$sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADCHECK'] . " VALUES (0, '" . $dbSocket->escapeSimple($username) . "', 'User-Password', ':=', '" . $dbSocket->escapeSimple($password) . "')";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
// if a group was defined to add the user to in the form let's add it to the database
if (isset($group)) {
if (!$group_priority) {
$group_priority = 0;
}
// if group priority wasn't set we
// initialize it to 0 by default
$sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADUSERGROUP'] . " VALUES ('" . $dbSocket->escapeSimple($username) . "', '" . $dbSocket->escapeSimple($group) . "', " . $dbSocket->escapeSimple($group_priority) . ") ";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
}
addUserInfo($dbSocket, $username);
addUserBillInfo($dbSocket, $username, $sql_batch_id);
foreach ($_POST as $element => $field) {
// switch case to rise the flag for several $attribute which we do not
// wish to process (ie: do any sql related stuff in the db)
switch ($element) {
case "username_prefix":
case "passwordType":
case "length_pass":
case "length_user":
case "number":
case "plan":
case "submit":
case "group":
case "group_priority":
case "createBatchUsersType":
case "startingIndex":
// we now perform the same check but for an MD5-Password attribute
} elseif (preg_match("/md5/i", $passwordtype)) {
// if we don't find the md5 function even though we identified
// a MD5-Password attribute
if (!preg_match("/md5/i", $dbPassword)) {
$dbPassword = "******";
}
}
// insert username/password
$sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADCHECK'] . " (id,Username,Attribute,op,Value) " . " VALUES (0, '" . $dbSocket->escapeSimple($username) . "', '" . $dbSocket->escapeSimple($passwordtype) . "', ':=', {$dbPassword})";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
addGroups($dbSocket, $username, $profiles);
addPlanProfile($dbSocket, $username, $planName);
addUserInfo($dbSocket, $username);
$userbillinfo_id = addUserBillInfo($dbSocket, $username);
// create any invoices if required (meaning, if a plan was chosen)
if ($planName) {
include_once "include/management/userBilling.php";
// get plan information
$sql = "SELECT id, planCost, planSetupCost, planTax FROM " . $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'] . " WHERE planName='" . $dbSocket->escapeSimple($planName) . "' LIMIT 1";
$res = $dbSocket->query($sql);
$row = $res->fetchRow(DB_FETCHMODE_ASSOC);
// calculate tax (planTax is the numerical percentage amount)
$calcTax = (double) ($row['planCost'] * (double) ($row['planTax'] / 100));
$invoiceItems[0]['plan_id'] = $row['id'];
$invoiceItems[0]['amount'] = $row['planCost'];
$invoiceItems[0]['tax'] = $calcTax;
$invoiceItems[0]['notes'] = 'charge for plan service';
if (isset($row['planSetupCost']) && $row['planSetupCost'] != '') {
$calcTax = (double) ($row['planSetupCost'] * (double) ($row['planTax'] / 100));
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
addGroups($dbSocket, $macaddress, $group_macaddress);
addUserInfo($dbSocket, $macaddress);
addUserBillInfo($dbSocket, $username);
addAttributes($dbSocket, $macaddress);
$successMsg = "Added to database new mac auth user: <b> {$macaddress} </b>";
$logAction .= "Successfully added new mac auth user [{$macaddress}] on page: ";
} elseif ($authType == "pincodeAuth") {
// insert username/password
$sql = "INSERT INTO " . $configValues['CONFIG_DB_TBL_RADCHECK'] . " (id,Username,Attribute,op,Value) " . " VALUES (0, '" . $dbSocket->escapeSimple($pincode) . "', 'Auth-Type', ':=', 'Accept')";
$res = $dbSocket->query($sql);
$logDebugSQL .= $sql . "\n";
addGroups($dbSocket, $pincode, $group_pincode);
addUserInfo($dbSocket, $pincode);
addUserBillInfo($dbSocket, $username);
addAttributes($dbSocket, $pincode);
$successMsg = "Added to database new pincode: <b> {$pincode} </b>";
$logAction .= "Successfully added new pincode [{$pincode}] on page: ";
} else {
echo "unknown authentication method <br/>";
}
} else {
$failureMsg = "user already exist in database: <b> {$username} </b>";
$logAction .= "Failed adding new user already existing in database [{$username}] on page: ";
}
include 'library/closedb.php';
}
include_once 'library/config_read.php';
$log = "visited page: ";
if ($configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] == "yes") {
