aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/policy/private/session/createAccount-pre.php
blob: ce789482165e58db3ecedc87673d5f47d8c8b353 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
/*
    Module:	base/session
    createAccount => byAdmin esetén csak az érintet policy-n belül az adminGroup tagjainak lehet létrehozni új account-ot
    createAccount => byRegistration esetén bárki regisztrálhat bármely policy-ből
*/

    if (_RIGHTS_OK !== true) die();

    if (memberOf(_USERACCOUNT, $AUTH[_POLICY]['adminGroup'])) {
	$DEFAULTS['userAccount'] = readVariable($_GET['userAccount'],'userAccount');
	$DEFAULTS['userCn'] = readVariable($_GET['userCn'],'emptystringnull');
	$DEFAULTS['userPassword'] = readVariable($_GET['userPassword'],'emptystringnull');
	$DEFAULTS['mail'] = readVariable($_GET['email'],'emptystringnull');
	$DEFAULTS['telephoneNumber'] = readVariable($_GET['tel'],'emptystringnull');
    }

    $toPolicy = readVariable($_POST['toPolicy'], 'enum', readVariable($_GET['toPolicy'], 'enum',_POLICY, $POLICIES), $POLICIES);

    @$toPSF = $_REQUEST['toPSF'];

    if ($toPolicy != _POLICY) require_once(_CONFIGDIR."/$toPolicy-conf.php");
    if (
	(
    	    $AUTH[$toPolicy]['createAccount'] == 'byAdmin'
	    and memberOf(_USERACCOUNT, $AUTH['private']['adminGroup'])
	)
	or (
	    $AUTH[$toPolicy]['createAccount'] == 'byRegistration'
	    && _USERACCOUNT ==''
	)
    ) {
	define('_ENABLE',true);
    } else {
	define('_ENABLE',false);
	$_SESSION['alert'][] = 'page:insufficient_access:#1';
    }

    if (_ENABLE && $action == 'createAccount' && isset($_POST['new'])) {

        $file = $_FILES['file']['tmp_name'];
        if ($file != '' && $file != 'none' && file_exists($file)) {

            $uidfp=fopen($file, 'r');
            while ($sor=fgets($uidfp, 4096)) {
                list($userCn, $userAccount, $userPassword, $category, $studyId, $container)=explode("	",chop($sor));
		// A biztonság kedvéért ez a html form validációval egyező legyen 
		$userCn = readVariable($userCn,'html');
		$userAccount = readvariable($userAccount,'html');
		$studyId = readVariable($studyId,'number');
		$category = readVariable($category, 'enum','',$AUTH[$toPolicy]['categories']);
		$container = readVariable($container,'enum','',$AUTH[$toPolicy][$AUTH[$toPolicy]['backend'].'Containers']);
		$policyAccountAttrs = array();
		if (is_array($AUTH[$toPolicy]['accountAttrs'])) foreach ($AUTH[$toPolicy]['accountAttrs'] as $attr) {
		    if (isset($$attr) and $$attr != '') $policyAccountAttrs[$attr] = readVariable($$attr, 'string');
		}
		if (createAccount($userCn, $userAccount, $userPassword, $toPolicy, array('container'=> $container, 'category' => $category, 'policyAttrs' => $policyAccountAttrs)) ===false) {
		    $_SESSION['alert'][] = "info:user_create_failure: cn.$userCn|account.$userAccount|policy.$toPolicy|category.$category|container.$container";
		}
            }
            fclose($uidfp);

	} else {

	    // kötelező paraméterek
	    $userCn = readVariable($_POST['userCn'],'html');
	    $userAccount = readvariable($_POST['userAccount'],'html');
	    $studyId = readVariable($_POST['studyId'],'number');
	    $userPassword = $_POST['userPassword'];
	    $verification = $_POST['verification'];

	    // opcionális  paraméterek
	    $category = readVariable($_POST['category'], 'enum','',$AUTH[$toPolicy]['categories']);
	    $container = readVariable($_POST['container'],'enum','',$AUTH[$toPolicy][$AUTH[$toPolicy]['backend'].'Containers']);

	    $policyAccountAttrs = array();
	    if (is_array($AUTH[$toPolicy]['accountAttrs'])) foreach ($AUTH[$toPolicy]['accountAttrs'] as $attr) {
		if (isset($_POST[$attr]) and $_POST[$attr] != '') $policyAccountAttrs[$attr] = readVariable($_POST[$attr], 'string'); // ???
	    }

            if ($userCn == '' or $userAccount == '' or $userPassword == '' or $verification == '') {
		// Csak policy váltás történt
                // $_SESSION['alert'][] = 'message:empty_field';
            } elseif ($userPassword != $verification) {
                $_SESSION['alert'][] = 'message:pw_not_match';
            } else {
                if (createAccount($userCn, $userAccount, $userPassword, $toPolicy, 
            		    array('container'=> $container, 'category' => $category, 'policyAttrs' => $policyAccountAttrs))) {
		    if (
			_POLICY == 'private'
			&& memberOf(_USERACCOUNT, $AUTH[_POLICY]['adminGroup'])
		    ) header('Location: '.location("index.php?page=session&f=accountInfo&userAccount=$userAccount&toPolicy=$toPolicy"));
		    elseif (_POLICY == 'public') {
			$toPSF = ($toPSF=='') ? 'auth::login' : $toPSF;
			header(
			    'Location: '.location("index.php?page=auth&f=login&userAccount=$userAccount&policy=public&toPolicy=$toPolicy&toPSF=$toPSF", array('skin','lang','sessionID'))
			);
		    } else {
			$toPSF = ($toPSF=='') ? 'session::accountInfo' : $toPSF;
			header(
			    'Location: '.location("index.php?page=auth&f=login&userAccount=$userAccount&policy=public&toPolicy=$toPolicy&toPSF=$toPSF", array('skin','lang','sessionID'))
			);
		    }
		}
            }
        }

    }

?>