signup.php

<?php
//ob_start();
//include("../member/signup.php");
//$output = ob_get_contents();
//ob_end_clean();
//

// -------------------------------------------------------------
// TODO: CHANGE THIS TO "sudo /usr/local/sbin/" DEFORE DEPLOYING
// -------------------------------------------------------------

$script_path="/home/member/eclipse/signuptests/";

//set defaults
$mode = 'login';

//login
if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
    //set signup details
    $signupid = $_REQUEST['signupid'];
    $signuppw = $_REQUEST['signuppw'];
    // connect to sucs database
    $sucsDB = NewADOConnection('postgres8');

    // -------------------------------------------------
    // TODO: CHANGE THIS TO dbname=sucs BEFORE DEPLOYING
    // -------------------------------------------------
    $sucsDB->Connect('dbname=eclipse');


    $sucsDB->SetFetchMode(ADODB_FETCH_ASSOC);
    // get row(s)
    $query = "SELECT * FROM signup WHERE id=? AND password=?";
    $array = array($signupid,$signuppw);
    $data = $sucsDB->GetAll($query,$array);
    // if data was returned and it was exactly 1 row
    if(is_array($data)&&sizeof($data)==1){
	$row=$data[0];
	// if the id hasnt already been used
	if(!(isset($row[activated])&&isset($row[username]))){
	    // pass on the id and passwd
	    $smarty->assign("signupid",$signupid);
	    $smarty->assign("signuppw",$signuppw);
	    $smarty->assign("usertype",$row[type]);
	    // if accepting the form
	    if(isset($_REQUEST['username']) && isset($_REQUEST['realname']) && isset($_REQUEST['email']) && isset($_REQUEST['phone'])){
		require_once("../lib/validation.php");
		$valid=true;
		$errors=array();
		$fields=array();
		if(!validUsername($_REQUEST['username'])){
		    $valid=false;
		    $errors['username']=$error;
		}
		$fields['username']=$_REQUEST['username'];
		if(!validSignupEmail($_REQUEST['email'])){
		    $valid=false;
		    $errors['email']=$error;
		}
		$fields['email']=$_REQUEST['email'];
		if(!validPhone($_REQUEST['phone'])){
		    $valid=false;
		    $errors['phone']=$error;
		}
		$fields['phone']=$_REQUEST['phone'];
		if($row[type]!=2){
		    if(!validAddress($_REQUEST['address'])){
			$valid=false;
			$errors['address']=$error;
		    }
		    $fields['address']=$_POST['address'];
		    if(!validRealName($_REQUEST['realname'])){
			$valid=false;
			$errors['realname']=$error;
		    }
		    $fields['realname']=$_REQUEST['realname'];
		}
		else{
		    if(!validRealName($_REQUEST['contact'])){
			$valid=false;
			$errors['contact']=$error;
		    }
		    $fields['contact']=$_REQUEST['contact'];
		    if(!validSocName($_REQUEST['realname'])){
			$valid=false;
			$errors['realname']=$error;
		    }
		    $fields['realname']=$_REQUEST['realname'];
		}
		if($row[type]==1){
			if(!validSID($_REQUEST['studentid'])){
			    $valid=false;
			    $errors['studentid']=$error;
			}
			$fields['studentid']=$_REQUEST['studentid'];
		}

		if($valid){
		    // include membership adding functions
		    require_once("../lib/member_functions.php");
		    $mode='result';
		    // determine the uid range
		    if($row[type]==2){
			    $baseuid=8;
		    }
		    else{
			    $baseuid=28;
		    }
		    $minuid=$baseuid*1000;
		    $maxuid=$minuid+999;
		    //get the new uid
		    $uid=findUid($minuid,$maxuid);
		    // make a password
		    $password=make_password();
		    // make the ldif
		    $ldif=generateLdif($uid,$password,$row[type],$_POST['realname'],$_POST['username']);
		    // write ldif file
		    file_put_contents('/tmp/useradd.'.$_POST['username'].'.ldif',$ldif);
		    system(
			    $script_path.'useradd.apache '.
			    sh_escape($_POST['username']).' '.
			    sh_escape($_POST['studentid']).' '.
			    sh_escape($_POST['email'])
		    );

	            $addtolist ="".$_POST['email']."\n".$_POST['studentid']."@swan.ac.uk";
	            file_put_contents('/tmp/listadd.'.$_POST['username'],$addtolist);
		    system(
			    $script_path.'listadd.apache '.
			    sh_escape($_POST['username'])
		    );

		    //TODO: add membership add code here
		    $_POST[uid]=$uid;
		    $_POST[password]=$password;
		    $_POST[ldif]=$ldif;
		    $smarty->assign("post",$_POST);
		    

		}
		else{
		    //re-show form
		    $script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
		    $script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
		    $smarty->assign("fields",$fields);
		    $smarty->assign("errors",$errors);
        	    $smarty->append('extra_scripts', $script);
                    $mode='re-form';	
		}
	    }
	    else{
		// display the form
                $script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
		$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
		$smarty->append('extra_scripts', $script);
		$mode='form';
	    }
	}
	else trigger_error("Signup ID already used",E_USER_WARNING);
    }
    else trigger_error("Invalid ID or Password", E_USER_WARNING);

}
//Set smarty Variables
$smarty->assign("mode", $mode);
$output =  $smarty->fetch("signup.tpl");

$smarty->assign("title", "Sign Up");
$smarty->assign("body", $output);

?>