Line 92... |
Line 92... |
92 |
return $password;
|
92 |
return $password;
|
93 |
}
|
93 |
}
|
94 |
|
94 |
|
95 |
function freeradiusweb_removeDisallowedChars($login)
|
95 |
function freeradiusweb_removeDisallowedChars($login)
|
96 |
{
|
96 |
{
|
- |
|
97 |
global $config;
|
- |
|
98 |
|
97 |
if ($login != '')
|
99 |
if ($login != '')
|
98 |
{
|
100 |
{
|
99 |
$accent = "âêôûéàèùîáâãäçèéêëìíîïñòóôõöùúûü";
|
101 |
$accent = "âêôûéàèùîáâãäçèéêëìíîïñòóôõöùúûü";
|
100 |
$login = preg_replace("/[^\w$accent\.\/\@\:\-]/",'',$login);
|
102 |
$login = preg_replace("/[^\w$accent\.\/\@\:\-]/",'',$login);
|
101 |
}
|
103 |
}
|
Line 174... |
Line 176... |
174 |
{
|
176 |
{
|
175 |
if (substr($ligne,0,3) == pack('CCC',239,187,191)) # remove UTF8-BOM
|
177 |
if (substr($ligne,0,3) == pack('CCC',239,187,191)) # remove UTF8-BOM
|
176 |
{
|
178 |
{
|
177 |
$ligne = substr ($ligne,3);
|
179 |
$ligne = substr ($ligne,3);
|
178 |
}
|
180 |
}
|
179 |
$tligne = split(" ",$ligne);
|
181 |
$tligne = explode(" ",$ligne);
|
180 |
$login = trim ($tligne[0]);
|
182 |
$login = trim ($tligne[0]);
|
181 |
$password = trim ($tligne[1]);
|
183 |
$password = trim ($tligne[1]);
|
182 |
if ($login != '')
|
184 |
if ($login != '')
|
183 |
{
|
185 |
{
|
184 |
if ($password == "")
|
186 |
if ($password == "")
|
185 |
{
|
187 |
{
|
186 |
$password = GenPassword();
|
188 |
$password = GenPassword();
|
187 |
}
|
189 |
}
|
188 |
$login = freeradiusweb_removeDisallowedChars($login);
|
190 |
$login = freeradiusweb_removeDisallowedChars($login);
|
189 |
$login = da_sql_escape_string($link,$login);
|
191 |
$login = da_sql_escape_string($link,$login);
|
190 |
$passwd = da_sql_escape_string($link,$passwd);
|
- |
|
191 |
$passwd = da_encrypt($password);
|
192 |
$passwd = da_encrypt($password);
|
- |
|
193 |
$passwd = da_sql_escape_string($link,$passwd);
|
192 |
// insertion (login + password) dans la table "radcheck" (si l'usager existe --> changement de mot de passe)
|
194 |
// insertion (login + password) dans la table "radcheck" (si l'usager existe --> changement de mot de passe)
|
193 |
$res = @da_sql_query($link,$config,"INSERT INTO $config[sql_check_table] (attribute,value,username $text) VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
|
195 |
$res = @da_sql_query($link,$config,"INSERT INTO $config[sql_check_table] (attribute,value,username $text) VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
|
194 |
if (!$res || !@da_sql_affected_rows($link,$res,$config))
|
196 |
if (!$res || !@da_sql_affected_rows($link,$res,$config))
|
195 |
{
|
197 |
{
|
196 |
echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
|
198 |
echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
|
Line 203... |
Line 205... |
203 |
fputs($RS_out,"$l_out_login $login | $l_out_passwd $password\r\n\r\n");
|
205 |
fputs($RS_out,"$l_out_login $login | $l_out_passwd $password\r\n\r\n");
|
204 |
fputs($RS_out,"$l_out_mind\r\n\r\n");
|
206 |
fputs($RS_out,"$l_out_mind\r\n\r\n");
|
205 |
fputs($RS_out,"--------------------------------------------------------------------------------\r\n\r\n");
|
207 |
fputs($RS_out,"--------------------------------------------------------------------------------\r\n\r\n");
|
206 |
}
|
208 |
}
|
207 |
// insertion de l'usager dans la table "userinfo"
|
209 |
// insertion de l'usager dans la table "userinfo"
|
208 |
if ($config[sql_use_user_info_table] == 'true' && !$da_abort)
|
210 |
if ($config['sql_use_user_info_table'] == 'true' && !$da_abort)
|
209 |
{
|
211 |
{
|
210 |
$res = @da_sql_query($link,$config, "SELECT username FROM $config[sql_user_info_table] WHERE username = '$login';");
|
212 |
$res = @da_sql_query($link,$config, "SELECT username FROM $config[sql_user_info_table] WHERE username = '$login';");
|
211 |
if ($res)
|
213 |
if ($res)
|
212 |
{
|
214 |
{
|
213 |
if (!@da_sql_num_rows($res,$config))
|
215 |
if (!@da_sql_num_rows($res,$config))
|
Line 219... |
Line 221... |
219 |
else
|
221 |
else
|
220 |
echo "<b>User already exists in user info table.</b><br>\n";
|
222 |
echo "<b>User already exists in user info table.</b><br>\n";
|
221 |
}
|
223 |
}
|
222 |
else
|
224 |
else
|
223 |
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
|
225 |
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
|
224 |
if ($group != '')
|
226 |
if ((isset($group)) && (!empty($group)))
|
225 |
{
|
227 |
{
|
226 |
$group = da_sql_escape_string($link,$group);
|
228 |
$group = da_sql_escape_string($link,$group);
|
227 |
$res = @da_sql_query($link,$config,"SELECT username FROM $config[sql_usergroup_table] WHERE username = '$login' AND groupname = '$group';");
|
229 |
$res = @da_sql_query($link,$config,"SELECT username FROM $config[sql_usergroup_table] WHERE username = '$login' AND groupname = '$group';");
|
228 |
if ($res)
|
230 |
if ($res)
|
229 |
{
|
231 |
{
|