Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
<?php
// e-mail, password validation functions
require_once("../lib/validation.php");
// Some Constants
// These could possibly be moved somewhere saner?
define('GUESTNET_LOW','137.44.10.130'); // These could possibly be a set of ranges or a subnet which might be saner?
define('GUESTNET_HIGH','137.44.10.134'); // These could possibly be a set of ranges or a subnet which might be saner?
$sucsdbname = 'sucs'; // This was stored in config, I just don't have it here in the test
// Helper Functions
// Could these be moved to some kind of library?
// function to change a user's password
function changePassword ($oldpass, $newpass1, $newpass2) {
global $error, $session;
if ($newpass1 !== $newpass2) {
// new passwords do not match!
$error[] = "New passwords do not match";
return FALSE;
}
if (!strongPassword($newpass1)) {
$error[] = "Password is too weak";
return FALSE;
}
if (!($ldap = @ldap_connect("ldap://localhost"))) {
$error[] = "LDAP connect failed";
return FALSE;
}
if (!($ldapbind = ldap_bind($ldap, "uid=".$session->username.",ou=People,dc=sucs,dc=org",$oldpass))) {
$error[] = "Existing password incorrect";
ldap_close($ldap);
return FALSE;
}
// if everything looks OK, attempt to make the change
$success = ldap_mod_replace ($ldap, "uid=".$session->username.",ou=People,dc=sucs,dc=org",
array('userpassword' => "{SHA}".base64_encode(pack("H*", sha1($newpass1)))));
ldap_close($ldap);
return $success;
}
// function to update contact details
function changeContactDetails($address, $phone, $externalEmail) {
global $sucsDB, $session, $error;
// Do some kind of checking here
// Check valid email (do we have a function for this?
if (!validEmail($externalEmail))
return FALSE; // Valid Email handles errors itself
// Check valid phone number (do we have a function for this?)
if (empty($phone) || (strlen($phone) < 6)) {
$error[] = 'You must have a contact phone number!';
return FALSE;
}
// Update
if ($sucsDB->Execute('UPDATE members SET address = ?,phone = ?, email = ?, lastupdate = now(), lastedit = uid WHERE username = ?',
array($address, $phone, $externalEmail, $session->username)) === FALSE) {
$error[] = 'There was an error updating your contact details. Please contact admin.';
return FALSE;
}
return TRUE;
}
function changeGuestnetDetails($wiredMAC) {
global $sucsDB, $session, $error;
// Get UID as we don't have it yet
if(($uid = $sucsDB->GetOne("SELECt uid FROM members WHERE username = ?", array($session->username))) === FALSE) {
$error[] = 'There was an error updating your GuestNET MAC Address. Please contact admin. (UID)';
return FALSE;
}
// Replace the guestnet record with the one with the new mac
if (!$sucsDB->Replace('guestnet', array('mac' => "'$wiredMAC'", 'uid' => $uid), 'uid')) {
$error[] = 'There was an error updating your GuestNET MAC Address. Please contact admin. (QUERY)';
return FALSE;
}
exec('/usr/local/bin/update-dhcpd', $placeholder, $returnVar);
if ($returnVar == 0) {
return TRUE;
// $message[] = 'GuestNet MAC Address updated. Please wait a minute or two for the changes to take effect.';
} else {
$error[] = 'There was an error updating your GuestNet Mac Address. Please contact admin. (RETURNVAR)';
return FALSE;
}
}
// Checks whether the given string mac address is valid
function isValidMACAddr($mac) {
// Put code here if needed
return TRUE;
}
// Returns the users GuestNet MAC Address if they have one and false otherwise
function getGuestNetMAC() {
global $error;
$ip = trim($_SERVER['REMOTE_ADDR']);
// Sanity Check ip?
// Check we are in the correct ip range (unregistered GuestNET addresses)
if (ip2long($ip) && (ip2long($ip) >= ip2long(GUESTNET_LOW)) && (ip2long($ip) <= ip2long(GUESTNET_HIGH))) {
exec("sudo /usr/local/sbin/gw-copy-arp.sh", $placeholder, $returnVar);
if ($returnVar == 0) {
$arpLines = file('/tmp/gwarp');
foreach ($arpLines as $arpLine) {
$arpFields = preg_split('/[\s\t\n]+/', $arpLine);
if ($arpFields[0] == $ip) {
// Perhaps do some checking on the mac here?
if (isValidMACAddr($arpFields[3]))
return $arpFields[3];
else
break;
}
}
}
// We didn't find their mac address :\
$error[] = 'There was an error finding your MAC Address. Please contact admin.';
return FALSE;
} else {
return FALSE;
}
}
// Delete the user's hackergotchi file cause they've decided they're too embarrassed by it
function clearHackergotchi() {
global $error,$session;
$imagefilepath = hackergotchiPath($session->username);
if (unlink($imagefilepath)) {
return true;
} else {
$error[] = 'Unable to remove hackergotchi file';
return false;
}
}
// construct the filesystem path to a user's hackergotchi picture
function hackergotchiPath($username) {
global $base;
$path = $base."htdocs/pictures/people/".$username.".png";
return $path;
}
// Takes an entry from $_FILES and makes this the new hackergotchi
function updateHackergotchi($fileDetails) {
global $error,$session;
if ( ((list($width, $height, $type, $attr) = @getimagesize($fileDetails['tmp_name'])) !== false) &&
($type == IMAGETYPE_PNG) && ($width <= 128) && ($height <= 128)) {
$imagefilepath = hackergotchiPath($session->username);
// Move uploaded hackergotchi into place
if( move_uploaded_file($fileDetails['tmp_name'], $imagefilepath) && chmod($imagefilepath, 0644) ) {
return TRUE;
}
}
// We should have returned True by now
$error[] = 'There was an error updating your hackergotchi. Please contact admin.';
return FALSE;
}
// Template Setup
$smarty->assign('session', $session);
if ($session->loggedin === TRUE) {
$sucsDB = NewADOConnection('postgres8');
$sucsDB->Connect('dbname='.$sucsdbname);
$sucsDB->SetFetchMode(ADODB_FETCH_ASSOC);
$newGuestNetMAC = getGuestNetMAC();
// Handle Postbacks
if (isset($_POST['action'])) {
switch($_POST['action']) {
case 'changepass' :
if (changePassword($_POST['oldpass'], $_POST['newpass1'], $_POST['newpass2'])) {
$messages[] = 'Password changed.';
} else {
// Should we log something here for bug trcaking use?
$error[] = "Password change failed.";
}
break;
case 'changecontact' :
if(changeContactDetails($_POST['address'], $_POST['phone'], $_POST['email'])) {
$messages[] = 'Contact Details Updated.';
}
break;
case 'changeguestnet' :
if(changeGuestNetDetails($newGuestNetMAC)) {
$messages[] = 'GuestNet Details Updated!';
}
break;
case 'updatehackergotchi' :
if (updateHackergotchi($_FILES['hackergotchi'])) {
$messages[] = 'Hackergotchi Updated';
}
break;
case 'clearhackergotchi' :
if (clearHackergotchi()) {
$messages[] = 'Hackergotchi Cleared';
}
break;
}
}
// Display Details
// Some checking could be done here to ensure we have a members record. Ideally we should
// be able to assume this though if they are logged in.
if (is_file($base."htdocs/pictures/people/".$session->username.".png")) $smarty->assign('hackergotchi', TRUE);
$member = $sucsDB->GetRow("select * from members where username='".$session->username."'");
$smarty->assign('member', $member);
if(($currentGuestNetMAC = $sucsDB->GetOne('SELECT * FROM guestnet WHERE uid=?', array((int)$member['uid']))) !== FALSE) {
$smarty->assign('currentGuestNetMAC', $currentGuestNetMAC);
} else {
$smarty->assign('currentGuestNetMAC', '');
}
if (($newGuestNetMAC !== false) && ($newGuestNetMAC != $currentGuestNetMAC)) {
$smarty->assign('newGuestNetMAC', $newGuestNetMAC);
}
}
// merge messages into errors for the time being
$error = array_merge((array)$error, (array)$messages);
$smarty->assign('error', $error);
$smarty->assign('url', $component['path']);
$result = $smarty->fetch('options.tpl');
$smarty->assign('title', "Options");
$smarty->assign('body', $result);
?>