Rev 2384 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log
<?php
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
else{
echo "<b>Could not include SQL library</b><br>\n";
exit();
}
include_once('../lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
include_once("../lib/operators.php");
$text = ',op';
$passwd_op = ",':='";
}
$da_abort=0;
$op_val2 = '';
$link = da_sql_pconnect($config);
if ($link){
mysqli_set_charset($link,"utf8");
if (is_file("../lib/crypt/$config[general_encryption_method].php")){
include_once("../lib/crypt/$config[general_encryption_method].php");
//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
if ($passwd === 'password' && preg_match('/^([a-fA-F0-9]{2}[:|\-]?){6}$/', $login)) {
$user_ip = exec('sudo /usr/sbin/chilli_query list | awk '.escapeshellarg('($5 == 0) && ($6 == "'.$login.'") {print $2}'));
//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
if ((!empty($user_ip)) && ($user_ip !== $_SERVER['REMOTE_ADDR'])) {
exec('sudo /usr/sbin/chilli_query login mac '.escapeshellarg($login).' username '.escapeshellarg($login).' password '.escapeshellarg($passwd));
}
}
/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
$passwd_imp = $passwd;
/*Fin Ajout*/
$passwd = da_encrypt($passwd);
$passwd = da_sql_escape_string($link, $passwd);
$res = da_sql_query($link,$config,
"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
if (!$res || !da_sql_affected_rows($link,$res,$config)){
echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
$da_abort=1;
}
if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
$res = da_sql_query($link,$config,
"SELECT username FROM $config[sql_user_info_table] WHERE
username = '$login';");
if ($res){
if (!da_sql_num_rows($res,$config)){
$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
$res = da_sql_query($link,$config,
"INSERT INTO $config[sql_user_info_table]
(username,name,mail,department,homephone,workphone,mobile) VALUES
('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
if (!$res || !da_sql_affected_rows($link,$res,$config))
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
}
else
echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";
}
else
echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
}
if (isset($Fgroup) && $Fgroup != ''){
$Fgroup = da_sql_escape_string($link, $Fgroup);
$res = da_sql_query($link,$config,
"SELECT username FROM $config[sql_usergroup_table]
WHERE username = '$login' AND groupname = '$Fgroup';");
if ($res){
if (!da_sql_num_rows($res,$config)){
$res = da_sql_query($link,$config,
"INSERT INTO $config[sql_usergroup_table]
(username,groupname) VALUES ('$login','$Fgroup');");
if (!$res || !da_sql_affected_rows($link,$res,$config))
echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
}
else
echo "<b>User already is a member of group $Fgroup</b><br>\n";
}
else
echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
}
if (!$da_abort){
if (isset($Fgroup) && $Fgroup != '')
require('../lib/defaults.php');
foreach($show_attrs as $key => $attr){
if ($attrmap["$key"] == 'none')
continue;
if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
continue;
if ($attrmap["$key"] == ''){
$attrmap["$key"] = $key;
$attr_type["$key"] = 'replyItem';
$rev_attrmap["$key"] = $key;
}
if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
$table = "$config[sql_check_table]";
$type = 1;
}
else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
$table = "$config[sql_reply_table]";
$type = 2;
}
$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
if($key == "Session-Timeout") $sto_imp = $val;
if($key == "Max-All-Session") $mas_imp = $val;
if($key == "Max-Daily-Session") $mds_imp = $val;
if($key == "Max-Monthly-Session") $mms_imp = $val;
/*Fin Ajout*/
$val = da_sql_escape_string($link, $val);
$op_name = $attrmap["$key"] . '_op';
$op_val = (isset($$op_name)) ? $$op_name : '';
if ($op_val != ''){
$op_val = da_sql_escape_string($link, $op_val);
if (check_operator($op_val,$type) == -1){
echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
continue;
}
$op_val2 = ",'$op_val'";
}
$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
if ($val == '' || $chkdef)
continue;
$sqlquery = "INSERT INTO $table (attribute,value,username $text)
VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
$res = da_sql_query($link,$config,$sqlquery);
if (!$res || !da_sql_affected_rows($link,$res,$config))
echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
}
}
echo "<center><b>$l_user '$login' $l_created</b></center><br>";
}
else
echo "<b>Could not open encryption library file</b><br>\n";
}
else
echo "<b>Could not connect to SQL database</b><br>\n";
?>