Skip to content
Snippets Groups Projects
Commit 635c83f3 authored by Robert Anderson's avatar Robert Anderson
Browse files

fixed up wisp user support: select, insert and delete data from multiple tables

parent e756b387
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
webui/wisp-user-add.php
+ 83
38
View file @ 635c83f3
......@@ -33,7 +33,7 @@ if (!isset($_POST['frmaction'])) {
?>
<p class="pageheader">Add user</p>
<p class="pageheader">Add WiSP User</p>
<!-- Add user input fields -->
<form method="post" action="wisp-user-add.php">
......@@ -88,13 +88,21 @@ if (!isset($_POST['frmaction'])) {
<td class="entrytitle">IP Address</td>
<td><input type="text" name="user_ip_address" /></td>
</tr>
<tr>
<!--<tr>
<td class="entrytitle">Pool Name</td>
<td><input type="text" name="pool_name" /></td>
</tr>
<tr>
<td class="entrytitle">Group Name</td>
<td><input type="text" name="group_name" /></td>
</tr>-->
<tr>
<td class="entrytitle">Data Usage Limit (MB)</td>
<td><input type="text" name="user_data_limit" /></td>
</tr>
<tr>
<td class="entrytitle">Time Limit (Min)</td>
<td><input type="text" name="user_time_limit" /></td>
</tr>
<tr>
<td class="entrytitle">Address List</td>
......@@ -136,60 +144,97 @@ if ($_POST['frmaction'] == "insert") {
} else {
$stmt = $db->prepare("
INSERT INTO ${DB_TABLE_PREFIX}wispusers
(
Username,
Password,
FirstName,
LastName,
Location,
Email,
Phone,
IPAddress,
PoolName,
GroupName,
AddressList,
)
VALUES
(?,?,?,?,?,?,?,?,?,?,?)
");
$res = $stmt->execute(array(
$db->beginTransaction();
# Insert into users table
$usersStatement = $db->prepare("INSERT INTO ${DB_TABLE_PREFIX}users (Username) VALUES (?)");
$userResult = $usersStatement->execute(array(
$_POST['user_name'],
$_POST['user_password'],
$_POST['user_first_name'],
$_POST['user_last_name'],
$_POST['user_location'],
$_POST['user_email'],
$_POST['user_phone'],
$_POST['user_ip_address'],
$_POST['pool_name'],
$_POST['group_name'],
$_POST['address_list'],
));
# Get user ID to insert into other tables
$getUserID = $db->query("SELECT ID FROM ${DB_TABLE_PREFIX}users WHERE Username = ".$db->quote($_POST['user_name']));
$resultRow = $getUserID->fetchObject();
$userID = $resultRow->id;
# Insert IP Address
$userIPAddressStatement = $db->prepare("INSERT INTO
${DB_TABLE_PREFIX}user_attributes (UserID,Name,Operator,Value)
VALUES
($userID,'Framed-IP-Address','+=',?)
");
$userIPAddressResult = $userIPAddressStatement->execute(array(
$_POST['user_ip_address'],
));
# Insert data limit
$dataInBytes = $_POST['user_data_limit'] * 1024;
$userDataStatement = $db->prepare(" INSERT INTO
${DB_TABLE_PREFIX}user_attributes (UserID,Name,Operator,Value)
VALUES
($userID,'SMRadius-Capping-Traffic-Limit',':=',?)
");
$userDataResult = $userDataStatement->execute(array(
$dataInBytes,
));
# Insert time limit
$timeInSeconds = $_POST['user_time_limit'] * 60;
$userTimeStatement = $db->prepare(" INSERT INTO
${DB_TABLE_PREFIX}user_attributes (UserID,Name,Operator,Value)
VALUES
($userID,'SMRadius-Capping-Time-Limit',':=',?)
");
$userTimeResult = $userTimeStatement->execute(array(
$timeInSeconds,
));
# Insert user data
$userDataStatement = $db->prepare(" INSERT INTO
${DB_TABLE_PREFIX}userdata (UserID, Password, FirstName, LastName, Location, Email, Phone, AddressList)
VALUES
($userID,?,?,?,?,?,?,?)
");
$userDataResult = $userDataStatement->execute(array(
$_POST['user_password'],
$_POST['user_first_name'],
$_POST['user_last_name'],
$_POST['user_location'],
$_POST['user_email'],
$_POST['user_phone'],
$_POST['address_list'],
));
# Was it successful?
if ($res) {
if ($userDataResult && $userResult && $userIPAddressResult && $userDataResult && $userTimeResult) {
?>
<div class="notice">User added</div>
<?php
$db->commit();
} else {
?>
<div class="warning">Failed to add user</div>
<div class="warning"><?php print_r($stmt->errorInfo()) ?></div>
<div class="warning"><?php print_r($db->errorInfo()) ?></div>
<?php
$db->rollback();
}
}
}
......
webui/wisp-user-delete.php
+ 42
5
View file @ 635c83f3
......@@ -79,15 +79,47 @@ if ($_POST['frmaction'] == "delete") {
if (isset($_POST['user_id'])) {
if ($_POST['confirm'] == "yes") {
$res = $db->exec("DELETE FROM wispusers WHERE ID = ".$_POST['user_id']);
if ($res !== FALSE) {
$failTotDeleteAll = 0;
$db->beginTransaction();
# Delete user data
$userDataDeleteResult = $db->exec("DELETE FROM userdata WHERE UserID = ".$_POST['user_id']);
if ($userDataDeleteresult !== FALSE) {
# Delete user attributes
$attrDeleteResult = $db->exec("DELETE FROM user_attributes WHERE UserID = ".$_POST['user_id']);
if ($attrDeleteResult !== FALSE) {
# Delete from users
$userDeleteResult = $db->exec("DELETE FROM users WHERE ID = ".$_POST['user_id']);
if ($userDeleteResult !== FALSE) {
?>
<div class="notice">User with ID: <?php print_r($_POST['user_id']);?> deleted</div>
<div class="notice">User with ID: <?php print_r($_POST['user_id']);?> deleted</div>
<?php
$db->commit();
} else {
?>
<div class="warning">Error deleting user</div>
<div class="warning"><?php print_r($db->errorInfo()) ?></div>
<?php
$failToDeleteAll = 1;
}
} else {
?>
<div class="warning">Error deleting user</div>
<div class="warning"><?php print_r($db->errorInfo()) ?></div>
<?php
$failToDeleteAll = 1;
}
} else {
?>
......@@ -97,6 +129,11 @@ if ($_POST['frmaction'] == "delete") {
<?php
$failToDeleteAll = 1;
}
# If we failed at all, rollback
if ($failToDeleteAll == 1) {
$db->rollback();
}
} else {
......@@ -111,7 +148,7 @@ if ($_POST['frmaction'] == "delete") {
?>
<div class="warning">Attribute list is not empty!</div>
<div class="warning">No user selected</div>
<?php
......@@ -120,7 +157,7 @@ if ($_POST['frmaction'] == "delete") {
?>
<div class="warning">Invocation error, no user ID selected</div>
<div class="warning">Invocation error</div>
<?php
......
webui/wisp-user-edit.php
+ 160
51
View file @ 635c83f3
......@@ -34,11 +34,76 @@ printHeader(array(
if ($_POST['frmaction'] == "edit") {
# Check a user was selected
if (isset($_POST['user_id'])) {
# Prepare statement
# Prepare statements
$userID = $_POST['user_id'];
$sql = "SELECT Password, FirstName, LastName, Location, Email, Phone, IPAddress, PoolName, GroupName, AddressList FROM wispusers WHERE ID = $userID";
$res = $db->query($sql);
$row = $res->fetchObject();
$sql = "SELECT
Password,
FirstName,
LastName,
Location,
Email,
Phone,
AddressList
FROM
userdata
WHERE
UserID = $userID
";
$userDataResult = $db->query($sql);
$userDataRow = $userDataResult->fetchObject();
$sql = "SELECT
UserID,
Name,
Operator,
Value,
Disabled
FROM
user_attributes
WHERE
UserID = $userID
AND
Name = 'Framed-IP-Address'
";
$framedIPResult = $db->query($sql);
$framedIPRow = $framedIPResult->fetchObject();
$sql = "SELECT
UserID,
Name,
Operator,
Value,
Disabled
FROM
user_attributes
WHERE
UserID = $userID
AND
Name = 'SMRadius-Capping-Traffic-Limit'
";
$dataLimitResult = $db->query($sql);
$dataLimitRow = $dataLimitResult->fetchObject();
$sql = "SELECT
UserID,
Name,
Operator,
Value,
Disabled
FROM
user_attributes
WHERE
UserID = $userID
AND
Name = 'SMRadius-Capping-Time-Limit'
";
$timeLimitResult = $db->query($sql);
$timeLimitRow = $timeLimitResult->fetchObject();
?>
......@@ -49,7 +114,7 @@ if ($_POST['frmaction'] == "edit") {
<input type="hidden" name="user_id" value="<?php echo $_POST['user_id']; ?>" />
<table class="entry">
<tr>
<td class="entrytitle textcenter" colspan="3">Account Information</td>
<td class="entrytitle" colspan="3">Account Information</td>
</tr>
<tr>
<td><div></div></td>
......@@ -58,11 +123,26 @@ if ($_POST['frmaction'] == "edit") {
</tr>
<tr>
<td class="entrytitle texttop">Password</td>
<td class="oldval texttop"><?php echo $row->password ?></td>
<td class="oldval texttop"><?php echo $userDataRow->password ?></td>
<td><input type="password" name="new_password" /></td>
</tr>
<tr>
<td class="entrytitle textcenter" colspan="3">Private Information</td>
<td class="entrytitle texttop">Data Limit</td>
<td class="oldval texttop"><?php echo $dataLimitRow->value ?></td>
<td><input type="text" name="new_data_limit" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Time Limit</td>
<td class="oldval texttop"><?php echo $timeLimitRow->value ?></td>
<td><input type="text" name="new_time_limit" /></td>
</tr>
<tr>
<td class="entrytitle texttop">IP Address</td>
<td class="oldval texttop"><?php echo $framedIPRow->value ?></td>
<td><input type="text" name="new_ip_address" /></td>
</tr>
<tr>
<td class="entrytitle" colspan="3">Private Information</td>
</tr>
<tr>
<td><div></div></td>
......@@ -71,47 +151,32 @@ if ($_POST['frmaction'] == "edit") {
</tr>
<tr>
<td class="entrytitle texttop">First Name</td>
<td class="oldval texttop"><?php echo $row->firstname ?></td>
<td class="oldval texttop"><?php echo $userDataRow->firstname ?></td>
<td><input type="text" name="new_firstname" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Last Name</td>
<td class="oldval texttop"><?php echo $row->lastname ?></td>
<td class="oldval texttop"><?php echo $userDataRow->lastname ?></td>
<td><input type="text" name="new_lastname" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Location</td>
<td class="oldval texttop"><?php echo $row->location ?></td>
<td class="oldval texttop"><?php echo $userDataRow->location ?></td>
<td><input type="text" name="new_location" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Email</td>
<td class="oldval texttop"><?php echo $row->email ?></td>
<td class="oldval texttop"><?php echo $userDataRow->email ?></td>
<td><input type="text" name="new_email" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Phone</td>
<td class="oldval texttop"><?php echo $row->phone ?></td>
<td class="oldval texttop"><?php echo $userDataRow->phone ?></td>
<td><input type="text" name="new_phone" /></td>
</tr>
<tr>
<td class="entrytitle texttop">IPAddress</td>
<td class="oldval texttop"><?php echo $row->ipaddress ?></td>
<td><input type="text" name="new_ipaddress" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Pool Name</td>
<td class="oldval texttop"><?php echo $row->poolname ?></td>
<td><input type="text" name="new_poolname" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Group Name</td>
<td class="oldval texttop"><?php echo $row->groupname ?></td>
<td><input type="text" name="new_groupname" /></td>
</tr>
<tr>
<td class="entrytitle texttop">Address List</td>
<td class="oldval texttop"><?php echo $row->addresslist ?></td>
<td class="oldval texttop"><?php echo $userDataRow->addresslist ?></td>
<td><input type="text" name="new_addresslist" /></td>
</tr>
</table>
......@@ -125,7 +190,6 @@ if ($_POST['frmaction'] == "edit") {
<?php
$res->closeCursor();
} else {
?>
......@@ -135,6 +199,12 @@ if ($_POST['frmaction'] == "edit") {
<?php
}
$userDataResult->closeCursor();
$framedIPResult->closeCursor();
$dataLimitResult->closeCursor();
$timeLimitResult->closeCursor();
# SQL Updates
} elseif ($_POST['frmaction'] == "edit2") {
......@@ -147,49 +217,72 @@ if ($_POST['frmaction'] == "edit") {
# Check a user was selected
if (isset($_POST['user_id'])) {
$updates = array();
$userDataUpdates = array();
if (!empty($_POST['new_password'])) {
array_push($updates,"Password = ".$db->quote($_POST['new_password']));
array_push($userDataUpdates,"Password = ".$db->quote($_POST['new_password']));
}
if (!empty($_POST['new_firstname'])) {
array_push($updates,"FirstName = ".$db->quote($_POST['new_firstname']));
array_push($userDataUpdates,"FirstName = ".$db->quote($_POST['new_firstname']));
}
if (!empty($_POST['new_lastname'])) {
array_push($updates,"LastName = ".$db->quote($_POST['new_lastname']));
array_push($userDataUpdates,"LastName = ".$db->quote($_POST['new_lastname']));
}
if (!empty($_POST['new_location'])) {
array_push($updates,"Location = ".$db->quote($_POST['new_location']));
array_push($userDataUpdates,"Location = ".$db->quote($_POST['new_location']));
}
if (!empty($_POST['new_email'])) {
array_push($updates,"Email = ".$db->quote($_POST['new_email']));
array_push($userDataUpdates,"Email = ".$db->quote($_POST['new_email']));
}
if (!empty($_POST['new_phone'])) {
array_push($updates,"Phone = ".$db->quote($_POST['new_phone']));
array_push($userDataUpdates,"Phone = ".$db->quote($_POST['new_phone']));
}
if (!empty($_POST['new_ipaddress'])) {
array_push($updates,"IPAddress = ".$db->quote($_POST['new_ipaddress']));
if (!empty($_POST['new_addresslist'])) {
array_push($userDataUpdates,"AddressList = ".$db->quote($_POST['new_addresslist']));
}
if (!empty($_POST['new_poolname'])) {
array_push($updates,"PoolName = ".$db->quote($_POST['new_poolname']));
$numUserAttributesUpdates = 0;
if (!empty($_POST['new_data_limit'])) {
$dataLimitResult = $db->exec(" UPDATE
user_attributes
SET
SMRadius-Capping-Traffic-Limit = ".$db->quote($_POST['new_data_limit'])."
WHERE
UserID = ".$db->quote($_POST['user_id'])
);
$numUserAttributesUpdates++;
}
if (!empty($_POST['new_groupname'])) {
array_push($updates,"GroupName = ".$db->quote($_POST['new_groupname']));
if (!empty($_POST['new_time_limit'])) {
$timeLimitResult = $db->exec(" UPDATE
user_attributes
SET
SMRadius-Capping-Traffic-Limit = ".$db->quote($_POST['new_time_limit'])."
WHERE
UserID = ".$db->quote($_POST['user_id'])
);
$numUserAttributesUpdates++;
}
if (!empty($_POST['new_addresslist'])) {
array_push($updates,"AddressList = ".$db->quote($_POST['new_addresslist']));
if (!empty($_POST['new_ip_address'])) {
$ipAddressResult = $db->exec(" UPDATE
user_attributes
SET
Framed-IP-Address = ".$db->quote($_POST['new_ip_address'])."
WHERE
UserID = ".$db->quote($_POST['user_id'])
);
$numUserAttributesUpdates++;
}
# Check if we have updates
if (sizeof($updates) > 0) {
$updateStr = implode(', ',$updates);
# Check if we have userdata table updates
if (sizeof($userDataUpdates) > 0) {
$userDataUpdateString = implode(', ',$userDataUpdates);
$res = $db->exec("UPDATE wispusers SET $updateStr WHERE ID = ".$db->quote($_POST['user_id']));
$res = $db->exec("UPDATE userdata SET $userDataUpdateString WHERE UserID = ".$db->quote($_POST['user_id']));
if ($res) {
?>
<div class="notice">User updated</div>
<div class="notice">User private data updated</div>
<?php
......@@ -197,7 +290,7 @@ if ($_POST['frmaction'] == "edit") {
?>
<div class="warning">Error updating user</div>
<div class="warning">Error updating user private data</div>
<div class="warning"><?php print_r($db->errorInfo()) ?></div>
<?php
......@@ -209,7 +302,23 @@ if ($_POST['frmaction'] == "edit") {
?>
<div class="warning">No user updates</div>
<div class="warning">User private data not updated</div>
<?php
}
if ($numUserAttributesUpdates > 0) {
?>
<div class="notice">User account data updated</div>
<?php
} else {
?>
<div class="warning"><?php print_r($db->errorInfo()) ?></div>
<?php
......
webui/wisp-user-list.php
+ 62
83
View file @ 635c83f3
......@@ -109,16 +109,18 @@ if ($_POST['frmaction'] == "dofilter") {
<p />
<table class="results" style="width: 75%;">
<table class="results">
<tr class="resultstitle">
<td class="textcenter">ID</td>
<td class="textcenter">Username</td>
<td class="textcenter">FirstName</td>
<td class="textcenter">LastName</td>
<td class="textcenter">Data</td>
<td class="textcenter">Time</td>
<td class="textcenter">Email</td>
<td class="textcenter">Phone</td>
<td class="textcenter">Location</td>
<td class="textcenter">Data Cap</td>
<td class="textcenter">Time Cap</td>
<td class="textcenter">IP Address</td>
</tr>
<?php
......@@ -130,69 +132,61 @@ if ($_POST['frmaction'] == "dofilter") {
# What searches are we going to do?
if ($_POST['username']) {
$extraSQL = " AND Username LIKE ?";
$extraSQL = " AND users.Username LIKE ?";
array_push($extraSQLVals,"%".$_POST['username']."%");
}
if ($_POST['firstname']) {
$extraSQL = " AND FirstName LIKE ?";
$extraSQL = " AND userdata.FirstName LIKE ?";
array_push($extraSQLVals,"%".$_POST['firstname']."%");
}
if ($_POST['lastname']) {
$extraSQL = " AND LastName LIKE ?";
$extraSQL = " AND userdata.LastName LIKE ?";
array_push($extraSQLVals,"%".$_POST['lastname']."%");
}
if ($_POST['phone']) {
$extraSQL = " AND Phone LIKE ?";
$extraSQL = " AND userdata.Phone LIKE ?";
array_push($extraSQLVals,"%".$_POST['phone']."%");
}
if ($_POST['location']) {
$extraSQL = " AND Location LIKE ?";
$extraSQL = " AND userdata.Location LIKE ?";
array_push($extraSQLVals,"%".$_POST['location']."%");
}
if ($_POST['email']) {
$extraSQL = " AND Email LIKE ?";
$extraSQL = " AND userdata.Email LIKE ?";
array_push($extraSQLVals,"%".$_POST['email']."%");
}
if ($_POST['poolname']) {
$extraSQL = " AND PoolName LIKE ?";
array_push($extraSQLVals,"%".$_POST['poolname']."%");
}
if ($_POST['group']) {
$extraSQL = " AND GroupName LIKE ?";
array_push($extraSQLVals,"%".$_POST['group']."%");
}
# How are we sorting the results?
switch ($_POST['sortby']) {
case "id":
$sortSQL = " ORDER BY ID";
$sortSQL = " ORDER BY users.ID";
break;
case "fname":
$sortSQL = " ORDER BY FirstName";
$sortSQL = " ORDER BY userdata.FirstName";
break;
case "lname":
$sortSQL = " ORDER BY LastName";
$sortSQL = " ORDER BY userdata.LastName";
break;
case "uname":
$sortSQL = " ORDER BY Username";
$sortSQL = " ORDER BY users.Username";
break;
}
# Query based on user input
$sql = "
SELECT
ID,
Username,
FirstName,
LastName,
Data,
Time,
Email,
Phone
users.ID,
users.Username,
userdata.UserID,
userdata.FirstName,
userdata.LastName,
userdata.Email,
userdata.Phone,
userdata.Location
FROM
wispusers
users, userdata
WHERE
1 = 1
users.ID = userdata.UserID
$extraSQL
$sortSQL
";
......@@ -200,14 +194,10 @@ if ($_POST['frmaction'] == "dofilter") {
$res = $db->prepare($sql);
$res->execute($extraSQLVals);
#$totalInputData = 0;
#$totalOutputData = 0;
#$totalSessionTime = 0;
# List users
$rownums = 0;
while ($row = $res->fetchObject()) {
# If there was nothing returned we want to know about it
if ($row->id != NULL) {
$rownums = $rownums + 1;
......@@ -215,51 +205,38 @@ if ($_POST['frmaction'] == "dofilter") {
$rownums = $rownums - 1;
}
# Data usage
# ==========
# Input
#$inputDataItem = 0;
#
#if (!empty($row->acctinputoctets) && $row->acctinputoctets > 0) {
# $inputDataItem = ($row->accinputoctets / 1024 / 1024);
#}
#if (!empty($row->acctinputgigawords) && $row->inputgigawords > 0) {
# $inputDataItem = ($row->acctinputgigawords * 4096);
#}
#if ($inputDataItem != 0) {
# $inputDataItemDisplay = ceil($inputDataItem * 100)/100;
#} else {
# $inputDataItemDisplay = 0;
#}
#
#$totalInputData = $totalInputData + $inputDataItem;
#
# Output
#$outputDataItem = 0;
#
#if (!empty($row->acctoutputoctets) && $row->acctoutputoctets > 0) {
# $outputDataItem = ($row->acctoutputoctets / 1024 / 1024);
#}
#if (!empty($row->acctoutputgigawords) && $row->acctoutputgigawords > 0) {
# $outputDataItem = ($row->acctoutputgigawords * 4096);
#}
#if ($outputDataItem != 0) {
# $outputDataItem = ceil($outputDataItem * 100)/100;
#} else {
# $outputDataItem = 0;
#}
#
#$totalOutputData = $totalOutputData + $outputDataItem;
#
# Add up time
#if (!empty($row->acctsessiontime) && $row->acctsessiontime > 0) {
# $sessionTimeItem = $row->acctsessiontime / 60;
# $sessionTimeItem = ceil($sessionTimeItem * 100)/100;
#}
#
#$totalSessionTime = $totalSessionTime + $sessionTimeItem;
#$totalSessionTime = ceil($totalSessionTime * 100)/100;
# Second dirty query to get user's attributes
$tempUserID = $row->id;
$attrQuery = "
SELECT
Name,
Value
FROM
user_attributes
WHERE
UserID = $tempUserID
";
$dataCap = NULL;
$timeCap = NULL;
$userIP = NULL;
$attrResult = $db->query($attrQuery);
while ($attrRow = $attrResult->fetchObject()) {
# Is it the data cap attribute
if ($attrRow->name == "SMRadius-Capping-Traffic-Limit") {
$dataCap = $attrRow->value;
}
# Or the time cap attribute
if ($attrRow->name == "SMRadius-Capping-Time-Limit") {
$timeCap = $attrRow->value;
}
# Or the user IP attribute
if ($attrRow->name == "Framed-IP-Address") {
$userIP = $attrRow->value;
}
}
$attrResult->closeCursor();
?>
......@@ -268,10 +245,12 @@ if ($_POST['frmaction'] == "dofilter") {
<td><?php echo $row->username ?></td>
<td><?php echo $row->firstname ?></td>
<td><?php echo $row->lastname ?></td>
<td><?php echo $row->data ?></td>
<td><?php echo $row->time ?></td>
<td><?php echo $row->email ?></td>
<td><?php echo $row->phone ?></td>
<td><?php echo $row->location ?></td>
<td><?php echo $dataCap ?></td>
<td><?php echo $timeCap ?></td>
<td><?php echo $userIP ?></td>
</tr>
<?php
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment