Context Navigation

index.php @ 227

Visit:

Revision 227, 18.6 KB (checked in by benoitg, 9 years ago)

2004-09-27 Benoit Gr�goire <bock@…>

sql/wifidog-postgres-schema.sql: Fix layout for the node_owners table
Begin integrating Patrick Tanguay's new layout and generate the css dynamically to allow for background images.

Property svn:eol-style set to native
Property svn:executable set to *
Property svn:keywords set to Author Date Id Revision

Line
1	<?php
2	/********************************************************************\
3	* This program is free software; you can redistribute it and/or *
4	* modify it under the terms of the GNU General Public License as *
5	* published by the Free Software Foundation; either version 2 of *
6	* the License, or (at your option) any later version. *
7	* *
8	* This program is distributed in the hope that it will be useful, *
9	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
10	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
11	* GNU General Public License for more details. *
12	* *
13	* You should have received a copy of the GNU General Public License*
14	* along with this program; if not, contact: *
15	* *
16	* Free Software Foundation Voice: +1-617-542-5942 *
17	* 59 Temple Place - Suite 330 Fax: +1-617-542-2652 *
18	* Boston, MA 02111-1307, USA gnu@gnu.org *
19	* *
20	\********************************************************************/
21	/**@file
22	* @author Copyright (C) 2004 Benoit Gr�goire, Philippe April.
23	*/
24	define('BASEPATH','../');
25	require_once (BASEPATH.'/include/common.php');
26	require_once (BASEPATH.'classes/Style.php');
27	require_once (BASEPATH.'include/user_management_menu.php');
28
29	function display_register_form()
30	{
31	if(!empty($_REQUEST['username']))
32	{
33	$username = $_REQUEST['username'];
34	}
35	else
36	{
37	$username = '';
38	}
39
40	if(!empty($_REQUEST['validate']))
41	{
42	$validate = $_REQUEST['validate'];
43	}
44	else
45	{
46	$validate = '';
47	}
48	if(!empty($_REQUEST['pass']))
49	{
50	$pass = $_REQUEST['pass'];
51	}
52	else
53	{
54	$pass = '';
55	}
56	if(!empty($_REQUEST['pass_again']))
57	{ $pass_again = $_REQUEST['pass_again'];
58	}
59	else
60	{
61	$pass_again = '';
62	}
63	if(!empty($_REQUEST['email']))
64	{
65	$email = $_REQUEST['email'];
66	}
67	else
68	{
69	$email = '';
70	}
71	echo "<h1>"._('Register a free account with')." ".HOTSPOT_NETWORK_NAME."</h1>\n";
72	echo "<form method='post'>\n";
73	echo "Your desired username: <input type='text' name='username' value='$username'><br>\n";
74	echo "Your email address: <input type='text' name='email' value='$email'><br>\n";
75	echo "Your password: <input type='password' name='pass' value='$pass'><br>\n";
76	echo "Your password(again): <input type='password' name='pass_again' value='$pass_again'><br>\n";
77	echo "<input type='hidden' name='action' value='create_new_account'><br>\n";
78	echo "<input type='submit'>\n";
79	echo "</form>\n";
80	}
81
82	function display_validation_email_form()
83	{
84	if(!empty($_REQUEST['username']))
85	{
86	$username = $_REQUEST['username'];
87	}
88	else
89	{
90	$username = '';
91	}
92	echo "<h1>"._('Re-send validation email')."</h1>\n";
93	echo "<form method='post'>\n";
94	echo "Your username: <input type='text' name='username' value='$username'><br>\n";
95	echo "<input type='hidden' name='action' value='send_validation_email'><br>\n";
96	echo "<input type='submit'>\n";
97	echo "</form>\n";
98	}
99
100
101	/** Send the email offering the link to validate a new account
102	*/
103	function send_validation_email($email)
104	{
105	global $db;
106	$user_info=null;
107	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
108	if($user_info==null)
109	{
110	echo "<p class=error>send_validation_email(): Error: Unable to locate $email in the database</p>\n";
111	}
112	else
113	{
114	if($user_info['account_status']!=ACCOUNT_STATUS_VALIDATION)
115	{
116	/* Note: Do not display the username here, for privacy reasons */
117	echo "<p class=error>send_validation_email(): Error: The user account_status is $user_info[account_status] instead of ".ACCOUNT_STATUS_VALIDATION." (ACCOUNT_STATUS_VALIDATION)</p>";
118	}
119	else
120	{
121	if(empty($user_info['validation_token']))
122	{
123	echo "<p class=error>send_validation_email(): Error: The validation_token is empty</p>\n";
124	}
125	else
126	{
127	$subject = VALIDATION_EMAIL_SUBJECT;
128	$url = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?action=validate&username=" . $_REQUEST["username"] . "&validation_token=" . $user_info["validation_token"];
129	$body = "Hello
130
131	Please follow the link below to validate your account.
132
133	$url
134
135	Thank you,
136
137	The Team";
138	$from = "From: ".VALIDATION_EMAIL_FROM_ADDRESS;
139
140	mail($email, $subject, $body, $from);
141	echo "<p>"._('An email with confirmation instructions was sent to your email address. Your account has been granted 15 minutes of access to retreive your email and validate your account. You may now open a browser window and go to any remote internet address to obtain the login page.')."</p>\n";
142	}
143	}
144	}
145	}
146
147
148	function display_change_password_form()
149	{
150	if(!empty($_REQUEST['username']))
151	{
152	$username = $_REQUEST['username'];
153	}
154	else
155	{
156	$username = '';
157	}
158
159	if(!empty($_REQUEST['pass']))
160	{
161	$pass = $_REQUEST['pass'];
162	}
163	else
164	{
165	$pass = '';
166	}
167	if(!empty($_REQUEST['new_pass']))
168	{
169	$new_pass = $_REQUEST['new_pass'];
170	}
171	else
172	{
173	$new_pass = '';
174	}
175	if(!empty($_REQUEST['new_pass_again']))
176	{ $new_pass_again = $_REQUEST['new_pass_again'];
177	}
178	else
179	{
180	$new_pass_again = '';
181	}
182	echo "<h1>"._('Change password')."</h1>\n";
183	echo "<form method='post'>\n";
184	echo "Your username: <input type='text' name='username' value='$username'><br>\n";
185	echo "Your old password: <input type='password' name='pass' value='$pass'><br>\n";
186	echo "Your new password: <input type='password' name='new_pass' value='$new_pass'><br>\n";
187	echo "Your password(again): <input type='password' name='new_pass_again' value='$new_pass_again'><br>\n";
188	echo "<input type='hidden' name='action' value='change_password'><br>\n";
189	echo "<input type='submit'>\n";
190	echo "</form>\n";
191	}
192
193	function display_lost_username_form()
194	{
195	if(!empty($_REQUEST['email']))
196	{
197	$email = $_REQUEST['email'];
198	}
199	else
200	{
201	$email = '';
202	}
203	echo "<h1>"._('Lost username')."</h1>\n";
204	echo "<form method='post'>\n";
205	echo "<p>"._('Please enter your email address:')." <input type='text' name='email' value='$email'></p>\n";
206	echo "<input type='hidden' name='action' value='mail_lost_username'>\n";
207	echo "<p><input type='submit'></p>\n";
208	echo "</form>\n";
209	}
210	/** Send the email offering the link to validate a new account
211	*/
212	function send_lost_username_email($email)
213	{
214	global $db;
215	$db->ExecSqlUniqueRes("SELECT user_id FROM users WHERE email='$email'", $user_info, false);
216	if($user_info==null)
217	{
218	echo "<p class=error>send_lost_username_email(): Error: Unable to locate $email in the database</p>\n";
219	}
220	else
221	{
222	$subject = LOST_USERNAME_EMAIL_SUBJECT;
223	$body = "Hello,
224
225	You have requested that the authentication server send you your username:
226
227	Username: $user_info[user_id]
228
229	Have a nice day,
230
231	The Team";
232	$from = "From: ".VALIDATION_EMAIL_FROM_ADDRESS;
233
234	mail($email, $subject, $body, $from);
235	echo "<p>"._('Your username has been mailed to you.')."</p>\n";
236	}
237	}
238
239
240
241	function display_lost_password_form()
242	{
243	if(!empty($_REQUEST['username']))
244	{
245	$username = $_REQUEST['username'];
246	}
247	else
248	{
249	$username = '';
250	}
251	if(!empty($_REQUEST['email']))
252	{
253	$email = $_REQUEST['email'];
254	}
255	else
256	{
257	$email = '';
258	}
259
260	echo "<h1>"._('Lost password')."</h1>\n";
261	echo "<form method='post'>\n";
262	echo "<p>"._('Please enter either your username or your email:')."</p>\n";
263	echo "<p>"._('Username:')." <input type='text' name='username' value='$username'></p>\n";
264	echo "<p>"._('Email address:')." <input type='text' name='email' value='$email'></p>\n";
265
266	echo "<p>"._('I realize that after this operation, my old password will be destroyed and the system will mail me a new one. Click here to confirm:')." <input type='checkbox' name='confirm_new_password' value='true'></p>\n";
267	echo "<input type='hidden' name='action' value='mail_new_password'>\n";
268	echo "<p><input type='submit'></p>\n";
269	echo "</form>\n";
270	}
271
272	/** Generate a random, eay to type and dictate password.
273	*/
274	function randompass()
275	{
276	$rand_pass = ''; // makes sure the $pass var is empty.
277	for( $j = 0; $j < 3; $j++ )
278	{
279	$startnend = array(
280	'b','c','d','f','g','h','j','k','l','m','n',
281	'p','q','r','s','t','v','w','x','y','z',
282	);
283	$mid = array(
284	'a','e','i','o','u','y',
285	);
286	$count1 = count( $startnend ) - 1;
287	$count2 = count( $mid ) - 1;
288
289	for( $i = 0; $i < 3; $i++)
290	{
291	if( $i != 1 )
292	{
293	$rand_pass .= $startnend[rand( 0, $count1 )];
294	}
295	else
296	{
297	$rand_pass .= $mid[rand( 0, $count2 )];
298	}
299	}
300	}
301	return $rand_pass;
302	}
303	/** Send the email with the new password
304	@param $new_passord the new password that was set
305	*/
306	function send_lost_password_email($email, $new_passord)
307	{
308	global $db;
309	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
310	if($user_info==null)
311	{
312	echo "<p class=error>send_lost_password_email(): Error: Unable to locate $email in the database</p>\n";
313	}
314	else
315	{
316	$subject = LOST_PASSWORD_EMAIL_SUBJECT;
317	$body = "Hello,
318
319	You have requested that the authentication server send you a new password:
320
321	Username: $user_info[user_id]
322	Password: $new_passord
323
324	To protect your account, it is recommended that you change your password immediately.
325
326	Thank you,
327
328	The Team";
329	$from = "From: ".VALIDATION_EMAIL_FROM_ADDRESS;
330
331	mail($email, $subject, $body, $from);
332	echo "<p>"._('Your password has been mailed to you.')."</p>\n";
333	}
334	}
335
336
337
338	$style = new Style();
339	echo $style->GetHeader(HOTSPOT_NETWORK_NAME.' New account registration');
340	$showform=true;
341	echo "<div id='navLeft'>\n";
342	echo get_user_management_menu();
343	echo "</div>\n";
344	echo "<div class='content'>\n";
345
346	if(empty($_REQUEST['action']))
347	{
348
349	}
350	else
351	{
352	if(!empty($_REQUEST['username']))
353	{
354	$username = $db->EscapeString(trim($_REQUEST['username']));
355	}
356	else
357	{
358	$username = '';
359	}
360	if(!empty($_REQUEST['email']))
361	{
362	$email = $email = $db->EscapeString(trim($_REQUEST['email']));
363	}
364	else
365	{
366	$email = '';
367	}
368
369
370	/* Lost username */
371	if ($_REQUEST['action']=='lost_username_form')
372	{
373	display_lost_username_form();
374	}//End action==lost_info_form
375	else if ($_REQUEST['action']=='mail_lost_username')
376	{
377	$user_info=null;
378	if($email)
379	{
380	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
381	if($user_info==null)
382	{
383	echo "<p class=warning>"._("Unable to find $email in the database.")."</p>\n";
384	}
385	}
386	else
387	{
388	echo "<p class=warning>"._('You must specify your email address.')."</p>\n";
389	}
390
391	if($user_info==null)
392	{
393	display_lost_username_form();
394	}
395	else
396	{
397	send_lost_username_email($user_info['email']);
398	}
399	}//End action==mail_lost_username
400
401
402
403	/* Lost password */
404	else if ($_REQUEST['action']=='lost_password_form')
405	{
406	display_lost_password_form();
407	}//End action==lost_info_form
408
409	else if ($_REQUEST['action']=='mail_new_password')
410	{
411	$user_info=null;
412	if(empty($_REQUEST['confirm_new_password']) \|\| $_REQUEST['confirm_new_password']!='true')
413	{
414	echo "<p class=warning>"._("This will destroy your previous password, you must confirm this operation.")."</p>\n";
415	}
416	else
417	{
418	if($username)
419	{
420	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info, false);
421	if($user_info==null)
422	{
423	echo "<p class=warning>"._("Unable to find $username in the database.")."</p>\n";
424	}
425	}
426	else if($email)
427	{
428	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
429	if($user_info==null)
430	{
431	echo "<p class=warning>"._("Unable to find $email in the database.")."</p>\n";
432	}
433	}
434	else
435	{
436	echo "<p class=error>"._('Your must specify either your username or your email.')."</p>\n";
437	}
438	}
439
440	if($user_info==null)
441	{
442	display_lost_password_form();
443	}
444	else
445	{
446	$new_password=randompass();
447	$password_hash = get_password_hash($new_password);
448	$update_successful = $db->ExecSqlUpdate("UPDATE users SET pass='$password_hash' WHERE user_id='$user_info[user_id]'");
449	if ($update_successful)
450	{
451	send_lost_password_email($user_info['email'], $new_password);
452	$showform=false;
453	}
454	else
455	{
456	echo "<p class=warning>"._('Internal error.')."</p>\n";
457	}
458	}
459	}//End action==mail_new_password
460
461
462
463	/* Change password */
464	else if ($_REQUEST['action']=='change_password_form')
465	{
466	display_change_password_form();
467	}
468	else if ($_REQUEST['action']=='change_password')
469	{
470	$pass = $db->EscapeString(trim($_REQUEST['pass']));
471	$new_pass = $db->EscapeString(trim($_REQUEST['new_pass']));
472
473	$preconditions_ok = false;
474	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info, false);
475	if($user_info==null)
476	{
477	echo "<p class=warning>"._("Unable to find $username in the database.")."</p>\n";
478	}
479	else
480	{
481	$user_info=null;
482	$password_hash = get_password_hash($pass);
483	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username' AND pass='$password_hash'", $user_info, false);
484	if($user_info==null)
485	{
486	echo "<p class=warning>"._("Wrong password for $username.")."</p>\n";
487	}
488	else
489	{
490	if ($_REQUEST['new_pass'] != $_REQUEST['new_pass_again'])
491	{
492	echo "<p class=warning>"._('The two passwords do not match.')."</p>\n";
493	}
494	else
495	{
496	if (empty($new_pass))
497	{
498	echo "<p class=warning>"._('Sorry, empty passwords are not allowed.')."</p>\n";
499	}
500	else
501	{
502	$preconditions_ok = true;
503	}
504	}
505	}
506	}
507
508	if( $preconditions_ok == true)
509	{
510	$password_hash = get_password_hash($new_pass);
511	$update_successful = $db->ExecSqlUpdate("UPDATE users SET pass='$password_hash' WHERE user_id='$user_info[user_id]'");
512	if ($update_successful)
513	{
514	echo "<p class=ok>"._('Your password was successfully changed.')."</p>\n";
515	}
516	else
517	{
518	echo "<p class=warning>"._('Internal error.')."</p>\n";
519	}
520	}
521	else
522	{
523	display_change_password_form();
524	}
525	}//End action==change_password
526
527
528
529	/********* New account and validation ******/
530
531	else if ($_REQUEST['action']=='register_new_account_form')
532	{
533	display_register_form();
534	}
535	else if ($_REQUEST['action']=='create_new_account')
536	{
537	$pass = $db->EscapeString(trim($_REQUEST['pass']));
538	/* Check for dublicate email in the database */
539	$preconditions_ok = false;
540	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info_username, false);
541	if($user_info_username!=null)
542	{
543	echo "<p class=warning>"._('Sorry, a user account is already associated to this username. You will have to chose another.')."</p>\n";
544	}
545	else
546	{
547	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info_email, false);
548	if($user_info_email!=null)
549	{
550	echo "<p class=warning>"._('Sorry, a user account is already associated to the email adress: ')."</p>\n";
551	echo "<p>"._('If it really is your email, I can');
552	echo " <a href='http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?email=" . $_REQUEST["email"] . "&action=mail_lost_username'>" . _('send you your username by email')."</a>\n";
553	echo _(', or even ')."\n";
554	echo " <a href='http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?email=" . $_REQUEST["email"] . "&action=mail_new_password'>" . _('send you a new password by email')."</a>"."</p>\n";
555	}
556	else
557	{
558	if ($_REQUEST['pass'] != $_REQUEST['pass_again'])
559	{
560	echo "<p class=warning>"._('The two passwords do not match.')."</p>\n";
561	}
562	else
563	{
564	if (empty($_REQUEST['pass']))
565	{
566	echo "<p class=warning>"._('Sorry, empty passwords are not allowed.')."</p>\n";
567	}
568	else
569	{
570	$preconditions_ok = true;
571	}
572	}
573	}
574	}
575	if( $preconditions_ok == true)
576	{
577	$status = ACCOUNT_STATUS_VALIDATION;
578	$token = gentoken();
579	$password_hash = get_password_hash($pass);
580	$update_successful = $db->ExecSqlUpdate("INSERT INTO users (user_id,email,pass,account_status,validation_token,reg_date) VALUES ('$username','$email','$password_hash','{$status}','{$token}',NOW())");
581	if ($update_successful)
582	{
583	send_validation_email($email);
584	$showform=false;
585	}
586	else
587	{
588	echo "<p class=warning>"._('Internal error.')."</p>\n";
589	}
590	}
591	if($showform==true)
592	{
593	//No action was performed successfully
594	display_register_form();
595	}
596	}//End action==create_new_account
597
598	elseif ($_REQUEST['action']=='validate')
599	{
600	$validation_token = $db->EscapeString($_REQUEST['validation_token']);
601	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username' AND validation_token='$validation_token'", $user_info);
602	if ($user_info!=null)
603	{
604	if($user_info['account_status']==ACCOUNT_STATUS_ALLOWED)
605	{
606	echo "<p class=ok>"._('Your account was already activated.')."</p>\n";
607	}
608	else
609	{
610	$status = $db->EscapeString(ACCOUNT_STATUS_ALLOWED);
611	$update_successful = $db->ExecSqlUpdate("UPDATE users SET account_status='{$status}' WHERE user_id='$username' AND validation_token='$validation_token'");
612	if ($update_successful)
613	{
614	echo "<p class=ok>"._('Your account has succesfully activated! Enjoy!')."</p>\n";
615	$showform=false;
616	}
617	else
618	{
619	echo "<p class=warning>"._('Internal error.')."</p>\n";
620	}
621	}
622	}
623	else
624	{
625	echo "<p class=error>"._("Sorry, validation token $validation_token is not valid!")."</p>\n";
626	}
627	}//End action==validate
628
629
630	else if ($_REQUEST['action']=='validation_email_form')
631	{
632	display_validation_email_form();
633	}//end action==validation_email_form
634
635	else if ($_REQUEST['action']=='send_validation_email')
636	{
637	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info, false);
638	if($user_info==null)
639	{
640	echo "<p class=warning>"._("Unable to find $username in the database.")."</p>\n";
641	}
642	else
643	{
644	send_validation_email($user_info['email']);
645	}
646	}//end action==send_validation_email
647	}
648	echo "</div>\n";
649	echo $style->GetFooter();
650	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/wifidog-auth/wifidog/user_management/index.php @ 227

Download in other formats: