array( 'it' => 'Brisk: credenziali di accesso.',
'en' => 'Brisk: credentials.'),
'nu_ptext' => array( 'it' =>
'Ciao, sono l\' amministratore del sito di Brisk.
La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito
d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
Benvenuto e buone partite, mop.',
'en' => 'EN ptext [%s] [%s]'),
'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.
La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine.
Per accedere al sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.
Benvenuto e buone partite, mop. ',
'en' => 'EN phtml [%s] [%s]')
);
ini_set("max_execution_time", "240");
require_once($G_base."Obj/brisk.phh");
require_once($G_base."Obj/user.phh");
require_once($G_base."Obj/auth.phh");
require_once($G_base."Obj/mail.phh");
require_once($G_base."Obj/dbase_base.phh");
require_once($G_base."Obj/dbase_${G_dbasetype}.phh");
require_once($G_base."briskin5/Obj/briskin5.phh");
require_once($G_base."briskin5/Obj/placing.phh");
require_once($G_base."spush/brisk-spush.phh");
require_once($G_base."index_wr.php");
function check_auth()
{
GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER;
$socket = FALSE;
$ret = FALSE;
if (array_key_exists("HTTP_X_REAL_IP", $_SERVER)) {
$ip = $_SERVER["HTTP_X_REAL_IP"];
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
$stp = 0;
$private = md5($G_alarm_passwd.$ip.$sess);
$cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
$cmd_ser = cmd_serialize($cmd);
$cmd_len = mb_strlen($cmd_ser, "ASCII");
do {
if (($socket = stream_socket_client('unix://'.USOCK_PATH_PFX.'_admin.sock')) == FALSE)
break;
$stp = 1;
if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE
|| $rwr != $cmd_len)
break;
fflush($socket);
$stp = 2;
if (($buf = fread($socket, 4096)) == FALSE)
break;
$res = cmd_deserialize($buf);
$stp = 3;
if (!isset($res['val']) || $res['val'] != 200)
break;
$ret = TRUE;
$stp = 4;
} while (0);
if ($socket != FALSE)
fclose($socket);
if ($stp < 4) {
echo "STP: $stp ";
}
return ($ret);
}
$s_style = "
";
function main() {
GLOBAL $s_style, $G_dbpfx, $G_lang, $G_alarm_passwd, $G_proto, $G_domain, $G_webbase;
GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
$curtime = time();
$status = "";
if (check_auth() == FALSE) {
echo "Authentication failed";
exit;
}
$nocheck = FALSE;
if (isset($_GET['f_nocheck'])) {
$nocheck = TRUE;
}
if (isset($_GET['do']) && $_GET['do'] == 'newuser') {
if (isset($_POST['f_accept'])) {
$action = "accept";
}
else if (isset($_POST['f_delete'])) {
$action = "delete";
}
else {
$action = "show";
}
if ($action == "accept") {
foreach($_POST as $key => $value) {
if (substr($key, 0, 9) != "f_newuser")
continue;
$id = (int)substr($key, 9);
if ($id <= 0)
continue;
// check existence of username or email
$is_trans = FALSE;
$res = FALSE;
do {
if (($bdb = BriskDB::create()) == FALSE)
break;
// retrieve list added users
$usr_sql = sprintf("
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d AND usr.code = %d;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_ADDED, $id);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit("stat-day: select from tournaments failed");
break;
}
$usr_n = pg_numrows($usr_pg);
if ($usr_n != 1) {
$status .= sprintf("Inconsistency for code %d, returned %d records, skipped. ",
$id, $usr_n);
break;
}
$usr_obj = pg_fetch_object($usr_pg, 0);
$bdb->transaction('BEGIN');
$is_trans = TRUE;
if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
TRUE, USER_DIS_REA_NU_ADDED,
TRUE, USER_DIS_REA_NU_MAILED)) == FALSE) {
echo "fail 2 ";
break;
}
if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
break;
}
$hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
$confirm_page = sprintf("%s://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
$G_proto, $G_domain, $G_webbase, $mail_code, $hash);
$subj = $mlang_indwr['nu_msubj'][$G_lang];
if (($usr_obj->type & USER_FLAG_TY_APPR) == USER_FLAG_TY_APPR) {
$body_txt = sprintf($mlang_indwr['ap_mtext'][$G_lang],
$usr_obj->login, $confirm_page);
$body_htm = sprintf($mlang_indwr['ap_mhtml'][$G_lang],
$usr_obj->login, $confirm_page);
}
else {
$body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
$usr_obj->guar_login, $usr_obj->login, $confirm_page);
$body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
$usr_obj->guar_login, $usr_obj->login, $confirm_page);
}
$mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
$curtime, $subj, $body_txt, $body_htm, $hash);
if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
// mail error
fprintf(STDERR, "ERROR: mail send FAILED\n");
break;
}
// save the mail
if ($mail_item->store($bdb) == FALSE) {
// store mail error
fprintf(STDERR, "ERROR: store mail FAILED\n");
break;
}
$status .= sprintf("status change for %s: SUCCESS ", $usr_obj->login);
$bdb->transaction('COMMIT');
$res = TRUE;
} while(FALSE);
if ($res == FALSE) {
$status .= sprintf("Error occurred during accept action ");
if ($is_trans)
$bdb->transaction('ROLLBACK');
break;
}
}
} // else if ($action == "accept") {
else if ($action == "delete") {
foreach($_POST as $key => $value) {
if (substr($key, 0, 9) != "f_newuser")
continue;
$id = (int)substr($key, 9);
if ($id <= 0)
continue;
// check existence of username or email
$is_trans = FALSE;
$res = FALSE;
do {
if (($bdb = BriskDB::create()) == FALSE)
break;
// retrieve list added users
$usr_sql = sprintf("
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d AND usr.code = %d;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_ADDED, $id);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit("stat-day: select from tournaments failed");
break;
}
$usr_n = pg_numrows($usr_pg);
if ($usr_n != 1) {
$status .= sprintf("Inconsistency for code %d, returned %d records, skipped. ",
$id, $usr_n);
break;
}
$usr_obj = pg_fetch_object($usr_pg, 0);
$bdb->transaction('BEGIN');
$is_trans = TRUE;
// retrieve list added users
$usr_sql = sprintf("
DELETE FROM %susers
WHERE (type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer))
AND disa_reas = %d AND code = %d;",
$G_dbpfx, USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_ADDED, $id);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit(sprintf("Delete of user %d failed", $id));
break;
}
$status .= sprintf("User %s removed: SUCCESS ", $usr_obj->login);
$bdb->transaction('COMMIT');
$res = TRUE;
} while(FALSE);
if ($res == FALSE) {
$status .= sprintf("Error occurred during delete action ");
if ($is_trans)
$bdb->transaction('ROLLBACK');
break;
}
}
} // else if ($action == "accept") {
do {
if (($bdb = BriskDB::create()) == FALSE) {
log_crit("stat-day: database connection failed");
break;
}
// retrieve list added users
$usr_sql = sprintf("
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d ORDER BY usr.lintm;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_ADDED);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit("stat-day: select from tournaments failed");
break;
}
$usr_n = pg_numrows($usr_pg);
$tab_lines = "
$value) {
if (substr($key, 0, 9) != "f_newuser")
continue;
$id = (int)substr($key, 9);
if ($id <= 0)
continue;
// retrieve list of active tournaments
$usr_sql = sprintf("
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d AND usr.code = %d;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_TOBECHK, $id);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit("stat-day: select from tournaments failed");
break;
}
$usr_obj = pg_fetch_object($usr_pg, 0);
printf("KEY: %s: %s %s \n", $id, $value, $usr_obj->login);
// change state
$passwd = passwd_gen();
if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) {
echo "fail 1.5 ";
break;
}
if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
TRUE, USER_DIS_REA_NU_TOBECHK,
FALSE, USER_DIS_REA_NONE)) == FALSE) {
echo "fail 2 ";
break;
}
$bdb->user_update_login_time($usr_obj->code, 0);
// send mail
$subj = $mlang_umgmt['nu_psubj'][$G_lang];
$body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang],
$usr_obj->login, $passwd);
$body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang],
$usr_obj->login, $passwd);
log_step(sprintf("[%s], [%s], [%s], [%s]\n", $usr_obj->email, $subj, $body_txt, $body_htm));
if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
// mail error
fprintf(STDERR, "ERROR: mail send FAILED\n");
break;
}
}
exit;
}
else if ($action == "delete") {
foreach($_POST as $key => $value) {
if (substr($key, 0, 9) != "f_newuser")
continue;
$id = (int)substr($key, 9);
if ($id <= 0)
continue;
// check existence of username or email
$is_trans = FALSE;
$res = FALSE;
do {
if (($bdb = BriskDB::create()) == FALSE)
break;
// retrieve list added users
$usr_sql = sprintf("
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d AND usr.code = %d;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_TOBECHK, $id);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit("stat-day: select from tournaments failed");
break;
}
$usr_n = pg_numrows($usr_pg);
if ($usr_n != 1) {
$status .= sprintf("Inconsistency for code %d, returned %d records, skipped. ",
$id, $usr_n);
break;
}
$usr_obj = pg_fetch_object($usr_pg, 0);
$bdb->transaction('BEGIN');
$is_trans = TRUE;
$del_sql = sprintf("DELETE FROM %susers WHERE code = %d;",
$G_dbpfx, $usr_obj->code);
if (($del_pg = pg_query($bdb->dbconn->db(), $del_sql)) == FALSE) {
log_crit(sprintf("Delete user %d failed", $usr_obj->code));
break;
}
// FIXME: add to index_wr.php strings
$subj = "Brisk: nickname rifiutato";
// the same for both cases:
// if (($usr_obj->type & USER_FLAG_TY_APPR) == USER_FLAG_TY_APPR) {
$body_txt = sprintf('Ciao, sono l\' amministratore del sito di Brisk.
Ti volevo segnalare che il nickname \'%s\' con cui ti volevi registrare
non ha superato la fase di verifica manuale; il motivo può essere
la sua illeggibilità per gli altri utenti o il contenuto poco ortodosso
o troppo aggressivo o ci sono troppe cifre consecutive o qualcosa del genere.
La procedura di registrazione va ripetuta.
Saluti e buone partite, mop.', $usr_obj->login);
$body_htm = sprintf('Ciao, sono l\' amministratore del sito di Brisk.
Ti volevo segnalare che il nickname \'%s\' con cui ti volevi registrare
non ha superato la fase di verifica manuale; il motivo può essere
la sua illeggibilità per gli altri utenti o il contenuto poco ortodosso
o troppo aggressivo o ci sono troppe cifre consecutive o qualcosa del genere.
La procedura di registrazione va ripetuta.
Saluti e buone partite, mop.', $usr_obj->login);
/* } */
/* else { */
/* $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang], */
/* $usr_obj->guar_login, $usr_obj->login, $confirm_page); */
/* $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang], */
/* $usr_obj->guar_login, $usr_obj->login, $confirm_page); */
/* } */
if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) {
// mail error
fprintf(STDERR, "ERROR: mail send FAILED\n");
break;
}
$status .= sprintf("user delete for %s: SUCCESS ", $usr_obj->login);
$bdb->transaction('COMMIT');
$res = TRUE;
} while(FALSE);
if ($res == FALSE) {
$status .= sprintf("Error occurred during accept action ");
if ($is_trans)
$bdb->transaction('ROLLBACK');
break;
}
printf("Registration %s for login %s deleted \n", $usr_obj->code, $usr_obj->login);
}
}
else {
do {
if (($bdb = BriskDB::create()) == FALSE) {
log_crit("stat-day: database connection failed");
break;
}
// retrieve list of active tournaments
$usr_sql = sprintf("
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d ORDER BY usr.lintm;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_TOBECHK);
if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) {
log_crit("stat-day: select from tournaments failed");
break;
}
$usr_n = pg_numrows($usr_pg);
$tab_lines = "