
2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`	2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`
3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`	3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`
4	`else{`	4	`else{`
5	`echo "<b>Could not include SQL library</b><br>\n";`	5	`echo "<b>Could not include SQL library</b><br>\n";`
6	`exit();`	6	`exit();`
7	`}`	7	`}`
8	`include_once('../lib/functions.php');`	8	`include_once('../lib/functions.php');`
9	`if ($config['sql_use_operators'] == 'true'){`	9	`if ($config['sql_use_operators'] == 'true'){`
10	`include_once("../lib/operators.php");`	10	`include_once("../lib/operators.php");`
11	`$text = ',op';`	11	`$text = ',op';`
12	`$passwd_op = ",':='";`	12	`$passwd_op = ",':='";`
13	`}`	13	`}`
14		14
15	`$da_abort=0;`	15	`$da_abort=0;`
16	`$op_val2 = '';`	16	`$op_val2 = '';`
17	`$link = da_sql_pconnect($config);`	17	`$link = da_sql_pconnect($config);`
18	`if ($link){`	18	`if ($link){`
19	`mysqli_set_charset($link,"utf8");`	19	`mysqli_set_charset($link,"utf8");`
20	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`	20	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`
21	`include_once("../lib/crypt/$config[general_encryption_method].php");`	21	`include_once("../lib/crypt/$config[general_encryption_method].php");`
22		22
23	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`	23	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`
24	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`	24	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`
25	`if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:\|\-]?){6}$/', $login)) {`	25	`if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:\|\-]?){6}$/', $login)) {`
26	`$user_ip = exec('sudo chilli_query list \| grep '.escapeshellarg($login)." \| cut -d' ' -f2");`	26	`$user_ip = exec('sudo /usr/sbin/chilli_query list \| awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));`
27	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`	27	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`
28	`if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {`	28	`if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {`
29	`exec('sudo chilli_query authorize mac '.escapeshellarg($login));`	29	`exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));`
30	`}`	30	`}`
31	`}`	31	`}`
32		32
33	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`	33	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`
34	`$passwd_imp = $passwd;`	34	`$passwd_imp = $passwd;`
35	`/Fin Ajout/`	35	`/Fin Ajout/`
36	`$passwd = da_encrypt($passwd);`	36	`$passwd = da_encrypt($passwd);`
37	`$passwd = da_sql_escape_string($link, $passwd);`	37	`$passwd = da_sql_escape_string($link, $passwd);`
38	`$res = da_sql_query($link,$config,`	38	`$res = da_sql_query($link,$config,`
39	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`	39	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`
40	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`	40	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`
41	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`	41	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`
42	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`	42	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`
43	`$da_abort=1;`	43	`$da_abort=1;`
44	`}`	44	`}`
45	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`	45	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`
46	`$res = da_sql_query($link,$config,`	46	`$res = da_sql_query($link,$config,`
47	`"SELECT username FROM $config[sql_user_info_table] WHERE`	47	`"SELECT username FROM $config[sql_user_info_table] WHERE`
48	`username = '$login';");`	48	`username = '$login';");`
49	`if ($res){`	49	`if ($res){`
50	`if (!da_sql_num_rows($res,$config)){`	50	`if (!da_sql_num_rows($res,$config)){`
51	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`	51	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`
52	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`	52	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`
53	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`	53	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`
54	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`	54	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`
55	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`	55	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`
56	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`	56	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`
57	`$res = da_sql_query($link,$config,`	57	`$res = da_sql_query($link,$config,`
58	`"INSERT INTO $config[sql_user_info_table]`	58	`"INSERT INTO $config[sql_user_info_table]`
59	`(username,name,mail,department,homephone,workphone,mobile) VALUES`	59	`(username,name,mail,department,homephone,workphone,mobile) VALUES`
60	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`	60	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`
61	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	61	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
62	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	62	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
63	`}`	63	`}`
64	`else`	64	`else`
65	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`	65	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`
66	`}`	66	`}`
67	`else`	67	`else`
68	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	68	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
69	`}`	69	`}`
70	`if (isset($Fgroup) && $Fgroup != ''){`	70	`if (isset($Fgroup) && $Fgroup != ''){`
71	`$Fgroup = da_sql_escape_string($link, $Fgroup);`	71	`$Fgroup = da_sql_escape_string($link, $Fgroup);`
72	`$res = da_sql_query($link,$config,`	72	`$res = da_sql_query($link,$config,`
73	`"SELECT username FROM $config[sql_usergroup_table]`	73	`"SELECT username FROM $config[sql_usergroup_table]`
74	`WHERE username = '$login' AND groupname = '$Fgroup';");`	74	`WHERE username = '$login' AND groupname = '$Fgroup';");`
75	`if ($res){`	75	`if ($res){`
76	`if (!da_sql_num_rows($res,$config)){`	76	`if (!da_sql_num_rows($res,$config)){`
77	`$res = da_sql_query($link,$config,`	77	`$res = da_sql_query($link,$config,`
78	`"INSERT INTO $config[sql_usergroup_table]`	78	`"INSERT INTO $config[sql_usergroup_table]`
79	`(username,groupname) VALUES ('$login','$Fgroup');");`	79	`(username,groupname) VALUES ('$login','$Fgroup');");`
80	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	80	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
81	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`	81	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`
82	`}`	82	`}`
83	`else`	83	`else`
84	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`	84	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`
85	`}`	85	`}`
86	`else`	86	`else`
87	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`	87	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`
88	`}`	88	`}`
89	`if (!$da_abort){`	89	`if (!$da_abort){`
90	`if (isset($Fgroup) && $Fgroup != '')`	90	`if (isset($Fgroup) && $Fgroup != '')`
91	`require('../lib/defaults.php');`	91	`require('../lib/defaults.php');`
92	`foreach($show_attrs as $key => $attr){`	92	`foreach($show_attrs as $key => $attr){`
93	`if ($attrmap["$key"] == 'none')`	93	`if ($attrmap["$key"] == 'none')`
94	`continue;`	94	`continue;`
95	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`	95	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`
96	`continue;`	96	`continue;`
97	`if ($attrmap["$key"] == ''){`	97	`if ($attrmap["$key"] == ''){`
98	`$attrmap["$key"] = $key;`	98	`$attrmap["$key"] = $key;`
99	`$attr_type["$key"] = 'replyItem';`	99	`$attr_type["$key"] = 'replyItem';`
100	`$rev_attrmap["$key"] = $key;`	100	`$rev_attrmap["$key"] = $key;`
101	`}`	101	`}`
102	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`	102	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`
103	`$table = "$config[sql_check_table]";`	103	`$table = "$config[sql_check_table]";`
104	`$type = 1;`	104	`$type = 1;`
105	`}`	105	`}`
106	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`	106	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`
107	`$table = "$config[sql_reply_table]";`	107	`$table = "$config[sql_reply_table]";`
108	`$type = 2;`	108	`$type = 2;`
109	`}`	109	`}`
110	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`	110	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`
111	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`	111	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`
112	`if($key == "Session-Timeout") $sto_imp = $val;`	112	`if($key == "Session-Timeout") $sto_imp = $val;`
113	`if($key == "Max-All-Session") $mas_imp = $val;`	113	`if($key == "Max-All-Session") $mas_imp = $val;`
114	`if($key == "Max-Daily-Session") $mds_imp = $val;`	114	`if($key == "Max-Daily-Session") $mds_imp = $val;`
115	`if($key == "Max-Monthly-Session") $mms_imp = $val;`	115	`if($key == "Max-Monthly-Session") $mms_imp = $val;`
116	`/Fin Ajout/`	116	`/Fin Ajout/`
117	`$val = da_sql_escape_string($link, $val);`	117	`$val = da_sql_escape_string($link, $val);`
118	`$op_name = $attrmap["$key"] . '_op';`	118	`$op_name = $attrmap["$key"] . '_op';`
119	`$op_val = (isset($$op_name)) ? $$op_name : '';`	119	`$op_val = (isset($$op_name)) ? $$op_name : '';`
120	`if ($op_val != ''){`	120	`if ($op_val != ''){`
121	`$op_val = da_sql_escape_string($link, $op_val);`	121	`$op_val = da_sql_escape_string($link, $op_val);`
122	`if (check_operator($op_val,$type) == -1){`	122	`if (check_operator($op_val,$type) == -1){`
123	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`	123	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`
124	`continue;`	124	`continue;`
125	`}`	125	`}`
126	`$op_val2 = ",'$op_val'";`	126	`$op_val2 = ",'$op_val'";`
127	`}`	127	`}`
128	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`	128	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`
129	`if ($val == '' \|\| $chkdef)`	129	`if ($val == '' \|\| $chkdef)`
130	`continue;`	130	`continue;`
131	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`	131	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`
132	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`	132	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`
133	`$res = da_sql_query($link,$config,$sqlquery);`	133	`$res = da_sql_query($link,$config,$sqlquery);`
134	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	134	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
135	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`	135	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`
136	`}`	136	`}`
137	`}`	137	`}`
138	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`	138	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`
139	`}`	139	`}`
140	`else`	140	`else`
141	`echo "<b>Could not open encryption library file</b><br>\n";`	141	`echo "<b>Could not open encryption library file</b><br>\n";`
142	`}`	142	`}`
143	`else`	143	`else`
144	`echo "<b>Could not connect to SQL database</b><br>\n";`	144	`echo "<b>Could not connect to SQL database</b><br>\n";`
145	`?>`	145	`?>`
146		146