diff --git a/components/signup.php b/components/signup.php
index 93c395e6fa4891009d970a80ee6f55c4aedc8a92..4f53b721e3166d476d14f73098e14b42b3376e58 100644
--- a/components/signup.php
+++ b/components/signup.php
@@ -11,11 +11,20 @@
$script_path="/home/member/eclipse/signuptests/";
+// TODO: SET THIS TO admin@sucs.org BEFORE DEPLOYING
+$error_email="eclipse@sucs.org";
+
$override_permission="staff";
// is the validation (mostly) overridable
$overridable=isset($session->groups[$permission]);
+// ------------------------------------------------
+// TODO: REMOVE THE FOLLOWING LINE BEFORE DEPLOYING
+// ------------------------------------------------
+
+$overridable=true;
+
//set defaults
$mode = 'login';
@@ -26,6 +35,7 @@ if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
$signuppw = $_REQUEST['signuppw'];
// connect to sucs database
$sucsDB = NewADOConnection('postgres8');
+ //$sucsDB->debug = true;
// -------------------------------------------------
// TODO: CHANGE THIS TO dbname=sucs BEFORE DEPLOYING
@@ -69,13 +79,13 @@ if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
$valid=false;
$errors['phone']=$error;
}
- $fields['phone']=$_REQUEST['phone'];
+ $fields['phone']=sanitizePhone($_REQUEST['phone']);
if($row[type]!=2){
if(!(validAddress($_REQUEST['address']) || $override)){
$valid=false;
$errors['address']=$error;
}
- $fields['address']=$_POST['address'];
+ $fields['address']=sanitizeAddress($_POST['address']);
if(!validRealName($_REQUEST['realname'],$override)){
$valid=false;
$errors['realname']=$error;
@@ -106,42 +116,213 @@ if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
// include membership adding functions
require_once("../lib/member_functions.php");
$mode='result';
- // determine the uid range
- if($row[type]==2){
- $baseuid=8;
+ $failed=false;
+
+ // invalidate signup slip
+ $query = "UPDATE signup SET sid=?, username=?, activated=now() WHERE id=?";
+
+ $unset($atribs);
+ $atribs[0]=$fields['studentid'];
+ $atribs[1]=$fields['username'];
+ $atribs[2]=$signupid;
+ $responce = $sucsDB->Execute($query,$atribs);
+ if(!$responce){
+ mail(
+ $error_email,
+ "Signup Error",
+ "Unable to invalidate signup slip: ".$signupid."\nAborting\nError message:\n".$sucsDB->ErrorMsg(),
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ $failed=true;
}
- else{
- $baseuid=28;
+ else{
+ // determine the uid range
+ if($row[type]==2){
+ $baseuid=8;
+ }
+ else{
+ $baseuid=28;
+ }
+ $minuid=$baseuid*1000;
+ $maxuid=$minuid+999;
+ //get the new uid
+ $uid=findUid($minuid,$maxuid);
+ // make a password
+ $password=make_password();
+ // make the ldif
+ $ldif=generateLdif($uid,$password,$row[type],$fields['realname'],$fields['username']);
+ // write ldif file
+ file_put_contents('/tmp/useradd.'.$fields['username'].'.ldif',$ldif);
+ exec(
+ $script_path.'useradd.apache '.
+ escapeshellarg($fields['username']).' '.
+ escapeshellarg($fields['studentid']).' '.
+ escapeshellarg($fields['email']),
+ $execoutputarr,
+ $execreturn
+ );
+ if($execreturn!=0){
+ $execoutputstr=implode("\n",$execoutputarr);
+
+ mail(
+ $error_email,
+ "Error creating user for signup id: ".$signupid,
+ $execoutputstr,
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ $failed=true;
+ }
+ // TODO: UNSTICK THIS BEFORE DEPLOYING
+ if(posix_getpwnam($fields['username']) || true){
+ $query="SELECT count(*) from members where username = ?";
+ $data = $sucsDB->GetAll($query,array($fields['username']));
+ if($data[0]['count']!=0){
+ mail(
+ $error_email,
+ "Signup Error",
+ "User ".$fields['username']." already exsists in the databse, THIS SHOULD NEVER HAPPERN\n Love the signup system.\n\nP.S. the signup id is: ".$signupid,
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ $failed=true;
+ }
+ else{
+ $query = "INSERT INTO members (";
+ $query .= "uid, username, realname, email, address, phone, sid, type, paid, lastedit, comments";
+ $query .= ") values (";
+ $query .= "?, ?, ?, ?";
+ // if its a soc then it has no address
+ if($row[type]!=2){
+ $query .= ", ?"; //address
+ }
+ else{
+ $query .= ", DEFAULT"; //address
+ }
+ $query .= ", ?"; //phone
+ // only student had a sid
+ if($row[type]==1){
+ $query .= ", ?"; //sid
+ }
+ else{
+ $query .= ", DEFAULT";
+ }
+ $query .= ", ?, ?, ?";
+ // socienty add a default comment
+ if($row[type]==2){
+ $query .= ", ?";// comment
+ }
+ else{
+ $query .= ", DEFAULT";
+ }
+
+ $query .= ");";
+
+ unset($atribs);
+ $atribs[]=$uid;
+ $atribs[]=$fields['username'];
+ $atribs[]=$fields['realname'];
+ $atribs[]=$fields['email'];
+ if($row[type]!=2){
+ $atribs[]=$fields['address'];
+ }
+ $atribs[]=$fields['phone'];
+ if($row[type]==1){
+ $atribs[]=$fields['studentid'];
+ }
+ $atribs[]=$row[type];
+ include_once("../lib/date.php");
+ $atribs[]=paidUntil(time());
+ $atribs[]=$uid;
+ if($row[type]==2){
+ $atribs[]="Contact name: ".$fields['contact'];
+ }
+
+ $responce = $sucsDB->Execute($query,$atribs);
+ // if somthing broke then email
+ if(!$responce){
+ mail(
+ $error_email,
+ "Signup Error",
+ "Database problems for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ $failed=true;
+ }
+ else{
+ // if door card is connected to the signup slip move it to its proper home
+ if($row[card] != ''){
+ $query="INSERT INTO doorcards (uid,cardnumber) VALUES (?, ?);";
+ unset($atribs);
+ $atribs[0]=$uid;
+ $atribs[1]=$row[card];
+ $responce=$sucsDB->Execute($query,$atribs);
+ if(!$responce){
+ mail(
+ $error_email,
+ "Signup Error",
+ "Failed to migrate card details for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ }
+ }
+
+ $logsmessage = "New user '".$fields['username']." has been created on SUCS\n";
+ $logsmessage .= "at: ".date("H:i ",mktime())." on ".date("l F jS Y", mktime())."\n";
+ $logsmessage .= "From: ".$_SERVER['REMOTE_ADDR']."\n";
+ $logsmessage .= "Useing signup id: ".$signupid."\n";
+ if($override){
+ $logsmessage .= "User ".$session->username." overrode validation.\n";
+ }
+ $logsmessage .= "Love The Signup System";
+ // TODO: CHNAGE THIS TO logs@sucs.org BEFORE DEPLOYING
+ mail(
+ "eclipse@sucs.org",
+ "User '".$fields['username']."' Created on SUCS",
+ $logsmessage,
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ $usermessage = "Welcome to the Swansea University Computer Society!\n\n";
+ $usermessage .= "Your account details are:\n\n";
+ $usermessage .= "Username: ".$fields['username']."\n";
+ $usermessage .= "Password: ".$password."\n\n";
+ $usermessage .= "Wondering what to do next? Check out our Getting Started page: http://sucs.org/Getting%20Started or go right ahead and post on our forum at http://sucs.org/Community/Forum or join in the discussion on our chat system, Milliways: http://sucs.org/Community/Milliways\n\n";
+ $usermessage .= "Before you use the SUCS computers or the computer room, please make sure you are familiar with the conditions of use and room rules at http://sucs.org/About/Regulations\n\n";
+ $usermessage .= "If you require help using the system, introductory guides are available at http://sucs.org/Knowledge\n\n";
+ $usermessage .= "If you have any trouble using the system, reply to this e-mail describing the nature of the problem and we'll look into it.\n\n";
+ $usermessage .= "We hope you enjoy your SUCS membership.\n\n";
+ $usermessage .= "Regards,\n\n";
+ $usermessage .= "Swansea University Computer Society";
+ if($fields['email']=''){
+ $user_email=$fields['studentid']."@swan.ac.uk";
+ }
+ else{
+ $user_email=$fields['email'];
+ }
+ mail(
+ $user_email,
+ "Your SUCS Account has been created!",
+ $usermessage,
+ "From: \"SUCS Admin\" <admin@sucs.org>"
+ );
+ }
+ }
+ }
+
+
+ $addtolist ="".$fields['email']."\n".$fields['studentid']."@swan.ac.uk";
+ file_put_contents('/tmp/listadd.'.$fields['username'],$addtolist);
+ system(
+ $script_path.'listadd.apache '.
+ escapeshellarg($fields['username'])
+ );
}
- $minuid=$baseuid*1000;
- $maxuid=$minuid+999;
- //get the new uid
- $uid=findUid($minuid,$maxuid);
- // make a password
- $password=make_password();
- // make the ldif
- $ldif=generateLdif($uid,$password,$row[type],$_POST['realname'],$_POST['username']);
- // write ldif file
- file_put_contents('/tmp/useradd.'.$_POST['username'].'.ldif',$ldif);
- system(
- $script_path.'useradd.apache '.
- sh_escape($_POST['username']).' '.
- sh_escape($_POST['studentid']).' '.
- sh_escape($_POST['email'])
- );
-
- $addtolist ="".$_POST['email']."\n".$_POST['studentid']."@swan.ac.uk";
- file_put_contents('/tmp/listadd.'.$_POST['username'],$addtolist);
- system(
- $script_path.'listadd.apache '.
- sh_escape($_POST['username'])
- );
-
- //TODO: add membership add code here
+
+
+ //TODO: REMOVE THIS BEFORE DEPLOYING
$_POST[uid]=$uid;
$_POST[password]=$password;
$_POST[ldif]=$ldif;
$smarty->assign("post",$_POST);
+ // TODO: ADD OUTPUT DATA
}
diff --git a/lib/member_functions.php b/lib/member_functions.php
index b12198e66ffc0f31d97a291c6281d81e1dc8e5ba..bc92f7fd9504c543a6745f96a799cb510f7a8256 100644
--- a/lib/member_functions.php
+++ b/lib/member_functions.php
@@ -1,11 +1,4 @@
<?
-//Escape spaces in a shell command
-function sh_escape($text)
-{
- $text = escapeshellcmd($text);
- return str_replace(' ', '\ ', $text);
-}
-
function make_password($length=8)
{
$vowels = "aeiouy";
@@ -90,6 +83,10 @@ function generateLdif($uid, $password, $type, $realname, $username){
$gid=113;
$homebase="society";
}
+ elseif($type==5){
+ $gid=100;
+ $homebase="alumni";
+ }
else {
$gid=100;
$homebase="member";