You need to sign in or sign up before continuing.
Newer
Older
<?php
// e-mail, password validation functions
require_once("../lib/validation.php");
include_once("../lib/date.php");
// Some Constants
// These could possibly be moved somewhere saner?
define('GUESTNET_LOW','137.44.10.130'); // These could possibly be a set of ranges or a subnet which might be saner?
define('GUESTNET_HIGH','137.44.10.134'); // These could possibly be a set of ranges or a subnet which might be saner?
$sucsdbname = 'sucs'; // This was stored in config, I just don't have it here in the test
// Helper Functions
// Could these be moved to some kind of library?
// Set next payment date
$paydate = "Sept. ".(academicYear(time())+1);
// function to change a user's password
function changePassword ($oldpass, $newpass1, $newpass2) {
global $session;
if ($newpass1 !== $newpass2) {
// new passwords do not match!
trigger_error("New passwords do not match", E_USER_WARNING);
$reason = weakPassword($newpass1);
if ($reason !== FALSE) {
trigger_error("New password is weak: $reason", E_USER_WARNING);
return FALSE;
}
if (!($ldap = @ldap_connect("ldap://localhost"))) {
trigger_error("LDAP connect failed", E_USER_ERROR);
return FALSE;
}
if (!($ldapbind = ldap_bind($ldap, "uid=".$session->username.",ou=People,dc=sucs,dc=org",$oldpass))) {
trigger_error("Existing password incorrect", E_USER_WARNING);
ldap_close($ldap);
return FALSE;
}
// if everything looks OK, attempt to make the change
$success = ldap_mod_replace ($ldap, "uid=".$session->username.",ou=People,dc=sucs,dc=org",
array('userpassword' => "{SHA}".base64_encode(pack("H*", sha1($newpass1)))));
ldap_close($ldap);
return $success;
}
// function to update contact details
function changeContactDetails($address, $phone, $externalEmail) {
global $sucsDB, $session, $error;
// Do some kind of checking here
// Check valid email (do we have a function for this?
if (!validEmail($externalEmail))
return FALSE; // Valid Email handles errors itself
// Check valid phone number (do we have a function for this?)
if (empty($phone) || (strlen($phone) < 6)) {
trigger_error("You must have a contact phone number!", E_USER_WARNING);
return FALSE;
}
// Update
if ($sucsDB->Execute('UPDATE members SET address = ?,phone = ?, email = ?, lastupdate = now(), lastedit = uid WHERE username = ?',
array($address, $phone, $externalEmail, $session->username)) === FALSE) {
trigger_error("There was an error updating your contact details. Please contact admin.", E_USER_ERROR);
return FALSE;
}
return TRUE;
}
function changeGuestnetDetails($wiredMAC) {
global $sucsDB, $session, $error;
// Get UID as we don't have it yet
if(($uid = $sucsDB->GetOne("SELECt uid FROM members WHERE username = ?", array($session->username))) === FALSE) {
trigger_error("There was an error updating your GuestNET MAC Address. Please contact admin. (UID)", E_USER_ERROR);
return FALSE;
}
// Replace the guestnet record with the one with the new mac
if (!$sucsDB->Replace('guestnet', array('mac' => "'$wiredMAC'", 'uid' => $uid), 'uid')) {
trigger_error("There was an error updating your GuestNET MAC Address. Please contact admin. (QUERY)", E_USER_ERROR);
return FALSE;
}
exec('/usr/local/bin/update-dhcpd', $placeholder, $returnVar);
if ($returnVar == 0) {
return TRUE;
// $message[] = 'GuestNet MAC Address updated. Please wait a minute or two for the changes to take effect.';
} else {
trigger_error("There was an error updating your GuestNet Mac Address. Please contact admin. (RETURNVAR)", E_USER_ERROR);
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
return FALSE;
}
}
// Checks whether the given string mac address is valid
function isValidMACAddr($mac) {
// Put code here if needed
return TRUE;
}
// Returns the users GuestNet MAC Address if they have one and false otherwise
function getGuestNetMAC() {
$ip = trim($_SERVER['REMOTE_ADDR']);
// Sanity Check ip?
// Check we are in the correct ip range (unregistered GuestNET addresses)
if (ip2long($ip) && (ip2long($ip) >= ip2long(GUESTNET_LOW)) && (ip2long($ip) <= ip2long(GUESTNET_HIGH))) {
exec("sudo /usr/local/sbin/gw-copy-arp.sh", $placeholder, $returnVar);
if ($returnVar == 0) {
$arpLines = file('/tmp/gwarp');
foreach ($arpLines as $arpLine) {
$arpFields = preg_split('/[\s\t\n]+/', $arpLine);
if ($arpFields[0] == $ip) {
// Perhaps do some checking on the mac here?
if (isValidMACAddr($arpFields[3]))
return $arpFields[3];
else
break;
}
}
}
// We didn't find their mac address :\
trigger_error("There was an error finding your MAC Address. Please contact admin.", E_USER_ERROR);
return FALSE;
} else {
return FALSE;
}
}
// Delete the user's hackergotchi file cause they've decided they're too embarrassed by it
function clearHackergotchi() {
global $session;
$imagefilepath = hackergotchiPath($session->username);
if (unlink($imagefilepath)) {
return true;
} else {
trigger_error("Unable to remove hackergotchi file", E_USER_ERROR);
return false;
}
}
// construct the filesystem path to a user's hackergotchi picture
function hackergotchiPath($username) {
global $base;
$path = $base."htdocs/pictures/people/".$username.".png";
return $path;
}
// Takes an entry from $_FILES and makes this the new hackergotchi
function updateHackergotchi($fileDetails) {
global $session;
if ( ((list($width, $height, $type, $attr) = @getimagesize($fileDetails['tmp_name'])) !== false)) {
if ($type != IMAGETYPE_PNG) {
trigger_error("Uploaded hackergotchi is not in PNG format. Please convert your image to PNG and try again.", E_USER_ERROR);
return FALSE;
} else if (($width > 128) || ($height > 128)) {
trigger_error("Uploaded hackergotchi is too large. Hackergotchis must be 128x128 pixels or smaller.", E_USER_ERROR);
return FALSE;
}
$imagefilepath = hackergotchiPath($session->username);
// Move uploaded hackergotchi into place
if( move_uploaded_file($fileDetails['tmp_name'], $imagefilepath) && chmod($imagefilepath, 0644) ) {
return TRUE;
}
// We should have returned True by now
trigger_error("There was an error updating your hackergotchi. Please contact admin.", E_USER_ERROR);
Graham Cole
committed
function changeBlogFeed($type, $feed, $syndicate) {
global $sucsDB, $session, $smarty;
if ($type == "sucs") {
$feed="http://sucs.org/blog/feed/atom/".$session->username;
}
if ($syndicate=="on") {
$syndicate = "t";
} else {
$syndicate = "f";
}
Graham Cole
committed
// try to read up to 100KB of the provided feed uri
if (@file_get_contents($feed,FALSE,null,0,100000) == FALSE) {
trigger_error("Unable to read from provided blog feed URL", E_USER_WARNING);
return FALSE;
}
Graham Cole
committed
if ($sucsDB->Execute("UPDATE members SET blogfeed=?,syndicateblog=? WHERE username=?",
array($feed, $syndicate, $session->username)) == FALSE) {
return FALSE;
}
Graham Cole
committed
Graham Cole
committed
include("planetconfig.php");
return TRUE;
}
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
function updateRenew() {
global $sucsDB, $session, $error;
global $paydate;
if (!isset($_REQUEST['userid']) || !isset($_REQUEST['supass'])) {
trigger_error("Invalid renewal info", E_USER_ERROR);
return FALSE;
}
$userid = (int)$_REQUEST['userid'];
$pass = $_REQUEST['supass'];
$member = $sucsDB->GetRow("select * from members left join member_type on members.type=member_type.id where username='".$session->username."'");
$signup = $sucsDB->GetRow("select * from signup where id=?", array($userid));
if (!is_array($signup) || count($signup) < 1) {
trigger_error("Invalid renewal info", E_USER_ERROR);
return FALSE;
}
if ($signup['password'] != $pass) {
trigger_error("Invalid renewal info", E_USER_ERROR);
return FALSE;
}
if ($signup['activated'] != NULL) {
trigger_error("Signup slip already used", E_USER_ERROR);
return FALSE;
}
$sucsDB->Execute("update members set paid=?, lastupdate=DEFAULT, lastedit=uid where uid=?", array($paydate, $member['uid']));
$sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
return TRUE;
}
// Template Setup
$smarty->assign('session', $session);
if ($session->loggedin === TRUE) {
$sucsDB = NewADOConnection('postgres8');
$sucsDB->Connect('dbname='.$sucsdbname.' user=apache');
$sucsDB->SetFetchMode(ADODB_FETCH_ASSOC);
Graham Cole
committed
// $sucsDB->debug = true;
$newGuestNetMAC = getGuestNetMAC();
// Handle Postbacks
if (isset($_POST['action'])) {
switch($_POST['action']) {
case 'changepass' :
if (changePassword($_POST['oldpass'], $_POST['newpass1'], $_POST['newpass2'])) {
message_flash('Password changed.');
} else {
// Should we log something here for bug trcaking use?
trigger_error("Password change failed.", E_USER_WARNING);
}
break;
case 'changecontact' :
if(changeContactDetails($_POST['address'], $_POST['phone'], $_POST['email'])) {
message_flash('Contact Details Updated.');
}
break;
case 'changeguestnet' :
if(changeGuestNetDetails($newGuestNetMAC)) {
message_flash('GuestNet Details Updated!');
}
break;
case 'updatehackergotchi' :
if (updateHackergotchi($_FILES['hackergotchi'])) {
message_flash('Hackergotchi Updated');
}
break;
case 'clearhackergotchi' :
if (clearHackergotchi()) {
message_flash('Hackergotchi Cleared');
Graham Cole
committed
case 'changeblogfeed' :
if (changeBlogFeed($_POST['blogtype'], $_POST['bloguri'], $_POST['syndicateblog'])){
message_flash("Blog Feed Updated");
Graham Cole
committed
} else {
trigger_error("Blog Feed has not been updated", E_USER_NOTICE);
Graham Cole
committed
}
break;
case 'renew' :
if (updateRenew()) {
message_flash('Account renewed');
}
break;
}
}
// Display Details
// Some checking could be done here to ensure we have a members record. Ideally we should
// be able to assume this though if they are logged in.
if (is_file($base."htdocs/pictures/people/".$session->username.".png")) $smarty->assign('hackergotchi', TRUE);
$member = $sucsDB->GetRow("select * from members left join member_type on members.type=member_type.id where username='".$session->username."'");
$smarty->assign('paydate', $paydate);
if(($currentGuestNetMAC = $sucsDB->GetOne('SELECT * FROM guestnet WHERE uid=?', array((int)$member['uid']))) !== FALSE) {
$smarty->assign('currentGuestNetMAC', $currentGuestNetMAC);
} else {
$smarty->assign('currentGuestNetMAC', '');
}
if (($newGuestNetMAC !== false) && ($newGuestNetMAC != $currentGuestNetMAC)) {
$smarty->assign('newGuestNetMAC', $newGuestNetMAC);
}
Graham Cole
committed
// connect to Blog DB to see if user has a SUCS blog
require_once("/usr/share/php/adodb/adodb.inc.php");
Graham Cole
committed
$BlogDB = NewADOConnection('postgres8');
$BlogDB->Connect('dbname=blogs user=apache');
Graham Cole
committed
$BlogDB->SetFetchMode(ADODB_FETCH_ASSOC);
require_once('../lib/blog/validation.lib.php');
if (blogger($session->username)) {
$smarty->assign("sucsblogger", TRUE);
$feed="http://sucs.org/blog/feed/atom/".$session->username;
if ($member['blogfeed'] == $feed) {
$smarty->assign("sucsblogfeed", TRUE);
}
}
// change postgresql boolean to PHP boolean
if ($member['syndicateblog'] == 't') {
$member['syndicateblog'] = true;
} else {
$member['syndicateblog'] = false;
}
$smarty->assign('member', $member);
}
$smarty->assign('url', $component['path']);
$result = $smarty->fetch('options.tpl');
$smarty->assign('title', "Options");
$smarty->assign('body', $result);
?>