signup.php

<?php
//ob_start();
//include("../member/signup.php");
//$output = ob_get_contents();
//ob_end_clean();
//

// -------------------------------------------------------------
// DEV: CHANGE THIS FOR DEV MODE
// -------------------------------------------------------------

//$script_path="/home/member/eclipse/signuptests/";
$script_path="sudo /usr/local/sbin/";

// DEV: CHNAGE THIS FOR DEV MODE
//$error_email="eclipse@sucs.org";
$error_email="admin@sucs.org";

$override_permission="sucsstaff";

// is the validation (mostly) overridable
$overridable=isset($session->groups[$override_permission]);

// ------------------------------------------------
// DEV: UNCOMMENT THIS FOR DEV MODE
// ------------------------------------------------

//$overridable=true;

//set defaults
$mode = 'login';

//login
if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
    //set signup details
    $signupid = $_REQUEST['signupid'];
    $signuppw = $_REQUEST['signuppw'];
    // connect to sucs database
    $sucsDB = NewADOConnection('postgres8');
    //$sucsDB->debug = true;

    // -------------------------------------------------
    // DEV:SET THIS TO YOUR DATBASE FOR DEV MODE
    // -------------------------------------------------
    $sucsDB->Connect('dbname=sucs');


    $sucsDB->SetFetchMode(ADODB_FETCH_ASSOC);
    // get row(s)
    $query = "SELECT * FROM signup WHERE id=? AND password=?";
    $array = array($signupid,$signuppw);
    $data = $sucsDB->GetAll($query,$array);
    // if data was returned and it was exactly 1 row
    if(is_array($data)&&sizeof($data)==1){
	$row=$data[0];
	// if the id hasnt already been used
	if(!(isset($row[activated])&&isset($row[username]))){
	    // pass on the id and passwd and id the validation is overridable
	    $smarty->assign("signupid",$signupid);
	    $smarty->assign("signuppw",$signuppw);
	    $smarty->assign("overridable",$overridable);
	    $smarty->assign("usertype",$row[type]);
	    // if accepting the form
	    if(isset($_REQUEST['username']) && isset($_REQUEST['realname']) && isset($_REQUEST['email']) && isset($_REQUEST['phone'])){
		require_once("../lib/validation.php");
		$override = $overridable && (isset($_POST['override']) && $_POST['override']=="on");
		$valid=true;
		$errors=array();
		$fields=array();
		if(!validUsername($_REQUEST['username'])){
		    $valid=false;
		    $errors['username']=$error;
		}
		$fields['username']=$_REQUEST['username'];
		if(!(validSignupEmail($_REQUEST['email']) || $override)){
		    $valid=false;
		    $errors['email']=$error;
		}
		$fields['email']=$_REQUEST['email'];
		if(!(validPhone($_REQUEST['phone']) || $override)){
		    $valid=false;
		    $errors['phone']=$error;
		}
		$fields['phone']=sanitizePhone($_REQUEST['phone']);
		if($row[type]!=2){
		    if(!(validAddress($_REQUEST['address']) || $override)){
			$valid=false;
			$errors['address']=$error;
		    }
		    $fields['address']=sanitizeAddress($_POST['address']);
		    if(!validRealName($_REQUEST['realname'],$override)){
			$valid=false;
			$errors['realname']=$error;
		    }
		    $fields['realname']=$_REQUEST['realname'];
		}
		else{
		    if(!(validRealName($_REQUEST['contact'],false) || $override)){
			$valid=false;
			$errors['contact']=$error;
		    }
		    $fields['contact']=$_REQUEST['contact'];
		    if(!validSocName($_REQUEST['realname'], $override)){
			$valid=false;
			$errors['realname']=$error;
		    }
		    $fields['realname']=$_REQUEST['realname'];
		}
		if($row[type]==1){
			if(!validSID($_REQUEST['studentid'],$override)){
			    $valid=false;
			    $errors['studentid']=$error;
			}
			$fields['studentid']=$_REQUEST['studentid'];
		}

		if($valid){
		    // include membership adding functions
		    require_once("../lib/member_functions.php");
		    $mode='result';
		    $failed=false;

		    // invalidate signup slip
		    $query = "UPDATE signup SET sid=?, username=?, activated=now() WHERE id=?";

		    unset($atribs);
		    $atribs[0]=$fields['studentid'];
		    $atribs[1]=$fields['username'];
		    $atribs[2]=$signupid;
		    $responce = $sucsDB->Execute($query,$atribs);
		    if(!$responce){
			    mail(
				    $error_email,
				    "Signup Error",
				    "Unable to invalidate signup slip: ".$signupid."\nAborting\nError message:\n".$sucsDB->ErrorMsg(),
				    "From: \"SUCS Admin\" <admin@sucs.org>"
			    );
			    $failed=true;
		    }
		    else{	
			    // determine the uid range
			    if($row[type]==2){
				    $baseuid=8;
			    }
			    else{
				    $baseuid=29;
			    }
			    $minuid=$baseuid*1000;
			    $maxuid=$minuid+999;
			    //get the new uid
			    $uid=findUid($minuid,$maxuid);
			    // make a password
			    $password=make_password();
			    // make the ldif
			    $ldif=generateLdif($uid,$password,$row[type],$fields['realname'],$fields['username']);
			    // write ldif file
			    file_put_contents('/tmp/useradd.'.$fields['username'].'.ldif',$ldif);
			    exec(
				    $script_path.'useradd.apache '.
				    escapeshellarg($fields['username']).' '.
				    escapeshellarg($fields['studentid']).' '.
				    escapeshellarg($fields['email']).
				    ' 2>&1',
				    $execoutputarr,
				    $execreturn
			    );
			    if($execreturn!=0){
				$execoutputstr=implode("\n",$execoutputarr);
	
				mail(
				    $error_email,
				    "Error creating user for signup id: ".$signupid,
				    $execoutputstr,
				    "From: \"SUCS Admin\" <admin@sucs.org>"
			    	);
				$failed=true;
			    }
			    // DEV: STICK THIS FOR DEV
			    if(posix_getpwnam($fields['username'])){
				    $query="SELECT count(*) from members where username = ?";
				    $data = $sucsDB->GetAll($query,array($fields['username']));
				    if($data[0]['count']!=0){
					    mail(
						    $error_email,
						    "Signup Error",
						    "User ".$fields['username']." already exists in the databse, THIS SHOULD NEVER HAPPEN\n Love the signup system.\n\nP.S. the signup id is: ".$signupid,
						    "From: \"SUCS Admin\" <admin@sucs.org>"
					    );
					    $failed=true;
				    }
				    else{
					    $query  = "INSERT INTO members (";
					    $query .= "uid, username, realname, email, address, phone, sid, type, paid, lastedit, comments";
					    $query .= ") values (";
					    $query .= "?, ?, ?, ?";
					    // if its a soc then it has no address
					    if($row[type]!=2){
						    $query .= ", ?"; //address
					    }
					    else{
						    $query .= ", DEFAULT"; //address
					    }
					    $query .= ", ?"; //phone
					    // only student had a sid
					    if($row[type]==1){
						    $query .= ", ?"; //sid
					    }
					    else{
						    $query .= ", DEFAULT";
					    }
					    $query .= ", ?, ?, ?";
					    // socienty add a default comment
					    if($row[type]==2){
						    $query .= ", ?";// comment
					    }
					    else{
						    $query .= ", DEFAULT";
					    }
	
					    $query .= ");";
	
					    unset($atribs);
					    $atribs[]=$uid;
					    $atribs[]=$fields['username'];
					    $atribs[]=$fields['realname'];
					    $atribs[]=$fields['email'];
					    if($row[type]!=2){
						    $atribs[]=$fields['address'];
					    }
					    $atribs[]=$fields['phone'];
					    if($row[type]==1){
						    $atribs[]=$fields['studentid'];
					    }
					    $atribs[]=$row[type];
					    include_once("../lib/date.php");
					    $atribs[]=paidUntil(time());
					    $atribs[]=$uid;
					    if($row[type]==2){
						    $atribs[]="Contact name: ".$fields['contact'];
					    }
	
					    $responce = $sucsDB->Execute($query,$atribs);
					    // if somthing broke then email
					    if(!$responce){
						mail(
						    $error_email,
						    "Signup Error",
						    "Database problems for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
						    "From: \"SUCS Admin\" <admin@sucs.org>"
					    	);
						$failed=true;
					    }
					    else{
						    // if door card is connected to the signup slip move it to its proper home
						    if($row[card] != ''){
							    $query="INSERT INTO doorcards (uid,cardnumber) VALUES (?, ?);";
							    unset($atribs);
							    $atribs[0]=$uid;
							    $atribs[1]=$row[card];
							    $responce=$sucsDB->Execute($query,$atribs);
							    if(!$responce){
								    mail(
									    $error_email,
									    "Signup Error",
									    "Failed to migrate card details for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
									    "From: \"SUCS Admin\" <admin@sucs.org>"
								    );
							    }
						    } 

						    $logsmessage  = "New user '".$fields['username']."' has been created on SUCS\n";
						    $logsmessage .= "at: ".date("H:i ",mktime())." on ".date("l F jS Y", mktime())."\n";
						    $logsmessage .= "From: ".$_SERVER['REMOTE_ADDR']."\n";
						    $logsmessage .= "Useing signup id: ".$signupid."\n";
						    if($override){
							    $logsmessage .= "User ".$session->username." overrode validation.\n";
						    }
						    $logsmessage .= "Love The Signup System";
						    // DEV: CHANGE THIS EMAIL ADDRESS
						    mail(
							    "logs@sucs.org",
							    "User '".$fields['username']."' Created on SUCS",
							    $logsmessage,
							    "From: \"SUCS Admin\" <admin@sucs.org>"
						    );
                                                    mail(
                                                            "treasurer@sucs.org",
                                                            "User '".$fields['username']."' Created on SUCS",
                                                            $logsmessage,
                                                            "From: \"SUCS Admin\" <admin@sucs.org>"
                                                    );

						    $usermessage  = "Welcome to the Swansea University Computer Society!\n\n";
						    $usermessage .= "Your account details are:\n\n";
						    $usermessage .= "Username: ".$fields['username']."\n";
						    $usermessage .= "Password: ".$password."\n\n";
						    $usermessage .= "Wondering what to do next? Check out our Getting Started page: http://sucs.org/Getting%20Started or go right ahead and post on our forum at http://sucs.org/Community/Forum or join in the discussion on our chat system, Milliways: http://sucs.org/Community/Milliways\n\n";
						    $usermessage .= "Our weekly social is held in the coffee end JC's at 1:00 PM every Friday\n\n";
						    $usermessage .= "Before you use the SUCS computers or the computer room, please make sure you are familiar with the conditions of use and room rules at http://sucs.org/About/Regulations\n\n";
						    $usermessage .= "If you require help using the system, introductory guides are available at http://sucs.org/Knowledge\n\n";
						    $usermessage .= "If you have any trouble using the system, reply to this e-mail describing the nature of the problem and we'll look into it.\n\n";
						    $usermessage .= "We hope you enjoy your SUCS membership.\n\n";
						    $usermessage .= "Regards,\n\n";
						    $usermessage .= "Swansea University Computer Society";
						    if($fields['email']!=''){
							    $user_email=$fields['email'];
						    }
						    elseif($fields['studentid']!=''){
							    $user_email=$fields['studentid']."@swan.ac.uk";
						    }
						    else{
							    $user_email=FALSE;
						    }
						    if($user_email){
							mail(
							    $user_email,
							    "Your SUCS Account has been created!",
							    $usermessage,
							    "From: \"SUCS Admin\" <admin@sucs.org>"
							);
						    }
					    }
				    }
			    }
	
                            if ($row['type']!=2){	
			            $addtolist ="".$fields['email']."\n".$fields['studentid']."@swan.ac.uk";
                            }else{
				    $addtolist="".$fields['email']."\n"; //Societies don't have student email addresses
		            }
			    file_put_contents('/tmp/listadd.'.$fields['username'],$addtolist);
			    unset($execoutputarr);
			    exec(
				    $script_path.'listadd.apache '.
				    escapeshellarg($fields['username']).' '.
				    escapeshellarg($row[type]).
				    ' 2>&1',
				    $execoutputarr,
				    $ececreturn
			    );
			    if($execreturn!=0){
                                $execoutputstr=implode("\n",$execoutputarr);

                                mail(
                                    $error_email,
                                    "Error adding user to mailing lists from signup id: ".$signupid,
                                    $execoutputstr,
                                    "From: \"SUCS Admin\" <admin@sucs.org>"
                                );
                                $failed=true;
                            }

		    }
		    $smarty->assign("failed",$failed);
		    if($failed){
			    $errorreparray=$_POST;
			    unset($errorroparray[signuppw]);
			    $errorreparray[uid]=$uid;
			    $errorreport = "User input details:\n\n";
			    foreach ($errorreparray as $key => $value){
				    $errorreport .= $key.": ".$value."\n";
			    }
			    $errorreport .= "\nLove from the Signup System";
			    mail(
				    $error_email,
				    "Signup system error report",
				    $errorreport,
				    "From: \"SUCS Admin\" <admin@sucs.org>"
			    );
		    }
		    else{
			    $smarty->assign("username", $fields['username']);
			    $smarty->assign("password", $password);
			    $smarty->assign("email", $user_email);
		    }

		}
		else{
		    //re-show form
		    $script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
		    $script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
		    $smarty->assign("fields",$fields);
		    $smarty->assign("errors",$errors);
        	    $smarty->append('extra_scripts', $script);
                    $mode='re-form';	
		}
	    }
	    else{
		// display the form
                $script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
		$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
		$smarty->append('extra_scripts', $script);
		$mode='form';
	    }
	}
	else trigger_error("Signup ID already used",E_USER_WARNING);
    }
    else trigger_error("Invalid ID or Password", E_USER_WARNING);

}
//Set smarty Variables
$smarty->assign("mode", $mode);
$output =  $smarty->fetch("signup.tpl");

$smarty->assign("title", "Sign Up");
$smarty->assign("body", $output);

?>