diff options
author | jim-p <jimp@pfsense.org> | 2011-06-08 14:13:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-08 14:13:22 -0400 |
commit | 156bf9b11947045afd85c61437f893d279dfc986 (patch) | |
tree | d3bb35c7f48f0ceeab1474bf39878f91d81a6c7c | |
parent | 534375b6f0ad869022c068ef35c5c6dedcd619bd (diff) | |
parent | 0042f5d964fc5c476d6c90f269ea6f49179ac016 (diff) | |
download | pfsense-156bf9b11947045afd85c61437f893d279dfc986.zip pfsense-156bf9b11947045afd85c61437f893d279dfc986.tar.gz |
Merge remote branch 'upstream/master'
-rw-r--r-- | etc/devd.conf | 4 | ||||
-rw-r--r-- | etc/inc/captiveportal.inc | 51 | ||||
-rw-r--r-- | etc/inc/dyndns.class | 74 | ||||
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 7 | ||||
-rw-r--r-- | etc/inc/pkg-utils.inc | 6 | ||||
-rw-r--r-- | etc/inc/priv.defs.inc | 6 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 16 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 2 | ||||
-rwxr-xr-x | etc/rc.bootup | 2 | ||||
-rwxr-xr-x | etc/rc.newwanip | 2 | ||||
-rwxr-xr-x | etc/rc.php_ini_setup | 4 | ||||
-rwxr-xr-x | usr/local/www/fbegin.inc | 5 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases.php | 2 | ||||
-rwxr-xr-x | usr/local/www/guiconfig.inc | 4 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 4 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 3 | ||||
-rwxr-xr-x | usr/local/www/services_wol.php | 2 | ||||
-rwxr-xr-x | usr/local/www/status_interfaces.php | 2 | ||||
-rw-r--r-- | usr/local/www/system_usermanager.php | 591 | ||||
-rw-r--r-- | usr/local/www/system_usermanager_passwordmg.php | 128 | ||||
-rw-r--r-- | usr/local/www/themes/pfsense_ng/all.css | 2 | ||||
-rwxr-xr-x | usr/local/www/xmlrpc.php | 2 |
23 files changed, 467 insertions, 457 deletions
diff --git a/etc/devd.conf b/etc/devd.conf index 244af48..d6731d8 100644 --- a/etc/devd.conf +++ b/etc/devd.conf @@ -30,12 +30,12 @@ notify 100 { # When a USB keyboard arrives, attach it as the console keyboard. attach 100 { device-name "ukbd0"; - action "kbdcontrol -k /dev/ukbd0 < /dev/console"; + action "kbdcontrol -k /dev/ukbd0 < /dev/console 2>/dev/null"; }; detach 100 { device-name "ukbd0"; - action "kbdcontrol -k /dev/kbd0 < /dev/console"; + action "kbdcontrol -k /dev/kbd0 < /dev/console 2>/dev/null"; }; # diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 336b8e8..711b2d4 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -814,7 +814,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $syncport = $config['voucher']['vouchersyncport']; $syncpass = $config['voucher']['vouchersyncpass']; $vouchersyncusername = $config['voucher']['vouchersyncusername']; - $remote_status = xmlrpc_sync_voucher_disconnect($dben, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); + $remote_status = xmlrpc_sync_voucher_disconnect($dbent, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); } } @@ -826,18 +826,15 @@ function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutRea $radiusservers = captiveportal_get_radius_servers(); $unsetindex = array(); - $cpdblck = lock('captiveportaldb', LOCK_EX); - /* read database */ - $cpdb = captiveportal_read_db(true); + $cpdb = captiveportal_read_db(); /* find entry */ if (isset($cpdb[$sessionid])) { $cpentry = $cpdb[$sessionid]; /* write database */ $unsetindex[] = $sessionid; - captiveportal_write_db($cpdb, true, $unsetindex); - unlock($cpdblck); + captiveportal_write_db($cpdb, false, $unsetindex); captiveportal_disconnect($cpentry, $radiusservers, $term_cause); captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); @@ -1114,29 +1111,29 @@ function captiveportal_init_radius_servers() { /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - global $g; - - $cprdsrvlck = lock('captiveportalradius'); - if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { - $radiusservers = array(); - $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", - FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if ($cpradiusdb) { - foreach($cpradiusdb as $cpradiusentry) { - $line = trim($cpradiusentry); - if ($line) { - $radsrv = array(); - list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); - $radiusservers[] = $radsrv; - } + global $g; + + $cprdsrvlck = lock('captiveportalradius'); + if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { + $radiusservers = array(); + $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", + FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if ($cpradiusdb) { + foreach($cpradiusdb as $cpradiusentry) { + $line = trim($cpradiusentry); + if ($line) { + $radsrv = array(); + list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); + $radiusservers[] = $radsrv; } } - unlock($cprdsrvlck); - return $radiusservers; } - unlock($cprdsrvlck); - return false; + return $radiusservers; + } + + unlock($cprdsrvlck); + return false; } /* log successful captive portal authentication to syslog */ @@ -1198,7 +1195,7 @@ function radius($username,$password,$clientip,$clientmac,$type) { } /* read captive portal DB into array */ -function captiveportal_read_db($locked = false) { +function captiveportal_read_db($locked = false, $index = 5 /* sessionid by default */) { global $g; $cpdb = array(); @@ -1212,7 +1209,7 @@ function captiveportal_read_db($locked = false) { if ($line) { $cpe = explode(",", $line); /* Hash by session id */ - $cpdb[$cpe[5]] = $cpe; + $cpdb[$cpe[$index]] = $cpe; } } fclose($fd); diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 65defb2..07fdf95 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -202,10 +202,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server .$port . '?system=dyndns&hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard='.$this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=NO'); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dhs': $needsIP = TRUE; @@ -233,10 +229,6 @@ curl_setopt($ch, CURLOPT_URL, '{$server}{$port}'); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'noip': $needsIP = TRUE; @@ -248,10 +240,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?username=' . urlencode($this->_dnsUser) . '&pass=' . urlencode($this->_dnsPass) . '&hostname=' . $this->_dnsHost.'&ip=' . $this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'easydns': $needsIP = TRUE; @@ -264,10 +252,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard=' . $this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=' . $this->_dnsBackMX); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'hn': $needsIP = TRUE; @@ -280,10 +264,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?ver=1&IP=' . $this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'zoneedit': $needsIP = FALSE; @@ -298,11 +278,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, "{$server}{$port}?host=" .$this->_dnsHost); - - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dyns': $needsIP = FALSE; @@ -313,10 +288,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?username=' . urlencode($this->_dnsUser) . '&password=' . $this->_dnsPass . '&host=' . $this->_dnsHost); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'ods': $needsIP = FALSE; @@ -354,33 +325,21 @@ break; } } - $this->_checkStatus($code); + $this->_checkStatus(0, $code); break; case 'freedns': $needIP = FALSE; curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dnsexit': $needsIP = TRUE; curl_setopt($ch, CURLOPT_URL, 'http://www.dnsexit.com/RemoteUpdate.sv?login='.$this->_dnsUser. '&password='.$this->_dnsPass.'&host='.$this->_dnsHost.'&myip='.$this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred:" . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'loopia': $needsIP = TRUE; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); curl_setopt($ch, CURLOPT_URL, 'https://dns.loopia.se/XDynDNSServer/XDynDNS.php?hostname='.$this->_dnsHost.'&myip='.$this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'opendns': $needsIP = FALSE; @@ -394,19 +353,11 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server .$port); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'staticcling': $needsIP = FALSE; curl_setopt($ch, CURLOPT_URL, 'http://www.staticcling.org/update.html?login='.$this->_dnsUser.'&pass='.$this->_dnsPass); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occured: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dnsomatic': /* Example syntax @@ -423,10 +374,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard='.$this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=NOCHG'); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Request completed. DNS-O-Matic reported: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'namecheap': /* Example: @@ -438,10 +385,6 @@ list($hostname, $domain) = explode(".", $this->_dnsHost, 2); $server = "https://dynamicdns.park-your-domain.com/update?host={$hostname}&domain={$domain}&password={$this->_dnsPass}&ip={$this->_dnsIP}"; curl_setopt($ch, CURLOPT_URL, $server); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'he-net': $needsIP = FALSE; @@ -450,14 +393,15 @@ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsHost . ':' . $this->_dnsPass); curl_setopt($ch, CURLOPT_URL, $server . 'hostname=' . $this->_dnsHost); - $data = curl_exec($ch); - if(@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; default: break; } + if ($this->_dnsService != 'ods') { + $data = curl_exec($ch); + $this->_checkStatus($ch, $data); + @curl_close($ch); + } } /* @@ -468,6 +412,12 @@ log_error("DynDns: DynDns _checkStatus() starting."); log_error("DynDns: Current Service: {$this->_dnsService}"); $successful_update = false; + if ($this->_dnsService != 'ods' && @curl_error($ch)) { + $status = "Curl error occurred: " . curl_error($ch); + log_error($status); + $this->status = $status; + return; + } switch ($this->_dnsService) { case 'dnsomatic': if (preg_match('/badauth/i', $data)) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index fa58ef9..a294efc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1831,6 +1831,11 @@ function filter_generate_user_rule($rule) { } else if(!array_key_exists($rule['interface'], $FilterIflist)) { foreach($FilterIflist as $oc) $item .= $oc['descr']; return "# {$item} {$rule['interface']} array key does not exist for " . $rule['descr']; + } else if((array_key_exists($rule['interface'], $FilterIflist)) + && (is_array($FilterIflist[$rule['interface']])) + && (is_array($FilterIflist[$rule['interface']][0]))) { + /* Currently this only case for this is the pppoe server. There should be an existing macro with this name. */ + $aline['interface'] = " on \$" . $rule['interface'] . " "; } else $aline['interface'] = " on \$" . $FilterIflist[$rule['interface']]['descr'] . " "; $ifcfg = $FilterIflist[$rule['interface']]; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 480d1b6..0de333b 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3455,8 +3455,9 @@ function link_interface_to_vips($int, $action = "") { foreach ($config['virtualip']['vip'] as $vip) { if ($int == $vip['interface']) { if ($action == "update") { - interface_vip_bring_down($vip); - interfaces_vips_configure($int); + //interface_vip_bring_down($vip); + if (!does_interface_exist("vip{$vip['vhid']}")) + interfaces_vips_configure($int); } else return $vip; } @@ -4018,4 +4019,4 @@ function get_vip_descr($ipaddress) { return ""; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 070dade..ebc2df2 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -141,10 +141,10 @@ function get_pkg_id($pkg_name) { /****f* pkg-utils/get_pkg_info * NAME - * get_pkg_info - Retrive package information from pfsense.com. + * get_pkg_info - Retrieve package information from pfsense.com. * INPUTS - * $pkgs - 'all' to retrive all packages, an array containing package names otherwise - * $info - 'all' to retrive all information, an array containing keys otherwise + * $pkgs - 'all' to retrieve all packages, an array containing package names otherwise + * $info - 'all' to retrieve all information, an array containing keys otherwise * RESULT * $raw_versions - Array containing retrieved information, indexed by package name. ******/ diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index 941120c..4a4855e 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -955,6 +955,12 @@ $priv_list['page-system-usermanager']['descr'] = "Allow access to the 'System: U $priv_list['page-system-usermanager']['match'] = array(); $priv_list['page-system-usermanager']['match'][] = "system_usermanager.php*"; +$priv_list['page-system-usermanager-passwordmg'] = array(); +$priv_list['page-system-usermanager-passwordmg']['name'] = "WebCfg - System: User Password Manager page"; +$priv_list['page-system-usermanager-passwordmg']['descr'] = "Allow access to the 'System: User Password Manager' page."; +$priv_list['page-system-usermanager-passwordmg']['match'] = array(); +$priv_list['page-system-usermanager-passwordmg']['match'][] = "system_usermanager_passwordmg.php*"; + $priv_list['page-system-usermanager_addcert'] = array(); $priv_list['page-system-usermanager_addcert']['name'] = "WebCfg - System: User Manager: Add Certificate"; $priv_list['page-system-usermanager_addcert']['descr'] = "Allow access to the 'User Manager: Add Certificate' page."; diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index e6a44c4..ad96914 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -213,6 +213,9 @@ function voucher_expire($voucher_received) { $a_vouchers_received = split("[\t\n\r ]+",$voucher_received); $active_dirty = false; + $cpdb = captiveportal_read_db(false, 4); /* Indexed by Voucher */ + $unsetindexes[] = array(); + // go through all received vouchers, check their valid and extract // Roll# and Ticket# using the external readvoucher binary foreach ($a_vouchers_received as $voucher) { @@ -242,6 +245,15 @@ function voucher_expire($voucher_received) { if (!(ord($bitstring[$roll][$pos]) & $mask)) $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire"); + + /* Check if this voucher has any active sessions */ + if (isset($cpdb[$voucher])) { + $cpentry = $cpdb[$voucher]; + captiveportal_disconnect($cpentry,null,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"FORCLY TERMINATING VOUCHER {$voucher} SESSION"); + unset($cpdb[$voucher]); + $unsetindexes[] = $cpentry[5]; + } } else captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } else @@ -269,6 +281,10 @@ function voucher_expire($voucher_received) { unlock($voucherlck); + /* Write database */ + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); + return true; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 25b573a..10f2fc1 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -942,7 +942,7 @@ EOD; $hostnames = ""; array_unique($filterdns_list); foreach ($filterdns_list as $hostname) - $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; + $hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n"; file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); diff --git a/etc/rc.bootup b/etc/rc.bootup index e71c430..2f0c2cd 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -322,7 +322,7 @@ system_do_shell_commands(); /* start IPsec tunnels */ vpn_ipsec_configure(); /* Reload dynamic hostname tunnels after bootup finishes */ -mwexec_bg("/etc/rc.newipsecdns"); +send_event("service reload ipsecdns"); /* start SNMP service */ services_snmpd_configure(); diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 01c6890..59a1e65 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -51,7 +51,7 @@ function restart_packages() { /* restart packages */ system_ntp_configure(); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); - send_event("reload packages"); + send_event("service reload packages"); } /* Interface IP address has changed */ diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 67aceaf..99efc39 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -112,8 +112,12 @@ PHPMODULES="$PHPMODULES pdo" PHPMODULES="$PHPMODULES sqlite" # ZeroMQ PHPMODULES="$PHPMODULES zmq" +# SSH2 +PHPMODULES="$PHPMODULES ssh2" # pfSense extensions PHPMODULES="$PHPMODULES pfSense" +# ion cube +PHPMODULES="$PHPMODULES ioncube_loader" # Modules previously included. # can be turned on by touching diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index e2f5d72..a35e897 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -89,7 +89,10 @@ if ($g['platform'] == "pfSense" or $g['platform'] == "nanobsd") $system_menu[] = array("Setup Wizard", "/wizard.php?xml=setup_wizard.xml"); $system_menu[] = array("Routing", "/system_gateways.php"); $system_menu[] = array("Cert Manager", "/system_camanager.php"); -$system_menu[] = array("User Manager", "/system_usermanager.php"); +if (!isAllowedPage("system_usermanager.php*")) + $system_menu[] = array("User Manager", "/system_usermanager_passwordmg.php"); +else + $system_menu[] = array("User Manager", "/system_usermanager.php"); $system_menu = msort(array_merge($system_menu, return_ext_menu("System")),0); // Interfaces diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index 4a16bac..575240c 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -160,7 +160,7 @@ include("head.inc"); <?php print_info_box_np(gettext("The alias list has been changed.") . "<br>" . gettext("You must apply the changes in order for them to take effect."));?> <?php endif; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont"> <tr> <td width="25%" class="listhdrr"><?=gettext("Name"); ?></td> <td width="25%" class="listhdrr"><?=gettext("Values"); ?></td> diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 3c576b9..940eb34 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -249,6 +249,7 @@ function print_input_errors($input_errors) { global $g; print <<<EOF + <div id='inputerrorsdiv' name='inputerrorsdiv'> <p> <table border="0" cellspacing="0" cellpadding="4" width="100%"> <tr> @@ -269,6 +270,7 @@ EOF; </span> </td></tr> </table> + </div> </p> <br> EOF2; @@ -1090,4 +1092,4 @@ function rule_popup($src,$srcport,$dst,$dstport){ } } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 41957c5..66aed5b 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1271,7 +1271,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <?php endif; ?> <br> <?=gettext("This field can be used to modify (\"spoof\") the MAC " . - "address of the WAN interface"); ?><br> + "address of this interface"); ?><br> <?=gettext("(may be required with some cable connections)"); ?><br> <?=gettext("Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx " . "or leave blank"); ?> @@ -1320,7 +1320,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), } } echo '</select><br>'; - echo gettext("Here you can explicitely set up speed and duplex mode for the interface."); + echo gettext("Here you can explicitly set speed and duplex mode for this interface. WARNING: You MUST leave this set to autonegotiate unless the port this interface connects to has its speed and duplex forced."); echo '</div>'; echo '</td>'; echo '</tr>'; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 586e569..4526028 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -520,8 +520,7 @@ value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client </tr> <tr> <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> - <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" -value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> + <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> </tr> <tr> <td colspan="2" class="list" height="12"></td> diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index cdc3e6a..37d4155 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -156,7 +156,7 @@ include("head.inc"); <br> <?=gettext("Wake all clients at once: ");?><a href="services_wol.php?wakeall=true"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_wol_all.gif" width="17" height="17" border="0"></a><p/> <?=gettext("Or Click the MAC address to wake up an individual device:");?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont"> <tr> <td width="15%" class="listhdrr"><?=gettext("Interface");?></td> <td width="25%" class="listhdrr"><?=gettext("MAC address");?></td> diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php index 32dcbae..61ce262 100755 --- a/usr/local/www/status_interfaces.php +++ b/usr/local/www/status_interfaces.php @@ -180,7 +180,7 @@ include("head.inc"); <?php $mac=$ifinfo['macaddr']; $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); - if(isset($mac_man[$mac_hi])){ print "<span title=\"$mac\">" . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; } + if(isset($mac_man[$mac_hi])){ print "<span>" . $mac . " - " . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; } else {print htmlspecialchars($mac);} ?> </td> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index cc6c4f1..783eb0f 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -49,311 +49,304 @@ require("certs.inc"); require("guiconfig.inc"); -if (isAllowedPage("system_usermanager.php*")) { - // start admin user code - $pgtitle = array(gettext("System"),gettext("User Manager")); +// start admin user code +$pgtitle = array(gettext("System"),gettext("User Manager")); - $id = $_GET['id']; - if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; - if (!is_array($config['system']['user'])) - $config['system']['user'] = array(); +if (!is_array($config['system']['user'])) + $config['system']['user'] = array(); - $a_user = &$config['system']['user']; +$a_user = &$config['system']['user']; - if ($_GET['act'] == "deluser") { +if ($_GET['act'] == "deluser") { - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - local_user_del($a_user[$id]); - $userdeleted = $a_user[$id]['name']; - unset($a_user[$id]); - write_config(); - $savemsg = gettext("User")." {$userdeleted} ". - gettext("successfully deleted")."<br/>"; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; } - if ($_GET['act'] == "delpriv") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } + local_user_del($a_user[$id]); + $userdeleted = $a_user[$id]['name']; + unset($a_user[$id]); + write_config(); + $savemsg = gettext("User")." {$userdeleted} ". + gettext("successfully deleted")."<br/>"; +} +else if ($_GET['act'] == "delpriv") { - $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name']; - unset($a_user[$id]['priv'][$_GET['privid']]); - local_user_set($a_user[$id]); - write_config(); - $_GET['act'] = "edit"; - $savemsg = gettext("Privilege")." {$privdeleted} ". - gettext("successfully deleted")."<br/>"; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; } - if ($_GET['act'] == "expcert") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); - $exp_data = base64_decode($cert['crt']); - $exp_size = strlen($exp_data); + $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name']; + unset($a_user[$id]['priv'][$_GET['privid']]); + local_user_set($a_user[$id]); + write_config(); + $_GET['act'] = "edit"; + $savemsg = gettext("Privilege")." {$privdeleted} ". + gettext("successfully deleted")."<br/>"; +} +else if ($_GET['act'] == "expcert") { - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); exit; } - if ($_GET['act'] == "expckey") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } + $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); + $exp_data = base64_decode($cert['crt']); + $exp_size = strlen($exp_data); - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); - $exp_data = base64_decode($cert['prv']); - $exp_size = strlen($exp_data); + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} +else if ($_GET['act'] == "expckey") { - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); exit; } - if ($_GET['act'] == "delcert") { + $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } + $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); + $exp_data = base64_decode($cert['prv']); + $exp_size = strlen($exp_data); - $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - $certdeleted = $certdeleted['descr']; - unset($a_user[$id]['cert'][$_GET['certid']]); - write_config(); - $_GET['act'] = "edit"; - $savemsg = gettext("Certificate")." {$certdeleted} ". - gettext("association removed.")."<br/>"; - } + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} +else if ($_GET['act'] == "delcert") { - if ($_GET['act'] == "edit") { - if (isset($id) && $a_user[$id]) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['descr'] = $a_user[$id]['descr']; - $pconfig['expires'] = $a_user[$id]['expires']; - $pconfig['groups'] = local_user_get_groups($a_user[$id]); - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['uid'] = $a_user[$id]['uid']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - $pconfig['priv'] = $a_user[$id]['priv']; - $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk']; - $pconfig['disabled'] = isset($a_user[$id]['disabled']); - } + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; } - if ($_GET['act'] == "new") { - /* - * set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - $pconfig['lifetime'] = 3650; + $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $certdeleted = $certdeleted['descr']; + unset($a_user[$id]['cert'][$_GET['certid']]); + write_config(); + $_GET['act'] = "edit"; + $savemsg = gettext("Certificate")." {$certdeleted} ". + gettext("association removed.")."<br/>"; +} +else if ($_GET['act'] == "edit") { + if (isset($id) && $a_user[$id]) { + $pconfig['usernamefld'] = $a_user[$id]['name']; + $pconfig['descr'] = $a_user[$id]['descr']; + $pconfig['expires'] = $a_user[$id]['expires']; + $pconfig['groups'] = local_user_get_groups($a_user[$id]); + $pconfig['utype'] = $a_user[$id]['scope']; + $pconfig['uid'] = $a_user[$id]['uid']; + $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); + $pconfig['priv'] = $a_user[$id]['priv']; + $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk']; + $pconfig['disabled'] = isset($a_user[$id]['disabled']); } +} +else if ($_GET['act'] == "new") { + /* + * set this value cause the text field is read only + * and the user should not be able to mess with this + * setting. + */ + $pconfig['utype'] = "user"; + $pconfig['lifetime'] = 3650; +} - if ($_POST) { - unset($input_errors); - $pconfig = $_POST; +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = array(gettext("Username")); + /* input validation */ + if (isset($id) && ($a_user[$id])) { + $reqdfields = explode(" ", "usernamefld"); + $reqdfieldsn = array(gettext("Username")); + } else { + if (empty($_POST['name'])) { + $reqdfields = explode(" ", "usernamefld passwordfld1"); + $reqdfieldsn = array( + gettext("Username"), + gettext("Password")); } else { - if (empty($_POST['name'])) { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = array( - gettext("Username"), - gettext("Password")); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime"); - $reqdfieldsn = array( - gettext("Username"), - gettext("Password"), - gettext("Descriptive name"), - gettext("Certificate authority"), - gettext("Key length"), - gettext("Lifetime")); - } + $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime"); + $reqdfieldsn = array( + gettext("Username"), + gettext("Password"), + gettext("Descriptive name"), + gettext("Certificate authority"), + gettext("Key length"), + gettext("Lifetime")); } + } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) + $input_errors[] = gettext("The username contains invalid characters."); - if (strlen($_POST['usernamefld']) > 16) - $input_errors[] = gettext("The username is longer than 16 characters."); + if (strlen($_POST['usernamefld']) > 16) + $input_errors[] = gettext("The username is longer than 16 characters."); - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) - $input_errors[] = gettext("The passwords do not match."); + if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) + $input_errors[] = gettext("The passwords do not match."); - if (isset($id) && $a_user[$id]) - $oldusername = $a_user[$id]['name']; - else - $oldusername = ""; - /* make sure this user name is unique */ - if (!$input_errors) { - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } + if (isset($id) && $a_user[$id]) + $oldusername = $a_user[$id]['name']; + else + $oldusername = ""; + /* make sure this user name is unique */ + if (!$input_errors) { + foreach ($a_user as $userent) { + if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { + $input_errors[] = gettext("Another entry with the same username already exists."); + break; } } - /* also make sure it is not reserved */ - if (!$input_errors) { - $system_users = explode("\n", file_get_contents("/etc/passwd")); - foreach ($system_users as $s_user) { - $ent = explode(":", $s_user); - if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { - $input_errors[] = gettext("That username is reserved by the system."); - break; - } + } + /* also make sure it is not reserved */ + if (!$input_errors) { + $system_users = explode("\n", file_get_contents("/etc/passwd")); + foreach ($system_users as $s_user) { + $ent = explode(":", $s_user); + if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { + $input_errors[] = gettext("That username is reserved by the system."); + break; } } + } - /* - * Check for a valid expirationdate if one is set at all (valid means, - * strtotime() puts out a time stamp so any strtotime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']){ - if(strtotime($_POST['expires']) > 0){ - if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) { - // Allow items to lie in the past which ends up disabling. - } else { - //convert from any strtotime compatible date to MM/DD/YYYY - $expdate = strtotime($_POST['expires']); - $_POST['expires'] = date("m/d/Y",$expdate); - } + /* + * Check for a valid expirationdate if one is set at all (valid means, + * strtotime() puts out a time stamp so any strtotime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if ($_POST['expires']){ + if(strtotime($_POST['expires']) > 0){ + if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) { + // Allow items to lie in the past which ends up disabling. } else { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expires']); + $_POST['expires'] = date("m/d/Y",$expdate); } + } else { + $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); } + } - if (!empty($_POST['name'])) { - $ca = lookup_ca($_POST['caref']); - if (!$ca) - $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n"; - } + if (!empty($_POST['name'])) { + $ca = lookup_ca($_POST['caref']); + if (!$ca) + $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n"; + } - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } - if (!$input_errors) { - conf_mount_rw(); - $userent = array(); - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; - - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - - /* the user name was modified */ - if ($_POST['usernamefld'] <> $_POST['oldusername']) - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - - /* the user password was mofified */ - if ($_POST['passwordfld1']) - local_user_set_password($userent, $_POST['passwordfld1']); - - $userent['name'] = $_POST['usernamefld']; - $userent['descr'] = $_POST['descr']; - $userent['expires'] = $_POST['expires']; - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - $userent['ipsecpsk'] = $_POST['ipsecpsk']; - - if($_POST['disabled']) - $userent['disabled'] = true; - else - unset($userent['disabled']); - - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else { - if (!empty($_POST['name'])) { - $cert = array(); - $cert['refid'] = uniqid(); - $userent['cert'] = array(); - - $cert['descr'] = $_POST['name']; - - $subject = cert_get_subject_array($ca['crt']); - - $dn = array( - 'countryName' => $subject[0]['v'], - 'stateOrProvinceName' => $subject[1]['v'], - 'localityName' => $subject[2]['v'], - 'organizationName' => $subject[3]['v'], - 'emailAddress' => $subject[4]['v'], - 'commonName' => $userent['name']); - - cert_create($cert, $_POST['caref'], $_POST['keylen'], - (int)$_POST['lifetime'], $dn); - - if (!is_array($config['cert'])) - $config['cert'] = array(); - $config['cert'][] = $cert; - $userent['cert'][] = $cert['refid']; - } - $userent['uid'] = $config['system']['nextuid']++; - /* Add the user to All Users group. */ - foreach ($config['system']['group'] as $gidx => $group) { - if ($group['name'] == "all") { - if (!is_array($config['system']['group'][$gidx]['member'])) - $config['system']['group'][$gidx]['member'] = array(); - $config['system']['group'][$gidx]['member'][] = $userent['uid']; - break; - } - } + if (!$input_errors) { + conf_mount_rw(); + $userent = array(); + if (isset($id) && $a_user[$id]) + $userent = $a_user[$id]; - $a_user[] = $userent; - } + isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; + + /* the user name was modified */ + if ($_POST['usernamefld'] <> $_POST['oldusername']) + $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - local_user_set_groups($userent,$_POST['groups']); - local_user_set($userent); - write_config(); + /* the user password was mofified */ + if ($_POST['passwordfld1']) + local_user_set_password($userent, $_POST['passwordfld1']); - if(is_dir("/etc/inc/privhooks")) - run_plugins("/etc/inc/privhooks"); + $userent['name'] = $_POST['usernamefld']; + $userent['descr'] = $_POST['descr']; + $userent['expires'] = $_POST['expires']; + $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); + $userent['ipsecpsk'] = $_POST['ipsecpsk']; + + if($_POST['disabled']) + $userent['disabled'] = true; + else + unset($userent['disabled']); + + if (isset($id) && $a_user[$id]) + $a_user[$id] = $userent; + else { + if (!empty($_POST['name'])) { + $cert = array(); + $cert['refid'] = uniqid(); + $userent['cert'] = array(); + + $cert['descr'] = $_POST['name']; + + $subject = cert_get_subject_array($ca['crt']); + + $dn = array( + 'countryName' => $subject[0]['v'], + 'stateOrProvinceName' => $subject[1]['v'], + 'localityName' => $subject[2]['v'], + 'organizationName' => $subject[3]['v'], + 'emailAddress' => $subject[4]['v'], + 'commonName' => $userent['name']); + + cert_create($cert, $_POST['caref'], $_POST['keylen'], + (int)$_POST['lifetime'], $dn); + + if (!is_array($config['cert'])) + $config['cert'] = array(); + $config['cert'][] = $cert; + $userent['cert'][] = $cert['refid']; + } + $userent['uid'] = $config['system']['nextuid']++; + /* Add the user to All Users group. */ + foreach ($config['system']['group'] as $gidx => $group) { + if ($group['name'] == "all") { + if (!is_array($config['system']['group'][$gidx]['member'])) + $config['system']['group'][$gidx]['member'] = array(); + $config['system']['group'][$gidx]['member'][] = $userent['uid']; + break; + } + } - conf_mount_ro(); - - pfSenseHeader("system_usermanager.php"); + $a_user[] = $userent; } + + local_user_set_groups($userent,$_POST['groups']); + local_user_set($userent); + write_config(); + + if(is_dir("/etc/inc/privhooks")) + run_plugins("/etc/inc/privhooks"); + + conf_mount_ro(); + + pfSenseHeader("system_usermanager.php"); } +} - include("head.inc"); +include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> @@ -871,98 +864,4 @@ function sshkeyClicked(obj) { </table> <?php include("fend.inc");?> </body> - -<?php - - // end admin user code - -} else { - - // start normal user code - - $pgtitle = array(gettext("System"),gettext("User Password")); - - if (isset($_POST['save'])) { - unset($input_errors); - - /* input validation */ - $reqdfields = explode(" ", "passwordfld1"); - $reqdfieldsn = array(gettext("Password")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['passwordfld1'] != $_POST['passwordfld2']) - $input_errors[] = gettext("The passwords do not match."); - - if (!$input_errors) { - // all values are okay --> saving changes - $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); - local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]); - write_config(); - $savemsg = gettext("Password successfully changed") . "<br />"; - } - } - - /* determine if user is not local to system */ - $islocal = false; - foreach($config['system']['user'] as $user) - if($user['name'] == $_SESSION['Username']) - $islocal = true; -?> - -<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php - include("head.inc"); - include("fbegin.inc"); - if ($input_errors) - print_input_errors($input_errors); - if ($savemsg) - print_info_box($savemsg); - - if($islocal == false) { - echo gettext("Sorry, you cannot change the password for a LDAP user."); - include("fend.inc"); - exit; - } -?> -<div id="mainarea"> - <div class="tabcont"> - <form action="system_usermanager.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> - <?=gettext("(confirmation)");?> - <br/> - <span class="vexpl"> - <?=gettext("Select a new password");?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - </td> - </tr> - </table> - </form> - </div> -</div> -<?php include("fend.inc");?> -</body> - -<?php - -} // end of normal user code - -?> +</html> diff --git a/usr/local/www/system_usermanager_passwordmg.php b/usr/local/www/system_usermanager_passwordmg.php new file mode 100644 index 0000000..b8b3f76 --- /dev/null +++ b/usr/local/www/system_usermanager_passwordmg.php @@ -0,0 +1,128 @@ +<?php +/* $Id$ */ +/* + Copyright (C) 2011 Ermal Luçi + system_usermanager.php + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: + pfSense_MODULE: auth +*/ + +##|+PRIV +##|*IDENT=page-system-usermanager-passwordmg +##|*NAME=System: User Password Manager page +##|*DESCR=Allow access to the 'System: User Password Manager' page. +##|*MATCH=system_usermanager_passwordmg.php* +##|-PRIV + +require_once("certs.inc"); +require_once("guiconfig.inc"); + +$pgtitle = array(gettext("System"),gettext("User Password")); + +if (isset($_POST['save'])) { + unset($input_errors); + /* input validation */ + + $reqdfields = explode(" ", "passwordfld1"); + $reqdfieldsn = array(gettext("Password")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['passwordfld1'] != $_POST['passwordfld2']) + $input_errors[] = gettext("The passwords do not match."); + + if (!$input_errors) { + // all values are okay --> saving changes + $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); + local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]); + + write_config(); + + $savemsg = gettext("Password successfully changed") . "<br />"; + } +} + +/* determine if user is not local to system */ +$islocal = false; +foreach($config['system']['user'] as $user) + if($user['name'] == $_SESSION['Username']) + $islocal = true; + +?> + +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php +include("head.inc"); +include("fbegin.inc"); + +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); + +if ($islocal == false) { + echo gettext("Sorry, you cannot change the password for a non-local user."); + include("fend.inc"); + exit; +} + +?> + +<div id="mainarea"> + <div class="tabcont"> + <form action="system_usermanager_passwordmg.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> + <?=gettext("(confirmation)");?> + <br/> + <span class="vexpl"> + <?=gettext("Select a new password");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + </td> + </tr> + </table> + </form> + </div> +</div> +<?php include("fend.inc");?> +</body> +</html> diff --git a/usr/local/www/themes/pfsense_ng/all.css b/usr/local/www/themes/pfsense_ng/all.css index 650d52d..b89299d 100644 --- a/usr/local/www/themes/pfsense_ng/all.css +++ b/usr/local/www/themes/pfsense_ng/all.css @@ -1333,7 +1333,7 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { cursor: default; - background-color: #EEEEEE; +<!-- background-color: #EEEEEE; this causing light gray rectangles to the right of many tables in gui --> padding-right: 12px; padding-left: 12px; padding-top: 12px; diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 500700a..78d1023 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -202,7 +202,7 @@ function restore_config_section_xmlrpc($raw_params) { if (does_interface_exist("vip{$vip['vhid']}")) continue; // Skip reconfiguring this vips since nothing has changed. } else - unset($oldvips['vhid']); + unset($oldvips[$vip['vhid']]); } switch ($vip['mode']) { |