Subversion Repositories ALCASAR

Rev

Rev 2698 | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2698 Rev 2843
1
<?php
1
<?php
2
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
2
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
3
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
3
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
4
else{
4
else{
5
	echo "<b>Could not include SQL library</b><br>\n";
5
	echo "<b>Could not include SQL library</b><br>\n";
6
	exit();
6
	exit();
7
}
7
}
8
include_once('../lib/functions.php');
8
include_once('../lib/functions.php');
9
if ($config['sql_use_operators'] == 'true'){
9
if ($config['sql_use_operators'] == 'true'){
10
	include_once("../lib/operators.php");
10
	include_once("../lib/operators.php");
11
	$text = ',op';
11
	$text = ',op';
12
	$passwd_op = ",':='";
12
	$passwd_op = ",':='";
13
}
13
}
14
 
14
 
15
$da_abort=0;
15
$da_abort=0;
16
$op_val2 = '';
16
$op_val2 = '';
17
$link = da_sql_pconnect($config);
17
$link = da_sql_pconnect($config);
18
if ($link){
18
if ($link){
19
	mysqli_set_charset($link,"utf8");
19
	mysqli_set_charset($link,"utf8");
20
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
20
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
21
		include_once("../lib/crypt/$config[general_encryption_method].php");
21
		include_once("../lib/crypt/$config[general_encryption_method].php");
22
 
22
 
23
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
23
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
24
		//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
24
		//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
25
		if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
25
		if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
26
			$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
26
			$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
27
			//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
27
			//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
28
			if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
28
			if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
29
				exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
29
				exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
30
			}
30
			}
31
		}
31
		}
32
 
32
 
33
		$passwd = da_encrypt($passwd);
33
		$passwd = da_encrypt($passwd);
34
		$passwd = da_sql_escape_string($link, $passwd);
34
		$passwd = da_sql_escape_string($link, $passwd);
35
		$res = da_sql_query($link,$config,
35
		$res = da_sql_query($link,$config,
36
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
36
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
37
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
37
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
38
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
38
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
39
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
39
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
40
			$da_abort=1;
40
			$da_abort=1;
41
		}
41
		}
42
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
42
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
43
			$res = da_sql_query($link,$config,
43
			$res = da_sql_query($link,$config,
44
			"SELECT username FROM $config[sql_user_info_table] WHERE
44
			"SELECT username FROM $config[sql_user_info_table] WHERE
45
			username = '$login';");
45
			username = '$login';");
46
			if ($res){
46
			if ($res){
47
				if (!da_sql_num_rows($res,$config)){
47
				if (!da_sql_num_rows($res,$config)){
48
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
48
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
49
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
49
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
50
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
50
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
51
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
51
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
52
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
52
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
53
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
53
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
54
					$res = da_sql_query($link,$config,
54
					$res = da_sql_query($link,$config,
55
					"INSERT INTO $config[sql_user_info_table]
55
					"INSERT INTO $config[sql_user_info_table]
56
					(username,name,mail,department,homephone,workphone,mobile) VALUES
56
					(username,name,mail,department,homephone,workphone,mobile) VALUES
57
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
57
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
58
					if (!$res || !da_sql_affected_rows($link,$res,$config))
58
					if (!$res || !da_sql_affected_rows($link,$res,$config))
59
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
59
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
60
				}
60
				}
61
				else
61
				else
62
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
62
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
63
			}
63
			}
64
			else
64
			else
65
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
65
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
66
		}
66
		}
67
		if (isset($Fgroup) && $Fgroup != ''){
67
		if (isset($Fgroup) && $Fgroup != ''){
68
			$Fgroup = da_sql_escape_string($link, $Fgroup);
68
			$Fgroup = da_sql_escape_string($link, $Fgroup);
69
			$res = da_sql_query($link,$config,
69
			$res = da_sql_query($link,$config,
70
			"SELECT username FROM $config[sql_usergroup_table]
70
			"SELECT username FROM $config[sql_usergroup_table]
71
			WHERE username = '$login' AND groupname = '$Fgroup';");
71
			WHERE username = '$login' AND groupname = '$Fgroup';");
72
			if ($res){
72
			if ($res){
73
				if (!da_sql_num_rows($res,$config)){
73
				if (!da_sql_num_rows($res,$config)){
74
					$res = da_sql_query($link,$config,
74
					$res = da_sql_query($link,$config,
75
					"INSERT INTO $config[sql_usergroup_table]
75
					"INSERT INTO $config[sql_usergroup_table]
76
					(username,groupname) VALUES ('$login','$Fgroup');");
76
					(username,groupname) VALUES ('$login','$Fgroup');");
77
					if (!$res || !da_sql_affected_rows($link,$res,$config))
77
					if (!$res || !da_sql_affected_rows($link,$res,$config))
78
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
78
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
79
				}
79
				}
80
				else
80
				else
81
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
81
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
82
			}
82
			}
83
			else
83
			else
84
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
84
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
85
		}
85
		}
86
		if (!$da_abort){
86
		if (!$da_abort){
87
			if (isset($Fgroup) && $Fgroup != '')
87
			if (isset($Fgroup) && $Fgroup != '')
88
				require('../lib/defaults.php');
88
				require('../lib/defaults.php');
89
			foreach($show_attrs as $key => $attr){
89
			foreach($show_attrs as $key => $attr){
90
				if ($attrmap["$key"] == 'none')
90
				if ($attrmap["$key"] == 'none')
91
					continue;
91
					continue;
92
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
92
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
93
					continue;
93
					continue;
94
				if ($attrmap["$key"] == ''){
94
				if ($attrmap["$key"] == ''){
95
					$attrmap["$key"] = $key;
95
					$attrmap["$key"] = $key;
96
					$attr_type["$key"] = 'replyItem';
96
					$attr_type["$key"] = 'replyItem';
97
					$rev_attrmap["$key"] = $key;
97
					$rev_attrmap["$key"] = $key;
98
				}
98
				}
99
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
99
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
100
					$table = "$config[sql_check_table]";
100
					$table = "$config[sql_check_table]";
101
					$type = 1;
101
					$type = 1;
102
				}
102
				}
103
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
103
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
104
					$table = "$config[sql_reply_table]";
104
					$table = "$config[sql_reply_table]";
105
					$type = 2;
105
					$type = 2;
106
				}
106
				}
107
				$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
107
				$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
108
				$val = da_sql_escape_string($link, $val);
108
				$val = da_sql_escape_string($link, $val);
109
				$op_name = $attrmap["$key"] . '_op';
109
				$op_name = $attrmap["$key"] . '_op';
110
				$op_val = (isset($$op_name)) ? $$op_name : '';
110
				$op_val = (isset($$op_name)) ? $$op_name : '';
111
				if ($op_val != ''){
111
				if ($op_val != ''){
112
					$op_val = da_sql_escape_string($link, $op_val);
112
					$op_val = da_sql_escape_string($link, $op_val);
113
					if (check_operator($op_val,$type) == -1){
113
					if (check_operator($op_val,$type) == -1){
114
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
114
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
115
						continue;
115
						continue;
116
					}
116
					}
117
					$op_val2 = ",'$op_val'";
117
					$op_val2 = ",'$op_val'";
118
				}
118
				}
119
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
119
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
120
				if ($val == '' || $chkdef)
120
				if ($val == '' || $chkdef)
121
					continue;
121
					continue;
122
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
122
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
123
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
123
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
124
				$res = da_sql_query($link,$config,$sqlquery);
124
				$res = da_sql_query($link,$config,$sqlquery);
125
				if (!$res || !da_sql_affected_rows($link,$res,$config))
125
				if (!$res || !da_sql_affected_rows($link,$res,$config))
126
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
126
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
127
			}
127
			}
128
		}
128
		}
129
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
129
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
130
	}
130
	}
131
	else
131
	else
132
		echo "<b>Could not open encryption library file</b><br>\n";
132
		echo "<b>Could not open encryption library file</b><br>\n";
133
}
133
}
134
else
134
else
135
	echo "<b>Could not connect to SQL database</b><br>\n";
135
	echo "<b>Could not connect to SQL database</b><br>\n";
136
?>
136
?>
137
 
137