API tools faq
paste
Guest User

Untitled

a guest
Aug 18th, 2017
31
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.01 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. *********************************************************************************************************
  4. * daloRADIUS - RADIUS Web Platform
  5. * Copyright (C) 2007 - Liran Tal <liran@enginx.com> All Rights Reserved.
  6. *
  7. * This program is free software; you can redistribute it and/or
  8. * modify it under the terms of the GNU General Public License
  9. * as published by the Free Software Foundation; either version 2
  10. * of the License, or (at your option) any later version.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program; if not, write to the Free Software
  14. * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  15. *
  16. *********************************************************************************************************
  17. *
  18. * Authors: Liran Tal <liran@enginx.com>
  19. *
  20. *********************************************************************************************************
  21. */
  22.  
  23. include ("library/checklogin.php");
  24. $operator = $_SESSION['operator_user'];
  25.  
  26. include('library/check_operator_perm.php');
  27.  
  28. // declaring variables
  29. $logAction = "";
  30. $logDebugSQL = "";
  31.  
  32. isset($_POST['username']) ? $username = $_POST['username'] : $username = "";
  33. isset($_POST['password']) ? $password = $_POST['password'] : $password = "";
  34. isset($_POST['groups']) ? $groups = $_POST['groups'] : $groups = "";
  35. isset($_POST['authType']) ? $authType = $_POST['authType'] : $authType = "";
  36.  
  37. isset($_POST['username']) ? $username = $_POST['username'] : $username = "";
  38. isset($_POST['password']) ? $password = $_POST['password'] : $password = "";
  39. isset($_POST['passwordType']) ? $passwordtype = $_POST['passwordType'] : $passwordtype = "";
  40.  
  41. isset($_POST['macaddress']) ? $macaddress = $_POST['macaddress'] : $macaddress = "";
  42. isset($_POST['pincode']) ? $pincode = $_POST['pincode'] : $pincode = "";
  43.  
  44. isset($_POST['group_macaddress']) ? $group_macaddress = $_POST['group_macaddress'] : $group_macaddress = "";
  45. isset($_POST['group_pincode']) ? $group_pincode = $_POST['group_pincode'] : $group_pincode = "";
  46.  
  47.  
  48. isset($_POST['bi_contactperson']) ? $bi_contactperson = $_POST['bi_contactperson'] : $bi_contactperson = "";
  49. isset($_POST['bi_company']) ? $bi_company = $_POST['bi_company'] : $bi_company = "";
  50. isset($_POST['bi_email']) ? $bi_email = $_POST['bi_email'] : $bi_email = "";
  51. isset($_POST['bi_phone']) ? $bi_phone = $_POST['bi_phone'] : $bi_phone = "";
  52. isset($_POST['bi_address']) ? $bi_address = $_POST['bi_address'] : $bi_address = "";
  53. isset($_POST['bi_city']) ? $bi_city = $_POST['bi_city'] : $bi_city = "";
  54. isset($_POST['bi_state']) ? $bi_state = $_POST['bi_state'] : $bi_state = "";
  55. isset($_POST['bi_country']) ? $bi_country = $_POST['bi_country'] : $bi_country = "";
  56. isset($_POST['bi_zip']) ? $bi_zip = $_POST['bi_zip'] : $bi_zip = "";
  57. isset($_POST['bi_paymentmethod']) ? $bi_paymentmethod = $_POST['bi_paymentmethod'] : $bi_paymentmethod = "";
  58. isset($_POST['bi_cash']) ? $bi_cash = $_POST['bi_cash'] : $bi_cash = "";
  59. isset($_POST['bi_creditcardname']) ? $bi_creditcardname = $_POST['bi_creditcardname'] : $bi_creditcardname = "";
  60. isset($_POST['bi_creditcardnumber']) ? $bi_creditcardnumber = $_POST['bi_creditcardnumber'] : $bi_creditcardnumber = "";
  61. isset($_POST['bi_creditcardverification']) ? $bi_creditcardverification = $_POST['bi_creditcardverification'] : $bi_creditcardverification = "";
  62. isset($_POST['bi_creditcardtype']) ? $bi_creditcardtype = $_POST['bi_creditcardtype'] : $bi_creditcardtype = "";
  63. isset($_POST['bi_creditcardexp']) ? $bi_creditcardexp = $_POST['bi_creditcardexp'] : $bi_creditcardexp = "";
  64. isset($_POST['bi_notes']) ? $bi_notes = $_POST['bi_notes'] : $bi_notes = "";
  65. isset($_POST['bi_lead']) ? $bi_lead = $_POST['bi_lead'] : $bi_lead = "";
  66. isset($_POST['bi_coupon']) ? $bi_coupon = $_POST['bi_coupon'] : $bi_coupon = "";
  67. isset($_POST['bi_ordertaker']) ? $bi_ordertaker = $_POST['bi_ordertaker'] : $bi_ordertaker = "";
  68. isset($_POST['bi_billstatus']) ? $bi_billstatus = $_POST['bi_billstatus'] : $bi_billstatus = "";
  69. isset($_POST['bi_lastbill']) ? $bi_lastbill = $_POST['bi_lastbill'] : $bi_lastbill = "";
  70. isset($_POST['bi_nextbill']) ? $bi_nextbill = $_POST['bi_nextbill'] : $bi_nextbill = "";
  71. isset($_POST['bi_nextinvoicedue']) ? $bi_nextinvoicedue = $_POST['bi_nextinvoicedue'] : $bi_nextinvoicedue = "";
  72. isset($_POST['bi_billdue']) ? $bi_billdue = $_POST['bi_billdue'] : $bi_billdue = "";
  73. isset($_POST['bi_postalinvoice']) ? $bi_postalinvoice = $_POST['bi_postalinvoice'] : $bi_postalinvoice = "";
  74. isset($_POST['bi_faxinvoice']) ? $bi_faxinvoice = $_POST['bi_faxinvoice'] : $bi_faxinvoice = "";
  75. isset($_POST['bi_emailinvoice']) ? $bi_emailinvoice = $_POST['bi_emailinvoice'] : $bi_emailinvoice = "";
  76. isset($_POST['changeUserBillInfo']) ? $bi_changeuserbillinfo = $_POST['changeUserBillInfo'] : $bi_changeuserbillinfo = "0";
  77.  
  78. isset($_POST['firstname']) ? $firstname = $_POST['firstname'] : $firstname = "";
  79. isset($_POST['lastname']) ? $lastname = $_POST['lastname'] : $lastname = "";
  80. isset($_POST['email']) ? $email = $_POST['email'] : $email = "";
  81. isset($_POST['department']) ? $department = $_POST['department'] : $department = "";
  82. isset($_POST['company']) ? $company = $_POST['company'] : $company = "";
  83. isset($_POST['workphone']) ? $workphone = $_POST['workphone'] : $workphone = "";
  84. isset($_POST['homephone']) ? $homephone = $_POST['homephone'] : $homephone = "";
  85. isset($_POST['mobilephone']) ? $mobilephone = $_POST['mobilephone'] : $mobilephone = "";
  86. isset($_POST['address']) ? $ui_address = $_POST['address'] : $ui_address = "";
  87. isset($_POST['city']) ? $ui_city = $_POST['city'] : $ui_city = "";
  88. isset($_POST['state']) ? $ui_state = $_POST['state'] : $ui_state = "";
  89. isset($_POST['country']) ? $country = $_POST['country'] : $country = "";
  90. isset($_POST['zip']) ? $ui_zip = $_POST['zip'] : $ui_zip = "";
  91. isset($_POST['notes']) ? $notes = $_POST['notes'] : $notes = "";
  92. isset($_POST['changeUserInfo']) ? $ui_changeuserinfo = $_POST['changeUserInfo'] : $ui_changeuserinfo = "0";
  93.  
  94. isset($_POST['enableUserPortalLogin']) ? $ui_enableUserPortalLogin = $_POST['enableUserPortalLogin'] : $ui_enableUserPortalLogin = "0";
  95. isset($_POST['portalLoginPassword']) ? $ui_PortalLoginPassword = $_POST['portalLoginPassword'] : $ui_PortalLoginPassword = "";
  96.  
  97. isset($_POST['dictAttributes']) ? $dictAttributes = $_POST['dictAttributes'] : $dictAttributes = "";
  98.  
  99.  
  100. function addGroups($dbSocket, $username, $groups) {
  101.  
  102. global $logDebugSQL;
  103. global $configValues;
  104.  
  105. // insert usergroup mapping
  106. if (isset($groups)) {
  107.  
  108. foreach ($groups as $group) {
  109.  
  110. if (trim($group) != "") {
  111. $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADUSERGROUP']." (UserName,GroupName,priority) ".
  112. " VALUES ('".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($group)."',0) ";
  113. $res = $dbSocket->query($sql);
  114. $logDebugSQL .= $sql . "\n";
  115. }
  116. }
  117. }
  118. }
  119.  
  120.  
  121. function addUserInfo($dbSocket, $username) {
  122.  
  123. global $firstname;
  124. global $lastname;
  125. global $email;
  126. global $department;
  127. global $company;
  128. global $workphone;
  129. global $homephone;
  130. global $mobilephone;
  131. global $ui_address;
  132. global $ui_city;
  133. global $ui_state;
  134. global $ui_country;
  135. global $ui_zip;
  136. global $notes;
  137. global $ui_changeuserinfo;
  138. global $ui_PortalLoginPassword;
  139. global $ui_enableUserPortalLogin;
  140.  
  141. global $logDebugSQL;
  142. global $configValues;
  143.  
  144. $currDate = date('Y-m-d H:i:s');
  145. $currBy = $_SESSION['operator_user'];
  146.  
  147. $sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
  148. " WHERE username='".$dbSocket->escapeSimple($username)."'";
  149. $res = $dbSocket->query($sql);
  150. $logDebugSQL .= $sql . "\n";
  151.  
  152. // if there were no records for this user present in the userinfo table
  153. if ($res->numRows() == 0) {
  154. // insert user information table
  155. $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
  156. " (id, username, firstname, lastname, email, department, company, workphone, homephone, ".
  157. " mobilephone, address, city, state, country, zip, notes, changeuserinfo, portalloginpassword, enableportallogin, creationdate, creationby, updatedate, updateby) ".
  158. " VALUES (0,
  159. '".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($firstname)."', '".
  160. $dbSocket->escapeSimple($lastname)."', '".$dbSocket->escapeSimple($email)."', '".
  161. $dbSocket->escapeSimple($department)."', '".$dbSocket->escapeSimple($company)."', '".
  162. $dbSocket->escapeSimple($workphone)."', '".$dbSocket->escapeSimple($homephone)."', '".
  163. $dbSocket->escapeSimple($mobilephone)."', '".$dbSocket->escapeSimple($ui_address)."', '".
  164. $dbSocket->escapeSimple($ui_city)."', '".$dbSocket->escapeSimple($ui_state)."', '".
  165. $dbSocket->escapeSimple($ui_country)."', '".
  166. $dbSocket->escapeSimple($ui_zip)."', '".$dbSocket->escapeSimple($notes)."', '".
  167. $dbSocket->escapeSimple($ui_changeuserinfo)."', '".
  168. $dbSocket->escapeSimple($ui_PortalLoginPassword)."', '".$dbSocket->escapeSimple($ui_enableUserPortalLogin).
  169. "', '$currDate', '$currBy', NULL, NULL)";
  170. $res = $dbSocket->query($sql);
  171. $logDebugSQL .= $sql . "\n";
  172. } //FIXME:
  173. //if the user already exist in userinfo then we should somehow alert the user
  174. //that this has happened and the administrator/operator will take care of it
  175.  
  176. }
  177.  
  178.  
  179.  
  180. function addUserBillInfo($dbSocket, $username) {
  181.  
  182. global $bi_contactperson;
  183. global $bi_company;
  184. global $bi_email;
  185. global $bi_phone;
  186. global $bi_address;
  187. global $bi_city;
  188. global $bi_state;
  189. global $bi_country;
  190. global $bi_zip;
  191. global $bi_paymentmethod;
  192. global $bi_cash;
  193. global $bi_creditcardname;
  194. global $bi_creditcardnumber;
  195. global $bi_creditcardexp;
  196. global $bi_creditcardverification;
  197. global $bi_creditcardtype;
  198. global $bi_notes;
  199. global $bi_lead;
  200. global $bi_coupon;
  201. global $bi_ordertaker;
  202. global $bi_billstatus;
  203. global $bi_lastbill;
  204. global $bi_nextbill;
  205. global $bi_nextinvoicedue;
  206. global $bi_billdue;
  207. global $bi_postalinvoice;
  208. global $bi_faxinvoice;
  209. global $bi_emailinvoice;
  210. global $bi_changeuserbillinfo;
  211. global $logDebugSQL;
  212. global $configValues;
  213.  
  214. $currDate = date('Y-m-d H:i:s');
  215. $currBy = $_SESSION['operator_user'];
  216.  
  217. $sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
  218. " WHERE username='".$dbSocket->escapeSimple($username)."'";
  219. $res = $dbSocket->query($sql);
  220. $logDebugSQL .= $sql . "\n";
  221.  
  222. // if there were no records for this user present in the userbillinfo table
  223. if ($res->numRows() == 0) {
  224. // insert user billing information table
  225. $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
  226. " (id, username, contactperson, company, email, phone, ".
  227. " address, city, state, country, zip, ".
  228. " paymentmethod, cash, creditcardname, creditcardnumber, creditcardverification, creditcardtype, creditcardexp, ".
  229. " notes, changeuserbillinfo, ".
  230. " lead, coupon, ordertaker, billstatus, lastbill, nextbill, nextinvoicedue, billdue, postalinvoice, faxinvoice, emailinvoice, ".
  231. " creationdate, creationby, updatedate, updateby) ".
  232. " VALUES (0,
  233. '".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($bi_contactperson)."', '".
  234. $dbSocket->escapeSimple($bi_company)."', '".$dbSocket->escapeSimple($bi_email)."', '".
  235. $dbSocket->escapeSimple($bi_phone)."', '".$dbSocket->escapeSimple($bi_address)."', '".
  236. $dbSocket->escapeSimple($bi_city)."', '".$dbSocket->escapeSimple($bi_state)."', '".
  237. $dbSocket->escapeSimple($bi_country)."', '".
  238. $dbSocket->escapeSimple($bi_zip)."', '".$dbSocket->escapeSimple($bi_paymentmethod)."', '".
  239. $dbSocket->escapeSimple($bi_cash)."', '".$dbSocket->escapeSimple($bi_creditcardname)."', '".
  240. $dbSocket->escapeSimple($bi_creditcardnumber)."', '".$dbSocket->escapeSimple($bi_creditcardverification)."', '".
  241. $dbSocket->escapeSimple($bi_creditcardtype)."', '".$dbSocket->escapeSimple($bi_creditcardexp)."', '".
  242. $dbSocket->escapeSimple($bi_notes)."', '".
  243. $dbSocket->escapeSimple($bi_changeuserbillinfo)."', '".
  244. $dbSocket->escapeSimple($bi_lead)."', '".$dbSocket->escapeSimple($bi_coupon)."', '".
  245. $dbSocket->escapeSimple($bi_ordertaker)."', '".$dbSocket->escapeSimple($bi_billstatus)."', '".
  246. $dbSocket->escapeSimple($bi_lastbill)."', '".$dbSocket->escapeSimple($bi_nextbill)."', '".
  247. $dbSocket->escapeSimple($bi_nextinvoicedue)."', '".$dbSocket->escapeSimple($bi_billdue)."', '".
  248. $dbSocket->escapeSimple($bi_postalinvoice)."', '".$dbSocket->escapeSimple($bi_faxinvoice)."', '".
  249. $dbSocket->escapeSimple($bi_emailinvoice).
  250. "', '$currDate', '$currBy', NULL, NULL)";
  251. $res = $dbSocket->query($sql);
  252. $logDebugSQL .= $sql . "\n";
  253. } //FIXME:
  254. //if the user already exist in userinfo then we should somehow alert the user
  255. //that this has happened and the administrator/operator will take care of it
  256.  
  257. }
  258.  
  259.  
  260. function addAttributes($dbSocket, $username) {
  261.  
  262. global $logDebugSQL;
  263. global $configValues;
  264.  
  265. foreach($_POST as $element=>$field) {
  266.  
  267. // switch case to rise the flag for several $attribute which we do not
  268. // wish to process (ie: do any sql related stuff in the db)
  269. switch ($element) {
  270.  
  271. case "authType":
  272. case "username":
  273. case "password":
  274. case "passwordType":
  275. case "groups":
  276. case "group_macaddress":
  277. case "group_pincode":
  278. case "macaddress":
  279. case "pincode":
  280. case "submit":
  281. case "firstname":
  282. case "lastname":
  283. case "email":
  284. case "department":
  285. case "company":
  286. case "workphone":
  287. case "homephone":
  288. case "mobilephone":
  289. case "address":
  290. case "city":
  291. case "state":
  292. case "country":
  293. case "zip":
  294. case "notes":
  295. case "bi_contactperson":
  296. case "bi_company":
  297. case "bi_email":
  298. case "bi_phone":
  299. case "bi_address":
  300. case "bi_city":
  301. case "bi_state":
  302. case "bi_country":
  303. case "bi_zip":
  304. case "bi_paymentmethod":
  305. case "bi_cash":
  306. case "bi_creditcardname":
  307. case "bi_creditcardnumber":
  308. case "bi_creditcardverification":
  309. case "bi_creditcardtype":
  310. case "bi_creditcardexp":
  311. case "bi_notes":
  312. case "bi_lead":
  313. case "bi_coupon":
  314. case "bi_ordertaker":
  315. case "bi_billstatus":
  316. case "bi_lastbill":
  317. case "bi_nextbill":
  318. case "bi_nextinvoicedue":
  319. case "bi_billdue":
  320. case "bi_postalinvoice":
  321. case "bi_faxinvoice":
  322. case "bi_emailinvoice":
  323. case "changeUserBillInfo":
  324. case "changeUserInfo":
  325. case "copycontact":
  326. case "portalLoginPassword":
  327. case "enableUserPortalLogin":
  328. $skipLoopFlag = 1; // if any of the cases above has been met we set a flag
  329. // to skip the loop (continue) without entering it as
  330. // we do not want to process this $attribute in the following
  331. // code block
  332. break;
  333. }
  334.  
  335. if ($skipLoopFlag == 1) {
  336. $skipLoopFlag = 0; // resetting the loop flag
  337. continue;
  338. }
  339.  
  340. if (isset($field[0]))
  341. $attribute = $field[0];
  342. if (isset($field[1]))
  343. $value = $field[1];
  344. if (isset($field[2]))
  345. $op = $field[2];
  346. if (isset($field[3]))
  347. $table = $field[3];
  348.  
  349. if ( isset($table) && ($table == 'check') )
  350. $table = $configValues['CONFIG_DB_TBL_RADCHECK'];
  351. if ( isset($table) && ($table == 'reply') )
  352. $table = $configValues['CONFIG_DB_TBL_RADREPLY'];
  353.  
  354. if ( (isset($field)) && (!isset($field[1])) )
  355. continue;
  356.  
  357. $sql = "INSERT INTO $table (id,Username,Attribute,op,Value) ".
  358. " VALUES (0, '".$dbSocket->escapeSimple($username)."', '".
  359. $dbSocket->escapeSimple($attribute)."', '".$dbSocket->escapeSimple($op)."', '".
  360. $dbSocket->escapeSimple($value)."') ";
  361. $res = $dbSocket->query($sql);
  362. $logDebugSQL .= $sql . "\n";
  363.  
  364. } // foreach
  365.  
  366. }
  367.  
  368.  
  369. if (isset($_POST['submit'])) {
  370.  
  371. include 'library/opendb.php';
  372.  
  373. global $username;
  374. global $authType;
  375. global $password;
  376. global $passwordtype;
  377.  
  378. switch($authType) {
  379. case "userAuth":
  380. break;
  381. case "macAuth":
  382. $username = $macaddress;
  383. break;
  384. case "pincodeAuth":
  385. $username = $pincode;
  386. break;
  387. }
  388.  
  389. $sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_RADCHECK']." WHERE UserName='".
  390. $dbSocket->escapeSimple($username)."'";
  391. $res = $dbSocket->query($sql);
  392. $logDebugSQL .= $sql . "\n";
  393.  
  394. if ($res->numRows() == 0) {
  395.  
  396. if ($authType == "userAuth") {
  397.  
  398. if (trim($username) != "" and trim($password) != "") {
  399.  
  400. // we need to perform the secure method escapeSimple on $dbPassword early because as seen below
  401. // we manipulate the string and manually add to it the '' which screw up the query if added in $sql
  402. $password = $dbSocket->escapeSimple($password);
  403.  
  404. switch($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) {
  405. case "cleartext":
  406. $dbPassword = "'$password'";
  407. break;
  408. case "crypt":
  409. $dbPassword = "ENCRYPT('$password', 'SALT_DALORADIUS')";
  410. break;
  411. case "md5":
  412. $dbPassword = "MD5('$password')";
  413. break;
  414. default:
  415. $dbPassword = "'$password'";
  416. }
  417.  
  418. // at this stage $dbPassword contains the password string encapsulated by '' and either uses
  419. // a function to encrypt it like ENCRYPT or it doesn't, it's based on the configuration
  420. // but here we provide another stage, for Crypt-Password and MD5-Password it's obvious
  421. // that the password need be encrypted so even if this option is not in the configuration
  422. // we enforce it.
  423.  
  424. // we first check if the password attribute is to be encrypted at all
  425. if (preg_match("/crypt/i", $passwordtype)) {
  426. // if we don't find the encrypt function even though we identified
  427. // a Crypt-Password attribute
  428. if (!(preg_match("/encrypt/i",$dbPassword))) {
  429. $dbPassword = "ENCRYPT('$password', 'SALT_DALORADIUS')";
  430. }
  431.  
  432. // we now perform the same check but for an MD5-Password attribute
  433. } elseif (preg_match("/md5/i", $passwordtype)) {
  434. // if we don't find the md5 function even though we identified
  435. // a MD5-Password attribute
  436. if (!(preg_match("/md5/i",$dbPassword))) {
  437. $dbPassword = "MD5('$password')";
  438. }
  439. }
  440.  
  441. // insert username/password
  442. $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id,Username,Attribute,op,Value) ".
  443. " VALUES (0, '".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($passwordtype).
  444. "', ':=', $dbPassword)";
  445. $res = $dbSocket->query($sql);
  446. $logDebugSQL .= $sql . "\n";
  447.  
  448. addGroups($dbSocket, $username, $groups);
  449. addUserInfo($dbSocket, $username);
  450. addUserBillInfo($dbSocket, $username);
  451. addAttributes($dbSocket, $username);
  452.  
  453. $successMsg = "Added to database new user: <b> $username </b>";
  454. $logAction .= "Successfully added new user [$username] on page: ";
  455.  
  456. } else {
  457.  
  458. $failureMsg = "username or password are empty";
  459. $logAction .= "Failed adding (possible empty user/pass) new user [$username] on page: ";
  460. }
  461.  
  462. } elseif ($authType == "macAuth") {
  463.  
  464. // insert username/password
  465. $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id,Username,Attribute,op,Value) ".
  466. " VALUES (0, '".$dbSocket->escapeSimple($macaddress)."', 'Auth-Type', ':=', 'Accept')";
  467. $res = $dbSocket->query($sql);
  468. $logDebugSQL .= $sql . "\n";
  469.  
  470. addGroups($dbSocket, $macaddress, $group_macaddress);
  471. addUserInfo($dbSocket, $macaddress);
  472. addUserBillInfo($dbSocket, $username);
  473. addAttributes($dbSocket, $macaddress);
  474.  
  475. $successMsg = "Added to database new mac auth user: <b> $macaddress </b>";
  476. $logAction .= "Successfully added new mac auth user [$macaddress] on page: ";
  477.  
  478. } elseif ($authType == "pincodeAuth") {
  479.  
  480. // insert username/password
  481. $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id,Username,Attribute,op,Value) ".
  482. " VALUES (0, '".$dbSocket->escapeSimple($pincode)."', 'Auth-Type', ':=', 'Accept')";
  483. $res = $dbSocket->query($sql);
  484. $logDebugSQL .= $sql . "\n";
  485.  
  486. addGroups($dbSocket, $pincode, $group_pincode);
  487. addUserInfo($dbSocket, $pincode);
  488. addUserBillInfo($dbSocket, $username);
  489. addAttributes($dbSocket, $pincode);
  490.  
  491. $successMsg = "Added to database new pincode: <b> $pincode </b>";
  492. $logAction .= "Successfully added new pincode [$pincode] on page: ";
  493.  
  494. } else {
  495. echo "unknown authentication method <br/>";
  496. }
  497.  
  498. } else {
  499. $failureMsg = "user already exist in database: <b> $username </b>";
  500. $logAction .= "Failed adding new user already existing in database [$username] on page: ";
  501. }
  502.  
  503. include 'library/closedb.php';
  504.  
  505. }
  506.  
  507.  
  508.  
  509.  
  510. include_once('library/config_read.php');
  511. $log = "visited page: ";
  512.  
  513. if ($configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] == "yes")
  514. $hiddenPassword = "type=\"password\"";
  515.  
  516. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!