Context Navigation

index.php @ 254

Visit:

Revision 254, 19.3 KB (checked in by benoitg, 9 years ago)

2004-10-28 Benoit Gr�goire <bock@…>

sql/wifidog-postgres-schema.sql: Add constraints to avoid empty string in email or user_id.
Some statistics fixes

Property svn:eol-style set to native
Property svn:executable set to *
Property svn:keywords set to Author Date Id Revision

Line
1	<?php
2	/********************************************************************\
3	* This program is free software; you can redistribute it and/or *
4	* modify it under the terms of the GNU General Public License as *
5	* published by the Free Software Foundation; either version 2 of *
6	* the License, or (at your option) any later version. *
7	* *
8	* This program is distributed in the hope that it will be useful, *
9	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
10	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
11	* GNU General Public License for more details. *
12	* *
13	* You should have received a copy of the GNU General Public License*
14	* along with this program; if not, contact: *
15	* *
16	* Free Software Foundation Voice: +1-617-542-5942 *
17	* 59 Temple Place - Suite 330 Fax: +1-617-542-2652 *
18	* Boston, MA 02111-1307, USA gnu@gnu.org *
19	* *
20	\********************************************************************/
21	/**@file
22	* @author Copyright (C) 2004 Benoit Gr�goire, Philippe April.
23	*/
24	define('BASEPATH','../');
25	require_once (BASEPATH.'/include/common.php');
26	require_once (BASEPATH.'classes/Style.php');
27	require_once (BASEPATH.'include/user_management_menu.php');
28
29	function display_register_form()
30	{
31	if(!empty($_REQUEST['username']))
32	{
33	$username = $_REQUEST['username'];
34	}
35	else
36	{
37	$username = '';
38	}
39
40	if(!empty($_REQUEST['validate']))
41	{
42	$validate = $_REQUEST['validate'];
43	}
44	else
45	{
46	$validate = '';
47	}
48	if(!empty($_REQUEST['pass']))
49	{
50	$pass = $_REQUEST['pass'];
51	}
52	else
53	{
54	$pass = '';
55	}
56	if(!empty($_REQUEST['pass_again']))
57	{ $pass_again = $_REQUEST['pass_again'];
58	}
59	else
60	{
61	$pass_again = '';
62	}
63	if(!empty($_REQUEST['email']))
64	{
65	$email = $_REQUEST['email'];
66	}
67	else
68	{
69	$email = '';
70	}
71	echo "<h3>"._('Register a free account with')." ".HOTSPOT_NETWORK_NAME."</h3>\n";
72	echo "<form method='post'>\n";
73	echo "<p>Your desired username: <input type='text' name='username' value='$username'></p>\n";
74	echo "<p>Your email address: <input type='text' name='email' value='$email'> The email MUST be valid. You will have to click on the link you will receive by email before your account is validated.</p>\n";
75	echo "<p>Your password: <input type='password' name='pass' value='$pass'></p>\n";
76	echo "<p>Your password(again): <input type='password' name='pass_again' value='$pass_again'></p>\n";
77	echo "<p><input type='hidden' name='action' value='create_new_account'>\n";
78	echo "<input type='submit'></p>\n";
79	echo "</form>\n";
80	}
81
82	function display_validation_email_form()
83	{
84	if(!empty($_REQUEST['username']))
85	{
86	$username = $_REQUEST['username'];
87	}
88	else
89	{
90	$username = '';
91	}
92	echo "<h3>"._('Re-send validation email')."</h3>\n";
93	echo "<form method='post'>\n";
94	echo "Your username: <input type='text' name='username' value='$username'><br>\n";
95	echo "<input type='hidden' name='action' value='send_validation_email'><br>\n";
96	echo "<input type='submit'>\n";
97	echo "</form>\n";
98	}
99
100
101	/** Send the email offering the link to validate a new account
102	*/
103	function send_validation_email($email)
104	{
105	global $db;
106	$user_info=null;
107	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
108	if($user_info==null)
109	{
110	echo "<p class=error>send_validation_email(): Error: Unable to locate $email in the database</p>\n";
111	}
112	else
113	{
114	if($user_info['account_status']!=ACCOUNT_STATUS_VALIDATION)
115	{
116	/* Note: Do not display the username here, for privacy reasons */
117	echo "<p class=error>send_validation_email(): Error: The user account_status is $user_info[account_status] instead of ".ACCOUNT_STATUS_VALIDATION." (ACCOUNT_STATUS_VALIDATION)</p>";
118	}
119	else
120	{
121	if(empty($user_info['validation_token']))
122	{
123	echo "<p class=error>send_validation_email(): Error: The validation_token is empty</p>\n";
124	}
125	else
126	{
127	$subject = VALIDATION_EMAIL_SUBJECT;
128	$url = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?action=validate&username=" . $_REQUEST["username"] . "&validation_token=" . $user_info["validation_token"];
129	$body = "Hello
130
131	Please follow the link below to validate your account.
132
133	$url
134
135	Thank you,
136
137	The Team";
138	$from = "From: ".VALIDATION_EMAIL_FROM_ADDRESS;
139
140	mail($email, $subject, $body, $from);
141	echo "<p>"._('An email with confirmation instructions was sent to your email address. Your account has been granted 15 minutes of access to retreive your email and validate your account. You may now open a browser window and go to any remote internet address to obtain the login page.')."</p>\n";
142	}
143	}
144	}
145	}
146
147
148	function display_change_password_form()
149	{
150	if(!empty($_REQUEST['username']))
151	{
152	$username = $_REQUEST['username'];
153	}
154	else
155	{
156	$username = '';
157	}
158
159	if(!empty($_REQUEST['pass']))
160	{
161	$pass = $_REQUEST['pass'];
162	}
163	else
164	{
165	$pass = '';
166	}
167	if(!empty($_REQUEST['new_pass']))
168	{
169	$new_pass = $_REQUEST['new_pass'];
170	}
171	else
172	{
173	$new_pass = '';
174	}
175	if(!empty($_REQUEST['new_pass_again']))
176	{ $new_pass_again = $_REQUEST['new_pass_again'];
177	}
178	else
179	{
180	$new_pass_again = '';
181	}
182	echo "<h3>"._('Change password')."</h3>\n";
183	echo "<form method='post'>\n";
184	echo "Your username: <input type='text' name='username' value='$username'><br>\n";
185	echo "Your old password: <input type='password' name='pass' value='$pass'><br>\n";
186	echo "Your new password: <input type='password' name='new_pass' value='$new_pass'><br>\n";
187	echo "Your password(again): <input type='password' name='new_pass_again' value='$new_pass_again'><br>\n";
188	echo "<input type='hidden' name='action' value='change_password'><br>\n";
189	echo "<input type='submit'>\n";
190	echo "</form>\n";
191	}
192
193	function display_lost_username_form()
194	{
195	if(!empty($_REQUEST['email']))
196	{
197	$email = $_REQUEST['email'];
198	}
199	else
200	{
201	$email = '';
202	}
203	echo "<h3>"._('Lost username')."</h3>\n";
204	echo "<form method='post'>\n";
205	echo "<p>"._('Please enter your email address:')." <input type='text' name='email' value='$email'></p>\n";
206	echo "<input type='hidden' name='action' value='mail_lost_username'>\n";
207	echo "<p><input type='submit'></p>\n";
208	echo "</form>\n";
209	}
210	/** Send the email offering the link to validate a new account
211	*/
212	function send_lost_username_email($email)
213	{
214	global $db;
215	$db->ExecSqlUniqueRes("SELECT user_id FROM users WHERE email='$email'", $user_info, false);
216	if($user_info==null)
217	{
218	echo "<p class=error>send_lost_username_email(): Error: Unable to locate $email in the database</p>\n";
219	}
220	else
221	{
222	$subject = LOST_USERNAME_EMAIL_SUBJECT;
223	$body = "Hello,
224
225	You have requested that the authentication server send you your username:
226
227	Username: $user_info[user_id]
228
229	Have a nice day,
230
231	The Team";
232	$from = "From: ".VALIDATION_EMAIL_FROM_ADDRESS;
233
234	mail($email, $subject, $body, $from);
235	echo "<p>"._('Your username has been mailed to you.')."</p>\n";
236	}
237	}
238
239
240
241	function display_lost_password_form()
242	{
243	if(!empty($_REQUEST['username']))
244	{
245	$username = $_REQUEST['username'];
246	}
247	else
248	{
249	$username = '';
250	}
251	if(!empty($_REQUEST['email']))
252	{
253	$email = $_REQUEST['email'];
254	}
255	else
256	{
257	$email = '';
258	}
259
260	echo "<h3>"._('Lost password')."</h3>\n";
261	echo "<form method='post'>\n";
262	echo "<p>"._('Please enter either your username or your email:')."</p>\n";
263	echo "<p>"._('Username:')." <input type='text' name='username' value='$username'></p>\n";
264	echo "<p>"._('Email address:')." <input type='text' name='email' value='$email'></p>\n";
265
266	echo "<p>"._('I realize that after this operation, my old password will be destroyed and the system will mail me a new one. Click here to confirm:')." <input type='checkbox' name='confirm_new_password' value='true'></p>\n";
267	echo "<input type='hidden' name='action' value='mail_new_password'>\n";
268	echo "<p><input type='submit'></p>\n";
269	echo "</form>\n";
270	}
271
272	/** Generate a random, eay to type and dictate password.
273	*/
274	function randompass()
275	{
276	$rand_pass = ''; // makes sure the $pass var is empty.
277	for( $j = 0; $j < 3; $j++ )
278	{
279	$startnend = array(
280	'b','c','d','f','g','h','j','k','l','m','n',
281	'p','q','r','s','t','v','w','x','y','z',
282	);
283	$mid = array(
284	'a','e','i','o','u','y',
285	);
286	$count1 = count( $startnend ) - 1;
287	$count2 = count( $mid ) - 1;
288
289	for( $i = 0; $i < 3; $i++)
290	{
291	if( $i != 1 )
292	{
293	$rand_pass .= $startnend[rand( 0, $count1 )];
294	}
295	else
296	{
297	$rand_pass .= $mid[rand( 0, $count2 )];
298	}
299	}
300	}
301	return $rand_pass;
302	}
303	/** Send the email with the new password
304	@param $new_passord the new password that was set
305	*/
306	function send_lost_password_email($email, $new_passord)
307	{
308	global $db;
309	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
310	if($user_info==null)
311	{
312	echo "<p class=error>send_lost_password_email(): Error: Unable to locate $email in the database</p>\n";
313	}
314	else
315	{
316	$subject = LOST_PASSWORD_EMAIL_SUBJECT;
317	$body = "Hello,
318
319	You have requested that the authentication server send you a new password:
320
321	Username: $user_info[user_id]
322	Password: $new_passord
323
324	Have a nice day,
325
326	The Team";
327	$from = "From: ".VALIDATION_EMAIL_FROM_ADDRESS;
328
329	mail($email, $subject, $body, $from);
330	echo "<p>"._('A new password has been mailed to you.')."</p>\n";
331	}
332	}
333
334
335
336	$style = new Style();
337	echo $style->GetHeader(HOTSPOT_NETWORK_NAME.' user management');
338	$showform=true;
339	echo "<div id='head'><h1>".HOTSPOT_NETWORK_NAME." user management</h1></div>\n";
340	echo "<div id='navLeft'>\n";
341	echo get_user_management_menu();
342	echo "</div>\n";
343	echo "<div class='content'>\n";
344
345	if(empty($_REQUEST['action']))
346	{
347	echo _("<h3>Inscription</h3>
348	<p>Pour vous connecter aux points d'acc�s ".HOTSPOT_NETWORK_NAME.", vous devez utiliser un nom d'utilisateur et un mot de passe.</p>
349	<p>Les comptes sont totalement gratuits pour tous ceux qui en font la demande.</p>
350	<p>Pour faire la demande d'un compte gratuit, veuillez choisir 'Create new account' dans le menu de gauche.</p>
351	<h3>Sign up</h3>
352	<p>".HOTSPOT_NETWORK_NAME." hotspots require you have a login and a password to utilize them.</p>
353	<p>Accounts are given absolutely free to anyone who requests them.</p>
354	<p>To request a free account, please choose 'Create new account' in the left menu.</p>");
355	}
356	else
357	{
358	if(!empty($_REQUEST['username']))
359	{
360	$username = $db->EscapeString(trim($_REQUEST['username']));
361	}
362	else
363	{
364	$username = '';
365	}
366	if(!empty($_REQUEST['email']))
367	{
368	$email = $email = $db->EscapeString(trim($_REQUEST['email']));
369	}
370	else
371	{
372	$email = '';
373	}
374
375
376	/* Lost username */
377	if ($_REQUEST['action']=='lost_username_form')
378	{
379	display_lost_username_form();
380	}//End action==lost_info_form
381	else if ($_REQUEST['action']=='mail_lost_username')
382	{
383	$user_info=null;
384	if($email)
385	{
386	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
387	if($user_info==null)
388	{
389	echo "<p class=warning>"._("Unable to find $email in the database.")."</p>\n";
390	}
391	}
392	else
393	{
394	echo "<p class=warning>"._('You must specify your email address.')."</p>\n";
395	}
396
397	if($user_info==null)
398	{
399	display_lost_username_form();
400	}
401	else
402	{
403	send_lost_username_email($user_info['email']);
404	}
405	}//End action==mail_lost_username
406
407
408
409	/* Lost password */
410	else if ($_REQUEST['action']=='lost_password_form')
411	{
412	display_lost_password_form();
413	}//End action==lost_info_form
414
415	else if ($_REQUEST['action']=='mail_new_password')
416	{
417	$user_info=null;
418	if(empty($_REQUEST['confirm_new_password']) \|\| $_REQUEST['confirm_new_password']!='true')
419	{
420	echo "<p class=warning>"._("This will destroy your previous password, you must confirm this operation.")."</p>\n";
421	}
422	else
423	{
424	if($username)
425	{
426	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info, false);
427	if($user_info==null)
428	{
429	echo "<p class=warning>"._("Unable to find $username in the database.")."</p>\n";
430	}
431	}
432	else if($email)
433	{
434	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info, false);
435	if($user_info==null)
436	{
437	echo "<p class=warning>"._("Unable to find $email in the database.")."</p>\n";
438	}
439	}
440	else
441	{
442	echo "<p class=error>"._('Your must specify either your username or your email.')."</p>\n";
443	}
444	}
445
446	if($user_info==null)
447	{
448	display_lost_password_form();
449	}
450	else
451	{
452	$new_password=randompass();
453	$password_hash = get_password_hash($new_password);
454	$update_successful = $db->ExecSqlUpdate("UPDATE users SET pass='$password_hash' WHERE user_id='$user_info[user_id]'");
455	if ($update_successful)
456	{
457	send_lost_password_email($user_info['email'], $new_password);
458	$showform=false;
459	}
460	else
461	{
462	echo "<p class=warning>"._('Internal error.')."</p>\n";
463	}
464	}
465	}//End action==mail_new_password
466
467
468
469	/* Change password */
470	else if ($_REQUEST['action']=='change_password_form')
471	{
472	display_change_password_form();
473	}
474	else if ($_REQUEST['action']=='change_password')
475	{
476	$pass = $db->EscapeString(trim($_REQUEST['pass']));
477	$new_pass = $db->EscapeString(trim($_REQUEST['new_pass']));
478
479	$preconditions_ok = false;
480	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info, false);
481	if($user_info==null)
482	{
483	echo "<p class=warning>"._("Unable to find $username in the database.")."</p>\n";
484	}
485	else
486	{
487	$user_info=null;
488	$password_hash = get_password_hash($pass);
489	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username' AND pass='$password_hash'", $user_info, false);
490	if($user_info==null)
491	{
492	echo "<p class=warning>"._("Wrong password for $username.")."</p>\n";
493	}
494	else
495	{
496	if ($_REQUEST['new_pass'] != $_REQUEST['new_pass_again'])
497	{
498	echo "<p class=warning>"._('The two passwords do not match.')."</p>\n";
499	}
500	else
501	{
502	if (empty($new_pass))
503	{
504	echo "<p class=warning>"._('Sorry, empty passwords are not allowed.')."</p>\n";
505	}
506	else
507	{
508	$preconditions_ok = true;
509	}
510	}
511	}
512	}
513
514	if( $preconditions_ok == true)
515	{
516	$password_hash = get_password_hash($new_pass);
517	$update_successful = $db->ExecSqlUpdate("UPDATE users SET pass='$password_hash' WHERE user_id='$user_info[user_id]'");
518	if ($update_successful)
519	{
520	echo "<p class=ok>"._('Your password was successfully changed.')."</p>\n";
521	}
522	else
523	{
524	echo "<p class=warning>"._('Internal error.')."</p>\n";
525	}
526	}
527	else
528	{
529	display_change_password_form();
530	}
531	}//End action==change_password
532
533
534
535	/********* New account and validation ******/
536
537	else if ($_REQUEST['action']=='register_new_account_form')
538	{
539	display_register_form();
540	}
541	else if ($_REQUEST['action']=='create_new_account')
542	{
543	$pass = $db->EscapeString(trim($_REQUEST['pass']));
544	/* Check for dublicate email in the database */
545	$preconditions_ok = false;
546	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info_username, false);
547	if($user_info_username!=null)
548	{
549	echo "<p class=warning>"._('Sorry, a user account is already associated to this username. You will have to chose another.')."</p>\n";
550	}
551	else
552	{
553	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE email='$email'", $user_info_email, false);
554	if($user_info_email!=null)
555	{
556	echo "<p class=warning>"._('Sorry, a user account is already associated to the email adress: ')."</p>\n";
557	echo "<p>"._('If it really is your email, I can');
558	echo " <a href='http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?email=" . $_REQUEST["email"] . "&action=mail_lost_username'>" . _('send you your username by email')."</a>\n";
559	echo _(', or even ')."\n";
560	echo " <a href='http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?email=" . $_REQUEST["email"] . "&action=mail_new_password'>" . _('send you a new password by email')."</a>"."</p>\n";
561	}
562	else
563	{
564	if ($_REQUEST['pass'] != $_REQUEST['pass_again'])
565	{
566	echo "<p class=warning>"._('The two passwords do not match.')."</p>\n";
567	}
568	else
569	{
570	if (empty($_REQUEST['pass']))
571	{
572	echo "<p class=warning>"._('Sorry, empty passwords are not allowed.')."</p>\n";
573	}
574	else
575	{
576	$preconditions_ok = true;
577	}
578	}
579	}
580	}
581	if( $preconditions_ok == true)
582	{
583	$status = ACCOUNT_STATUS_VALIDATION;
584	$token = gentoken();
585	$password_hash = get_password_hash($pass);
586	$update_successful = $db->ExecSqlUpdate("INSERT INTO users (user_id,email,pass,account_status,validation_token,reg_date) VALUES ('$username','$email','$password_hash','{$status}','{$token}',NOW())");
587	if ($update_successful)
588	{
589	send_validation_email($email);
590	$showform=false;
591	}
592	else
593	{
594	echo "<p class=warning>"._('Internal error.')."</p>\n";
595	}
596	}
597	if($showform==true)
598	{
599	//No action was performed successfully
600	display_register_form();
601	}
602	}//End action==create_new_account
603
604	elseif ($_REQUEST['action']=='validate')
605	{
606	$validation_token = $db->EscapeString($_REQUEST['validation_token']);
607	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username' AND validation_token='$validation_token'", $user_info);
608	if ($user_info!=null)
609	{
610	if($user_info['account_status']==ACCOUNT_STATUS_ALLOWED)
611	{
612	echo "<p class=ok>"._('Your account was already activated.')."</p>\n";
613	}
614	else
615	{
616	$status = $db->EscapeString(ACCOUNT_STATUS_ALLOWED);
617	$update_successful = $db->ExecSqlUpdate("UPDATE users SET account_status='{$status}' WHERE user_id='$username' AND validation_token='$validation_token'");
618	if ($update_successful)
619	{
620	echo "<p class=ok>"._('Your account has succesfully activated! Enjoy!')."</p>\n";
621	$showform=false;
622	}
623	else
624	{
625	echo "<p class=warning>"._('Internal error.')."</p>\n";
626	}
627	}
628	}
629	else
630	{
631	echo "<p class=error>"._("Sorry, validation token $validation_token is not valid!")."</p>\n";
632	}
633	}//End action==validate
634
635
636	else if ($_REQUEST['action']=='validation_email_form')
637	{
638	display_validation_email_form();
639	}//end action==validation_email_form
640
641	else if ($_REQUEST['action']=='send_validation_email')
642	{
643	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$username'", $user_info, false);
644	if($user_info==null)
645	{
646	echo "<p class=warning>"._("Unable to find $username in the database.")."</p>\n";
647	}
648	else
649	{
650	send_validation_email($user_info['email']);
651	}
652	}//end action==send_validation_email
653	}
654	echo "</div>\n";
655	echo $style->GetFooter();
656	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/wifidog-auth/wifidog/user_management/index.php @ 254

Download in other formats: