Project

General

Profile

Download (33.5 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / system_usermanager.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	system_usermanager.php
5
	part of m0n0wall (http://m0n0.ch/wall)
6

    
7
	Copyright (C) 2008 Shrew Soft Inc.
8
	All rights reserved.
9

    
10
	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11
	All rights reserved.
12

    
13
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14
	All rights reserved.
15

    
16
	Redistribution and use in source and binary forms, with or without
17
	modification, are permitted provided that the following conditions are met:
18

    
19
	1. Redistributions of source code must retain the above copyright notice,
20
	   this list of conditions and the following disclaimer.
21

    
22
	2. Redistributions in binary form must reproduce the above copyright
23
	   notice, this list of conditions and the following disclaimer in the
24
	   documentation and/or other materials provided with the distribution.
25

    
26
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35
	POSSIBILITY OF SUCH DAMAGE.
36
*/
37
/*
38
	pfSense_BUILDER_BINARIES:
39
	pfSense_MODULE:	auth
40
*/
41

    
42
##|+PRIV
43
##|*IDENT=page-system-usermanager
44
##|*NAME=System: User Manager page
45
##|*DESCR=Allow access to the 'System: User Manager' page.
46
##|*MATCH=system_usermanager.php*
47
##|-PRIV
48

    
49
require("certs.inc");
50
require("guiconfig.inc");
51

    
52

    
53
// start admin user code
54
$pgtitle = array(gettext("System"),gettext("User Manager"));
55

    
56
if (isset($_POST['userid']) && is_numericint($_POST['userid']))
57
	$id = $_POST['userid'];
58

    
59
if (!isset($config['system']['user']) || !is_array($config['system']['user']))
60
	$config['system']['user'] = array();
61

    
62
$a_user = &$config['system']['user'];
63

    
64
if (isset($_SERVER['HTTP_REFERER']))
65
	$referer = $_SERVER['HTTP_REFERER'];
66
else
67
	$referer = '/system_usermanager.php';
68

    
69
if (isset($id) && $a_user[$id]) {
70
	$pconfig['usernamefld'] = $a_user[$id]['name'];
71
	$pconfig['descr'] = $a_user[$id]['descr'];
72
	$pconfig['expires'] = $a_user[$id]['expires'];
73
	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
74
	$pconfig['utype'] = $a_user[$id]['scope'];
75
	$pconfig['uid'] = $a_user[$id]['uid'];
76
	$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
77
	$pconfig['priv'] = $a_user[$id]['priv'];
78
	$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
79
	$pconfig['disabled'] = isset($a_user[$id]['disabled']);
80
}
81

    
82
if ($_POST['act'] == "deluser") {
83

    
84
	if (!isset($_POST['username']) || !isset($a_user[$id]) || ($_POST['username'] != $a_user[$id]['name'])) {
85
		pfSenseHeader("system_usermanager.php");
86
		exit;
87
	}
88

    
89
	conf_mount_rw();
90
	local_user_del($a_user[$id]);
91
	conf_mount_ro();
92
	$userdeleted = $a_user[$id]['name'];
93
	unset($a_user[$id]);
94
	write_config();
95
	$savemsg = gettext("User")." {$userdeleted} ".
96
				gettext("successfully deleted")."<br />";
97
}
98
else if ($_POST['act'] == "delpriv") {
99

    
100
	if (!$a_user[$id]) {
101
		pfSenseHeader("system_usermanager.php");
102
		exit;
103
	}
104

    
105
	$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
106
	unset($a_user[$id]['priv'][$_POST['privid']]);
107
	local_user_set($a_user[$id]);
108
	write_config();
109
	$_POST['act'] = "edit";
110
	$savemsg = gettext("Privilege")." {$privdeleted} ".
111
				gettext("successfully deleted")."<br />";
112
}
113
else if ($_POST['act'] == "expcert") {
114

    
115
	if (!$a_user[$id]) {
116
		pfSenseHeader("system_usermanager.php");
117
		exit;
118
	}
119

    
120
	$cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
121

    
122
	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
123
	$exp_data = base64_decode($cert['crt']);
124
	$exp_size = strlen($exp_data);
125

    
126
	header("Content-Type: application/octet-stream");
127
	header("Content-Disposition: attachment; filename={$exp_name}");
128
	header("Content-Length: $exp_size");
129
	echo $exp_data;
130
	exit;
131
}
132
else if ($_POST['act'] == "expckey") {
133

    
134
	if (!$a_user[$id]) {
135
		pfSenseHeader("system_usermanager.php");
136
		exit;
137
	}
138

    
139
	$cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
140

    
141
	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
142
	$exp_data = base64_decode($cert['prv']);
143
	$exp_size = strlen($exp_data);
144

    
145
	header("Content-Type: application/octet-stream");
146
	header("Content-Disposition: attachment; filename={$exp_name}");
147
	header("Content-Length: $exp_size");
148
	echo $exp_data;
149
	exit;
150
}
151
else if ($_POST['act'] == "delcert") {
152

    
153
	if (!$a_user[$id]) {
154
		pfSenseHeader("system_usermanager.php");
155
		exit;
156
	}
157

    
158
	$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
159
	$certdeleted = $certdeleted['descr'];
160
	unset($a_user[$id]['cert'][$_POST['certid']]);
161
	write_config();
162
	$_POST['act'] = "edit";
163
	$savemsg = gettext("Certificate")." {$certdeleted} ".
164
				gettext("association removed.")."<br />";
165
}
166
else if ($_POST['act'] == "new") {
167
	/*
168
	 * set this value cause the text field is read only
169
	 * and the user should not be able to mess with this
170
	 * setting.
171
	 */
172
	$pconfig['utype'] = "user";
173
	$pconfig['lifetime'] = 3650;
174
}
175

    
176
if ($_POST['save']) {
177
	unset($input_errors);
178
	$pconfig = $_POST;
179

    
180
	/* input validation */
181
	if (isset($id) && ($a_user[$id])) {
182
		$reqdfields = explode(" ", "usernamefld");
183
		$reqdfieldsn = array(gettext("Username"));
184
	} else {
185
		if (empty($_POST['name'])) {
186
			$reqdfields = explode(" ", "usernamefld passwordfld1");
187
			$reqdfieldsn = array(
188
				gettext("Username"),
189
				gettext("Password"));
190
		} else {
191
			$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
192
			$reqdfieldsn = array(
193
				gettext("Username"),
194
				gettext("Password"),
195
				gettext("Descriptive name"),
196
				gettext("Certificate authority"),
197
				gettext("Key length"),
198
				gettext("Lifetime"));
199
		}
200
	}
201

    
202
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
203

    
204
	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
205
		$input_errors[] = gettext("The username contains invalid characters.");
206

    
207
	if (strlen($_POST['usernamefld']) > 16)
208
		$input_errors[] = gettext("The username is longer than 16 characters.");
209

    
210
	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
211
		$input_errors[] = gettext("The passwords do not match.");
212

    
213
	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk']))
214
		$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
215

    
216
	if (isset($id) && $a_user[$id])
217
		$oldusername = $a_user[$id]['name'];
218
	else
219
		$oldusername = "";
220
	/* make sure this user name is unique */
221
	if (!$input_errors) {
222
		foreach ($a_user as $userent) {
223
			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
224
				$input_errors[] = gettext("Another entry with the same username already exists.");
225
				break;
226
			}
227
		}
228
	}
229
	/* also make sure it is not reserved */
230
	if (!$input_errors) {
231
		$system_users = explode("\n", file_get_contents("/etc/passwd"));
232
		foreach ($system_users as $s_user) {
233
			$ent = explode(":", $s_user);
234
			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
235
				$input_errors[] = gettext("That username is reserved by the system.");
236
				break;
237
			}
238
		}
239
	}
240

    
241
	/*
242
	 * Check for a valid expirationdate if one is set at all (valid means,
243
	 * DateTime puts out a time stamp so any DateTime compatible time
244
	 * format may be used. to keep it simple for the enduser, we only
245
	 * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
246
	 * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
247
	 * Otherwhise such an entry would lead to an invalid expiration data.
248
	 */
249
	if ($_POST['expires']){
250
		try {
251
			$expdate = new DateTime($_POST['expires']);
252
			//convert from any DateTime compatible date to MM/DD/YYYY
253
			$_POST['expires'] = $expdate->format("m/d/Y");
254
		} catch ( Exception $ex ) {
255
			$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
256
		}
257
	}
258

    
259
	if (!empty($_POST['name'])) {
260
		$ca = lookup_ca($_POST['caref']);
261
		if (!$ca)
262
			$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
263
	}
264

    
265
	/* if this is an AJAX caller then handle via JSON */
266
	if (isAjax() && is_array($input_errors)) {
267
		input_errors2Ajax($input_errors);
268
		exit;
269
	}
270

    
271
	if (!$input_errors) {
272
		conf_mount_rw();
273
		$userent = array();
274
		if (isset($id) && $a_user[$id])
275
			$userent = $a_user[$id];
276

    
277
		isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
278

    
279
		/* the user name was modified */
280
		if ($_POST['usernamefld'] <> $_POST['oldusername']) {
281
			$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
282
			local_user_del($userent);
283
		}
284

    
285
		/* the user password was mofified */
286
		if ($_POST['passwordfld1'])
287
			local_user_set_password($userent, $_POST['passwordfld1']);
288

    
289
		$userent['name'] = $_POST['usernamefld'];
290
		$userent['descr'] = $_POST['descr'];
291
		$userent['expires'] = $_POST['expires'];
292
		$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
293
		$userent['ipsecpsk'] = $_POST['ipsecpsk'];
294

    
295
		if($_POST['disabled'])
296
			$userent['disabled'] = true;
297
		else
298
			unset($userent['disabled']);
299

    
300
		if (isset($id) && $a_user[$id])
301
			$a_user[$id] = $userent;
302
		else {
303
			if (!empty($_POST['name'])) {
304
				$cert = array();
305
				$cert['refid'] = uniqid();
306
				$userent['cert'] = array();
307

    
308
				$cert['descr'] = $_POST['name'];
309

    
310
				$subject = cert_get_subject_array($ca['crt']);
311

    
312
				$dn = array(
313
					'countryName' => $subject[0]['v'],
314
					'stateOrProvinceName' => $subject[1]['v'],
315
					'localityName' => $subject[2]['v'],
316
					'organizationName' => $subject[3]['v'],
317
					'emailAddress' => $subject[4]['v'],
318
					'commonName' => $userent['name']);
319

    
320
				cert_create($cert, $_POST['caref'], $_POST['keylen'],
321
					(int)$_POST['lifetime'], $dn);
322

    
323
				if (!is_array($config['cert']))
324
					$config['cert'] = array();
325
				$config['cert'][] = $cert;
326
				$userent['cert'][] = $cert['refid'];
327
			}
328
			$userent['uid'] = $config['system']['nextuid']++;
329
			/* Add the user to All Users group. */
330
			foreach ($config['system']['group'] as $gidx => $group) {
331
				if ($group['name'] == "all") {
332
					if (!is_array($config['system']['group'][$gidx]['member']))
333
						$config['system']['group'][$gidx]['member'] = array();
334
					$config['system']['group'][$gidx]['member'][] = $userent['uid'];
335
					break;
336
				}
337
			}
338

    
339
			$a_user[] = $userent;
340
		}
341

    
342
		local_user_set_groups($userent,$_POST['groups']);
343
		local_user_set($userent);
344
		write_config();
345

    
346
		if(is_dir("/etc/inc/privhooks"))
347
			run_plugins("/etc/inc/privhooks");
348

    
349
		conf_mount_ro();
350

    
351
		pfSenseHeader("system_usermanager.php");
352
	}
353
}
354

    
355
$closehead = false;
356
include("head.inc");
357
?>
358

    
359
<link rel="stylesheet" type="text/css" href="/javascript/jquery-ui-timepicker-addon/css/jquery-ui-timepicker-addon.css" />
360
<link rel="stylesheet" type="text/css" href="/javascript/jquery/jquery-ui-1.11.1.css" />
361

    
362
<script type="text/javascript">
363
//<![CDATA[
364
	jQuery(function() {
365
		jQuery( "#expires" ).datepicker( { dateFormat: 'mm/dd/yy', changeYear: true, yearRange: "+0:+100" } );
366
	});
367
//]]>
368
</script>
369
</head>
370

    
371
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
372
<?php include("fbegin.inc"); ?>
373

    
374
<script type="text/javascript">
375
//<![CDATA[
376

    
377
function setall_selected(id) {
378
	selbox = document.getElementById(id);
379
	count = selbox.options.length;
380
	for (index = 0; index<count; index++)
381
		selbox.options[index].selected = true;
382
}
383

    
384
function clear_selected(id) {
385
	selbox = document.getElementById(id);
386
	count = selbox.options.length;
387
	for (index = 0; index<count; index++)
388
		selbox.options[index].selected = false;
389
}
390

    
391
function remove_selected(id) {
392
	selbox = document.getElementById(id);
393
	index = selbox.options.length - 1;
394
	for (; index >= 0; index--)
395
		if (selbox.options[index].selected)
396
			selbox.remove(index);
397
}
398

    
399
function copy_selected(srcid, dstid) {
400
	src_selbox = document.getElementById(srcid);
401
	dst_selbox = document.getElementById(dstid);
402
	count = dst_selbox.options.length;
403
	for (index = count - 1; index >= 0; index--) {
404
		if (dst_selbox.options[index].value == '') {
405
			dst_selbox.remove(index);
406
		}
407
	}
408
	count = src_selbox.options.length;
409
	for (index = 0; index < count; index++) {
410
		if (src_selbox.options[index].selected) {
411
			option = document.createElement('option');
412
			option.text = src_selbox.options[index].text;
413
			option.value = src_selbox.options[index].value;
414
			dst_selbox.add(option, null);
415
		}
416
	}
417
}
418

    
419
function move_selected(srcid, dstid) {
420
	copy_selected(srcid, dstid);
421
	remove_selected(srcid);
422
}
423

    
424
function presubmit() {
425
	clear_selected('notgroups');
426
	setall_selected('groups');
427
}
428

    
429
function usercertClicked(obj) {
430
	if (obj.checked) {
431
		document.getElementById("usercertchck").style.display="none";
432
		document.getElementById("usercert").style.display="";
433
	} else {
434
		document.getElementById("usercert").style.display="none";
435
		document.getElementById("usercertchck").style.display="";
436
	}
437
}
438

    
439
function sshkeyClicked(obj) {
440
	if (obj.checked) {
441
		document.getElementById("sshkeychck").style.display="none";
442
		document.getElementById("sshkey").style.display="";
443
	} else {
444
		document.getElementById("sshkey").style.display="none";
445
		document.getElementById("sshkeychck").style.display="";
446
	}
447
}
448
//]]>
449
</script>
450
<?php
451
	if ($input_errors)
452
		print_input_errors($input_errors);
453
	if ($savemsg)
454
		print_info_box($savemsg);
455
?>
456
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="user manager">
457
	<tr>
458
		<td>
459
<?php
460
			$tab_array = array();
461
			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
462
			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
463
			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
464
			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
465
			display_top_tabs($tab_array);
466
?>
467
		</td>
468
	</tr>
469
	<tr>
470
		<td id="mainarea">
471
			<div class="tabcont">
472
<?php
473
			if ($_POST['act'] == "new" || $_POST['act'] == "edit" || $input_errors):
474
?>
475
				<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
476
					<input type="hidden" id="act" name="act" value="" />
477
					<input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" />
478
					<input type="hidden" id="privid" name="privid" value="" />
479
					<input type="hidden" id="certid" name="certid" value="" />
480
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
481
<?php
482
						$ro = "";
483
						if ($pconfig['utype'] == "system")
484
							$ro = "readonly=\"readonly\"";
485
?>
486
						<tr>
487
							<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
488
							<td width="78%" class="vtable">
489
								<strong><?=strtoupper(htmlspecialchars($pconfig['utype']));?></strong>
490
								<input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>" />
491
							</td>
492
						</tr>
493
						<tr>
494
							<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
495
							<td width="78%" class="vtable">
496
								<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "checked=\"checked\""; ?> />
497
							</td>
498
						</tr>
499
						<tr>
500
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
501
							<td width="78%" class="vtable">
502
								<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?> />
503
								<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
504
							</td>
505
						</tr>
506
						<tr>
507
							<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
508
							<td width="78%" class="vtable">
509
								<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
510
							</td>
511
						</tr>
512
						<tr>
513
							<td width="78%" class="vtable">
514
								<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" />&nbsp;<?= gettext("(confirmation)"); ?>
515
							</td>
516
						</tr>
517
						<tr>
518
							<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
519
							<td width="78%" class="vtable">
520
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?> />
521
								<br />
522
								<?=gettext("User's full name, for your own information only");?>
523
							</td>
524
						</tr>
525
						<tr>
526
							<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
527
							<td width="78%" class="vtable">
528
								<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>" />
529
								<br />
530
								<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
531
						</tr>
532
						<tr>
533
							<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
534
							<td width="78%" class="vtable" align="center">
535
								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="group membership">
536
									<tr>
537
										<td align="center" width="50%">
538
											<strong><?=gettext("Not Member Of"); ?></strong><br />
539
											<br />
540
											<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onchange="clear_selected('groups')" multiple="multiple">
541
<?php
542
												$rowIndex = 0;
543
												foreach ($config['system']['group'] as $group):
544
													if ($group['gid'] == 1998) /* all users group */
545
														continue;
546
													if (is_array($pconfig['groups']) && in_array($group['name'],$pconfig['groups']))
547
														continue;
548
													$rowIndex++;
549
?>
550
												<option value="<?=$group['name'];?>" <?=$selected;?>>
551
													<?=htmlspecialchars($group['name']);?>
552
												</option>
553
<?php
554
												endforeach;
555
												if ($rowIndex == 0)
556
													echo "<option></option>";
557
?>
558
											</select>
559
											<br />
560
										</td>
561
										<td>
562
											<br />
563
											<a href="javascript:move_selected('notgroups','groups')">
564
												<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
565
											</a>
566
											<br /><br />
567
											<a href="javascript:move_selected('groups','notgroups')">
568
												<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
569
											</a>
570
										</td>
571
										<td align="center" width="50%">
572
											<strong><?=gettext("Member Of"); ?></strong><br />
573
											<br />
574
											<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onchange="clear_selected('notgroups')" multiple="multiple">
575
<?php
576
												$rowIndex = 0;
577
												if (is_array($pconfig['groups'])):
578
													foreach ($config['system']['group'] as $group):
579
														if ($group['gid'] == 1998) /* all users group */
580
															continue;
581
														if (!in_array($group['name'],$pconfig['groups']))
582
															continue;
583
														$rowIndex++;
584
?>
585
												<option value="<?=$group['name'];?>">
586
													<?=htmlspecialchars($group['name']);?>
587
												</option>
588
<?php
589
													endforeach;
590
												endif;
591
												if ($rowIndex == 0)
592
													echo "<option></option>";
593
?>
594
											</select>
595
											<br />
596
										</td>
597
									</tr>
598
								</table>
599
								<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
600
							</td>
601
						</tr>
602
<?php
603
					if (isset($pconfig['uid'])):
604
?>
605
						<tr>
606
							<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
607
							<td width="78%" class="vtable">
608
								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges">
609
									<tr>
610
										<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
611
										<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
612
										<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
613
										<td class="list"></td>
614
									</tr>
615
<?php
616
							$privdesc = get_user_privdesc($a_user[$id]);
617
							if(is_array($privdesc)):
618
								$i = 0;
619
								foreach ($privdesc as $priv):
620
									$group = false;
621
									if ($priv['group'])
622
										$group = $priv['group'];
623
?>
624
									<tr>
625
										<td class="listlr"><?=$group;?></td>
626
										<td class="listr">
627
											<?=htmlspecialchars($priv['name']);?>
628
										</td>
629
										<td class="listbg">
630
											<?=htmlspecialchars($priv['descr']);?>
631
										</td>
632
										<td valign="middle" class="list nowrap">
633
<?php
634
										if (!$group):
635
?>
636
											<input type="image" name="delpriv[]" width="17" height="17" border="0"
637
												src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
638
												onclick="document.getElementById('privid').value='<?=$i;?>';
639
													document.getElementById('userid').value='<?=$id;?>';
640
													document.getElementById('act').value='<?php echo "delpriv";?>';
641
													return confirm('<?=gettext("Do you really want to delete this privilege?");?>');"
642
												title="<?=gettext("delete privilege");?>" />
643
<?php
644
										endif;
645
?>
646
										</td>
647
									</tr>
648
<?php
649
										/* can only delete user priv indexes */
650
										if (!$group)
651
											$i++;
652
								endforeach;
653
							endif;
654
?>
655
									<tr>
656
										<td class="list" colspan="3"></td>
657
										<td class="list">
658
											<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
659
												<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
660
											</a>
661
										</td>
662
									</tr>
663
								</table>
664
							</td>
665
						</tr>
666
						<tr>
667
							<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
668
							<td width="78%" class="vtable">
669
								<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="certificates">
670
									<tr>
671
										<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
672
										<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
673
										<td class="list"></td>
674
									</tr>
675
<?php
676
							$a_cert = $a_user[$id]['cert'];
677
							if(is_array($a_cert)):
678
								$i = 0;
679
								foreach ($a_cert as $certref):
680
									$cert = lookup_cert($certref);
681
									$ca = lookup_ca($cert['caref']);
682
?>
683
									<tr>
684
										<td class="listlr">
685
											<?=htmlspecialchars($cert['descr']);?>
686
<?php
687
										if (is_cert_revoked($cert)):
688
?>
689
											(<b>Revoked</b>)
690
<?php
691
										endif;
692
?>
693
										</td>
694
										<td class="listr">
695
											<?=htmlspecialchars($ca['descr']);?>
696
										</td>
697
										<td valign="middle" class="list nowrap">
698
											<input type="image" name="expckey[]" width="17" height="17" border="0"
699
												src="/themes/<?=$g['theme'];?>/images/icons/icon_down.gif"
700
												onclick="document.getElementById('certid').value='<?=$i;?>';
701
													document.getElementById('userid').value='<?=$id;?>';
702
													document.getElementById('act').value='<?php echo "expckey";?>';"
703
												title="<?=gettext("export private key");?>" />
704
											<input type="image" name="expcert[]" width="17" height="17" border="0"
705
												src="/themes/<?=$g['theme'];?>/images/icons/icon_down.gif"
706
												onclick="document.getElementById('certid').value='<?=$i;?>';
707
													document.getElementById('userid').value='<?=$id;?>';
708
													document.getElementById('act').value='<?php echo "expcert";?>';"
709
												title="<?=gettext("export cert");?>" />
710
											<input type="image" name="delcert[]" width="17" height="17" border="0"
711
												src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
712
												onclick="document.getElementById('certid').value='<?=$i;?>';
713
													document.getElementById('userid').value='<?=$id;?>';
714
													document.getElementById('act').value='<?php echo "delcert";?>';
715
													return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')"
716
												title="<?=gettext("delete cert");?>" />
717
										</td>
718
									</tr>
719
<?php
720
									$i++;
721
								endforeach;
722
							endif;
723
?>
724
									<tr>
725
										<td class="list" colspan="2"></td>
726
										<td class="list">
727
											<a href="system_certmanager.php?act=new&amp;userid=<?=$id?>">
728
												<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
729
											</a>
730
										</td>
731
									</tr>
732
								</table>
733
							</td>
734
						</tr>
735

    
736
<?php
737
					else:
738
						if (is_array($config['ca']) && count($config['ca']) > 0):
739
							$i = 0;
740
							foreach( $config['ca'] as $ca) {
741
								if (!$ca['prv'])
742
									continue;
743
								$i++;
744
							}
745
?>
746

    
747
						<tr id="usercertchck">
748
							<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
749
							<td width="78%" class="vtable">
750
							<input type="checkbox" onclick="javascript:usercertClicked(this)" /> <?=gettext("Click to create a user certificate."); ?>
751
							</td>
752
						</tr>
753

    
754
<?php
755
							if ($i > 0):
756
?>
757
						<tr id="usercert" style="display:none">
758
							<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
759
							<td width="78%" class="vtable">
760
								<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="certificate">
761
									<tr>
762
										<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
763
										<td width="78%" class="vtable">
764
											<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" />
765
										</td>
766
									</tr>
767
									<tr>
768
										<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
769
										<td width="78%" class="vtable">
770
											<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
771
<?php
772
											$rowIndex = 0;
773
											foreach( $config['ca'] as $ca):
774
												if (!$ca['prv'])
775
													continue;
776
												$rowIndex++;
777
?>
778
												<option value="<?=$ca['refid'];?>"><?=$ca['descr'];?></option>
779
<?php
780
											endforeach;
781
											if ($rowIndex == 0)
782
												echo "<option></option>";
783
?>
784
											</select>
785
										</td>
786
									</tr>
787
									<tr>
788
										<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
789
										<td width="78%" class="vtable">
790
											<select name='keylen' class="formselect">
791
<?php
792
											$cert_keylens = array( "2048", "512", "1024", "4096");
793
											foreach( $cert_keylens as $len):
794
?>
795
												<option value="<?=$len;?>"><?=$len;?></option>
796
<?php
797
											endforeach;
798
											if (!count($cert_keylens))
799
												echo "<option></option>";
800
?>
801
											</select>
802
											bits
803
										</td>
804
									</tr>
805
									<tr>
806
										<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
807
										<td width="78%" class="vtable">
808
											<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />days
809
										</td>
810
									</tr>
811
								</table>
812
							</td>
813
						</tr>
814
<?php
815
							endif;
816
						endif;
817
					endif;
818
?>
819
						<tr id="sshkeychck" <?php if(!empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
820
							<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
821
							<td width="78%" class="vtable">
822
								<input type="checkbox" onclick="javascript:sshkeyClicked(this)" /> <?=gettext("Click to paste an authorized key."); ?>
823
							</td>
824
						</tr>
825
						<tr id="sshkey" <?php if(empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
826
							<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
827
							<td width="78%" class="vtable">
828
								<script type="text/javascript">
829
								//<![CDATA[
830
								window.onload=function(){
831
									document.getElementById("authorizedkeys").wrap='off';
832
								}
833
								//]]>
834
								</script>
835
								<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
836
								<br />
837
								<?=gettext("Paste an authorized keys file here.");?>
838
							</td>
839
						</tr>
840
						<tr id="ipsecpskrow">
841
							<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
842
							<td width="78%" class="vtable">
843
								<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>" />
844
							</td>
845
						</tr>
846
						<tr>
847
							<td width="22%" valign="top">&nbsp;</td>
848
							<td width="78%">
849
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
850
								<input type="button" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
851
								<?php if (isset($id) && $a_user[$id]): ?>
852
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
853
								<?php endif;?>
854
							</td>
855
						</tr>
856
					</table>
857
				</form>
858
<?php
859
			else:
860
?>
861
				<form action="system_usermanager.php" method="post" name="iform2" id="iform2">
862
					<input type="hidden" id="act" name="act" value="" />
863
					<input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" />
864
					<input type="hidden" id="username" name="username" value="" />
865
					<input type="hidden" id="privid" name="privid" value="" />
866
					<input type="hidden" id="certid" name="certid" value="" />
867
					<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
868
						<thead>
869
							<tr>
870
								<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th>
871
								<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th>
872
								<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th>
873
								<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th>
874
								<th width="10%" class="list"></th>
875
							</tr>
876
						</thead>
877
						<tfoot>
878
							<tr>
879
								<td class="list" colspan="4"></td>
880
								<td class="list">
881
									<input type="image" name="addcert" width="17" height="17" border="0"
882
										src="/themes/<?=$g['theme'];?>/images/icons/icon_plus.gif"
883
										onclick="document.getElementById('act').value='<?php echo "new";?>';"
884
										title="<?=gettext("add user");?>" />
885
								</td>
886
							</tr>
887
							<tr>
888
								<td colspan="4">
889
									<p>
890
										<?=gettext("Additional users can be added here. User permissions for accessing " .
891
										"the webConfigurator can be assigned directly or inherited from group memberships. " .
892
										"An icon that appears grey indicates that it is a system defined object. " .
893
										"Some system object properties can be modified but they cannot be deleted."); ?>
894
										<br /><br />
895
										<?=gettext("Accounts created here are also used for other parts of the system " .
896
										"such as OpenVPN, IPsec, and Captive Portal.");?>
897
									</p>
898
								</td>
899
							</tr>
900
						</tfoot>
901
						<tbody>
902
<?php
903
						$i = 0;
904
						foreach($a_user as $userent):
905
?>
906
								<tr ondblclick="document.getElementById('act').value='<?php echo "edit";?>';
907
									document.getElementById('userid').value='<?=$i;?>';
908
									document.iform2.submit();">
909
								<td class="listlr">
910
									<table border="0" cellpadding="0" cellspacing="0" summary="icons">
911
										<tr>
912
											<td align="left" valign="middle">
913
<?php
914
												if($userent['scope'] != "user")
915
													$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
916
												else
917
													$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
918
?>
919
												<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
920
											</td>
921
											<td align="left" valign="middle">
922
												<?=htmlspecialchars($userent['name']);?>
923
											</td>
924
										</tr>
925
									</table>
926
								</td>
927
								<td class="listr"><?=htmlspecialchars($userent['descr']);?>&nbsp;</td>
928
								<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
929
								<td class="listbg">
930
									<?=implode(",",local_user_get_groups($userent));?>
931
									&nbsp;
932
								</td>
933
								<td valign="middle" class="list nowrap">
934
									<input type="image" name="edituser[]" width="17" height="17" border="0"
935
										src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
936
										onclick="document.getElementById('userid').value='<?=$i;?>';
937
											document.getElementById('act').value='<?php echo "edit";?>';"
938
										title="<?=gettext("edit user");?>" />
939
<?php
940
								if($userent['scope'] != "system"):
941
?>
942
									&nbsp;
943
									<input type="image" name="deluser[]" width="17" height="17" border="0"
944
										src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
945
										onclick="document.getElementById('userid').value='<?=$i;?>';
946
											document.getElementById('username').value='<?=$userent['name'];?>';
947
											document.getElementById('act').value='<?php echo "deluser";?>';
948
											return confirm('<?=gettext("Do you really want to delete this user?");?>');"
949
										title="<?=gettext("delete user");?>" />
950
<?php
951
								endif;
952
?>
953
								</td>
954
							</tr>
955
<?php
956
							$i++;
957
						endforeach;
958
?>
959
						</tbody>
960
					</table>
961
				</form>
962
<?php
963
			endif;
964
?>
965
			</div>
966
		</td>
967
	</tr>
968
</table>
969
<?php include("fend.inc");?>
970
</body>
971
</html>
(229-229/256)