diff options
| author | jim-p <jimp@pfsense.org> | 2011-06-08 14:13:22 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-06-08 14:13:22 -0400 |
| commit | 156bf9b11947045afd85c61437f893d279dfc986 (patch) | |
| tree | d3bb35c7f48f0ceeab1474bf39878f91d81a6c7c /usr/local | |
| parent | 534375b6f0ad869022c068ef35c5c6dedcd619bd (diff) | |
| parent | 0042f5d964fc5c476d6c90f269ea6f49179ac016 (diff) | |
| download | pfsense-156bf9b11947045afd85c61437f893d279dfc986.zip pfsense-156bf9b11947045afd85c61437f893d279dfc986.tar.gz | |
Merge remote branch 'upstream/master'
Diffstat (limited to 'usr/local')
| -rwxr-xr-x | usr/local/www/fbegin.inc | 5 | ||||
| -rwxr-xr-x | usr/local/www/firewall_aliases.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/guiconfig.inc | 4 | ||||
| -rwxr-xr-x | usr/local/www/interfaces.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/services_wol.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/status_interfaces.php | 2 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager.php | 591 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager_passwordmg.php | 128 | ||||
| -rw-r--r-- | usr/local/www/themes/pfsense_ng/all.css | 2 | ||||
| -rwxr-xr-x | usr/local/www/xmlrpc.php | 2 |
11 files changed, 388 insertions, 357 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index e2f5d72..a35e897 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -89,7 +89,10 @@ if ($g['platform'] == "pfSense" or $g['platform'] == "nanobsd") $system_menu[] = array("Setup Wizard", "/wizard.php?xml=setup_wizard.xml"); $system_menu[] = array("Routing", "/system_gateways.php"); $system_menu[] = array("Cert Manager", "/system_camanager.php"); -$system_menu[] = array("User Manager", "/system_usermanager.php"); +if (!isAllowedPage("system_usermanager.php*")) + $system_menu[] = array("User Manager", "/system_usermanager_passwordmg.php"); +else + $system_menu[] = array("User Manager", "/system_usermanager.php"); $system_menu = msort(array_merge($system_menu, return_ext_menu("System")),0); // Interfaces diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index 4a16bac..575240c 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -160,7 +160,7 @@ include("head.inc"); <?php print_info_box_np(gettext("The alias list has been changed.") . "<br>" . gettext("You must apply the changes in order for them to take effect."));?> <?php endif; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont"> <tr> <td width="25%" class="listhdrr"><?=gettext("Name"); ?></td> <td width="25%" class="listhdrr"><?=gettext("Values"); ?></td> diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 3c576b9..940eb34 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -249,6 +249,7 @@ function print_input_errors($input_errors) { global $g; print <<<EOF + <div id='inputerrorsdiv' name='inputerrorsdiv'> <p> <table border="0" cellspacing="0" cellpadding="4" width="100%"> <tr> @@ -269,6 +270,7 @@ EOF; </span> </td></tr> </table> + </div> </p> <br> EOF2; @@ -1090,4 +1092,4 @@ function rule_popup($src,$srcport,$dst,$dstport){ } } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 41957c5..66aed5b 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1271,7 +1271,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <?php endif; ?> <br> <?=gettext("This field can be used to modify (\"spoof\") the MAC " . - "address of the WAN interface"); ?><br> + "address of this interface"); ?><br> <?=gettext("(may be required with some cable connections)"); ?><br> <?=gettext("Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx " . "or leave blank"); ?> @@ -1320,7 +1320,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), } } echo '</select><br>'; - echo gettext("Here you can explicitely set up speed and duplex mode for the interface."); + echo gettext("Here you can explicitly set speed and duplex mode for this interface. WARNING: You MUST leave this set to autonegotiate unless the port this interface connects to has its speed and duplex forced."); echo '</div>'; echo '</td>'; echo '</tr>'; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 586e569..4526028 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -520,8 +520,7 @@ value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client </tr> <tr> <td class="vncell" valign="top"><?=gettext("Shared secret"); ?> </td> - <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" -value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> + <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> </tr> <tr> <td colspan="2" class="list" height="12"></td> diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index cdc3e6a..37d4155 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -156,7 +156,7 @@ include("head.inc"); <br> <?=gettext("Wake all clients at once: ");?><a href="services_wol.php?wakeall=true"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_wol_all.gif" width="17" height="17" border="0"></a><p/> <?=gettext("Or Click the MAC address to wake up an individual device:");?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont"> <tr> <td width="15%" class="listhdrr"><?=gettext("Interface");?></td> <td width="25%" class="listhdrr"><?=gettext("MAC address");?></td> diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php index 32dcbae..61ce262 100755 --- a/usr/local/www/status_interfaces.php +++ b/usr/local/www/status_interfaces.php @@ -180,7 +180,7 @@ include("head.inc"); <?php $mac=$ifinfo['macaddr']; $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); - if(isset($mac_man[$mac_hi])){ print "<span title=\"$mac\">" . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; } + if(isset($mac_man[$mac_hi])){ print "<span>" . $mac . " - " . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; } else {print htmlspecialchars($mac);} ?> </td> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index cc6c4f1..783eb0f 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -49,311 +49,304 @@ require("certs.inc"); require("guiconfig.inc"); -if (isAllowedPage("system_usermanager.php*")) { - // start admin user code - $pgtitle = array(gettext("System"),gettext("User Manager")); +// start admin user code +$pgtitle = array(gettext("System"),gettext("User Manager")); - $id = $_GET['id']; - if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; - if (!is_array($config['system']['user'])) - $config['system']['user'] = array(); +if (!is_array($config['system']['user'])) + $config['system']['user'] = array(); - $a_user = &$config['system']['user']; +$a_user = &$config['system']['user']; - if ($_GET['act'] == "deluser") { +if ($_GET['act'] == "deluser") { - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - local_user_del($a_user[$id]); - $userdeleted = $a_user[$id]['name']; - unset($a_user[$id]); - write_config(); - $savemsg = gettext("User")." {$userdeleted} ". - gettext("successfully deleted")."<br/>"; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; } - if ($_GET['act'] == "delpriv") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } + local_user_del($a_user[$id]); + $userdeleted = $a_user[$id]['name']; + unset($a_user[$id]); + write_config(); + $savemsg = gettext("User")." {$userdeleted} ". + gettext("successfully deleted")."<br/>"; +} +else if ($_GET['act'] == "delpriv") { - $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name']; - unset($a_user[$id]['priv'][$_GET['privid']]); - local_user_set($a_user[$id]); - write_config(); - $_GET['act'] = "edit"; - $savemsg = gettext("Privilege")." {$privdeleted} ". - gettext("successfully deleted")."<br/>"; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; } - if ($_GET['act'] == "expcert") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); - $exp_data = base64_decode($cert['crt']); - $exp_size = strlen($exp_data); + $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name']; + unset($a_user[$id]['priv'][$_GET['privid']]); + local_user_set($a_user[$id]); + write_config(); + $_GET['act'] = "edit"; + $savemsg = gettext("Privilege")." {$privdeleted} ". + gettext("successfully deleted")."<br/>"; +} +else if ($_GET['act'] == "expcert") { - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); exit; } - if ($_GET['act'] == "expckey") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } + $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); + $exp_data = base64_decode($cert['crt']); + $exp_size = strlen($exp_data); - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); - $exp_data = base64_decode($cert['prv']); - $exp_size = strlen($exp_data); + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} +else if ($_GET['act'] == "expckey") { - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); exit; } - if ($_GET['act'] == "delcert") { + $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } + $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); + $exp_data = base64_decode($cert['prv']); + $exp_size = strlen($exp_data); - $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - $certdeleted = $certdeleted['descr']; - unset($a_user[$id]['cert'][$_GET['certid']]); - write_config(); - $_GET['act'] = "edit"; - $savemsg = gettext("Certificate")." {$certdeleted} ". - gettext("association removed.")."<br/>"; - } + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} +else if ($_GET['act'] == "delcert") { - if ($_GET['act'] == "edit") { - if (isset($id) && $a_user[$id]) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['descr'] = $a_user[$id]['descr']; - $pconfig['expires'] = $a_user[$id]['expires']; - $pconfig['groups'] = local_user_get_groups($a_user[$id]); - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['uid'] = $a_user[$id]['uid']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - $pconfig['priv'] = $a_user[$id]['priv']; - $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk']; - $pconfig['disabled'] = isset($a_user[$id]['disabled']); - } + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; } - if ($_GET['act'] == "new") { - /* - * set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - $pconfig['lifetime'] = 3650; + $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $certdeleted = $certdeleted['descr']; + unset($a_user[$id]['cert'][$_GET['certid']]); + write_config(); + $_GET['act'] = "edit"; + $savemsg = gettext("Certificate")." {$certdeleted} ". + gettext("association removed.")."<br/>"; +} +else if ($_GET['act'] == "edit") { + if (isset($id) && $a_user[$id]) { + $pconfig['usernamefld'] = $a_user[$id]['name']; + $pconfig['descr'] = $a_user[$id]['descr']; + $pconfig['expires'] = $a_user[$id]['expires']; + $pconfig['groups'] = local_user_get_groups($a_user[$id]); + $pconfig['utype'] = $a_user[$id]['scope']; + $pconfig['uid'] = $a_user[$id]['uid']; + $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); + $pconfig['priv'] = $a_user[$id]['priv']; + $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk']; + $pconfig['disabled'] = isset($a_user[$id]['disabled']); } +} +else if ($_GET['act'] == "new") { + /* + * set this value cause the text field is read only + * and the user should not be able to mess with this + * setting. + */ + $pconfig['utype'] = "user"; + $pconfig['lifetime'] = 3650; +} - if ($_POST) { - unset($input_errors); - $pconfig = $_POST; +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = array(gettext("Username")); + /* input validation */ + if (isset($id) && ($a_user[$id])) { + $reqdfields = explode(" ", "usernamefld"); + $reqdfieldsn = array(gettext("Username")); + } else { + if (empty($_POST['name'])) { + $reqdfields = explode(" ", "usernamefld passwordfld1"); + $reqdfieldsn = array( + gettext("Username"), + gettext("Password")); } else { - if (empty($_POST['name'])) { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = array( - gettext("Username"), - gettext("Password")); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime"); - $reqdfieldsn = array( - gettext("Username"), - gettext("Password"), - gettext("Descriptive name"), - gettext("Certificate authority"), - gettext("Key length"), - gettext("Lifetime")); - } + $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime"); + $reqdfieldsn = array( + gettext("Username"), + gettext("Password"), + gettext("Descriptive name"), + gettext("Certificate authority"), + gettext("Key length"), + gettext("Lifetime")); } + } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) + $input_errors[] = gettext("The username contains invalid characters."); - if (strlen($_POST['usernamefld']) > 16) - $input_errors[] = gettext("The username is longer than 16 characters."); + if (strlen($_POST['usernamefld']) > 16) + $input_errors[] = gettext("The username is longer than 16 characters."); - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) - $input_errors[] = gettext("The passwords do not match."); + if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) + $input_errors[] = gettext("The passwords do not match."); - if (isset($id) && $a_user[$id]) - $oldusername = $a_user[$id]['name']; - else - $oldusername = ""; - /* make sure this user name is unique */ - if (!$input_errors) { - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } + if (isset($id) && $a_user[$id]) + $oldusername = $a_user[$id]['name']; + else + $oldusername = ""; + /* make sure this user name is unique */ + if (!$input_errors) { + foreach ($a_user as $userent) { + if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { + $input_errors[] = gettext("Another entry with the same username already exists."); + break; } } - /* also make sure it is not reserved */ - if (!$input_errors) { - $system_users = explode("\n", file_get_contents("/etc/passwd")); - foreach ($system_users as $s_user) { - $ent = explode(":", $s_user); - if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { - $input_errors[] = gettext("That username is reserved by the system."); - break; - } + } + /* also make sure it is not reserved */ + if (!$input_errors) { + $system_users = explode("\n", file_get_contents("/etc/passwd")); + foreach ($system_users as $s_user) { + $ent = explode(":", $s_user); + if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { + $input_errors[] = gettext("That username is reserved by the system."); + break; } } + } - /* - * Check for a valid expirationdate if one is set at all (valid means, - * strtotime() puts out a time stamp so any strtotime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']){ - if(strtotime($_POST['expires']) > 0){ - if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) { - // Allow items to lie in the past which ends up disabling. - } else { - //convert from any strtotime compatible date to MM/DD/YYYY - $expdate = strtotime($_POST['expires']); - $_POST['expires'] = date("m/d/Y",$expdate); - } + /* + * Check for a valid expirationdate if one is set at all (valid means, + * strtotime() puts out a time stamp so any strtotime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if ($_POST['expires']){ + if(strtotime($_POST['expires']) > 0){ + if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) { + // Allow items to lie in the past which ends up disabling. } else { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expires']); + $_POST['expires'] = date("m/d/Y",$expdate); } + } else { + $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); } + } - if (!empty($_POST['name'])) { - $ca = lookup_ca($_POST['caref']); - if (!$ca) - $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n"; - } + if (!empty($_POST['name'])) { + $ca = lookup_ca($_POST['caref']); + if (!$ca) + $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n"; + } - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } - if (!$input_errors) { - conf_mount_rw(); - $userent = array(); - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; - - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - - /* the user name was modified */ - if ($_POST['usernamefld'] <> $_POST['oldusername']) - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - - /* the user password was mofified */ - if ($_POST['passwordfld1']) - local_user_set_password($userent, $_POST['passwordfld1']); - - $userent['name'] = $_POST['usernamefld']; - $userent['descr'] = $_POST['descr']; - $userent['expires'] = $_POST['expires']; - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - $userent['ipsecpsk'] = $_POST['ipsecpsk']; - - if($_POST['disabled']) - $userent['disabled'] = true; - else - unset($userent['disabled']); - - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else { - if (!empty($_POST['name'])) { - $cert = array(); - $cert['refid'] = uniqid(); - $userent['cert'] = array(); - - $cert['descr'] = $_POST['name']; - - $subject = cert_get_subject_array($ca['crt']); - - $dn = array( - 'countryName' => $subject[0]['v'], - 'stateOrProvinceName' => $subject[1]['v'], - 'localityName' => $subject[2]['v'], - 'organizationName' => $subject[3]['v'], - 'emailAddress' => $subject[4]['v'], - 'commonName' => $userent['name']); - - cert_create($cert, $_POST['caref'], $_POST['keylen'], - (int)$_POST['lifetime'], $dn); - - if (!is_array($config['cert'])) - $config['cert'] = array(); - $config['cert'][] = $cert; - $userent['cert'][] = $cert['refid']; - } - $userent['uid'] = $config['system']['nextuid']++; - /* Add the user to All Users group. */ - foreach ($config['system']['group'] as $gidx => $group) { - if ($group['name'] == "all") { - if (!is_array($config['system']['group'][$gidx]['member'])) - $config['system']['group'][$gidx]['member'] = array(); - $config['system']['group'][$gidx]['member'][] = $userent['uid']; - break; - } - } + if (!$input_errors) { + conf_mount_rw(); + $userent = array(); + if (isset($id) && $a_user[$id]) + $userent = $a_user[$id]; - $a_user[] = $userent; - } + isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; + + /* the user name was modified */ + if ($_POST['usernamefld'] <> $_POST['oldusername']) + $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - local_user_set_groups($userent,$_POST['groups']); - local_user_set($userent); - write_config(); + /* the user password was mofified */ + if ($_POST['passwordfld1']) + local_user_set_password($userent, $_POST['passwordfld1']); - if(is_dir("/etc/inc/privhooks")) - run_plugins("/etc/inc/privhooks"); + $userent['name'] = $_POST['usernamefld']; + $userent['descr'] = $_POST['descr']; + $userent['expires'] = $_POST['expires']; + $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); + $userent['ipsecpsk'] = $_POST['ipsecpsk']; + + if($_POST['disabled']) + $userent['disabled'] = true; + else + unset($userent['disabled']); + + if (isset($id) && $a_user[$id]) + $a_user[$id] = $userent; + else { + if (!empty($_POST['name'])) { + $cert = array(); + $cert['refid'] = uniqid(); + $userent['cert'] = array(); + + $cert['descr'] = $_POST['name']; + + $subject = cert_get_subject_array($ca['crt']); + + $dn = array( + 'countryName' => $subject[0]['v'], + 'stateOrProvinceName' => $subject[1]['v'], + 'localityName' => $subject[2]['v'], + 'organizationName' => $subject[3]['v'], + 'emailAddress' => $subject[4]['v'], + 'commonName' => $userent['name']); + + cert_create($cert, $_POST['caref'], $_POST['keylen'], + (int)$_POST['lifetime'], $dn); + + if (!is_array($config['cert'])) + $config['cert'] = array(); + $config['cert'][] = $cert; + $userent['cert'][] = $cert['refid']; + } + $userent['uid'] = $config['system']['nextuid']++; + /* Add the user to All Users group. */ + foreach ($config['system']['group'] as $gidx => $group) { + if ($group['name'] == "all") { + if (!is_array($config['system']['group'][$gidx]['member'])) + $config['system']['group'][$gidx]['member'] = array(); + $config['system']['group'][$gidx]['member'][] = $userent['uid']; + break; + } + } - conf_mount_ro(); - - pfSenseHeader("system_usermanager.php"); + $a_user[] = $userent; } + + local_user_set_groups($userent,$_POST['groups']); + local_user_set($userent); + write_config(); + + if(is_dir("/etc/inc/privhooks")) + run_plugins("/etc/inc/privhooks"); + + conf_mount_ro(); + + pfSenseHeader("system_usermanager.php"); } +} - include("head.inc"); +include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> @@ -871,98 +864,4 @@ function sshkeyClicked(obj) { </table> <?php include("fend.inc");?> </body> - -<?php - - // end admin user code - -} else { - - // start normal user code - - $pgtitle = array(gettext("System"),gettext("User Password")); - - if (isset($_POST['save'])) { - unset($input_errors); - - /* input validation */ - $reqdfields = explode(" ", "passwordfld1"); - $reqdfieldsn = array(gettext("Password")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['passwordfld1'] != $_POST['passwordfld2']) - $input_errors[] = gettext("The passwords do not match."); - - if (!$input_errors) { - // all values are okay --> saving changes - $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); - local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]); - write_config(); - $savemsg = gettext("Password successfully changed") . "<br />"; - } - } - - /* determine if user is not local to system */ - $islocal = false; - foreach($config['system']['user'] as $user) - if($user['name'] == $_SESSION['Username']) - $islocal = true; -?> - -<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php - include("head.inc"); - include("fbegin.inc"); - if ($input_errors) - print_input_errors($input_errors); - if ($savemsg) - print_info_box($savemsg); - - if($islocal == false) { - echo gettext("Sorry, you cannot change the password for a LDAP user."); - include("fend.inc"); - exit; - } -?> -<div id="mainarea"> - <div class="tabcont"> - <form action="system_usermanager.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> - <?=gettext("(confirmation)");?> - <br/> - <span class="vexpl"> - <?=gettext("Select a new password");?> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - </td> - </tr> - </table> - </form> - </div> -</div> -<?php include("fend.inc");?> -</body> - -<?php - -} // end of normal user code - -?> +</html> diff --git a/usr/local/www/system_usermanager_passwordmg.php b/usr/local/www/system_usermanager_passwordmg.php new file mode 100644 index 0000000..b8b3f76 --- /dev/null +++ b/usr/local/www/system_usermanager_passwordmg.php @@ -0,0 +1,128 @@ +<?php +/* $Id$ */ +/* + Copyright (C) 2011 Ermal Luçi + system_usermanager.php + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: + pfSense_MODULE: auth +*/ + +##|+PRIV +##|*IDENT=page-system-usermanager-passwordmg +##|*NAME=System: User Password Manager page +##|*DESCR=Allow access to the 'System: User Password Manager' page. +##|*MATCH=system_usermanager_passwordmg.php* +##|-PRIV + +require_once("certs.inc"); +require_once("guiconfig.inc"); + +$pgtitle = array(gettext("System"),gettext("User Password")); + +if (isset($_POST['save'])) { + unset($input_errors); + /* input validation */ + + $reqdfields = explode(" ", "passwordfld1"); + $reqdfieldsn = array(gettext("Password")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['passwordfld1'] != $_POST['passwordfld2']) + $input_errors[] = gettext("The passwords do not match."); + + if (!$input_errors) { + // all values are okay --> saving changes + $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); + local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]); + + write_config(); + + $savemsg = gettext("Password successfully changed") . "<br />"; + } +} + +/* determine if user is not local to system */ +$islocal = false; +foreach($config['system']['user'] as $user) + if($user['name'] == $_SESSION['Username']) + $islocal = true; + +?> + +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php +include("head.inc"); +include("fbegin.inc"); + +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); + +if ($islocal == false) { + echo gettext("Sorry, you cannot change the password for a non-local user."); + include("fend.inc"); + exit; +} + +?> + +<div id="mainarea"> + <div class="tabcont"> + <form action="system_usermanager_passwordmg.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> + <?=gettext("(confirmation)");?> + <br/> + <span class="vexpl"> + <?=gettext("Select a new password");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + </td> + </tr> + </table> + </form> + </div> +</div> +<?php include("fend.inc");?> +</body> +</html> diff --git a/usr/local/www/themes/pfsense_ng/all.css b/usr/local/www/themes/pfsense_ng/all.css index 650d52d..b89299d 100644 --- a/usr/local/www/themes/pfsense_ng/all.css +++ b/usr/local/www/themes/pfsense_ng/all.css @@ -1333,7 +1333,7 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { cursor: default; - background-color: #EEEEEE; +<!-- background-color: #EEEEEE; this causing light gray rectangles to the right of many tables in gui --> padding-right: 12px; padding-left: 12px; padding-top: 12px; diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 500700a..78d1023 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -202,7 +202,7 @@ function restore_config_section_xmlrpc($raw_params) { if (does_interface_exist("vip{$vip['vhid']}")) continue; // Skip reconfiguring this vips since nothing has changed. } else - unset($oldvips['vhid']); + unset($oldvips[$vip['vhid']]); } switch ($vip['mode']) { |
