From 4d7acf83795a57a89150d27d21ac86dcb4c33804 Mon Sep 17 00:00:00 2001 From: Sam Moore Date: Sun, 20 Oct 2013 21:35:12 +0800 Subject: [PATCH] Begin modifying UserCake Create admin upload page for uploading / purging users. Incomplete. Note that this page needs to be secured somehow. Realised that we probably need to add the UserCake install scripts as well, so we can customise the database and other things when it is installed. Modified something in the server too apparently. I love it when I forget what I actually did... --- server/login.c | 11 +- server/parameters | 4 +- .../public_html/users/admin_upload_users.php | 111 +++++++++++++++++- .../public_html/users/models/config.php | 2 +- .../public_html/users/models/db-settings.php | 4 +- .../public_html/users/models/funcs.php | 10 ++ 6 files changed, 130 insertions(+), 12 deletions(-) diff --git a/server/login.c b/server/login.c index ecc0811..8ca2cab 100644 --- a/server/login.c +++ b/server/login.c @@ -110,7 +110,12 @@ UserType Login_MySQL(const char * user, const char * pass, Log(LOGERR, "No user matching %s", user); } - + //TODO: Handle administrator users somehow better than this + // UserCake stores the permission level in a seperate table to the username/password, which is annoying + if (user_type != USER_UNAUTH && strcmp(user, "admin") == 0) + { + user_type = USER_ADMIN; + } mysql_free_result(result); mysql_close(con); return user_type; @@ -368,7 +373,7 @@ void Login_Handler(FCGIContext * context, char * params) { //WARNING: C string manipulation code approaching! // Non reentrent; uses strsep and modifies g_options.auth_options - // If problems happen, try strdup ... + // If problems happen, try strdup first ... static char * db_opts[] = {"root", "", "users", "uc_users"}; static bool db_init_opts = false; if (!db_init_opts) @@ -387,7 +392,7 @@ void Login_Handler(FCGIContext * context, char * params) break; } } - Log(LOGDEBUG, "MySQL: user %s pass %s name %s table %s", db_opts[0], db_opts[1], db_opts[2], db_opts[3]); + //Log(LOGDEBUG, "MySQL: user %s pass %s name %s table %s", db_opts[0], db_opts[1], db_opts[2], db_opts[3]); } user_type = Login_MySQL(user, pass, g_options.auth_uri, db_opts[0],db_opts[1], db_opts[2], db_opts[3]); diff --git a/server/parameters b/server/parameters index 99b3f7e..5fdc595 100644 --- a/server/parameters +++ b/server/parameters @@ -23,9 +23,9 @@ pin_test="0" # Set to the URI to use authentication #auth_uri="ldap://192.168.1.1#ou=People,dc=daedalus" #auth_uri="ldaps://ldap.pheme.uwa.edu.au#ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA -auth_uri="/etc/shadow" +#auth_uri="/etc/shadow" #auth_uri="shadow" -#auth_uri="mysql://localhost#root,$(cat mysql_password)" +auth_uri="mysql://localhost#root,$(cat mysql_password)" ## OPTIONS TO BE PASSED TO SERVER; DO NOT EDIT diff --git a/testing/MCTXWeb/public_html/users/admin_upload_users.php b/testing/MCTXWeb/public_html/users/admin_upload_users.php index d068f71..53c71ce 100644 --- a/testing/MCTXWeb/public_html/users/admin_upload_users.php +++ b/testing/MCTXWeb/public_html/users/admin_upload_users.php @@ -1,24 +1,125 @@ Uploaded!

"; + + $current_users = fetchAllUsers(); + + // Check form action + if ($_POST['action'] === "Download") // Download list of users and populate the text area + { + + foreach ($current_users as $u) + { + if ($u['user_name'] !== "admin") + $text_area=$text_area."\n".$u['user_name'].",".$u['display_name'].",".$u['email']; + } + } + else if ($_POST['action'] === "Upload") // Upload users in the text area + { + + $text_area = $_POST['userUpload']; + + + // Iterate through each row + $all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']); + + + + + foreach ($all_rows as $row) + { + if (empty($row) or $row[0] === '#') + continue; + + $errors = array(); + + $fields = preg_split("/,/", $row); + + $user_name = trim($fields[0]); + $display_name = trim($fields[1]); + $email = trim($fields[2]); + // generate the temporary password + $password = generatePassword(); + + + if(count($errors) == 0) + { + //Construct a user object + $user = new User($username,$displayname,$password,$email); + + //Checking this flag tells us whether there were any errors such as possible data duplication occured + if(!$user->status) + { + if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username)); + if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname)); + if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email)); + } + else + { + //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required) + if(!$user->userCakeAddUser()) + { + if($user->mail_failure) $errors[] = lang("MAIL_ERROR"); + if($user->sql_failure) $errors[] = lang("SQL_ERROR"); + } + } + } + if(count($errors) == 0) + { + $successes[] = $user->success; + } + + echo resultBlock($errors,$successes); + } + + + + + + } + + } -else + +if ($show_form) { + /* I can't get fucking file uploads to fucking work with fucking nginx echo "

Please provide a CSV file of usernames and email addresses.

+

Click here for an example file.

Upload
-
- + +
"; + */ + echo " + +
+

Action to take on adding users:

+

Keep existing users and add these users

+

Purge existing users and add these users

+ + + +

Enter or copy/paste user information below (resize the text area if necessary):

+

+

+ +
"; } ?> diff --git a/testing/MCTXWeb/public_html/users/models/config.php b/testing/MCTXWeb/public_html/users/models/config.php index 6f2f3f2..2f7c635 100644 --- a/testing/MCTXWeb/public_html/users/models/config.php +++ b/testing/MCTXWeb/public_html/users/models/config.php @@ -20,7 +20,7 @@ $stmt->close(); $emailActivation = $settings['activation']['value']; $mail_templates_dir = "models/mail-templates/"; $websiteName = $settings['website_name']['value']; -$websiteUrl = $settings['website_url']['value']; +$websiteUrl = $settings['website_url']['value']."/users"; $emailAddress = $settings['email']['value']; $resend_activation_threshold = $settings['resend_activation_threshold']['value']; $emailDate = date('dmy'); diff --git a/testing/MCTXWeb/public_html/users/models/db-settings.php b/testing/MCTXWeb/public_html/users/models/db-settings.php index 0df3b94..6d16d17 100644 --- a/testing/MCTXWeb/public_html/users/models/db-settings.php +++ b/testing/MCTXWeb/public_html/users/models/db-settings.php @@ -8,9 +8,11 @@ http://usercake.com $db_host = "localhost"; //Host address (most likely localhost) $db_name = "users"; //Name of Database $db_user = "root"; //Name of database user -$db_pass = file_get_contents("mysql_password"); // TODO: Create that file or replace this line. +$db_pass = trim(file_get_contents("mysql_password"));// TODO: Create that file or replace this line. $db_table_prefix = "uc_"; + + GLOBAL $errors; GLOBAL $successes; diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php index 07af426..b1afc72 100644 --- a/testing/MCTXWeb/public_html/users/models/funcs.php +++ b/testing/MCTXWeb/public_html/users/models/funcs.php @@ -80,6 +80,16 @@ function generateHash($plainText, $salt = null) return crypt($plainText, $salt); } +/** + * Generates a random password for emailing to new users. + * User should be asked to change the password. + */ +function generatePassword() +{ + $random = file_get_contents("/dev/urandom", false, null, 0, 25); + return bin2hex($random); +} + //Checks if an email is valid function isValidEmail($email) { -- 2.20.1