relax constraint for email verification
[brisk.git] / web / usermgmt.php
1 <?php
2 /*
3  *  brisk - usermgmt.php
4  *
5  *  Copyright (C) 2014      Matteo Nastasi
6  *                          mailto: nastasi@alternativeoutput.it
7  *                                  matteo.nastasi@milug.org
8  *                          web: http://www.alternativeoutput.it
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18  * General Public License for more details. You should have received a
19  * copy of the GNU General Public License along with this program; if
20  * not, write to the Free Software Foundation, Inc, 59 Temple Place -
21  * Suite 330, Boston, MA 02111-1307, USA.
22  *
23  */
24
25 $G_base = "";
26
27 $mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
28                                            'en' => 'Brisk: credentials.'),
29                       'nu_ptext' => array( 'it' =>
30 'Ciao, sono l\' amministratore del sito di Brisk.
31
32 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
33 d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
34
35 Benvenuto e buone partite, mop.',
36                                            'en' => 'EN ptext [%s] [%s]'),
37                       'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
38 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine.<br><br>Per accedere al  sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.<br><br>
39 Benvenuto e buone partite, mop.<br>',
40                                            'en' => 'EN phtml [%s] [%s]')
41                       );
42
43
44 ini_set("max_execution_time",  "240");
45
46 require_once($G_base."Obj/brisk.phh");
47 require_once($G_base."Obj/user.phh");
48 require_once($G_base."Obj/auth.phh");
49 require_once($G_base."Obj/mail.phh");
50 require_once($G_base."Obj/dbase_base.phh");
51 require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
52 require_once($G_base."briskin5/Obj/briskin5.phh");
53 require_once($G_base."briskin5/Obj/placing.phh");
54 require_once($G_base."spush/brisk-spush.phh");
55 require_once($G_base."index_wr.php");
56
57 function check_auth()
58 {
59     GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
60
61     $socket = FALSE;
62     $ret = FALSE;
63     $ip = $_SERVER["REMOTE_ADDR"];
64     $stp = 0;
65     $private = md5($G_alarm_passwd.$ip.$sess);
66     $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
67     $cmd_ser = cmd_serialize($cmd);
68     $cmd_len = mb_strlen($cmd_ser, "ASCII");
69
70     do {
71         if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE)
72             break;
73         $stp = 1;
74         if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
75             || $rwr != $cmd_len)
76             break;
77         fflush($socket);
78         $stp = 2;
79         if (($buf = fread($socket, 4096)) == FALSE)
80             break;
81         $res = cmd_deserialize($buf);
82         $stp = 3;
83         if (!isset($res['val']) || $res['val'] != 200)
84             break;
85         $ret = TRUE;
86         $stp = 4;
87     } while (0);
88     if ($socket != FALSE)
89         fclose($socket);
90
91     if ($stp < 4) {
92         echo "STP: $stp<br>";
93     }
94     return ($ret);
95 }
96
97 $s_style = "
98 <style>
99      table.the_tab {
100             border-collapse: collapse;
101             margin: 8px;
102             }
103
104      table.the_tab td {
105             border: 1px solid black;
106             padding: 8px;
107             }
108 </style>";
109
110 function main() {
111     GLOBAL $s_style, $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
112     GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
113
114
115     $curtime = time();
116     $status = "";
117
118     if (check_auth() == FALSE) {
119         echo "Authentication failed";
120         exit;
121     }
122
123     $nocheck = FALSE;
124     if (isset($_GET['f_nocheck'])) {
125         $nocheck = TRUE;
126     }
127
128     if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
129         if (isset($_POST['f_accept'])) {
130             $action = "accept";
131         }
132         else if (isset($_POST['f_delete'])) {
133             $action = "delete";
134         }
135         else {
136             $action = "show";
137         }
138
139         if ($action == "accept") {
140             foreach($_POST as $key => $value) {
141                 if (substr($key, 0, 9) != "f_newuser")
142                     continue;
143
144                 $id = (int)substr($key, 9);
145                 if ($id <= 0)
146                     continue;
147
148                 // check existence of username or email
149                 $is_trans = FALSE;
150                 $res = FALSE;
151                 do {
152                     if (($bdb = BriskDB::create()) == FALSE)
153                         break;
154
155                     // retrieve list added users
156                     $usr_sql = sprintf("
157 SELECT usr.*, guar.login AS guar_login
158      FROM %susers AS usr
159      JOIN %susers AS guar ON guar.code = usr.guar_code
160      WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
161          AND usr.disa_reas = %d AND usr.code = %d;",
162                                $G_dbpfx, $G_dbpfx,
163                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
164                                USER_DIS_REA_NU_ADDED, $id);
165                     if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
166                         log_crit("stat-day: select from tournaments failed");
167                         break;
168                     }
169                     $usr_n = pg_numrows($usr_pg);
170                     if ($usr_n != 1) {
171                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
172                                           $id, $usr_n);
173                         break;
174                     }
175
176                     $usr_obj = pg_fetch_object($usr_pg, 0);
177
178                     $bdb->transaction('BEGIN');
179                     $is_trans = TRUE;
180
181
182                     if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
183                                                    TRUE, USER_DIS_REA_NU_ADDED,
184                                                    TRUE, USER_DIS_REA_NU_MAILED)) == FALSE) {
185                         echo "fail 2<br>";
186                         break;
187                     }
188
189                     if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
190                         fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
191                         break;
192                     }
193                     $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
194
195                     $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
196                                             $G_domain, $G_webbase, $mail_code, $hash);
197                     $subj = $mlang_indwr['nu_msubj'][$G_lang];
198                     if (($usr_obj->type & USER_FLAG_TY_APPR) == USER_FLAG_TY_APPR) {
199                         $body_txt = sprintf($mlang_indwr['ap_mtext'][$G_lang],
200                                             $cli_name, $confirm_page);
201                         $body_htm = sprintf($mlang_indwr['ap_mhtml'][$G_lang],
202                                             $cli_name, $confirm_page);
203                     }
204                     else {
205                         $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
206                                             $usr_obj->guar_login, $usr_obj->login, $confirm_page);
207                         $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
208                                             $usr_obj->guar_login, $usr_obj->login, $confirm_page);
209                     }
210
211                     $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
212                                                 $curtime, $subj, $body_txt, $body_htm, $hash);
213
214                     if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
215                         // mail error
216                         fprintf(STDERR, "ERROR: mail send FAILED\n");
217                         break;
218                     }
219                     // save the mail
220                     if ($mail_item->store($bdb) == FALSE) {
221                         // store mail error
222                         fprintf(STDERR, "ERROR: store mail FAILED\n");
223                         break;
224                     }
225                     $status .= sprintf("status change for %s: SUCCESS<br>", $usr_obj->login);
226                     $bdb->transaction('COMMIT');
227                     $res = TRUE;
228                 } while(FALSE);
229                 if ($res == FALSE) {
230                     $status .= sprintf("Error occurred during accept action<br>");
231                     if ($is_trans)
232                         $bdb->transaction('ROLLBACK');
233                     break;
234                 }
235             }
236         }
237
238         do {
239             if (($bdb = BriskDB::create()) == FALSE) {
240                 log_crit("stat-day: database connection failed");
241                 break;
242             }
243
244             // retrieve list added users
245             $usr_sql = sprintf("
246 SELECT usr.*, guar.login AS guar_login
247      FROM %susers AS usr
248      JOIN %susers AS guar ON guar.code = usr.guar_code
249      WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
250          AND usr.disa_reas = %d ORDER BY usr.lintm;",
251                                $G_dbpfx, $G_dbpfx,
252                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
253                                USER_DIS_REA_NU_ADDED);
254             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
255                 log_crit("stat-day: select from tournaments failed");
256                 break;
257             }
258             $usr_n = pg_numrows($usr_pg);
259             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
260             for ($i = 0 ; $i < $usr_n ; $i++) {
261                 $usr_obj = pg_fetch_object($usr_pg, $i);
262
263                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
264                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
265                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
266             }
267
268
269             ?>
270 <html>
271 <head>
272 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
273 <title>Brisk: new imported users management.</title>
274      <?php echo "$s_style"; ?>
275 </head>
276 <body>
277 <h2> New imported users management.</h2>
278      <?php if ($status != "") { echo "$status"; } ?>
279 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
280 <table class="the_tab">
281 <?php
282      echo $tab_lines;
283 ?>
284 </table>
285 <input type="submit" name="f_accept" value="Newuser Accept">
286 <input type="submit" name="f_delete" value="Newuser Delete">
287 </form>
288 </body>
289 </html>
290 <?php
291            exit;
292         } while(FALSE);
293         printf("Some error occurred during newuser visualization\n");
294         exit;
295     }
296
297     if (isset($_GET['do']) && $_GET['do'] == 'mailed') {
298         if (isset($_POST['f_resend'])) {
299             $action = "resend";
300         }
301         else if (isset($_POST['f_delete'])) {
302             $action = "delete";
303         }
304         else {
305             $action = "show";
306         }
307
308         if ($action == "resend") {
309             foreach($_POST as $key => $value) {
310                 if (substr($key, 0, 9) != "f_newuser")
311                     continue;
312
313                 $id = (int)substr($key, 9);
314                 if ($id <= 0)
315                     continue;
316
317                 $res = FALSE;
318                 do {
319                     if (($bdb = BriskDB::create()) == FALSE) {
320                         $status .= "1<br>";
321                         break;
322                     }
323                     // retrieve list added users
324                     $mai_sql = sprintf("
325 SELECT mail.*, usr.email AS email
326      FROM %susers AS usr
327      JOIN %smails AS mail ON mail.ucode = usr.code
328      WHERE mail.ucode = %d AND mail.type = %d",
329                                        $G_dbpfx, $G_dbpfx, $id, MAIL_TYP_CHECK);
330                     if (($mai_pg = pg_query($bdb->dbconn->db(), $mai_sql)) == FALSE) {
331                         log_crit("retrieve mail failed");
332                         $status .= "2<br>";
333                         break;
334                     }
335                     $mai_n = pg_numrows($mai_pg);
336                     if ($mai_n != 1) {
337                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
338                                           $id, $mai_n);
339                         break;
340                     }
341                     $mai_obj = pg_fetch_object($mai_pg, 0);
342                     $mail = MailDBItem::MailDBItemFromRecord($mai_obj);
343
344                     if (brisk_mail($mai_obj->email, $mail->subj, $mail->body_txt, $mail->body_htm) == FALSE) {
345                         // mail error
346                         $status .= sprintf("Send mail filed for user id %d<br>\n", $id);
347                         break;
348                     }
349                     $res = TRUE;
350                 } while(FALSE);
351                 if ($res == FALSE) {
352                     $status .= sprintf("Error occurred during resend action<br>");
353                     break;
354                 }
355             } // foreach
356         }
357
358         do {
359             if (($bdb = BriskDB::create()) == FALSE) {
360                 log_crit("stat-day: database connection failed");
361                 break;
362             }
363
364             // retrieve list added users
365             $usr_sql = sprintf("
366 SELECT usr.*, guar.login AS guar_login
367      FROM %susers AS usr
368      JOIN %susers AS guar ON guar.code = usr.guar_code
369      WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
370          AND usr.disa_reas = %d ORDER BY usr.lintm;",
371                                $G_dbpfx, $G_dbpfx,
372                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
373                                USER_DIS_REA_NU_MAILED);
374             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
375                 log_crit("stat-day: select from tournaments failed");
376                 break;
377             }
378             $usr_n = pg_numrows($usr_pg);
379             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
380             for ($i = 0 ; $i < $usr_n ; $i++) {
381                 $usr_obj = pg_fetch_object($usr_pg, $i);
382
383                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
384                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
385                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
386             }
387             ?>
388 <html>
389 <head>
390 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
391 <title>Brisk: new mailed users management.</title>
392      <?php echo "$s_style"; ?>
393 </head>
394 <body>
395 <h2> New mailed users management.</h2>
396      <?php if ($status != "") { echo "$status"; } ?>
397 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
398 <table class="the_tab">
399 <?php
400      echo $tab_lines;
401 ?>
402 </table>
403 <input type="submit" name="f_resend" value="Mailed Resend">
404 <input type="submit" name="f_delete" value="Mailed Delete">
405 </form>
406 </body>
407 </html>
408 <?php
409            exit;
410         } while(FALSE);
411         printf("Some error occurred during newuser visualization\n");
412         exit;
413     }
414     else { // if ($_GET['do'] ...
415         if (isset($_POST['f_accept'])) {
416             $action = "accept";
417         }
418         else if (isset($_POST['f_delete'])) {
419             $action = "delete";
420         }
421         else {
422             $action = "show";
423         }
424
425         if ($action == "accept") {
426             if (($bdb = BriskDB::create()) == FALSE) {
427                 log_crit("stat-day: database connection failed");
428                 break;
429             }
430
431             foreach($_POST as $key => $value) {
432                 if (substr($key, 0, 9) != "f_newuser")
433                     continue;
434
435                 $id = (int)substr($key, 9);
436                 if ($id <= 0)
437                     continue;
438
439
440                 // retrieve list of active tournaments
441                 $usr_sql = sprintf("
442 SELECT usr.*, guar.login AS guar_login
443      FROM %susers AS usr
444      JOIN %susers AS guar ON guar.code = usr.guar_code
445      WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
446          AND usr.disa_reas = %d AND usr.code = %d;",
447                                    $G_dbpfx, $G_dbpfx,
448                                    USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
449                                    USER_DIS_REA_NU_TOBECHK, $id);
450                 if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
451                     log_crit("stat-day: select from tournaments failed");
452                     break;
453                 }
454                 $usr_obj = pg_fetch_object($usr_pg, 0);
455
456                 printf("KEY: %s: %s %s<br>\n", $id, $value, $usr_obj->login);
457                 // change state
458                 $passwd = passwd_gen();
459
460                 if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
461                     echo "fail 1.5<br>";
462                     break;
463                 }
464
465                 if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
466                                                TRUE, USER_DIS_REA_NU_TOBECHK,
467                                                FALSE, USER_DIS_REA_NONE)) == FALSE) {
468                     echo "fail 2<br>";
469                     break;
470                 }
471
472                 $bdb->user_update_login_time($usr_obj->code, 0);
473
474                 // send mail
475                 $subj = $mlang_umgmt['nu_psubj'][$G_lang];
476                 $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
477                                     $usr_obj->login, $passwd);
478                 $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
479                                     $usr_obj->login, $passwd);
480
481                 log_step(sprintf("[%s], [%s], [%s], [%s]\n", $usr_obj->email, $subj, $body_txt, $body_htm));
482
483
484                 if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
485                     // mail error
486                     fprintf(STDERR, "ERROR: mail send FAILED\n");
487                     break;
488                 }
489             }
490             exit;
491         }
492         else {
493             do {
494             if (($bdb = BriskDB::create()) == FALSE) {
495                 log_crit("stat-day: database connection failed");
496                 break;
497             }
498
499             // retrieve list of active tournaments
500             $usr_sql = sprintf("
501 SELECT usr.*, guar.login AS guar_login
502      FROM %susers AS usr
503      JOIN %susers AS guar ON guar.code = usr.guar_code
504      WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
505          AND usr.disa_reas = %d ORDER BY usr.lintm;",
506                                $G_dbpfx, $G_dbpfx,
507                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
508                                USER_DIS_REA_NU_TOBECHK);
509             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
510                 log_crit("stat-day: select from tournaments failed");
511                 break;
512             }
513
514             $usr_n = pg_numrows($usr_pg);
515             $tab_lines = "<tr><th></th><th>User</th><th>EMail</th><th>Guar</th><th>Apprendice</th><th>Date</th></tr>";
516             for ($i = 0 ; $i < $usr_n ; $i++) {
517                 $usr_obj = pg_fetch_object($usr_pg, $i);
518
519                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
520                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
521                                       eschtml($usr_obj->login), eschtml($usr_obj->email), eschtml($usr_obj->guar_login),
522                                       ($usr_obj->type & USER_FLAG_TY_APPR ? "Yes" : "No"),
523                                       $usr_obj->lintm);
524             }
525             ?>
526 <html>
527 <head>
528 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
529 <title>Brisk: email verified user management.</title>
530      <?php echo "$s_style"; ?>
531 </head>
532      <body>
533      <h2> E-mail verified user management.</h2>
534      <?php if ($status != "") { echo "$status"; } ?>
535      <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
536      <table class="the_tab">
537      <?php
538      echo $tab_lines;
539             ?>
540             </table>
541                   <input type="submit" name="f_accept" value="Accept">
542                   <input type="submit" name="f_delete" value="Delete">
543                   </form>
544                   </body>
545                   </html>
546                   <?php
547                   } while(FALSE);
548         } // else of if ($action ...
549     } // else of if ($do ...
550 }
551
552 main();
553
554 ?>