<?php
/*
*********************************************************************************************************
* daloRADIUS - RADIUS Web Platform
* Copyright (C) 2007 - Liran Tal <hide@address.com> All Rights Reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*********************************************************************************************************
*
* Authors: Liran Tal <hide@address.com>
*
*********************************************************************************************************
*/
include ("library/checklogin.php");
$operator = $_SESSION['operator_user'];
include('library/check_operator_perm.php');
$logAction = "";
$logDebugSQL = ""; // initialize variable
include 'library/opendb.php';
if (isset($_REQUEST['submit'])) {
$currDate = date('Y-m-d H:i:s'); // current date and time to enter as creationdate field
$currBy = $_SESSION['operator_user'];
$username = trim($_REQUEST['username']);
$password = ""; // we initialize the $password variable to contain nothing
isset ($_REQUEST['newgroups']) ? $newgroups = $_REQUEST['newgroups'] : $newgroups = "";
// isset ($_REQUEST['oldgroups']) ? $oldgroups = $_REQUEST['oldgroups'] : $oldgroups = "";
isset ($_REQUEST['groups']) ? $groups = $_REQUEST['groups'] : $groups = "";
isset ($_REQUEST['groups_priority']) ? $groups_priority = $_REQUEST['groups_priority'] : $groups_priority = "";
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
$email = $_REQUEST['email'];
$department = $_REQUEST['department'];
$company = $_REQUEST['company'];
$workphone = $_REQUEST['workphone'];
$homephone = $_REQUEST['homephone'];
$mobilephone = $_REQUEST['mobilephone'];
$address = $_REQUEST['address'];
$city = $_REQUEST['city'];
$state = $_REQUEST['state'];
$zip = $_REQUEST['zip'];
$notes = $_REQUEST['notes'];
isset ($_POST['changeUserInfo']) ? $ui_changeuserinfo = $_POST['changeUserInfo'] : $ui_changeuserinfo = "0";
isset($_POST['bi_contactperson']) ? $bi_contactperson = $_POST['bi_contactperson'] : $bi_contactperson = "";
isset($_POST['bi_planname']) ? $bi_planname = $_POST['bi_planname'] : $bi_planname = "";
isset($_POST['bi_company']) ? $bi_company = $_POST['bi_company'] : $bi_company = "";
isset($_POST['bi_email']) ? $bi_email = $_POST['bi_email'] : $bi_email = "";
isset($_POST['bi_phone']) ? $bi_phone = $_POST['bi_phone'] : $bi_phone = "";
isset($_POST['bi_address']) ? $bi_address = $_POST['bi_address'] : $bi_address = "";
isset($_POST['bi_city']) ? $bi_city = $_POST['bi_city'] : $bi_city = "";
isset($_POST['bi_state']) ? $bi_state = $_POST['bi_state'] : $bi_state = "";
isset($_POST['bi_zip']) ? $bi_zip = $_POST['bi_zip'] : $bi_zip = "";
isset($_POST['bi_paymentmethod']) ? $bi_paymentmethod = $_POST['bi_paymentmethod'] : $bi_paymentmethod = "";
isset($_POST['bi_cash']) ? $bi_cash = $_POST['bi_cash'] : $bi_cash = "";
isset($_POST['bi_creditcardname']) ? $bi_creditcardname = $_POST['bi_creditcardname'] : $bi_creditcardname = "";
isset($_POST['bi_creditcardnumber']) ? $bi_creditcardnumber = $_POST['bi_creditcardnumber'] : $bi_creditcardnumber = "";
isset($_POST['bi_creditcardverification']) ? $bi_creditcardverification = $_POST['bi_creditcardverification'] : $bi_creditcardverification = "";
isset($_POST['bi_creditcardtype']) ? $bi_creditcardtype = $_POST['bi_creditcardtype'] : $bi_creditcardtype = "";
isset($_POST['bi_creditcardexp']) ? $bi_creditcardexp = $_POST['bi_creditcardexp'] : $bi_creditcardexp = "";
isset($_POST['bi_notes']) ? $bi_notes = $_POST['bi_notes'] : $bi_notes = "";
isset($_POST['bi_lead']) ? $bi_lead = $_POST['bi_lead'] : $bi_lead = "";
isset($_POST['bi_coupon']) ? $bi_coupon = $_POST['bi_coupon'] : $bi_coupon = "";
isset($_POST['bi_ordertaker']) ? $bi_ordertaker = $_POST['bi_ordertaker'] : $bi_ordertaker = "";
isset($_POST['bi_billstatus']) ? $bi_billstatus = $_POST['bi_billstatus'] : $bi_billstatus = "";
isset($_POST['bi_lastbill']) ? $bi_lastbill = $_POST['bi_lastbill'] : $bi_lastbill = "";
isset($_POST['bi_nextbill']) ? $bi_nextbill = $_POST['bi_nextbill'] : $bi_nextbill = "";
isset($_POST['bi_postalinvoice']) ? $bi_postalinvoice = $_POST['bi_postalinvoice'] : $bi_postalinvoice = "";
isset($_POST['bi_faxinvoice']) ? $bi_faxinvoice = $_POST['bi_faxinvoice'] : $bi_faxinvoice = "";
isset($_POST['bi_emailinvoice']) ? $bi_emailinvoice = $_POST['bi_emailinvoice'] : $bi_emailinvoice = "";
isset($_POST['changeUserBillInfo']) ? $bi_changeuserbillinfo = $_POST['changeUserBillInfo'] : $bi_changeuserbillinfo = "0";
isset($_POST['passwordOrig']) ? $passwordOrig = $_POST['passwordOrig'] : $passwordOrig = "";
if (trim($username) != "") {
/* perform user info table instructions */
$sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
" WHERE username='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
// if there were no records for this user present in the userinfo table
if ($res->numRows() == 0) {
// we add these records to the userinfo table
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
" (id, username, firstname, lastname, email, department, company, workphone, homephone, mobilephone,".
" address, city, state, zip, ".
" notes, changeuserinfo, creationdate, creationby, updatedate, updateby) ".
" VALUES (0, '".$dbSocket->escapeSimple($username)."', '".
$dbSocket->escapeSimple($firstname)."', '".$dbSocket->escapeSimple($lastname)."', '".
$dbSocket->escapeSimple($email)."','".$dbSocket->escapeSimple($department)."', '".
$dbSocket->escapeSimple($company)."', '".$dbSocket->escapeSimple($workphone)."','".
$dbSocket->escapeSimple($homephone)."', '".$dbSocket->escapeSimple($mobilephone)."', '".
$dbSocket->escapeSimple($address)."', '".$dbSocket->escapeSimple($city)."', '".
$dbSocket->escapeSimple($state)."', '".$dbSocket->escapeSimple($zip)."', '".
$dbSocket->escapeSimple($notes)."', '".$dbSocket->escapeSimple($ui_changeuserinfo)."', ".
"'$currDate', '$currBy', NULL, NULL)";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
} else {
// update user information table
$sql = "UPDATE ".$configValues['CONFIG_DB_TBL_DALOUSERINFO']." SET firstname='".
$dbSocket->escapeSimple($firstname).
"', lastname='".$dbSocket->escapeSimple($lastname).
"', email='".$dbSocket->escapeSimple($email).
"', department='".$dbSocket->escapeSimple($department).
"', company='".$dbSocket->escapeSimple($company).
"', workphone='".$dbSocket->escapeSimple($workphone).
"', homephone='".$dbSocket->escapeSimple($homephone).
"', mobilephone='".$dbSocket->escapeSimple($mobilephone).
"', address='".$dbSocket->escapeSimple($address).
"', city='".$dbSocket->escapeSimple($city).
"', state='".$dbSocket->escapeSimple($state).
"', zip='".$dbSocket->escapeSimple($zip).
"', notes='".$dbSocket->escapeSimple($notes).
"', changeuserinfo='".$dbSocket->escapeSimple($ui_changeuserinfo).
"', updatedate='$currDate', updateby='$currBy' ".
" WHERE username='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
/* perform user billing info table instructions */
$sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
" WHERE username='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
// if there were no records for this user present in the userbillinfo table
if ($res->numRows() == 0) {
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
" (id, username, contactperson, company, email, phone, ".
" address, city, state, zip, ".
" paymentmethod, cash, creditcardname, creditcardnumber, creditcardverification, creditcardtype, creditcardexp, ".
" notes, changeuserbillinfo, ".
" lead, coupon, ordertaker, billstatus, lastbill, nextbill, postalinvoice, faxinvoice, emailinvoice, ".
" creationdate, creationby, updatedate, updateby) ".
" VALUES (0,
'".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($bi_contactperson)."', '".
$dbSocket->escapeSimple($bi_company)."', '".$dbSocket->escapeSimple($bi_email)."', '".
$dbSocket->escapeSimple($bi_phone)."', '".$dbSocket->escapeSimple($bi_address)."', '".
$dbSocket->escapeSimple($bi_city)."', '".$dbSocket->escapeSimple($bi_state)."', '".
$dbSocket->escapeSimple($bi_zip)."', '".$dbSocket->escapeSimple($bi_paymentmethod)."', '".
$dbSocket->escapeSimple($bi_cash)."', '".$dbSocket->escapeSimple($bi_creditcardname)."', '".
$dbSocket->escapeSimple($bi_creditcardnumber)."', '".$dbSocket->escapeSimple($bi_creditcardverification)."', '".
$dbSocket->escapeSimple($bi_creditcardtype)."', '".$dbSocket->escapeSimple($bi_creditcardexp)."', '".
$dbSocket->escapeSimple($bi_notes)."', '".
$dbSocket->escapeSimple($bi_changeuserbillinfo)."', '".
$dbSocket->escapeSimple($bi_lead)."', '".$dbSocket->escapeSimple($bi_coupon)."', '".
$dbSocket->escapeSimple($bi_ordertaker)."', '".$dbSocket->escapeSimple($bi_billstatus)."', '".
$dbSocket->escapeSimple($bi_lastbill)."', '".$dbSocket->escapeSimple($bi_nextbill)."', '".
$dbSocket->escapeSimple($bi_postalinvoice)."', '".$dbSocket->escapeSimple($bi_faxinvoice)."', '".
$dbSocket->escapeSimple($bi_emailinvoice).
"', '$currDate', '$currBy', NULL, NULL)";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
} else {
// update user information table
$sql = "UPDATE ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']." SET contactperson='".
$dbSocket->escapeSimple($bi_contactperson).
"', company='".$dbSocket->escapeSimple($bi_company).
"', email='".$dbSocket->escapeSimple($bi_email).
"', phone='".$dbSocket->escapeSimple($bi_phone).
"', paymentmethod='".$dbSocket->escapeSimple($bi_paymentmethod).
"', cash='".$dbSocket->escapeSimple($bi_cash).
"', creditcardname='".$dbSocket->escapeSimple($bi_creditcardname).
"', creditcardnumber='".$dbSocket->escapeSimple($bi_creditcardnumber).
"', creditcardverification='".$dbSocket->escapeSimple($bi_creditcardverification).
"', creditcardtype='".$dbSocket->escapeSimple($bi_creditcardtype).
"', creditcardexp='".$dbSocket->escapeSimple($bi_creditcardexp).
"', address='".$dbSocket->escapeSimple($bi_address).
"', city='".$dbSocket->escapeSimple($bi_city).
"', state='".$dbSocket->escapeSimple($bi_state).
"', zip='".$dbSocket->escapeSimple($bi_zip).
"', notes='".$dbSocket->escapeSimple($bi_notes).
"', changeuserbillinfo='".$dbSocket->escapeSimple($bi_changeuserbillinfo).
"', lead='".$dbSocket->escapeSimple($bi_lead).
"', coupon='".$dbSocket->escapeSimple($bi_coupon).
"', ordertaker='".$dbSocket->escapeSimple($bi_ordertaker).
"', billstatus='".$dbSocket->escapeSimple($bi_billstatus).
/*
"', lastbill='".$dbSocket->escapeSimple($bi_lastbill).
"', nextbill='".$dbSocket->escapeSimple($bi_nextbill).
*/
"', postalinvoice='".$dbSocket->escapeSimple($bi_postalinvoice).
"', faxinvoice='".$dbSocket->escapeSimple($bi_faxinvoice).
"', emailinvoice='".$dbSocket->escapeSimple($bi_emailinvoice).
"', updatedate='$currDate', updateby='$currBy' ".
" WHERE username='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
// update usergroup mapping (existing)
if ($groups) {
$sql = "DELETE FROM ". $configValues['CONFIG_DB_TBL_RADUSERGROUP'] ." WHERE UserName='".
$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
$grpcnt = 0; // group counter
foreach ($groups as $group) {
// $oldgroup = $oldgroups[$grpcnt];
if (!($groups_priority[$grpcnt]))
$group_priority = 0;
else
$group_priority = $groups_priority[$grpcnt];
/*
if (trim($group) != "") { // if the group was marked as an empty option, then it means we need to remove it
$sql = "DELETE FROM ". $configValues['CONFIG_DB_TBL_RADUSERGROUP'] ." WHERE UserName='".
$dbSocket->escapeSimple($username)."' AND GroupName='".$dbSocket->escapeSimple($oldgroup)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
} else {
*/
if (trim($group) != "") {
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADUSERGROUP']." (UserName,GroupName,priority) ".
" VALUES ('".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($group)."', ".
$dbSocket->escapeSimple($group_priority).")";
$res = $dbSocket->query($sql);
}
/*
$sql = "UPDATE ". $configValues['CONFIG_DB_TBL_RADUSERGROUP'] ." SET UserName='".
$dbSocket->escapeSimple($username)."', GroupName='".$dbSocket->escapeSimple($group)."', priority=".
$dbSocket->escapeSimple($group_priority)." WHERE UserName='".$dbSocket->escapeSimple($username).
"' AND GroupName='".$dbSocket->escapeSimple($oldgroup)."';";
$res = $dbSocket->query($sql);
*/
$logDebugSQL .= $sql . "\n";
// }
$grpcnt++; // we increment group index count so we can access the group priority array
}
}
// insert usergroup mapping (new groups)
if (isset($newgroups)) {
foreach ($newgroups as $newgroup) {
if (trim($newgroup) != "") {
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADUSERGROUP']." (UserName,GroupName,priority) ".
" VALUES ('".$dbSocket->escapeSimple($username)."', '".$dbSocket->escapeSimple($newgroup)."',0) ";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
}
}
foreach( $_POST as $element=>$field ) {
// switch case to rise the flag for several $attribute which we do not
// wish to process (ie: do any sql related stuff in the db)
switch ($element) {
case "username":
case "submit":
case "oldgroups":
case "groups":
case "groups_priority":
case "firstname":
case "lastname":
case "email":
case "department":
case "company":
case "workphone":
case "homephone":
case "mobilephone":
case "address":
case "city":
case "state":
case "zip":
case "notes":
case "changeUserInfo":
case "bi_contactperson":
case "bi_company":
case "bi_email":
case "bi_phone":
case "bi_address":
case "bi_city":
case "bi_state":
case "bi_zip":
case "bi_paymentmethod":
case "bi_cash":
case "bi_creditcardname":
case "bi_creditcardnumber":
case "bi_creditcardverification":
case "bi_creditcardtype":
case "bi_creditcardexp":
case "bi_notes":
case "changeUserBillInfo":
case "bi_lead":
case "bi_coupon":
case "bi_ordertaker":
case "bi_billstatus":
case "bi_lastbill":
case "bi_nextbill":
case "bi_postalinvoice":
case "bi_faxinvoice":
case "bi_emailinvoice":
case "passwordOrig":
case "newgroups":
$skipLoopFlag = 1; // if any of the cases above has been met we set a flag
// to skip the loop (continue) without entering it as
// we do not want to process this $attribute in the following
// code block
break;
}
if ($skipLoopFlag == 1) {
$skipLoopFlag = 0; // resetting the loop flag
continue;
}
if (isset($field[0])) {
if (preg_match('/__/', $field[0]))
list($columnId, $attribute) = split("__", $field[0]);
else {
$columnId = 0; // we need to set a non-existent column id so that the attribute would
// not match in the database (as it is added from the Attributes tab)
// and the if/else check will result in an INSERT instead of an UPDATE for the
// the last attribute
$attribute = $field[0];
}
}
if (isset($field[1]))
$value = $field[1];
if (isset($field[2]))
$op = $field[2];
if (isset($field[3]))
$table = $field[3];
if ($table == 'check')
$table = $configValues['CONFIG_DB_TBL_RADCHECK'];
if ($table == 'reply')
$table = $configValues['CONFIG_DB_TBL_RADREPLY'];
if ( (!($value)) || (!($attribute)) )
continue;
$counter = 0;
// because the $value[0] which is the attribute value is later manually appended the '' so that
// password policies are enforced by the php server we need to perform the secure method escapeSimple()
// at an early point in the script.
$value = $dbSocket->escapeSimple($value);
// we set the $password variable to the attribute value only if that attribute is actually a password attribute indeed
// and this has to be done because we're looping on all attributes that were submitted with the form
switch($attribute) {
case "User-Password":
case "CHAP-Password":
case "Cleartext-Password":
case "Crypt-Password":
case "MD5-Password":
case "SHA1-Password":
$value = "'$value'";
$passwordAttribute = 1; // if this is a password
break; // attribute then we tag it
// as true
default:
$value = "'$value'";
$passwordAttribute = 0;
}
// first we check that the config option is actually set and available in the config file
if ( (isset($configValues['CONFIG_DB_PASSWORD_ENCRYPTION'])) and ($passwordAttribute == 1) ) {
// if so we need to use different function for each encryption type and so we force it here
$passwordOrig = "'$passwordOrig'";
switch($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) {
case "cleartext":
if ( ($value != $passwordOrig) )
$value = "$value";
break;
case "crypt":
if ( ($value != $passwordOrig) )
$value = "ENCRYPT($value)";
break;
case "md5":
if ( ($value != $passwordOrig) )
$value = "MD5($value)";
break;
}
}
/* we can't simply UPDATE because it might be that the attribute
doesn't exist at all and we need to insert it.
for this reason we need to check if it exists or not, if exists we update, if not we insert
*/
$sql = "SELECT Attribute FROM $table WHERE UserName='".$dbSocket->escapeSimple($username).
"' AND Attribute='".$dbSocket->escapeSimple($attribute)."' AND id=".$dbSocket->escapeSimple($columnId);
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
if ($res->numRows() == 0) {
/* if the returned rows equal 0 meaning this attribute is not found and we need to add it */
$sql = "INSERT INTO $table (id,Username,Attribute,op,Value) ".
" VALUES (0,'".$dbSocket->escapeSimple($username)."', '".
$dbSocket->escapeSimple($attribute)."', '".$dbSocket->escapeSimple($op).
"', $value)";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
} else {
/* we update the $value[0] entry which is the attribute's value */
$sql = "UPDATE $table SET Value=$value WHERE UserName='".
$dbSocket->escapeSimple($username)."' AND Attribute='".
$dbSocket->escapeSimple($attribute)."' AND id=".$dbSocket->escapeSimple($columnId);
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
/* then we update $value[1] which is the attribute's operator */
$sql = "UPDATE $table SET Op='".$dbSocket->escapeSimple($op).
"' WHERE UserName='".$dbSocket->escapeSimple($username).
"' AND Attribute='".$dbSocket->escapeSimple($attribute).
"' AND id=".$dbSocket->escapeSimple($columnId);
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
$counter++;
$password = ""; // we MUST reset the $password variable to nothing so that it's not kepy in the loop and will repeat itself as the value to set
} //foreach $_POST
$successMsg = "Updated attributes for: <b> $username </b>";
$logAction .= "Successfully updates attributes for user [$username] on page: ";
} else { // if username != ""
$failureMsg = "no user was entered, please specify a username to edit";
$logAction .= "Failed updating attributes for user [$username] on page: ";
}
} // if isset post submit
if (isset($_REQUEST['username']))
$username = trim($_REQUEST['username']);
else
$username = "";
if (trim($username) != "") {
$username = trim($_REQUEST['username']);
} else {
$failureMsg = "no user was entered, please specify a username to edit";
}
$edit_username = $username; //feed the sidebar variables
/* an sql query to retrieve the password for the username to use in the quick link for the user test connectivity
*/
$sql = "SELECT Value FROM ".$configValues['CONFIG_DB_TBL_RADCHECK']." WHERE UserName='".
$dbSocket->escapeSimple($username)."' AND Attribute like '%Password'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
$row = $res->fetchRow();
$user_password = $row[0];
/* fill-in all the user info details */
$sql = "SELECT firstname, lastname, email, department, company, workphone, homephone, mobilephone, address, city, state, zip, notes, ".
" changeuserinfo, creationdate, creationby, updatedate, updateby FROM ".
$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
" WHERE UserName='".
$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
$row = $res->fetchRow();
$ui_firstname = $row[0];
$ui_lastname = $row[1];
$ui_email = $row[2];
$ui_department = $row[3];
$ui_company = $row[4];
$ui_workphone = $row[5];
$ui_homephone = $row[6];
$ui_mobilephone = $row[7];
$ui_address = $row[8];
$ui_city = $row[9];
$ui_state = $row[10];
$ui_zip = $row[11];
$ui_notes = $row[12];
$ui_changeuserinfo = $row[13];
$ui_creationdate = $row[14];
$ui_creationby = $row[15];
$ui_updatedate = $row[16];
$ui_updateby = $row[17];
/* fill-in all the user bill info details */
$sql = "SELECT ".
" planName, contactperson, company, email, phone, ".
" address, city, state, zip, ".
" paymentmethod, cash, creditcardname, creditcardnumber, creditcardverification, creditcardtype, creditcardexp, ".
" notes, changeuserbillinfo, ".
" lead, coupon, ordertaker, billstatus, lastbill, nextbill, postalinvoice, faxinvoice, emailinvoice, ".
" creationdate, creationby, updatedate, updateby FROM ".
$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'].
" WHERE UserName='".
$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
$row = $res->fetchRow(DB_FETCHMODE_ASSOC);
$bi_contactperson = $row['contactperson'];
$bi_planname = $row['planName'];
$bi_company = $row['company'];
$bi_email = $row['email'];
$bi_phone = $row['phone'];
$bi_address = $row['address'];
$bi_city = $row['city'];
$bi_state = $row['state'];
$bi_zip = $row['zip'];
$bi_paymentmethod = $row['paymentmethod'];
$bi_cash = $row['cash'];
$bi_creditcardname = $row['creditcardname'];
$bi_creditcardnumber = $row['creditcardnumber'];
$bi_creditcardverification = $row['creditcardverification'];
$bi_creditcardtype = $row['creditcardtype'];
$bi_creditcardexp = $row['creditcardexp'];
$bi_notes = $row['notes'];
$bi_lead = $row['lead'];
$bi_coupon = $row['coupon'];
$bi_ordertaker = $row['ordertaker'];
$bi_billstatus = $row['billstatus'];
$bi_lastbill = $row['lastbill'];
$bi_nextbill = $row['nextbill'];
$bi_postalinvoice = $row['postalinvoice'];
$bi_faxinvoice = $row['faxinvoice'];
$bi_emailinvoice = $row['emailinvoice'];
$bi_changeuserbillinfo = $row['changeuserbillinfo'];
$ui_creationdate = $row['creationdate'];
$ui_creationby = $row['creationby'];
$ui_updatedate = $row['updatedate'];
$ui_updateby = $row['updateby'];
include 'library/closedb.php';
include_once('library/config_read.php');
$log = "visited page: ";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>daloRADIUS</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/1.css" type="text/css" media="screen,projection" />
<link rel="stylesheet" href="css/auto-complete.css" media="screen" type="text/css">
<link rel="stylesheet" type="text/css" href="library/js_date/datechooser.css">
<!--[if lte IE 6.5]>
<link rel="stylesheet" type="text/css" href="library/js_date/select-free.css"/>
<![endif]-->
</head>
<script src="library/js_date/date-functions.js" type="text/javascript"></script>
<script src="library/js_date/datechooser.js" type="text/javascript"></script>
<script src="library/javascript/pages_common.js" type="text/javascript"></script>
<script type="text/javascript" src="library/javascript/ajax.js"></script>
<script type="text/javascript" src="library/javascript/dynamic_attributes.js"></script>
<script type="text/javascript" src="library/javascript/ajaxGeneric.js"></script>
<?php
include_once ("library/tabber/tab-layout.php");
?>
<?php
include ("menu-mng-users.php");
?>
<div id="contentnorightbar">
<h2 id="Intro"><a href="#" onclick="javascript:toggleShowDiv('helpPage')"><?php echo $l['Intro']['mngedit.php'] ?>
:: <?php if (isset($username)) { echo $username; } ?><h144>+</h144></a></h2>
<div id="helpPage" style="display:none;visibility:visible" >
<?php echo $l['helpPage']['mngedit'] ?>
<br/>
</div>
<?php
include_once('include/management/actionMessages.php');
?>
<?php
include_once('include/management/userOperations.php');
checkDisabled($username);
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" value="<?php echo $username ?>" name="username" />
<div class="tabber">
<div class="tabbertab" title="<?php echo $l['title']['RADIUSCheck']; ?>">
<fieldset>
<h302> <?php echo $l['title']['RADIUSCheck']; ?> </h302>
<br/>
<ul>
<?php
include 'library/opendb.php';
include_once('include/management/pages_common.php');
include_once('include/management/populate_selectbox.php');
$editCounter = 0;
$sql = "SELECT ".$configValues['CONFIG_DB_TBL_RADCHECK'].".Attribute, ".
$configValues['CONFIG_DB_TBL_RADCHECK'].".op, ".$configValues['CONFIG_DB_TBL_RADCHECK'].".Value, ".
$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".Type, ".
$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".RecommendedTooltip, ".
$configValues['CONFIG_DB_TBL_RADCHECK'].".id ".
" FROM ".
$configValues['CONFIG_DB_TBL_RADCHECK']." LEFT JOIN ".$configValues['CONFIG_DB_TBL_DALODICTIONARY'].
" ON ".$configValues['CONFIG_DB_TBL_RADCHECK'].".Attribute=".
$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".attribute ".
" AND ".$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".Value IS NULL ".
" WHERE ".
$configValues['CONFIG_DB_TBL_RADCHECK'].".UserName='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
if ($numrows = $res->numRows() == 0) {
echo "<center>";
echo $l['messages']['noCheckAttributesForUser'];
echo "</center>";
}
while($row = $res->fetchRow()) {
echo "<label class='attributes'>";
echo "<a class='tablenovisit' href='mng-del.php?username=$username&attribute=$row[5]__$row[0]&tablename=radcheck'>
<img src='images/icons/delete.png' border=0 alt='Remove' /> </a>";
echo "</label>";
echo "<label for='attribute' class='attributes'> $row[0]</label>";
echo "<input type='hidden' name='editValues".$editCounter."[]' value='$row[5]__$row[0]' />";
if (preg_match("/.*-Password/", $row[0])) {
if ($configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] == "yes") {
echo "<input type='password' value='$row[2]' name='editValues".$editCounter."[]' style='width: 115px' />";
echo "<input type='hidden' value='$row[2]' name='passwordOrig' />";
} else {
echo "<input type='text' value='$row[2]' name='editValues".$editCounter."[]' style='width: 115px' />";
echo "<input type='hidden' value='$row[2]' name='passwordOrig' />";
}
} else {
echo "<input value='$row[2]' name='editValues".$editCounter."[]' style='width: 115px' />";
}
echo " ";
echo "<select name='editValues".$editCounter."[]' style='width: 45px' class='form'>";
echo "<option value='$row[1]'>$row[1]</option>";
drawOptions();
echo "</select>";
echo "<input type='hidden' name='editValues".$editCounter."[]' value='radcheck' style='width: 90px'>";
$editCounter++; // we increment the counter for the html elements of the edit attributes
if (!$row[3])
$row[3] = "unavailable";
if (!$row[4])
$row[4] = "unavailable";
printq("
<img src='images/icons/comment.png' alt='Tip' border='0' onClick=\"javascript:toggleShowDiv('$row[0]Tooltip')\" />
<br/>
<div id='$row[0]Tooltip' style='display:none;visibility:visible' class='ToolTip2'>
<i><b>Type:</b> $row[3]</i><br/>
<i><b>Tooltip Description:</b> $row[4]</i><br/>
<br/>
</div>
");
}
?>
<br/><br/>
<hr><br/>
<?php
include 'include/management/buttons.php';
?>
<br/>
<input type='submit' name='submit' value='<?php echo $l['buttons']['apply']?>' class='button' />
<br/>
</ul>
</fieldset>
</div>
<div class='tabbertab' title='<?php echo $l['title']['RADIUSReply']?>' >
<fieldset>
<h302> <?php echo $l['title']['RADIUSReply']; ?> </h302>
<br/>
<ul>
<?php
$sql = "SELECT ".$configValues['CONFIG_DB_TBL_RADREPLY'].".Attribute, ".
$configValues['CONFIG_DB_TBL_RADREPLY'].".op, ".$configValues['CONFIG_DB_TBL_RADREPLY'].".Value, ".
$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".Type, ".
$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".RecommendedTooltip, ".
$configValues['CONFIG_DB_TBL_RADREPLY'].".id ".
" FROM ".
$configValues['CONFIG_DB_TBL_RADREPLY']." LEFT JOIN ".$configValues['CONFIG_DB_TBL_DALODICTIONARY'].
" ON ".$configValues['CONFIG_DB_TBL_RADREPLY'].".Attribute=".
$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".attribute ".
" AND ".$configValues['CONFIG_DB_TBL_DALODICTIONARY'].".Value IS NULL ".
" WHERE ".
$configValues['CONFIG_DB_TBL_RADREPLY'].".UserName='".$dbSocket->escapeSimple($username)."'";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
if ($numrows = $res->numRows() == 0) {
echo "<center>";
echo $l['messages']['noReplyAttributesForUser'];
echo "</center>";
}
while($row = $res->fetchRow()) {
echo "<label class='attributes'>";
echo "<a class='tablenovisit' href='mng-del.php?username=$username&attribute=$row[5]__$row[0]&tablename=radreply'>
<img src='images/icons/delete.png' border=0 alt='Remove' /> </a>";
echo "</label>";
echo "<label for='attribute' class='attributes'> $row[0]</label>";
echo "<input type='hidden' name='editValues".$editCounter."[]' value='$row[5]__$row[0]' />";
if ( ($configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] == "yes") and (preg_match("/.*-Password/", $row[0])) ) {
echo "<input type='password' value='$row[2]' name='editValues".$editCounter."[]' style='width: 115px' />";
echo " ";
echo "<select name='editValues".$editCounter."[]' style='width: 45px' class='form'>";
echo "<option value='$row[1]'>$row[1]</option>";
drawOptions();
echo "</select>";
} else {
echo "<input value='$row[2]' name='editValues".$editCounter."[]' style='width: 115px' />";
echo " ";
echo "<select name='editValues".$editCounter."[]' style='width: 45px' class='form'>";
echo "<option value='$row[1]'>$row[1]</option>";
drawOptions();
echo "</select>";
}
echo "<input type='hidden' name='editValues".$editCounter."[]' value='radreply' style='width: 90px'>";
$editCounter++; // we increment the counter for the html elements of the edit attributes
if (!$row[3])
$row[3] = "unavailable";
if (!$row[4])
$row[4] = "unavailable";
printq("
<img src='images/icons/comment.png' alt='Tip' border='0' onClick=\"javascript:toggleShowDiv('$row[0]Tooltip')\" />
<br/>
<div id='$row[0]Tooltip' style='display:none;visibility:visible' class='ToolTip2'>
<i><b>Type:</b> $row[3]</i><br/>
<i><b>Tooltip Description:</b> $row[4]</i><br/>
<br/>
</div>
");
}
?>
<br/><br/>
<hr><br/>
<?php
include 'include/management/buttons.php';
?>
<br/>
<input type='submit' name='submit' value='<?php echo $l['buttons']['apply']?>' class='button' />
<br/>
</ul>
</fieldset>
</div>
<?php
include 'library/closedb.php';
?>
<div class="tabbertab" title="<?php echo $l['title']['UserInfo']; ?>">
<?php
$customApplyButton = "<input type='submit' name='submit' value=".$l['buttons']['apply']." class='button' />";
include_once('include/management/userinfo.php');
?>
</div>
<div class="tabbertab" title="<?php echo $l['title']['BillingInfo']; ?>">
<?php
$customApplyButton = "<input type='submit' name='submit' value=".$l['buttons']['apply']." class='button' />";
include_once('include/management/userbillinfo.php');
?>
</div>
<div class="tabbertab" title="<?php echo $l['title']['Attributes']; ?>">
<?php
include_once('include/management/attributes.php');
?>
</div>
<div class="tabbertab" title="<?php echo $l['title']['Groups']; ?>">
<?php
include 'library/opendb.php';
include_once('include/management/groups.php');
include 'library/closedb.php';
?>
</ul>
<br/>
<h301> Assign New Groups </h301>
<br/>
<ul>
<li class='fieldset'>
<li class='fieldset'>
<label for='group' class='form'><?php echo $l['all']['Group']?></label>
<?php
include_once 'include/management/populate_selectbox.php';
populate_groups("Select Groups","newgroups[]");
?>
<a class='tablenovisit' href='#'
onClick="javascript:ajaxGeneric('include/management/dynamic_groups.php','getGroups','divContainerGroups',genericCounter('divCounter')+'&elemName=newgroups[]');">Add</a>
<img src='images/icons/comment.png' alt='Tip' border='0' onClick="javascript:toggleShowDiv('group')" />
<div id='divContainerGroups'>
</div>
<div id='groupTooltip' style='display:none;visibility:visible' class='ToolTip'>
<img src='images/icons/comment.png' alt='Tip' border='0' />
<?php echo $l['Tooltip']['groupTooltip'] ?>
</div>
</li>
<br/><br/>
<br/>
<hr><br/>
<input type='submit' name='submit' value='<?php echo $l['buttons']['apply'] ?>' class='button' />
</li>
</ul>
</fieldset>
<br/>
</div>
</div>
</form>
<?php
include_once('include/management/userReports.php');
userSubscriptionAnalysis($username, 1); // userSubscriptionAnalysis with argument set to 1 for drawing the table
userConnectionStatus($username, 1); // userConnectionStatus (same as above)
?>
<?php
include('include/config/logging.php');
?>
</div>
<div id="footer">
<?php
include 'page-footer.php';
?>
</div>
</div>
</div>
</body>
</html>