$err = new GenerateErrors(); $val = new ValidateStrings(); $misc = new MiscFunctions(); // Assign some defaults since nothing is configured $TITLE = "phpDHCPAdmin-0.9.5-beta Setup Wizard"; $STYLE = "../templates/black"; $DESCRIPTION = "I am here to help you import the database structure and setup the application defaults"; $DISCLAIMER = "All rights reserved 2009 ® Jason Gerfen"; $TABLES = array('admin_backup_conf', 'admin_config_algorithm', 'admin_logs', 'admin_sessions', 'auth_groups', 'auth_levels', 'auth_users', 'conf_adapters', 'conf_classes', 'conf_classes_options', 'conf_classes_opts', 'conf_dnssec_opts', 'conf_dns_opts', 'conf_failover', 'conf_global_opts', 'conf_hosts', 'conf_leases', 'conf_leases_properties', 'conf_pools', 'conf_pxe_groups', 'conf_pxe_opts', 'conf_shared_networks', 'conf_subnets', 'conf_traffic'); $REGEX = array('/\\$defined[\'hostname\']\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'dbhost\']\\s\\s\\s\\s\\s\\s=\\s\\"localhost\\";/', '/\\$defined[\'username\']\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'password\']\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'mail\']\\s\\s\\s\\s\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'virpath\']\\s\\s\\s\\s\\s=\\s\\"\\";/'); // lets process the form if (!empty($_POST)) { // make sure we have a complete form submission if (!empty($_POST['mysql_root_user']) && !empty($_POST['mysql_root_passwd']) && !empty($_POST['defined_hostname']) && !empty($_POST['mysql_server_address']) && !empty($_POST['mysql_server_username']) && !empty($_POST['mysql_server_password']) && !empty($_POST['configuration_path']) && !empty($_POST['admin_email'])) { // ensure nothing screwy is going on in regards to input if ($val->ValidateString($_POST['mysql_root_user']) !== -1 && $val->ValidateParagraph($_POST['mysql_root_passwd']) !== -1 && $val->ValidateDomain($_POST['defined_hostname']) !== -1 && $val->ValidateDomain($_POST['mysql_server_address']) !== -1 && $val->ValidateParagraph($_POST['mysql_server_username']) !== -1 && $val->ValidateParagraph($_POST['mysql_server_password']) !== -1 && $val->ValidateParagraph($_POST['configuration_path']) !== -1 && $val->ValidateEmail($_POST['admin_email']) !== -1) { // ensure our root username & password is correct $dbconn = $db->dbConnectOnly($_POST['mysql_server_address'], $_POST['mysql_root_user'], $_POST['mysql_root_passwd']); echo $db->dbCatchError(); if ($dbconn === -1) { $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "Error connecting to the database during initial connection. Wrong username/password combination", NULL, NULL); } else { // perform our .sql file import (this fails if it exists already) $cmd = "mysql -u " . $_POST['mysql_root_user'] . " --password="******" < phpDHCPAdmin.sql"; `{$cmd}`; // create a default user based on the form input $dbconn = $db->dbConnect($_POST['mysql_server_address'], $_POST['mysql_root_user'], $_POST['mysql_root_passwd'], 'phpDHCPAdmin'); if ($dbconn === -1) { $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "Error connecting to the database. Wrong username/password combination", NULL, NULL); } else { $query = "GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,REFERENCES ON phpDHCPAdmin.* TO '" . $_POST['mysql_server_username'] . "'@'" . $_POST['mysql_server_address'] . "' IDENTIFIED BY '" . $_POST['mysql_server_password'] . "'";
$user_group = $_POST['user_group']; $user_department = $_POST['user_department']; $user_contact = $_POST['user_contact']; $user_address = $_POST['user_address']; $user_phone = $_POST['user_phone']; $user_email = $_POST['user_email']; $user_pw_list = $_POST['user_pw_list']; $user_pw_1 = $_POST['user_pw_1']; $user_pw_2 = $_POST['user_pw_2']; $GenRandomPw = $_POST['GenRandomPw']; // check for our form type if (!empty($_POST['AddUser']) || !empty($_POST['EditUser']) || !empty($_POST['DelUser'])) { // check for empty variables if (!empty($user_username) && !empty($user_fname) && !empty($user_lname) && !empty($user_access_level) && !empty($user_group) && !empty($user_department) && !empty($user_fname) && !empty($user_lname) && !empty($user_phone) && !empty($user_email)) { // do some validation checks on submitted data if ($val->ValidateAlphaChar($user_username) !== -1 && $val->ValidateString($user_fname) !== -1 && $val->ValidateString($user_lname) !== -1 && $val->ValidateString($user_access_level) !== -1 && $val->ValidateString($user_group) !== -1 && $val->ValidateParagraph($user_department) !== -1 && $val->ValidateString($user_contact) !== -1 && $val->ValidatePhone($user_phone) !== -1 && $val->ValidateEmail($user_email) !== -1) { // leave the owner assignment alone if owner is not admin if ($group === "admin") { $group = $user_group; } // generate random password if this is a new user if (!empty($_POST['AddUser'])) { $user_password = $val->GenerateRandomPassword("12", "normal"); } // setup our SQL statements for add, edit and deleting records $insert = "INSERT INTO `auth_users` ( `username`, `password`, `level`, `group`, `dept`, `first`, `last`, `phone`, `email`, `ip`, `host`, `create_date`, `create_time`, `access_date`, `access_time`, `session`, `reset`, `owner` ) VALUES ( \"" . $user_username . "\", \"" . sha1($user_password) . "\", \"" . $user_access_level . "\", \"" . $user_group . "\", \"" . $user_deptartment . "\", \"" . $user_fname . "\", \"" . $user_lname . "\", \"" . $user_phone . "\", \"" . $user_email . "\", \"" . $user_ip . "\", \"" . $user_host . "\", \"" . $user_create_date . "\", \"" . $user_create_time . "\", \"" . $user_access_date . "\", \"" . $user_access_time . "\", \"" . $user_session . "\", \"TRUE\", \"" . $group . "\" )"; $update = "UPDATE `auth_users` SET `username` = \"" . $user_username . "\", `level` = \"" . $user_access_level . "\", `group` = \"" . $user_group . "\", `dept` = \"" . $user_department . "\", `first` = \"" . $user_fname . "\", `last` = \"" . $user_lname . "\", `phone` = \"" . $user_phone . "\", `email` = \"" . $user_email . "\", `ip` = \"" . $user_ip . "\", `host` = \"" . $user_host . "\", `owner` = \"" . $group . "\" WHERE `id` = \"" . $user_id . "\" LIMIT 1"; $delete = "DELETE FROM `auth_users` WHERE `id` = \"" . $user_id . "\" LIMIT 1"; // now perform a check to see which statement to use if (!empty($_POST['AddUser'])) { $sql = $insert;