Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?
function msg_tx($text, $time, $fg, $bg)
{
$f = fopen("http://door.sucs.org/sendstatus.py?text=".urlencode($text)."&timeout=$time&fg=$fg&bg=$bg", "r");
fclose($f);
}
function msg_good($text, $time=5)
{
msg_tx($text, $time, "0,0,0", "128,255,128");
}
function msg_bad($text, $time=3)
{
msg_tx($text, $time, "0,0,0", "255,64,64");
}
header("Content-type: text/plain");
// Initialise the database
require("/usr/share/adodb/adodb.inc.php");
$DB = NewADOConnection('postgres8');
if ($DB->Connect('dbname=sucs') === FALSE) {
echo "DB fail\n";
exit;
}
$DB->SetFetchMode(ADODB_FETCH_ASSOC);
$f = fopen("/tmp/doorlog", "a");
if (isset($_REQUEST['code'])) {
// Expire old requests
$DB->Execute("delete from doorknock where start < NOW() - 30 seconds:reltime");
// Parse out the string
$code = $_REQUEST['code'];
$codes = split(' ',$code);
if ($codes[0] != "SUCS") {
echo "Unrecognised codeword '{$codes[0]}'\n";
msg_bad("Invalid slip");
exit;
}
// look up the user
$user = $DB->GetAll("select * from signup where id=?",array($codes[1]));
if (!is_array($user) || count($user) < 1) {
echo "Unrecognised signup id\n";
msg_bad("Invalid slip");
exit;
}
if ($codes[2] != $user[0]['password']) {
echo "Password mismatch\n";
msg_bad("Invalid slip");
exit;
}
if ($user[0]['card'] != "") {
echo "User already has a card\n";
msg_bad("Slip already used");
exit;
}
// all looks valid so far
// check we arent bouncing ourselves out
$exist = $DB->GetAll("select * from doorknock");
if (is_array($exist) && count($exist) > 0) {
print_r($exist);
if ($exist[0]['suid'] == $user[0]['id']) {
echo "Already in progress, no action\n";
exit;
}
$DB->Execute("delete from doorknock");
echo "Bouncing out signup id={$exist[0]['suid']}\n";
}
$DB->Execute("insert into doorknock (suid,start) values(?,NOW())", array($user[0]['id']));
echo "Start waiting for id={$user[0]['id']}\n";
msg_good("Please swipe ID Card to complete registration", 10);
exit;
} else
// a card was swiped at the door, try to match it
if (isset($_REQUEST['id'])) {
$card = $_REQUEST['id'];
$exist = $DB->GetAll("select * from doorknock");
if (!is_array($exist) || count($exist) < 1) {
echo "No registration in progress, ignoring.\n";
exit;
}
$signup = $DB->GetAll("select * from signup where id=?",array($exist[0]['suid']));
if (!is_array($signup) || count($signup) < 1) {
echo "Unrecognised signup id\n";
msg_bad("Invalid slip");
$DB->Execute("delete from doorknock");
exit;
}
// should really check the card isnt already registered first
$DB->Execute("update signup set card=? where id=?", array($card, $signup[0]['id']));
echo "Registering card '$card' to signup id {$signup[0]['id']}\n";
$DB->Execute("delete from doorknock");
// User is registered, stick it in the real doorcards list too
if ($signup[0]['username'] != "") {
$user = $DB->GetAll("select * from members where username=?", array($signup[0]['username']));
if (!is_array($user) || count($user) < 1) {
echo "Cant find username '{$signup[0]['username']}' to full reg the card\n";
} else {
$DB->Execute("insert into doorcards (uid, cardnumber) values (?,?)", array($user[0]['uid'], $card));
echo "Registering card to uid={$user[0]['uid']} username {$user[0]['username']}\n";
}
}
unlink("/tmp/cards");
system("/usr/local/bin/db-to-cards.php");
system("sudo /usr/local/bin/putcardsfile");
unlink("/tmp/cards");
msg_good("Card now registered, swipe again for access");
exit;
}
?>