f3ea4e1d79814ed1e72136835f249fd4dfd95e36
[brisk.git] / web / usermgmt.php
1 <?php
2 /*
3  *  brisk - usermgmt.php
4  *
5  *  Copyright (C) 2014      Matteo Nastasi
6  *                          mailto: nastasi@alternativeoutput.it
7  *                                  matteo.nastasi@milug.org
8  *                          web: http://www.alternativeoutput.it
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18  * General Public License for more details. You should have received a
19  * copy of the GNU General Public License along with this program; if
20  * not, write to the Free Software Foundation, Inc, 59 Temple Place -
21  * Suite 330, Boston, MA 02111-1307, USA.
22  *
23  */
24
25 $G_base = "";
26
27 $mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
28                                            'en' => 'Brisk: credentials.'),
29                       'nu_ptext' => array( 'it' =>
30 'Ciao, sono l\' amministratore del sito di Brisk.
31
32 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
33 d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
34
35 Benvenuto e buone partite, mop.',
36                                            'en' => 'EN ptext [%s] [%s]'),
37                       'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
38 La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine.<br><br>Per accedere al  sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.<br><br>
39 Benvenuto e buone partite, mop.<br>',
40                                            'en' => 'EN phtml [%s] [%s]')
41                       );
42
43
44 ini_set("max_execution_time",  "240");
45
46 require_once($G_base."Obj/brisk.phh");
47 require_once($G_base."Obj/user.phh");
48 require_once($G_base."Obj/auth.phh");
49 require_once($G_base."Obj/mail.phh");
50 require_once($G_base."Obj/dbase_base.phh");
51 require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
52 require_once($G_base."briskin5/Obj/briskin5.phh");
53 require_once($G_base."briskin5/Obj/placing.phh");
54 require_once($G_base."spush/brisk-spush.phh");
55 require_once($G_base."index_wr.php");
56
57 function check_auth()
58 {
59     GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
60
61     $socket = FALSE;
62     $ret = FALSE;
63     $ip = $_SERVER["REMOTE_ADDR"];
64     $stp = 0;
65     $private = md5($G_alarm_passwd.$ip.$sess);
66     $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
67     $cmd_ser = cmd_serialize($cmd);
68     $cmd_len = mb_strlen($cmd_ser, "ASCII");
69
70     do {
71         if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE)
72             break;
73         $stp = 1;
74         if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
75             || $rwr != $cmd_len)
76             break;
77         fflush($socket);
78         $stp = 2;
79         if (($buf = fread($socket, 4096)) == FALSE)
80             break;
81         $res = cmd_deserialize($buf);
82         $stp = 3;
83         if (!isset($res['val']) || $res['val'] != 200)
84             break;
85         $ret = TRUE;
86         $stp = 4;
87     } while (0);
88     if ($socket != FALSE)
89         fclose($socket);
90
91     if ($stp < 4) {
92         echo "STP: $stp<br>";
93     }
94     return ($ret);
95 }
96
97 $s_style = "
98 <style>
99      table.the_tab {
100             border-collapse: collapse;
101             margin: 8px;
102             }
103
104      table.the_tab td {
105             border: 1px solid black;
106             padding: 8px;
107             }
108 </style>";
109
110 function main() {
111     GLOBAL $s_style, $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
112     GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
113
114
115     $curtime = time();
116     $status = "";
117
118     if (check_auth() == FALSE) {
119         echo "Authentication failed";
120         exit;
121     }
122
123     $nocheck = FALSE;
124     if (isset($_GET['f_nocheck'])) {
125         $nocheck = TRUE;
126     }
127
128     if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
129         if (isset($_POST['f_accept'])) {
130             $action = "accept";
131         }
132         else if (isset($_POST['f_delete'])) {
133             $action = "delete";
134         }
135         else {
136             $action = "show";
137         }
138
139         if ($action == "accept") {
140             foreach($_POST as $key => $value) {
141                 if (substr($key, 0, 9) != "f_newuser")
142                     continue;
143
144                 $id = (int)substr($key, 9);
145                 if ($id <= 0)
146                     continue;
147
148                 // check existence of username or email
149                 $is_trans = FALSE;
150                 $res = FALSE;
151                 do {
152                     if (($bdb = BriskDB::create()) == FALSE)
153                         break;
154
155                     // retrieve list added users
156                     $usr_sql = sprintf("
157 SELECT usr.*, guar.login AS guar_login
158      FROM %susers AS usr
159      JOIN %susers AS guar ON guar.code = usr.guar_code
160      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
161          AND usr.disa_reas = %d AND usr.code = %d;",
162                                $G_dbpfx, $G_dbpfx,
163                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
164                                USER_DIS_REA_NU_ADDED, $id);
165                     if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
166                         log_crit("stat-day: select from tournaments failed");
167                         break;
168                     }
169                     $usr_n = pg_numrows($usr_pg);
170                     if ($usr_n != 1) {
171                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
172                                           $id, $usr_n);
173                         break;
174                     }
175
176                     $usr_obj = pg_fetch_object($usr_pg, 0);
177
178                     $bdb->transaction('BEGIN');
179                     $is_trans = TRUE;
180
181
182                     if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
183                                                    TRUE, USER_DIS_REA_NU_ADDED,
184                                                    TRUE, USER_DIS_REA_NU_MAILED)) == FALSE) {
185                         echo "fail 2<br>";
186                         break;
187                     }
188
189                     if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
190                         fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
191                         break;
192                     }
193                     $hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
194
195                     $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
196                                             $G_domain, $G_webbase, $mail_code, $hash);
197                     $subj = $mlang_indwr['nu_msubj'][$G_lang];
198                     if (($usr_obj->type & USER_FLAG_TY_APPR) == USER_FLAG_TY_APPR) {
199                         $body_txt = sprintf($mlang_indwr['ap_mtext'][$G_lang],
200                                             $cli_name, $confirm_page);
201                         $body_htm = sprintf($mlang_indwr['ap_mhtml'][$G_lang],
202                                             $cli_name, $confirm_page);
203                     }
204                     else {
205                         $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
206                                             $usr_obj->guar_login, $usr_obj->login, $confirm_page);
207                         $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
208                                             $usr_obj->guar_login, $usr_obj->login, $confirm_page);
209                     }
210
211                     $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
212                                                 $curtime, $subj, $body_txt, $body_htm, $hash);
213
214                     if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
215                         // mail error
216                         fprintf(STDERR, "ERROR: mail send FAILED\n");
217                         break;
218                     }
219                     // save the mail
220                     if ($mail_item->store($bdb) == FALSE) {
221                         // store mail error
222                         fprintf(STDERR, "ERROR: store mail FAILED\n");
223                         break;
224                     }
225                     $status .= sprintf("status change for %s: SUCCESS<br>", $usr_obj->login);
226                     $bdb->transaction('COMMIT');
227                     $res = TRUE;
228                 } while(FALSE);
229                 if ($res == FALSE) {
230                     $status .= sprintf("Error occurred during accept action<br>");
231                     if ($is_trans)
232                         $bdb->transaction('ROLLBACK');
233                     break;
234                 }
235             }
236         }
237
238         do {
239             if (($bdb = BriskDB::create()) == FALSE) {
240                 log_crit("stat-day: database connection failed");
241                 break;
242             }
243
244             // retrieve list added users
245             $usr_sql = sprintf("
246 SELECT usr.*, guar.login AS guar_login
247      FROM %susers AS usr
248      JOIN %susers AS guar ON guar.code = usr.guar_code
249      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
250          AND usr.disa_reas = %d
251      ORDER BY usr.lintm;",
252                                $G_dbpfx, $G_dbpfx,
253                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
254                                USER_DIS_REA_NU_ADDED);
255             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
256                 log_crit("stat-day: select from tournaments failed");
257                 break;
258             }
259             $usr_n = pg_numrows($usr_pg);
260             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
261             for ($i = 0 ; $i < $usr_n ; $i++) {
262                 $usr_obj = pg_fetch_object($usr_pg, $i);
263
264                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
265                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
266                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
267             }
268
269
270             ?>
271 <html>
272 <head>
273 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
274 <title>Brisk: new imported users management.</title>
275      <?php echo "$s_style"; ?>
276 </head>
277 <body>
278 <h2> New imported users management.</h2>
279      <?php if ($status != "") { echo "$status"; } ?>
280 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
281 <table class="the_tab">
282 <?php
283      echo $tab_lines;
284 ?>
285 </table>
286 <input type="submit" name="f_accept" value="Newuser Accept">
287 <input type="submit" name="f_delete" value="Newuser Delete">
288 </form>
289 </body>
290 </html>
291 <?php
292            exit;
293         } while(FALSE);
294         printf("Some error occurred during newuser visualization\n");
295         exit;
296     }
297
298     if (isset($_GET['do']) && $_GET['do'] == 'mailed') {
299         if (isset($_POST['f_resend'])) {
300             $action = "resend";
301         }
302         else if (isset($_POST['f_delete'])) {
303             $action = "delete";
304         }
305         else {
306             $action = "show";
307         }
308
309         if ($action == "resend") {
310             foreach($_POST as $key => $value) {
311                 if (substr($key, 0, 9) != "f_newuser")
312                     continue;
313
314                 $id = (int)substr($key, 9);
315                 if ($id <= 0)
316                     continue;
317
318                 $res = FALSE;
319                 do {
320                     if (($bdb = BriskDB::create()) == FALSE) {
321                         $status .= "1<br>";
322                         break;
323                     }
324                     // retrieve list added users
325                     $mai_sql = sprintf("
326 SELECT mail.*, usr.email AS email
327      FROM %susers AS usr
328      JOIN %smails AS mail ON mail.ucode = usr.code
329      WHERE mail.ucode = %d AND mail.type = %d",
330                                        $G_dbpfx, $G_dbpfx, $id, MAIL_TYP_CHECK);
331                     if (($mai_pg = pg_query($bdb->dbconn->db(), $mai_sql)) == FALSE) {
332                         log_crit("retrieve mail failed");
333                         $status .= "2<br>";
334                         break;
335                     }
336                     $mai_n = pg_numrows($mai_pg);
337                     if ($mai_n != 1) {
338                         $status .= sprintf("Inconsistency for code %d, returned %d records, skipped.<br>",
339                                           $id, $mai_n);
340                         break;
341                     }
342                     $mai_obj = pg_fetch_object($mai_pg, 0);
343                     $mail = MailDBItem::MailDBItemFromRecord($mai_obj);
344
345                     if (brisk_mail($mai_obj->email, $mail->subj, $mail->body_txt, $mail->body_htm) == FALSE) {
346                         // mail error
347                         $status .= sprintf("Send mail filed for user id %d<br>\n", $id);
348                         break;
349                     }
350                     $res = TRUE;
351                 } while(FALSE);
352                 if ($res == FALSE) {
353                     $status .= sprintf("Error occurred during resend action<br>");
354                     break;
355                 }
356             } // foreach
357         }
358
359         do {
360             if (($bdb = BriskDB::create()) == FALSE) {
361                 log_crit("stat-day: database connection failed");
362                 break;
363             }
364
365             // retrieve list added users
366             $usr_sql = sprintf("
367 SELECT usr.*, guar.login AS guar_login
368      FROM %susers AS usr
369      JOIN %susers AS guar ON guar.code = usr.guar_code
370      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
371          AND usr.disa_reas = %d
372      ORDER BY usr.lintm;",
373                                $G_dbpfx, $G_dbpfx,
374                                USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
375                                USER_DIS_REA_NU_MAILED);
376             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
377                 log_crit("stat-day: select from tournaments failed");
378                 break;
379             }
380             $usr_n = pg_numrows($usr_pg);
381             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Date</th></tr>";
382             for ($i = 0 ; $i < $usr_n ; $i++) {
383                 $usr_obj = pg_fetch_object($usr_pg, $i);
384
385                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
386                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
387                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
388             }
389             ?>
390 <html>
391 <head>
392 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
393 <title>Brisk: new mailed users management.</title>
394      <?php echo "$s_style"; ?>
395 </head>
396 <body>
397 <h2> New mailed users management.</h2>
398      <?php if ($status != "") { echo "$status"; } ?>
399 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
400 <table class="the_tab">
401 <?php
402      echo $tab_lines;
403 ?>
404 </table>
405 <input type="submit" name="f_resend" value="Mailed Resend">
406 <input type="submit" name="f_delete" value="Mailed Delete">
407 </form>
408 </body>
409 </html>
410 <?php
411            exit;
412         } while(FALSE);
413         printf("Some error occurred during newuser visualization\n");
414         exit;
415     }
416     else { // if ($_GET['do'] ...
417         if (isset($_POST['f_accept'])) {
418             $action = "accept";
419         }
420         else if (isset($_POST['f_delete'])) {
421             $action = "delete";
422         }
423         else {
424             $action = "show";
425         }
426
427         if ($action == "accept") {
428             if (($bdb = BriskDB::create()) == FALSE) {
429                 log_crit("stat-day: database connection failed");
430                 break;
431             }
432
433             foreach($_POST as $key => $value) {
434                 if (substr($key, 0, 9) != "f_newuser")
435                     continue;
436
437                 $id = (int)substr($key, 9);
438                 if ($id <= 0)
439                     continue;
440
441
442                 // retrieve list of active tournaments
443                 $usr_sql = sprintf("
444 SELECT usr.*, guar.login AS guar_login
445      FROM %susers AS usr
446      JOIN %susers AS guar ON guar.code = usr.guar_code
447      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
448          AND usr.disa_reas = %d AND usr.code = %d;",
449                                    $G_dbpfx, $G_dbpfx,
450                                    USER_FLAG_TY_ALL & ~USER_FLAG_TY_APPR, USER_FLAG_TY_DISABLE,
451                                    USER_DIS_REA_NU_TOBECHK, $id);
452                 if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
453                     log_crit("stat-day: select from tournaments failed");
454                     break;
455                 }
456                 $usr_obj = pg_fetch_object($usr_pg, 0);
457
458                 printf("KEY: %s: %s %s<br>\n", $id, $value, $usr_obj->login);
459                 // change state
460                 $passwd = passwd_gen();
461
462                 if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
463                     echo "fail 1.5<br>";
464                     break;
465                 }
466
467                 if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
468                                                TRUE, USER_DIS_REA_NU_TOBECHK,
469                                                FALSE, USER_DIS_REA_NONE)) == FALSE) {
470                     echo "fail 2<br>";
471                     break;
472                 }
473
474                 $bdb->user_update_login_time($usr_obj->code, 0);
475
476                 // send mail
477                 $subj = $mlang_umgmt['nu_psubj'][$G_lang];
478                 $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
479                                     $usr_obj->login, $passwd);
480                 $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
481                                     $usr_obj->login, $passwd);
482
483                 log_step(sprintf("[%s], [%s], [%s], [%s]\n", $usr_obj->email, $subj, $body_txt, $body_htm));
484
485
486                 if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
487                     // mail error
488                     fprintf(STDERR, "ERROR: mail send FAILED\n");
489                     break;
490                 }
491             }
492             exit;
493         }
494         else {
495             do {
496             if (($bdb = BriskDB::create()) == FALSE) {
497                 log_crit("stat-day: database connection failed");
498                 break;
499             }
500
501             // retrieve list of active tournaments
502             $usr_sql = sprintf("
503 SELECT usr.*, guar.login AS guar_login
504      FROM %susers AS usr
505      JOIN %susers AS guar ON guar.code = usr.guar_code
506      WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
507          AND usr.disa_reas = %d
508      ORDER BY usr.lintm;",
509                                $G_dbpfx, $G_dbpfx,
510                                USER_FLAG_TY_ALL & ~USER_FLAG_TY_APPR, USER_FLAG_TY_DISABLE,
511                                USER_DIS_REA_NU_TOBECHK);
512             if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
513                 log_crit("stat-day: select from tournaments failed");
514                 break;
515             }
516
517             $usr_n = pg_numrows($usr_pg);
518             $tab_lines = "<tr><th></th><th>User</th><th>Guar</th><th>Apprendice</th><th>Date</th></tr>";
519             for ($i = 0 ; $i < $usr_n ; $i++) {
520                 $usr_obj = pg_fetch_object($usr_pg, $i);
521
522                 $tab_lines .= sprintf("<tr><td><input name=\"f_newuser%d\" type=\"checkbox\" %s></td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
523                                       $usr_obj->code, ($nocheck ? "" : "CHECKED"),
524                                       eschtml($usr_obj->login), eschtml($usr_obj->guar_login),
525                                       ($usr_obj->type & USER_FLAG_TY_APPR ? "Yes" : "No"),
526                                       $usr_obj->lintm);
527             }
528             ?>
529 <html>
530 <head>
531 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
532 <title>Brisk: email verified user management.</title>
533      <?php echo "$s_style"; ?>
534 </head>
535      <body>
536      <h2> E-mail verified user management.</h2>
537      <?php if ($status != "") { echo "$status"; } ?>
538      <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
539      <table class="the_tab">
540      <?php
541      echo $tab_lines;
542             ?>
543             </table>
544                   <input type="submit" name="f_accept" value="Accept">
545                   <input type="submit" name="f_delete" value="Delete">
546                   </form>
547                   </body>
548                   </html>
549                   <?php
550                   } while(FALSE);
551         } // else of if ($action ...
552     } // else of if ($do ...
553 }
554
555 main();
556
557 ?>