<?php
/*
*********************************************************************************************************
* daloRADIUS - RADIUS Web Platform
* Copyright (C) 2007 - Liran Tal <hide@address.com> All Rights Reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*********************************************************************************************************
*
* Authors: Liran Tal <hide@address.com>
*
*********************************************************************************************************
*/
include ("library/checklogin.php");
$operator = $_SESSION['operator_user'];
include('library/check_operator_perm.php');
isset($_POST['username']) ? $username = $_POST['username'] : $username = "";
isset($_POST['password']) ? $password = $_POST['password'] : $password = "";
isset($_POST['planName']) ? $planName = $_POST['planName'] : $planName = "";
isset($_POST['profiles']) ? $profiles = $_POST['profiles'] : $profiles = "";
isset($_POST['passwordType']) ? $passwordtype = $_POST['passwordType'] : $passwordtype = "";
isset($_POST['bi_contactperson']) ? $bi_contactperson = $_POST['bi_contactperson'] : $bi_contactperson = "";
isset($_POST['bi_company']) ? $bi_company = $_POST['bi_company'] : $bi_company = "";
isset($_POST['bi_email']) ? $bi_email = $_POST['bi_email'] : $bi_email = "";
isset($_POST['bi_phone']) ? $bi_phone = $_POST['bi_phone'] : $bi_phone = "";
isset($_POST['bi_address']) ? $bi_address = $_POST['bi_address'] : $bi_address = "";
isset($_POST['bi_city']) ? $bi_city = $_POST['bi_city'] : $bi_city = "";
isset($_POST['bi_state']) ? $bi_state = $_POST['bi_state'] : $bi_state = "";
isset($_POST['bi_zip']) ? $bi_zip = $_POST['bi_zip'] : $bi_zip = "";
isset($_POST['bi_paymentmethod']) ? $bi_paymentmethod = $_POST['bi_paymentmethod'] : $bi_paymentmethod = "";
isset($_POST['bi_cash']) ? $bi_cash = $_POST['bi_cash'] : $bi_cash = "";
isset($_POST['bi_creditcardname']) ? $bi_creditcardname = $_POST['bi_creditcardname'] : $bi_creditcardname = "";
isset($_POST['bi_creditcardnumber']) ? $bi_creditcardnumber = $_POST['bi_creditcardnumber'] : $bi_creditcardnumber = "";
isset($_POST['bi_creditcardverification']) ? $bi_creditcardverification = $_POST['bi_creditcardverification'] : $bi_creditcardverification = "";
isset($_POST['bi_creditcardtype']) ? $bi_creditcardtype = $_POST['bi_creditcardtype'] : $bi_creditcardtype = "";
isset($_POST['bi_creditcardexp']) ? $bi_creditcardexp = $_POST['bi_creditcardexp'] : $bi_creditcardexp = "";
isset($_POST['bi_notes']) ? $bi_notes = $_POST['bi_notes'] : $bi_notes = "";
isset($_POST['bi_lead']) ? $bi_lead = $_POST['bi_lead'] : $bi_lead = "";
isset($_POST['bi_coupon']) ? $bi_coupon = $_POST['bi_coupon'] : $bi_coupon = "";
isset($_POST['bi_ordertaker']) ? $bi_ordertaker = $_POST['bi_ordertaker'] : $bi_ordertaker = "";
isset($_POST['bi_billstatus']) ? $bi_billstatus = $_POST['bi_billstatus'] : $bi_billstatus = "";
isset($_POST['bi_lastbill']) ? $bi_lastbill = $_POST['bi_lastbill'] : $bi_lastbill = "";
isset($_POST['bi_nextbill']) ? $bi_nextbill = $_POST['bi_nextbill'] : $bi_nextbill = "";
isset($_POST['bi_postalinvoice']) ? $bi_postalinvoice = $_POST['bi_postalinvoice'] : $bi_postalinvoice = "";
isset($_POST['bi_faxinvoice']) ? $bi_faxinvoice = $_POST['bi_faxinvoice'] : $bi_faxinvoice = "";
isset($_POST['bi_emailinvoice']) ? $bi_emailinvoice = $_POST['bi_emailinvoice'] : $bi_emailinvoice = "";
isset($_POST['changeUserBillInfo']) ? $bi_changeuserbillinfo = $_POST['changeUserBillInfo'] : $bi_changeuserbillinfo = "0";
isset($_POST['firstname']) ? $firstname = $_POST['firstname'] : $firstname = "";
isset($_POST['lastname']) ? $lastname = $_POST['lastname'] : $lastname = "";
isset($_POST['email']) ? $email = $_POST['email'] : $email = "";
isset($_POST['department']) ? $department = $_POST['department'] : $department = "";
isset($_POST['company']) ? $company = $_POST['company'] : $company = "";
isset($_POST['workphone']) ? $workphone = $_POST['workphone'] : $workphone = "";
isset($_POST['homephone']) ? $homephone = $_POST['homephone'] : $homephone = "";
isset($_POST['mobilephone']) ? $mobilephone = $_POST['mobilephone'] : $mobilephone = "";
isset($_POST['address']) ? $ui_address = $_POST['address'] : $ui_address = "";
isset($_POST['city']) ? $ui_city = $_POST['city'] : $ui_city = "";
isset($_POST['state']) ? $ui_state = $_POST['state'] : $ui_state = "";
isset($_POST['zip']) ? $ui_zip = $_POST['zip'] : $ui_zip = "";
isset($_POST['notes']) ? $notes = $_POST['notes'] : $notes = "";
isset($_POST['changeUserInfo']) ? $ui_changeuserinfo = $_POST['changeUserInfo'] : $ui_changeuserinfo = "0";
$logAction = "";
$logDebugSQL = "";
function addPlanProfile($dbSocket, $username, $planName) {
global $logDebugSQL;
global $configValues;
$sql = "SELECT planGroup FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'].
" WHERE planName='".$dbSocket->escapeSimple($planName)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
$row = $res->fetchRow();
$planGroup = $row[0];
if ( (isset($planGroup)) && ($planGroup != "") ) {
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADUSERGROUP']." (UserName,GroupName,priority) ".
" VALUES ('".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($planGroup)."',0) ";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
}
function addGroups($dbSocket, $username, $groups) {
global $logDebugSQL;
global $configValues;
// insert usergroup mapping
if (isset($groups)) {
foreach ($groups as $group) {
if (trim($group) != "") {
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADUSERGROUP']." (UserName,GroupName,priority) ".
" VALUES ('".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($group)."',0) ";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
}
}
}
function addUserInfo($dbSocket, $username) {
global $firstname;
global $lastname;
global $email;
global $department;
global $company;
global $workphone;
global $homephone;
global $mobilephone;
global $ui_address;
global $ui_city;
global $ui_state;
global $ui_zip;
global $notes;
global $ui_changeuserinfo;
global $logDebugSQL;
global $configValues;
$currDate = date('Y-m-d H:i:s');
$currBy = $_SESSION['operator_user'];
$sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
" WHERE username='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
// if there were no records for this user present in the userinfo table
if ($res->numRows() == 0) {
// insert user information table
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
" (id, username, firstname, lastname, email, department, company, workphone, homephone, ".
" mobilephone, address, city, state, zip, notes, changeuserinfo, creationdate, creationby, updatedate, updateby) ".
" VALUES (0,
'".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($firstname)."', '".
$dbSocket->escapeSimple($lastname)."', '".$dbSocket->escapeSimple($email)."', '".
$dbSocket->escapeSimple($department)."', '".$dbSocket->escapeSimple($company)."', '".
$dbSocket->escapeSimple($workphone)."', '".$dbSocket->escapeSimple($homephone)."', '".
$dbSocket->escapeSimple($mobilephone)."', '".$dbSocket->escapeSimple($ui_address)."', '".
$dbSocket->escapeSimple($ui_city)."', '".$dbSocket->escapeSimple($ui_state)."', '".
$dbSocket->escapeSimple($ui_zip)."', '".$dbSocket->escapeSimple($notes)."', '".
$dbSocket->escapeSimple($ui_changeuserinfo).
"', '$currDate', '$currBy', NULL, NULL)";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
} //FIXME:
//if the user already exist in userinfo then we should somehow alert the user
//that this has happened and the administrator/operator will take care of it
}
function addUserBillInfo($dbSocket, $username) {
global $planName;
global $bi_contactperson;
global $bi_company;
global $bi_email;
global $bi_phone;
global $bi_address;
global $bi_city;
global $bi_state;
global $bi_zip;
global $bi_paymentmethod;
global $bi_cash;
global $bi_creditcardname;
global $bi_creditcardnumber;
global $bi_creditcardexp;
global $bi_creditcardverification;
global $bi_creditcardtype;
global $bi_notes;
global $bi_lead;
global $bi_coupon;
global $bi_ordertaker;
global $bi_billstatus;
global $bi_lastbill;
global $bi_nextbill;
global $bi_postalinvoice;
global $bi_faxinvoice;
global $bi_emailinvoice;
global $bi_changeuserbillinfo;
global $logDebugSQL;
global $configValues;
$currDate = date('Y-m-d H:i:s');
$currBy = $_SESSION['operator_user'];
$sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
" WHERE username='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
// if there were no records for this user present in the userbillinfo table
if ($res->numRows() == 0) {
// insert user billing information table
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
" (id, planname, username, contactperson, company, email, phone, ".
" address, city, state, zip, ".
" paymentmethod, cash, creditcardname, creditcardnumber, creditcardverification, creditcardtype, creditcardexp, ".
" notes, changeuserbillinfo, ".
" lead, coupon, ordertaker, billstatus, lastbill, nextbill, postalinvoice, faxinvoice, emailinvoice, ".
" creationdate, creationby, updatedate, updateby) ".
" VALUES (0, '".$dbSocket->escapeSimple($planName)."',
'".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($bi_contactperson)."', '".
$dbSocket->escapeSimple($bi_company)."', '".$dbSocket->escapeSimple($bi_email)."', '".
$dbSocket->escapeSimple($bi_phone)."', '".$dbSocket->escapeSimple($bi_address)."', '".
$dbSocket->escapeSimple($bi_city)."', '".$dbSocket->escapeSimple($bi_state)."', '".
$dbSocket->escapeSimple($bi_zip)."', '".$dbSocket->escapeSimple($bi_paymentmethod)."', '".
$dbSocket->escapeSimple($bi_cash)."', '".$dbSocket->escapeSimple($bi_creditcardname)."', '".
$dbSocket->escapeSimple($bi_creditcardnumber)."', '".$dbSocket->escapeSimple($bi_creditcardverification)."', '".
$dbSocket->escapeSimple($bi_creditcardtype)."', '".$dbSocket->escapeSimple($bi_creditcardexp)."', '".
$dbSocket->escapeSimple($bi_notes)."', '".
$dbSocket->escapeSimple($bi_changeuserbillinfo)."', '".
$dbSocket->escapeSimple($bi_lead)."', '".$dbSocket->escapeSimple($bi_coupon)."', '".
$dbSocket->escapeSimple($bi_ordertaker)."', '".$dbSocket->escapeSimple($bi_billstatus)."', '".
$dbSocket->escapeSimple($bi_lastbill)."', '".$dbSocket->escapeSimple($bi_nextbill)."', '".
$dbSocket->escapeSimple($bi_postalinvoice)."', '".$dbSocket->escapeSimple($bi_faxinvoice)."', '".
$dbSocket->escapeSimple($bi_emailinvoice).
"', '$currDate', '$currBy', NULL, NULL)";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
} //FIXME:
//if the user already exist in userinfo then we should somehow alert the user
//that this has happened and the administrator/operator will take care of it
}
if (isset($_POST["submit"])) {
include 'library/opendb.php';
global $username;
global $password;
global $passwordtype;
$sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_RADCHECK']." WHERE UserName='".
$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
if ($res->numRows() == 0) {
if (trim($username) != "" and trim($password) != "") {
// we need to perform the secure method escapeSimple on $dbPassword early because as seen below
// we manipulate the string and manually add to it the '' which screw up the query if added in $sql
$password = $dbSocket->escapeSimple($password);
switch($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) {
case "cleartext":
$dbPassword = "'$password'";
break;
case "crypt":
$dbPassword = "ENCRYPT('$password')";
break;
case "md5":
$dbPassword = "MD5('$password')";
break;
default:
$dbPassword = "'$password'";
}
// at this stage $dbPassword contains the password string encapsulated by '' and either uses
// a function to encrypt it like ENCRYPT or it doesn't, it's based on the configuration
// but here we provide another stage, for Crypt-Password and MD5-Password it's obvious
// that the password need be encrypted so even if this option is not in the configuration
// we enforce it.
// we first check if the password attribute is to be encrypted at all
if (preg_match("/crypt/i", $passwordtype)) {
// if we don't find the encrypt function even though we identified
// a Crypt-Password attribute
if (!(preg_match("/encrypt/i",$dbPassword))) {
$dbPassword = "ENCRYPT('$password')";
}
// we now perform the same check but for an MD5-Password attribute
} elseif (preg_match("/md5/i", $passwordtype)) {
// if we don't find the md5 function even though we identified
// a MD5-Password attribute
if (!(preg_match("/md5/i",$dbPassword))) {
$dbPassword = "MD5('$password')";
}
}
// insert username/password
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id,Username,Attribute,op,Value) ".
" VALUES (0, '".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($passwordtype).
"', ':=', $dbPassword)";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
addGroups($dbSocket, $username, $profiles);
addPlanProfile($dbSocket, $username, $planName);
addUserInfo($dbSocket, $username);
addUserBillInfo($dbSocket, $username);
$successMsg = "Added to database new user: <b> $username </b>";
$logAction .= "Successfully added new user [$username] on page: ";
} else {
$failureMsg = "username or password are empty";
$logAction .= "Failed adding (possible empty user/pass) new user [$username] on page: ";
}
} else {
$failureMsg = "user already exist in database: <b> $username </b>";
$logAction .= "Failed adding new user already existing in database [$username] on page: ";
}
include 'library/closedb.php';
}
include_once('library/config_read.php');
$log = "visited page: ";
if ($configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] == "yes")
$hiddenPassword = "type=\"password\"";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>daloRADIUS</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/1.css" type="text/css" media="screen,projection" />
</head>
<script src="library/javascript/pages_common.js" type="text/javascript"></script>
<script src="library/javascript/productive_funcs.js" type="text/javascript"></script>
<script type="text/javascript" src="library/javascript/ajax.js"></script>
<script type="text/javascript" src="library/javascript/dynamic_attributes.js"></script>
<script type="text/javascript" src="library/javascript/ajaxGeneric.js"></script>
<?php
include_once ("library/tabber/tab-layout.php");
?>
<?php
include ("menu-bill-pos.php");
?>
<div id="contentnorightbar">
<h2 id="Intro"><a href="#" onclick="javascript:toggleShowDiv('helpPage')"><?php echo $l['Intro']['billposnew.php'] ?>
<h144>+</h144></a></h2>
<div id="helpPage" style="display:none;visibility:visible" >
<?php echo $l['helpPage']['billposnew'] ?>
<br/>
</div>
<?php
include_once('include/management/actionMessages.php');
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="tabber">
<div class="tabbertab" title="<?php echo $l['title']['AccountInfo']; ?>">
<fieldset>
<h302> <?php echo $l['title']['AccountInfo']; ?> </h302>
<ul>
<div id='UserContainer'>
<li class='fieldset'>
<label for='username' class='form'><?php echo $l['all']['Username']?></label>
<input name='username' type='text' id='username' value='' tabindex=100 />
<input type='button' value='Random' class='button' onclick="javascript:randomAlphanumeric('username',8)" />
<img src='images/icons/comment.png' alt='Tip' border='0' onClick="javascript:toggleShowDiv('usernameTooltip')" />
<div id='usernameTooltip' style='display:none;visibility:visible' class='ToolTip'>
<img src='images/icons/comment.png' alt='Tip' border='0' />
<?php echo $l['Tooltip']['usernameTooltip'] ?>
</div>
</li>
<li class='fieldset'>
<label for='password' class='form'><?php echo $l['all']['Password']?></label>
<input name='password' type='text' id='password' value=''
<?php if (isset($hiddenPassword)) echo $hiddenPassword ?> tabindex=101 />
<input type='button' value='Random' class='button' onclick="javascript:randomAlphanumeric('password',8)" />
<img src='images/icons/comment.png' alt='Tip' border='0' onClick="javascript:toggleShowDiv('passwordTooltip')" />
<div id='passwordTooltip' style='display:none;visibility:visible' class='ToolTip'>
<img src='images/icons/comment.png' alt='Tip' border='0' />
<?php echo $l['Tooltip']['passwordTooltip'] ?>
</div>
</li>
</div>
<li class='fieldset'>
<label for='planName' class='form'><?php echo $l['all']['PlanName'] ?></label>
<?php
include 'include/management/populate_selectbox.php';
populate_plans("Select Plan","planName","form");
?>
<img src='images/icons/comment.png' alt='Tip' border='0' onClick="javascript:toggleShowDiv('planNameTooltip')" />
<div id='planNameTooltip' style='display:none;visibility:visible' class='ToolTip'>
<img src='images/icons/comment.png' alt='Tip' border='0' />
<?php echo $l['Tooltip']['planNameTooltip'] ?>
</div>
</li>
<li class='fieldset'>
<label for='profile' class='form'><?php echo $l['all']['Profile']?></label>
<?php
include_once 'include/management/populate_selectbox.php';
populate_groups("Select Profile","profiles[]");
?>
<a class='tablenovisit' href='#'
onClick="javascript:ajaxGeneric('include/management/dynamic_groups.php','getGroups','divContainerProfiles',genericCounter('divCounter')+'&elemName=profiles[]');">Add</a>
<img src='images/icons/comment.png' alt='Tip' border='0' onClick="javascript:toggleShowDiv('groupTooltip')" />
<div id='divContainerProfiles'>
</div>
<div id='groupTooltip' style='display:none;visibility:visible' class='ToolTip'>
<img src='images/icons/comment.png' alt='Tip' border='0' />
<?php echo $l['Tooltip']['groupTooltip'] ?>
</div>
</li>
<li class='fieldset'>
<br/>
<hr><br/>
<input type='submit' name='submit' value='<?php echo $l['buttons']['apply'] ?>' tabindex=10000 class='button' />
</li>
</ul>
</fieldset>
</div>
<div class="tabbertab" title="<?php echo $l['title']['UserInfo']; ?>">
<?php
$customApplyButton = "<input type='submit' name='submit' value=".$l['buttons']['apply']." class='button' />";
include_once('include/management/userinfo.php');
?>
</div>
<div class="tabbertab" title="<?php echo $l['title']['BillingInfo']; ?>">
<?php
$customApplyButton = "<input type='submit' name='submit' value=".$l['buttons']['apply']." class='button' />";
include_once('include/management/userbillinfo.php');
?>
</div>
<div class="tabbertab" title="<?php echo $l['title']['Advanced']; ?>">
<fieldset>
<h302> <?php echo $l['title']['AccountInfo']; ?> </h302>
<ul>
<li class='fieldset'>
<label for='passwordType' class='form'><?php echo $l['all']['PasswordType']?> </label>
<select class='form' tabindex=102 name='passwordType' >
<option value='User-Password'>User-Password</option>
<option value='Cleartext-Password'>Cleartext-Password</option>
<option value='Crypt-Password'>Crypt-Password</option>
<option value='MD5-Password'>MD5-Password</option>
<option value='SHA1-Password'>SHA1-Password</option>
<option value='CHAP-Password'>CHAP-Password</option>
</select>
</li>
<li class='fieldset'>
<br/>
<hr><br/>
<input type='submit' name='submit' value='<?php echo $l['buttons']['apply'] ?>' tabindex=10000 class='button' />
</li>
</ul>
</fieldset>
</div>
</div>
</form>
<?php
include('include/config/logging.php');
?>
</div>
<div id="footer">
<?php
include 'page-footer.php';
?>
</div>
</div>
</div>
</body>
</html>