$del = da_sql_escape_string($del);
$res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$login}';");
if (!$res) {
echo "<b>Could not delete user {$del} from group: " . da_sql_error($link, $config) . "</b><br>\n";
}
}
}
if ($new_members != '') {
$Members = preg_split("/[\n\\s]+/", $new_members, -1, PREG_SPLIT_NO_EMPTY);
if (!empty($Members)) {
foreach ($Members as $new_member) {
$new_member = da_sql_escape_string($new_member);
$res = @da_sql_query($link, $config, "SELECT username FROM {$config['sql_usergroup_table']} WHERE\n\t\t\t\tusername = '******' AND groupname = '{$login}';");
if ($res) {
if (@da_sql_num_rows($res, $config)) {
echo "<b>User {$new_member} already is a member of the group</b><br>\n";
} else {
$res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\t\t\tVALUES ('{$login}','{$new_member}');");
if (!$res) {
echo "<b>Error while adding user {$new_member} to group: " . da_sql_error($link, $config) . "</b><br>\n";
}
}
} else {
echo "<b>Could not add new member {$new_member}: " . da_sql_error($link, $config) . "</b><br>\n";
}
}
}
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
$lastlog_client_ip = $row['framedipaddress'];
$lastlog_server_name = $lastlog_server_ip != '' ? @gethostbyaddr($lastlog_server_ip) : '-';
$lastlog_client_name = $lastlog_client_ip != '' ? @gethostbyaddr($lastlog_client_ip) : '-';
$lastlog_callerid = $row['callingstationid'];
if ($lastlog_callerid == '') {
$lastlog_callerid = 'not available';
}
$lastlog_input = $row['acctinputoctets'];
$lastlog_input = bytes2str($lastlog_input);
$lastlog_output = $row['acctoutputoctets'];
$lastlog_output = bytes2str($lastlog_output);
} else {
$not_known = 1;
}
} else {
echo "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n";
}
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
$monthly_limit = is_numeric($monthly_limit) ? time2str($monthly_limit) : $monthly_limit;
$weekly_limit = is_numeric($weekly_limit) ? time2str($weekly_limit) : $weekly_limit;
$daily_limit = is_numeric($daily_limit) ? time2str($daily_limit) : $daily_limit;
$session_limit = is_numeric($session_limit) ? time2str($session_limit) : $session_limit;
$remaining = is_numeric($remaining) ? time2str($remaining) : $remaining;
if ($item_vals['Dialup-Access'][0] == 'FALSE' || !isset($item_vals['Dialup-Access'][0]) && $attrmap['Dialup-Access'] != '' && $attrmap['Dialup-Access'] != 'none') {
$msg = <<<EON
<font color=red><b> The user account is locked </b></font>
EON;
} else {
$link = @da_sql_pconnect($config);
if ($link) {
if (isset($member_groups) && isset($edited_groups)) {
$del_groups = array_diff($member_groups, $edited_groups);
if (isset($del_groups)) {
foreach ($del_groups as $del) {
$del = da_sql_escape_string($del);
$res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$del}';");
if (!$res) {
echo "<b>Could not delete user {$login} from group {$del}: " . da_sql_error($link, $config) . "</b><br>\n";
} else {
echo "<b>User {$login} deleted from group {$del}</b><br>\n";
}
}
}
$new_groups = array_diff($edited_groups, $member_groups);
if (isset($new_groups)) {
foreach ($new_groups as $new) {
$new = da_sql_escape_string($new);
$res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\tVALUES ('{$new}','{$login}');");
if (!$res) {
echo "<b>Error while adding user {$login} to group {$login}: " . da_sql_error($link, $config) . "</b><br>\n";
} else {
echo "<b>User {$login} added to group {$new}</b><br>\n";
}
}
}
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
case 'change_nas':
if ($nassecret == '' || $nasshortname == '') {
$msg = "<b>Error. Required fields are not set</b><br>\n";
} else {
$nasshortname = da_sql_escape_string($nasshortname);
$nastype = da_sql_escape_string($nastype);
$nasportnum = da_sql_escape_string($nasportnum);
$nassecret = da_sql_escape_string($nassecret);
$nascommunity = da_sql_escape_string($nascommunity);
$nasdescription = da_sql_escape_string($nasdescription);
$nasname = da_sql_escape_string($nasname);
$res = @da_sql_query($link, $config, "UPDATE {$config['sql_nas_table']} SET\n\t\t\t\t\tshortname = '{$nasshortname}',\n\t\t\t\t\ttype = '{$nastype}',\n\t\t\t\t\tports = '{$nasportnum}',\n\t\t\t\t\tsecret = '{$nassecret}',\n\t\t\t\t\tcommunity = '{$nascommunity}',\n\t\t\t\t\tdescription = '{$nasdescription}' WHERE nasname = '{$nasname}';");
if ($res) {
$msg = "<b>NAS '{$nasname}' was updated successfully</b><br>\n";
} else {
$msg = "<b>Error updating NAS '{$selected_nas}' " . da_sql_error($link, $config) . "</b><br>\n";
}
}
break;
}
}
$search = @da_sql_query($link, $config, "SELECT * FROM {$config['sql_nas_table']} ORDER BY nasname;");
if ($search) {
$num = 0;
unset($my_nas_list);
while ($row = @da_sql_fetch_array($search, $config)) {
$my_nas_name = $row['nasname'];
if ($my_nas_name != '') {
$num++;
$my_nas_list[$my_nas_name]['name'] = $my_nas_name;
$my_nas_list[$my_nas_name]['shortname'] = $row['shortname'];
<?php
if (is_file("../lib/sql/drivers/{$config['sql_type']}/functions.php")) {
include_once "../lib/sql/drivers/{$config['sql_type']}/functions.php";
} else {
echo "<b>Could not include SQL library</b><br>\n";
exit;
}
$link = @da_sql_pconnect($config);
if ($link) {
$res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_groupreply_table']} WHERE groupname = '{$login}';");
if ($res) {
$res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_groupcheck_table']} WHERE groupname = '{$login}';");
if ($res) {
$res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE groupname = '{$login}';");
if ($res) {
echo "<b>Group {$login} deleted successfully</b><br>\n";
} else {
echo "<b>Error deleting group {$login} from usergroup table: " . da_sql_error($link, $config) . "</b><br>\n";
}
} else {
echo "<b>Error deleting group {$login} from group check table: " . da_sql_error($link, $config) . "</b><br>\n";
}
} else {
echo "<b>Error deleting group {$login} from group reply table: " . da_sql_error($link, $config) . "</b><br>\n";
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
}
$date = date($config[sql_full_date_format]);
$lockmsg_name = $attrmap['Dialup-Lock-Msg'] . '0';
$msg = ${$lockmsg_name};
$admin = '-';
if ($_SERVER["PHP_AUTH_USER"] != '') {
$admin = $_SERVER["PHP_AUTH_USER"];
}
if ($msg == '') {
echo "<b>Lock Message should not be empty</b><br>\n";
} else {
$sql_servers = array();
if ($config[sql_extra_servers] != '') {
$sql_servers = explode(' ', $config[sql_extra_servers]);
}
$sql_servers[] = $config[sql_server];
foreach ($sql_servers as $server) {
$link = @da_sql_host_connect($server, $config);
if ($link) {
$r = da_sql_query($link, $config, "INSERT INTO {$config['sql_badusers_table']} (username,incidentdate,admin,reason)\n\t\t\tVALUES ('{$login}','{$date}','{$admin}','{$msg}');");
if (!$r) {
echo "<b>SQL Error:" . da_sql_error($link, $config) . "</b><br>\n";
} else {
echo "<b>User added to badusers table</b><br>\n";
}
da_sql_close($link, $config);
} else {
echo "<b>SQL Error: Could not connect to SQL database: {$server}</b><br>\n";
}
}
}
$text3 = '';
}
$link = @da_sql_pconnect($config);
if ($link) {
if (is_file("../lib/crypt/{$config['general_encryption_method']}.php")) {
include "../lib/crypt/{$config['general_encryption_method']}.php";
$passwd = da_encrypt($passwd);
$passwd = da_sql_escape_string($passwd);
$res = @da_sql_query($link, $config, "SELECT value FROM {$config['sql_check_table']} WHERE username = '******'\n\t\t\tAND attribute = '{$config['sql_password_attribute']}';");
if ($res) {
$row = @da_sql_fetch_array($res, $config);
if ($row) {
$res = @da_sql_query($link, $config, "UPDATE {$config['sql_check_table']} SET value = '{$passwd}' {$text3} WHERE\n\t\t\t\tattribute = '{$config['sql_password_attribute']}' AND username = '******';");
if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
echo "<b>Error while changing password: "******"</b><br>\n";
}
} else {
$res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_check_table']} (attribute,value,username {$text1})\n\t\t\t\t\tVALUES ('{$config['sql_password_attribute']}','{$passwd}','{$login}' {$text2});");
if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
echo "<b>Error while changing password: "******"</b><br>\n";
}
}
} else {
echo "<b>Error while executing query: " . da_sql_error($link, $config) . "</b><br>\n";
}
} else {
echo "<b>Could not open encryption library file</b><br>\n";
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
} else {
if ($attr_type["{$key}"] == 'replyItem') {
$table = "{$config['sql_groupreply_table']}";
$type = 2;
}
}
$val = ${$attrmap}["{$key}"];
$val = da_sql_escape_string($val);
$op_name = $attrmap["{$key}"] . '_op';
$op_val = ${$op_name};
if ($op_val != '') {
$op_val = da_sql_escape_string($op_val);
if (check_operator($op_val, $type) == -1) {
echo "<b>Invalid operator ({$op_val}) for attribute {$key}</b><br>\n";
coninue;
}
$op_val2 = ",'{$op_val}'";
}
if ($val == '' || check_defaults($val, $op_val, $default_vals["{$key}"])) {
continue;
}
$res = @da_sql_query($link, $config, "INSERT INTO {$table} (attribute,value,groupname {$text})\n\t\t\tVALUES ('{$attrmap[$key]}','{$val}','{$login}' {$op_val2});");
if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
echo "<b>Query failed for attribute {$key}: " . da_sql_error($link, $config) . "</b><br>\n";
}
}
echo "<b>Group created successfully</b><br>\n";
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
$Fmail = da_sql_escape_string($Fmail);
$Fou = da_sql_escape_string($Fou);
$Ftelephonenumber = da_sql_escape_string($Ftelephonenumber);
$Fhomephone = da_sql_escape_string($Fhomephone);
$Fmobile = da_sql_escape_string($Fmobile);
if (!@da_sql_num_rows($res, $config)) {
$res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_user_info_table']}\n\t\t\t\t(username,name,mail,department,homephone,workphone,mobile) VALUES\n\t\t\t\t('{$login}','{$Fcn}','{$Fmail}','{$Fou}','{$Ftelephonenumber}','{$Fhomephone}','{$Fmobile}');");
if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
echo "<b>Could not add user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n";
$fail = 1;
}
} else {
$res = @da_sql_query($link, $config, "UPDATE {$config['sql_user_info_table']} SET name = '{$Fcn}',Mail = '{$Fmail}',\n\t\t\t\tdepartment = '{$Fou}', homephone = '{$Fhomephone}', workphone = '{$Ftelephonenumber}',\n\t\t\t\tmobile = '{$Fmobile}' WHERE username = '******';");
if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
echo "<b>Could not update user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n";
$fail = 1;
}
}
} else {
echo "<b>Could not find user in user info table: " . da_sql_error($link, $config) . "</b><br>\n";
$fail = 1;
}
if ($fail == 0) {
echo "<b>User information updated successfully</b><br>\n";
}
} else {
echo "<b>Cannot use the user info table. Check the sql_use_user_info_table directive in admin.conf</b><br>\n";
}
} else {
echo "<b>Could not connect to SQL database</b><br>\n";
}
