/usr/local/www/system_usermanager.php - Annoter - UnivNautes - Redmine Entr’ouvert

univnautes / usr / local / www / system_usermanager.php @ 46f6eb78

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38	3ccb9689	Charlie Marshall	pfSense_BUILDER_BINARIES:
39	1d333258	Scott Ullrich	pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	31b53653	Scott Ullrich
53	e33be77c	Ermal	// start admin user code
54			$pgtitle = array(gettext("System"),gettext("User Manager"));
55	fab7ff44	Bill Marquette
56	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
57			$id = $_GET['id'];
58			if (isset($_POST['id']) && is_numericint($_POST['id']))
59	e33be77c	Ermal	$id = $_POST['id'];
60	1df17ba9	Scott Ullrich
61	3ccb9689	Charlie Marshall	if (!is_array($config['system']['user']))
62	e33be77c	Ermal	$config['system']['user'] = array();
63	1df17ba9	Scott Ullrich
64	e33be77c	Ermal	$a_user = &$config['system']['user'];
65	45ee90ed	Matthew Grooms
66	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
67			$pconfig['usernamefld'] = $a_user[$id]['name'];
68			$pconfig['descr'] = $a_user[$id]['descr'];
69			$pconfig['expires'] = $a_user[$id]['expires'];
70			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
71			$pconfig['utype'] = $a_user[$id]['scope'];
72			$pconfig['uid'] = $a_user[$id]['uid'];
73			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
74			$pconfig['priv'] = $a_user[$id]['priv'];
75			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
76			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
77			}
78
79	e33be77c	Ermal	if ($_GET['act'] == "deluser") {
80	45ee90ed	Matthew Grooms
81	e33be77c	Ermal	if (!$a_user[$id]) {
82			pfSenseHeader("system_usermanager.php");
83			exit;
84	6b07c15a	Matthew Grooms	}
85
86	8a0ae97f	Renato Botelho	conf_mount_rw();
87	e33be77c	Ermal	local_user_del($a_user[$id]);
88	8a0ae97f	Renato Botelho	conf_mount_ro();
89	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
90			unset($a_user[$id]);
91			write_config();
92			$savemsg = gettext("User")." {$userdeleted} ".
93	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
94	e33be77c	Ermal	}
95			else if ($_GET['act'] == "delpriv") {
96	6b07c15a	Matthew Grooms
97	e33be77c	Ermal	if (!$a_user[$id]) {
98			pfSenseHeader("system_usermanager.php");
99			exit;
100	45ee90ed	Matthew Grooms	}
101
102	e33be77c	Ermal	$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
103			unset($a_user[$id]['priv'][$_GET['privid']]);
104			local_user_set($a_user[$id]);
105			write_config();
106			$_GET['act'] = "edit";
107			$savemsg = gettext("Privilege")." {$privdeleted} ".
108	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
109	e33be77c	Ermal	}
110			else if ($_GET['act'] == "expcert") {
111	93823b10	Matthew Grooms
112	e33be77c	Ermal	if (!$a_user[$id]) {
113			pfSenseHeader("system_usermanager.php");
114	93823b10	Matthew Grooms	exit;
115			}
116
117	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
118	93823b10	Matthew Grooms
119	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
120			$exp_data = base64_decode($cert['crt']);
121			$exp_size = strlen($exp_data);
122	93823b10	Matthew Grooms
123	e33be77c	Ermal	header("Content-Type: application/octet-stream");
124			header("Content-Disposition: attachment; filename={$exp_name}");
125			header("Content-Length: $exp_size");
126			echo $exp_data;
127			exit;
128			}
129			else if ($_GET['act'] == "expckey") {
130	93823b10	Matthew Grooms
131	e33be77c	Ermal	if (!$a_user[$id]) {
132			pfSenseHeader("system_usermanager.php");
133	93823b10	Matthew Grooms	exit;
134			}
135
136	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
137	58fdb8ad	Matthew Grooms
138	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
139			$exp_data = base64_decode($cert['prv']);
140			$exp_size = strlen($exp_data);
141	58fdb8ad	Matthew Grooms
142	e33be77c	Ermal	header("Content-Type: application/octet-stream");
143			header("Content-Disposition: attachment; filename={$exp_name}");
144			header("Content-Length: $exp_size");
145			echo $exp_data;
146			exit;
147			}
148			else if ($_GET['act'] == "delcert") {
149	58fdb8ad	Matthew Grooms
150	e33be77c	Ermal	if (!$a_user[$id]) {
151			pfSenseHeader("system_usermanager.php");
152			exit;
153	45ee90ed	Matthew Grooms	}
154
155	e33be77c	Ermal	$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
156			$certdeleted = $certdeleted['descr'];
157			unset($a_user[$id]['cert'][$_GET['certid']]);
158			write_config();
159			$_GET['act'] = "edit";
160			$savemsg = gettext("Certificate")." {$certdeleted} ".
161	8cd558b6	ayvis	gettext("association removed.")."<br />";
162	e33be77c	Ermal	}
163			else if ($_GET['act'] == "new") {
164			/*
165			* set this value cause the text field is read only
166			* and the user should not be able to mess with this
167			* setting.
168			*/
169			$pconfig['utype'] = "user";
170			$pconfig['lifetime'] = 3650;
171			}
172	45ee90ed	Matthew Grooms
173	e33be77c	Ermal	if ($_POST) {
174			unset($input_errors);
175			$pconfig = $_POST;
176	45ee90ed	Matthew Grooms
177	e33be77c	Ermal	/* input validation */
178			if (isset($id) && ($a_user[$id])) {
179			$reqdfields = explode(" ", "usernamefld");
180			$reqdfieldsn = array(gettext("Username"));
181			} else {
182			if (empty($_POST['name'])) {
183			$reqdfields = explode(" ", "usernamefld passwordfld1");
184			$reqdfieldsn = array(
185			gettext("Username"),
186			gettext("Password"));
187	45ee90ed	Matthew Grooms	} else {
188	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
189			$reqdfieldsn = array(
190			gettext("Username"),
191			gettext("Password"),
192			gettext("Descriptive name"),
193			gettext("Certificate authority"),
194			gettext("Key length"),
195			gettext("Lifetime"));
196	45ee90ed	Matthew Grooms	}
197	e33be77c	Ermal	}
198	45ee90ed	Matthew Grooms
199	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
200	45ee90ed	Matthew Grooms
201	e33be77c	Ermal	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
202			$input_errors[] = gettext("The username contains invalid characters.");
203	45ee90ed	Matthew Grooms
204	e33be77c	Ermal	if (strlen($_POST['usernamefld']) > 16)
205			$input_errors[] = gettext("The username is longer than 16 characters.");
206	94d455da	jim-p
207	e33be77c	Ermal	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
208			$input_errors[] = gettext("The passwords do not match.");
209	45ee90ed	Matthew Grooms
210	e33be77c	Ermal	if (isset($id) && $a_user[$id])
211			$oldusername = $a_user[$id]['name'];
212			else
213			$oldusername = "";
214			/* make sure this user name is unique */
215			if (!$input_errors) {
216			foreach ($a_user as $userent) {
217			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
218			$input_errors[] = gettext("Another entry with the same username already exists.");
219			break;
220	58664cc9	Scott Ullrich	}
221	3dec33d4	Erik Fonnesbeck	}
222	e33be77c	Ermal	}
223			/* also make sure it is not reserved */
224			if (!$input_errors) {
225			$system_users = explode("\n", file_get_contents("/etc/passwd"));
226			foreach ($system_users as $s_user) {
227			$ent = explode(":", $s_user);
228			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
229			$input_errors[] = gettext("That username is reserved by the system.");
230			break;
231	8339ab6d	jim-p	}
232	7e4a4513	Scott Ullrich	}
233	e33be77c	Ermal	}
234	1df17ba9	Scott Ullrich
235	e33be77c	Ermal	/*
236			* Check for a valid expirationdate if one is set at all (valid means,
237	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
238	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
239			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
240			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
241			* Otherwhise such an entry would lead to an invalid expiration data.
242			*/
243			if ($_POST['expires']){
244	4d148b59	Yehuda Katz	try {
245			$expdate = new DateTime($_POST['expires']);
246			//convert from any DateTime compatible date to MM/DD/YYYY
247			$_POST['expires'] = $expdate->format("m/d/Y");
248			} catch ( Exception $ex ) {
249	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
250	0092b3bd	mgrooms	}
251	e33be77c	Ermal	}
252	0092b3bd	mgrooms
253	e33be77c	Ermal	if (!empty($_POST['name'])) {
254			$ca = lookup_ca($_POST['caref']);
255			if (!$ca)
256			$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
257			}
258	c9794c06	Ermal
259	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
260			if (isAjax() && is_array($input_errors)) {
261			input_errors2Ajax($input_errors);
262			exit;
263			}
264	1df17ba9	Scott Ullrich
265	e33be77c	Ermal	if (!$input_errors) {
266			conf_mount_rw();
267			$userent = array();
268			if (isset($id) && $a_user[$id])
269			$userent = $a_user[$id];
270	e879fc81	Ermal
271	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
272
273			/* the user name was modified */
274	fdcf104c	jim-p	if ($_POST['usernamefld'] <> $_POST['oldusername']) {
275	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
276	fdcf104c	jim-p	local_user_del($userent);
277			}
278	1df17ba9	Scott Ullrich
279	e33be77c	Ermal	/* the user password was mofified */
280			if ($_POST['passwordfld1'])
281			local_user_set_password($userent, $_POST['passwordfld1']);
282	1df17ba9	Scott Ullrich
283	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
284			$userent['descr'] = $_POST['descr'];
285			$userent['expires'] = $_POST['expires'];
286			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
287			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
288	3ccb9689	Charlie Marshall
289	e33be77c	Ermal	if($_POST['disabled'])
290			$userent['disabled'] = true;
291	3ccb9689	Charlie Marshall	else
292	e33be77c	Ermal	unset($userent['disabled']);
293
294			if (isset($id) && $a_user[$id])
295			$a_user[$id] = $userent;
296			else {
297			if (!empty($_POST['name'])) {
298			$cert = array();
299			$cert['refid'] = uniqid();
300			$userent['cert'] = array();
301
302			$cert['descr'] = $_POST['name'];
303
304			$subject = cert_get_subject_array($ca['crt']);
305
306			$dn = array(
307			'countryName' => $subject[0]['v'],
308			'stateOrProvinceName' => $subject[1]['v'],
309			'localityName' => $subject[2]['v'],
310			'organizationName' => $subject[3]['v'],
311			'emailAddress' => $subject[4]['v'],
312			'commonName' => $userent['name']);
313
314			cert_create($cert, $_POST['caref'], $_POST['keylen'],
315			(int)$_POST['lifetime'], $dn);
316
317			if (!is_array($config['cert']))
318			$config['cert'] = array();
319			$config['cert'][] = $cert;
320			$userent['cert'][] = $cert['refid'];
321			}
322			$userent['uid'] = $config['system']['nextuid']++;
323			/* Add the user to All Users group. */
324			foreach ($config['system']['group'] as $gidx => $group) {
325			if ($group['name'] == "all") {
326			if (!is_array($config['system']['group'][$gidx]['member']))
327			$config['system']['group'][$gidx]['member'] = array();
328			$config['system']['group'][$gidx]['member'][] = $userent['uid'];
329			break;
330			}
331			}
332	970db70b	Scott Ullrich
333	e33be77c	Ermal	$a_user[] = $userent;
334	45ee90ed	Matthew Grooms	}
335	e33be77c	Ermal
336			local_user_set_groups($userent,$_POST['groups']);
337			local_user_set($userent);
338			write_config();
339
340			if(is_dir("/etc/inc/privhooks"))
341			run_plugins("/etc/inc/privhooks");
342
343			conf_mount_ro();
344	3ccb9689	Charlie Marshall
345	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
346	45ee90ed	Matthew Grooms	}
347	e33be77c	Ermal	}
348	fab7ff44	Bill Marquette
349	9ef4289c	Colin Fleming	$closehead = false;
350	e33be77c	Ermal	include("head.inc");
351	1df17ba9	Scott Ullrich	?>
352	fab7ff44	Bill Marquette
353	12c2ec2e	Charlie Marshall	<link rel="stylesheet" type="text/css" href="/javascript/jquery-ui-timepicker-addon/css/jquery-ui-timepicker-addon.css" />
354			<link rel="stylesheet" type="text/css" href="/javascript/jquery/jquery-ui.custom.css" />
355
356	07130afe	ayvis	<script type="text/javascript">
357	9ef4289c	Colin Fleming	//<![CDATA[
358	12c2ec2e	Charlie Marshall	jQuery(function() {
359	23991e58	Charlie Marshall	jQuery( "#expires" ).datepicker( { dateFormat: 'mm/dd/yy', changeYear: true, yearRange: "+0:+100" } );
360	12c2ec2e	Charlie Marshall	});
361	9ef4289c	Colin Fleming	//]]>
362	12c2ec2e	Charlie Marshall	</script>
363	9ef4289c	Colin Fleming	</head>
364	12c2ec2e	Charlie Marshall
365	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
366	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
367	12c2ec2e	Charlie Marshall
368	6b8588c6	Colin Fleming	<script type="text/javascript">
369			//<![CDATA[
370	6b07c15a	Matthew Grooms
371			function setall_selected(id) {
372			selbox = document.getElementById(id);
373			count = selbox.options.length;
374			for (index = 0; index<count; index++)
375			selbox.options[index].selected = true;
376			}
377
378			function clear_selected(id) {
379			selbox = document.getElementById(id);
380			count = selbox.options.length;
381			for (index = 0; index<count; index++)
382			selbox.options[index].selected = false;
383			}
384
385			function remove_selected(id) {
386			selbox = document.getElementById(id);
387			index = selbox.options.length - 1;
388			for (; index >= 0; index--)
389			if (selbox.options[index].selected)
390			selbox.remove(index);
391			}
392
393			function copy_selected(srcid, dstid) {
394			src_selbox = document.getElementById(srcid);
395			dst_selbox = document.getElementById(dstid);
396			count = src_selbox.options.length;
397			for (index = 0; index < count; index++) {
398			if (src_selbox.options[index].selected) {
399			option = document.createElement('option');
400			option.text = src_selbox.options[index].text;
401			option.value = src_selbox.options[index].value;
402			dst_selbox.add(option, null);
403			}
404			}
405			}
406
407			function move_selected(srcid, dstid) {
408			copy_selected(srcid, dstid);
409			remove_selected(srcid);
410			}
411
412			function presubmit() {
413			clear_selected('notgroups');
414			setall_selected('groups');
415			}
416
417	c9794c06	Ermal	function usercertClicked(obj) {
418			if (obj.checked) {
419			document.getElementById("usercertchck").style.display="none";
420			document.getElementById("usercert").style.display="";
421			} else {
422			document.getElementById("usercert").style.display="none";
423			document.getElementById("usercertchck").style.display="";
424			}
425			}
426
427			function sshkeyClicked(obj) {
428			if (obj.checked) {
429			document.getElementById("sshkeychck").style.display="none";
430			document.getElementById("sshkey").style.display="";
431			} else {
432			document.getElementById("sshkey").style.display="none";
433			document.getElementById("sshkeychck").style.display="";
434			}
435			}
436	6b8588c6	Colin Fleming	//]]>
437	6b07c15a	Matthew Grooms	</script>
438	1df17ba9	Scott Ullrich	<?php
439	45ee90ed	Matthew Grooms	if ($input_errors)
440			print_input_errors($input_errors);
441			if ($savemsg)
442			print_info_box($savemsg);
443	1df17ba9	Scott Ullrich	?>
444	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="user manager">
445	45ee90ed	Matthew Grooms	<tr>
446	e30001cf	Matthew Grooms	<td>
447	45ee90ed	Matthew Grooms	<?php
448			$tab_array = array();
449			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
450	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
451	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
452	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
453	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
454			?>
455			</td>
456			</tr>
457			<tr>
458	e30001cf	Matthew Grooms	<td id="mainarea">
459			<div class="tabcont">
460
461			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
462
463			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
464	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
465	e30001cf	Matthew Grooms	<?php
466			$ro = "";
467			if ($pconfig['utype'] == "system")
468	6b8588c6	Colin Fleming	$ro = "readonly=\"readonly\"";
469	e30001cf	Matthew Grooms	?>
470			<tr>
471			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
472			<td width="78%" class="vtable">
473	8db87547	jim-p	<strong><?=strtoupper(htmlspecialchars($pconfig['utype']));?></strong>
474	6b8588c6	Colin Fleming	<input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>" />
475	e30001cf	Matthew Grooms	</td>
476			</tr>
477	b4bfd25d	sullrich	<tr>
478	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
479	b4bfd25d	sullrich	<td width="78%" class="vtable">
480	6b8588c6	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "checked=\"checked\""; ?> />
481	b4bfd25d	sullrich	</td>
482			</tr>
483	e30001cf	Matthew Grooms	<tr>
484			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
485			<td width="78%" class="vtable">
486	6b8588c6	Colin Fleming	<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?> />
487	e30001cf	Matthew Grooms	<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
488			</td>
489			</tr>
490			<tr>
491			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
492			<td width="78%" class="vtable">
493			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
494			</td>
495			</tr>
496			<tr>
497			<td width="78%" class="vtable">
498			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
499			</td>
500			</tr>
501			<tr>
502			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
503			<td width="78%" class="vtable">
504	6b8588c6	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?> />
505	8cd558b6	ayvis	<br />
506	e30001cf	Matthew Grooms	<?=gettext("User's full name, for your own information only");?>
507			</td>
508			</tr>
509	0092b3bd	mgrooms	<tr>
510	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
511	0092b3bd	mgrooms	<td width="78%" class="vtable">
512	6b8588c6	Colin Fleming	<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>" />
513	8cd558b6	ayvis	<br />
514	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
515	0092b3bd	mgrooms	</tr>
516	e30001cf	Matthew Grooms	<tr>
517			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
518			<td width="78%" class="vtable" align="center">
519	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="group membership">
520	e30001cf	Matthew Grooms	<tr>
521			<td align="center" width="50%">
522	8cd558b6	ayvis	<strong><?=gettext("Not Member Of"); ?></strong><br />
523			<br />
524	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onchange="clear_selected('groups')" multiple="multiple">
525	e30001cf	Matthew Grooms	<?php
526	b4e9a4da	N0YB	$rowIndex = 0;
527	e30001cf	Matthew Grooms	foreach ($config['system']['group'] as $group):
528			if ($group['gid'] == 1998) /* all users group */
529			continue;
530	08724afa	jim-p	if (is_array($pconfig['groups']) && in_array($group['name'],$pconfig['groups']))
531	e30001cf	Matthew Grooms	continue;
532	b4e9a4da	N0YB	$rowIndex++;
533	e30001cf	Matthew Grooms	?>
534			<option value="<?=$group['name'];?>" <?=$selected;?>>
535			<?=htmlspecialchars($group['name']);?>
536			</option>
537	b4e9a4da	N0YB	<?php endforeach;
538			if ($rowIndex == 0)
539			echo "<option></option>";
540			?>
541	e30001cf	Matthew Grooms	</select>
542	8cd558b6	ayvis	<br />
543	e30001cf	Matthew Grooms	</td>
544			<td>
545	8cd558b6	ayvis	<br />
546	e30001cf	Matthew Grooms	<a href="javascript:move_selected('notgroups','groups')">
547	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
548	e30001cf	Matthew Grooms	</a>
549	8cd558b6	ayvis	<br /><br />
550	e30001cf	Matthew Grooms	<a href="javascript:move_selected('groups','notgroups')">
551	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
552	e30001cf	Matthew Grooms	</a>
553			</td>
554			<td align="center" width="50%">
555	8cd558b6	ayvis	<strong><?=gettext("Member Of"); ?></strong><br />
556			<br />
557	46f6eb78	Renato Botelho	<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onchange="clear_selected('notgroups')" multiple="multiple">
558	e30001cf	Matthew Grooms	<?php
559	b4e9a4da	N0YB	$rowIndex = 0;
560	08724afa	jim-p	if (is_array($pconfig['groups'])) {
561	e30001cf	Matthew Grooms	foreach ($config['system']['group'] as $group):
562			if ($group['gid'] == 1998) /* all users group */
563			continue;
564			if (!in_array($group['name'],$pconfig['groups']))
565			continue;
566	b4e9a4da	N0YB	$rowIndex++;
567	e30001cf	Matthew Grooms	?>
568			<option value="<?=$group['name'];?>">
569			<?=htmlspecialchars($group['name']);?>
570			</option>
571	08724afa	jim-p	<?php endforeach;
572	b4e9a4da	N0YB	}
573			if ($rowIndex == 0)
574			echo "<option></option>";
575			?>
576	e30001cf	Matthew Grooms	</select>
577	8cd558b6	ayvis	<br />
578	e30001cf	Matthew Grooms	</td>
579			</tr>
580			</table>
581			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
582			</td>
583			</tr>
584
585	ff9eda9d	jim-p	<?php if (isset($pconfig['uid'])): ?>
586	e30001cf	Matthew Grooms
587			<tr>
588			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
589			<td width="78%" class="vtable">
590	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges">
591	e30001cf	Matthew Grooms	<tr>
592			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
593			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
594			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
595			<td class="list"></td>
596			</tr>
597			<?php
598	3ccb9689	Charlie Marshall
599	e30001cf	Matthew Grooms	$privdesc = get_user_privdesc($a_user[$id]);
600			if(is_array($privdesc)):
601			$i = 0;
602			foreach ($privdesc as $priv):
603			$group = false;
604			if ($priv['group'])
605			$group = $priv['group'];
606			?>
607			<tr>
608			<td class="listlr"><?=$group;?></td>
609			<td class="listr">
610			<?=htmlspecialchars($priv['name']);?>
611			</td>
612			<td class="listbg">
613			<?=htmlspecialchars($priv['descr']);?>
614			</td>
615	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
616	e30001cf	Matthew Grooms	<?php if (!$group): ?>
617	9ef4289c	Colin Fleming	<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
618	6b8588c6	Colin Fleming	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" />
619	e30001cf	Matthew Grooms	</a>
620			<?php endif; ?>
621			</td>
622			</tr>
623			<?php
624			/* can only delete user priv indexes */
625			if (!$group)
626			$i++;
627			endforeach;
628			endif;
629			?>
630			<tr>
631			<td class="list" colspan="3"></td>
632			<td class="list">
633			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
634	6b8588c6	Colin Fleming	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
635	e30001cf	Matthew Grooms	</a>
636			</td>
637			</tr>
638			</table>
639			</td>
640			</tr>
641			<tr>
642			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
643			<td width="78%" class="vtable">
644	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="certificates">
645	e30001cf	Matthew Grooms	<tr>
646			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
647			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
648			<td class="list"></td>
649			</tr>
650			<?php
651	3ccb9689	Charlie Marshall
652	e30001cf	Matthew Grooms	$a_cert = $a_user[$id]['cert'];
653			if(is_array($a_cert)):
654			$i = 0;
655	c25f73ae	jim-p	foreach ($a_cert as $certref):
656			$cert = lookup_cert($certref);
657			$ca = lookup_ca($cert['caref']);
658	e30001cf	Matthew Grooms	?>
659			<tr>
660			<td class="listlr">
661	f2a86ca9	jim-p	<?=htmlspecialchars($cert['descr']);?>
662	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
663			(<b>Revoked</b>)
664			<?php endif; ?>
665	e30001cf	Matthew Grooms	</td>
666			<td class="listr">
667	f2a86ca9	jim-p	<?=htmlspecialchars($ca['descr']);?>
668	e30001cf	Matthew Grooms	</td>
669	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
670	9ef4289c	Colin Fleming	<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
671	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
672	e30001cf	Matthew Grooms	</a>
673	9ef4289c	Colin Fleming	<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
674	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
675	e30001cf	Matthew Grooms	</a>
676	9ef4289c	Colin Fleming	<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')">
677	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
678	e30001cf	Matthew Grooms	</a>
679			</td>
680			</tr>
681			<?php
682			$i++;
683			endforeach;
684			endif;
685			?>
686			<tr>
687			<td class="list" colspan="2"></td>
688			<td class="list">
689	6b8588c6	Colin Fleming	<a href="system_certmanager.php?act=new&userid=<?=$id?>">
690			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
691	e30001cf	Matthew Grooms	</a>
692			</td>
693			</tr>
694			</table>
695			</td>
696			</tr>
697	45ee90ed	Matthew Grooms
698	c9794c06	Ermal	<?php else : ?>
699	b4e6524c	jim-p	<?php if (is_array($config['ca']) && count($config['ca']) > 0): ?>
700			<?php $i = 0; foreach( $config['ca'] as $ca) {
701	c9794c06	Ermal	if (!$ca['prv'])
702			continue;
703			$i++;
704			}
705			?>
706
707	6b8588c6	Colin Fleming	<tr id="usercertchck">
708	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
709			<td width="78%" class="vtable">
710	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:usercertClicked(this)" /> <?=gettext("Click to create a user certificate."); ?>
711	c9794c06	Ermal	</td>
712			</tr>
713
714			<?php if ($i > 0): ?>
715
716	9ef4289c	Colin Fleming	<tr id="usercert" style="display:none">
717	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
718			<td width="78%" class="vtable">
719	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="certificate">
720	c9794c06	Ermal	<tr>
721			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
722			<td width="78%" class="vtable">
723	6b8588c6	Colin Fleming	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" />
724	c9794c06	Ermal	</td>
725			</tr>
726			<tr>
727			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
728			<td width="78%" class="vtable">
729	6b8588c6	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
730	c9794c06	Ermal	<?php
731	2464e353	N0YB	$rowIndex = 0;
732	b4e6524c	jim-p	foreach( $config['ca'] as $ca):
733	c9794c06	Ermal	if (!$ca['prv'])
734			continue;
735	2464e353	N0YB	$rowIndex++;
736	c9794c06	Ermal	?>
737	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"><?=$ca['descr'];?></option>
738	2464e353	N0YB	<?php endforeach;
739			if ($rowIndex == 0)
740			echo "<option></option>";
741			?>
742	c9794c06	Ermal	</select>
743			</td>
744			</tr>
745			<tr>
746			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
747			<td width="78%" class="vtable">
748			<select name='keylen' class="formselect">
749			<?php
750	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
751	c9794c06	Ermal	foreach( $cert_keylens as $len):
752			?>
753			<option value="<?=$len;?>"><?=$len;?></option>
754	60a5f9de	N0YB	<?php
755			endforeach;
756			if (!count($cert_keylens))
757			echo "<option></option>";
758			?>
759	c9794c06	Ermal	</select>
760			bits
761			</td>
762			</tr>
763			<tr>
764			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
765			<td width="78%" class="vtable">
766	6b8588c6	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />days
767	c9794c06	Ermal	</td>
768			</tr>
769			</table>
770			</td>
771			</tr>
772
773			<?php endif; endif; ?>
774	e30001cf	Matthew Grooms	<?php endif; ?>
775	45ee90ed	Matthew Grooms
776	1c8faa89	jim-p	<tr id="sshkeychck" <?php if(!empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
777	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
778			<td width="78%" class="vtable">
779	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:sshkeyClicked(this)" /> <?=gettext("Click to paste an authorized key."); ?>
780	c9794c06	Ermal	</td>
781			</tr>
782	1c8faa89	jim-p	<tr id="sshkey" <?php if(empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
783	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
784			<td width="78%" class="vtable">
785	9ef4289c	Colin Fleming	<script type="text/javascript">
786			//<![CDATA[
787			window.onload=function(){
788			document.getElementById("authorizedkeys").wrap='off';
789			}
790			//]]>
791			</script>
792			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
793	8cd558b6	ayvis	<br />
794	e30001cf	Matthew Grooms	<?=gettext("Paste an authorized keys file here.");?>
795			</td>
796			</tr>
797	6b8588c6	Colin Fleming	<tr id="ipsecpskrow">
798	ddd1fb7f	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
799			<td width="78%" class="vtable">
800	6b8588c6	Colin Fleming	<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>" />
801	ddd1fb7f	jim-p	</td>
802			</tr>
803	e30001cf	Matthew Grooms	<tr>
804			<td width="22%" valign="top"> </td>
805			<td width="78%">
806	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
807	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
808	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
809	e30001cf	Matthew Grooms	<?php endif;?>
810			</td>
811			</tr>
812			</table>
813			</form>
814
815			<?php else: ?>
816
817	6b8588c6	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
818	5b42a459	bcyrill	<thead>
819			<tr>
820			<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th>
821			<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th>
822			<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th>
823			<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th>
824	6b8588c6	Colin Fleming	<th width="10%" class="list"></th>
825	5b42a459	bcyrill	</tr>
826			</thead>
827	6b8588c6	Colin Fleming	<tfoot>
828			<tr>
829			<td class="list" colspan="4"></td>
830			<td class="list">
831			<a href="system_usermanager.php?act=new">
832			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
833			</a>
834			</td>
835			</tr>
836			<tr>
837			<td colspan="4">
838			<p>
839			<?=gettext("Additional users can be added here. User permissions for accessing " .
840			"the webConfigurator can be assigned directly or inherited from group memberships. " .
841			"An icon that appears grey indicates that it is a system defined object. " .
842			"Some system object properties can be modified but they cannot be deleted."); ?>
843	8cd558b6	ayvis	<br /><br />
844	6b8588c6	Colin Fleming	<?=gettext("Accounts created here are also used for other parts of the system " .
845			"such as OpenVPN, IPsec, and Captive Portal.");?>
846			</p>
847			</td>
848			</tr>
849			</tfoot>
850	5b42a459	bcyrill	<tbody>
851			<?php
852			$i = 0;
853			foreach($a_user as $userent):
854			?>
855	6b8588c6	Colin Fleming	<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
856	5b42a459	bcyrill	<td class="listlr">
857	6b8588c6	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icons">
858	5b42a459	bcyrill	<tr>
859	6b8588c6	Colin Fleming	<td align="left" valign="middle">
860	5b42a459	bcyrill	<?php
861			if($userent['scope'] != "user")
862			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
863			else
864			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
865			?>
866			<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
867			</td>
868			<td align="left" valign="middle">
869			<?=htmlspecialchars($userent['name']);?>
870			</td>
871			</tr>
872			</table>
873			</td>
874			<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td>
875			<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
876			<td class="listbg">
877			<?=implode(",",local_user_get_groups($userent));?>
878
879			</td>
880	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
881			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
882	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
883			</a>
884			<?php if($userent['scope'] != "system"): ?>
885
886	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
887	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
888			</a>
889			<?php endif; ?>
890			</td>
891			</tr>
892			<?php
893			$i++;
894			endforeach;
895			?>
896			</tbody>
897	45ee90ed	Matthew Grooms	</table>
898
899	e30001cf	Matthew Grooms	<?php endif; ?>
900	45ee90ed	Matthew Grooms
901	e30001cf	Matthew Grooms	</div>
902	45ee90ed	Matthew Grooms	</td>
903			</tr>
904	1df17ba9	Scott Ullrich	</table>
905	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
906			</body>
907	12c2ec2e	Charlie Marshall	</html>

Projet

Général

Profil

UnivNautes

univnautes / usr / local / www / system_usermanager.php @ 46f6eb78