Odyssey
sysadmin.prg
1 <?php
2 
3  $monLibrary= dirname(__FILE__) . "/../library";
4  $monIncludes= dirname(__FILE__) . "/../includes";
5  $sharedLibrary= dirname(__FILE__) . "/../../shared/library";
6  require_once("$monLibrary/cu_top.i");
7  require_once("$monLibrary/ck_hticket.i");
8  require_once("$monIncludes/cu_remote_top.prg");
9  require_once("$sharedLibrary/errormail.i");
10  require_once("$sharedLibrary/cu_sms.i");
11  // ** Make sure there is active cookie with a current user
12 
13  // ** DEFINE GLOBAL VALUES
14  $HCUSMSFROM = "sa@homecu.net";
15  $HCUSTALETIME = 15;
16  $HCULONGCODE = '12082972108';
17 
18  $dms_ok=array('frmsubmit'=>'string','entertext'=>'string');
19 
20  dms_import($dms_ok);
21 
22  // ** New Requirement
23 
24  // ** IF THE FORM IS BEING POSTED -- VERIFY THE PIN
25 
26 
27 
28  // ?? Where to send a successful entry.. back to mindex.html ??
29 
30 
31 
32 
33 //
34 // if (!CheckPerm($link, $Hu, basename($_SERVER['SCRIPT_NAME']), $_SERVER['REMOTE_ADDR'])) {
35 // // ** Permissions failed
36 // // ** redirect to new page
37 // // header("Location: /hcuadm/hcu_noperm.prg");
38 // // exit;
39 // $Full_Access = false;
40 // $act = 1; // *** ONLY ALLOWED TO VIEW
41 // }
42 
43 
44  if (!$Hu) {
45  // ** Not sure, but the user fields appears wrong.. send back to the previous screen
46  header("Location: /hcuadm/hcu_noperm.prg");
47  exit;
48  }
49 
50  $fail_msg = "";
51  if ($frmsubmit) {
52  // ** FORM WAS POSTED --
53 
54  $allow_update = true; // true until proven false
55 
56 
57  // * SO NEXT IS
58  // FETCH THE PIN / TIMESTAMP / TEMP IP for the suer
59  // ** If we are to load this, then let's load it from the Database
60  $sql = "SELECT userconfirm
61  FROM dmsmonitorusers
62  WHERE user_name = '" . trim(prep_save($Hu, 12)) . "' ";
63 
64  $load_rs = db_query($sql, $link);
65  if ($load_row = db_fetch_array($load_rs)) {
66 
67  $db_userconfirm = trim($load_row['userconfirm']);
68 
69  $disp_sms = dms_disphtml($load_row['usersms']);
70 
71  list ($save_tmppin, $save_altip, $save_timestamp) = explode(":", $db_userconfirm);
72 
73  // First Verify the IP is correct -- what was I checking here??
74  if (trim($save_altip) == "") {
75  // make sure an ip was in db??
76  $allow_update = false;
77  $fail_msg = "Unknown address";
78  } elseif ($entertext != $save_tmppin) {
79 
80  // Second Verify the PIN is correct
81  $allow_update = false;
82  $fail_msg = "Failed";
83  } elseif (($save_timestamp + (60 * $HCUSTALETIME)) < date("U")) {
84 
85  // Verify the time has not gotten stale
86  // ** DO NOT ALLOW UPDATED
87  $allow_update = false;
88  $fail_msg = "Time Expired";
89  }
90 
91  // Third - update the database
92  if ($allow_update) {
93  // - clear the userconfirm field
94  // - put the saved IP address in altipaddress field
95  // - FOR KNOWN SERVERS...
96  $save_sql = "UPDATE dmsmonitorusers
97  set userconfirm = '',
98  altipaddress = '" . prep_save($save_altip) . "'
99  WHERE user_name = '$Hu' ";
100 
101  $save_rs = db_query($save_sql, $link);
102 
103  // ** REMOTE SERVER SAVING
104  if ($save_rs) {
105 
106  //$Remote_Results = "";
107  // User Confirm only needs to be updated on local server
108  // Update altipaddress on other servers.
109  Remote_Field_Add("dmsusers", "user_name", prep_save($Hu, 12)); // ** USERNAME
110  Remote_Field_Add("dmsusers", "altipaddress", $save_altip); // ** Alternate IP Address
111  $Remote_Results = Remote_Update_All("U", "dmsusers");
112 
113 
114  // ** Redirect back to main screen
115  header("Location: /hcuadm/cuilist.prg");
116  exit;
117  }
118  } else {
119 
120  }
121  }
122 
123  }
124 
125 
126 
127 
128  switch ($formact) {
129 
130 
131  case "POSTED":
132  break;
133 
134  default:
135  // default action to take whne the other items don't load...
136  // ** FORM IS NOT BEING POSTED -- SO.. I want to send email --
137 
138  // Get the 'to address' from the database
139  $sql = "SELECT usersms
140  FROM dmsmonitorusers
141  WHERE user_name = '" . trim(prep_save($Hu, 12)) . "' ";
142  $load_rs = db_query($sql, $link);
143  if ($load_row = db_fetch_array($load_rs)) {
144 
145  $db_usersms = trim($load_row['usersms']);
146  }
147 
148  if ($frmsubmit == "") {
149  if (trim($db_usersms) != "") {
150  // Send SMS Messsage when they come into the screen
151  SendSMS($db_usersms, $HCULONGCODE);
152  } else {
153  $fail_msg = "Account Not Set";
154  }
155  }
156 
157  cu_header("HomeCU");
158 
159  $print_fail_msg = "";
160  if ($fail_msg != "") {
161  $print_fail_msg = "<tr><td colspan='2' class='err' align='center' class='dtl'>$fail_msg</td></tr>";
162  }
163  print <<< print_html
164  <form action="sysadmin.prg" method="post">
165  <p>
166  <center>
167 
168  <table cellpadding="3" cellspacing="0" border="0" class='dmsbg' width="500"><tr><td>
169  <table cellpadding="2" cellspacing="0" border="0" bgcolor=white width="100%">
170  <tr>
171  <td colspan="2" class="bar" align="center">
172  HOME CU SYSTEM ADMISTRATOR
173  </td>
174  </tr>$print_fail_msg
175  <tr>
176  <td nowrap align="right" class="hdr">
177  IC Code:&nbsp;
178  </td>
179  <td nowrap class='dtl'>
180  <input type="text" name="entertext" maxlength="8" value="">
181  </td>
182  </tr>
183  <tr>
184  <td nowrap align="right" class="hdr">
185  &nbsp;
186  </td>
187  <td nowrap class='dtl'>
188  <input type="submit" value="Submit" name="frmsubmit">
189  </td>
190  </tr>
191  </table>
192  </td></tr>
193  </table>
194  </form></body></html>
195 print_html;
196 
197 
198  }
199 
200 
201  // ** Function for sending email
202 function SendSMS ($retSendTo, $retSendFrm) {
203 
204  global $link, $Hu;
205 
206 
207  $MsgSubj = "Identity Confirmation";
208 
209  // * GEt the temp PIN - Create a 4 digit pin
210  $dms_tmppin = rand(1000, 9999);
211  $dms_altip = $_SERVER['REMOTE_ADDR'];
212  $dms_timestamp = date('U');
213 
214  $dms_save_userconfirm = $dms_tmppin . ":" . $dms_altip . ":" . $dms_timestamp;
215 
216 
217  // ** Think I want this function be canned.. and do the following
218  // * accepts a user_name, SendFrom Address.
219 
220  // Then it will create a NEW PIN, retrieve the SendTo Address
221 
222  // Save information to the database
223  $save_sql = "UPDATE dmsmonitorusers
224  SET userconfirm = '" . prep_save($dms_save_userconfirm, 50) . "'
225  WHERE user_name = '$Hu'";
226 
227  $save_results = db_query($save_sql, $link);
228 
229 
230  $SMS_Msg = "Code: $dms_tmppin ";
231 
232 
233  // ** Be sure to strip out just the number from the retSendto
234  // Just to be certain strip out the potential + from prepended number
235  $retSendTo = preg_replace('/^([\+]{0,1})(\d+)(\@.*)/', '$2', $retSendTo);
236 
237  $sms_response = SendLongCodeSMS($GLOBALS['HOMECU_LONGCODE_API_KEY'], $GLOBALS['HOMECU_LONGCODE_URL'], $retSendFrm, $retSendTo, $SMS_Msg);
238 
239 /*
240  $notify = new ErrorMail;
241  $notify->mailto = "$retSendTo";
242  $notify->replyto = $retSendFrm;
243  $notify->mailfrom = $retSendFrm;
244  // $notify->logmode = 1;
245 
246  $notify->subject = $MsgSubj;
247 
248  $notify->msgbody = $SMS_Msg;
249 
250  $notify->SendMail();
251 */
252 }
253 ?>
Generated by   doxygen 1.8.15