diff options
| author | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-25 02:28:31 +0000 |
|---|---|---|
| committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-25 02:28:31 +0000 |
| commit | 45ee90edb38f3c52a242d248468a992bf19f1c44 (patch) | |
| tree | 14e5a6b3c6a7ff340858442dddc9241b3e8fc9a0 /usr/local/www/system_usermanager.php | |
| parent | 8057888036bfcacd59c9d0fcf235aba5dc65682b (diff) | |
| download | pfsense-45ee90edb38f3c52a242d248468a992bf19f1c44.zip pfsense-45ee90edb38f3c52a242d248468a992bf19f1c44.tar.gz | |
Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.
I also took this opportunity to do some housekeeping. A lot of funtions
that were only being used in one place or not at all were removed. The
user page privelege checks were also simplified in preperation for future
work in this area.
Diffstat (limited to 'usr/local/www/system_usermanager.php')
| -rw-r--r-- | usr/local/www/system_usermanager.php | 918 |
1 files changed, 489 insertions, 429 deletions
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 725511f..0c440b0 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -33,479 +33,539 @@ */ require("guiconfig.inc"); -// The page title for non-admins -$pgtitle = array("System","User Password"); -/* Check for custom priv system_usermanager (no .php ending) */ -$isAdminUser = false; -$allowed = $g['privs']; -if(is_array($allowed)) - if (in_array("system_usermanager", $allowed)) - $isAdminUser = true; +if (isAllowedPage("system_usermanager")) { -if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']) or $isAdminUser == true) { - // Page title for main admin - $pgtitle = array("System","User Manager"); + // start admin user code + $pgtitle = array("System","User Manager"); - $id = $_GET['id']; - if (isset($_POST['id'])) - $id = $_POST['id']; + $id = $_GET['id']; + if (isset($_POST['id'])) + $id = $_POST['id']; if (!is_array($config['system']['user'])) $config['system']['user'] = array(); - admin_users_sort(); - if (is_array($config['system']['user'])) + admin_users_sort(); + if (is_array($config['system']['user'])) $a_user = &$config['system']['user']; - $t_privs = $a_user[$id]['priv']; - - if ($_GET['act'] == "del" && $_GET['what'] == "user") { - if ($a_user[$_GET['id']]) { - $userdeleted = $a_user[$_GET['id']]['name']; - unset($a_user[$_GET['id']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = gettext("User") . " " . $userdeleted . " " . gettext("successfully deleted") . "<br />"; - } - } else if ($_GET['act'] == "del" && $_GET['what'] == "priv") { - if ($t_privs[$_GET['privid']]) { - $privdeleted = $t_privs[$_GET['privid']]['id']; - unset($a_user[$id]['priv'][$_GET['privid']]); - write_config(); - unset($t_privs[$_GET['privid']]); - $_GET['act'] = "edit"; - $retval = 0; - $savemsg = get_std_save_message($retval); - $savemsg = gettext("Privilege") . " " . $privdeleted . " " . gettext("of user") . " " . $a_user[$_GET['id']]['name'] . " " . gettext("successfully deleted") . "<br />"; - } - } - - if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - if(!$_POST['groupname'] and $_POST['usernamefld'] != "admin") - $input_errors[] = "You must specify at least one group!"; - - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = explode(",", "Username"); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = explode(",", "Username,Password"); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (hasShellAccess($_POST['usernamefld'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } else { - if (preg_match("/[^a-zA-Z0-9\@\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } - - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) - $input_errors[] = gettext("The passwords do not match."); - - if (!$input_errors && !(isset($id) && $a_user[$id])) { - /* make sure there are no dupes */ - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } - } - } - - if(is_array($_POST['groupname'])) { - foreach($_POST['groupname'] as $groupname) { - if ($pconfig['utype'] <> "system" && !isset($groupindex[$groupname])) { - $input_errors[] = gettext("group {$groupname} does not exist, please define the group before assigning users."); - } + $t_privs = $a_user[$id]['priv']; + + if ($_GET['act'] == "del") { + + if (($_GET['what'] == "user") && $a_user[$_GET['id']]) { + del_local_user($a_user[$_GET['id']]); + $userdeleted = $a_user[$_GET['id']]['name']; + unset($a_user[$_GET['id']]); + write_config(); + $retval = system_password_configure(); + $savemsg = gettext("User")." {$userdeleted} ". + gettext("successfully deleted")."<br/>"; + } + + if (($_GET['what'] == "priv") && $t_privs[$_GET['privid']]) { + $privdeleted = $t_privs[$_GET['privid']]['id']; + unset($a_user[$id]['priv'][$_GET['privid']]); + write_config(); + unset($t_privs[$_GET['privid']]); + $_GET['act'] = "edit"; + $savemsg = gettext("Privilege")." {$privdeleted} ". + gettext("of user")." {$a_user[$_GET['id']]['name']} ". + gettext("successfully deleted")."<br/>"; + } + } + + if ($_GET['act'] == "edit") { + if (isset($id) && $a_user[$id]) { + $pconfig['usernamefld'] = $a_user[$id]['name']; + $pconfig['fullname'] = $a_user[$id]['fullname']; + $pconfig['groups'] = get_local_user_groups($a_user[$id]); + $pconfig['utype'] = $a_user[$id]['scope']; + $pconfig['uid'] = $a_user[$id]['uid']; + $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); + } + } + + if ($_GET['act'] == "new") { + /* + * set this value cause the text field is read only + * and the user should not be able to mess with this + * setting. + */ + $pconfig['utype'] = "user"; + } + + if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_user[$id])) { + $reqdfields = explode(" ", "usernamefld"); + $reqdfieldsn = explode(",", "Username"); + } else { + $reqdfields = explode(" ", "usernamefld passwordfld1"); + $reqdfieldsn = explode(",", "Username,Password"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) + $input_errors[] = gettext("The username contains invalid characters."); + + if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) + $input_errors[] = gettext("The passwords do not match."); + + /* make sure this user name is unique */ + if (!$input_errors && !(isset($id) && $a_user[$id])) { + foreach ($a_user as $userent) { + if ($userent['name'] == $_POST['usernamefld']) { + $input_errors[] = gettext("Another entry with the same username already exists."); + break; + } } } - if (isset($config['system']['ssh']['sshdkeyonly']) && - empty($_POST['authorizedkeys'])) { - $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); - } + if(is_array($_POST['groups'])) + foreach($_POST['groups'] as $groupname) + if ($pconfig['utype'] <> "system" && !isset($groupindex[$groupname])) + $input_errors[] = gettext("group {$groupname} does not exist, please define the group before assigning users."); - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } + if (isset($config['system']['ssh']['sshdkeyonly']) && empty($_POST['authorizedkeys'])) + $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); - if (!$input_errors) { - $userent = ""; - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } - /* the user did change his username */ - if ($_POST['usernamefld'] <> $_POST['oldusername']) { - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - } + if (!$input_errors) { + $userent = array(); + if (isset($id) && $a_user[$id]) + $userent = $a_user[$id]; - $userent['name'] = $_POST['usernamefld']; - $userent['fullname'] = $_POST['fullname']; + /* the user did change his username */ + if ($_POST['usernamefld'] <> $_POST['oldusername']) + $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - if ($pconfig['utype'] <> "system") - $userent['groupname'] = implode(",", $_POST['groupname']); + $userent['name'] = $_POST['usernamefld']; + $userent['fullname'] = $_POST['fullname']; - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; + isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - if ($_POST['passwordfld1']) - $userent['password'] = crypt($_POST['passwordfld1']); + if ($_POST['passwordfld1']) + set_local_user_password($userent, $_POST['passwordfld1']); - if(isset($config['system']['ssh']['sshdkeyonly'])) { - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - } + if(isset($config['system']['ssh']['sshdkeyonly'])) + $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else - $a_user[] = $userent; + if (isset($id) && $a_user[$id]) + $a_user[$id] = $userent; + else { + $userent['uid'] = $config['system']['nextuid']++; + $a_user[] = $userent; + } - write_config(); - $retval = system_password_configure(); - sync_webgui_passwords(); + set_local_user($userent); + set_local_user_groups($userent,$_POST['groups']); + write_config(); + $retval = system_password_configure(); - pfSenseHeader("system_usermanager.php"); - } - } + pfSenseHeader("system_usermanager.php"); + } + } - include("head.inc"); + include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc");?> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> -<?php - if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors) { - if ($_GET['act'] == "edit") { - if (isset($id) && $a_user[$id]) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['fullname'] = $a_user[$id]['fullname']; - $pconfig['groupname'] = split(",", $a_user[$id]['groupname']); - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - } - } else if ($_GET['act'] == "new") { - /* set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - } -?> - <form action="system_usermanager.php" method="post" name="iform" id="iform"> - <div id="inputerrors"></div> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> - <td width="78%" class="vtable"> - <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?php if ($pconfig['utype'] == "system") { echo "readonly=\"readonly\" "; }?>/> - <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td> - <td width="78%" class="vtable"> - <input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?php if ($pconfig['utype'] == "system") { echo "readonly=\"readonly\" "; }?>/> - <br /> - <?=gettext("User's full name, for your own information only");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td> - <td width="78%" class="vtable"> - <input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" /> - <br /> - <?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?> - </td> - </tr> - <?php if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td> - <td width="78%" class="vtable"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="5%" class="listhdrr"><?=gettext("ID");?></td> - <td width="30%" class="listhdrr"><?=gettext("Name");?></td> - <td width="40%" class="listhdrr"><?=gettext("Description");?></td> - <td width="5%" class="list"></td> - </tr> - - <?php if(is_array($t_privs)): ?> - <?php $i = 0; foreach ($t_privs as $priv): ?> - <?php if($priv['id'] <> ""): ?> - <tr> - <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <?=htmlspecialchars($priv['id']);?> - </td> - <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <?=htmlspecialchars($priv['name']);?> - </td> - <td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?> </font> - </td> - <td valign="middle" nowrap class="list"> - <?php if($a_user[$id]['scope'] == "user"): ?> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" /></a></td> - <td valign="middle"><a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /></a></td> - </tr> - </table> - <?php endif; ?> - </td> - </tr> - <?php endif; ?> - <?php $i++; endforeach; ?> - <?php endif; ?> - - <?php if($a_user[$id]['scope'] == "user"): ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /></a></td> - </tr> - </table> - </td> - </tr> - <?php endif; ?> - </table> - </td> - </tr> - <?php endif; ?> - <?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> - <td width="78%" class="vtable"> - <textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea> - <br /> - <?=gettext("Paste an authorized keys file here.");?> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Group Name");?></td> - <td width="78%" class="vtable"> - <select size="10" name="groupname[]" class="formselect" id="groupname" <?php if ($pconfig['utype'] == "system") { echo "disabled=\"disabled\" "; } ?> MULTIPLE> - <?php foreach ($config['system']['group'] as $group): ?> - <option value="<?=$group['name'];?>" <?php if (in_array($group['name'],$pconfig['groupname'])) { echo "selected"; } ?>> - <?=htmlspecialchars($group['name']);?> - </option> - <?php endforeach;?> - </select> - <br /> - <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="save" type="submit" class="formbtn" value="Save" /> - <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif;?> - </td> - </tr> - </table> - </form> -<?php - } else { -?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="35%" class="listhdrr">Username</td> - <td width="20%" class="listhdrr">Full name</td> - <td width="20%" class="listhdrr">Group</td> - <td width="10%" class="list"></td> - </tr> -<?php - $i = 0; - foreach($a_user as $userent): -?> - <tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'"> - <td class="listlr"> - <table border="0" cellpadding="0" cellspacing="0"> - <tr> - <td align="left" valign="middle"> - <?php if($userent['scope'] == "user"): ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-user.png" alt="User" title="User" border="0" height="20" width="20" /> - <?php else: ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-user-grey.png" alt="User" title="User" border="0" height="20" width="20" /> - <?php endif; ?> - - </td> - <td align="left" valign="middle"> - <?=htmlspecialchars($userent['name']);?> - </td> - </tr> - </table> - </td> - <td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td> - <td class="listbg"> - <?php - $groupname = split(",", $userent['groupname']); - ?> - <font color="white"><?=htmlspecialchars(implode(",",$groupname));?></font> - </td> - <td valign="middle" nowrap class="list"> - <a href="system_usermanager.php?act=edit&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" /> - </a> - <?php if($userent['scope'] == "user"): ?> - - <a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" /> - </a> - <?php endif; ?> - </td> - </tr> <?php - $i++; - endforeach; + include("fbegin.inc"); + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <a href="system_usermanager.php?act=new"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add user" alt="add user" width="17" height="17" border="0" /> - </a> - </td> - </tr> - <tr> - <td colspan="3"> - <p> - <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?> - </p> - <p> - <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?> - </p> - </td> - </tr> - </table> -<?php - } -?> - </td> - </tr> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); + $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php"); + $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td class="tabcont"> + + <?php if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors): ?> + + <form action="system_usermanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + $ro = ""; + if ($pconfig['utype'] == "system") + $ro = "readonly = \"readonly\""; + ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> + <td width="78%" class="vtable"> + <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/> + <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td> + <td width="78%" class="vtable"> + <input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?=$ro;?>/> + <br/> + <?=gettext("User's full name, for your own information only");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td> + <td width="78%" class="vtable"> + <input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" /> + <br/> + <?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?> + </td> + </tr> + + <?php if ($pconfig['uid']): ?> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td> + <td width="78%" class="vtable"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="5%" class="listhdrr"><?=gettext("ID");?></td> + <td width="30%" class="listhdrr"><?=gettext("Name");?></td> + <td width="40%" class="listhdrr"><?=gettext("Description");?></td> + <td width="5%" class="list"></td> + </tr> + <?php + if(is_array($t_privs)): + $i = 0; + foreach ($t_privs as $priv): + if($priv['id'] <> ""): + ?> + <tr> + <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> + <?=htmlspecialchars($priv['id']);?> + </td> + <td class="listr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> + <?=htmlspecialchars($priv['name']);?> + </td> + <td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> + <font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?> </font> + </td> + <td valign="middle" nowrap class="list"> + <?php if($a_user[$id]['scope'] == "user"): ?> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"> + <a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> + <td valign="middle"> + <a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> + </tr> + </table> + <?php endif; ?> + </td> + </tr> + <?php + endif; + $i++; + endforeach; + endif; + if ($a_user[$id]['scope'] == "user"): + ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"> + <a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> + </tr> + </table> + </td> + </tr> + <?php + endif; + ?> + </table> + </td> + </tr> + + <?php endif; ?> + <?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> + <td width="78%" class="vtable"> + <textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea> + <br/> + <?=gettext("Paste an authorized keys file here.");?> + </td> + </tr> + + <?php endif; ?> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td> + <td width="78%" class="vtable"> + <select size="10" name="groups[]" class="formselect" id="groups" multiple> + <?php + foreach ($config['system']['group'] as $group): + if ($group['gid'] != 1998): /* all users group */ + $selected = ""; + if (in_array($group['name'],$pconfig['groups'])) + $selected = "selected"; + ?> + <option value="<?=$group['name'];?>" <?=$selected;?>> + <?=htmlspecialchars($group['name']);?> + </option> + <?php + endif; + endforeach; + ?> + </select> + <br/> + <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="save" type="submit" class="formbtn" value="Save" /> + <?php if (isset($id) && $a_user[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> + <?php endif;?> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">Username</td> + <td width="25%" class="listhdrr">Full name</td> + <td width="30%" class="listhdrr">Groups</td> + <td width="10%" class="list"></td> + </tr> + <?php + $i = 0; + foreach($a_user as $userent): + ?> + <tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'"> + <td class="listlr"> + <table border="0" cellpadding="0" cellspacing="0"> + <tr> + <td align="left" valign="center"> + <?php + if($userent['scope'] == "user") + $usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png"; + else + $usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png"; + ?> + <img src="<?=$usrimg;?>" alt="User" title="User" border="0" height="16" width="16" /> + </td> + <td align="left" valign="middle"> + <?=htmlspecialchars($userent['name']);?> + </td> + </tr> + </table> + </td> + <td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td> + <td class="listbg"> + <font color="white"> + <?=implode(",",get_local_user_groups($userent));?> + </font> + + </td> + <td valign="middle" nowrap class="list"> + <a href="system_usermanager.php?act=edit&id=<?=$i;?>"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" /> + </a> + <?php if($userent['scope'] == "user"): ?> + + <a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" /> + </a> + <?php endif; ?> + </td> + </tr> + <?php + $i++; + endforeach; + ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <a href="system_usermanager.php?act=new"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add user" alt="add user" width="17" height="17" border="0" /> + </a> + </td> + </tr> + <tr> + <td colspan="3"> + <p> + <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?> + </p> + <p> + <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?> + </p> + </td> + </tr> + </table> + + <?php endif; ?> + + </td> + </tr> </table> +<?php include("fend.inc");?> +</body> + <?php -} else { // end of admin user code, start of normal user code - if (isset($_POST['save'])) { - unset($input_errors); - /* input validation */ - $reqdfields = explode(" ", "passwordfld1"); - $reqdfieldsn = explode(",", "Password"); + // end admin user code + +} else { + + // start normal user code + $pgtitle = array("System","User Password"); + + if (isset($_POST['save'])) { + unset($input_errors); + + /* input validation */ + $reqdfields = explode(" ", "passwordfld1"); + $reqdfieldsn = explode(",", "Password"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if ($_POST['passwordfld1'] != $_POST['passwordfld2']) - $input_errors[] = "The passwords do not match."; + if ($_POST['passwordfld1'] != $_POST['passwordfld2']) + $input_errors[] = "The passwords do not match."; - if (!$input_errors) { - // all values are okay --> saving changes - $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); + if (!$input_errors) { + // all values are okay --> saving changes + $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); - write_config(); + write_config(); - sync_webgui_passwords(); + sync_webgui_passwords(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = "Password successfully changed<br />"; - } - } + $retval = system_password_configure(); + $savemsg = "Password successfully changed<br />"; + } + } + + /* deterimine if user is not local to system */ + $islocal = false; + foreach($config['system']['user'] as $user) + if($user['name'] == $_SESSION['Username']) + $islocal = true; ?> +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> <?php include("head.inc"); + include("fbegin.inc"); + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); + + if($islocal == false) { + echo "Sorry, you cannot change the password for a LDAP user."; + include("fend.inc"); + exit; + } ?> -<?php include("fbegin.inc");?> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> -<?php - -/* deterimine if user is not local to system */ -$islocal = false; -foreach($config['system']['user'] as $user) - if($user['name'] == $_SESSION['Username']) - $islocal = true; -if($islocal == false) { - echo "Sorry, you cannot change the password for a LDAP user."; - include("fend.inc"); - exit; -} +<form action="system_usermanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s Password</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell" rowspan="2">Password</td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> + <?=gettext("(confirmation)");?> + <br/> + <span class="vexpl"> + <?=gettext("Select a new password");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + </td> + </tr> + </table> +</form> +<?php include("fend.inc");?> +</body> -?> - <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> - <form action="system_usermanager.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s Password</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell" rowspan="2">Password</td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> - <?=gettext("(confirmation)");?> - <br /> - <span class="vexpl"><?=gettext("Select a new password");?></span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - </td> - </tr> - </table> - </form> <?php } // end of normal user code -?> -<?php include("fend.inc");?> -</body> -</html> +/* + * NOTE : sections of the code below are based on the BSD + * licensed CHAP.php courtesy of Michael Retterklieber. + */ +function set_password_hashes(& $userent, $password) { + $userent['password'] = crypt($password); + $userent['md5-hash'] = md5($password); +/* + * Waiting for mhash + * + * // Converts ascii to unicode. + * $astr = (string) $password; + * $ustr = ''; + * for ($i = 0; $i < strlen($astr); $i++) { + * $a = ord($astr{$i}) << 8; + * $ustr.= sprintf("%X", $a); + * } + * + * // Generate the NT-HASH from the unicode string + * $userent['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr)); + */ +} + +?> |
