X-Git-Url: https://git.ozlabs.org/?p=ccan;a=blobdiff_plain;f=web%2Fapproval.php;fp=web%2Fapproval.php;h=dc99ca7d69e685059b5b77a7e64c022ecb4bc427;hp=0000000000000000000000000000000000000000;hb=d2c982b37f3c4373e99e7c60c19d048de02b5919;hpb=2e0ef31d8963eb146337093252d6ae28d2b18813

diff --git a/web/approval.php b/web/approval.php
new file mode 100644
index 00000000..dc99ca7d
--- /dev/null
+++ b/web/approval.php
@@ -0,0 +1,134 @@
+<?php
+session_start();
+if($_SESSION["slogged"] == false) {
+	header('Location: login.php?referer=approval.php?accountid='.$_GET['accountid']);
+	exit();
+}
+
+include('logo.html');
+include('menulist.html');
+include('configuration');
+$accountid = $_GET['accountid'];
+$username = $_SESSION['susername'];
+
+if(!isset($_POST['submit']) && !isset($_POST['cancel']))
+{
+	//checking for admin rites
+	$handle = 	sqlite3_open($db) or die("Could not open database");
+	$query = "SELECT * FROM users where username=\"$username\"";
+	$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+	$row = sqlite3_fetch_array($result);
+	if ($row["admin"] == "false") { 
+	echo "<div align=\"center\">You donot have a rite to approve users</div>";
+	exit();
+	}
+	
+	//extracting user information
+	$query = "SELECT * FROM users where username=\"$accountid\"";
+	$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+	if (($row = sqlite3_fetch_array($result)) == '') {  
+	echo "<div align=\"center\">Not a valid account id</div>";
+	exit();
+	}
+	
+	$name = $row["name"];	
+	$email = $row["email"];
+	$website = $row["website"];
+	$desc = $row["description"];
+	
+	if($row["approved"] == "true") {
+		$query = "SELECT * FROM approval where approved=\"$accountid\"";
+		$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+		$row = sqlite3_fetch_array($result);
+		echo "<div align=\"center\"> Already <b>$accountid</b> is approved by <b>".$row["approvedby"]."</b>...</div>";
+		exit();
+	}
+?>
+	<h3 class="firstheader" align="center">Approval</h3>
+	<form method="post" action="approval.php?accountid=<?=$accountid?>" >
+	<table align="center" border="0" cellpadding="10" bgcolor="gray">
+	 		<tr align="left" bgcolor="lightgray">
+	 		<td> 	<p>Full name: </td><td><?=$name;?></p></td>
+	</tr>
+	<tr align="left" bgcolor="silver">
+	 		<td> 	<p>Account id: </td><td><?=$accountid;?></p></td>
+	</tr>
+	 		<tr align="left" bgcolor="lightgray">
+	 		<td> <p>Email: </td><td><?=$email;?></p>
+	</td>
+	</tr>
+	 		<tr align="left" bgcolor="silver">
+	 		<td> <p>Description: </td><td><?=$desc;?></p> </td>
+	</tr>
+	 		<tr align="left" bgcolor="lightgray">
+	 		<td> <p>Web Site: </td><td><?=$website;?></p> </td>
+	</tr>
+	<tr align="left" bgcolor="lightgray">
+	 		<td>Admin rites</td><td><input type="checkbox" name="isadmin"> (check this if you want this user to be admin) </td>
+	</tr>
+	 		<tr align="center">
+	 		<td> <input type="submit" name="submit" value="Approve"/></td>
+	 		<td><input type="submit" name="cancel" value="Cancel Approval"/></td>
+	</tr>
+	</table>
+	</form><hr>
+	</body>
+	</html>
+<?php
+}
+
+//if approved 
+else if (isset($_POST['submit'])) {
+//set approval=true
+$handle = sqlite3_open($db) or die("Could not open database");
+$query = "update users set approved=\"true\" where username=\"$accountid\"";
+$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+
+//where whether user is given admin permission 
+if($_POST['isadmin']) {
+$query = "update users set admin=\"true\" where username=\"$accountid\"";
+$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+}
+
+//inserting to db 
+$query = "insert into approval values(\"$accountid\",\"$username\")";
+$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+
+//get email id
+$query = "SELECT * FROM users where username=\"$accountid\"";
+$result = sqlite3_query($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+$row = sqlite3_fetch_array($result);
+$email = $row["email"];
+
+//generate password and send mail
+$password = generate_passwd(8);
+$subject = "Approval of ccan account";
+$message = "Your request for ccan account id is being approved.\n\n Please use the following password to login\n Password: ".$password;
+$password = md5($password);
+
+//insert password 
+$query = "insert into login (username,password) values(\"$accountid\",\"$password\")";
+$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+
+//sendmail 
+mail($email, $subject, $message, "From: $frommail");
+echo "<div align=center> Successfully approved <b>$accountid</b>...</div>";
+}
+
+//if approval is canceled
+else if (isset($_POST['cancel'])) {
+//delete user 
+$handle = sqlite3_open($db) or die("Could not open database");
+$query = "delete from users where username=\"$accountid\"";
+$result = sqlite3_exec($handle, $query) or die("Error in query: ".sqlite3_error($handle));
+echo "<div align=center> Successfully cancelled <b>$accountid</b>...</div>";
+}
+
+function generate_passwd($length = 16) {
+  static $chars = '!@#$%^&*abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ23456789';
+  $chars_len = strlen($chars);
+  for ($i = 0; $i < $length; $i++)
+    $password .= $chars[mt_rand(0, $chars_len - 1)];
+  return $password;
+}
+?>
\ No newline at end of file

Full name:
Account id:
Email:	+
Description:
Web Site:
Admin rites	(check this if you want this user to be admin)