Newer
Older
//ob_start();
//include("../member/signup.php");
//$output = ob_get_contents();
//ob_end_clean();
Tim Clark
committed
//
// -------------------------------------------------------------
Tim Clark
committed
// -------------------------------------------------------------
//$script_path="/home/member/eclipse/signuptests/";
$script_path="sudo /usr/local/sbin/";
// DEV: CHNAGE THIS FOR DEV MODE
//$error_email="eclipse@sucs.org";
$error_email="admin@sucs.org";
Tim Clark
committed
$override_permission="sucsstaff";
// is the validation (mostly) overridable
$overridable=isset($session->groups[$override_permission]);
Tim Clark
committed
// ------------------------------------------------
Tim Clark
committed
// ------------------------------------------------
Tim Clark
committed
//set defaults
$mode = 'login';
//login
if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
//set signup details
$signupid = $_REQUEST['signupid'];
$signuppw = $_REQUEST['signuppw'];
//$sucsDB->debug = true;
// get row(s)
$query = "SELECT * FROM signup WHERE id=? AND password=?";
$array = array($signupid,$signuppw);
$data = $sucsDB->GetAll($query,$array);
// if data was returned and it was exactly 1 row
if(is_array($data)&&sizeof($data)==1){
$row=$data[0];
// if the id hasnt already been used
if(!(isset($row[activated])&&isset($row[username]))){
// pass on the id and passwd and id the validation is overridable
$smarty->assign("signupid",$signupid);
$smarty->assign("signuppw",$signuppw);
$smarty->assign("overridable",$overridable);
$smarty->assign("usertype",$row[type]);
// if accepting the form
if(isset($_REQUEST['username']) && isset($_REQUEST['realname']) && isset($_REQUEST['email']) && isset($_REQUEST['phone'])){
require_once("../lib/validation.php");
$override = $overridable && (isset($_POST['override']) && $_POST['override']=="on");
$valid=true;
$errors=array();
$fields=array();
if(!validUsername($_REQUEST['username'])){
$valid=false;
$errors['username']=$error;
}
$fields['username']=$_REQUEST['username'];
if(!(validSignupEmail($_REQUEST['email']) || $override)){
$valid=false;
$errors['email']=$error;
}
$fields['email']=$_REQUEST['email'];
if(!(validPhone($_REQUEST['phone']) || $override)){
$valid=false;
$errors['phone']=$error;
}
Tim Clark
committed
$fields['phone']=sanitizePhone($_REQUEST['phone']);
if($row[type]!=2){
if(!(validAddress($_REQUEST['address']) || $override)){
$valid=false;
$errors['address']=$error;
}
Tim Clark
committed
$fields['address']=sanitizeAddress($_POST['address']);
if(!validRealName($_REQUEST['realname'],$override)){
$valid=false;
$errors['realname']=$error;
}
$fields['realname']=$_REQUEST['realname'];
}
else{
if(!(validRealName($_REQUEST['contact'],false) || $override)){
$valid=false;
$errors['contact']=$error;
}
$fields['contact']=$_REQUEST['contact'];
if(!validSocName($_REQUEST['realname'], $override)){
$valid=false;
$errors['realname']=$error;
}
$fields['realname']=$_REQUEST['realname'];
}
if($row[type]==1){
if(!validSID($_REQUEST['studentid'],$override)){
$valid=false;
$errors['studentid']=$error;
}
$fields['studentid']=$_REQUEST['studentid'];
}
if($valid){
Tim Clark
committed
// include membership adding functions
require_once("../lib/member_functions.php");
$mode='result';
Tim Clark
committed
$failed=false;
// invalidate signup slip
$query = "UPDATE signup SET sid=?, username=?, activated=now() WHERE id=?";
unset($atribs);
Tim Clark
committed
$atribs[0]=$fields['studentid'];
$atribs[1]=$fields['username'];
$atribs[2]=$signupid;
$responce = $sucsDB->Execute($query,$atribs);
if(!$responce){
mail(
$error_email,
"Signup Error",
"Unable to invalidate signup slip: ".$signupid."\nAborting\nError message:\n".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
Tim Clark
committed
}
Tim Clark
committed
// determine the uid range
if($row[type]==2){
$baseuid=8;
}
else{
Tim Clark
committed
}
$minuid=$baseuid*1000;
$maxuid=$minuid+999;
//get the new uid
$uid=findUid($minuid,$maxuid);
// make a password
$password=make_password();
// make the ldif
$ldif=generateLdif($uid,$password,$row[type],$fields['realname'],$fields['username']);
// write ldif file
file_put_contents('/tmp/useradd.'.$fields['username'].'.ldif',$ldif);
exec(
$script_path.'useradd.apache '.
escapeshellarg($fields['username']).' '.
escapeshellarg($fields['studentid']).' '.
Tim Clark
committed
escapeshellarg($fields['email']).
' 2>&1',
Tim Clark
committed
$execoutputarr,
$execreturn
);
if($execreturn!=0){
$execoutputstr=implode("\n",$execoutputarr);
mail(
$error_email,
"Error creating user for signup id: ".$signupid,
$execoutputstr,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
// DEV: STICK THIS FOR DEV
if(posix_getpwnam($fields['username'])){
Tim Clark
committed
$query="SELECT count(*) from members where username = ?";
$data = $sucsDB->GetAll($query,array($fields['username']));
if($data[0]['count']!=0){
mail(
$error_email,
"Signup Error",
"User ".$fields['username']." already exists in the databse, THIS SHOULD NEVER HAPPEN\n Love the signup system.\n\nP.S. the signup id is: ".$signupid,
Tim Clark
committed
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
else{
$query = "INSERT INTO members (";
$query .= "uid, username, realname, email, address, phone, sid, type, paid, lastedit, comments";
$query .= ") values (";
$query .= "?, ?, ?, ?";
// if its a soc then it has no address
if($row[type]!=2){
$query .= ", ?"; //address
}
else{
$query .= ", DEFAULT"; //address
}
$query .= ", ?"; //phone
// only student had a sid
if($row[type]==1){
$query .= ", ?"; //sid
}
else{
$query .= ", DEFAULT";
}
$query .= ", ?, ?, ?";
// socienty add a default comment
if($row[type]==2){
$query .= ", ?";// comment
}
else{
$query .= ", DEFAULT";
}
$query .= ");";
unset($atribs);
$atribs[]=$uid;
$atribs[]=$fields['username'];
$atribs[]=$fields['realname'];
$atribs[]=$fields['email'];
if($row[type]!=2){
$atribs[]=$fields['address'];
}
$atribs[]=$fields['phone'];
if($row[type]==1){
$atribs[]=$fields['studentid'];
}
$atribs[]=$row[type];
include_once("../lib/date.php");
$atribs[]=paidUntil(time());
$atribs[]=$uid;
if($row[type]==2){
$atribs[]="Contact name: ".$fields['contact'];
}
$responce = $sucsDB->Execute($query,$atribs);
// if somthing broke then email
if(!$responce){
mail(
$error_email,
"Signup Error",
"Database problems for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
else{
// if door card is connected to the signup slip move it to its proper home
if($row[card] != ''){
$query="INSERT INTO doorcards (uid,cardnumber) VALUES (?, ?);";
unset($atribs);
$atribs[0]=$uid;
$atribs[1]=$row[card];
$responce=$sucsDB->Execute($query,$atribs);
if(!$responce){
mail(
$error_email,
"Signup Error",
"Failed to migrate card details for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
Tim Clark
committed
$logsmessage = "New user '".$fields['username']."' has been created on SUCS\n";
$logsmessage .= "at: ".date("H:i ",time())." on ".date("l F jS Y", time())."\n";
Tim Clark
committed
$logsmessage .= "From: ".$_SERVER['REMOTE_ADDR']."\n";
$logsmessage .= "Using signup id: ".$signupid."\n";
Tim Clark
committed
if($override){
$logsmessage .= "User ".$session->username." overrode validation.\n";
}
$logsmessage .= "Love The Signup System";
Tim Clark
committed
mail(
Tim Clark
committed
"User '".$fields['username']."' Created on SUCS",
$logsmessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
mail(
"treasurer@sucs.org",
"User '".$fields['username']."' Created on SUCS",
$logsmessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
Tim Clark
committed
$usermessage = "Welcome to the Swansea University Computer Society!\n\n";
$usermessage .= "Your account details are:\n\n";
$usermessage .= "Username: ".$fields['username']."\n";
$usermessage .= "Password: ".$password."\n\n";
$usermessage .= "Wondering what to do next? Check out our Getting Started page: http://sucs.org/Getting%20Started or go right ahead and post on our forum at http://sucs.org/Community/Forum or join in the discussion on our chat system, Milliways: http://sucs.org/Community/Milliways\n\n";
$usermessage .= "Our weekly social is held in the coffee end JC's at 1:00 PM every Wednesday\n\n";
Tim Clark
committed
$usermessage .= "Before you use the SUCS computers or the computer room, please make sure you are familiar with the conditions of use and room rules at http://sucs.org/About/Regulations\n\n";
$usermessage .= "If you require help using the system, introductory guides are available at http://sucs.org/Knowledge\n\n";
$usermessage .= "If you have any trouble using the system, reply to this e-mail describing the nature of the problem and we'll look into it.\n\n";
$usermessage .= "We hope you enjoy your SUCS membership.\n\n";
$usermessage .= "Regards,\n\n";
$usermessage .= "Swansea University Computer Society";
if($fields['email']!=''){
$user_email=$fields['email'];
}
elseif($fields['studentid']!=''){
Tim Clark
committed
$user_email=$fields['studentid']."@swan.ac.uk";
}
else{
$user_email=FALSE;
Tim Clark
committed
}
if($user_email){
mail(
Tim Clark
committed
$user_email,
"Your SUCS Account has been created!",
$usermessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
Tim Clark
committed
}
}
}
//Wrong logic, only students have student email addresses ~imranh
if ($row['type']==1){
$addtolist ="".$fields['email']."\n".$fields['studentid']."@swan.ac.uk";
}else{
$addtolist="".$fields['email']."\n"; //Societies don't have student email addresses
}
file_put_contents('/tmp/listadd.'.$fields['username'],$addtolist);
unset($execoutputarr);
exec(
Tim Clark
committed
$script_path.'listadd.apache '.
escapeshellarg($fields['username']).' '.
Tim Clark
committed
escapeshellarg($row[type]).
' 2>&1',
$execoutputarr,
$ececreturn
Tim Clark
committed
);
if($execreturn!=0){
$execoutputstr=implode("\n",$execoutputarr);
mail(
$error_email,
"Error adding user to mailing lists from signup id: ".$signupid,
Imran Hussain
committed
$execoutputstr.$ececreturn,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
Tim Clark
committed
}
$smarty->assign("failed",$failed);
if($failed){
$errorreparray=$_POST;
unset($errorroparray[signuppw]);
$errorreparray[uid]=$uid;
foreach ($errorreparray as $key => $value){
$errorreport .= $key.": ".$value."\n";
}
$errorreport .= "\nLove from the Signup System";
mail(
$error_email,
"Signup system error report",
$errorreport,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
else{
$smarty->assign("username", $fields['username']);
$smarty->assign("password", $password);
$smarty->assign("email", $user_email);
}
Tim Clark
committed
}
else{
//re-show form
$script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
$smarty->assign("fields",$fields);
$smarty->assign("errors",$errors);
$smarty->append('extra_scripts', $script);
$mode='re-form';
}
}
else{
// display the form
$script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
$smarty->append('extra_scripts', $script);
$mode='form';
}
}
else trigger_error("Signup ID already used",E_USER_WARNING);
}
else trigger_error("Invalid ID or Password", E_USER_WARNING);
}
//Set smarty Variables
$smarty->assign("mode", $mode);
$output = $smarty->fetch("signup.tpl");
$smarty->assign("title", "Sign Up");
$smarty->assign("body", $output);
?>