1 |
<?php
|
1 |
<?php
|
2 |
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
|
2 |
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
|
3 |
include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
|
3 |
include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
|
4 |
else{
|
4 |
else{
|
5 |
echo "<b>Could not include SQL library</b><br>\n";
|
5 |
echo "<b>Could not include SQL library</b><br>\n";
|
6 |
exit();
|
6 |
exit();
|
7 |
}
|
7 |
}
|
8 |
include_once('../lib/functions.php');
|
8 |
include_once('../lib/functions.php');
|
9 |
if ($config['sql_use_operators'] == 'true'){
|
9 |
if ($config['sql_use_operators'] == 'true'){
|
10 |
include_once("../lib/operators.php");
|
10 |
include_once("../lib/operators.php");
|
11 |
$text = ',op';
|
11 |
$text = ',op';
|
12 |
$passwd_op = ",':='";
|
12 |
$passwd_op = ",':='";
|
13 |
}
|
13 |
}
|
14 |
|
14 |
|
15 |
$da_abort=0;
|
15 |
$da_abort=0;
|
16 |
$op_val2 = '';
|
16 |
$op_val2 = '';
|
17 |
$link = da_sql_pconnect($config);
|
17 |
$link = da_sql_pconnect($config);
|
18 |
if ($link){
|
18 |
if ($link){
|
19 |
mysqli_set_charset($link,"utf8");
|
19 |
mysqli_set_charset($link,"utf8");
|
20 |
if (is_file("../lib/crypt/$config[general_encryption_method].php")){
|
20 |
if (is_file("../lib/crypt/$config[general_encryption_method].php")){
|
21 |
include_once("../lib/crypt/$config[general_encryption_method].php");
|
21 |
include_once("../lib/crypt/$config[general_encryption_method].php");
|
22 |
|
22 |
|
23 |
//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
|
23 |
//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
|
24 |
//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
|
24 |
//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
|
25 |
if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
|
25 |
if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
|
26 |
$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
|
26 |
$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
|
27 |
//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
|
27 |
//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
|
28 |
if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
|
28 |
if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
|
29 |
exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
|
29 |
exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
|
30 |
}
|
30 |
}
|
31 |
}
|
31 |
}
|
32 |
|
32 |
|
33 |
$passwd = da_encrypt($passwd);
|
33 |
$passwd = da_encrypt($passwd);
|
34 |
$passwd = da_sql_escape_string($link, $passwd);
|
34 |
$passwd = da_sql_escape_string($link, $passwd);
|
35 |
$res = da_sql_query($link,$config,
|
35 |
$res = da_sql_query($link,$config,
|
36 |
"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
|
36 |
"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
|
37 |
VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
|
37 |
VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
|
38 |
if (!$res || !da_sql_affected_rows($link,$res,$config)){
|
38 |
if (!$res || !da_sql_affected_rows($link,$res,$config)){
|
39 |
echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
|
39 |
echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
|
40 |
$da_abort=1;
|
40 |
$da_abort=1;
|
41 |
}
|
41 |
}
|
42 |
if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
|
42 |
if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
|
43 |
$res = da_sql_query($link,$config,
|
43 |
$res = da_sql_query($link,$config,
|
44 |
"SELECT username FROM $config[sql_user_info_table] WHERE
|
44 |
"SELECT username FROM $config[sql_user_info_table] WHERE
|
45 |
username = '$login';");
|
45 |
username = '$login';");
|
46 |
if ($res){
|
46 |
if ($res){
|
47 |
if (!da_sql_num_rows($res,$config)){
|
47 |
if (!da_sql_num_rows($res,$config)){
|
48 |
$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
|
48 |
$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
|
49 |
$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
|
49 |
$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
|
50 |
$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
|
50 |
$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
|
51 |
$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
|
51 |
$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
|
52 |
$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
|
52 |
$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
|
53 |
$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
|
53 |
$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
|
54 |
$res = da_sql_query($link,$config,
|
54 |
$res = da_sql_query($link,$config,
|
55 |
"INSERT INTO $config[sql_user_info_table]
|
55 |
"INSERT INTO $config[sql_user_info_table]
|
56 |
(username,name,mail,department,homephone,workphone,mobile) VALUES
|
56 |
(username,name,mail,department,homephone,workphone,mobile) VALUES
|
57 |
('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
|
57 |
('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
|
58 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
58 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
59 |
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
|
59 |
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
|
60 |
}
|
60 |
}
|
61 |
else
|
61 |
else
|
62 |
echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";
|
62 |
echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";
|
63 |
}
|
63 |
}
|
64 |
else
|
64 |
else
|
65 |
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
|
65 |
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
|
66 |
}
|
66 |
}
|
67 |
if (isset($Fgroup) && $Fgroup != ''){
|
67 |
if (isset($Fgroup) && $Fgroup != ''){
|
68 |
$Fgroup = da_sql_escape_string($link, $Fgroup);
|
68 |
$Fgroup = da_sql_escape_string($link, $Fgroup);
|
69 |
$res = da_sql_query($link,$config,
|
69 |
$res = da_sql_query($link,$config,
|
70 |
"SELECT username FROM $config[sql_usergroup_table]
|
70 |
"SELECT username FROM $config[sql_usergroup_table]
|
71 |
WHERE username = '$login' AND groupname = '$Fgroup';");
|
71 |
WHERE username = '$login' AND groupname = '$Fgroup';");
|
72 |
if ($res){
|
72 |
if ($res){
|
73 |
if (!da_sql_num_rows($res,$config)){
|
73 |
if (!da_sql_num_rows($res,$config)){
|
74 |
$res = da_sql_query($link,$config,
|
74 |
$res = da_sql_query($link,$config,
|
75 |
"INSERT INTO $config[sql_usergroup_table]
|
75 |
"INSERT INTO $config[sql_usergroup_table]
|
76 |
(username,groupname) VALUES ('$login','$Fgroup');");
|
76 |
(username,groupname) VALUES ('$login','$Fgroup');");
|
77 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
77 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
78 |
echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
|
78 |
echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
|
79 |
}
|
79 |
}
|
80 |
else
|
80 |
else
|
81 |
echo "<b>User already is a member of group $Fgroup</b><br>\n";
|
81 |
echo "<b>User already is a member of group $Fgroup</b><br>\n";
|
82 |
}
|
82 |
}
|
83 |
else
|
83 |
else
|
84 |
echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
|
84 |
echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
|
85 |
}
|
85 |
}
|
86 |
if (!$da_abort){
|
86 |
if (!$da_abort){
|
87 |
if (isset($Fgroup) && $Fgroup != '')
|
87 |
if (isset($Fgroup) && $Fgroup != '')
|
88 |
require('../lib/defaults.php');
|
88 |
require('../lib/defaults.php');
|
89 |
foreach($show_attrs as $key => $attr){
|
89 |
foreach($show_attrs as $key => $attr){
|
90 |
if ($attrmap["$key"] == 'none')
|
90 |
if ($attrmap["$key"] == 'none')
|
91 |
continue;
|
91 |
continue;
|
92 |
if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
|
92 |
if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
|
93 |
continue;
|
93 |
continue;
|
94 |
if ($attrmap["$key"] == ''){
|
94 |
if ($attrmap["$key"] == ''){
|
95 |
$attrmap["$key"] = $key;
|
95 |
$attrmap["$key"] = $key;
|
96 |
$attr_type["$key"] = 'replyItem';
|
96 |
$attr_type["$key"] = 'replyItem';
|
97 |
$rev_attrmap["$key"] = $key;
|
97 |
$rev_attrmap["$key"] = $key;
|
98 |
}
|
98 |
}
|
99 |
if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
|
99 |
if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
|
100 |
$table = "$config[sql_check_table]";
|
100 |
$table = "$config[sql_check_table]";
|
101 |
$type = 1;
|
101 |
$type = 1;
|
102 |
}
|
102 |
}
|
103 |
else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
|
103 |
else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
|
104 |
$table = "$config[sql_reply_table]";
|
104 |
$table = "$config[sql_reply_table]";
|
105 |
$type = 2;
|
105 |
$type = 2;
|
106 |
}
|
106 |
}
|
107 |
$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
|
107 |
$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
|
108 |
$val = da_sql_escape_string($link, $val);
|
108 |
$val = da_sql_escape_string($link, $val);
|
109 |
$op_name = $attrmap["$key"] . '_op';
|
109 |
$op_name = $attrmap["$key"] . '_op';
|
110 |
$op_val = (isset($$op_name)) ? $$op_name : '';
|
110 |
$op_val = (isset($$op_name)) ? $$op_name : '';
|
111 |
if ($op_val != ''){
|
111 |
if ($op_val != ''){
|
112 |
$op_val = da_sql_escape_string($link, $op_val);
|
112 |
$op_val = da_sql_escape_string($link, $op_val);
|
113 |
if (check_operator($op_val,$type) == -1){
|
113 |
if (check_operator($op_val,$type) == -1){
|
114 |
echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
|
114 |
echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
|
115 |
continue;
|
115 |
continue;
|
116 |
}
|
116 |
}
|
117 |
$op_val2 = ",'$op_val'";
|
117 |
$op_val2 = ",'$op_val'";
|
118 |
}
|
118 |
}
|
119 |
$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
|
119 |
$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
|
120 |
if ($val == '' || $chkdef)
|
120 |
if ($val == '' || $chkdef)
|
121 |
continue;
|
121 |
continue;
|
122 |
$sqlquery = "INSERT INTO $table (attribute,value,username $text)
|
122 |
$sqlquery = "INSERT INTO $table (attribute,value,username $text)
|
123 |
VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
|
123 |
VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
|
124 |
$res = da_sql_query($link,$config,$sqlquery);
|
124 |
$res = da_sql_query($link,$config,$sqlquery);
|
125 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
125 |
if (!$res || !da_sql_affected_rows($link,$res,$config))
|
126 |
echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
126 |
echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
|
127 |
}
|
127 |
}
|
128 |
}
|
128 |
}
|
129 |
echo "<center><b>$l_user '$login' $l_created</b></center><br>";
|
129 |
echo "<center><b>$l_user '$login' $l_created</b></center><br>";
|
130 |
}
|
130 |
}
|
131 |
else
|
131 |
else
|
132 |
echo "<b>Could not open encryption library file</b><br>\n";
|
132 |
echo "<b>Could not open encryption library file</b><br>\n";
|
133 |
}
|
133 |
}
|
134 |
else
|
134 |
else
|
135 |
echo "<b>Could not connect to SQL database</b><br>\n";
|
135 |
echo "<b>Could not connect to SQL database</b><br>\n";
|
136 |
?>
|
136 |
?>
|
137 |
|
137 |
|