web/usermgmt.php

   1 <?php
   2 /*
   3  *  brisk - usermgmt.php
   4  *
   5  *  Copyright (C) 2014      Matteo Nastasi
   6  *                          mailto: nastasi@alternativeoutput.it
   7  *                                  matteo.nastasi@milug.org
   8  *                          web: http://www.alternativeoutput.it
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License as published by
  12  * the Free Software Foundation; either version 2 of the License, or
  13  * (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful, but
  16  * WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18  * General Public License for more details. You should have received a
  19  * copy of the GNU General Public License along with this program; if
  20  * not, write to the Free Software Foundation, Inc, 59 Temple Place -
  21  * Suite 330, Boston, MA 02111-1307, USA.
  22  *
  23  */
  24
  25 $G_base = "";
  26
  27 $mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
  28                                            'en' => 'Brisk: credentials.'),
  29                       'nu_ptext' => array( 'it' =>
  30 'Ciao, sono l\' amministratore del sito di Brisk.
  31
  32 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
  33 d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
  34
  35 Benvenuto e buone partite, mop.',
  36                                            'en' => 'EN ptext [%s] [%s]'),
  37                       'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
  38 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine.<br><br>Per accedere al  sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.<br><br>
  39 Benvenuto e buone partite, mop.<br>',
  40                                            'en' => 'EN phtml [%s] [%s]')
  41                       );
  42
  43
  44 ini_set("max_execution_time",  "240");
  45
  46 require_once($G_base."Obj/brisk.phh");
  47 require_once($G_base."Obj/user.phh");
  48 require_once($G_base."Obj/auth.phh");
  49 require_once($G_base."Obj/mail.phh");
  50 require_once($G_base."Obj/dbase_base.phh");
  51 require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
  52 require_once($G_base."briskin5/Obj/briskin5.phh");
  53 require_once($G_base."briskin5/Obj/placing.phh");
  54 require_once($G_base."spush/brisk-spush.phh");
  55 require_once($G_base."index_wr.php");
  56
  57 function check_auth()
  58 {
  59     GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
  60
  61     $socket = FALSE;
  62     $ret = FALSE;
  63     $ip = $_SERVER["REMOTE_ADDR"];
  64     $stp = 0;
  65     $private = md5($G_alarm_passwd.$ip.$sess);
  66     $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
  67     $cmd_ser = cmd_serialize($cmd);
  68     $cmd_len = mb_strlen($cmd_ser, "ASCII");
  69
  70     do {
  71         if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE)
  72             break;
  73         $stp = 1;
  74         if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
  75             || $rwr != $cmd_len)
  76             break;
  77         fflush($socket);
  78         $stp = 2;
  79         if (($buf = fread($socket, 4096)) == FALSE)
  80             break;
  81         $res = cmd_deserialize($buf);
  82         $stp = 3;
  83         if (!isset($res['val']) || $res['val'] != 200)
  84             break;
  85         $ret = TRUE;
  86         $stp = 4;
  87     } while (0);
  88     if ($socket != FALSE)
  89         fclose($socket);
  90
  91     if ($stp < 4) {
  92         echo "STP: $stp<br>";
  93     }
  94     return ($ret);
  95 }
  96
  97 $s_style = "
  98 <style>
  99      table.the_tab {
 100             border-collapse: collapse;
 101             margin: 8px;
 102             }
 103
 104      table.the_tab td {
 105             border: 1px solid black;
 106             padding: 8px;
 107             }
 108 </style>";
 109
 110 function main() {
 111     GLOBAL $s_style, $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
 112     GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
 113
 114
 115     $curtime = time();
 116     $status = "";
 117
 118     if (check_auth() == FALSE) {
 119         echo "Authentication failed";
 120         exit;
 121     }
 122
 123     $nocheck = FALSE;
 124     if (isset($_GET['f_nocheck'])) {
 125         $nocheck = TRUE;
 126     }
 127
 128     if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
 129         if (isset($_POST['f_accept'])) {
 130             $action = "accept";
 131         }
 132         else if (isset($_POST['f_delete'])) {
 133             $action = "delete";
 134         }
 135         else {
 136             $action = "show";
 137         }
 138
 139         if ($action == "accept") {
 140             foreach($_POST as $key => $value) {
 141                 if (substr($key, 0, 9) != "f_newuser")
 142                     continue;
 143
 144                 $id = (int)substr($key, 9);
 145                 if ($id <= 0)
 146                     continue;
 147
 148                 // check existence of username or email
 149                 $is_trans = FALSE;
 150                 $res = FALSE;
 151                 do {
 152                     if (($bdb = BriskDB::create()) == FALSE)
 153                         break;
 154
 155                     // retrieve list added users
 156                     $usr_sql = sprintf("
 157 SELECT usr.*, guar.login AS guar_login
 158      FROM %susers AS usr
 159      JOIN %susers AS guar ON guar.code = usr.guar_code
 160      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
 161          AND usr.disa_reas = %d AND usr.code = %d;",
 162                                $G_dbpfx, $G_dbpfx,
 163                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
 164                                USER_DIS_REA_NU_ADDED, $id);
 165                     if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
 166                         log_crit("stat-day: select from tournaments failed");
 167                         break;
 168                     }
 169                     $usr_n = pg_numrows($usr_pg);
 170                     if ($usr_n != 1) {
 171                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
 172                                           $id, $usr_n);
 173                         break;
 174                     }
 175
 176                     $usr_obj = pg_fetch_object($usr_pg, 0);
 177
 178                     $bdb->transaction('BEGIN');
 179                     $is_trans = TRUE;
 180
 181
 182                     if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
 183                                                    TRUE, USER_DIS_REA_NU_ADDED,
 184                                                    TRUE, USER_DIS_REA_NU_MAILED)) == FALSE) {
 185                         echo "fail 2<br>";
 186                         break;
 187                     }
 188
 189                     if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
 190                         fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
 191                         break;
 192                     }
 193                     $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
 194
 195                     $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
 196                                             $G_domain, $G_webbase, $mail_code, $hash);
 197                     $subj = $mlang_indwr['nu_msubj'][$G_lang];
 198                     if (($usr_obj->type & USER_FLAG_TY_APPR) == USER_FLAG_TY_APPR) {
 199                         $body_txt = sprintf($mlang_indwr['ap_mtext'][$G_lang],
 200                                             $cli_name, $confirm_page);
 201                         $body_htm = sprintf($mlang_indwr['ap_mhtml'][$G_lang],
 202                                             $cli_name, $confirm_page);
 203                     }
 204                     else {
 205                         $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
 206                                             $usr_obj->guar_login, $usr_obj->login, $confirm_page);
 207                         $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
 208                                             $usr_obj->guar_login, $usr_obj->login, $confirm_page);
 209                     }
 210
 211                     $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
 212                                                 $curtime, $subj, $body_txt, $body_htm, $hash);
 213
 214                     if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
 215                         // mail error
 216                         fprintf(STDERR, "ERROR: mail send FAILED\n");
 217                         break;
 218                     }
 219                     // save the mail
 220                     if ($mail_item->store($bdb) == FALSE) {
 221                         // store mail error
 222                         fprintf(STDERR, "ERROR: store mail FAILED\n");
 223                         break;
 224                     }
 225                     $status .= sprintf("status change for %s: SUCCESS<br>", $usr_obj->login);
 226                     $bdb->transaction('COMMIT');
 227                     $res = TRUE;
 228                 } while(FALSE);
 229                 if ($res == FALSE) {
 230                     $status .= sprintf("Error occurred during accept action<br>");
 231                     if ($is_trans)
 232                         $bdb->transaction('ROLLBACK');
 233                     break;
 234                 }
 235             }
 236         }
 237
 238         do {
 239             if (($bdb = BriskDB::create()) == FALSE) {
 240                 log_crit("stat-day: database connection failed");
 241                 break;
 242             }
 243
 244             // retrieve list added users
 245             $usr_sql = sprintf("
 246 SELECT usr.*, guar.login AS guar_login
 247      FROM %susers AS usr
 248      JOIN %susers AS guar ON guar.code = usr.guar_code
 249      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
 250          AND usr.disa_reas = %d
 251      ORDER BY usr.lintm;",
 252                                $G_dbpfx, $G_dbpfx,
 253                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
 254                                USER_DIS_REA_NU_ADDED);
 255             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
 256                 log_crit("stat-day: select from tournaments failed");
 257                 break;
 258             }
 259             $usr_n = pg_numrows($usr_pg);
 260             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
 261             for ($i = 0 ; $i < $usr_n ; $i++) {
 262                 $usr_obj = pg_fetch_object($usr_pg, $i);
 263
 264                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
 265                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
 266                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
 267             }
 268
 269
 270             ?>
 271 <html>
 272 <head>
 273 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 274 <title>Brisk: new imported users management.</title>
 275      <?php echo "$s_style"; ?>
 276 </head>
 277 <body>
 278 <h2> New imported users management.</h2>
 279      <?php if ($status != "") { echo "$status"; } ?>
 280 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
 281 <table class="the_tab">
 282 <?php
 283      echo $tab_lines;
 284 ?>
 285 </table>
 286 <input type="submit" name="f_accept" value="Newuser Accept">
 287 <input type="submit" name="f_delete" value="Newuser Delete">
 288 </form>
 289 </body>
 290 </html>
 291 <?php
 292            exit;
 293         } while(FALSE);
 294         printf("Some error occurred during newuser visualization\n");
 295         exit;
 296     }
 297
 298     if (isset($_GET['do']) && $_GET['do'] == 'mailed') {
 299         if (isset($_POST['f_resend'])) {
 300             $action = "resend";
 301         }
 302         else if (isset($_POST['f_delete'])) {
 303             $action = "delete";
 304         }
 305         else {
 306             $action = "show";
 307         }
 308
 309         if ($action == "resend") {
 310             foreach($_POST as $key => $value) {
 311                 if (substr($key, 0, 9) != "f_newuser")
 312                     continue;
 313
 314                 $id = (int)substr($key, 9);
 315                 if ($id <= 0)
 316                     continue;
 317
 318                 $res = FALSE;
 319                 do {
 320                     if (($bdb = BriskDB::create()) == FALSE) {
 321                         $status .= "1<br>";
 322                         break;
 323                     }
 324                     // retrieve list added users
 325                     $mai_sql = sprintf("
 326 SELECT mail.*, usr.email AS email
 327      FROM %susers AS usr
 328      JOIN %smails AS mail ON mail.ucode = usr.code
 329      WHERE mail.ucode = %d AND mail.type = %d",
 330                                        $G_dbpfx, $G_dbpfx, $id, MAIL_TYP_CHECK);
 331                     if (($mai_pg = pg_query($bdb->dbconn->db(), $mai_sql)) == FALSE) {
 332                         log_crit("retrieve mail failed");
 333                         $status .= "2<br>";
 334                         break;
 335                     }
 336                     $mai_n = pg_numrows($mai_pg);
 337                     if ($mai_n != 1) {
 338                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
 339                                           $id, $mai_n);
 340                         break;
 341                     }
 342                     $mai_obj = pg_fetch_object($mai_pg, 0);
 343                     $mail = MailDBItem::MailDBItemFromRecord($mai_obj);
 344
 345                     if (brisk_mail($mai_obj->email, $mail->subj, $mail->body_txt, $mail->body_htm) == FALSE) {
 346                         // mail error
 347                         $status .= sprintf("Send mail filed for user id %d<br>\n", $id);
 348                         break;
 349                     }
 350                     $res = TRUE;
 351                 } while(FALSE);
 352                 if ($res == FALSE) {
 353                     $status .= sprintf("Error occurred during resend action<br>");
 354                     break;
 355                 }
 356             } // foreach
 357         }
 358
 359         do {
 360             if (($bdb = BriskDB::create()) == FALSE) {
 361                 log_crit("stat-day: database connection failed");
 362                 break;
 363             }
 364
 365             // retrieve list added users
 366             $usr_sql = sprintf("
 367 SELECT usr.*, guar.login AS guar_login
 368      FROM %susers AS usr
 369      JOIN %susers AS guar ON guar.code = usr.guar_code
 370      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
 371          AND usr.disa_reas = %d
 372      ORDER BY usr.lintm;",
 373                                $G_dbpfx, $G_dbpfx,
 374                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
 375                                USER_DIS_REA_NU_MAILED);
 376             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
 377                 log_crit("stat-day: select from tournaments failed");
 378                 break;
 379             }
 380             $usr_n = pg_numrows($usr_pg);
 381             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
 382             for ($i = 0 ; $i < $usr_n ; $i++) {
 383                 $usr_obj = pg_fetch_object($usr_pg, $i);
 384
 385                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
 386                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
 387                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
 388             }
 389             ?>
 390 <html>
 391 <head>
 392 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 393 <title>Brisk: new mailed users management.</title>
 394      <?php echo "$s_style"; ?>
 395 </head>
 396 <body>
 397 <h2> New mailed users management.</h2>
 398      <?php if ($status != "") { echo "$status"; } ?>
 399 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
 400 <table class="the_tab">
 401 <?php
 402      echo $tab_lines;
 403 ?>
 404 </table>
 405 <input type="submit" name="f_resend" value="Mailed Resend">
 406 <input type="submit" name="f_delete" value="Mailed Delete">
 407 </form>
 408 </body>
 409 </html>
 410 <?php
 411            exit;
 412         } while(FALSE);
 413         printf("Some error occurred during newuser visualization\n");
 414         exit;
 415     }
 416     else { // if ($_GET['do'] ...
 417         if (isset($_POST['f_accept'])) {
 418             $action = "accept";
 419         }
 420         else if (isset($_POST['f_delete'])) {
 421             $action = "delete";
 422         }
 423         else {
 424             $action = "show";
 425         }
 426
 427         if ($action == "accept") {
 428             if (($bdb = BriskDB::create()) == FALSE) {
 429                 log_crit("stat-day: database connection failed");
 430                 break;
 431             }
 432
 433             foreach($_POST as $key => $value) {
 434                 if (substr($key, 0, 9) != "f_newuser")
 435                     continue;
 436
 437                 $id = (int)substr($key, 9);
 438                 if ($id <= 0)
 439                     continue;
 440
 441
 442                 // retrieve list of active tournaments
 443                 $usr_sql = sprintf("
 444 SELECT usr.*, guar.login AS guar_login
 445      FROM %susers AS usr
 446      JOIN %susers AS guar ON guar.code = usr.guar_code
 447      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
 448          AND usr.disa_reas = %d AND usr.code = %d;",
 449                                    $G_dbpfx, $G_dbpfx,
 450                                    USER_FLAG_TY_ALL & ~USER_FLAG_TY_APPR, USER_FLAG_TY_DISABLE,
 451                                    USER_DIS_REA_NU_TOBECHK, $id);
 452                 if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
 453                     log_crit("stat-day: select from tournaments failed");
 454                     break;
 455                 }
 456                 $usr_obj = pg_fetch_object($usr_pg, 0);
 457
 458                 printf("KEY: %s: %s %s<br>\n", $id, $value, $usr_obj->login);
 459                 // change state
 460                 $passwd = passwd_gen();
 461
 462                 if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
 463                     echo "fail 1.5<br>";
 464                     break;
 465                 }
 466
 467                 if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
 468                                                TRUE, USER_DIS_REA_NU_TOBECHK,
 469                                                FALSE, USER_DIS_REA_NONE)) == FALSE) {
 470                     echo "fail 2<br>";
 471                     break;
 472                 }
 473
 474                 $bdb->user_update_login_time($usr_obj->code, 0);
 475
 476                 // send mail
 477                 $subj = $mlang_umgmt['nu_psubj'][$G_lang];
 478                 $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
 479                                     $usr_obj->login, $passwd);
 480                 $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
 481                                     $usr_obj->login, $passwd);
 482
 483                 log_step(sprintf("[%s], [%s], [%s], [%s]\n", $usr_obj->email, $subj, $body_txt, $body_htm));
 484
 485
 486                 if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
 487                     // mail error
 488                     fprintf(STDERR, "ERROR: mail send FAILED\n");
 489                     break;
 490                 }
 491             }
 492             exit;
 493         }
 494         else {
 495             do {
 496             if (($bdb = BriskDB::create()) == FALSE) {
 497                 log_crit("stat-day: database connection failed");
 498                 break;
 499             }
 500
 501             // retrieve list of active tournaments
 502             $usr_sql = sprintf("
 503 SELECT usr.*, guar.login AS guar_login
 504      FROM %susers AS usr
 505      JOIN %susers AS guar ON guar.code = usr.guar_code
 506      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
 507          AND usr.disa_reas = %d
 508      ORDER BY usr.lintm;",
 509                                $G_dbpfx, $G_dbpfx,
 510                                USER_FLAG_TY_ALL & ~USER_FLAG_TY_APPR, USER_FLAG_TY_DISABLE,
 511                                USER_DIS_REA_NU_TOBECHK);
 512             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
 513                 log_crit("stat-day: select from tournaments failed");
 514                 break;
 515             }
 516
 517             $usr_n = pg_numrows($usr_pg);
 518             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Apprendice</th><th>Date</th></tr>";
 519             for ($i = 0 ; $i < $usr_n ; $i++) {
 520                 $usr_obj = pg_fetch_object($usr_pg, $i);
 521
 522                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
 523                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
 524                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login),
 525                                       ($usr_obj->type & USER_FLAG_TY_APPR ? "Yes" : "No"),
 526                                       $usr_obj->lintm);
 527             }
 528             ?>
 529 <html>
 530 <head>
 531 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 532 <title>Brisk: email verified user management.</title>
 533      <?php echo "$s_style"; ?>
 534 </head>
 535      <body>
 536      <h2> E-mail verified user management.</h2>
 537      <?php if ($status != "") { echo "$status"; } ?>
 538      <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
 539      <table class="the_tab">
 540      <?php
 541      echo $tab_lines;
 542             ?>
 543             </table>
 544                   <input type="submit" name="f_accept" value="Accept">
 545                   <input type="submit" name="f_delete" value="Delete">
 546                   </form>
 547                   </body>
 548                   </html>
 549                   <?php
 550                   } while(FALSE);
 551         } // else of if ($action ...
 552     } // else of if ($do ...
 553 }
 554
 555 main();
 556
 557 ?>