summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/fbegin.inc5
-rwxr-xr-xusr/local/www/firewall_aliases.php2
-rwxr-xr-xusr/local/www/guiconfig.inc4
-rwxr-xr-xusr/local/www/interfaces.php4
-rwxr-xr-xusr/local/www/services_captiveportal.php3
-rwxr-xr-xusr/local/www/services_wol.php2
-rwxr-xr-xusr/local/www/status_interfaces.php2
-rw-r--r--usr/local/www/system_usermanager.php591
-rw-r--r--usr/local/www/system_usermanager_passwordmg.php128
-rw-r--r--usr/local/www/themes/pfsense_ng/all.css2
-rwxr-xr-xusr/local/www/xmlrpc.php2
11 files changed, 388 insertions, 357 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index e2f5d72..a35e897 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -89,7 +89,10 @@ if ($g['platform'] == "pfSense" or $g['platform'] == "nanobsd")
$system_menu[] = array("Setup Wizard", "/wizard.php?xml=setup_wizard.xml");
$system_menu[] = array("Routing", "/system_gateways.php");
$system_menu[] = array("Cert Manager", "/system_camanager.php");
-$system_menu[] = array("User Manager", "/system_usermanager.php");
+if (!isAllowedPage("system_usermanager.php*"))
+ $system_menu[] = array("User Manager", "/system_usermanager_passwordmg.php");
+else
+ $system_menu[] = array("User Manager", "/system_usermanager.php");
$system_menu = msort(array_merge($system_menu, return_ext_menu("System")),0);
// Interfaces
diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php
index 4a16bac..575240c 100755
--- a/usr/local/www/firewall_aliases.php
+++ b/usr/local/www/firewall_aliases.php
@@ -160,7 +160,7 @@ include("head.inc");
<?php print_info_box_np(gettext("The alias list has been changed.") . "<br>" . gettext("You must apply the changes in order for them to take effect."));?>
<?php endif; ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont">
<tr>
<td width="25%" class="listhdrr"><?=gettext("Name"); ?></td>
<td width="25%" class="listhdrr"><?=gettext("Values"); ?></td>
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index 3c576b9..940eb34 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -249,6 +249,7 @@ function print_input_errors($input_errors) {
global $g;
print <<<EOF
+ <div id='inputerrorsdiv' name='inputerrorsdiv'>
<p>
<table border="0" cellspacing="0" cellpadding="4" width="100%">
<tr>
@@ -269,6 +270,7 @@ EOF;
</span>
</td></tr>
</table>
+ </div>
</p>&nbsp;<br>
EOF2;
@@ -1090,4 +1092,4 @@ function rule_popup($src,$srcport,$dst,$dstport){
}
}
-?>
+?> \ No newline at end of file
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 41957c5..66aed5b 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -1271,7 +1271,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"),
<?php endif; ?>
<br>
<?=gettext("This field can be used to modify (\"spoof\") the MAC " .
- "address of the WAN interface"); ?><br>
+ "address of this interface"); ?><br>
<?=gettext("(may be required with some cable connections)"); ?><br>
<?=gettext("Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx " .
"or leave blank"); ?>
@@ -1320,7 +1320,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"),
}
}
echo '</select><br>';
- echo gettext("Here you can explicitely set up speed and duplex mode for the interface.");
+ echo gettext("Here you can explicitly set speed and duplex mode for this interface. WARNING: You MUST leave this set to autonegotiate unless the port this interface connects to has its speed and duplex forced.");
echo '</div>';
echo '</td>';
echo '</tr>';
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 586e569..4526028 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -520,8 +520,7 @@ value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client
</tr>
<tr>
<td class="vncell" valign="top"><?=gettext("Shared secret"); ?>&nbsp;&nbsp;</td>
- <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16"
-value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
+ <td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
</tr>
<tr>
<td colspan="2" class="list" height="12"></td>
diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php
index cdc3e6a..37d4155 100755
--- a/usr/local/www/services_wol.php
+++ b/usr/local/www/services_wol.php
@@ -156,7 +156,7 @@ include("head.inc");
&nbsp;<br>
<?=gettext("Wake all clients at once: ");?><a href="services_wol.php?wakeall=true"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_wol_all.gif" width="17" height="17" border="0"></a><p/>
<?=gettext("Or Click the MAC address to wake up an individual device:");?>
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont">
<tr>
<td width="15%" class="listhdrr"><?=gettext("Interface");?></td>
<td width="25%" class="listhdrr"><?=gettext("MAC address");?></td>
diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php
index 32dcbae..61ce262 100755
--- a/usr/local/www/status_interfaces.php
+++ b/usr/local/www/status_interfaces.php
@@ -180,7 +180,7 @@ include("head.inc");
<?php
$mac=$ifinfo['macaddr'];
$mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]);
- if(isset($mac_man[$mac_hi])){ print "<span title=\"$mac\">" . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; }
+ if(isset($mac_man[$mac_hi])){ print "<span>" . $mac . " - " . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; }
else {print htmlspecialchars($mac);}
?>
</td>
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index cc6c4f1..783eb0f 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -49,311 +49,304 @@
require("certs.inc");
require("guiconfig.inc");
-if (isAllowedPage("system_usermanager.php*")) {
- // start admin user code
- $pgtitle = array(gettext("System"),gettext("User Manager"));
+// start admin user code
+$pgtitle = array(gettext("System"),gettext("User Manager"));
- $id = $_GET['id'];
- if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
- if (!is_array($config['system']['user']))
- $config['system']['user'] = array();
+if (!is_array($config['system']['user']))
+ $config['system']['user'] = array();
- $a_user = &$config['system']['user'];
+$a_user = &$config['system']['user'];
- if ($_GET['act'] == "deluser") {
+if ($_GET['act'] == "deluser") {
- if (!$a_user[$id]) {
- pfSenseHeader("system_usermanager.php");
- exit;
- }
-
- local_user_del($a_user[$id]);
- $userdeleted = $a_user[$id]['name'];
- unset($a_user[$id]);
- write_config();
- $savemsg = gettext("User")." {$userdeleted} ".
- gettext("successfully deleted")."<br/>";
+ if (!$a_user[$id]) {
+ pfSenseHeader("system_usermanager.php");
+ exit;
}
- if ($_GET['act'] == "delpriv") {
-
- if (!$a_user[$id]) {
- pfSenseHeader("system_usermanager.php");
- exit;
- }
+ local_user_del($a_user[$id]);
+ $userdeleted = $a_user[$id]['name'];
+ unset($a_user[$id]);
+ write_config();
+ $savemsg = gettext("User")." {$userdeleted} ".
+ gettext("successfully deleted")."<br/>";
+}
+else if ($_GET['act'] == "delpriv") {
- $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
- unset($a_user[$id]['priv'][$_GET['privid']]);
- local_user_set($a_user[$id]);
- write_config();
- $_GET['act'] = "edit";
- $savemsg = gettext("Privilege")." {$privdeleted} ".
- gettext("successfully deleted")."<br/>";
+ if (!$a_user[$id]) {
+ pfSenseHeader("system_usermanager.php");
+ exit;
}
- if ($_GET['act'] == "expcert") {
-
- if (!$a_user[$id]) {
- pfSenseHeader("system_usermanager.php");
- exit;
- }
-
- $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
-
- $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
- $exp_data = base64_decode($cert['crt']);
- $exp_size = strlen($exp_data);
+ $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
+ unset($a_user[$id]['priv'][$_GET['privid']]);
+ local_user_set($a_user[$id]);
+ write_config();
+ $_GET['act'] = "edit";
+ $savemsg = gettext("Privilege")." {$privdeleted} ".
+ gettext("successfully deleted")."<br/>";
+}
+else if ($_GET['act'] == "expcert") {
- header("Content-Type: application/octet-stream");
- header("Content-Disposition: attachment; filename={$exp_name}");
- header("Content-Length: $exp_size");
- echo $exp_data;
+ if (!$a_user[$id]) {
+ pfSenseHeader("system_usermanager.php");
exit;
}
- if ($_GET['act'] == "expckey") {
-
- if (!$a_user[$id]) {
- pfSenseHeader("system_usermanager.php");
- exit;
- }
+ $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
- $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
+ $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
+ $exp_data = base64_decode($cert['crt']);
+ $exp_size = strlen($exp_data);
- $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
- $exp_data = base64_decode($cert['prv']);
- $exp_size = strlen($exp_data);
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename={$exp_name}");
+ header("Content-Length: $exp_size");
+ echo $exp_data;
+ exit;
+}
+else if ($_GET['act'] == "expckey") {
- header("Content-Type: application/octet-stream");
- header("Content-Disposition: attachment; filename={$exp_name}");
- header("Content-Length: $exp_size");
- echo $exp_data;
+ if (!$a_user[$id]) {
+ pfSenseHeader("system_usermanager.php");
exit;
}
- if ($_GET['act'] == "delcert") {
+ $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
- if (!$a_user[$id]) {
- pfSenseHeader("system_usermanager.php");
- exit;
- }
+ $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
+ $exp_data = base64_decode($cert['prv']);
+ $exp_size = strlen($exp_data);
- $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
- $certdeleted = $certdeleted['descr'];
- unset($a_user[$id]['cert'][$_GET['certid']]);
- write_config();
- $_GET['act'] = "edit";
- $savemsg = gettext("Certificate")." {$certdeleted} ".
- gettext("association removed.")."<br/>";
- }
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename={$exp_name}");
+ header("Content-Length: $exp_size");
+ echo $exp_data;
+ exit;
+}
+else if ($_GET['act'] == "delcert") {
- if ($_GET['act'] == "edit") {
- if (isset($id) && $a_user[$id]) {
- $pconfig['usernamefld'] = $a_user[$id]['name'];
- $pconfig['descr'] = $a_user[$id]['descr'];
- $pconfig['expires'] = $a_user[$id]['expires'];
- $pconfig['groups'] = local_user_get_groups($a_user[$id]);
- $pconfig['utype'] = $a_user[$id]['scope'];
- $pconfig['uid'] = $a_user[$id]['uid'];
- $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
- $pconfig['priv'] = $a_user[$id]['priv'];
- $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
- $pconfig['disabled'] = isset($a_user[$id]['disabled']);
- }
+ if (!$a_user[$id]) {
+ pfSenseHeader("system_usermanager.php");
+ exit;
}
- if ($_GET['act'] == "new") {
- /*
- * set this value cause the text field is read only
- * and the user should not be able to mess with this
- * setting.
- */
- $pconfig['utype'] = "user";
- $pconfig['lifetime'] = 3650;
+ $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
+ $certdeleted = $certdeleted['descr'];
+ unset($a_user[$id]['cert'][$_GET['certid']]);
+ write_config();
+ $_GET['act'] = "edit";
+ $savemsg = gettext("Certificate")." {$certdeleted} ".
+ gettext("association removed.")."<br/>";
+}
+else if ($_GET['act'] == "edit") {
+ if (isset($id) && $a_user[$id]) {
+ $pconfig['usernamefld'] = $a_user[$id]['name'];
+ $pconfig['descr'] = $a_user[$id]['descr'];
+ $pconfig['expires'] = $a_user[$id]['expires'];
+ $pconfig['groups'] = local_user_get_groups($a_user[$id]);
+ $pconfig['utype'] = $a_user[$id]['scope'];
+ $pconfig['uid'] = $a_user[$id]['uid'];
+ $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
+ $pconfig['priv'] = $a_user[$id]['priv'];
+ $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
+ $pconfig['disabled'] = isset($a_user[$id]['disabled']);
}
+}
+else if ($_GET['act'] == "new") {
+ /*
+ * set this value cause the text field is read only
+ * and the user should not be able to mess with this
+ * setting.
+ */
+ $pconfig['utype'] = "user";
+ $pconfig['lifetime'] = 3650;
+}
- if ($_POST) {
- unset($input_errors);
- $pconfig = $_POST;
+if ($_POST) {
+ unset($input_errors);
+ $pconfig = $_POST;
- /* input validation */
- if (isset($id) && ($a_user[$id])) {
- $reqdfields = explode(" ", "usernamefld");
- $reqdfieldsn = array(gettext("Username"));
+ /* input validation */
+ if (isset($id) && ($a_user[$id])) {
+ $reqdfields = explode(" ", "usernamefld");
+ $reqdfieldsn = array(gettext("Username"));
+ } else {
+ if (empty($_POST['name'])) {
+ $reqdfields = explode(" ", "usernamefld passwordfld1");
+ $reqdfieldsn = array(
+ gettext("Username"),
+ gettext("Password"));
} else {
- if (empty($_POST['name'])) {
- $reqdfields = explode(" ", "usernamefld passwordfld1");
- $reqdfieldsn = array(
- gettext("Username"),
- gettext("Password"));
- } else {
- $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
- $reqdfieldsn = array(
- gettext("Username"),
- gettext("Password"),
- gettext("Descriptive name"),
- gettext("Certificate authority"),
- gettext("Key length"),
- gettext("Lifetime"));
- }
+ $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
+ $reqdfieldsn = array(
+ gettext("Username"),
+ gettext("Password"),
+ gettext("Descriptive name"),
+ gettext("Certificate authority"),
+ gettext("Key length"),
+ gettext("Lifetime"));
}
+ }
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
- $input_errors[] = gettext("The username contains invalid characters.");
+ if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
+ $input_errors[] = gettext("The username contains invalid characters.");
- if (strlen($_POST['usernamefld']) > 16)
- $input_errors[] = gettext("The username is longer than 16 characters.");
+ if (strlen($_POST['usernamefld']) > 16)
+ $input_errors[] = gettext("The username is longer than 16 characters.");
- if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
- $input_errors[] = gettext("The passwords do not match.");
+ if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
+ $input_errors[] = gettext("The passwords do not match.");
- if (isset($id) && $a_user[$id])
- $oldusername = $a_user[$id]['name'];
- else
- $oldusername = "";
- /* make sure this user name is unique */
- if (!$input_errors) {
- foreach ($a_user as $userent) {
- if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
- $input_errors[] = gettext("Another entry with the same username already exists.");
- break;
- }
+ if (isset($id) && $a_user[$id])
+ $oldusername = $a_user[$id]['name'];
+ else
+ $oldusername = "";
+ /* make sure this user name is unique */
+ if (!$input_errors) {
+ foreach ($a_user as $userent) {
+ if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
+ $input_errors[] = gettext("Another entry with the same username already exists.");
+ break;
}
}
- /* also make sure it is not reserved */
- if (!$input_errors) {
- $system_users = explode("\n", file_get_contents("/etc/passwd"));
- foreach ($system_users as $s_user) {
- $ent = explode(":", $s_user);
- if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
- $input_errors[] = gettext("That username is reserved by the system.");
- break;
- }
+ }
+ /* also make sure it is not reserved */
+ if (!$input_errors) {
+ $system_users = explode("\n", file_get_contents("/etc/passwd"));
+ foreach ($system_users as $s_user) {
+ $ent = explode(":", $s_user);
+ if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
+ $input_errors[] = gettext("That username is reserved by the system.");
+ break;
}
}
+ }
- /*
- * Check for a valid expirationdate if one is set at all (valid means,
- * strtotime() puts out a time stamp so any strtotime compatible time
- * format may be used. to keep it simple for the enduser, we only
- * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
- * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
- * Otherwhise such an entry would lead to an invalid expiration data.
- */
- if ($_POST['expires']){
- if(strtotime($_POST['expires']) > 0){
- if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
- // Allow items to lie in the past which ends up disabling.
- } else {
- //convert from any strtotime compatible date to MM/DD/YYYY
- $expdate = strtotime($_POST['expires']);
- $_POST['expires'] = date("m/d/Y",$expdate);
- }
+ /*
+ * Check for a valid expirationdate if one is set at all (valid means,
+ * strtotime() puts out a time stamp so any strtotime compatible time
+ * format may be used. to keep it simple for the enduser, we only
+ * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
+ * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
+ * Otherwhise such an entry would lead to an invalid expiration data.
+ */
+ if ($_POST['expires']){
+ if(strtotime($_POST['expires']) > 0){
+ if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
+ // Allow items to lie in the past which ends up disabling.
} else {
- $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
+ //convert from any strtotime compatible date to MM/DD/YYYY
+ $expdate = strtotime($_POST['expires']);
+ $_POST['expires'] = date("m/d/Y",$expdate);
}
+ } else {
+ $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
}
+ }
- if (!empty($_POST['name'])) {
- $ca = lookup_ca($_POST['caref']);
- if (!$ca)
- $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
- }
+ if (!empty($_POST['name'])) {
+ $ca = lookup_ca($_POST['caref']);
+ if (!$ca)
+ $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
+ }
- /* if this is an AJAX caller then handle via JSON */
- if (isAjax() && is_array($input_errors)) {
- input_errors2Ajax($input_errors);
- exit;
- }
+ /* if this is an AJAX caller then handle via JSON */
+ if (isAjax() && is_array($input_errors)) {
+ input_errors2Ajax($input_errors);
+ exit;
+ }
- if (!$input_errors) {
- conf_mount_rw();
- $userent = array();
- if (isset($id) && $a_user[$id])
- $userent = $a_user[$id];
-
- isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
-
- /* the user name was modified */
- if ($_POST['usernamefld'] <> $_POST['oldusername'])
- $_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
-
- /* the user password was mofified */
- if ($_POST['passwordfld1'])
- local_user_set_password($userent, $_POST['passwordfld1']);
-
- $userent['name'] = $_POST['usernamefld'];
- $userent['descr'] = $_POST['descr'];
- $userent['expires'] = $_POST['expires'];
- $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
- $userent['ipsecpsk'] = $_POST['ipsecpsk'];
-
- if($_POST['disabled'])
- $userent['disabled'] = true;
- else
- unset($userent['disabled']);
-
- if (isset($id) && $a_user[$id])
- $a_user[$id] = $userent;
- else {
- if (!empty($_POST['name'])) {
- $cert = array();
- $cert['refid'] = uniqid();
- $userent['cert'] = array();
-
- $cert['descr'] = $_POST['name'];
-
- $subject = cert_get_subject_array($ca['crt']);
-
- $dn = array(
- 'countryName' => $subject[0]['v'],
- 'stateOrProvinceName' => $subject[1]['v'],
- 'localityName' => $subject[2]['v'],
- 'organizationName' => $subject[3]['v'],
- 'emailAddress' => $subject[4]['v'],
- 'commonName' => $userent['name']);
-
- cert_create($cert, $_POST['caref'], $_POST['keylen'],
- (int)$_POST['lifetime'], $dn);
-
- if (!is_array($config['cert']))
- $config['cert'] = array();
- $config['cert'][] = $cert;
- $userent['cert'][] = $cert['refid'];
- }
- $userent['uid'] = $config['system']['nextuid']++;
- /* Add the user to All Users group. */
- foreach ($config['system']['group'] as $gidx => $group) {
- if ($group['name'] == "all") {
- if (!is_array($config['system']['group'][$gidx]['member']))
- $config['system']['group'][$gidx]['member'] = array();
- $config['system']['group'][$gidx]['member'][] = $userent['uid'];
- break;
- }
- }
+ if (!$input_errors) {
+ conf_mount_rw();
+ $userent = array();
+ if (isset($id) && $a_user[$id])
+ $userent = $a_user[$id];
- $a_user[] = $userent;
- }
+ isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
+
+ /* the user name was modified */
+ if ($_POST['usernamefld'] <> $_POST['oldusername'])
+ $_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
- local_user_set_groups($userent,$_POST['groups']);
- local_user_set($userent);
- write_config();
+ /* the user password was mofified */
+ if ($_POST['passwordfld1'])
+ local_user_set_password($userent, $_POST['passwordfld1']);
- if(is_dir("/etc/inc/privhooks"))
- run_plugins("/etc/inc/privhooks");
+ $userent['name'] = $_POST['usernamefld'];
+ $userent['descr'] = $_POST['descr'];
+ $userent['expires'] = $_POST['expires'];
+ $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
+ $userent['ipsecpsk'] = $_POST['ipsecpsk'];
+
+ if($_POST['disabled'])
+ $userent['disabled'] = true;
+ else
+ unset($userent['disabled']);
+
+ if (isset($id) && $a_user[$id])
+ $a_user[$id] = $userent;
+ else {
+ if (!empty($_POST['name'])) {
+ $cert = array();
+ $cert['refid'] = uniqid();
+ $userent['cert'] = array();
+
+ $cert['descr'] = $_POST['name'];
+
+ $subject = cert_get_subject_array($ca['crt']);
+
+ $dn = array(
+ 'countryName' => $subject[0]['v'],
+ 'stateOrProvinceName' => $subject[1]['v'],
+ 'localityName' => $subject[2]['v'],
+ 'organizationName' => $subject[3]['v'],
+ 'emailAddress' => $subject[4]['v'],
+ 'commonName' => $userent['name']);
+
+ cert_create($cert, $_POST['caref'], $_POST['keylen'],
+ (int)$_POST['lifetime'], $dn);
+
+ if (!is_array($config['cert']))
+ $config['cert'] = array();
+ $config['cert'][] = $cert;
+ $userent['cert'][] = $cert['refid'];
+ }
+ $userent['uid'] = $config['system']['nextuid']++;
+ /* Add the user to All Users group. */
+ foreach ($config['system']['group'] as $gidx => $group) {
+ if ($group['name'] == "all") {
+ if (!is_array($config['system']['group'][$gidx]['member']))
+ $config['system']['group'][$gidx]['member'] = array();
+ $config['system']['group'][$gidx]['member'][] = $userent['uid'];
+ break;
+ }
+ }
- conf_mount_ro();
-
- pfSenseHeader("system_usermanager.php");
+ $a_user[] = $userent;
}
+
+ local_user_set_groups($userent,$_POST['groups']);
+ local_user_set($userent);
+ write_config();
+
+ if(is_dir("/etc/inc/privhooks"))
+ run_plugins("/etc/inc/privhooks");
+
+ conf_mount_ro();
+
+ pfSenseHeader("system_usermanager.php");
}
+}
- include("head.inc");
+include("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
@@ -871,98 +864,4 @@ function sshkeyClicked(obj) {
</table>
<?php include("fend.inc");?>
</body>
-
-<?php
-
- // end admin user code
-
-} else {
-
- // start normal user code
-
- $pgtitle = array(gettext("System"),gettext("User Password"));
-
- if (isset($_POST['save'])) {
- unset($input_errors);
-
- /* input validation */
- $reqdfields = explode(" ", "passwordfld1");
- $reqdfieldsn = array(gettext("Password"));
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
- $input_errors[] = gettext("The passwords do not match.");
-
- if (!$input_errors) {
- // all values are okay --> saving changes
- $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
- local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]);
- write_config();
- $savemsg = gettext("Password successfully changed") . "<br />";
- }
- }
-
- /* determine if user is not local to system */
- $islocal = false;
- foreach($config['system']['user'] as $user)
- if($user['name'] == $_SESSION['Username'])
- $islocal = true;
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
-<?php
- include("head.inc");
- include("fbegin.inc");
- if ($input_errors)
- print_input_errors($input_errors);
- if ($savemsg)
- print_info_box($savemsg);
-
- if($islocal == false) {
- echo gettext("Sorry, you cannot change the password for a LDAP user.");
- include("fend.inc");
- exit;
- }
-?>
-<div id="mainarea">
- <div class="tabcont">
- <form action="system_usermanager.php" method="post" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td>
- <td width="78%" class="vtable">
- <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" />
- </td>
- </tr>
- <tr>
- <td width="78%" class="vtable">
- <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" />
- &nbsp;<?=gettext("(confirmation)");?>
- <br/>
- <span class="vexpl">
- <?=gettext("Select a new password");?>
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
- </td>
- </tr>
- </table>
- </form>
- </div>
-</div>
-<?php include("fend.inc");?>
-</body>
-
-<?php
-
-} // end of normal user code
-
-?>
+</html>
diff --git a/usr/local/www/system_usermanager_passwordmg.php b/usr/local/www/system_usermanager_passwordmg.php
new file mode 100644
index 0000000..b8b3f76
--- /dev/null
+++ b/usr/local/www/system_usermanager_passwordmg.php
@@ -0,0 +1,128 @@
+<?php
+/* $Id$ */
+/*
+ Copyright (C) 2011 Ermal Luçi
+ system_usermanager.php
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/*
+ pfSense_BUILDER_BINARIES:
+ pfSense_MODULE: auth
+*/
+
+##|+PRIV
+##|*IDENT=page-system-usermanager-passwordmg
+##|*NAME=System: User Password Manager page
+##|*DESCR=Allow access to the 'System: User Password Manager' page.
+##|*MATCH=system_usermanager_passwordmg.php*
+##|-PRIV
+
+require_once("certs.inc");
+require_once("guiconfig.inc");
+
+$pgtitle = array(gettext("System"),gettext("User Password"));
+
+if (isset($_POST['save'])) {
+ unset($input_errors);
+ /* input validation */
+
+ $reqdfields = explode(" ", "passwordfld1");
+ $reqdfieldsn = array(gettext("Password"));
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
+ $input_errors[] = gettext("The passwords do not match.");
+
+ if (!$input_errors) {
+ // all values are okay --> saving changes
+ $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
+ local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]);
+
+ write_config();
+
+ $savemsg = gettext("Password successfully changed") . "<br />";
+ }
+}
+
+/* determine if user is not local to system */
+$islocal = false;
+foreach($config['system']['user'] as $user)
+ if($user['name'] == $_SESSION['Username'])
+ $islocal = true;
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php
+include("head.inc");
+include("fbegin.inc");
+
+if ($input_errors)
+ print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+
+if ($islocal == false) {
+ echo gettext("Sorry, you cannot change the password for a non-local user.");
+ include("fend.inc");
+ exit;
+}
+
+?>
+
+<div id="mainarea">
+ <div class="tabcont">
+ <form action="system_usermanager_passwordmg.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" />
+ </td>
+ </tr>
+ <tr>
+ <td width="78%" class="vtable">
+ <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" />
+ &nbsp;<?=gettext("(confirmation)");?>
+ <br/>
+ <span class="vexpl">
+ <?=gettext("Select a new password");?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+</div>
+<?php include("fend.inc");?>
+</body>
+</html>
diff --git a/usr/local/www/themes/pfsense_ng/all.css b/usr/local/www/themes/pfsense_ng/all.css
index 650d52d..b89299d 100644
--- a/usr/local/www/themes/pfsense_ng/all.css
+++ b/usr/local/www/themes/pfsense_ng/all.css
@@ -1333,7 +1333,7 @@ div#log span.log-protocol-mini-header {
/* Sortable tables */
table.sortable thead {
cursor: default;
- background-color: #EEEEEE;
+<!-- background-color: #EEEEEE; this causing light gray rectangles to the right of many tables in gui -->
padding-right: 12px;
padding-left: 12px;
padding-top: 12px;
diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php
index 500700a..78d1023 100755
--- a/usr/local/www/xmlrpc.php
+++ b/usr/local/www/xmlrpc.php
@@ -202,7 +202,7 @@ function restore_config_section_xmlrpc($raw_params) {
if (does_interface_exist("vip{$vip['vhid']}"))
continue; // Skip reconfiguring this vips since nothing has changed.
} else
- unset($oldvips['vhid']);
+ unset($oldvips[$vip['vhid']]);
}
switch ($vip['mode']) {
OpenPOWER on IntegriCloud