projects / brisk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
backported various fixes from production installation
[brisk.git] / web / usermgmt.php
1 <?php
2 /*
3  *  brisk - usermgmt.php
4  *
5  *  Copyright (C) 2014      Matteo Nastasi
6  *                          mailto: nastasi@alternativeoutput.it
7  *                                  matteo.nastasi@milug.org
8  *                          web: http://www.alternativeoutput.it
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18  * General Public License for more details. You should have received a
19  * copy of the GNU General Public License along with this program; if
20  * not, write to the Free Software Foundation, Inc, 59 Temple Place -
21  * Suite 330, Boston, MA 02111-1307, USA.
22  *
23  */
24
25 $G_base = "";
26
27 $mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
28                                            'en' => 'Brisk: credentials.'),
29                       'nu_ptext' => array( 'it' =>
30 'Ciao, sono l\' amministratore del sito di Brisk.
31
32 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
33 d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
34
35 Benvenuto e buone partite, mop.',
36                                            'en' => 'EN ptext [%s] [%s]'),
37                       'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
38 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al  sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.<br>
39 Benvenuto e buone partite, mop.<br>',
40                                            'en' => 'EN phtml [%s] [%s]')
41                       );
42
43
44 ini_set("max_execution_time",  "240");
45
46 require_once($G_base."Obj/brisk.phh");
47 require_once($G_base."Obj/user.phh");
48 require_once($G_base."Obj/auth.phh");
49 require_once($G_base."Obj/mail.phh");
50 require_once($G_base."Obj/dbase_base.phh");
51 require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
52 require_once($G_base."briskin5/Obj/briskin5.phh");
53 require_once($G_base."briskin5/Obj/placing.phh");
54 require_once($G_base."spush/brisk-spush.phh");
55 require_once($G_base."index_wr.php");
56
57 function check_auth()
58 {
59     GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
60
61     $socket = FALSE;
62     $ret = FALSE;
63     $ip = $_SERVER["REMOTE_ADDR"];
64     $stp = 0;
65     $private = md5($G_alarm_passwd.$ip.$sess);
66     $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
67     $cmd_ser = cmd_serialize($cmd);
68     $cmd_len = mb_strlen($cmd_ser, "ASCII");
69
70     do {
71         if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE)
72             break;
73         $stp = 1;
74         if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
75             || $rwr != $cmd_len)
76             break;
77         fflush($socket);
78         $stp = 2;
79         if (($buf = fread($socket, 4096)) == FALSE)
80             break;
81         $res = cmd_deserialize($buf);
82         $stp = 3;
83         if (!isset($res['val']) || $res['val'] != 200)
84             break;
85         $ret = TRUE;
86         $stp = 4;
87     } while (0);
88     if ($socket != FALSE)
89         fclose($socket);
90
91     if ($stp < 4) {
92         echo "STP: $stp<br>";
93     }
94     return ($ret);
95 }
96
97 function main() {
98     GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
99     GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
100
101     $curtime = time();
102     $status = "";
103
104     if (check_auth() == FALSE) {
105         echo "Authentication failed";
106         exit;
107     }
108
109     $nocheck = FALSE;
110     if (isset($_GET['f_nocheck'])) {
111         $nocheck = TRUE;
112     }
113
114     if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
115         if (isset($_POST['f_accept'])) {
116             $action = "accept";
117         }
118         else if (isset($_POST['f_delete'])) {
119             $action = "delete";
120         }
121         else {
122             $action = "show";
123         }
124
125         if ($action == "accept") {
126             foreach($_POST as $key => $value) {
127                 if (substr($key, 0, 9) != "f_newuser")
128                     continue;
129
130                 $id = (int)substr($key, 9);
131                 if ($id <= 0)
132                     continue;
133
134                 // check existence of username or email
135                 $is_trans = FALSE;
136                 $res = FALSE;
137                 do {
138                     if (($bdb = BriskDB::create()) == FALSE)
139                         break;
140
141                     // retrieve list added users
142                     $usr_sql = sprintf("
143 SELECT usr.*, guar.login AS guar_login
144      FROM %susers AS usr
145      JOIN %susers AS guar ON guar.code = usr.guar_code
146      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
147          AND usr.disa_reas = %d AND usr.code = %d;",
148                                $G_dbpfx, $G_dbpfx,
149                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
150                                USER_DIS_REA_NU_ADDED, $id);
151                     if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
152                         log_crit("stat-day: select from tournaments failed");
153                         break;
154                     }
155                     $usr_n = pg_numrows($usr_pg);
156                     if ($usr_n != 1) {
157                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
158                                           $id, $usr_n);
159                         break;
160                     }
161
162                     $usr_obj = pg_fetch_object($usr_pg, 0);
163
164                     $bdb->transaction('BEGIN');
165                     $is_trans = TRUE;
166
167
168                     if (($bdb->user_update_flag_ty($usr_obj->code,
169                                                    USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_ADDED,
170                                                    USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_MAILED)) == FALSE) {
171                         echo "fail 2<br>";
172                         break;
173                     }
174
175                     if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
176                         fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
177                         break;
178                     }
179                     $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
180
181                     $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
182                                             $G_domain, $G_webbase, $mail_code, $hash);
183                     $subj = $mlang_indwr['nu_msubj'][$G_lang];
184                     $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
185                                         $usr_obj->guar_login, $usr_obj->login, $confirm_page);
186                     $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
187                                         $usr_obj->guar_login, $usr_obj->login, $confirm_page);
188
189                     $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
190                                                 $curtime, $subj, $body_txt, $body_htm, $hash);
191
192                     if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
193                         // mail error
194                         fprintf(STDERR, "ERROR: mail send FAILED\n");
195                         break;
196                     }
197                     // save the mail
198                     if ($mail_item->store($bdb) == FALSE) {
199                         // store mail error
200                         fprintf(STDERR, "ERROR: store mail FAILED\n");
201                         break;
202                     }
203                     $status .= sprintf("status change for %s: SUCCESS<br>", $usr_obj->login);
204                     $bdb->transaction('COMMIT');
205                     $res = TRUE;
206                 } while(FALSE);
207                 if ($res == FALSE) {
208                     $status .= sprintf("Error occurred during accept action<br>");
209                     if ($is_trans)
210                         $bdb->transaction('ROLLBACK');
211                     break;
212                 }
213             }
214         }
215
216         do {
217             if (($bdb = BriskDB::create()) == FALSE) {
218                 log_crit("stat-day: database connection failed");
219                 break;
220             }
221
222             // retrieve list added users
223             $usr_sql = sprintf("
224 SELECT usr.*, guar.login AS guar_login
225      FROM %susers AS usr
226      JOIN %susers AS guar ON guar.code = usr.guar_code
227      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
228          AND usr.disa_reas = %d
229      ORDER BY usr.lintm;",
230                                $G_dbpfx, $G_dbpfx,
231                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
232                                USER_DIS_REA_NU_ADDED);
233             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
234                 log_crit("stat-day: select from tournaments failed");
235                 break;
236             }
237             $usr_n = pg_numrows($usr_pg);
238             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
239             for ($i = 0 ; $i < $usr_n ; $i++) {
240                 $usr_obj = pg_fetch_object($usr_pg, $i);
241
242                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
243                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
244                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
245             }
246             ?>
247 <html>
248 <head>
249 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
250 <title>Brisk: new imported users management.</title>
251 </head>
252 <body>
253 <h2> New imported users management.</h2>
254      <?php if ($status != "") { echo "$status"; } ?>
255 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
256 <table>
257 <?php
258      echo $tab_lines;
259 ?>
260 </table>
261 <input type="submit" name="f_accept" value="Newuser Accept">
262 <input type="submit" name="f_delete" value="Newuser Delete">
263 </form>
264 </body>
265 </html>
266 <?php
267            exit;
268         } while(FALSE);
269         printf("Some error occurred during newuser visualization\n");
270         exit;
271     }
272
273     if (isset($_GET['do']) && $_GET['do'] == 'mailed') {
274         if (isset($_POST['f_resend'])) {
275             $action = "resend";
276         }
277         else if (isset($_POST['f_delete'])) {
278             $action = "delete";
279         }
280         else {
281             $action = "show";
282         }
283
284         if ($action == "resend") {
285             foreach($_POST as $key => $value) {
286                 if (substr($key, 0, 9) != "f_newuser")
287                     continue;
288
289                 $id = (int)substr($key, 9);
290                 if ($id <= 0)
291                     continue;
292
293                 $res = FALSE;
294                 do {
295                     if (($bdb = BriskDB::create()) == FALSE) {
296                         $status .= "1<br>";
297                         break;
298                     }
299                     // retrieve list added users
300                     $mai_sql = sprintf("
301 SELECT mail.*, usr.email AS email
302      FROM %susers AS usr
303      JOIN %smails AS mail ON mail.ucode = usr.code
304      WHERE mail.ucode = %d AND mail.type = %d",
305                                        $G_dbpfx, $G_dbpfx, $id, MAIL_TYP_CHECK);
306                     if (($mai_pg = pg_query($bdb->dbconn->db(), $mai_sql)) == FALSE) {
307                         log_crit("retrieve mail failed");
308                         $status .= "2<br>";
309                         break;
310                     }
311                     $mai_n = pg_numrows($mai_pg);
312                     if ($mai_n != 1) {
313                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
314                                           $id, $mai_n);
315                         break;
316                     }
317                     $mai_obj = pg_fetch_object($mai_pg, 0);
318                     $mail = MailDBItem::MailDBItemFromRecord($mai_obj);
319
320                     if (brisk_mail($mai_obj->email, $mail->subj, $mail->body_txt, $mail->body_htm) == FALSE) {
321                         // mail error
322                         $status .= sprintf("Send mail filed for user id %d<br>\n", $id);
323                         break;
324                     }
325                     $res = TRUE;
326                 } while(FALSE);
327                 if ($res == FALSE) {
328                     $status .= sprintf("Error occurred during resend action<br>");
329                     break;
330                 }
331             } // foreach
332         }
333
334         do {
335             if (($bdb = BriskDB::create()) == FALSE) {
336                 log_crit("stat-day: database connection failed");
337                 break;
338             }
339
340             // retrieve list added users
341             $usr_sql = sprintf("
342 SELECT usr.*, guar.login AS guar_login
343      FROM %susers AS usr
344      JOIN %susers AS guar ON guar.code = usr.guar_code
345      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
346          AND usr.disa_reas = %d
347      ORDER BY usr.lintm;",
348                                $G_dbpfx, $G_dbpfx,
349                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
350                                USER_DIS_REA_NU_MAILED);
351             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
352                 log_crit("stat-day: select from tournaments failed");
353                 break;
354             }
355             $usr_n = pg_numrows($usr_pg);
356             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
357             for ($i = 0 ; $i < $usr_n ; $i++) {
358                 $usr_obj = pg_fetch_object($usr_pg, $i);
359
360                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
361                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
362                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
363             }
364             ?>
365 <html>
366 <head>
367 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
368 <title>Brisk: new mailed users management.</title>
369 </head>
370 <body>
371 <h2> New mailed users management.</h2>
372      <?php if ($status != "") { echo "$status"; } ?>
373 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
374 <table>
375 <?php
376      echo $tab_lines;
377 ?>
378 </table>
379 <input type="submit" name="f_resend" value="Mailed Resend">
380 <input type="submit" name="f_delete" value="Mailed Delete">
381 </form>
382 </body>
383 </html>
384 <?php
385            exit;
386         } while(FALSE);
387         printf("Some error occurred during newuser visualization\n");
388         exit;
389     }
390     else { // if ($_GET['do'] ...
391         if (isset($_POST['f_accept'])) {
392             $action = "accept";
393         }
394         else if (isset($_POST['f_delete'])) {
395             $action = "delete";
396         }
397         else {
398             $action = "show";
399         }
400
401         if ($action == "accept") {
402             if (($bdb = BriskDB::create()) == FALSE) {
403                 log_crit("stat-day: database connection failed");
404                 break;
405             }
406
407             foreach($_POST as $key => $value) {
408                 if (substr($key, 0, 9) != "f_newuser")
409                     continue;
410
411                 $id = (int)substr($key, 9);
412                 if ($id <= 0)
413                     continue;
414
415
416                 // retrieve list of active tournaments
417                 $usr_sql = sprintf("
418 SELECT usr.*, guar.login AS guar_login
419      FROM %susers AS usr
420      JOIN %susers AS guar ON guar.code = usr.guar_code
421      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
422          AND usr.disa_reas = %d AND usr.code = %d;",
423                                    $G_dbpfx, $G_dbpfx,
424                                    USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE,
425                                    USER_DIS_REA_NU_TOBECHK, $id);
426                 if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
427                     log_crit("stat-day: select from tournaments failed");
428                     break;
429                 }
430                 $usr_obj = pg_fetch_object($usr_pg, 0);
431
432                 printf("KEY: %s: %s %s<br>\n", $id, $value, $usr_obj->login);
433                 // change state
434                 $passwd = passwd_gen();
435
436                 if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
437                     echo "fail 1.5<br>";
438                     break;
439                 }
440
441                 if (($bdb->user_update_flag_ty($usr_obj->code,
442                                                USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK,
443                                                USER_FLAG_TY_NORM, USER_DIS_REA_NONE)) == FALSE) {
444                     echo "fail 2<br>";
445                     break;
446                 }
447
448                 $bdb->user_update_login_time($usr_obj->code, 0);
449
450                 // send mail
451                 $subj = $mlang_umgmt['nu_psubj'][$G_lang];
452                 $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
453                                     $usr_obj->login, $passwd);
454                 $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
455                                     $usr_obj->login, $passwd);
456
457                 if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
458                     // mail error
459                     fprintf(STDERR, "ERROR: mail send FAILED\n");
460                     break;
461                 }
462             }
463             exit;
464         }
465         else {
466             do {
467             if (($bdb = BriskDB::create()) == FALSE) {
468                 log_crit("stat-day: database connection failed");
469                 break;
470             }
471
472             // retrieve list of active tournaments
473             $usr_sql = sprintf("
474 SELECT usr.*, guar.login AS guar_login
475      FROM %susers AS usr
476      JOIN %susers AS guar ON guar.code = usr.guar_code
477      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
478          AND usr.disa_reas = %d
479      ORDER BY usr.lintm;",
480                                $G_dbpfx, $G_dbpfx,
481                                USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE,
482                                USER_DIS_REA_NU_TOBECHK);
483             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
484                 log_crit("stat-day: select from tournaments failed");
485                 break;
486             }
487
488             $usr_n = pg_numrows($usr_pg);
489             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
490             for ($i = 0 ; $i < $usr_n ; $i++) {
491                 $usr_obj = pg_fetch_object($usr_pg, $i);
492
493                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
494                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
495                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
496             }
497             ?>
498 <html>
499 <head>
500 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
501 <title>Brisk: email verified user management.</title>
502 </head>
503      <body>
504      <h2> E-mail verified user management.</h2>
505      <?php if ($status != "") { echo "$status"; } ?>
506      <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
507      <table>
508      <?php
509      echo $tab_lines;
510             ?>
511             </table>
512                   <input type="submit" name="f_accept" value="Accept">
513                   <input type="submit" name="f_delete" value="Delete">
514                   </form>
515                   </body>
516                   </html>
517                   <?php
518                   } while(FALSE);
519         } // else of if ($action ...
520     } // else of if ($do ...
521 }
522
523 main();
524
525 ?>
Brisk - briscola chiamata in salsa Ajax: sources.