public static function fatalDatabaseError($error, $pear_error_obj)
{
if (is_object($pear_error_obj)) {
$error .= ": " . $pear_error_obj->toString();
}
$AdminLog =& \AdminLog::getInstance();
$AdminLog->log_error($error);
global $NONINTERACTIVE_SCRIPT;
if (isset($NONINTERACTIVE_SCRIPT) && $NONINTERACTIVE_SCRIPT) {
// Non-interactive script running, return error message as comments
echo "#error_occured\n";
echo "# An error has occured in the application\n";
echo "# More information may be available in the server logs\n";
echo "# ::{$error}::\n";
echo "# Memory used: " . memory_get_usage() . "\n";
die;
}
$smarty = new \SmartyBC();
$smarty->compile_check = true;
$smarty->register_block('t', 'smarty_block_t');
// Needed even though message will be in English
$smarty->assign("Application", APPLICATION_NAME);
$smarty->assign("error", $error);
$smarty->display("error.tpl");
//var_dump($pear_error_obj);
die;
}
function loginForm($username = null, $status = null, &$auth = null)
{
global $templateEngine;
$templateEngine->clearAssign('MenuItems');
$templateEngine->clearAssign("LoggedInUsername");
$templateEngine->assign('username', $username);
switch ($status) {
case 0:
break;
case -1:
case -2:
$error = T_("Your session has expired. Please login again");
AdminLog::getInstance()->log("Expired Session");
break;
case -3:
$error = T_("Incorrect Login");
AdminLog::getInstance()->log("Invalid Login");
break;
case -5:
$errro = T_("Security Issue. Please login again");
AdminLog::getInstance()->log("Security Issue With Login");
break;
default:
$error = T_("Authentication Issue. Please report to Admin");
AdminLog::getInstance()->log("Auth Issues: {$status}");
}
if (isset($error)) {
$templateEngine->assign("error", $error);
}
$templateEngine->displayPage('loginform.tpl');
exit;
}
$password = \Grase\Util::randomPassword($Settings->getSetting('passwordLength'));
}
// Attempt to create user. Will error if it's not a unique username
if (DatabaseFunctions::getInstance()->createUser($username, $password, $MaxMb, $MaxTime, expiry_for_group($group, $groupSettings), $groupSettings[$group]['ExpireAfter'], \Grase\Clean::text($_POST['Group']), \Grase\Clean::text($_POST['Comment']))) {
AdminLog::getInstance()->log("Created new user {$username}");
$Settings->addUserToBatch($batchID, $username);
$createdUsernames[] = $username;
} else {
// Failed to create. Most likely not a unique username.
// Try again but only for so long (i.e. all usernames are in use)
$i--;
// This really chokes up the logs, maybe don't log this? TODO
AdminLog::getInstance()->log("Failed to created new user {$username}. Probably duplicate username");
$failedUsers++;
if ($failedUsers > 20) {
AdminLog::getInstance()->log("Too many failed usernames, stopping batch creation");
$error[] = sprintf(T_("Too many users failed to create. Batch creation stopped. %s users have been successfully created"), $i);
break;
}
}
}
// Load up user details of created users for displaying
$createdUsers = DatabaseFunctions::getInstance()->getMultipleUsersDetails($createdUsernames);
$templateEngine->assign("createdusers", $createdUsers);
// Check if we managed to create all users or if batch failed
if ($failedUsers <= 20) {
$success[] = T_("Tickets Successfully Created");
$success[] = "<a target='_tickets' href='export.php?format=html&batch={$batchID}'>" . T_("Print Tickets") . "</a>";
unset($user);
}
}
/* Copyright 2008 Timothy White */
/* This file is part of GRASE Hotspot.
http://grasehotspot.org/
GRASE Hotspot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GRASE Hotspot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GRASE Hotspot. If not, see <http://www.gnu.org/licenses/>.
*/
$PAGE = 'login';
require_once 'includes/pageaccess.inc.php';
$from_page = 'login';
require_once 'includes/session.inc.php';
AdminLog::getInstance()->log("Log in");
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
if (isset($_GET['page'])) {
$uri = $_GET['page'];
}
// Sanity check
header("Location: http://{$host}{$uri}");
exit;
public function unlockUser($username)
{
/* Remove a lock on a user account */
$sql = sprintf("DELETE FROM radcheck\n WHERE Username=%s\n AND Attribute=%s", $this->db->quote($username), $this->db->quote('Auth-Type'));
$result = $this->db->queryOne($sql);
if (PEAR::isError($result)) {
\Grase\ErrorHandling::fatalDatabaseError(T_('Removing User Lock Query Failed: '), $result);
}
$sql = sprintf("DELETE FROM radreply\n WHERE Username=%s\n AND Attribute=%s", $this->db->quote($username), $this->db->quote('Reply-Message'));
$result = $this->db->queryOne($sql);
if (PEAR::isError($result)) {
\Grase\ErrorHandling::fatalDatabaseError(T_('Removing User Lock Message Query Failed: '), $result);
}
AdminLog::getInstance()->log("Unlocked user {$username}");
}
<?php
/* Copyright 2009 Timothy White */
/* This file is part of GRASE Hotspot.
http://grasehotspot.org/
GRASE Hotspot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GRASE Hotspot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GRASE Hotspot. If not, see <http://www.gnu.org/licenses/>.
*/
$PAGE = 'adminlog';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
// TODO: Add "reset" option that archives old stuff? (Or deletes old stuff)
$templateEngine->assign("loglines", AdminLog::getInstance()->getLog());
$templateEngine->assign("lastcron", AdminLog::getInstance()->lastCron());
$templateEngine->displayPage('adminlog.tpl');
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GRASE Hotspot. If not, see <http://www.gnu.org/licenses/>.
*/
$NONINTERACTIVE_SCRIPT = true;
require_once __DIR__ . '/../../vendor/autoload.php';
require_once 'includes/misc_functions.inc.php';
// Special case for stale sessions, don't log it
/*if(isset($_GET['clearstalesessions']))
{
CronFunctions::getInstance()->clearStaleSessions();
exit;
}*/
AdminLog::getInstance()->log_cron("CRON");
$DBs = new DatabaseConnections();
$radiusDB = new \Grase\Database\Database();
$radminDB = new \Grase\Database\Database('/etc/grase/radmin.conf');
$upgradeDB = new \Grase\Database\Upgrade($radiusDB, $radminDB, new \Grase\Database\Radmin($radminDB), CronFunctions::getInstance());
$upgradeDatabaseResults = $upgradeDB->upgradeDatabase();
if ($upgradeDatabaseResults) {
echo "{$upgradeDatabaseResults}\n";
}
$staleSessionsResult = CronFunctions::getInstance()->clearStaleSessions();
if ($staleSessionsResult) {
echo "{$staleSessionsResult}\n";
}
$expiredUsersResults = CronFunctions::getInstance()->deleteExpiredUsers();
if ($expiredUsersResults) {
echo "{$expiredUsersResults}\n";
$error = "Logo Failed to upload";
} elseif ($_FILES['newlogo']['size'] > 50960) {
$error = "Logo too big";
} else {
// TODO: test if jpg or png
// TODO: test if jpeg/jpg/png extension otherwise browser doesn't know type
//print "Attempting to test if png";
if (exif_imagetype($_FILES['newlogo']['tmp_name']) != IMAGETYPE_PNG) {
$error = "Logo is not a png";
} else {
// TODO: don't overwrite logo.X, upload to logo dir and remember name to add to css/html
//print "Attempting to move file";
if (move_uploaded_file($_FILES['newlogo']['tmp_name'], '/usr/share/grase/www/images/logo.png')) {
$error = false;
$success = "Logo Updated (you may need to refresh your browser to see the change)";
AdminLog::getInstance()->log("New Logo Uploaded");
} else {
$error = "Unable to save new logo to server";
}
}
}
} else {
$error = \Grase\Util::fileUploadErrorCodeToMessage($_FILES['newlogo']['error']);
}
}
if ($error) {
$templateEngine->assign("error", array($error));
}
if ($success) {
$templateEngine->assign("success", array($success));
}
public function deleteOutOfDataUsers()
{
/* Do select to get list of usernames
* Run deleteUser over each username (this clears all junk easily
* can be condensed into less queries but this removes complexity
* */
$deleted_results = 0;
$sql = sprintf("SELECT UserName\n FROM radcheck\n WHERE Attribute = %s AND\n Value = 0", $this->db->quote('Max-Octets'));
$results = $this->db->queryAll($sql);
if (PEAR::isError($results)) {
return T_('Fetching users to delete failed') . $results->toString();
}
foreach ($results as $user) {
AdminLog::getInstance()->log_cron("Cron Deleting OutOfData {$user['UserName']}");
$this->deleteUser($user['UserName']);
}
$deleted_results += sizeof($results);
if ($deleted_results) {
return "({$deleted_results}) " . T_('OutOfData users deleted');
}
return false;
}
public function deleteVoucher($vouchername)
{
$delete = $this->radmin->prepare("DELETE FROM vouchers WHERE VoucherName=?");
$result = $delete->execute(array($vouchername));
if ($result === false) {
ErrorHandling::fatalDatabaseError(T_('Delete Voucher query failed: '), $result);
}
\AdminLog::getInstance()->log("Voucher {$vouchername} deleted");
return $result;
}
$groupSettings = $Settings->getGroup($user['Group']);
// TODO: Create function to make these the same across all locations
// Check if we are using the dropdown, or inherit to override the input field
if (is_numeric($user['Max_Mb'])) {
$user['MaxMb'] = $user['Max_Mb'];
} elseif ($user['Max_Mb'] == 'inherit') {
$user['MaxMb'] = $groupSettings[$user['Group']]['MaxMb'];
}
// Check if we are using the dropdown, or inherit to override the input field
if (is_numeric($user['Max_Time'])) {
$user['MaxTime'] = $user['Max_Time'];
} elseif ($user['Max_Time'] == 'inherit') {
$user['MaxTime'] = $groupSettings[$user['Group']]['MaxTime'];
}
// TODO: Check if valid
DatabaseFunctions::getInstance()->createUser($user['Username'], $user['Password'], $user['MaxMb'], $user['MaxTime'], expiry_for_group($user['Group'], $groupSettings), $groupSettings[$user['Group']]['ExpireAfter'], $user['Group'], $user['Comment']);
$success[] = sprintf(T_("User %s Successfully Created"), $user['Username']);
$success[] = "<a target='_tickets' href='export.php?format=html&user={$user['Username']}'>" . sprintf(T_("Print Ticket for %s"), $user['Username']) . "</a>";
AdminLog::getInstance()->log(sprintf(T_("Created new user %s"), $user['Username']));
$templateEngine->assign("success", $success);
// We are now loading the form afresh, ensure we clear the $user array
$user = array();
}
}
$user['Password'] = \Grase\Util::randomPassword($Settings->getSetting('passwordLength'));
// TODO: make default settings customisable
$user['Max_Mb'] = 'inherit';
$user['Max_Time'] = 'inherit';
$user['Expiration'] = "--";
$templateEngine->assign("user", $user);
$templateEngine->displayPage($templateFile);
function updateSupportLinkSetting($supportLink)
{
global $error, $Settings, $success;
if ($Settings->getSetting('supportContactLink') == $supportLink) {
return true;
}
if ($supportLink == "" || strpos($supportLink, ' ') !== false) {
$error[] = T_("Support link not valid");
} else {
if ($Settings->setSetting('supportContactLink', $supportLink)) {
$success[] = T_("Support link updated");
AdminLog::getInstance()->log(T_("Support link updated"));
} else {
$error[] = T_("Error Saving Support link");
}
}
}
if (sizeof($errors) == 0) {
// Access level is set at creation and can't be changed via the Auth class
if ($Auth->addUser($_POST['newUsername'], $_POST['newPassword'], array('accesslevel' => $newAccessLevel))) {
$success[] = T_("User Created");
AdminLog::getInstance()->log("New Admin User Created, {$_POST['newUsername']}");
} else {
$errors[] = T_("Error Creating Admin User");
}
}
}
// Delete admin user
if (isset($_POST['deleteadminusersubmit'])) {
if ($_POST['deleteusername']) {
$success[] = sprintf(T_("User %s Deleted"), $_POST['deleteusername']);
$Auth->removeUser($_POST['deleteusername']) or $error_delete = "Error Deleting User";
AdminLog::getInstance()->log("Admin User Deleted, {$_POST['deleteusername']}");
} else {
$errors[] = T_("Invalid Delete Request");
}
}
$templateEngine->assign("error", $errors);
$templateEngine->assign("success", $success);
$adminUsersDetails = array();
foreach ($Auth->listUsers() as $adminUserDetail) {
unset($adminUserDetail['password']);
switch ($adminUserDetail['accesslevel']) {
case 1:
$adminUserDetail['accesslevellabel'] = T_("Admin User");
break;
case 2:
$adminUserDetail['accesslevellabel'] = T_("Power User");
// TODO: Check return for success
$success[] = T_("Max Time Limit Updated");
AdminLog::getInstance()->log(sprintf(T_("Max Time Limit changed for %s"), $username));
}
}
}
if (isset($_POST['unexpiresubmit'])) {
DatabaseFunctions::getInstance()->setUserExpiry($username, expiry_for_group(DatabaseFunctions::getInstance()->getUserGroup($username)));
$success[] = T_("Expiry updated");
}
// Delete User
if (isset($_POST['deleteusersubmit'])) {
DatabaseFunctions::getInstance()->deleteUser($username);
// TODO: Check for success
$success[] = sprintf(T_("User '%s' Deleted"), $username);
AdminLog::getInstance()->log("User {$username} deleted");
$templateEngine->assign("error", $error);
$templateEngine->assign("success", $success);
require 'display.php';
die;
// TODO: Recode so don't need die (too many nests?)
}
$templateEngine->assign("error", $error);
$templateEngine->assign("success", $success);
// if $success we need to reload the info
if (sizeof($success) > 0 || sizeof($error) > 0) {
$user = DatabaseFunctions::getInstance()->getUserDetails($_GET['username']);
}
// After potential reload, we can assign it to smarty
$templateEngine->assign("user", $user);
// After all user details are loaded, we can load our warning
