Pchen0
/
ccan
mirror of https://git.ozlabs.org/~ccan/ccan


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							<?php
session_start();
if($_SESSION["slogged"] == false) {
	header('Location: login.php?referer=approval.php?accountid='.$_GET['accountid']);
	exit();
}

include('logo.html');
include('menulist.html');
include('configuration');
$accountid = $_GET['accountid'];
$username = $_SESSION['susername'];

if(!isset($_POST['submit']) && !isset($_POST['cancel']))
{
	//checking for admin rites
	$handle = 	sqlite3_open($db) or die("Could not open database");
	$query = "SELECT * FROM users where username=\"$username\"";
	$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
	$row = sqlite3_fetch_array($result);
	if ($row["admin"] == "false") { 
	echo "<div align=\"center\">You donot have a rite to approve users</div>";
	exit();
	}
	
	//extracting user information
	$query = "SELECT * FROM users where username=\"$accountid\"";
	$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
	if (($row = sqlite3_fetch_array($result)) == '') {  
	echo "<div align=\"center\">Not a valid account id</div>";
	exit();
	}
	
	$name = $row["name"];	
	$email = $row["email"];
	$website = $row["website"];
	$desc = $row["description"];
	
	if($row["approved"] == "true") {
		$query = "SELECT * FROM approval where approved=\"$accountid\"";
		$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
		$row = sqlite3_fetch_array($result);
		echo "<div align=\"center\"> Already <b>$accountid</b> is approved by <b>".$row["approvedby"]."</b>...</div>";
		exit();
	}
?>
	<h3 class="firstheader" align="center">Approval</h3>
	<form method="post" action="approval.php?accountid=<?=$accountid?>" >
	<table align="center" border="0" cellpadding="10" bgcolor="gray">
	 		<tr align="left" bgcolor="lightgray">
	 		<td> 	<p>Full name: </td><td><?=$name;?></p></td>
	</tr>
	<tr align="left" bgcolor="silver">
	 		<td> 	<p>Account id: </td><td><?=$accountid;?></p></td>
	</tr>
	 		<tr align="left" bgcolor="lightgray">
	 		<td> <p>Email: </td><td><?=$email;?></p>
	</td>
	</tr>
	 		<tr align="left" bgcolor="silver">
	 		<td> <p>Description: </td><td><?=$desc;?></p> </td>
	</tr>
	 		<tr align="left" bgcolor="lightgray">
	 		<td> <p>Web Site: </td><td><?=$website;?></p> </td>
	</tr>
	<tr align="left" bgcolor="lightgray">
	 		<td>Admin rites</td><td><input type="checkbox" name="isadmin"> (check this if you want this user to be admin) </td>
	</tr>
	 		<tr align="center">
	 		<td> <input type="submit" name="submit" value="Approve"/></td>
	 		<td><input type="submit" name="cancel" value="Cancel Approval"/></td>
	</tr>
	</table>
	</form><hr>
	</body>
	</html>
<?php
}

//if approved 
else if (isset($_POST['submit'])) {
//set approval=true
$handle = sqlite3_open($db) or die("Could not open database");
$query = "update users set approved=\"true\" where username=\"$accountid\"";
$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));

//where whether user is given admin permission 
if($_POST['isadmin']) {
$query = "update users set admin=\"true\" where username=\"$accountid\"";
$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
}

//inserting to db 
$query = "insert into approval values(\"$accountid\",\"$username\")";
$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));

//get email id
$query = "SELECT * FROM users where username=\"$accountid\"";
$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
$row = sqlite3_fetch_array($result);
$email = $row["email"];

//generate password and send mail
$password = generate_passwd(8);
$subject = "Approval of ccan account";
$message = "Your request for ccan account id is being approved.\n\n Please use the following password to login\n Password: ".$password;
$password = md5($password);

//insert password 
$query = "insert into login (username,password) values(\"$accountid\",\"$password\")";
$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));

//sendmail 
mail($email, $subject, $message, "From: $frommail");
echo "<div align=center> Successfully approved <b>$accountid</b>...</div>";
}

//if approval is canceled
else if (isset($_POST['cancel'])) {
//delete user 
$handle = sqlite3_open($db) or die("Could not open database");
$query = "delete from users where username=\"$accountid\"";
$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
echo "<div align=center> Successfully cancelled <b>$accountid</b>...</div>";
}

function generate_passwd($length = 16) {
  static $chars = '!@#$%^&*abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ23456789';
  $chars_len = strlen($chars);
  for ($i = 0; $i < $length; $i++)
    $password .= $chars[mt_rand(0, $chars_len - 1)];
  return $password;
}
?>