<?php
//ob_start();
//include("../member/signup.php");
//$output = ob_get_contents();
//ob_end_clean();
//
// -------------------------------------------------------------
// DEV: CHANGE THIS FOR DEV MODE
// -------------------------------------------------------------
//$script_path="/home/member/eclipse/signuptests/";
$script_path = "sudo /usr/local/sbin/";
// DEV: CHNAGE THIS FOR DEV MODE
//$error_email="eclipse@sucs.org";
$error_email = "admin@sucs.org";
$override_permission = "sucsstaff";
// is the validation (mostly) overridable
$overridable = isset($session->groups[$override_permission]);
// ------------------------------------------------
// DEV: UNCOMMENT THIS FOR DEV MODE
// ------------------------------------------------
//$overridable=true;
//set defaults
$mode = 'login';
//login
if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) {
//set signup details
$signupid = $_REQUEST['signupid'];
$signuppw = $_REQUEST['signuppw'];
//$sucsDB->debug = true;
// get row(s)
$query = "SELECT * FROM signup WHERE id=? AND password=?";
$array = array($signupid, $signuppw);
$data = $sucsDB->GetAll($query, $array);
// if data was returned and it was exactly 1 row
if (is_array($data) && sizeof($data) == 1) {
$row = $data[0];
// if the id hasnt already been used
if (!(isset($row[activated]) && isset($row[username]))) {
// pass on the id and passwd and id the validation is overridable
$smarty->assign("signupid", $signupid);
$smarty->assign("signuppw", $signuppw);
// pass on the student id if it exists
if (isset($_REQUEST['signupsid'])) {
$smarty->assign("signupsid", $signupsid);
}
$smarty->assign("overridable", $overridable);
$smarty->assign("usertype", $row[type]);
// if accepting the form
if (isset($_REQUEST['username']) && isset($_REQUEST['realname']) && isset($_REQUEST['email']) && isset($_REQUEST['phone'])) {
require_once("../lib/validation.php");
$override = $overridable && (isset($_POST['override']) && $_POST['override'] == "on");
$valid = true;
$errors = array();
$fields = array();
if (!validUsername($_REQUEST['username'])) {
$valid = false;
$errors['username'] = $error;
}
$fields['username'] = $_REQUEST['username'];
if (!(validSignupEmail($_REQUEST['email']) || $override)) {
$valid = false;
$errors['email'] = $error;
}
$fields['email'] = $_REQUEST['email'];
if (!(validPhone($_REQUEST['phone']) || $override)) {
$valid = false;
$errors['phone'] = $error;
}
$fields['phone'] = sanitizePhone($_REQUEST['phone']);
if ($row[type] != 2) {
if (!(validAddress($_REQUEST['address']) || $override)) {
$valid = false;
$errors['address'] = $error;
}
$fields['address'] = sanitizeAddress($_POST['address']);
if (!validName($_REQUEST['realname'], $override)) {
$valid = false;
$errors['realname'] = $error;
}
$fields['realname'] = $_REQUEST['realname'];
} else {
if (!(validName($_REQUEST['contact'], false) || $override)) {
$valid = false;
$errors['contact'] = $error;
}
$fields['contact'] = $_REQUEST['contact'];
if (!validName($_REQUEST['realname'], $override)) {
$valid = false;
$errors['realname'] = $error;
}
$fields['realname'] = $_REQUEST['realname'];
}
if ($row[type] == 1) {
if (!validSID($_REQUEST['studentid'], $override)) {
$valid = false;
$errors['studentid'] = $error;
}
$fields['studentid'] = $_REQUEST['studentid'];
}
if ($valid) {
// include membership adding functions
require_once("../lib/member_functions.php");
$mode = 'result';
$failed = false;
// invalidate signup slip
$query = "UPDATE signup SET sid=?, username=?, activated=now() WHERE id=?";
unset($atribs);
$atribs[0] = $fields['studentid'];
$atribs[1] = $fields['username'];
$atribs[2] = $signupid;
$responce = $sucsDB->Execute($query, $atribs);
if (!$responce) {
mail(
$error_email,
"Signup Error",
"Unable to invalidate signup slip: " . $signupid . "\nAborting\nError message:\n" . $sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed = true;
} else {
//generate the new uid
$uid = generateUid();
// make a password
$password = make_password();
// make the ldif
$ldif = generateLdif($uid, $password, $row[type], $fields['realname'], $fields['username']);
// write ldif file
file_put_contents('/tmp/useradd.' . $fields['username'] . '.ldif', $ldif);
exec(
$script_path . 'useradd.apache ' .
escapeshellarg($fields['username']) . ' ' .
escapeshellarg($fields['studentid']) . ' ' .
escapeshellarg($fields['email']) .
' 2>&1',
$execoutputarr,
$execreturn
);
if ($execreturn != 0) {
$execoutputstr = implode("\n", $execoutputarr);
mail(
$error_email,
"Error creating user for signup id: " . $signupid,
$execoutputstr,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed = true;
}
// DEV: STICK THIS FOR DEV
if (posix_getpwnam($fields['username'])) {
$query = "SELECT count(*) from members where username = ?";
$data = $sucsDB->GetAll($query, array($fields['username']));
if ($data[0]['count'] != 0) {
mail(
$error_email,
"Signup Error",
"User " . $fields['username'] . " already exists in the databse, THIS SHOULD NEVER HAPPEN\n Love the signup system.\n\nP.S. the signup id is: " . $signupid,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed = true;
} else {
$query = "INSERT INTO members (";
$query .= "uid, username, realname, email, address, phone, sid, type, paid, lastedit, comments";
$query .= ") values (";
$query .= "?, ?, ?, ?";
// if its a soc then it has no address
if ($row[type] != 2) {
$query .= ", ?"; //address
} else {
$query .= ", DEFAULT"; //address
}
$query .= ", ?"; //phone
// only student had a sid
if ($row[type] == 1) {
$query .= ", ?"; //sid
} else {
$query .= ", DEFAULT";
}
$query .= ", ?, ?, ?";
// socienty add a default comment
if ($row[type] == 2) {
$query .= ", ?";// comment
} else {
$query .= ", DEFAULT";
}
$query .= ");";
unset($atribs);
$atribs[] = $uid;
$atribs[] = $fields['username'];
$atribs[] = $fields['realname'];
$atribs[] = $fields['email'];
if ($row[type] != 2) {
$atribs[] = $fields['address'];
}
$atribs[] = $fields['phone'];
if ($row[type] == 1) {
$atribs[] = $fields['studentid'];
}
$atribs[] = $row[type];
include_once("../lib/date.php");
$atribs[] = paidUntil(time());
$atribs[] = $uid;
if ($row[type] == 2) {
$atribs[] = "Contact name: " . $fields['contact'];
}
$responce = $sucsDB->Execute($query, $atribs);
// if somthing broke then email
if (!$responce) {
mail(
$error_email,
"Signup Error",
"Database problems for signup id: " . $signupid . "\nError message:\n" . $sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed = true;
} else {
// if door card is connected to the signup slip move it to its proper home
if ($row[card] != '') {
$query = "INSERT INTO doorcards (uid,cardnumber) VALUES (?, ?);";
unset($atribs);
$atribs[0] = $uid;
$atribs[1] = $row[card];
$responce = $sucsDB->Execute($query, $atribs);
if (!$responce) {
mail(
$error_email,
"Signup Error",
"Failed to migrate card details for signup id: " . $signupid . "\nError message:\n" . $sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
}
$logsmessage = "New user '" . $fields['username'] . "' has been created on SUCS\n";
$logsmessage .= "at: " . date("H:i ", time()) . " on " . date("l F jS Y", time()) . "\n";
$logsmessage .= "From: " . $_SERVER['REMOTE_ADDR'] . "\n";
$logsmessage .= "Using signup id: " . $signupid . "\n";
if ($override) {
$logsmessage .= "User " . $session->username . " overrode validation.\n";
}
$logsmessage .= "Love The Signup System";
// DEV: CHANGE THIS EMAIL ADDRESS
mail(
"logs@sucs.org",
"User '" . $fields['username'] . "' Created on SUCS",
$logsmessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
mail(
"treasurer@sucs.org",
"User '" . $fields['username'] . "' Created on SUCS",
$logsmessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$usermessage = "Welcome to the Swansea University Computer Society!\n\n";
$usermessage .= "Your account details are:\n\n";
$usermessage .= "Username: " . $fields['username'] . "\n";
$usermessage .= "Password: " . $password . "\n\n";
$usermessage .= "Wondering what to do next? Check out our Getting Started page: http://sucs.org/Getting%20Started or go right ahead and post on our forum at http://sucs.org/Community/Forum or join in the discussion on our chat system, Milliways: http://sucs.org/Community/Milliways\n\n";
$usermessage .= "Our weekly social is held in the coffee end JC's at 1:00 PM every Wednesday\n\n";
$usermessage .= "Before you use the SUCS computers or the computer room, please make sure you are familiar with the conditions of use and room rules at http://sucs.org/About/Regulations\n\n";
$usermessage .= "If you require help using the system, introductory guides are available at http://sucs.org/Knowledge\n\n";
$usermessage .= "If you have any trouble using the system, reply to this e-mail describing the nature of the problem and we'll look into it.\n\n";
$usermessage .= "We hope you enjoy your SUCS membership.\n\n";
$usermessage .= "Regards,\n\n";
$usermessage .= "Swansea University Computer Society";
if ($fields['email'] != '') {
$user_email = $fields['email'];
} elseif ($fields['studentid'] != '') {
$user_email = $fields['studentid'] . "@swan.ac.uk";
} else {
$user_email = FALSE;
}
if ($user_email) {
mail(
$user_email,
"Your SUCS Account has been created!",
$usermessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
}
}
}
//Wrong logic, only students have student email addresses ~imranh
if ($row['type'] == 1) {
$addtolist = "" . $fields['email'] . "\n" . $fields['studentid'] . "@swan.ac.uk";
} else {
$addtolist = "" . $fields['email'] . "\n"; //Societies don't have student email addresses
}
file_put_contents('/tmp/listadd.' . $fields['username'], $addtolist);
unset($execoutputarr);
exec(
$script_path . 'listadd.apache ' .
escapeshellarg($fields['username']) . ' ' .
escapeshellarg($row[type]) .
' 2>&1',
$execoutputarr,
$execreturn
);
if ($execreturn != 0) {
$execoutputstr = implode("\n", $execoutputarr);
mail(
$error_email,
"Error adding user to mailing lists from signup id: " . $signupid,
$execoutputstr . $execreturn,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed = true;
}
exec($script_path . 'printeradd.apache ' . escapeshellarg($fields['username']));
}
$smarty->assign("failed", $failed);
if ($failed) {
$errorreparray = $_POST;
unset($errorroparray[signuppw]);
$errorreparray[uid] = $uid;
$errorreport = "User input details:\n\n";
foreach ($errorreparray as $key => $value) {
$errorreport .= $key . ": " . $value . "\n";
}
$errorreport .= "\nLove from the Signup System";
mail(
$error_email,
"Signup system error report",
$errorreport,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
} else {
$smarty->assign("username", $fields['username']);
$smarty->assign("password", $password);
$smarty->assign("email", $user_email);
}
} else {
//re-show form
$script = "<script language='javascript' type='text/javascript' src='" . $baseurl . "/js/jquery.js'></script>\n";
$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
$smarty->assign("fields", $fields);
$smarty->assign("errors", $errors);
$smarty->append('extra_scripts', $script);
$mode = 're-form';
}
} else {
// display the form
$script = "<script language='javascript' type='text/javascript' src='" . $baseurl . "/js/jquery.js'></script>\n";
$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
$smarty->append('extra_scripts', $script);
$mode = 'form';
}
} else trigger_error("Signup ID already used", E_USER_WARNING);
} else trigger_error("Invalid ID or Password", E_USER_WARNING);
}
//Set smarty Variables
$smarty->assign("mode", $mode);
$output = $smarty->fetch("signup.tpl");
$smarty->assign("title", "Sign Up");
$smarty->assign("body", $output);
?>