brisk constructor refactored
[brisk.git] / web / usermgmt.php
1 <?php
2 /*
3  *  brisk - usermgmt.php
4  *
5  *  Copyright (C) 2014      Matteo Nastasi
6  *                          mailto: nastasi@alternativeoutput.it
7  *                                  matteo.nastasi@milug.org
8  *                          web: http://www.alternativeoutput.it
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18  * General Public License for more details. You should have received a
19  * copy of the GNU General Public License along with this program; if
20  * not, write to the Free Software Foundation, Inc, 59 Temple Place -
21  * Suite 330, Boston, MA 02111-1307, USA.
22  *
23  */
24
25 $G_base = "";
26
27 $mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
28                                            'en' => 'Brisk: credentials.'),
29                       'nu_ptext' => array( 'it' =>
30 'Ciao, sono l\' amministratore del sito di Brisk.
31
32 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
33 d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
34
35 Benvenuto e buone partite, mop.',
36                                            'en' => 'EN ptext [%s] [%s]'),
37                       'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
38 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al  sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.<br>
39 Benvenuto e buone partite, mop.<br>',
40                                            'en' => 'EN phtml [%s] [%s]')
41                       );
42
43
44 ini_set("max_execution_time",  "240");
45
46 require_once($G_base."Obj/brisk.phh");
47 require_once($G_base."Obj/user.phh");
48 require_once($G_base."Obj/auth.phh");
49 require_once($G_base."Obj/mail.phh");
50 require_once($G_base."Obj/dbase_base.phh");
51 require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
52 require_once($G_base."briskin5/Obj/briskin5.phh");
53 require_once($G_base."briskin5/Obj/placing.phh");
54 require_once($G_base."spush/brisk-spush.phh");
55 require_once($G_base."index_wr.php");
56
57 function check_auth()
58 {
59     GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
60
61     $socket = FALSE;
62     $ret = FALSE;
63     $ip = $_SERVER["REMOTE_ADDR"];
64     $stp = 0;
65     $private = md5($G_alarm_passwd.$ip.$sess);
66     $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
67     $cmd_ser = cmd_serialize($cmd);
68     $cmd_len = mb_strlen($cmd_ser, "ASCII");
69
70     do {
71         if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE)
72             break;
73         $stp = 1;
74         if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
75             || $rwr != $cmd_len)
76             break;
77         fflush($socket);
78         $stp = 2;
79         if (($buf = fread($socket, 4096)) == FALSE)
80             break;
81         $res = cmd_deserialize($buf);
82         $stp = 3;
83         if (!isset($res['val']) || $res['val'] != 200)
84             break;
85         $ret = TRUE;
86         $stp = 4;
87     } while (0);
88     if ($socket != FALSE)
89         fclose($socket);
90
91     if ($stp < 4) {
92         echo "STP: $stp<br>";
93     }
94     return ($ret);
95 }
96
97 function main() {
98     GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
99     GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
100
101     $curtime = time();
102     $status = "";
103
104     if (check_auth() == FALSE) {
105         echo "Authentication failed";
106         exit;
107     }
108
109     $nocheck = FALSE;
110     if (isset($_GET['f_nocheck'])) {
111         $nocheck = TRUE;
112     }
113
114     if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
115         if (isset($_POST['f_accept'])) {
116             $action = "accept";
117         }
118         else if (isset($_POST['f_delete'])) {
119             $action = "delete";
120         }
121         else {
122             $action = "show";
123         }
124
125         if ($action == "accept") {
126             foreach($_POST as $key => $value) {
127                 if (substr($key, 0, 9) != "f_newuser")
128                     continue;
129
130                 $id = (int)substr($key, 9);
131                 if ($id <= 0)
132                     continue;
133
134                 // check existence of username or email
135                 $is_trans = FALSE;
136                 $res = FALSE;
137                 do {
138                     if (($bdb = BriskDB::create()) == FALSE)
139                         break;
140
141                     // retrieve list added users
142                     $usr_sql = sprintf("
143 SELECT usr.*, guar.login AS guar_login
144      FROM %susers AS usr
145      JOIN %susers AS guar ON guar.code = usr.guar_code
146      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
147          AND usr.disa_reas = %d AND usr.code = %d;",
148                                $G_dbpfx, $G_dbpfx,
149                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
150                                USER_DIS_REA_NU_ADDED, $id);
151                     if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
152                         log_crit("stat-day: select from tournaments failed");
153                         break;
154                     }
155                     $usr_n = pg_numrows($usr_pg);
156                     if ($usr_n != 1) {
157                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
158                                           $id, $usr_n);
159                         break;
160                     }
161
162                     $usr_obj = pg_fetch_object($usr_pg, 0);
163
164                     $bdb->transaction('BEGIN');
165                     $is_trans = TRUE;
166
167
168                     if (($bdb->user_update_flag_ty($usr_obj->code,
169                                                    USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_ADDED,
170                                                    USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_MAILED)) == FALSE) {
171                         echo "fail 2<br>";
172                         break;
173                     }
174
175                     if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
176                         fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
177                         break;
178                     }
179                     $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
180
181                     $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
182                                             $G_domain, $G_webbase, $mail_code, $hash);
183                     $subj = $mlang_indwr['nu_msubj'][$G_lang];
184                     $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
185                                         $usr_obj->guar_login, $usr_obj->login, $confirm_page);
186                     $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
187                                         $usr_obj->guar_login, $usr_obj->login, $confirm_page);
188
189                     $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
190                                                 $curtime, $subj, $body_txt, $body_htm, $hash);
191
192                     if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
193                         // mail error
194                         fprintf(STDERR, "ERROR: mail send FAILED\n");
195                         break;
196                     }
197                     // save the mail
198                     if ($mail_item->store($bdb) == FALSE) {
199                         // store mail error
200                         fprintf(STDERR, "ERROR: store mail FAILED\n");
201                         break;
202                     }
203                     $status .= sprintf("status change for %s: SUCCESS<br>", $usr_obj->login);
204                     $bdb->transaction('COMMIT');
205                     $res = TRUE;
206                 } while(FALSE);
207                 if ($res == FALSE) {
208                     $status .= sprintf("Error occurred during accept action<br>");
209                     if ($is_trans)
210                         $bdb->transaction('ROLLBACK');
211                     break;
212                 }
213             }
214         }
215
216         do {
217             if (($bdb = BriskDB::create()) == FALSE) {
218                 log_crit("stat-day: database connection failed");
219                 break;
220             }
221
222             // retrieve list added users
223             $usr_sql = sprintf("
224 SELECT usr.*, guar.login AS guar_login
225      FROM %susers AS usr
226      JOIN %susers AS guar ON guar.code = usr.guar_code
227      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
228          AND usr.disa_reas = %d;",
229                                $G_dbpfx, $G_dbpfx,
230                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
231                                USER_DIS_REA_NU_ADDED);
232             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
233                 log_crit("stat-day: select from tournaments failed");
234                 break;
235             }
236             $usr_n = pg_numrows($usr_pg);
237             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
238             for ($i = 0 ; $i < $usr_n ; $i++) {
239                 $usr_obj = pg_fetch_object($usr_pg, $i);
240
241                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
242                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
243                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
244             }
245             ?>
246 <html>
247 <head>
248 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
249 <title>Brisk: new imported users management.</title>
250 </head>
251 <body>
252 <h2> New imported users management.</h2>
253      <?php if ($status != "") { echo "$status"; } ?>
254 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
255 <table>
256 <?php
257      echo $tab_lines;
258 ?>
259 </table>
260 <input type="submit" name="f_accept" value="Newuser Accept">
261 <input type="submit" name="f_delete" value="Newuser Delete">
262 </form>
263 </body>
264 </html>
265 <?php
266            exit;
267         } while(FALSE);
268         printf("Some error occurred during newuser visualization\n");
269         exit;
270     }
271
272     if (isset($_GET['do']) && $_GET['do'] == 'mailed') {
273         if (isset($_POST['f_resend'])) {
274             $action = "resend";
275         }
276         else if (isset($_POST['f_delete'])) {
277             $action = "delete";
278         }
279         else {
280             $action = "show";
281         }
282
283         if ($action == "resend") {
284             foreach($_POST as $key => $value) {
285                 if (substr($key, 0, 9) != "f_newuser")
286                     continue;
287
288                 $id = (int)substr($key, 9);
289                 if ($id <= 0)
290                     continue;
291
292                 $res = FALSE;
293                 do {
294                     if (($bdb = BriskDB::create()) == FALSE) {
295                         $status .= "1<br>";
296                         break;
297                     }
298                     // retrieve list added users
299                     $mai_sql = sprintf("
300 SELECT mail.*, usr.email AS email
301      FROM %susers AS usr
302      JOIN %smails AS mail ON mail.ucode = usr.code
303      WHERE mail.ucode = %d AND mail.type = %d",
304                                        $G_dbpfx, $G_dbpfx, $id, MAIL_TYP_CHECK);
305                     if (($mai_pg = pg_query($bdb->dbconn->db(), $mai_sql)) == FALSE) {
306                         log_crit("retrieve mail failed");
307                         $status .= "2<br>";
308                         break;
309                     }
310                     $mai_n = pg_numrows($mai_pg);
311                     if ($mai_n != 1) {
312                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
313                                           $id, $mai_n);
314                         break;
315                     }
316                     $mai_obj = pg_fetch_object($mai_pg, 0);
317                     $mail = MailDBItem::MailDBItemFromRecord($mai_obj);
318
319                     if (brisk_mail($mai_obj->email, $mail->subj, $mail->body_txt, $mail->body_htm) == FALSE) {
320                         // mail error
321                         $status .= sprintf("Send mail filed for user id %d<br>\n", $id);
322                         break;
323                     }
324                     $res = TRUE;
325                 } while(FALSE);
326                 if ($res == FALSE) {
327                     $status .= sprintf("Error occurred during resend action<br>");
328                     break;
329                 }
330             } // foreach
331         }
332
333         do {
334             if (($bdb = BriskDB::create()) == FALSE) {
335                 log_crit("stat-day: database connection failed");
336                 break;
337             }
338
339             // retrieve list added users
340             $usr_sql = sprintf("
341 SELECT usr.*, guar.login AS guar_login
342      FROM %susers AS usr
343      JOIN %susers AS guar ON guar.code = usr.guar_code
344      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
345          AND usr.disa_reas = %d;",
346                                $G_dbpfx, $G_dbpfx,
347                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
348                                USER_DIS_REA_NU_MAILED);
349             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
350                 log_crit("stat-day: select from tournaments failed");
351                 break;
352             }
353             $usr_n = pg_numrows($usr_pg);
354             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
355             for ($i = 0 ; $i < $usr_n ; $i++) {
356                 $usr_obj = pg_fetch_object($usr_pg, $i);
357
358                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
359                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
360                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
361             }
362             ?>
363 <html>
364 <head>
365 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
366 <title>Brisk: new mailed users management.</title>
367 </head>
368 <body>
369 <h2> New mailed users management.</h2>
370      <?php if ($status != "") { echo "$status"; } ?>
371 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
372 <table>
373 <?php
374      echo $tab_lines;
375 ?>
376 </table>
377 <input type="submit" name="f_resend" value="Mailed Resend">
378 <input type="submit" name="f_delete" value="Mailed Delete">
379 </form>
380 </body>
381 </html>
382 <?php
383            exit;
384         } while(FALSE);
385         printf("Some error occurred during newuser visualization\n");
386         exit;
387     }
388     else { // if ($_GET['do'] ...
389         if (isset($_POST['f_accept'])) {
390             $action = "accept";
391         }
392         else if (isset($_POST['f_delete'])) {
393             $action = "delete";
394         }
395         else {
396             $action = "show";
397         }
398
399         if ($action == "accept") {
400             if (($bdb = BriskDB::create()) == FALSE) {
401                 log_crit("stat-day: database connection failed");
402                 break;
403             }
404
405             foreach($_POST as $key => $value) {
406                 if (substr($key, 0, 9) != "f_newuser")
407                     continue;
408
409                 $id = (int)substr($key, 9);
410                 if ($id <= 0)
411                     continue;
412
413
414                 // retrieve list of active tournaments
415                 $usr_sql = sprintf("
416 SELECT usr.*, guar.login AS guar_login
417      FROM %susers AS usr
418      JOIN %susers AS guar ON guar.code = usr.guar_code
419      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
420          AND usr.disa_reas = %d AND usr.code = %d;",
421                                    $G_dbpfx, $G_dbpfx,
422                                    USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE,
423                                    USER_DIS_REA_NU_TOBECHK, $id);
424                 if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
425                     log_crit("stat-day: select from tournaments failed");
426                     break;
427                 }
428                 $usr_obj = pg_fetch_object($usr_pg, 0);
429
430                 printf("KEY: %s: %s %s<br>\n", $id, $value, $usr_obj->login);
431                 // change state
432                 $passwd = passwd_gen();
433
434                 if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
435                     echo "fail 1.5<br>";
436                     break;
437                 }
438
439                 if (($bdb->user_update_flag_ty($usr_obj->code,
440                                                USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK,
441                                                USER_FLAG_TY_NORM, USER_DIS_REA_NONE)) == FALSE) {
442                     echo "fail 2<br>";
443                     break;
444                 }
445
446                 $bdb->user_update_login_time($usr_obj->code, 0);
447
448                 // send mail
449                 $subj = $mlang_umgmt['nu_psubj'][$G_lang];
450                 $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
451                                     $usr_obj->login, $passwd);
452                 $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
453                                     $usr_obj->login, $passwd);
454
455                 if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
456                     // mail error
457                     fprintf(STDERR, "ERROR: mail send FAILED\n");
458                     break;
459                 }
460             }
461             exit;
462         }
463         else {
464             do {
465             if (($bdb = BriskDB::create()) == FALSE) {
466                 log_crit("stat-day: database connection failed");
467                 break;
468             }
469
470             // retrieve list of active tournaments
471             $usr_sql = sprintf("
472 SELECT usr.*, guar.login AS guar_login
473      FROM %susers AS usr
474      JOIN %susers AS guar ON guar.code = usr.guar_code
475      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
476          AND usr.disa_reas = %d;",
477                                $G_dbpfx, $G_dbpfx,
478                                USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE,
479                                USER_DIS_REA_NU_TOBECHK);
480             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
481                 log_crit("stat-day: select from tournaments failed");
482                 break;
483             }
484
485             $usr_n = pg_numrows($usr_pg);
486             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
487             for ($i = 0 ; $i < $usr_n ; $i++) {
488                 $usr_obj = pg_fetch_object($usr_pg, $i);
489
490                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
491                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
492                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
493             }
494             ?>
495 <html>
496 <head>
497 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
498 <title>Brisk: email verified user management.</title>
499 </head>
500      <body>
501      <h2> E-mail verified user management.</h2>
502      <?php if ($status != "") { echo "$status"; } ?>
503      <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
504      <table>
505      <?php
506      echo $tab_lines;
507             ?>
508             </table>
509                   <input type="submit" name="f_accept" value="Accept">
510                   <input type="submit" name="f_delete" value="Delete">
511                   </form>
512                   </body>
513                   </html>
514                   <?php
515                   } while(FALSE);
516         } // else of if ($action ...
517     } // else of if ($do ...
518 }
519
520 main();
521
522 ?>