projects / brisk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
minor fixes and more info in usermgmt added
[brisk.git] / web / usermgmt.php
1 <?php
2 /*
3  *  brisk - usermgmt.php
4  *
5  *  Copyright (C) 2014      Matteo Nastasi
6  *                          mailto: nastasi@alternativeoutput.it
7  *                                  matteo.nastasi@milug.org
8  *                          web: http://www.alternativeoutput.it
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18  * General Public License for more details. You should have received a
19  * copy of the GNU General Public License along with this program; if
20  * not, write to the Free Software Foundation, Inc, 59 Temple Place -
21  * Suite 330, Boston, MA 02111-1307, USA.
22  *
23  */
24
25 $G_base = "";
26
27 $mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
28                                            'en' => 'Brisk: credentials.'),
29                       'nu_ptext' => array( 'it' =>
30 'Ciao, sono l\' amministratore del sito di Brisk.
31
32 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
33 d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
34
35 Benvenuto e buone partite, mop.',
36                                            'en' => 'EN ptext [%s] [%s]'),
37                       'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
38 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al  sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.<br>
39 Benvenuto e buone partite, mop.<br>',
40                                            'en' => 'EN phtml [%s] [%s]')
41                       );
42
43
44 ini_set("max_execution_time",  "240");
45
46 require_once($G_base."Obj/brisk.phh");
47 require_once($G_base."Obj/user.phh");
48 require_once($G_base."Obj/auth.phh");
49 require_once($G_base."Obj/mail.phh");
50 require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
51 require_once($G_base."briskin5/Obj/briskin5.phh");
52 require_once($G_base."briskin5/Obj/placing.phh");
53 require_once($G_base."spush/brisk-spush.phh");
54 require_once($G_base."index_wr.php");
55
56 function check_auth()
57 {
58     GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
59
60     $socket = FALSE;
61     $ret = FALSE;
62     $ip = $_SERVER["REMOTE_ADDR"];
63     $stp = 0;
64     $private = md5($G_alarm_passwd.$ip.$sess);
65     $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
66     $cmd_ser = cmd_serialize($cmd);
67     $cmd_len = mb_strlen($cmd_ser, "ASCII");
68
69     do {
70         if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE)
71             break;
72         $stp = 1;
73         if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
74             || $rwr != $cmd_len)
75             break;
76         fflush($socket);
77         $stp = 2;
78         if (($buf = fread($socket, 4096)) == FALSE)
79             break;
80         $res = cmd_deserialize($buf);
81         $stp = 3;
82         if (!isset($res['val']) || $res['val'] != 200)
83             break;
84         $ret = TRUE;
85         $stp = 4;
86     } while (0);
87     if ($socket != FALSE)
88         fclose($socket);
89
90     if ($stp < 4) {
91         echo "STP: $stp<br>";
92     }
93     return ($ret);
94 }
95
96 function main() {
97     GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
98     GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
99
100     $curtime = time();
101     $status = "";
102
103     if (check_auth() == FALSE) {
104         echo "Authentication failed";
105         exit;
106     }
107
108     if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
109         if (isset($_POST['f_accept'])) {
110             $action = "accept";
111         }
112         else if (isset($_POST['f_delete'])) {
113             $action = "delete";
114         }
115         else {
116             $action = "show";
117         }
118
119         if ($action == "accept") {
120             foreach($_POST as $key => $value) {
121                 if (substr($key, 0, 9) != "f_newuser")
122                     continue;
123
124                 $id = (int)substr($key, 9);
125                 if ($id <= 0)
126                     continue;
127
128                 // check existence of username or email
129                 $is_trans = FALSE;
130                 $res = FALSE;
131                 do {
132                     if (($bdb = BriskDB::create()) == FALSE)
133                         break;
134
135                     // retrieve list added users
136                     $usr_sql = sprintf("
137 SELECT usr.*, guar.login AS guar_login
138      FROM %susers AS usr
139      JOIN %susers AS guar ON guar.code = usr.guar_code
140      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
141          AND usr.disa_reas = %d AND usr.code = %d;",
142                                $G_dbpfx, $G_dbpfx,
143                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
144                                USER_DIS_REA_NU_ADDED, $id);
145                     if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
146                         log_crit("stat-day: select from tournaments failed");
147                         break;
148                     }
149                     $usr_n = pg_numrows($usr_pg);
150                     if ($usr_n != 1) {
151                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
152                                           $id, $usr_n);
153                         break;
154                     }
155
156                     $usr_obj = pg_fetch_object($usr_pg, 0);
157
158                     $bdb->transaction('BEGIN');
159                     $is_trans = TRUE;
160
161
162                     if (($bdb->user_update_flag_ty($usr_obj->code,
163                                                    USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_ADDED,
164                                                    USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_MAILED)) == FALSE) {
165                         echo "fail 2<br>";
166                         break;
167                     }
168
169                     if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
170                         fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
171                         break;
172                     }
173                     $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
174
175                     $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
176                                             $G_domain, $G_webbase, $mail_code, $hash);
177                     $subj = $mlang_indwr['nu_msubj'][$G_lang];
178                     $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
179                                         $usr_obj->guar_login, $usr_obj->login, $confirm_page);
180                     $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
181                                         $usr_obj->guar_login, $usr_obj->login, $confirm_page);
182
183                     $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
184                                                 $curtime, $subj, $body_txt, $body_htm, $hash);
185
186                     if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
187                         // mail error
188                         fprintf(STDERR, "ERROR: mail send FAILED\n");
189                         break;
190                     }
191                     // save the mail
192                     if ($mail_item->store($bdb) == FALSE) {
193                         // store mail error
194                         fprintf(STDERR, "ERROR: store mail FAILED\n");
195                         break;
196                     }
197                     $status .= sprintf("status change for %s: SUCCESS<br>", $usr_obj->login);
198                     $bdb->transaction('COMMIT');
199                     $res = TRUE;
200                 } while(FALSE);
201                 if ($res == FALSE) {
202                     $status .= sprintf("Error occurred during accept action<br>");
203                     if ($is_trans)
204                         $bdb->transaction('ROLLBACK');
205                     break;
206                 }
207             }
208         }
209
210         do {
211             if (($bdb = BriskDB::create()) == FALSE) {
212                 log_crit("stat-day: database connection failed");
213                 break;
214             }
215
216             // retrieve list added users
217             $usr_sql = sprintf("
218 SELECT usr.*, guar.login AS guar_login
219      FROM %susers AS usr
220      JOIN %susers AS guar ON guar.code = usr.guar_code
221      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
222          AND usr.disa_reas = %d;",
223                                $G_dbpfx, $G_dbpfx,
224                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
225                                USER_DIS_REA_NU_ADDED);
226             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
227                 log_crit("stat-day: select from tournaments failed");
228                 break;
229             }
230             $usr_n = pg_numrows($usr_pg);
231             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
232             for ($i = 0 ; $i < $usr_n ; $i++) {
233                 $usr_obj = pg_fetch_object($usr_pg, $i);
234
235                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" CHECKED></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
236                                       $usr_obj->code, eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
237             }
238             ?>
239 <html>
240 <head>
241 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
242 <title>Brisk: new imported users management.</title>
243 </head>
244 <body>
245 <h2> New imported users management.</h2>
246      <?php if ($status != "") { echo "$status"; } ?>
247 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
248 <table>
249 <?php
250      echo $tab_lines;
251 ?>
252 </table>
253 <input type="submit" name="f_accept" value="Newuser Accept">
254 <input type="submit" name="f_delete" value="Newuser Delete">
255 </form>
256 </body>
257 </html>
258 <?php
259            exit;
260         } while(FALSE);
261         printf("Some error occurred during newuser visualization\n");
262         exit;
263     }
264     else { // if ($_GET['do'] ...
265         if (isset($_POST['f_accept'])) {
266             $action = "accept";
267         }
268         else if (isset($_POST['f_delete'])) {
269             $action = "delete";
270         }
271         else {
272             $action = "show";
273         }
274
275         if ($action == "accept") {
276             if (($bdb = BriskDB::create()) == FALSE) {
277                 log_crit("stat-day: database connection failed");
278                 break;
279             }
280
281             foreach($_POST as $key => $value) {
282                 if (substr($key, 0, 9) != "f_newuser")
283                     continue;
284
285                 $id = (int)substr($key, 9);
286                 if ($id <= 0)
287                     continue;
288
289
290                 // retrieve list of active tournaments
291                 $usr_sql = sprintf("
292 SELECT usr.*, guar.login AS guar_login
293      FROM %susers AS usr
294      JOIN %susers AS guar ON guar.code = usr.guar_code
295      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
296          AND usr.disa_reas = %d AND usr.code = %d;",
297                                    $G_dbpfx, $G_dbpfx,
298                                    USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE,
299                                    USER_DIS_REA_NU_TOBECHK, $id);
300                 if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
301                     log_crit("stat-day: select from tournaments failed");
302                     break;
303                 }
304                 $usr_obj = pg_fetch_object($usr_pg, 0);
305
306                 printf("KEY: %s: %s %s<br>\n", $id, $value, $usr_obj->login);
307                 // change state
308                 $passwd = passwd_gen();
309
310                 if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
311                     echo "fail 1.5<br>";
312                     break;
313                 }
314
315                 if (($bdb->user_update_flag_ty($usr_obj->code,
316                                                USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK,
317                                                USER_FLAG_TY_NORM, USER_DIS_REA_NONE)) == FALSE) {
318                     echo "fail 2<br>";
319                     break;
320                 }
321
322                 $bdb->user_update_login_time($usr_obj->code, 0);
323
324                 // send mail
325                 $subj = $mlang_umgmt['nu_psubj'][$G_lang];
326                 $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
327                                     $usr_obj->login, $passwd);
328                 $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
329                                     $usr_obj->login, $passwd);
330
331                 if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
332                     // mail error
333                     fprintf(STDERR, "ERROR: mail send FAILED\n");
334                     break;
335                 }
336             }
337             exit;
338         }
339         else {
340             do {
341             if (($bdb = BriskDB::create()) == FALSE) {
342                 log_crit("stat-day: database connection failed");
343                 break;
344             }
345
346             // retrieve list of active tournaments
347             $usr_sql = sprintf("
348 SELECT usr.*, guar.login AS guar_login
349      FROM %susers AS usr
350      JOIN %susers AS guar ON guar.code = usr.guar_code
351      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
352          AND usr.disa_reas = %d;",
353                                $G_dbpfx, $G_dbpfx,
354                                USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE,
355                                USER_DIS_REA_NU_TOBECHK);
356             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
357                 log_crit("stat-day: select from tournaments failed");
358                 break;
359             }
360
361             $usr_n = pg_numrows($usr_pg);
362             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
363             for ($i = 0 ; $i < $usr_n ; $i++) {
364                 $usr_obj = pg_fetch_object($usr_pg, $i);
365
366                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" CHECKED></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
367                                       $usr_obj->code, eschtml($usr_obj->login), eschtml($usr_obj->guar_login),
368                                       $usr_obj->lintm);
369             }
370             ?>
371 <html>
372 <head>
373 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
374 <title>Brisk: email verified user management.</title>
375 </head>
376      <body>
377      <h2> E-mail verified user management.</h2>
378      <?php if ($status != "") { echo "$status"; } ?>
379      <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
380      <table>
381      <?php
382      echo $tab_lines;
383             ?>
384             </table>
385                   <input type="submit" name="f_accept" value="Accept">
386                   <input type="submit" name="f_delete" value="Delete">
387                   </form>
388                   </body>
389                   </html>
390                   <?php
391                   } while(FALSE);
392         } // else of if ($action ...
393     } // else of if ($do ...
394 }
395
396 main();
397
398 ?>
Brisk - briscola chiamata in salsa Ajax: sources.