function check_user($mode, $username, $password) { global $RootDir; global $event; switch ($mode) { case 'admin': $OPENQRM_USER = new user($username); if ($OPENQRM_USER->check_user_exists()) { $OPENQRM_USER->set_user(); if (!strcmp($OPENQRM_USER->password, $password)) { return true; } else { $event->log("cloudsoap->check_user", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Got a wrong password from openQRM User name {$username}!", "", "", 0, 0, 0); return false; } } else { $event->log("cloudsoap->check_user", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "User name {$username} does not exists in openQRM !", "", "", 0, 0, 0); return false; } break; case 'user': $cl_user = new clouduser(); // check that the user exists if ($cl_user->is_name_free($username)) { $event->log("cloudsoap->check_user", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Cloud User name {$username} does not exists in the Cloud!", "", "", 0, 0, 0); return false; } // check users password, only if ldap is not enabled if (!file_exists($RootDir . "/plugins/ldap/.running")) { $cl_user->get_instance_by_name($username); if (strcmp($cl_user->password, $password)) { $event->log("cloudsoap->check_user", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Got a wrong password from Cloud User name {$username}!", "", "", 0, 0, 0); return false; } } return true; break; default: return false; break; } }
function CloudPushTransaction($method_parameters) { global $event; $parameter_array = explode(',', $method_parameters); $mode = $parameter_array[0]; $username = $parameter_array[1]; $password = $parameter_array[2]; $clouduser_name = $parameter_array[3]; $cr_id = $parameter_array[4]; $ccu_charge = $parameter_array[5]; $ccu_balance = $parameter_array[6]; $reason = $parameter_array[7]; $comment = $parameter_array[8]; // check all user input for ($i = 0; $i <= 8; $i++) { if (!$this->check_param($parameter_array[$i])) { $event->log("cloudsoap->CloudPushTransaction", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Not allowing user-intput with special-characters : {$parameter_array[$i]}", "", "", 0, 0, 0); return; } } // check parameter count $parameter_count = count($parameter_array); if ($parameter_count != 9) { $event->log("cloudsoap->CloudPushTransaction", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Wrong parameter count {$parameter_count} ! Exiting.", "", "", 0, 0, 0); return; } // check authentication if (!$this->check_user($mode, $username, $password)) { $event->log("cloudsoap->CloudPushTransaction", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "User authentication failed (mode {$mode})", "", "", 0, 0, 0); return; } // check for admin if (strcmp($mode, "admin")) { $event->log("cloudsoap->CloudPushTransaction", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Cloud method only available in admin mode", "", "", 0, 0, 0); return; } $cl_user = new clouduser(); if ($cl_user->is_name_free($clouduser_name)) { $event->log("cloudsoap->CloudPushTransaction", $_SERVER['REQUEST_TIME'], 2, "cloud-soap-server.php", "Cloud User name {$clouduser_name} does not exists in the Cloud !", "", "", 0, 0, 0); return 1; } $cl_user->get_instance_by_name($clouduser_name); $event->log("cloudsoap->CloudPushTransaction", $_SERVER['REQUEST_TIME'], 5, "cloud-soap-server.php", "Setting Cloud Limits for Cloud Users {$clouduser_name}", "", "", 0, 0, 0); $ct = new cloudtransaction(); $ct->push($cr_id, $cl_user->id, $ccu_charge, $ccu_balance, $reason, $comment); return 0; }
if (strlen($user_fields['cu_password']) < 6) { $strMsg .= "Password must be at least 6 characters long <br>"; $c_error = 1; redirect($strMsg, 'tab0', "cloud-user.php"); exit(0); } // username min 4 characters if (strlen($user_fields['cu_name']) < 4) { $strMsg .= "Username must be at least 4 characters long <br>"; $c_error = 1; redirect($strMsg, 'tab0', "cloud-user.php"); exit(0); } // does username already exists ? $c_user = new clouduser(); if (!$c_user->is_name_free($user_fields['cu_name'])) { $uname = $user_fields['cu_name']; $strMsg .= "A user with the name {$uname} already exist. Please choose another username <br>"; $c_error = 1; redirect($strMsg, 'tab0', "cloud-user.php"); exit(0); } if ($c_error == 0) { // check how many ccunits to give for a new user $cc_conf = new cloudconfig(); $cc_auto_give_ccus = $cc_conf->get_value(12); // 12 is auto_give_ccus $user_fields['cu_ccunits'] = $cc_auto_give_ccus; $cl_user = new clouduser(); $cl_user->add($user_fields); // add user to htpasswd