diff options
| author | cassio <cassiopc@gmail.com> | 2013-07-02 05:46:45 +0000 |
|---|---|---|
| committer | cassio <cassiopc@gmail.com> | 2013-07-02 05:46:45 +0000 |
| commit | be2491b093b1f0ca430bede679ecbb670041e483 (patch) | |
| tree | fe2da63d1811cb93e4352a43a113ace37b9f6017 /src/admin/user.php | |
| parent | a9aa438ea0558eb0044cf1e54a9190ddb41b65e5 (diff) | |
| download | boca-be2491b093b1f0ca430bede679ecbb670041e483.tar.gz boca-be2491b093b1f0ca430bede679ecbb670041e483.zip | |
restructuring of boca's git
Diffstat (limited to 'src/admin/user.php')
| -rw-r--r-- | src/admin/user.php | 469 |
1 files changed, 469 insertions, 0 deletions
diff --git a/src/admin/user.php b/src/admin/user.php new file mode 100644 index 0000000..adde9db --- /dev/null +++ b/src/admin/user.php @@ -0,0 +1,469 @@ +<?php +//////////////////////////////////////////////////////////////////////////////// +//BOCA Online Contest Administrator +// Copyright (C) 2003-2012 by BOCA Development Team (bocasystem@gmail.com) +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. +//////////////////////////////////////////////////////////////////////////////// +// Last modified 05/aug/2012 by cassio@ime.usp.br +require('header.php'); + +if (isset($_GET["site"]) && isset($_GET["user"]) && is_numeric($_GET["site"]) && is_numeric($_GET["user"]) && + isset($_GET["logout"]) && $_GET["logout"] == 1) { + DBLogOut($_SESSION["usertable"]["contestnumber"], $_GET["site"], $_GET["user"]); + ForceLoad("user.php"); +} +if (isset($_POST["usersitenumber"]) && isset($_POST["usernumber"]) && is_numeric($_POST["usersitenumber"]) && + is_numeric($_POST["usernumber"]) && isset($_POST["confirmation"]) && $_POST["confirmation"] == "delete") { + if (!DBDeleteUser($_SESSION["usertable"]["contestnumber"], $_POST["usersitenumber"], $_POST["usernumber"])) + MSGError("User could not be removed."); + ForceLoad("user.php"); +} + +if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) + ForceLoad("../index.php"); +if($ct["contestlocalsite"]==$ct["contestmainsite"]) $main=true; else $main=false; + +if (isset($_POST["username"]) && isset($_POST["userfullname"]) && isset($_POST["userdesc"]) && isset($_POST["userip"]) && + isset($_POST["usernumber"]) && isset($_POST["usersitenumber"]) && isset($_POST["userenabled"]) && isset($_POST["usericpcid"]) && + isset($_POST["usermultilogin"]) && isset($_POST["usertype"]) && isset($_POST["confirmation"]) && + isset($_POST["passwordn1"]) && isset($_POST["passwordn2"]) && isset($_POST["passwordo"]) && $_POST["confirmation"] == "confirm") { + $param['user'] = htmlspecialchars($_POST["usernumber"]); + $param['site'] = htmlspecialchars($_POST["usersitenumber"]); + $param['username'] = htmlspecialchars($_POST["username"]); + $param['usericpcid'] = htmlspecialchars($_POST["usericpcid"]); + $param['enabled'] = htmlspecialchars($_POST["userenabled"]); + $param['multilogin'] = htmlspecialchars($_POST["usermultilogin"]); + $param['userfull'] = htmlspecialchars($_POST["userfullname"]); + $param['userdesc'] = htmlspecialchars($_POST["userdesc"]); + $param['type'] = htmlspecialchars($_POST["usertype"]); + $param['permitip'] = htmlspecialchars($_POST["userip"]); + $param['contest'] = $_SESSION["usertable"]["contestnumber"]; + + $passcheck = htmlspecialchars($_POST["passwordo"]); + $a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], null, false); + if(myhash($a['userpassword'] . session_id()) != $passcheck) { + MSGError('Admin password is incorrect'); + } else { + if ($_POST["passwordn1"] == $_POST["passwordn2"]) { + $param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]),$a['userpassword']); + if($param['user'] != 1000) + DBNewUser($param); + } + else MSGError ("Passwords don't match."); + } + ForceLoad("user.php"); +} +else if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["importfile"]["name"]!="") { + if ($_POST["confirmation"] == "confirm") { + $type=myhtmlspecialchars($_FILES["importfile"]["type"]); + $size=myhtmlspecialchars($_FILES["importfile"]["size"]); + $name=myhtmlspecialchars($_FILES["importfile"]["name"]); + $temp=myhtmlspecialchars($_FILES["importfile"]["tmp_name"]); + if (!is_uploaded_file($temp)) { + IntrusionNotify("file upload problem."); + ForceLoad("../index.php"); + } + + if (($ar = file($temp)) === false) { + IntrusionNotify("Unable to open the uploaded file."); + ForceLoad("user.php"); + } + $userlist=array(); + if(strtolower(substr($name,-4))==".tsv") { + for ($i=0; $i < count($ar) && strpos($ar[$i], "File_Version\t1") === false; $i++) ; + if($i >= count($ar)) MSGError('File format not recognized'); + $oklines=0; + for ($i++; $i < count($ar); $i++) { + $x = explode("\t",trim($ar[$i])); + if(count($x)==7) { + $param['site']=trim($x[2]); + $param['username']=trim($x[1]); + $param['usericpcid']=trim($x[1]); + $param['usernumber']=trim($x[1]); + if(trim($x[5])!='') + $param['userfull']=trim($x[3]) . ' - ' . trim($x[5]); + else + $param['userfull']=trim($x[3]); + $param['userdesc']=trim($x[4]); + $param['type']='team'; + $param['enabled']='t'; + $param['multilogin']='f'; + $userlist[$param['site'] . '-' . $param['usernumber']] = randstr(6,'0123456789'); + $param['pass']=myhash($userlist[$param['site'] . '-' . $param['usernumber']]); + + $param['contest']=$_SESSION["usertable"]["contestnumber"]; + if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) + if($param['usernumber'] != 1000 && DBNewUser($param)) { + $oklines++; + } else { + unset($userlist[$param['site'] . '-' . $param['usernumber']]); + break; + } + } + } + MSGError($oklines . ' users included/updated successfully'); + } else if(strtolower(substr($name,-4))==".tab") { + $oklines=0; + for ($i=0; $i<count($ar); $i++) { + $x = explode("\t",trim($ar[$i])); + if(count($x)==9) { + $param=array(); + $param['site']=trim($x[1]); + $param['username']=trim($x[0]); + $param['usericpcid']=trim($x[0]); + $param['usernumber']=trim($x[0]); + if(trim($x[5])!='') + $param['userfull']=trim($x[3]) . ' - ' . trim($x[5]); + else + $param['userfull']=trim($x[3]); + $param['userdesc']=trim($x[4]); + $param['type']='team'; + $param['enabled']='t'; + $param['multilogin']='f'; + $userlist[$param['site'] . '-' . $param['usernumber']] = randstr(6,'0123456789'); + $param['pass']=myhash($userlist[$param['site'] . '-' . $param['usernumber']]); + $param['contest']=$_SESSION["usertable"]["contestnumber"]; + if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) + if($param['usernumber'] != 1000 && DBNewUser($param)) { + $oklines++; + } else { + unset($userlist[$param['site'] . '-' . $param['usernumber']]); + break; + } + } + } + MSGError($oklines . ' users included/updated successfully'); + } else { + for ($i=0; $i < count($ar) && strpos($ar[$i], "[user]") === false; $i++) ; + if($i >= count($ar)) MSGError('File format not recognized'); + for ($i++; $i < count($ar) && $ar[$i][0] != "["; $i++) { + $x = trim($ar[$i]); + if (strpos($x, "user") !== false && strpos($x, "user") == 0) { + $param = array(); + while (strpos($x, "user") !== false && strpos($x, "user") == 0) { + $tmp = explode ("=", $x, 2); + switch (trim($tmp[0])) { + case "usersitenumber": $param['site']=trim($tmp[1]); break; + case "username": $param['username']=trim($tmp[1]); break; + case "usericpcid": $param['usericpcid']=trim($tmp[1]); break; + case "usernumber": $param['usernumber']=trim($tmp[1]); break; + case "userfullname": $param['userfull']=trim($tmp[1]); break; + case "userdesc": $param['userdesc']=trim($tmp[1]); break; + case "usertype": $param['type']=trim($tmp[1]); break; + case "userenabled": $param['enabled']=trim($tmp[1]); break; + case "usermultilogin": $param['multilogin']=trim($tmp[1]); break; + case "userpassword": $param['pass']=myhash(trim($tmp[1])); break; + case "userip": $param['permitip']=trim($tmp[1]); break; + } + $i++; + if ($i>=count($ar)) break; + $x = trim($ar[$i]); + } + $param['contest']=$_SESSION["usertable"]["contestnumber"]; + if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) + if($param['usernumber'] != 1000) DBNewUser($param); + } + } + } + if(count($userlist) > 0) { +?> +<center> +<br><u><b>TAKE NOTE OF THE USERS AND PASSWORDS AND KEEP THEM SECRET</b></u><br><br> +<table border=1> + <tr> + <td nowrap><b>Site</b></td><td><b>User #</b></td> + <td><b>Password</b></td> + </tr> +<?php + foreach($userlist as $user => $pass) { + $x = explode('-',$user); + echo "<tr><td>" . $x[0] . "</td><td>" . $x[1] . "</td><td>$pass</td></tr>\n"; + } +?> +</table><br><br><u><b>TAKE NOTE OF THE USERS AND PASSWORDS AND KEEP THEM SECRET</b></u></center></body></html> +<?php + exit; + } + } + ForceLoad("user.php"); +} + +if($main) + $usr = DBAllUserInfo($_SESSION["usertable"]["contestnumber"]); +else + $usr = DBAllUserInfo($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usersitenumber"]); +?> + + <script language="javascript"> + function conf2(url) { + if (confirm("Are you sure?")) { + document.location=url; + } else { + document.location='user.php'; + } + } + </script> +<br> +<table width="100%" border=1> + <tr> + <td nowrap><b>User #</b></td> + <td><b>Site</b></td> + <td><b>Username</b></td> + <td><b>ICPC ID</b></td> + <td><b>Type</b></td> + <td><b>IP</b></td> + <td><b>LastLogin</b></td> + <td><b>LastLogout</b></td> + <td><b>Enabled</b></td> + <td><b>Multi</b></td> + <td><b>Fullname</b></td> + <td><b>Description</b></td> + </tr> +<?php +for ($i=0; $i < count($usr); $i++) { + echo " <tr>\n"; + if(($usr[$i]["usersitenumber"] == $_SESSION["usertable"]["usersitenumber"] || $main==true) && + //$usr[$i]["usertype"] != 'site' && + ($usr[$i]["usernumber"] != $_SESSION["usertable"]["usernumber"] || + $usr[$i]["usersitenumber"] != $_SESSION["usertable"]["usersitenumber"])) + echo " <td nowrap><a href=\"user.php?site=" . $usr[$i]["usersitenumber"] . "&user=" . + $usr[$i]["usernumber"] . "\">" . $usr[$i]["usernumber"] . "</a></td>\n"; + else + echo " <td nowrap>" . $usr[$i]["usernumber"] . "</td>\n"; + + echo " <td nowrap>" . $usr[$i]["usersitenumber"] . "</td>\n"; + echo " <td nowrap>" . $usr[$i]["username"] . " </td>\n"; + echo " <td nowrap>" . $usr[$i]["usericpcid"] . " </td>\n"; + echo " <td nowrap>" . $usr[$i]["usertype"] . " </td>\n"; + if ($usr[$i]["userpermitip"]!="") + echo " <td nowrap>" . $usr[$i]["userpermitip"] . "* </td>\n"; + else + echo " <td nowrap>" . $usr[$i]["userip"] . " </td>\n"; + if ($usr[$i]["userlastlogin"] < 1) + echo " <td nowrap>never</td>\n"; + else + echo " <td nowrap>" . dateconv($usr[$i]["userlastlogin"]) . "</td>\n"; + if ($usr[$i]["usersession"] != "") + echo " <td nowrap><a href=\"javascript: conf2('user.php?logout=1&site=" . $usr[$i]["usersitenumber"] . "&user=" . + $usr[$i]["usernumber"] . "')\">Force Logout</a></td>\n"; + else { + if ($usr[$i]["userlastlogout"] < 1) + echo " <td nowrap>never</td>\n"; + else + echo " <td nowrap>" . dateconv($usr[$i]["userlastlogout"]) . "</td>\n"; + } + if ($usr[$i]["userenabled"] == "t") + echo " <td nowrap>Yes</td>\n"; + else + echo " <td nowrap>No</td>\n"; + if ($usr[$i]["usermultilogin"] == "t") + echo " <td nowrap>Yes</td>\n"; + else + echo " <td nowrap>No</td>\n"; + echo " <td nowrap>" . $usr[$i]["userfullname"] . " </td>\n"; + echo " <td nowrap>" . $usr[$i]["userdesc"] . " </td>\n"; + echo "</tr>"; +} +echo "</table>\n"; + +unset($u); +if (isset($_GET["site"]) && isset($_GET["user"]) && is_numeric($_GET["site"]) && is_numeric($_GET["user"])) + $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_GET["site"], $_GET["user"]); + +?> +<script language="JavaScript" src="../sha256.js"></script> +<script language="JavaScript" src="../hex.js"></script> +<script language="JavaScript"> +function computeHASH() +{ + document.form3.passwordn1.value = bighexsoma(js_myhash(document.form3.passwordn1.value),js_myhash(document.form3.passwordo.value)); + document.form3.passwordn2.value = bighexsoma(js_myhash(document.form3.passwordn2.value),js_myhash(document.form3.passwordo.value)); + document.form3.passwordo.value = js_myhash(js_myhash(document.form3.passwordo.value)+'<?php echo session_id(); ?>'); +// document.form3.passwordn1.value = js_myhash(document.form3.passwordn1.value); +// document.form3.passwordn2.value = js_myhash(document.form3.passwordn2.value); +} +</script> + +<br><br><center><b>Clicking on a user number will bring the user data for edition.<br> +To import the users, just fill in the import file field.<br> +The file must be in the format defined in the admin's manual.</b></center> + +<form name="form1" enctype="multipart/form-data" method="post" action="user.php"> + <input type=hidden name="confirmation" value="noconfirm" /> + <center> + <table border="0"> + <tr> + <td width="25%" align=right>Import file:</td> + <td width="75%"> + <input type="file" name="importfile" size="40"> + </td> + </tr> + </table> + </center> + <script language="javascript"> + function conf() { + if (confirm("Confirm?")) { + document.form1.confirmation.value='confirm'; + } + } + </script> + <center> + <input type="submit" name="Submit" value="Import" onClick="conf()"> + <input type="reset" name="Submit2" value="Clear"> + </center> +</form> + + <br><br> + <center> +<b>To create/edit one user, enter the data below.<br> +Note that any changes will overwrite the already defined data.<br> +(Specially care if you use a user number that is already existent.)<br> +<br> +</b> + <table border="0"> +<form name="form3" action="user.php" method="post"> + <input type=hidden name="confirmation" value="noconfirm" /> + <script language="javascript"> + function conf3() { + computeHASH(); + if (confirm("Confirm?")) { + document.form3.confirmation.value='confirm'; + } + } +<?php +if (isset($u)) { + echo " function conf4() {\n"; + echo " if (confirm('Confirm the deletion?')) {\n"; + echo " document.form3.confirmation.value='delete';\n"; + echo " }\n"; + echo " }\n"; + $usite = $u['usersitenumber']; +} else + $usite = $ct['contestlocalsite']; +?> + function conf5() { + document.form3.confirmation.value='noconfirm'; + } + </script> + <center> + <table border="0"> + <tr> + <td width="35%" align=right>User Site Number:</td> + <td width="65%"> + <input type="text" name="usersitenumber" <?php if(!$main) echo "readonly "; echo "value=\"" . $usite . "\""; ?> size="20" maxlength="20" /> + </td> + </tr> + <tr> + <td width="35%" align=right>User Number:</td> + <td width="65%"> + <input type="text" name="usernumber" value="<?php if(isset($u)) echo $u["usernumber"]; ?>" size="20" maxlength="20" /> + </td> + </tr> + <tr> + <td width="35%" align=right>Username:</td> + <td width="65%"> + <input type="text" name="username" value="<?php if(isset($u)) echo $u["username"]; ?>" size="20" maxlength="20" /> + </td> + </tr> + <tr> + <td width="35%" align=right>ICPC ID:</td> + <td width="65%"> + <input type="text" name="usericpcid" value="<?php if(isset($u)) echo $u["usericpcid"]; ?>" size="20" maxlength="50" /> + </td> + </tr> + <tr> + <td width="35%" align=right>Type:</td> + <td width="65%"> + <select name="usertype"> + <option <?php if(!isset($u) || $u["usertype"] == "team") echo "selected"; ?> value="team">Team</option> + <option <?php if(isset($u)) if($u["usertype"] == "judge") echo "selected"; ?> value="judge">Judge</option> + <option <?php if(isset($u)) if($u["usertype"] == "admin") echo "selected"; ?> value="admin">Admin</option> + <option <?php if(isset($u)) if($u["usertype"] == "staff") echo "selected"; ?> value="staff">Staff</option> + <option <?php if(isset($u)) if($u["usertype"] == "score") echo "selected"; ?> value="score">Score</option> + <?php if(1 || $main) { ?> + <option <?php if(isset($u)) if($u["usertype"] == "site") echo "selected"; ?> value="site">Site</option> + <?php } ?> + </select> + </td> + </tr> + <tr> + <td width="35%" align=right>Enabled:</td> + <td width="65%"> + <select name="userenabled"> + <option <?php if(!isset($u) || $u["userenabled"] != "f") echo "selected"; ?> value="t">Yes</option> + <option <?php if(isset($u) && $u["userenabled"] == "f") echo "selected"; ?> value="f">No</option> + </select> + </td> + </tr> + <tr> + <td width="35%" align=right>MultiLogins (local teams should be set to <b>No</b>):</td> + <td width="65%"> + <select name="usermultilogin"> + <option <?php if(isset($u) && $u["usermultilogin"] == "t") echo "selected"; ?> value="t">Yes</option> + <option <?php if(!isset($u) || $u["usermultilogin"] != "t") echo "selected"; ?> value="f">No</option> + </select> + </td> + </tr> + <tr> + <td width="35%" align=right>User Full Name:</td> + <td width="65%"> + <input type="text" name="userfullname" value="<?php if(isset($u)) echo $u["userfullname"]; ?>" size="50" maxlength="200" /> + </td> + </tr> + <tr> + <td width="35%" align=right>User Description:</td> + <td width="65%"> + <input type="text" name="userdesc" value="<?php if(isset($u)) echo $u["userdesc"]; ?>" size="50" maxlength="300" /> + </td> + </tr> + <tr> + <td width="35%" align=right>User IP:</td> + <td width="65%"> + <input type="text" name="userip" value="<?php if(isset($u)) echo $u["userpermitip"]; ?>" size="20" maxlength="20" /> + </td> + </tr> + <tr> + <td width="35%" align=right>Password:</td> + <td width="65%"> + <input type="password" name="passwordn1" value="" size="20" maxlength="200" /> + </td> + </tr> + <tr> + <td width="35%" align=right>Retype Password:</td> + <td width="65%"> + <input type="password" name="passwordn2" value="" size="20" maxlength="200" /> + </td> + </tr> + <tr> + <td width="35%" align=right>Admin (this user) Password:</td> + <td width="65%"> + <input type="password" name="passwordo" value="" size="20" maxlength="200" /> + </td> + </tr> + </table> + </center> + <center> + <input type="submit" name="Submit" value="Send" onClick="conf3()"> +<?php if(isset($u)) { ?> + <input type="submit" name="Delete" value="Delete" onClick="conf4()"> +<?php } ?> + <input type="submit" name="Cancel" value="Cancel" onClick="conf5()"> +<?php if(isset($u)) { ?> +<br><br><b>WARNING: deleting a user will completely remove EVERYTHING related to it (including runs, clarifications, etc).<b><br> +<?php } ?> + </center> +</form> + +</body> +</html> |