00001 <?php
00002 # This file is part of the Savane project
00003 # <http://gna.org/projects/savane/>
00004 #
00005 # $Id: bulk_admin_users.php 5187 2005-12-01 16:22:29Z yeupou $
00006 #
00007 # Copyright 2003 (c) Frederik Orellana <Frederik.Orellana@cern.ch>
00008 #
00009 # The Savane project is free software; you can redistribute it and/or
00010 # modify it under the terms of the GNU General Public License
00011 # as published by the Free Software Foundation; either version 2
00012 # of the License, or (at your option) any later version.
00013 #
00014 # The Savane project is distributed in the hope that it will be useful,
00015 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00016 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
00017 # GNU General Public License for more details.
00018 #
00019 # You should have received a copy of the GNU General Public License
00020 # along with the Savane project; if not, write to the Free Software
00021 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
00022
00023
00024 require "../../include/pre.php";
00025
00026 require $GLOBALS['sys_www_topdir']."/include/account.php";
00027 require $GLOBALS['sys_www_topdir']."/include/Email.class";
00028
00029 session_require(array('group'=>$group_id,'admin_flags'=>'A'));
00030
00031 global $HTTP_POST_FILES;
00032 $err = array();
00033 $action = $HTTP_GET_VARS['action'];
00034
00035
00036 function check_file($file)
00037 {
00038 if(empty($file)){
00039 exit_error('You have to upload something.', $file['error']);
00040 }
00041 if(!$file['name']){
00042 exit_error('You have to upload something.', $file['name']);
00043 }
00044 if(!is_uploaded_file($file['tmp_name'])){
00045 exit_error('No file found.', $file['tmp_name']);
00046 }
00047
00048 $mime = preg_split("/\//",$file['type']);
00049
00050 if($mime[0] != "text"){
00051 exit_error('File type not allowed.', $file['type']);
00052 }
00053 }
00054
00055 function check_user_name($name)
00056 {
00057 global $err;
00058 $retval = 1;
00059
00060 if (db_numrows(db_query("SELECT user_id FROM user WHERE "
00061 . "user_name='".trim($name)."'")) > 0) {
00062 $err[$name] .= "user_exists ";
00063 $retval = 0;
00064 }
00065
00066 # For compatibility with various PAM mechanisms, we restrict to 8 characters
00067 if(strlen(trim($name)) > 8) {
00068 $err[$name] .= "bad_user_name ";
00069 $retval = 0;
00070 }
00071 elseif(!ereg('^[_a-zA-Z0-9-]*$', trim($name))) {
00072 $err[$name] .= "bad_user_name ";
00073 $retval = 0;
00074 }
00075
00076 return $retval;
00077 }
00078
00079 function check_real_name($name, $real_name)
00080 {
00081 global $err;
00082 # The MySQL field is varchar(32)
00083 # if(strlen(trim($real_name))>32 || !ereg('^[\. _a-zA-Z0-9-]*$', trim($real_name))) {
00084 if(strlen(trim($real_name))>32 || !ereg('^[\.\' _a-zA-Z0-9-]*$', trim($real_name))) {
00085 $err[$name] .= "bad_real_name ";
00086 return 0;
00087 }
00088 else{
00089 return 1;
00090 }
00091 }
00092
00093 function check_email($name, $email)
00094 {
00095 global $err;
00096 if(
00097
00098 validate_email(trim($email))){
00099 return 1;
00100 }
00101 else{
00102 $err[$name] .= "bad_email ";
00103 return 0;
00104 }
00105 }
00106
00107 function check_user_exists($name)
00108 {
00109 global $err;
00110 $result = db_query("SELECT user_id FROM user WHERE " .
00111 "user_name='".trim($name)."'");
00112 $id = db_fetch_array($result);
00113 if (!$id['user_id']) {
00114 $err[$name] .= "user_exists_not ";
00115 return 0;
00116 }
00117 else{
00118 return $id;
00119 }
00120 }
00121
00122 function check_flags($name, $flags)
00123 {
00124 global $err;
00125 $retval = 1;
00126 foreach($flags as $flagname => $flag){
00127 $flag = trim($flag);
00128 $flagname = trim($flagname);
00129 if($flagname != "admin_flags"){
00130 if($flag == "N"){ $flags[$flagname] = 0;}
00131 elseif($flag == "T"){ $flags[$flagname] = 1;}
00132 elseif($flag == "TA"){ $flags[$flagname] = 2;}
00133 elseif($flag == "A"){ $flags[$flagname] = 3;}
00134 else{
00135 $err[$name] .= "bad_$flagname ";
00136 $retval = 0;
00137 }
00138 }
00139 else{
00140 if($flag == "N"){ $flags[$flagname] = "";}
00141 elseif($flag == "P"){ $flags[$flagname] = "P";}
00142 elseif($flag == "A"){ $flags[$flagname] = "A";}
00143 else{
00144 $err[$name] .= "bad_$flagname ";
00145 $retval = 0;
00146 }
00147 }
00148 }
00149 if($retval){
00150 return $flags;
00151 }
00152 else{
00153 return 0;
00154 };
00155 }
00156
00157 function check_user_in_group($name)
00158 {
00159 global $err;
00160 global $group_id;
00161 $retval = 1;
00162 $id_arr = check_user_exists($name);
00163 $id = $id_arr['user_id'];
00164
00165 if (!user_is_group_member($id, $group_id)) {
00166 $err[$name] .= "user_not_in_group ";
00167 return 0;
00168 }
00169 else{
00170 return 1;
00171 }
00172 }
00173
00174 function check_passwd($name, $password, $password1, $method)
00175 {
00176
00177 # Check a a MySQL encrypted password (or "PAM") or non-encrypted password
00178 # From register_valid in register.php - should be abstracted
00179 global $err;
00180 global $GLOBALS;
00181 # Only do password sanity checks if user does not want
00182 # to authenticate via PAM
00183 if (!$password) {
00184 $err[$name] .= "bad_password ";
00185 return 0;
00186 }
00187 if ($password != $password1 && $method == "PLAIN") {
00188 $err[$name] .= "bad_password ";
00189 return 0;
00190 }
00191 if (!account_pwvalid($password) && $method == "PLAIN") {
00192 $err[$name] .= "bad_password ";
00193 return 0;
00194 }
00195 if ($GLOBALS['sys_use_krb5'] != "no") {
00196 $krb5ret = krb5_login($real_name, $password);
00197 if($krb5ret == -1) {
00198 $err[$name] .= "KRB5_NOTOK ";
00199 return 0;
00200 }
00201 if($krb5ret == 1) {
00202 $err[$name] .= "KRB5_BAD_PASSWORD ";
00203 return 0;
00204 }
00205 if($krb5ret == 2) {
00206 if(is_emailable_address($real_name . "@" . $GLOBALS['sys_lists_domain'])) {
00207 $err[$name] .= "KRB5_BAD_USER ";
00208 return 0;
00209 }
00210 }
00211 }
00212 if ($method == "MYSQL") {
00213 # MySQL encrypted passwords have 16 characters.
00214 if(strlen(trim($password)) != 16) {
00215 $err[$name] .= "bad_password ";
00216 return 0;
00217 }
00218 }
00219 return 1;
00220 }
00221
00222 function add_user($name, $real_name, $email, $password, $method)
00223 {
00224 # From register_valid in register.php - should be abstracted
00225 global $err;
00226 global $GLOBALS;
00227 if ($GLOBALS['sys_use_pamauth'] == "yes" && ($method=="PAM" || $password=="PAM")) {
00228 # if user chose PAM based authentication, set his encrypted
00229 # password to the specified string
00230 $passwd='PAM';
00231 } elseif($method=="MYSQL") {
00232 $passwd=$password;
00233 }
00234 else {
00235 $passwd=md5($password);
00236 }
00237
00238 $confirm_hash = substr(md5($session_hash . $passwd . time()),0,16);
00239
00240 $result=db_query("INSERT INTO user (user_name,user_pw,realname,email,add_date,"
00241 . "status,confirm_hash) "
00242 . "VALUES ('$name','"
00243 . $passwd . "','"
00244 # . "$real_name','$email'," . time() . ","
00245 . addslashes($real_name) . "','". addslashes($email) . "'," . time() . ","
00246 . "'A','" # status
00247 . $confirm_hash
00248 . "')");
00249
00250 if (!$result) {
00251 exit_error('error',db_error());
00252 } else {
00253
00254 $GLOBALS['newuserid'] = db_insertid($result);
00255
00256 # send mail
00257 $message = "Thank you for registering on the "
00258 . $GLOBALS['sys_name'] . " web site. In order\n"
00259 . "to complete your registration, visit the following url:\n\n"
00260 . $GLOBALS['sys_https_url'].$GLOBALS['sys_home']
00261 . "/account/verify.php?confirm_hash=$confirm_hash\n\n"
00262 . "Enjoy the site.\n\n"
00263 . "--the " . $GLOBALS['sys_name'] . " team.\n";
00264 if($krb5ret == KRB5_OK) {
00265 $message = $message
00266 . "P.S. Your kerberos password is now stored in encrypted form\n"
00267 . "in the " . $GLOBALS['sys_name'] . " database. For better security we advise you\n"
00268 . "to change your " . $GLOBALS['sys_name'] . " password as soon as possible\n";
00269 }
00270
00271 mail($GLOBALS['form_email'],$GLOBALS['sys_name'] . " Account Registration",$message,"From: " . $GLOBALS['sys_replyto'] . "@".$GLOBALS['sys_lists_domain']);
00272
00273 return 1;
00274 }
00275 }
00276
00277 function update_users($file_name)
00278 {
00279 $ret=1;
00280 global $err;
00281 global $action;
00282 global $group_id;
00283 $arr = file($file_name);
00284 foreach($arr as $line_num => $line){
00285 # Ignore comments
00286 if($line[0] != "#"){
00287 $entries = split(":", $line);
00288 switch ($entries[0]) {
00289
00290
00291 case "add_user":
00292 if(count($entries) != 5){
00293 $err[trim($entries[1])] .= " bad_syntax ";
00294 break;
00295 }
00296 check_user_name($entries[1]);
00297 # For now, we allow only either PAM or MYSQL (-> use script passwd.php)
00298 if($entries[2]=="PAM"){
00299 $method="PAM";
00300 }
00301 else{
00302 $method="MYSQL";
00303 }
00304 check_passwd($entries[1], $entries[2], $entries[2], $method);
00305 check_real_name($entries[1], $entries[3]);
00306 check_email($entries[1], $entries[4]);
00307 # Add the user if so chosen and the tests went ok
00308 if(!$err[trim($entries[1])] && $action == "execute"){
00309 if(add_user($entries[1], $entries[3], $entries[4], $entries[2], $method)){
00310 }
00311 else{
00312 $err[$entries[1]] .= "add_user_failed ";
00313 };
00314 }
00315 else{
00316 };
00317 break;
00318
00319
00320 case "project_add_user":
00321 if(count($entries) != 9){
00322 $err[trim($entries[1])] .= " bad_syntax ";
00323 break;
00324 }
00325 $uid_arr=check_user_exists($entries[1]);
00326 $uid=$uid_arr['user_id'];
00327 check_user_exists($entries[1]);
00328 # All flags should be set to 0 (no permissions), 1 (tech), 2 (tech & admin) or 3 (admin).
00329 # Input values: "N", "T", "TA", "A".
00330 $tmp_entries=$entries;
00331 $flag_names=array("admin_flags", "bug_flags", "forum_flags",
00332 "project_flags", "patch_flags", "support_flags", "doc_flags");
00333 $flags=array();
00334 foreach($flag_names as $flagname){
00335 $flags[$flagname] = $tmp_entries[2];
00336 array_shift($tmp_entries);
00337 }
00338 $flags=check_flags($entries[1], $flags);
00339 if($flags && !$err[trim($entries[1])] && $action == "execute"){
00340 #echo $uid ."---". $group_id ."---". $flags[admin_flags] ."---". $flags[bug_flags];
00341 if(user_add_to_group($uid, $group_id, $flags[admin_flags],
00342 $flags[bug_flags], $flags[forum_flags], $flags[project_flags], $flags[patch_flags],
00343 $flags[support_flags], $flags[doc_flags])){
00344 }
00345 else{
00346 $err[$entries[1]] .= "project_add_user_failed ";
00347 }
00348 }
00349 break;
00350
00351
00352 case "project_update_user":
00353 if(count($entries) != 9){
00354 $err[trim($entries[1])] .= " bad_syntax ";
00355 break;
00356 }
00357 $uid_arr=check_user_exists($entries[1]);
00358 $uid=$uid_arr['user_id'];
00359 check_user_in_group($entries[1]);
00360 # Same as above
00361 $tmp_entries=$entries;
00362 $flag_names=array("admin_flags", "bug_flags", "forum_flags",
00363 "project_flags", "patch_flags", "support_flags", "doc_flags");
00364 $flags=array();
00365 foreach($flag_names as $flagname){
00366 $flags[$flagname] = $tmp_entries[2];
00367 array_shift($tmp_entries);
00368 }
00369 $flags=check_flags($entries[1], $flags);
00370 if($flags && !$err[trim($entries[1])] && $action == "execute"){
00371 if(user_add_to_group($uid, $group_id, $flags[admin_flags],
00372 $flags[bug_flags], $flags[forum_flags], $flags[project_flags], $flags[patch_flags],
00373 $flags[support_flags], $flags[doc_flags])){
00374 }
00375 else{
00376 $err[$entries[1]] .= "project_update_user_failed ";
00377 }
00378 }
00379 break;
00380
00381
00382 case "project_remove_user":
00383 $uid_arr=check_user_exists($entries[1]);
00384 $uid=$uid_arr['user_id'];
00385 check_user_in_group($entries[1]);
00386 if(!$err[trim($entries[1])] && $action == "execute"){
00387 if(user_remove_from_group($uid, $group_id)){
00388 }
00389 else{
00390 $err[$entries[1]] .= "project_remove_user_failed ";
00391 }
00392 }
00393 break;
00394
00395
00396 default:
00397 $err[$entries[1]] .= "bad_syntax ";
00398
00399 }
00400
00401
00402 }
00403 }
00404 if(count($err)>1 || count($arr)==0 || !$ret){
00405 return 0;
00406 }
00407 else{
00408 return 1;
00409 }
00410 }
00411
00412 check_file($HTTP_POST_FILES['file']);
00413
00414 update_users($HTTP_POST_FILES['file']['tmp_name']);
00415
00416 site_project_header(array('title'=>"Project Members Management",'group'=>$group_id,'context'=>'ahome'));
00417
00418
00419 echo "You have uploaded a file: ".$HTTP_POST_FILES['file']['name'].".<br />";
00420 echo "Temporary location: ".$HTTP_POST_FILES['file']['tmp_name'].".<br />";
00421 echo "Mime type: ".$HTTP_POST_FILES['file']['type'].".<br />";
00422 echo "Size in bytes: ".$HTTP_POST_FILES['file']['size'].".<br />";
00423
00424 $message="";
00425
00426 echo "<br />";
00427 foreach($err as $key => $value){
00428 $key = trim($key);
00429 $value = trim($value);
00430 $message .= "$key => $value"."\n";
00431 echo "$key => $value";
00432 echo "<br />";
00433 }
00434
00435 if(trim($message)==""){
00436 $message="All actions completed succesfully.";
00437 }
00438
00439 echo "<p class=error>An email with feedback will be sent to ".
00440 user_getemail(user_getid())."</p>";
00441
00442 mail(user_getemail(user_getid()), $GLOBALS['sys_name'] . " User Administration",$message,"From: " . $GLOBALS['sys_replyto'] . "@".$GLOBALS['sys_lists_domain']);
00443
00444 #destroy the file
00445 unlink($HTTP_POST_FILES['file']['tmp_name']);
00446
00447 $HTML->footer(array());
00448
00449 ?>
