alomst finished signup system, all the logic is there, just need to be made to...

alomst finished signup system, all the logic is there, just need to be made to look nice and the deplyment TODOs followed

alomst finished signup system, all the logic is there, just need to be made to...
d323c35b · Tim Clark · afd3fa25 · d323c35b · d323c35b
Commit d323c35b authored 15 years ago by Tim Clark
--- a/components/signup.php
+++ b/components/signup.php
@@ -11,11 +11,20 @@
 $script_path="/home/member/eclipse/signuptests/";
+// TODO: SET THIS TO admin@sucs.org BEFORE DEPLOYING
+$error_email="eclipse@sucs.org";
 $override_permission="staff";
 // is the validation (mostly) overridable
 $overridable=isset($session->groups[$permission]);
+// ------------------------------------------------
+// TODO: REMOVE THE FOLLOWING LINE BEFORE DEPLOYING
+// ------------------------------------------------
+$overridable=true;
 //set defaults
 $mode = 'login';
@@ -26,6 +35,7 @@ if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
    $signuppw = $_REQUEST['signuppw'];
    // connect to sucs database
    $sucsDB = NewADOConnection('postgres8');
+    //$sucsDB->debug = true;
    // -------------------------------------------------
    // TODO: CHANGE THIS TO dbname=sucs BEFORE DEPLOYING
@@ -69,13 +79,13 @@ if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
 		    $valid=false;
 		    $errors['phone']=$error;
 		}
-		$fields['phone']=$_REQUEST['phone'];
+		$fields['phone']=sanitizePhone($_REQUEST['phone']);
 		if($row[type]!=2){
 		    if(!(validAddress($_REQUEST['address']) || $override)){
 			$valid=false;
 			$errors['address']=$error;
 		    }
-		    $fields['address']=$_POST['address'];
+		    $fields['address']=sanitizeAddress($_POST['address']);
 		    if(!validRealName($_REQUEST['realname'],$override)){
 			$valid=false;
 			$errors['realname']=$error;
@@ -106,42 +116,213 @@ if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
 		    // include membership adding functions
 		    require_once("../lib/member_functions.php");
 		    $mode='result';
-		    // determine the uid range
+		    $failed=false;
-		    if($row[type]==2){
-			    $baseuid=8;
+		    // invalidate signup slip
+		    $query = "UPDATE signup SET sid=?, username=?, activated=now() WHERE id=?";
+		    $unset($atribs);
+		    $atribs[0]=$fields['studentid'];
+		    $atribs[1]=$fields['username'];
+		    $atribs[2]=$signupid;
+		    $responce = $sucsDB->Execute($query,$atribs);
+		    if(!$responce){
+			    mail(
+				    $error_email,
+				    "Signup Error",
+				    "Unable to invalidate signup slip: ".$signupid."\nAborting\nError message:\n".$sucsDB->ErrorMsg(),
+				    "From: \"SUCS Admin\" <admin@sucs.org>"
+			    );
+			    $failed=true;
 		    }
-		    else{
+		    else{	
-			    $baseuid=28;
+			    // determine the uid range
+			    if($row[type]==2){
+				    $baseuid=8;
+			    }
+			    else{
+				    $baseuid=28;
+			    }
+			    $minuid=$baseuid*1000;
+			    $maxuid=$minuid+999;
+			    //get the new uid
+			    $uid=findUid($minuid,$maxuid);
+			    // make a password
+			    $password=make_password();
+			    // make the ldif
+			    $ldif=generateLdif($uid,$password,$row[type],$fields['realname'],$fields['username']);
+			    // write ldif file
+			    file_put_contents('/tmp/useradd.'.$fields['username'].'.ldif',$ldif);
+			    exec(
+				    $script_path.'useradd.apache '.
+				    escapeshellarg($fields['username']).' '.
+				    escapeshellarg($fields['studentid']).' '.
+				    escapeshellarg($fields['email']),
+				    $execoutputarr,
+				    $execreturn
+			    );
+			    if($execreturn!=0){
+				$execoutputstr=implode("\n",$execoutputarr);
+				mail(
+				    $error_email,
+				    "Error creating user for signup id: ".$signupid,
+				    $execoutputstr,
+				    "From: \"SUCS Admin\" <admin@sucs.org>"
+			    	);
+				$failed=true;
+			    }
+			    // TODO: UNSTICK THIS BEFORE DEPLOYING
+			    if(posix_getpwnam($fields['username']) || true){
+				    $query="SELECT count(*) from members where username = ?";
+				    $data = $sucsDB->GetAll($query,array($fields['username']));
+				    if($data[0]['count']!=0){
+					    mail(
+						    $error_email,
+						    "Signup Error",
+						    "User ".$fields['username']." already exsists in the databse, THIS SHOULD NEVER HAPPERN\n Love the signup system.\n\nP.S. the signup id is: ".$signupid,
+						    "From: \"SUCS Admin\" <admin@sucs.org>"
+					    );
+					    $failed=true;
+				    }
+				    else{
+					    $query  = "INSERT INTO members (";
+					    $query .= "uid, username, realname, email, address, phone, sid, type, paid, lastedit, comments";
+					    $query .= ") values (";
+					    $query .= "?, ?, ?, ?";
+					    // if its a soc then it has no address
+					    if($row[type]!=2){
+						    $query .= ", ?"; //address
+					    }
+					    else{
+						    $query .= ", DEFAULT"; //address
+					    }
+					    $query .= ", ?"; //phone
+					    // only student had a sid
+					    if($row[type]==1){
+						    $query .= ", ?"; //sid
+					    }
+					    else{
+						    $query .= ", DEFAULT";
+					    }
+					    $query .= ", ?, ?, ?";
+					    // socienty add a default comment
+					    if($row[type]==2){
+						    $query .= ", ?";// comment
+					    }
+					    else{
+						    $query .= ", DEFAULT";
+					    }
+					    $query .= ");";
+					    unset($atribs);
+					    $atribs[]=$uid;
+					    $atribs[]=$fields['username'];
+					    $atribs[]=$fields['realname'];
+					    $atribs[]=$fields['email'];
+					    if($row[type]!=2){
+						    $atribs[]=$fields['address'];
+					    }
+					    $atribs[]=$fields['phone'];
+					    if($row[type]==1){
+						    $atribs[]=$fields['studentid'];
+					    }
+					    $atribs[]=$row[type];
+					    include_once("../lib/date.php");
+					    $atribs[]=paidUntil(time());
+					    $atribs[]=$uid;
+					    if($row[type]==2){
+						    $atribs[]="Contact name: ".$fields['contact'];
+					    }
+					    $responce = $sucsDB->Execute($query,$atribs);
+					    // if somthing broke then email
+					    if(!$responce){
+						mail(
+						    $error_email,
+						    "Signup Error",
+						    "Database problems for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
+						    "From: \"SUCS Admin\" <admin@sucs.org>"
+					    	);
+						$failed=true;
+					    }
+					    else{
+						    // if door card is connected to the signup slip move it to its proper home
+						    if($row[card] != ''){
+							    $query="INSERT INTO doorcards (uid,cardnumber) VALUES (?, ?);";
+							    unset($atribs);
+							    $atribs[0]=$uid;
+							    $atribs[1]=$row[card];
+							    $responce=$sucsDB->Execute($query,$atribs);
+							    if(!$responce){
+								    mail(
+									    $error_email,
+									    "Signup Error",
+									    "Failed to migrate card details for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
+									    "From: \"SUCS Admin\" <admin@sucs.org>"
+								    );
+							    }
+						    } 
+						    $logsmessage  = "New user '".$fields['username']." has been created on SUCS\n";
+						    $logsmessage .= "at: ".date("H:i ",mktime())." on ".date("l F jS Y", mktime())."\n";
+						    $logsmessage .= "From: ".$_SERVER['REMOTE_ADDR']."\n";
+						    $logsmessage .= "Useing signup id: ".$signupid."\n";
+						    if($override){
+							    $logsmessage .= "User ".$session->username." overrode validation.\n";
+						    }
+						    $logsmessage .= "Love The Signup System";
+						    // TODO: CHNAGE THIS TO logs@sucs.org BEFORE DEPLOYING
+						    mail(
+							    "eclipse@sucs.org",
+							    "User '".$fields['username']."' Created on SUCS",
+							    $logsmessage,
+							    "From: \"SUCS Admin\" <admin@sucs.org>"
+						    );
+						    $usermessage  = "Welcome to the Swansea University Computer Society!\n\n";
+						    $usermessage .= "Your account details are:\n\n";
+						    $usermessage .= "Username: ".$fields['username']."\n";
+						    $usermessage .= "Password: ".$password."\n\n";
+						    $usermessage .= "Wondering what to do next? Check out our Getting Started page: http://sucs.org/Getting%20Started or go right ahead and post on our forum at http://sucs.org/Community/Forum or join in the discussion on our chat system, Milliways: http://sucs.org/Community/Milliways\n\n";
+						    $usermessage .= "Before you use the SUCS computers or the computer room, please make sure you are familiar with the conditions of use and room rules at http://sucs.org/About/Regulations\n\n";
+						    $usermessage .= "If you require help using the system, introductory guides are available at http://sucs.org/Knowledge\n\n";
+						    $usermessage .= "If you have any trouble using the system, reply to this e-mail describing the nature of the problem and we'll look into it.\n\n";
+						    $usermessage .= "We hope you enjoy your SUCS membership.\n\n";
+						    $usermessage .= "Regards,\n\n";
+						    $usermessage .= "Swansea University Computer Society";
+						    if($fields['email']=''){
+							    $user_email=$fields['studentid']."@swan.ac.uk";
+						    }
+						    else{
+							    $user_email=$fields['email'];
+						    }
+						    mail(
+							    $user_email,
+							    "Your SUCS Account has been created!",
+							    $usermessage,
+							    "From: \"SUCS Admin\" <admin@sucs.org>"
+						    );
+					    }
+				    }
+			    }
+		            $addtolist ="".$fields['email']."\n".$fields['studentid']."@swan.ac.uk";
+		            file_put_contents('/tmp/listadd.'.$fields['username'],$addtolist);
+			    system(
+				    $script_path.'listadd.apache '.
+				    escapeshellarg($fields['username'])
+			    );
 		    }
-		    $minuid=$baseuid*1000;
-		    $maxuid=$minuid+999;
-		    //get the new uid
+		    //TODO: REMOVE THIS BEFORE DEPLOYING
-		    $uid=findUid($minuid,$maxuid);
-		    // make a password
-		    $password=make_password();
-		    // make the ldif
-		    $ldif=generateLdif($uid,$password,$row[type],$_POST['realname'],$_POST['username']);
-		    // write ldif file
-		    file_put_contents('/tmp/useradd.'.$_POST['username'].'.ldif',$ldif);
-		    system(
-			    $script_path.'useradd.apache '.
-			    sh_escape($_POST['username']).' '.
-			    sh_escape($_POST['studentid']).' '.
-			    sh_escape($_POST['email'])
-		    );
-	            $addtolist ="".$_POST['email']."\n".$_POST['studentid']."@swan.ac.uk";
-	            file_put_contents('/tmp/listadd.'.$_POST['username'],$addtolist);
-		    system(
-			    $script_path.'listadd.apache '.
-			    sh_escape($_POST['username'])
-		    );
-		    //TODO: add membership add code here
 		    $_POST[uid]=$uid;
 		    $_POST[password]=$password;
 		    $_POST[ldif]=$ldif;
 		    $smarty->assign("post",$_POST);
+		    // TODO: ADD OUTPUT DATA
 		}

--- a/lib/member_functions.php
+++ b/lib/member_functions.php
 <?
-//Escape spaces in a shell command
-function sh_escape($text)
-{
-        $text = escapeshellcmd($text);
-        return str_replace(' ', '\ ', $text);
-}
 function make_password($length=8)
 {
        $vowels = "aeiouy";
@@ -90,6 +83,10 @@ function generateLdif($uid, $password, $type, $realname, $username){
 	    $gid=113;
 	    $homebase="society";
 	}
+	elseif($type==5){
+	    $gid=100;
+	    $homebase="alumni";
+	}
 	else {
 	    $gid=100;
 	    $homebase="member";