From d30248bea653c6a0d4f784810dda00b660368941 Mon Sep 17 00:00:00 2001 From: "Matteo Nastasi (mop)" Date: Sun, 25 May 2014 16:53:44 +0200 Subject: [PATCH] old guaranties management and date management of new guaranteed added --- TODO.txt | 2 + web/Obj/dbase_pgsql.phh | 4 +- web/Obj/user.phh | 5 +- web/usermgmt.php | 291 +++++++++++++++++++++++++++++++--------- 4 files changed, 234 insertions(+), 68 deletions(-) diff --git a/TODO.txt b/TODO.txt index f731d35..f529897 100644 --- a/TODO.txt +++ b/TODO.txt @@ -71,6 +71,8 @@ with password ------------------------------------------------------------------------- + . More user info in the list + DONE . Manage date to display when a user was required . Email-address expiration check . Account expiration diff --git a/web/Obj/dbase_pgsql.phh b/web/Obj/dbase_pgsql.phh index 4c34c2c..18c60b2 100644 --- a/web/Obj/dbase_pgsql.phh +++ b/web/Obj/dbase_pgsql.phh @@ -160,8 +160,8 @@ class BriskDB function user_add($login, $pass, $email, $type, $disa_reas, $guar_code) { GLOBAL $G_dbpfx; - $usr_sql = sprintf("INSERT INTO %susers (login, pass, email, type, disa_reas, guar_code) - VALUES ('%s', '%s', '%s', %d, %d, %d) RETURNING *;", + $usr_sql = sprintf("INSERT INTO %susers (login, pass, email, type, disa_reas, guar_code, lintm) + VALUES ('%s', '%s', '%s', %d, %d, %d, now()) RETURNING *;", $G_dbpfx, escsql(strtolower($login)), escsql($pass), escsql($email), $type, $disa_reas, $guar_code); diff --git a/web/Obj/user.phh b/web/Obj/user.phh index 22f8f01..d3eaffd 100644 --- a/web/Obj/user.phh +++ b/web/Obj/user.phh @@ -69,8 +69,9 @@ define('USER_DIS_REA_INVMAIL', 1); define('USER_DIS_REA_LICENCE', 2); define('USER_DIS_REA_BANNED', 3); define('USER_DIS_REA_MALICIOUS', 4); -define('USER_DIS_REA_NU_MAILED', 5); // new user: mail sent to be confirmed -define('USER_DIS_REA_NU_TOBECHK', 6); // new user: name verification +define('USER_DIS_REA_NU_ADDED', 5); // new user: new user added by hand or external sql +define('USER_DIS_REA_NU_MAILED', 6); // new user: mail sent to be confirmed +define('USER_DIS_REA_NU_TOBECHK', 7); // new user: name verification diff --git a/web/usermgmt.php b/web/usermgmt.php index d4bee21..413e173 100644 --- a/web/usermgmt.php +++ b/web/usermgmt.php @@ -51,6 +51,7 @@ require_once($G_base."Obj/dbase_${G_dbasetype}.phh"); require_once($G_base."briskin5/Obj/briskin5.phh"); require_once($G_base."briskin5/Obj/placing.phh"); require_once($G_base."spush/brisk-spush.phh"); +require_once($G_base."index_wr.php"); function check_auth() { @@ -93,85 +94,246 @@ function check_auth() } function main() { - GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $mlang_umgmt, $f_mailusers, $sess, $_POST, $_SERVER; + GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase; + GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER; + + $curtime = time(); + $status = ""; if (check_auth() == FALSE) { echo "Authentication failed"; exit; } - if (isset($_POST['f_accept'])) { - $action = "accept"; - } - else if (isset($_POST['f_delete'])) { - $action = "delete"; - } + if (isset($_GET['do']) && $_GET['do'] == 'newuser') { + if (isset($_POST['f_accept'])) { + $action = "accept"; + } + else if (isset($_POST['f_delete'])) { + $action = "delete"; + } + else { + $action = "show"; + } + if ($action == "accept") { + foreach($_POST as $key => $value) { + if (substr($key, 0, 9) != "f_newuser") + continue; - if ($action == "accept") { - if (($bdb = BriskDB::create()) == FALSE) { - log_crit("stat-day: database connection failed"); - break; - } + $id = (int)substr($key, 9); + if ($id <= 0) + continue; - foreach($_POST as $key => $value) { - if (substr($key, 0, 9) != "f_newuser") - continue; + // check existence of username or email + $is_trans = FALSE; + $res = FALSE; + do { + if (($bdb = BriskDB::create()) == FALSE) + break; - $id = (int)substr($key, 9); - if ($id <= 0) - continue; + // retrieve list added users + $usr_sql = sprintf(" +SELECT usr.*, guar.login AS guar_login + FROM %susers AS usr + JOIN %susers AS guar ON guar.code = usr.guar_code + WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) ) + AND usr.disa_reas = %d AND usr.code = %d;", + $G_dbpfx, $G_dbpfx, + USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE, + USER_DIS_REA_NU_ADDED, $id); + if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) { + log_crit("stat-day: select from tournaments failed"); + break; + } + $usr_n = pg_numrows($usr_pg); + if ($usr_n != 1) { + $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.
", + $id, $usr_n); + break; + } + + $usr_obj = pg_fetch_object($usr_pg, 0); + + $bdb->transaction('BEGIN'); + $is_trans = TRUE; + + + if (($bdb->user_update_flag_ty($usr_obj->code, + USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_ADDED, + USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_MAILED)) == FALSE) { + echo "fail 2
"; + break; + } + + if (($mail_code = $bdb->mail_reserve_code()) == FALSE) { + fprintf(STDERR, "ERROR: mail reserve code FAILED\n"); + break; + } + $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email); + + $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s", + $G_domain, $G_webbase, $mail_code, $hash); + $subj = $mlang_indwr['nu_msubj'][$G_lang]; + $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang], + $usr_obj->guar_login, $usr_obj->login, $confirm_page); + $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang], + $usr_obj->guar_login, $usr_obj->login, $confirm_page); + + $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK, + $curtime, $subj, $body_txt, $body_htm, $hash); + + if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) { + // mail error + fprintf(STDERR, "ERROR: mail send FAILED\n"); + break; + } + // save the mail + if ($mail_item->store($bdb) == FALSE) { + // store mail error + fprintf(STDERR, "ERROR: store mail FAILED\n"); + break; + } + $status .= sprintf("status change for %s: SUCCESS
", $usr_obj->login); + $bdb->transaction('COMMIT'); + $res = TRUE; + } while(FALSE); + if ($res == FALSE) { + $status .= sprintf("Error occurred during accept action
"); + if ($is_trans) + $bdb->transaction('ROLLBACK'); + break; + } + } + } + do { + if (($bdb = BriskDB::create()) == FALSE) { + log_crit("stat-day: database connection failed"); + break; + } - // retrieve list of active tournaments + // retrieve list added users $usr_sql = sprintf(" SELECT usr.*, guar.login AS guar_login FROM %susers AS usr JOIN %susers AS guar ON guar.code = usr.guar_code WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) ) - AND usr.disa_reas = %d AND usr.code = %d;", + AND usr.disa_reas = %d;", $G_dbpfx, $G_dbpfx, - USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE, - USER_DIS_REA_NU_TOBECHK, $id); + USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE, + USER_DIS_REA_NU_ADDED); if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) { log_crit("stat-day: select from tournaments failed"); break; } - $usr_obj = pg_fetch_object($usr_pg, 0); - - printf("KEY: %s: %s %s
\n", $id, $value, $usr_obj->login); - // change state - $passwd = passwd_gen(); + $usr_n = pg_numrows($usr_pg); + $tab_lines = ""; + for ($i = 0 ; $i < $usr_n ; $i++) { + $usr_obj = pg_fetch_object($usr_pg, $i); - if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) { - echo "fail 1.5
"; - break; + $tab_lines .= sprintf("%s\n", + $usr_obj->code, eschtml($usr_obj->login), eschtml($usr_obj->guar_login)); } + ?> + + +

New imported users management.

+ +
+ + +
+ + +
+ + +user_update_flag_ty($usr_obj->code, - USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK, - USER_FLAG_TY_NORM, USER_DIS_REA_NU_NONE)) == FALSE) { - echo "fail 2
"; + if ($action == "accept") { + if (($bdb = BriskDB::create()) == FALSE) { + log_crit("stat-day: database connection failed"); break; } - // send mail - $subj = $mlang_umgmt['nu_psubj'][$G_lang]; - $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang], - $usr_obj->login, $passwd); - $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang], - $usr_obj->login, $passwd); + foreach($_POST as $key => $value) { + if (substr($key, 0, 9) != "f_newuser") + continue; - if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) { - // mail error - fprintf(STDERR, "ERROR: mail send FAILED\n"); - break; + $id = (int)substr($key, 9); + if ($id <= 0) + continue; + + + // retrieve list of active tournaments + $usr_sql = sprintf(" +SELECT usr.*, guar.login AS guar_login + FROM %susers AS usr + JOIN %susers AS guar ON guar.code = usr.guar_code + WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) ) + AND usr.disa_reas = %d AND usr.code = %d;", + $G_dbpfx, $G_dbpfx, + USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE, + USER_DIS_REA_NU_TOBECHK, $id); + if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) { + log_crit("stat-day: select from tournaments failed"); + break; + } + $usr_obj = pg_fetch_object($usr_pg, 0); + + printf("KEY: %s: %s %s
\n", $id, $value, $usr_obj->login); + // change state + $passwd = passwd_gen(); + + if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) { + echo "fail 1.5
"; + break; + } + + if (($bdb->user_update_flag_ty($usr_obj->code, + USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK, + USER_FLAG_TY_NORM, USER_DIS_REA_NONE)) == FALSE) { + echo "fail 2
"; + break; + } + + $bdb->user_update_login_time($usr_obj->code, 0); + + // send mail + $subj = $mlang_umgmt['nu_psubj'][$G_lang]; + $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang], + $usr_obj->login, $passwd); + $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang], + $usr_obj->login, $passwd); + + if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) { + // mail error + fprintf(STDERR, "ERROR: mail send FAILED\n"); + break; + } } + exit; } - exit; - } - else { - do { + else { + do { if (($bdb = BriskDB::create()) == FALSE) { log_crit("stat-day: database connection failed"); break; @@ -202,25 +364,26 @@ SELECT usr.*, guar.login AS guar_login } ?> - -
" method="POST"> - - +

E-mail verified user management.

+ + +
+ -
- - -
- - - + + + + + + + \ No newline at end of file -- 2.17.1