Newer
Older
//ob_start();
//include("../member/signup.php");
//$output = ob_get_contents();
//ob_end_clean();
Tim Clark
committed
//
// -------------------------------------------------------------
// TODO: CHANGE THIS TO "sudo /usr/local/sbin/" DEFORE DEPLOYING
// -------------------------------------------------------------
$script_path="/home/member/eclipse/signuptests/";
Tim Clark
committed
// TODO: SET THIS TO admin@sucs.org BEFORE DEPLOYING
$error_email="eclipse@sucs.org";
$override_permission="staff";
// is the validation (mostly) overridable
$overridable=isset($session->groups[$permission]);
Tim Clark
committed
// ------------------------------------------------
// TODO: REMOVE THE FOLLOWING LINE BEFORE DEPLOYING
// ------------------------------------------------
$overridable=true;
//set defaults
$mode = 'login';
//login
if(isset($_REQUEST['signupid'])&&isset($_REQUEST['signuppw'])){
//set signup details
$signupid = $_REQUEST['signupid'];
$signuppw = $_REQUEST['signuppw'];
// connect to sucs database
$sucsDB = NewADOConnection('postgres8');
Tim Clark
committed
//$sucsDB->debug = true;
// -------------------------------------------------
// TODO: CHANGE THIS TO dbname=sucs BEFORE DEPLOYING
// -------------------------------------------------
$sucsDB->Connect('dbname=eclipse');
$sucsDB->SetFetchMode(ADODB_FETCH_ASSOC);
// get row(s)
$query = "SELECT * FROM signup WHERE id=? AND password=?";
$array = array($signupid,$signuppw);
$data = $sucsDB->GetAll($query,$array);
// if data was returned and it was exactly 1 row
if(is_array($data)&&sizeof($data)==1){
$row=$data[0];
// if the id hasnt already been used
if(!(isset($row[activated])&&isset($row[username]))){
// pass on the id and passwd and id the validation is overridable
$smarty->assign("signupid",$signupid);
$smarty->assign("signuppw",$signuppw);
$smarty->assign("overridable",$overridable);
$smarty->assign("usertype",$row[type]);
// if accepting the form
if(isset($_REQUEST['username']) && isset($_REQUEST['realname']) && isset($_REQUEST['email']) && isset($_REQUEST['phone'])){
require_once("../lib/validation.php");
$override = $overridable && (isset($_POST['override']) && $_POST['override']=="on");
$valid=true;
$errors=array();
$fields=array();
if(!validUsername($_REQUEST['username'])){
$valid=false;
$errors['username']=$error;
}
$fields['username']=$_REQUEST['username'];
if(!(validSignupEmail($_REQUEST['email']) || $override)){
$valid=false;
$errors['email']=$error;
}
$fields['email']=$_REQUEST['email'];
if(!(validPhone($_REQUEST['phone']) || $override)){
$valid=false;
$errors['phone']=$error;
}
Tim Clark
committed
$fields['phone']=sanitizePhone($_REQUEST['phone']);
if($row[type]!=2){
if(!(validAddress($_REQUEST['address']) || $override)){
$valid=false;
$errors['address']=$error;
}
Tim Clark
committed
$fields['address']=sanitizeAddress($_POST['address']);
if(!validRealName($_REQUEST['realname'],$override)){
$valid=false;
$errors['realname']=$error;
}
$fields['realname']=$_REQUEST['realname'];
}
else{
if(!(validRealName($_REQUEST['contact'],false) || $override)){
$valid=false;
$errors['contact']=$error;
}
$fields['contact']=$_REQUEST['contact'];
if(!validSocName($_REQUEST['realname'], $override)){
$valid=false;
$errors['realname']=$error;
}
$fields['realname']=$_REQUEST['realname'];
}
if($row[type]==1){
if(!validSID($_REQUEST['studentid'],$override)){
$valid=false;
$errors['studentid']=$error;
}
$fields['studentid']=$_REQUEST['studentid'];
}
if($valid){
Tim Clark
committed
// include membership adding functions
require_once("../lib/member_functions.php");
$mode='result';
Tim Clark
committed
$failed=false;
// invalidate signup slip
$query = "UPDATE signup SET sid=?, username=?, activated=now() WHERE id=?";
$unset($atribs);
$atribs[0]=$fields['studentid'];
$atribs[1]=$fields['username'];
$atribs[2]=$signupid;
$responce = $sucsDB->Execute($query,$atribs);
if(!$responce){
mail(
$error_email,
"Signup Error",
"Unable to invalidate signup slip: ".$signupid."\nAborting\nError message:\n".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
Tim Clark
committed
}
Tim Clark
committed
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
else{
// determine the uid range
if($row[type]==2){
$baseuid=8;
}
else{
$baseuid=28;
}
$minuid=$baseuid*1000;
$maxuid=$minuid+999;
//get the new uid
$uid=findUid($minuid,$maxuid);
// make a password
$password=make_password();
// make the ldif
$ldif=generateLdif($uid,$password,$row[type],$fields['realname'],$fields['username']);
// write ldif file
file_put_contents('/tmp/useradd.'.$fields['username'].'.ldif',$ldif);
exec(
$script_path.'useradd.apache '.
escapeshellarg($fields['username']).' '.
escapeshellarg($fields['studentid']).' '.
escapeshellarg($fields['email']),
$execoutputarr,
$execreturn
);
if($execreturn!=0){
$execoutputstr=implode("\n",$execoutputarr);
mail(
$error_email,
"Error creating user for signup id: ".$signupid,
$execoutputstr,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
// TODO: UNSTICK THIS BEFORE DEPLOYING
if(posix_getpwnam($fields['username']) || true){
$query="SELECT count(*) from members where username = ?";
$data = $sucsDB->GetAll($query,array($fields['username']));
if($data[0]['count']!=0){
mail(
$error_email,
"Signup Error",
"User ".$fields['username']." already exsists in the databse, THIS SHOULD NEVER HAPPERN\n Love the signup system.\n\nP.S. the signup id is: ".$signupid,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
else{
$query = "INSERT INTO members (";
$query .= "uid, username, realname, email, address, phone, sid, type, paid, lastedit, comments";
$query .= ") values (";
$query .= "?, ?, ?, ?";
// if its a soc then it has no address
if($row[type]!=2){
$query .= ", ?"; //address
}
else{
$query .= ", DEFAULT"; //address
}
$query .= ", ?"; //phone
// only student had a sid
if($row[type]==1){
$query .= ", ?"; //sid
}
else{
$query .= ", DEFAULT";
}
$query .= ", ?, ?, ?";
// socienty add a default comment
if($row[type]==2){
$query .= ", ?";// comment
}
else{
$query .= ", DEFAULT";
}
$query .= ");";
unset($atribs);
$atribs[]=$uid;
$atribs[]=$fields['username'];
$atribs[]=$fields['realname'];
$atribs[]=$fields['email'];
if($row[type]!=2){
$atribs[]=$fields['address'];
}
$atribs[]=$fields['phone'];
if($row[type]==1){
$atribs[]=$fields['studentid'];
}
$atribs[]=$row[type];
include_once("../lib/date.php");
$atribs[]=paidUntil(time());
$atribs[]=$uid;
if($row[type]==2){
$atribs[]="Contact name: ".$fields['contact'];
}
$responce = $sucsDB->Execute($query,$atribs);
// if somthing broke then email
if(!$responce){
mail(
$error_email,
"Signup Error",
"Database problems for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$failed=true;
}
else{
// if door card is connected to the signup slip move it to its proper home
if($row[card] != ''){
$query="INSERT INTO doorcards (uid,cardnumber) VALUES (?, ?);";
unset($atribs);
$atribs[0]=$uid;
$atribs[1]=$row[card];
$responce=$sucsDB->Execute($query,$atribs);
if(!$responce){
mail(
$error_email,
"Signup Error",
"Failed to migrate card details for signup id: ".$signupid."\nError message:\n".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
}
$logsmessage = "New user '".$fields['username']." has been created on SUCS\n";
$logsmessage .= "at: ".date("H:i ",mktime())." on ".date("l F jS Y", mktime())."\n";
$logsmessage .= "From: ".$_SERVER['REMOTE_ADDR']."\n";
$logsmessage .= "Useing signup id: ".$signupid."\n";
if($override){
$logsmessage .= "User ".$session->username." overrode validation.\n";
}
$logsmessage .= "Love The Signup System";
// TODO: CHNAGE THIS TO logs@sucs.org BEFORE DEPLOYING
mail(
"eclipse@sucs.org",
"User '".$fields['username']."' Created on SUCS",
$logsmessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$usermessage = "Welcome to the Swansea University Computer Society!\n\n";
$usermessage .= "Your account details are:\n\n";
$usermessage .= "Username: ".$fields['username']."\n";
$usermessage .= "Password: ".$password."\n\n";
$usermessage .= "Wondering what to do next? Check out our Getting Started page: http://sucs.org/Getting%20Started or go right ahead and post on our forum at http://sucs.org/Community/Forum or join in the discussion on our chat system, Milliways: http://sucs.org/Community/Milliways\n\n";
$usermessage .= "Before you use the SUCS computers or the computer room, please make sure you are familiar with the conditions of use and room rules at http://sucs.org/About/Regulations\n\n";
$usermessage .= "If you require help using the system, introductory guides are available at http://sucs.org/Knowledge\n\n";
$usermessage .= "If you have any trouble using the system, reply to this e-mail describing the nature of the problem and we'll look into it.\n\n";
$usermessage .= "We hope you enjoy your SUCS membership.\n\n";
$usermessage .= "Regards,\n\n";
$usermessage .= "Swansea University Computer Society";
if($fields['email']=''){
$user_email=$fields['studentid']."@swan.ac.uk";
}
else{
$user_email=$fields['email'];
}
mail(
$user_email,
"Your SUCS Account has been created!",
$usermessage,
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
}
}
$addtolist ="".$fields['email']."\n".$fields['studentid']."@swan.ac.uk";
file_put_contents('/tmp/listadd.'.$fields['username'],$addtolist);
system(
$script_path.'listadd.apache '.
escapeshellarg($fields['username'])
);
Tim Clark
committed
}
Tim Clark
committed
//TODO: REMOVE THIS BEFORE DEPLOYING
Tim Clark
committed
$_POST[uid]=$uid;
$_POST[password]=$password;
$_POST[ldif]=$ldif;
$smarty->assign("post",$_POST);
Tim Clark
committed
// TODO: ADD OUTPUT DATA
Tim Clark
committed
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
}
else{
//re-show form
$script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
$smarty->assign("fields",$fields);
$smarty->assign("errors",$errors);
$smarty->append('extra_scripts', $script);
$mode='re-form';
}
}
else{
// display the form
$script = "<script language='javascript' type='text/javascript' src='".$baseurl."/js/jquery.js'></script>\n";
$script .= "<script language='javascript' type='text/javascript' src='$baseurl/js/signup.js'></script>\n";
$smarty->append('extra_scripts', $script);
$mode='form';
}
}
else trigger_error("Signup ID already used",E_USER_WARNING);
}
else trigger_error("Invalid ID or Password", E_USER_WARNING);
}
//Set smarty Variables
$smarty->assign("mode", $mode);
$output = $smarty->fetch("signup.tpl");
$smarty->assign("title", "Sign Up");
$smarty->assign("body", $output);
?>