$sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADCHECK'] . " VALUES (0, '" . $dbSocket->escapeSimple($username) . "', 'User-Password', ':=', '" . $dbSocket->escapeSimple($password) . "')"; $res = $dbSocket->query($sql); $logDebugSQL .= $sql . "\n"; // if a group was defined to add the user to in the form let's add it to the database if (isset($group)) { if (!$group_priority) { $group_priority = 0; } // if group priority wasn't set we // initialize it to 0 by default $sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADUSERGROUP'] . " VALUES ('" . $dbSocket->escapeSimple($username) . "', '" . $dbSocket->escapeSimple($group) . "', " . $dbSocket->escapeSimple($group_priority) . ") "; $res = $dbSocket->query($sql); $logDebugSQL .= $sql . "\n"; } addUserInfo($dbSocket, $username); addUserBillInfo($dbSocket, $username, $sql_batch_id); foreach ($_POST as $element => $field) { // switch case to rise the flag for several $attribute which we do not // wish to process (ie: do any sql related stuff in the db) switch ($element) { case "username_prefix": case "passwordType": case "length_pass": case "length_user": case "number": case "plan": case "submit": case "group": case "group_priority": case "createBatchUsersType": case "startingIndex":
// we now perform the same check but for an MD5-Password attribute } elseif (preg_match("/md5/i", $passwordtype)) { // if we don't find the md5 function even though we identified // a MD5-Password attribute if (!preg_match("/md5/i", $dbPassword)) { $dbPassword = "******"; } } // insert username/password $sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADCHECK'] . " (id,Username,Attribute,op,Value) " . " VALUES (0, '" . $dbSocket->escapeSimple($username) . "', '" . $dbSocket->escapeSimple($passwordtype) . "', ':=', {$dbPassword})"; $res = $dbSocket->query($sql); $logDebugSQL .= $sql . "\n"; addGroups($dbSocket, $username, $profiles); addPlanProfile($dbSocket, $username, $planName); addUserInfo($dbSocket, $username); $userbillinfo_id = addUserBillInfo($dbSocket, $username); // create any invoices if required (meaning, if a plan was chosen) if ($planName) { include_once "include/management/userBilling.php"; // get plan information $sql = "SELECT id, planCost, planSetupCost, planTax FROM " . $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'] . " WHERE planName='" . $dbSocket->escapeSimple($planName) . "' LIMIT 1"; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); // calculate tax (planTax is the numerical percentage amount) $calcTax = (double) ($row['planCost'] * (double) ($row['planTax'] / 100)); $invoiceItems[0]['plan_id'] = $row['id']; $invoiceItems[0]['amount'] = $row['planCost']; $invoiceItems[0]['tax'] = $calcTax; $invoiceItems[0]['notes'] = 'charge for plan service'; if (isset($row['planSetupCost']) && $row['planSetupCost'] != '') { $calcTax = (double) ($row['planSetupCost'] * (double) ($row['planTax'] / 100));
$res = $dbSocket->query($sql); $logDebugSQL .= $sql . "\n"; addGroups($dbSocket, $macaddress, $group_macaddress); addUserInfo($dbSocket, $macaddress); addUserBillInfo($dbSocket, $username); addAttributes($dbSocket, $macaddress); $successMsg = "Added to database new mac auth user: <b> {$macaddress} </b>"; $logAction .= "Successfully added new mac auth user [{$macaddress}] on page: "; } elseif ($authType == "pincodeAuth") { // insert username/password $sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADCHECK'] . " (id,Username,Attribute,op,Value) " . " VALUES (0, '" . $dbSocket->escapeSimple($pincode) . "', 'Auth-Type', ':=', 'Accept')"; $res = $dbSocket->query($sql); $logDebugSQL .= $sql . "\n"; addGroups($dbSocket, $pincode, $group_pincode); addUserInfo($dbSocket, $pincode); addUserBillInfo($dbSocket, $username); addAttributes($dbSocket, $pincode); $successMsg = "Added to database new pincode: <b> {$pincode} </b>"; $logAction .= "Successfully added new pincode [{$pincode}] on page: "; } else { echo "unknown authentication method <br/>"; } } else { $failureMsg = "user already exist in database: <b> {$username} </b>"; $logAction .= "Failed adding new user already existing in database [{$username}] on page: "; } include 'library/closedb.php'; } include_once 'library/config_read.php'; $log = "visited page: "; if ($configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] == "yes") {