/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 02a4d858

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	aaec5634	Renato Botelho	* system_usermanager.php
4	7d2e572f	Stephen Beaver	*
5	aaec5634	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6			* Copyright (c) 2004-2016 Electric Sheep Fencing, LLC
7			* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			* All rights reserved.
10	191cb31d	Stephen Beaver	*
11	aaec5634	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	7d2e572f	Stephen Beaver	*
15	aaec5634	Renato Botelho	* Redistribution and use in source and binary forms, with or without
16			* modification, are permitted provided that the following conditions are met:
17	7d2e572f	Stephen Beaver	*
18	aaec5634	Renato Botelho	* 1. Redistributions of source code must retain the above copyright notice,
19			* this list of conditions and the following disclaimer.
20	7d2e572f	Stephen Beaver	*
21	aaec5634	Renato Botelho	* 2. Redistributions in binary form must reproduce the above copyright
22			* notice, this list of conditions and the following disclaimer in
23			* the documentation and/or other materials provided with the
24			* distribution.
25	7d2e572f	Stephen Beaver	*
26	aaec5634	Renato Botelho	* 3. All advertising materials mentioning features or use of this software
27			* must display the following acknowledgment:
28			* "This product includes software developed by the pfSense Project
29			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
30	7d2e572f	Stephen Beaver	*
31	aaec5634	Renato Botelho	* 4. The names "pfSense" and "pfSense Project" must not be used to
32			* endorse or promote products derived from this software without
33			* prior written permission. For written permission, please contact
34			* coreteam@pfsense.org.
35	7d2e572f	Stephen Beaver	*
36	aaec5634	Renato Botelho	* 5. Products derived from this software may not be called "pfSense"
37			* nor may "pfSense" appear in their names without prior written
38			* permission of the Electric Sheep Fencing, LLC.
39	7d2e572f	Stephen Beaver	*
40	aaec5634	Renato Botelho	* 6. Redistributions of any form whatsoever must retain the following
41			* acknowledgment:
42	7d2e572f	Stephen Beaver	*
43	aaec5634	Renato Botelho	* "This product includes software developed by the pfSense Project
44			* for use in the pfSense software distribution (http://www.pfsense.org/).
45	7d2e572f	Stephen Beaver	*
46	aaec5634	Renato Botelho	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
47			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
49			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
50			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
51			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
52			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
53			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
55			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
56			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
57			* OF THE POSSIBILITY OF SUCH DAMAGE.
58	7d2e572f	Stephen Beaver	*/
59	fab7ff44	Bill Marquette
60	6b07c15a	Matthew Grooms	##\|+PRIV
61			##\|*IDENT=page-system-usermanager
62	5230f468	jim-p	##\|*NAME=System: User Manager
63	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
64			##\|MATCH=system_usermanager.php
65			##\|-PRIV
66
67	aceaf18c	Phil Davis	require_once("certs.inc");
68			require_once("guiconfig.inc");
69	fab7ff44	Bill Marquette
70	e33be77c	Ermal	// start admin user code
71	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
72	1a6769a6	Renato Botelho	$id = $_POST['userid'];
73	73fa304b	Phil Davis	}
74	1df17ba9	Scott Ullrich
75	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
76			$id = $_GET['userid'];
77			}
78
79	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
80	e33be77c	Ermal	$config['system']['user'] = array();
81	73fa304b	Phil Davis	}
82	1df17ba9	Scott Ullrich
83	e33be77c	Ermal	$a_user = &$config['system']['user'];
84	7411c285	Stephen Beaver	$act = $_GET['act'];
85	45ee90ed	Matthew Grooms
86	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
87	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
88	73fa304b	Phil Davis	} else {
89	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
90	73fa304b	Phil Davis	}
91	7c2d0050	Renato Botelho
92	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
93			$pconfig['usernamefld'] = $a_user[$id]['name'];
94			$pconfig['descr'] = $a_user[$id]['descr'];
95			$pconfig['expires'] = $a_user[$id]['expires'];
96	595b074d	Phil Davis	$pconfig['customsettings'] = isset($a_user[$id]['customsettings']);
97			$pconfig['webguicss'] = $a_user[$id]['webguicss'];
98			$pconfig['webguifixedmenu'] = $a_user[$id]['webguifixedmenu'];
99			$pconfig['webguihostnamemenu'] = $a_user[$id]['webguihostnamemenu'];
100			$pconfig['dashboardcolumns'] = $a_user[$id]['dashboardcolumns'];
101			$pconfig['dashboardavailablewidgetspanel'] = isset($a_user[$id]['dashboardavailablewidgetspanel']);
102			$pconfig['systemlogsfilterpanel'] = isset($a_user[$id]['systemlogsfilterpanel']);
103			$pconfig['systemlogsmanagelogpanel'] = isset($a_user[$id]['systemlogsmanagelogpanel']);
104			$pconfig['statusmonitoringsettingspanel'] = isset($a_user[$id]['statusmonitoringsettingspanel']);
105			$pconfig['webguileftcolumnhyper'] = isset($a_user[$id]['webguileftcolumnhyper']);
106			$pconfig['pagenamefirst'] = isset($a_user[$id]['pagenamefirst']);
107	adacdf5f	jim-p	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
108			$pconfig['utype'] = $a_user[$id]['scope'];
109			$pconfig['uid'] = $a_user[$id]['uid'];
110			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
111			$pconfig['priv'] = $a_user[$id]['priv'];
112			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
113			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
114			}
115
116	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
117	45ee90ed	Matthew Grooms
118	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
119	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
120			exit;
121	6b07c15a	Matthew Grooms	}
122
123	01a0385e	Phil Davis	if ($_GET['username'] == $_SESSION['Username']) {
124			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_GET['username']);
125			} else {
126			conf_mount_rw();
127			local_user_del($a_user[$id]);
128			conf_mount_ro();
129			$userdeleted = $a_user[$id]['name'];
130			unset($a_user[$id]);
131			write_config();
132			$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
133			}
134	d61309a0	Phil Davis	} else if ($act == "new") {
135	e33be77c	Ermal	/*
136			* set this value cause the text field is read only
137			* and the user should not be able to mess with this
138			* setting.
139			*/
140			$pconfig['utype'] = "user";
141			$pconfig['lifetime'] = 3650;
142			}
143	45ee90ed	Matthew Grooms
144	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
145	4e21c82e	bruno
146			$del_users = $_POST['delete_check'];
147	01a0385e	Phil Davis	$deleted_users = "";
148			$deleted_count = 0;
149			$comma = "";
150	4e21c82e	bruno
151	73fa304b	Phil Davis	if (!empty($del_users)) {
152			foreach ($del_users as $userid) {
153	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
154	01a0385e	Phil Davis	if ($a_user[$userid]['name'] == $_SESSION['Username']) {
155			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $a_user[$userid]['name']);
156			} else {
157			conf_mount_rw();
158			$deleted_users = $deleted_users . $comma . $a_user[$userid]['name'];
159			$comma = ", ";
160			$deleted_count++;
161			local_user_del($a_user[$userid]);
162			conf_mount_ro();
163			unset($a_user[$userid]);
164			}
165			} else {
166			$delete_errors[] = sprintf(gettext("Cannot delete user %s because it is a system user."), $a_user[$userid]['name']);
167	4e21c82e	bruno	}
168			}
169	01a0385e	Phil Davis
170			if ($deleted_count > 0) {
171			if ($deleted_count == 1) {
172			$savemsg = sprintf(gettext("User %s successfully deleted."), $deleted_users);
173			} else {
174			$savemsg = sprintf(gettext("Users %s successfully deleted."), $deleted_users);
175			}
176			write_config($savemsg);
177			}
178	4e21c82e	bruno	}
179			}
180
181	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
182
183			if (!$a_user[$id]) {
184			pfSenseHeader("system_usermanager.php");
185			exit;
186			}
187
188			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
189			$certdeleted = $certdeleted['descr'];
190			unset($a_user[$id]['cert'][$_POST['certid']]);
191			write_config();
192			$_POST['act'] = "edit";
193	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
194	98402844	Stephen Beaver	}
195	64c31615	Stephen Beaver
196	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
197			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
198			unset($a_user[$id]['priv'][$_POST['privid']]);
199			local_user_set($a_user[$id]);
200			write_config();
201			$_POST['act'] = "edit";
202	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
203	4c879f95	heper	}
204	98402844	Stephen Beaver
205	1a6769a6	Renato Botelho	if ($_POST['save']) {
206	e33be77c	Ermal	unset($input_errors);
207			$pconfig = $_POST;
208	45ee90ed	Matthew Grooms
209	e33be77c	Ermal	/* input validation */
210			if (isset($id) && ($a_user[$id])) {
211			$reqdfields = explode(" ", "usernamefld");
212			$reqdfieldsn = array(gettext("Username"));
213			} else {
214			if (empty($_POST['name'])) {
215			$reqdfields = explode(" ", "usernamefld passwordfld1");
216			$reqdfieldsn = array(
217			gettext("Username"),
218			gettext("Password"));
219	45ee90ed	Matthew Grooms	} else {
220	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
221			$reqdfieldsn = array(
222			gettext("Username"),
223			gettext("Password"),
224			gettext("Descriptive name"),
225			gettext("Certificate authority"),
226			gettext("Key length"),
227			gettext("Lifetime"));
228	45ee90ed	Matthew Grooms	}
229	e33be77c	Ermal	}
230	45ee90ed	Matthew Grooms
231	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
232	45ee90ed	Matthew Grooms
233	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
234	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
235	73fa304b	Phil Davis	}
236	45ee90ed	Matthew Grooms
237	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
238	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
239	73fa304b	Phil Davis	}
240	94d455da	jim-p
241	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
242	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
243	73fa304b	Phil Davis	}
244	45ee90ed	Matthew Grooms
245	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
246	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
247	73fa304b	Phil Davis	}
248	123d8700	Renato Botelho
249	b2267ff9	jim-p	/* Check the POSTed groups to ensure they are valid and exist */
250	3896b732	Phil Davis	if (is_array($_POST['groups'])) {
251	0e5ebefd	NewEraCracker	foreach ($_POST['groups'] as $newgroup) {
252			if (empty(getGroupEntry($newgroup))) {
253			$input_errors[] = gettext("One or more invalid groups was submitted.");
254			}
255	b2267ff9	jim-p	}
256			}
257
258	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
259	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
260	73fa304b	Phil Davis	} else {
261	e33be77c	Ermal	$oldusername = "";
262	73fa304b	Phil Davis	}
263	e33be77c	Ermal	/* make sure this user name is unique */
264			if (!$input_errors) {
265			foreach ($a_user as $userent) {
266			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
267			$input_errors[] = gettext("Another entry with the same username already exists.");
268			break;
269	58664cc9	Scott Ullrich	}
270	3dec33d4	Erik Fonnesbeck	}
271	e33be77c	Ermal	}
272			/* also make sure it is not reserved */
273			if (!$input_errors) {
274			$system_users = explode("\n", file_get_contents("/etc/passwd"));
275			foreach ($system_users as $s_user) {
276			$ent = explode(":", $s_user);
277			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
278			$input_errors[] = gettext("That username is reserved by the system.");
279			break;
280	8339ab6d	jim-p	}
281	7e4a4513	Scott Ullrich	}
282	e33be77c	Ermal	}
283	1df17ba9	Scott Ullrich
284	e33be77c	Ermal	/*
285	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
286	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
287	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
288			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
289			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
290	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
291	e33be77c	Ermal	*/
292	73fa304b	Phil Davis	if ($_POST['expires']) {
293	4d148b59	Yehuda Katz	try {
294			$expdate = new DateTime($_POST['expires']);
295			//convert from any DateTime compatible date to MM/DD/YYYY
296			$_POST['expires'] = $expdate->format("m/d/Y");
297	73fa304b	Phil Davis	} catch (Exception $ex) {
298	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
299	0092b3bd	mgrooms	}
300	e33be77c	Ermal	}
301	0092b3bd	mgrooms
302	e33be77c	Ermal	if (!empty($_POST['name'])) {
303			$ca = lookup_ca($_POST['caref']);
304	73fa304b	Phil Davis	if (!$ca) {
305	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
306	73fa304b	Phil Davis	}
307	e33be77c	Ermal	}
308	c9794c06	Ermal
309	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
310			if (isAjax() && is_array($input_errors)) {
311			input_errors2Ajax($input_errors);
312			exit;
313			}
314	64c31615	Stephen Beaver
315	e33be77c	Ermal	if (!$input_errors) {
316	4ee51131	Sjon Hortensius
317	e33be77c	Ermal	conf_mount_rw();
318			$userent = array();
319	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
320	e33be77c	Ermal	$userent = $a_user[$id];
321	73fa304b	Phil Davis	}
322	e879fc81	Ermal
323	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
324
325			/* the user name was modified */
326	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
327	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
328	fdcf104c	jim-p	local_user_del($userent);
329			}
330	1df17ba9	Scott Ullrich
331	e30050b6	Phil Davis	/* the user password was modified */
332	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
333	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
334	73fa304b	Phil Davis	}
335	1df17ba9	Scott Ullrich
336	5cde9005	NewEraCracker	/* only change description if sent */
337			if (isset($_POST['descr'])) {
338			$userent['descr'] = $_POST['descr'];
339			}
340
341	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
342			$userent['expires'] = $_POST['expires'];
343	595b074d	Phil Davis	$userent['dashboardcolumns'] = $_POST['dashboardcolumns'];
344	e33be77c	Ermal	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
345			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
346	3ccb9689	Charlie Marshall
347	73fa304b	Phil Davis	if ($_POST['disabled']) {
348	e33be77c	Ermal	$userent['disabled'] = true;
349	73fa304b	Phil Davis	} else {
350	e33be77c	Ermal	unset($userent['disabled']);
351	73fa304b	Phil Davis	}
352	e33be77c	Ermal
353	595b074d	Phil Davis	if ($_POST['customsettings']) {
354			$userent['customsettings'] = true;
355			} else {
356			unset($userent['customsettings']);
357			}
358
359			if ($_POST['webguicss']) {
360			$userent['webguicss'] = $_POST['webguicss'];
361			} else {
362			unset($userent['webguicss']);
363			}
364
365			if ($_POST['webguifixedmenu']) {
366			$userent['webguifixedmenu'] = $_POST['webguifixedmenu'];
367			} else {
368			unset($userent['webguifixedmenu']);
369			}
370
371			if ($_POST['webguihostnamemenu']) {
372			$userent['webguihostnamemenu'] = $_POST['webguihostnamemenu'];
373			} else {
374			unset($userent['webguihostnamemenu']);
375			}
376
377			if ($_POST['dashboardavailablewidgetspanel']) {
378			$userent['dashboardavailablewidgetspanel'] = true;
379			} else {
380			unset($userent['dashboardavailablewidgetspanel']);
381			}
382
383			if ($_POST['systemlogsfilterpanel']) {
384			$userent['systemlogsfilterpanel'] = true;
385			} else {
386			unset($userent['systemlogsfilterpanel']);
387			}
388
389			if ($_POST['systemlogsmanagelogpanel']) {
390			$userent['systemlogsmanagelogpanel'] = true;
391			} else {
392			unset($userent['systemlogsmanagelogpanel']);
393			}
394
395			if ($_POST['statusmonitoringsettingspanel']) {
396			$userent['statusmonitoringsettingspanel'] = true;
397			} else {
398			unset($userent['statusmonitoringsettingspanel']);
399			}
400
401			if ($_POST['webguileftcolumnhyper']) {
402			$userent['webguileftcolumnhyper'] = true;
403			} else {
404			unset($userent['webguileftcolumnhyper']);
405			}
406
407			if ($_POST['pagenamefirst']) {
408			$userent['pagenamefirst'] = true;
409			} else {
410			unset($userent['pagenamefirst']);
411			}
412
413	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
414	e33be77c	Ermal	$a_user[$id] = $userent;
415	73fa304b	Phil Davis	} else {
416	e33be77c	Ermal	if (!empty($_POST['name'])) {
417			$cert = array();
418			$cert['refid'] = uniqid();
419	4c291f4c	Renato Botelho	$userent['cert'] = array();
420	e33be77c	Ermal
421			$cert['descr'] = $_POST['name'];
422
423	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
424	e33be77c	Ermal
425	4c291f4c	Renato Botelho	$dn = array(
426			'countryName' => $subject[0]['v'],
427			'stateOrProvinceName' => $subject[1]['v'],
428			'localityName' => $subject[2]['v'],
429			'organizationName' => $subject[3]['v'],
430			'emailAddress' => $subject[4]['v'],
431			'commonName' => $userent['name']);
432	e33be77c	Ermal
433			cert_create($cert, $_POST['caref'], $_POST['keylen'],
434			(int)$_POST['lifetime'], $dn);
435
436	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
437	e33be77c	Ermal	$config['cert'] = array();
438	73fa304b	Phil Davis	}
439	e33be77c	Ermal	$config['cert'][] = $cert;
440			$userent['cert'][] = $cert['refid'];
441			}
442			$userent['uid'] = $config['system']['nextuid']++;
443			/* Add the user to All Users group. */
444			foreach ($config['system']['group'] as $gidx => $group) {
445			if ($group['name'] == "all") {
446	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
447	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
448	73fa304b	Phil Davis	}
449	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
450			break;
451			}
452			}
453	970db70b	Scott Ullrich
454	e33be77c	Ermal	$a_user[] = $userent;
455	45ee90ed	Matthew Grooms	}
456	e33be77c	Ermal
457	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
458	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
459	e33be77c	Ermal	local_user_set($userent);
460	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
461	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
462	e33be77c	Ermal	write_config();
463
464	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
465	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
466	73fa304b	Phil Davis	}
467	e33be77c	Ermal
468			conf_mount_ro();
469	3ccb9689	Charlie Marshall
470	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
471	45ee90ed	Matthew Grooms	}
472	e33be77c	Ermal	}
473	fab7ff44	Bill Marquette
474	7411c285	Stephen Beaver	function build_priv_table() {
475			global $a_user, $id;
476
477			$privhtml = '<div class="table-responsive">';
478			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
479			$privhtml .= '<thead>';
480	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
481			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
482			$privhtml .= '<th>' . gettext('Name') . '</th>';
483			$privhtml .= '<th>' . gettext('Description') . '</th>';
484	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
485	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
486	7411c285	Stephen Beaver	$privhtml .= '</thead>';
487			$privhtml .= '<tbody>';
488
489	945204b1	Stephen Beaver	$i = 0;
490
491			foreach (get_user_privdesc($a_user[$id]) as $priv) {
492			$group = false;
493			if ($priv['group']) {
494			$group = $priv['group'];
495			}
496
497	7411c285	Stephen Beaver	$privhtml .= '<tr>';
498			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
499			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
500			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
501	945204b1	Stephen Beaver	$privhtml .= '<td>';
502	d61309a0	Phil Davis	if (!$group) {
503	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
504	d61309a0	Phil Davis	}
505	945204b1	Stephen Beaver
506			$privhtml .= '</td>';
507	7411c285	Stephen Beaver	$privhtml .= '</tr>';
508	945204b1	Stephen Beaver
509	d61309a0	Phil Davis	if (!$group) {
510	945204b1	Stephen Beaver	$i++;
511	d61309a0	Phil Davis	}
512	7411c285	Stephen Beaver	}
513
514			$privhtml .= '</tbody>';
515			$privhtml .= '</table>';
516			$privhtml .= '</div>';
517
518			$privhtml .= '<nav class="action-buttons">';
519	37676f4e	jim-p	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
520	7411c285	Stephen Beaver	$privhtml .= '</nav>';
521
522			return($privhtml);
523			}
524	98402844	Stephen Beaver
525	7411c285	Stephen Beaver	function build_cert_table() {
526			global $a_user, $id;
527
528			$certhtml = '<div class="table-responsive">';
529			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
530			$certhtml .= '<thead>';
531	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
532			$certhtml .= '<th>' . gettext('Name') . '</th>';
533			$certhtml .= '<th>' . gettext('CA') . '</th>';
534	98402844	Stephen Beaver	$certhtml .= '<th></th>';
535	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
536	7411c285	Stephen Beaver	$certhtml .= '</thead>';
537			$certhtml .= '<tbody>';
538
539			$a_cert = $a_user[$id]['cert'];
540			if (is_array($a_cert)) {
541			$i = 0;
542			foreach ($a_cert as $certref) {
543	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
544			$ca = lookup_ca($cert['caref']);
545			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
546
547	7411c285	Stephen Beaver	$certhtml .= '<tr>';
548	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
549	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
550	db676e5b	Stephen Beaver	$certhtml .= '<td>';
551	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
552	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
553	db676e5b	Stephen Beaver	$certhtml .= '</td>';
554	7411c285	Stephen Beaver	$certhtml .= '</tr>';
555	db676e5b	Stephen Beaver	$i++;
556	7411c285	Stephen Beaver	}
557	db676e5b	Stephen Beaver
558	7411c285	Stephen Beaver	}
559
560			$certhtml .= '</tbody>';
561			$certhtml .= '</table>';
562			$certhtml .= '</div>';
563
564			$certhtml .= '<nav class="action-buttons">';
565	37676f4e	jim-p	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
566	7411c285	Stephen Beaver	$certhtml .= '</nav>';
567
568			return($certhtml);
569			}
570
571	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
572
573			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
574			$pgtitle[] = gettext('Edit');
575			}
576	e33be77c	Ermal	include("head.inc");
577	fab7ff44	Bill Marquette
578	01a0385e	Phil Davis	if ($delete_errors) {
579			print_input_errors($delete_errors);
580			}
581
582	d61309a0	Phil Davis	if ($input_errors) {
583	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
584	d61309a0	Phil Davis	}
585	98402844	Stephen Beaver
586	d61309a0	Phil Davis	if ($savemsg) {
587	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
588	d61309a0	Phil Davis	}
589	4ee51131	Sjon Hortensius
590			$tab_array = array();
591			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
592			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
593			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
594	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
595	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
596
597	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
598	64600f94	Sjon Hortensius	?>
599	64c31615	Stephen Beaver	<form method="post">
600	060ed238	Stephen Beaver	<div class="panel panel-default">
601			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
602			<div class="panel-body">
603			<div class="table-responsive">
604	91677170	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
605	060ed238	Stephen Beaver	<thead>
606			<tr>
607			<th> </th>
608			<th><?=gettext("Username")?></th>
609			<th><?=gettext("Full name")?></th>
610			<th><?=gettext("Disabled")?></th>
611			<th><?=gettext("Groups")?></th>
612	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
613	060ed238	Stephen Beaver	</tr>
614			</thead>
615			<tbody>
616	a0165602	Sjon Hortensius	<?php
617	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
618	a0165602	Sjon Hortensius	?>
619	060ed238	Stephen Beaver	<tr>
620			<td>
621	01a0385e	Phil Davis	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=((($userent['scope'] == "system") \|\| ($userent['name'] == $_SESSION['Username'])) ? 'disabled' : '')?>/>
622	060ed238	Stephen Beaver	</td>
623			<td>
624	a0165602	Sjon Hortensius	<?php
625	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
626	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
627	d61309a0	Phil Davis	} else {
628	a0165602	Sjon Hortensius	$usrimg = 'user';
629	d61309a0	Phil Davis	}
630	a0165602	Sjon Hortensius	?>
631	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
632			<?=htmlspecialchars($userent['name'])?>
633			</td>
634			<td><?=htmlspecialchars($userent['descr'])?></td>
635			<td><?php if (isset($userent['disabled'])) echo "*"?></td>
636			<td><?=implode(",", local_user_get_groups($userent))?></td>
637			<td>
638			<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
639	01a0385e	Phil Davis	<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?>
640	060ed238	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
641	a0165602	Sjon Hortensius	<?php endif; ?>
642	060ed238	Stephen Beaver	</td>
643			</tr>
644	a0165602	Sjon Hortensius	<?php endforeach; ?>
645	060ed238	Stephen Beaver	</tbody>
646			</table>
647			</div>
648			</div>
649	94404d94	Sander van Leeuwen	</div>
650	c10cb196	Stephen Beaver	<nav class="action-buttons">
651	64c31615	Stephen Beaver	<a href="?act=new" class="btn btn-sm btn-success">
652	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
653	b921ab63	Stephen Beaver	<?=gettext("Add")?>
654			</a>
655	64c31615	Stephen Beaver
656			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
657			<i class="fa fa-trash icon-embed-btn"></i>
658			<?=gettext("Delete")?>
659			</button>
660	94404d94	Sander van Leeuwen	</nav>
661	d825dfea	NOYB	</form>
662	3c3ede28	Stephen Beaver	<div class="infoblock">
663	a0165602	Sjon Hortensius	<?php
664	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
665			"the webConfigurator can be assigned directly or inherited from group memberships. " .
666			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
667			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
668			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
669			);
670	3c3ede28	Stephen Beaver	?></div><?php
671	a0165602	Sjon Hortensius	include("foot.inc");
672			exit;
673			}
674	4ee51131	Sjon Hortensius
675			$form = new Form;
676
677	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
678	4ee51131	Sjon Hortensius
679	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
680			'act',
681			null,
682			'hidden',
683			''
684			));
685	4ee51131	Sjon Hortensius
686	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
687			'userid',
688			null,
689			'hidden',
690			isset($id) ? $id:''
691			));
692	4ee51131	Sjon Hortensius
693	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
694			'privid',
695			null,
696			'hidden',
697			''
698			));
699	4ee51131	Sjon Hortensius
700	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
701			'certid',
702			null,
703			'hidden',
704			''
705			));
706	4ee51131	Sjon Hortensius
707	7411c285	Stephen Beaver	$ro = "";
708			if ($pconfig['utype'] == "system") {
709	c4b60a9a	Colin Fleming	$ro = "readonly";
710	7411c285	Stephen Beaver	}
711	4ee51131	Sjon Hortensius
712	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
713	4ee51131	Sjon Hortensius
714	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
715			'Defined by',
716			strtoupper($pconfig['utype'])
717			));
718	4ee51131	Sjon Hortensius
719	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
720			'utype',
721			null,
722			'hidden',
723			$pconfig['utype']
724			));
725	4ee51131	Sjon Hortensius
726	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
727			'disabled',
728			'Disabled',
729			'This user cannot login',
730			$pconfig['disabled']
731			));
732	6b07c15a	Matthew Grooms
733	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
734			'usernamefld',
735			'Username',
736			'text',
737			$pconfig['usernamefld']
738			));
739	61dec0b0	Renato Botelho
740	d61309a0	Phil Davis	if ($ro) {
741	1fe9cc38	Stephen Beaver	$input->setReadonly();
742	d61309a0	Phil Davis	}
743	7411c285	Stephen Beaver
744			$form->addGlobal(new Form_Input(
745			'oldusername',
746	4ee51131	Sjon Hortensius	null,
747	7411c285	Stephen Beaver	'hidden',
748			$pconfig['usernamefld']
749	4ee51131	Sjon Hortensius	));
750	6b07c15a	Matthew Grooms
751	7411c285	Stephen Beaver	$group = new Form_Group('Password');
752			$group->add(new Form_Input(
753			'passwordfld1',
754			'Password',
755			'password'
756			));
757			$group->add(new Form_Input(
758			'passwordfld2',
759			'Confirm Password',
760			'password'
761			));
762
763			$section->add($group);
764
765			$section->addInput($input = new Form_Input(
766			'descr',
767			'Full name',
768			'text',
769			htmlspecialchars($pconfig['descr'])
770	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
771	7411c285	Stephen Beaver
772	d61309a0	Phil Davis	if ($ro) {
773	7411c285	Stephen Beaver	$input->setDisabled();
774	d61309a0	Phil Davis	}
775	7411c285	Stephen Beaver
776			$section->addInput(new Form_Input(
777			'expires',
778			'Expiration date',
779	5ce16fc1	Stephen Beaver	'text',
780	7411c285	Stephen Beaver	$pconfig['expires']
781			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
782			'the expiration date');
783
784	595b074d	Phil Davis	$section->addInput(new Form_Checkbox(
785			'customsettings',
786			'Custom Settings',
787			'Use individual customized GUI options and dashboard layout for this user.',
788			$pconfig['customsettings']
789			));
790
791			gen_user_settings_fields($section, $pconfig);
792
793	7411c285	Stephen Beaver	// ==== Group membership ==================================================
794			$group = new Form_Group('Group membership');
795
796	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
797	7411c285	Stephen Beaver	// those which this user is a member of
798			$systemGroups = array();
799			$usersGroups = array();
800
801			$usergid = [$pconfig['usernamefld']];
802
803			foreach ($config['system']['group'] as $Ggroup) {
804	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
805			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
806	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
807	d61309a0	Phil Davis	} else {
808	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
809	d61309a0	Phil Davis	}
810	b4333696	Stephen Beaver	}
811	7411c285	Stephen Beaver	}
812
813			$group->add(new Form_Select(
814			'sysgroups',
815			null,
816			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
817			$systemGroups,
818			true
819	953385a3	heper	))->setHelp('Not member of');
820	6b07c15a	Matthew Grooms
821	7411c285	Stephen Beaver	$group->add(new Form_Select(
822			'groups',
823			null,
824			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
825			$usersGroups,
826			true
827	953385a3	heper	))->setHelp('Member of');
828	7411c285	Stephen Beaver
829			$section->add($group);
830
831			$group = new Form_Group('');
832
833			$group->add(new Form_Button(
834			'movetoenabled',
835	faab522f	Renato Botelho	'Move to "Member of" list',
836	37676f4e	jim-p	null,
837			'fa-angle-double-right'
838	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
839	7411c285	Stephen Beaver
840			$group->add(new Form_Button(
841			'movetodisabled',
842	faab522f	Renato Botelho	'Move to "Not member of" list',
843	37676f4e	jim-p	null,
844			'fa-angle-double-left'
845	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
846	4ee51131	Sjon Hortensius
847	48d321ca	NewEraCracker	$group->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
848	7411c285	Stephen Beaver	$section->add($group);
849	4ee51131	Sjon Hortensius
850	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
851	d61309a0	Phil Davis	if ($act == 'new') {
852	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
853	7411c285	Stephen Beaver	'showcert',
854			'Certificate',
855			'Click to create a user certificate',
856			false
857	4ee51131	Sjon Hortensius	));
858	6b07c15a	Matthew Grooms	}
859
860	7411c285	Stephen Beaver	$form->add($section);
861	6b07c15a	Matthew Grooms
862	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
863			if (isset($pconfig['uid'])) {
864			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
865			// is the best way to make the display we need.
866	6b07c15a	Matthew Grooms
867	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
868	4ee51131	Sjon Hortensius
869	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
870			null,
871			build_priv_table()
872			));
873	4ee51131	Sjon Hortensius
874	7411c285	Stephen Beaver	$form->add($section);
875	4ee51131	Sjon Hortensius
876	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
877	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
878	7411c285	Stephen Beaver
879			$section->addInput(new Form_StaticText(
880			null,
881			build_cert_table()
882			));
883	64600f94	Sjon Hortensius
884			$form->add($section);
885	c9794c06	Ermal	}
886	7411c285	Stephen Beaver
887	f14ff867	Phil Davis	// ==== Add user certificate for a new user
888			if (is_array($config['ca']) && count($config['ca']) > 0) {
889	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
890	f14ff867	Phil Davis	$section->addClass('cert-options');
891	c9794c06	Ermal
892	f14ff867	Phil Davis	$nonPrvCas = array();
893	3896b732	Phil Davis	foreach ($config['ca'] as $ca) {
894	f14ff867	Phil Davis	if (!$ca['prv']) {
895			continue;
896			}
897	7411c285	Stephen Beaver
898	f14ff867	Phil Davis	$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
899			}
900	7411c285	Stephen Beaver
901	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
902			$section->addInput(new Form_Input(
903			'name',
904			'Descriptive name',
905			'text',
906			$pconfig['name']
907			));
908	7411c285	Stephen Beaver
909	f14ff867	Phil Davis	$section->addInput(new Form_Select(
910			'caref',
911			'Certificate authority',
912			null,
913			$nonPrvCas
914			));
915	7411c285	Stephen Beaver
916	f14ff867	Phil Davis	$section->addInput(new Form_Select(
917			'keylen',
918			'Key length',
919			2048,
920			array(
921			512 => '512 bits',
922			1024 => '1024 bits',
923	bf408592	jim-p	2048 => '2048 bits',
924	f14ff867	Phil Davis	4096 => '4096 bits',
925			)
926			));
927	7411c285	Stephen Beaver
928	f14ff867	Phil Davis	$section->addInput(new Form_Input(
929			'lifetime',
930			'Lifetime',
931			'number',
932			$pconfig['lifetime']
933			));
934	7411c285	Stephen Beaver	}
935
936	f14ff867	Phil Davis	$form->add($section);
937			}
938
939	7411c285	Stephen Beaver	endif;
940			// ==== Paste a key for the new user
941	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
942
943	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
944			'showkey',
945			'Authorized keys',
946			'Click to paste an authorized key',
947			false
948			));
949
950	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
951			'authorizedkeys',
952	d1e73829	Stephen Beaver	'Authorized SSH Keys',
953	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
954	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
955	4ee51131	Sjon Hortensius
956	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
957	4ee51131	Sjon Hortensius	'ipsecpsk',
958			'IPsec Pre-Shared Key',
959			'text',
960			$pconfig['ipsecpsk']
961			));
962
963			$form->add($section);
964	7411c285	Stephen Beaver
965	a0165602	Sjon Hortensius	print $form;
966	595b074d	Phil Davis
967			$csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />");
968	7411c285	Stephen Beaver	?>
969	8fd9052f	Colin Fleming	<script type="text/javascript">
970	7411c285	Stephen Beaver	//<![CDATA[
971	d61309a0	Phil Davis	events.push(function() {
972	7411c285	Stephen Beaver
973	595b074d	Phil Davis	function setcustomoptions() {
974			var adv = $('#customsettings').prop('checked');
975
976			hideInput('webguicss', !adv);
977			hideInput('webguifixedmenu', !adv);
978			hideInput('webguihostnamemenu', !adv);
979			hideInput('dashboardcolumns', !adv);
980			hideCheckbox('dashboardavailablewidgetspanel', !adv);
981			hideCheckbox('systemlogsfilterpanel', !adv);
982			hideCheckbox('systemlogsmanagelogpanel', !adv);
983			hideCheckbox('statusmonitoringsettingspanel', !adv);
984			hideCheckbox('webguileftcolumnhyper', !adv);
985			hideCheckbox('pagenamefirst', !adv);
986			}
987
988			// Handle displaying a warning message if a user-created theme is selected.
989			function setThemeWarning() {
990			if ($('#webguicss').val().startsWith("pfSense")) {
991			$('#csstxt').html("").addClass("text-default");
992			} else {
993			$('#csstxt').html("<?=$csswarning?>").addClass("text-danger");
994			}
995			}
996
997			$('#webguicss').change(function() {
998			setThemeWarning();
999			});
1000
1001			setThemeWarning();
1002
1003	7411c285	Stephen Beaver	// On click . .
1004	595b074d	Phil Davis	$('#customsettings').click(function () {
1005			setcustomoptions();
1006			});
1007
1008	7411c285	Stephen Beaver	$("#movetodisabled").click(function() {
1009			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
1010			});
1011
1012			$("#movetoenabled").click(function() {
1013			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
1014			});
1015
1016			$("#showcert").click(function() {
1017			hideClass('cert-options', !this.checked);
1018			});
1019
1020			$("#showkey").click(function() {
1021	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
1022			hideCheckbox('showkey', true);
1023	7411c285	Stephen Beaver	});
1024
1025	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
1026	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1027	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
1028			$('#userid').val('<?=$id;?>');
1029			$('#act').val('delcert');
1030			$('form').submit();
1031			}
1032			});
1033	945204b1	Stephen Beaver
1034	408d0882	heper	$('[id^=delprivid]').click(function(event) {
1035	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1036	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
1037	408d0882	heper	$('#userid').val('<?=$id;?>');
1038			$('#act').val('delprivid');
1039			$('form').submit();
1040			}
1041			});
1042	64c31615	Stephen Beaver
1043	f11862a3	Stephen Beaver	$('#expires').datepicker();
1044	98402844	Stephen Beaver
1045	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1046
1047			hideClass('cert-options', true);
1048			//hideInput('authorizedkeys', true);
1049	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
1050	595b074d	Phil Davis	setcustomoptions();
1051	7411c285	Stephen Beaver
1052			// On submit mark all the user's groups as "selected"
1053	d61309a0	Phil Davis	$('form').submit(function() {
1054	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
1055			});
1056			});
1057			//]]>
1058			</script>
1059			<?php
1060	bb1b5c6f	heper	include('foot.inc');
1061	01a0385e	Phil Davis	?>

Project

General

Profile

pfSense