Révision 1a6769a6
Ajouté par Renato Botelho il y a plus de 9 ans
usr/local/www/system_usermanager.php | ||
---|---|---|
53 | 53 |
// start admin user code |
54 | 54 |
$pgtitle = array(gettext("System"),gettext("User Manager")); |
55 | 55 |
|
56 |
if (is_numericint($_GET['id'])) |
|
57 |
$id = $_GET['id']; |
|
58 |
if (isset($_POST['id']) && is_numericint($_POST['id'])) |
|
59 |
$id = $_POST['id']; |
|
56 |
if (isset($_POST['userid']) && is_numericint($_POST['userid'])) |
|
57 |
$id = $_POST['userid']; |
|
60 | 58 |
|
61 |
if (!is_array($config['system']['user'])) |
|
59 |
if (!isset($config['system']['user']) || !is_array($config['system']['user']))
|
|
62 | 60 |
$config['system']['user'] = array(); |
63 | 61 |
|
64 | 62 |
$a_user = &$config['system']['user']; |
... | ... | |
81 | 79 |
$pconfig['disabled'] = isset($a_user[$id]['disabled']); |
82 | 80 |
} |
83 | 81 |
|
84 |
if ($_GET['act'] == "deluser") {
|
|
82 |
if ($_POST['act'] == "deluser") {
|
|
85 | 83 |
|
86 | 84 |
if (!$a_user[$id]) { |
87 | 85 |
pfSenseHeader("system_usermanager.php"); |
... | ... | |
97 | 95 |
$savemsg = gettext("User")." {$userdeleted} ". |
98 | 96 |
gettext("successfully deleted")."<br />"; |
99 | 97 |
} |
100 |
else if ($_GET['act'] == "delpriv") {
|
|
98 |
else if ($_POST['act'] == "delpriv") {
|
|
101 | 99 |
|
102 | 100 |
if (!$a_user[$id]) { |
103 | 101 |
pfSenseHeader("system_usermanager.php"); |
104 | 102 |
exit; |
105 | 103 |
} |
106 | 104 |
|
107 |
$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
|
|
108 |
unset($a_user[$id]['priv'][$_GET['privid']]);
|
|
105 |
$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
|
|
106 |
unset($a_user[$id]['priv'][$_POST['privid']]);
|
|
109 | 107 |
local_user_set($a_user[$id]); |
110 | 108 |
write_config(); |
111 |
$_GET['act'] = "edit";
|
|
109 |
$_POST['act'] = "edit";
|
|
112 | 110 |
$savemsg = gettext("Privilege")." {$privdeleted} ". |
113 | 111 |
gettext("successfully deleted")."<br />"; |
114 | 112 |
} |
115 |
else if ($_GET['act'] == "expcert") {
|
|
113 |
else if ($_POST['act'] == "expcert") {
|
|
116 | 114 |
|
117 | 115 |
if (!$a_user[$id]) { |
118 | 116 |
pfSenseHeader("system_usermanager.php"); |
119 | 117 |
exit; |
120 | 118 |
} |
121 | 119 |
|
122 |
$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
|
|
120 |
$cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
|
|
123 | 121 |
|
124 | 122 |
$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); |
125 | 123 |
$exp_data = base64_decode($cert['crt']); |
... | ... | |
131 | 129 |
echo $exp_data; |
132 | 130 |
exit; |
133 | 131 |
} |
134 |
else if ($_GET['act'] == "expckey") {
|
|
132 |
else if ($_POST['act'] == "expckey") {
|
|
135 | 133 |
|
136 | 134 |
if (!$a_user[$id]) { |
137 | 135 |
pfSenseHeader("system_usermanager.php"); |
138 | 136 |
exit; |
139 | 137 |
} |
140 | 138 |
|
141 |
$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
|
|
139 |
$cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
|
|
142 | 140 |
|
143 | 141 |
$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); |
144 | 142 |
$exp_data = base64_decode($cert['prv']); |
... | ... | |
150 | 148 |
echo $exp_data; |
151 | 149 |
exit; |
152 | 150 |
} |
153 |
else if ($_GET['act'] == "delcert") {
|
|
151 |
else if ($_POST['act'] == "delcert") {
|
|
154 | 152 |
|
155 | 153 |
if (!$a_user[$id]) { |
156 | 154 |
pfSenseHeader("system_usermanager.php"); |
157 | 155 |
exit; |
158 | 156 |
} |
159 | 157 |
|
160 |
$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
|
|
158 |
$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
|
|
161 | 159 |
$certdeleted = $certdeleted['descr']; |
162 |
unset($a_user[$id]['cert'][$_GET['certid']]);
|
|
160 |
unset($a_user[$id]['cert'][$_POST['certid']]);
|
|
163 | 161 |
write_config(); |
164 |
$_GET['act'] = "edit";
|
|
162 |
$_POST['act'] = "edit";
|
|
165 | 163 |
$savemsg = gettext("Certificate")." {$certdeleted} ". |
166 | 164 |
gettext("association removed.")."<br />"; |
167 | 165 |
} |
168 |
else if ($_GET['act'] == "new") {
|
|
166 |
else if ($_POST['act'] == "new") {
|
|
169 | 167 |
/* |
170 | 168 |
* set this value cause the text field is read only |
171 | 169 |
* and the user should not be able to mess with this |
... | ... | |
175 | 173 |
$pconfig['lifetime'] = 3650; |
176 | 174 |
} |
177 | 175 |
|
178 |
if ($_POST) { |
|
176 |
if ($_POST['save']) {
|
|
179 | 177 |
unset($input_errors); |
180 | 178 |
$pconfig = $_POST; |
181 | 179 |
|
... | ... | |
469 | 467 |
<td id="mainarea"> |
470 | 468 |
<div class="tabcont"> |
471 | 469 |
<?php |
472 |
if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors):
|
|
470 |
if ($_POST['act'] == "new" || $_POST['act'] == "edit" || $input_errors):
|
|
473 | 471 |
?> |
474 | 472 |
<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> |
473 |
<input type="hidden" id="act" name="act" value="" /> |
|
474 |
<input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" /> |
|
475 |
<input type="hidden" id="privid" name="privid" value="" /> |
|
476 |
<input type="hidden" id="certid" name="certid" value="" /> |
|
475 | 477 |
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> |
476 | 478 |
<?php |
477 | 479 |
$ro = ""; |
... | ... | |
628 | 630 |
<?php |
629 | 631 |
if (!$group): |
630 | 632 |
?> |
631 |
<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')"> |
|
632 |
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /> |
|
633 |
</a> |
|
633 |
<input type="image" name="delpriv[]" width="17" height="17" border="0" |
|
634 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
635 |
onclick="document.getElementById('privid').value='<?=$i;?>'; |
|
636 |
document.getElementById('userid').value='<?=$id;?>'; |
|
637 |
document.getElementById('act').value='<?php echo "delpriv";?>'; |
|
638 |
return confirm('<?=gettext("Do you really want to delete this privilege?");?>');" |
|
639 |
title="<?=gettext("delete privilege");?>" /> |
|
634 | 640 |
<?php |
635 | 641 |
endif; |
636 | 642 |
?> |
... | ... | |
686 | 692 |
<?=htmlspecialchars($ca['descr']);?> |
687 | 693 |
</td> |
688 | 694 |
<td valign="middle" class="list nowrap"> |
689 |
<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>"> |
|
690 |
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" /> |
|
691 |
</a> |
|
692 |
<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>"> |
|
693 |
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" /> |
|
694 |
</a> |
|
695 |
<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')"> |
|
696 |
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" /> |
|
697 |
</a> |
|
695 |
<input type="image" name="expckey[]" width="17" height="17" border="0" |
|
696 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_down.gif" |
|
697 |
onclick="document.getElementById('certid').value='<?=$i;?>'; |
|
698 |
document.getElementById('userid').value='<?=$id;?>'; |
|
699 |
document.getElementById('act').value='<?php echo "expckey";?>';" |
|
700 |
title="<?=gettext("export private key");?>" /> |
|
701 |
<input type="image" name="expcert[]" width="17" height="17" border="0" |
|
702 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_down.gif" |
|
703 |
onclick="document.getElementById('certid').value='<?=$i;?>'; |
|
704 |
document.getElementById('userid').value='<?=$id;?>'; |
|
705 |
document.getElementById('act').value='<?php echo "expcert";?>';" |
|
706 |
title="<?=gettext("export cert");?>" /> |
|
707 |
<input type="image" name="delcert[]" width="17" height="17" border="0" |
|
708 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
709 |
onclick="document.getElementById('certid').value='<?=$i;?>'; |
|
710 |
document.getElementById('userid').value='<?=$id;?>'; |
|
711 |
document.getElementById('act').value='<?php echo "delcert";?>'; |
|
712 |
return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')" |
|
713 |
title="<?=gettext("delete cert");?>" /> |
|
698 | 714 |
</td> |
699 | 715 |
</tr> |
700 | 716 |
<?php |
... | ... | |
839 | 855 |
<?php |
840 | 856 |
else: |
841 | 857 |
?> |
842 |
<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> |
|
843 |
<thead> |
|
844 |
<tr> |
|
845 |
<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th> |
|
846 |
<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th> |
|
847 |
<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th> |
|
848 |
<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th> |
|
849 |
<th width="10%" class="list"></th> |
|
850 |
</tr> |
|
851 |
</thead> |
|
852 |
<tfoot> |
|
853 |
<tr> |
|
854 |
<td class="list" colspan="4"></td> |
|
855 |
<td class="list"> |
|
856 |
<a href="system_usermanager.php?act=new"> |
|
857 |
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" /> |
|
858 |
</a> |
|
859 |
</td> |
|
860 |
</tr> |
|
861 |
<tr> |
|
862 |
<td colspan="4"> |
|
863 |
<p> |
|
864 |
<?=gettext("Additional users can be added here. User permissions for accessing " . |
|
865 |
"the webConfigurator can be assigned directly or inherited from group memberships. " . |
|
866 |
"An icon that appears grey indicates that it is a system defined object. " . |
|
867 |
"Some system object properties can be modified but they cannot be deleted."); ?> |
|
868 |
<br /><br /> |
|
869 |
<?=gettext("Accounts created here are also used for other parts of the system " . |
|
870 |
"such as OpenVPN, IPsec, and Captive Portal.");?> |
|
871 |
</p> |
|
872 |
</td> |
|
873 |
</tr> |
|
874 |
</tfoot> |
|
875 |
<tbody> |
|
876 |
<?php |
|
877 |
$i = 0; |
|
878 |
foreach($a_user as $userent): |
|
879 |
?> |
|
880 |
<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'"> |
|
881 |
<td class="listlr"> |
|
882 |
<table border="0" cellpadding="0" cellspacing="0" summary="icons"> |
|
883 |
<tr> |
|
884 |
<td align="left" valign="middle"> |
|
885 |
<?php |
|
886 |
if($userent['scope'] != "user") |
|
887 |
$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png"; |
|
888 |
else |
|
889 |
$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png"; |
|
890 |
?> |
|
891 |
<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" /> |
|
892 |
</td> |
|
893 |
<td align="left" valign="middle"> |
|
894 |
<?=htmlspecialchars($userent['name']);?> |
|
895 |
</td> |
|
896 |
</tr> |
|
897 |
</table> |
|
898 |
</td> |
|
899 |
<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td> |
|
900 |
<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td> |
|
901 |
<td class="listbg"> |
|
902 |
<?=implode(",",local_user_get_groups($userent));?> |
|
903 |
|
|
904 |
</td> |
|
905 |
<td valign="middle" class="list nowrap"> |
|
906 |
<a href="system_usermanager.php?act=edit&id=<?=$i;?>"> |
|
907 |
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" /> |
|
908 |
</a> |
|
909 |
<?php |
|
910 |
if($userent['scope'] != "system"): |
|
911 |
?> |
|
912 |
|
|
913 |
<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')"> |
|
914 |
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" /> |
|
915 |
</a> |
|
916 |
<?php |
|
917 |
endif; |
|
918 |
?> |
|
919 |
</td> |
|
920 |
</tr> |
|
921 |
<?php |
|
922 |
$i++; |
|
923 |
endforeach; |
|
924 |
?> |
|
925 |
</tbody> |
|
926 |
</table> |
|
858 |
<form action="system_usermanager.php" method="post" name="iform2" id="iform2"> |
|
859 |
<input type="hidden" id="act" name="act" value="" /> |
|
860 |
<input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" /> |
|
861 |
<input type="hidden" id="privid" name="privid" value="" /> |
|
862 |
<input type="hidden" id="certid" name="certid" value="" /> |
|
863 |
<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> |
|
864 |
<thead> |
|
865 |
<tr> |
|
866 |
<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th> |
|
867 |
<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th> |
|
868 |
<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th> |
|
869 |
<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th> |
|
870 |
<th width="10%" class="list"></th> |
|
871 |
</tr> |
|
872 |
</thead> |
|
873 |
<tfoot> |
|
874 |
<tr> |
|
875 |
<td class="list" colspan="4"></td> |
|
876 |
<td class="list"> |
|
877 |
<input type="image" name="addcert" width="17" height="17" border="0" |
|
878 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" |
|
879 |
onclick="document.getElementById('act').value='<?php echo "new";?>';" |
|
880 |
title="<?=gettext("add user");?>" /> |
|
881 |
</td> |
|
882 |
</tr> |
|
883 |
<tr> |
|
884 |
<td colspan="4"> |
|
885 |
<p> |
|
886 |
<?=gettext("Additional users can be added here. User permissions for accessing " . |
|
887 |
"the webConfigurator can be assigned directly or inherited from group memberships. " . |
|
888 |
"An icon that appears grey indicates that it is a system defined object. " . |
|
889 |
"Some system object properties can be modified but they cannot be deleted."); ?> |
|
890 |
<br /><br /> |
|
891 |
<?=gettext("Accounts created here are also used for other parts of the system " . |
|
892 |
"such as OpenVPN, IPsec, and Captive Portal.");?> |
|
893 |
</p> |
|
894 |
</td> |
|
895 |
</tr> |
|
896 |
</tfoot> |
|
897 |
<tbody> |
|
898 |
<?php |
|
899 |
$i = 0; |
|
900 |
foreach($a_user as $userent): |
|
901 |
?> |
|
902 |
<tr ondblclick="document.getElementById('act').value='<?php echo "edit";?>'; |
|
903 |
document.getElementById('userid').value='<?=$i;?>'; |
|
904 |
document.iform2.submit();"> |
|
905 |
<td class="listlr"> |
|
906 |
<table border="0" cellpadding="0" cellspacing="0" summary="icons"> |
|
907 |
<tr> |
|
908 |
<td align="left" valign="middle"> |
|
909 |
<?php |
|
910 |
if($userent['scope'] != "user") |
|
911 |
$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png"; |
|
912 |
else |
|
913 |
$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png"; |
|
914 |
?> |
|
915 |
<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" /> |
|
916 |
</td> |
|
917 |
<td align="left" valign="middle"> |
|
918 |
<?=htmlspecialchars($userent['name']);?> |
|
919 |
</td> |
|
920 |
</tr> |
|
921 |
</table> |
|
922 |
</td> |
|
923 |
<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td> |
|
924 |
<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td> |
|
925 |
<td class="listbg"> |
|
926 |
<?=implode(",",local_user_get_groups($userent));?> |
|
927 |
|
|
928 |
</td> |
|
929 |
<td valign="middle" class="list nowrap"> |
|
930 |
<input type="image" name="edituser[]" width="17" height="17" border="0" |
|
931 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" |
|
932 |
onclick="document.getElementById('userid').value='<?=$i;?>'; |
|
933 |
document.getElementById('act').value='<?php echo "edit";?>';" |
|
934 |
title="<?=gettext("edit user");?>" /> |
|
935 |
<?php |
|
936 |
if($userent['scope'] != "system"): |
|
937 |
?> |
|
938 |
|
|
939 |
<input type="image" name="deluser[]" width="17" height="17" border="0" |
|
940 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
941 |
onclick="document.getElementById('userid').value='<?=$i;?>'; |
|
942 |
document.getElementById('act').value='<?php echo "deluser";?>'; |
|
943 |
return confirm('<?=gettext("Do you really want to delete this user?");?>');" |
|
944 |
title="<?=gettext("delete user");?>" /> |
|
945 |
<?php |
|
946 |
endif; |
|
947 |
?> |
|
948 |
</td> |
|
949 |
</tr> |
|
950 |
<?php |
|
951 |
$i++; |
|
952 |
endforeach; |
|
953 |
?> |
|
954 |
</tbody> |
|
955 |
</table> |
|
956 |
</form> |
|
927 | 957 |
<?php |
928 | 958 |
endif; |
929 | 959 |
?> |
Formats disponibles : Unified diff
Replace GET by POST on system_usermanager.php and make necessary adjustments on necessary pages. It fixes #3856