/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 05ae8524

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	c5d81585	Renato Botelho	* system_usermanager.php
4	7d2e572f	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	81299b5c	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			* All rights reserved.
10	191cb31d	Stephen Beaver	*
11	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	7d2e572f	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
16			* you may not use this file except in compliance with the License.
17			* You may obtain a copy of the License at
18	7d2e572f	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
20	7d2e572f	Stephen Beaver	*
21	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
22			* distributed under the License is distributed on an "AS IS" BASIS,
23			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24			* See the License for the specific language governing permissions and
25			* limitations under the License.
26	7d2e572f	Stephen Beaver	*/
27	fab7ff44	Bill Marquette
28	6b07c15a	Matthew Grooms	##\|+PRIV
29			##\|*IDENT=page-system-usermanager
30	5230f468	jim-p	##\|*NAME=System: User Manager
31	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
32	57188e47	Phil Davis	##\|*WARN=standard-warning-root
33	6b07c15a	Matthew Grooms	##\|MATCH=system_usermanager.php
34			##\|-PRIV
35
36	c81ef6e2	Phil Davis	require_once("certs.inc");
37			require_once("guiconfig.inc");
38	43e07671	doktornotor	require_once("pfsense-utils.inc");
39	fab7ff44	Bill Marquette
40	e33be77c	Ermal	// start admin user code
41	4611e283	Steve Beaver	if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) {
42			$id = $_REQUEST['userid'];
43	73fa304b	Phil Davis	}
44	1df17ba9	Scott Ullrich
45	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
46	e33be77c	Ermal	$config['system']['user'] = array();
47	73fa304b	Phil Davis	}
48	1df17ba9	Scott Ullrich
49	e33be77c	Ermal	$a_user = &$config['system']['user'];
50	4611e283	Steve Beaver	$act = $_REQUEST['act'];
51	45ee90ed	Matthew Grooms
52	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
53	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
54	73fa304b	Phil Davis	} else {
55	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
56	73fa304b	Phil Davis	}
57	7c2d0050	Renato Botelho
58	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
59			$pconfig['usernamefld'] = $a_user[$id]['name'];
60			$pconfig['descr'] = $a_user[$id]['descr'];
61			$pconfig['expires'] = $a_user[$id]['expires'];
62	8bab524e	Phil Davis	$pconfig['customsettings'] = isset($a_user[$id]['customsettings']);
63			$pconfig['webguicss'] = $a_user[$id]['webguicss'];
64			$pconfig['webguifixedmenu'] = $a_user[$id]['webguifixedmenu'];
65			$pconfig['webguihostnamemenu'] = $a_user[$id]['webguihostnamemenu'];
66			$pconfig['dashboardcolumns'] = $a_user[$id]['dashboardcolumns'];
67	1d3510cf	Phil Davis	$pconfig['interfacessort'] = isset($a_user[$id]['interfacessort']);
68	8bab524e	Phil Davis	$pconfig['dashboardavailablewidgetspanel'] = isset($a_user[$id]['dashboardavailablewidgetspanel']);
69			$pconfig['systemlogsfilterpanel'] = isset($a_user[$id]['systemlogsfilterpanel']);
70			$pconfig['systemlogsmanagelogpanel'] = isset($a_user[$id]['systemlogsmanagelogpanel']);
71			$pconfig['statusmonitoringsettingspanel'] = isset($a_user[$id]['statusmonitoringsettingspanel']);
72			$pconfig['webguileftcolumnhyper'] = isset($a_user[$id]['webguileftcolumnhyper']);
73	d9058974	Phil Davis	$pconfig['disablealiaspopupdetail'] = isset($a_user[$id]['disablealiaspopupdetail']);
74	8bab524e	Phil Davis	$pconfig['pagenamefirst'] = isset($a_user[$id]['pagenamefirst']);
75	adacdf5f	jim-p	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
76			$pconfig['utype'] = $a_user[$id]['scope'];
77			$pconfig['uid'] = $a_user[$id]['uid'];
78			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
79			$pconfig['priv'] = $a_user[$id]['priv'];
80			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
81			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
82			}
83
84	f5c9c0c7	Steve Beaver	if ($_POST['act'] == "deluser") {
85	45ee90ed	Matthew Grooms
86	f5c9c0c7	Steve Beaver	if (!isset($_POST['username']) \|\| !isset($a_user[$id]) \|\| ($_POST['username'] != $a_user[$id]['name'])) {
87	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
88			exit;
89	6b07c15a	Matthew Grooms	}
90
91	f5c9c0c7	Steve Beaver	if ($_POST['username'] == $_SESSION['Username']) {
92			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_POST['username']);
93	d6b79c39	Phil Davis	} else {
94			local_user_del($a_user[$id]);
95			$userdeleted = $a_user[$id]['name'];
96			unset($a_user[$id]);
97			write_config();
98			$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
99			}
100	f5c9c0c7	Steve Beaver
101	d61309a0	Phil Davis	} else if ($act == "new") {
102	e33be77c	Ermal	/*
103			* set this value cause the text field is read only
104			* and the user should not be able to mess with this
105			* setting.
106			*/
107			$pconfig['utype'] = "user";
108			$pconfig['lifetime'] = 3650;
109	fc1913fe	jim-p
110			$nonPrvCas = array();
111			if (is_array($config['ca']) && count($config['ca']) > 0) {
112			foreach ($config['ca'] as $ca) {
113			if (!$ca['prv']) {
114			continue;
115			}
116
117			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
118			}
119			}
120
121	e33be77c	Ermal	}
122	45ee90ed	Matthew Grooms
123	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
124	4e21c82e	bruno
125			$del_users = $_POST['delete_check'];
126	d6b79c39	Phil Davis	$deleted_users = "";
127			$deleted_count = 0;
128			$comma = "";
129	4e21c82e	bruno
130	73fa304b	Phil Davis	if (!empty($del_users)) {
131			foreach ($del_users as $userid) {
132	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
133	d6b79c39	Phil Davis	if ($a_user[$userid]['name'] == $_SESSION['Username']) {
134			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $a_user[$userid]['name']);
135			} else {
136			$deleted_users = $deleted_users . $comma . $a_user[$userid]['name'];
137			$comma = ", ";
138			$deleted_count++;
139			local_user_del($a_user[$userid]);
140			unset($a_user[$userid]);
141			}
142			} else {
143			$delete_errors[] = sprintf(gettext("Cannot delete user %s because it is a system user."), $a_user[$userid]['name']);
144	4e21c82e	bruno	}
145			}
146	d6b79c39	Phil Davis
147			if ($deleted_count > 0) {
148			if ($deleted_count == 1) {
149			$savemsg = sprintf(gettext("User %s successfully deleted."), $deleted_users);
150			} else {
151			$savemsg = sprintf(gettext("Users %s successfully deleted."), $deleted_users);
152			}
153			write_config($savemsg);
154			}
155	4e21c82e	bruno	}
156			}
157
158	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
159
160			if (!$a_user[$id]) {
161			pfSenseHeader("system_usermanager.php");
162			exit;
163			}
164
165			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
166			$certdeleted = $certdeleted['descr'];
167			unset($a_user[$id]['cert'][$_POST['certid']]);
168			write_config();
169			$_POST['act'] = "edit";
170	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
171	98402844	Stephen Beaver	}
172	64c31615	Stephen Beaver
173	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
174			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
175			unset($a_user[$id]['priv'][$_POST['privid']]);
176			local_user_set($a_user[$id]);
177			write_config();
178			$_POST['act'] = "edit";
179	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
180	4c879f95	heper	}
181	98402844	Stephen Beaver
182	1a6769a6	Renato Botelho	if ($_POST['save']) {
183	e33be77c	Ermal	unset($input_errors);
184			$pconfig = $_POST;
185	45ee90ed	Matthew Grooms
186	e33be77c	Ermal	/* input validation */
187			if (isset($id) && ($a_user[$id])) {
188			$reqdfields = explode(" ", "usernamefld");
189			$reqdfieldsn = array(gettext("Username"));
190			} else {
191			if (empty($_POST['name'])) {
192			$reqdfields = explode(" ", "usernamefld passwordfld1");
193			$reqdfieldsn = array(
194			gettext("Username"),
195			gettext("Password"));
196	45ee90ed	Matthew Grooms	} else {
197	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
198			$reqdfieldsn = array(
199			gettext("Username"),
200			gettext("Password"),
201			gettext("Descriptive name"),
202			gettext("Certificate authority"),
203			gettext("Key length"),
204			gettext("Lifetime"));
205	45ee90ed	Matthew Grooms	}
206	e33be77c	Ermal	}
207	45ee90ed	Matthew Grooms
208	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
209	45ee90ed	Matthew Grooms
210	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
211	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
212	73fa304b	Phil Davis	}
213	45ee90ed	Matthew Grooms
214	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
215	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
216	73fa304b	Phil Davis	}
217	94d455da	jim-p
218	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
219	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
220	73fa304b	Phil Davis	}
221	45ee90ed	Matthew Grooms
222	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
223	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
224	73fa304b	Phil Davis	}
225	123d8700	Renato Botelho
226	e63321a5	jim-p	/* Check the POSTed groups to ensure they are valid and exist */
227	9d3e8723	Phil Davis	if (is_array($_POST['groups'])) {
228	9f472202	NewEraCracker	foreach ($_POST['groups'] as $newgroup) {
229			if (empty(getGroupEntry($newgroup))) {
230			$input_errors[] = gettext("One or more invalid groups was submitted.");
231			}
232	e63321a5	jim-p	}
233			}
234
235	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
236	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
237	73fa304b	Phil Davis	} else {
238	e33be77c	Ermal	$oldusername = "";
239	73fa304b	Phil Davis	}
240	e33be77c	Ermal	/* make sure this user name is unique */
241			if (!$input_errors) {
242			foreach ($a_user as $userent) {
243			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
244			$input_errors[] = gettext("Another entry with the same username already exists.");
245			break;
246	58664cc9	Scott Ullrich	}
247	3dec33d4	Erik Fonnesbeck	}
248	e33be77c	Ermal	}
249			/* also make sure it is not reserved */
250			if (!$input_errors) {
251			$system_users = explode("\n", file_get_contents("/etc/passwd"));
252			foreach ($system_users as $s_user) {
253			$ent = explode(":", $s_user);
254			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
255			$input_errors[] = gettext("That username is reserved by the system.");
256			break;
257	8339ab6d	jim-p	}
258	7e4a4513	Scott Ullrich	}
259	e33be77c	Ermal	}
260	1df17ba9	Scott Ullrich
261	e33be77c	Ermal	/*
262	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
263	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
264	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
265			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
266			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
267	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
268	e33be77c	Ermal	*/
269	73fa304b	Phil Davis	if ($_POST['expires']) {
270	4d148b59	Yehuda Katz	try {
271			$expdate = new DateTime($_POST['expires']);
272			//convert from any DateTime compatible date to MM/DD/YYYY
273			$_POST['expires'] = $expdate->format("m/d/Y");
274	73fa304b	Phil Davis	} catch (Exception $ex) {
275	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
276	0092b3bd	mgrooms	}
277	e33be77c	Ermal	}
278	0092b3bd	mgrooms
279	e33be77c	Ermal	if (!empty($_POST['name'])) {
280			$ca = lookup_ca($_POST['caref']);
281	73fa304b	Phil Davis	if (!$ca) {
282	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
283	73fa304b	Phil Davis	}
284	e33be77c	Ermal	}
285	c9794c06	Ermal
286	e33be77c	Ermal	if (!$input_errors) {
287	4ee51131	Sjon Hortensius
288	e33be77c	Ermal	$userent = array();
289	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
290	e33be77c	Ermal	$userent = $a_user[$id];
291	73fa304b	Phil Davis	}
292	e879fc81	Ermal
293	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
294
295			/* the user name was modified */
296	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
297	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
298	fdcf104c	jim-p	local_user_del($userent);
299			}
300	1df17ba9	Scott Ullrich
301	e30050b6	Phil Davis	/* the user password was modified */
302	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
303	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
304	73fa304b	Phil Davis	}
305	1df17ba9	Scott Ullrich
306	5cde9005	NewEraCracker	/* only change description if sent */
307			if (isset($_POST['descr'])) {
308			$userent['descr'] = $_POST['descr'];
309			}
310
311	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
312			$userent['expires'] = $_POST['expires'];
313	8bab524e	Phil Davis	$userent['dashboardcolumns'] = $_POST['dashboardcolumns'];
314	e33be77c	Ermal	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
315			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
316	3ccb9689	Charlie Marshall
317	73fa304b	Phil Davis	if ($_POST['disabled']) {
318	e33be77c	Ermal	$userent['disabled'] = true;
319	73fa304b	Phil Davis	} else {
320	e33be77c	Ermal	unset($userent['disabled']);
321	73fa304b	Phil Davis	}
322	e33be77c	Ermal
323	8bab524e	Phil Davis	if ($_POST['customsettings']) {
324			$userent['customsettings'] = true;
325			} else {
326			unset($userent['customsettings']);
327			}
328
329			if ($_POST['webguicss']) {
330			$userent['webguicss'] = $_POST['webguicss'];
331			} else {
332			unset($userent['webguicss']);
333			}
334
335			if ($_POST['webguifixedmenu']) {
336			$userent['webguifixedmenu'] = $_POST['webguifixedmenu'];
337			} else {
338			unset($userent['webguifixedmenu']);
339			}
340
341			if ($_POST['webguihostnamemenu']) {
342			$userent['webguihostnamemenu'] = $_POST['webguihostnamemenu'];
343			} else {
344			unset($userent['webguihostnamemenu']);
345			}
346
347	1d3510cf	Phil Davis	if ($_POST['interfacessort']) {
348			$userent['interfacessort'] = true;
349			} else {
350			unset($userent['interfacessort']);
351			}
352
353	8bab524e	Phil Davis	if ($_POST['dashboardavailablewidgetspanel']) {
354			$userent['dashboardavailablewidgetspanel'] = true;
355			} else {
356			unset($userent['dashboardavailablewidgetspanel']);
357			}
358
359			if ($_POST['systemlogsfilterpanel']) {
360			$userent['systemlogsfilterpanel'] = true;
361			} else {
362			unset($userent['systemlogsfilterpanel']);
363			}
364
365			if ($_POST['systemlogsmanagelogpanel']) {
366			$userent['systemlogsmanagelogpanel'] = true;
367			} else {
368			unset($userent['systemlogsmanagelogpanel']);
369			}
370
371			if ($_POST['statusmonitoringsettingspanel']) {
372			$userent['statusmonitoringsettingspanel'] = true;
373			} else {
374			unset($userent['statusmonitoringsettingspanel']);
375			}
376
377			if ($_POST['webguileftcolumnhyper']) {
378			$userent['webguileftcolumnhyper'] = true;
379			} else {
380			unset($userent['webguileftcolumnhyper']);
381			}
382
383	d9058974	Phil Davis	if ($_POST['disablealiaspopupdetail']) {
384			$userent['disablealiaspopupdetail'] = true;
385			} else {
386			unset($userent['disablealiaspopupdetail']);
387			}
388
389	8bab524e	Phil Davis	if ($_POST['pagenamefirst']) {
390			$userent['pagenamefirst'] = true;
391			} else {
392			unset($userent['pagenamefirst']);
393			}
394
395	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
396	e33be77c	Ermal	$a_user[$id] = $userent;
397	73fa304b	Phil Davis	} else {
398	e33be77c	Ermal	if (!empty($_POST['name'])) {
399			$cert = array();
400			$cert['refid'] = uniqid();
401	4c291f4c	Renato Botelho	$userent['cert'] = array();
402	e33be77c	Ermal
403			$cert['descr'] = $_POST['name'];
404
405	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
406	e33be77c	Ermal
407	4c291f4c	Renato Botelho	$dn = array(
408			'countryName' => $subject[0]['v'],
409			'stateOrProvinceName' => $subject[1]['v'],
410			'localityName' => $subject[2]['v'],
411			'organizationName' => $subject[3]['v'],
412			'emailAddress' => $subject[4]['v'],
413			'commonName' => $userent['name']);
414	e33be77c	Ermal
415			cert_create($cert, $_POST['caref'], $_POST['keylen'],
416			(int)$_POST['lifetime'], $dn);
417
418	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
419	e33be77c	Ermal	$config['cert'] = array();
420	73fa304b	Phil Davis	}
421	e33be77c	Ermal	$config['cert'][] = $cert;
422			$userent['cert'][] = $cert['refid'];
423			}
424			$userent['uid'] = $config['system']['nextuid']++;
425			/* Add the user to All Users group. */
426			foreach ($config['system']['group'] as $gidx => $group) {
427			if ($group['name'] == "all") {
428	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
429	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
430	73fa304b	Phil Davis	}
431	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
432			break;
433			}
434			}
435	970db70b	Scott Ullrich
436	e33be77c	Ermal	$a_user[] = $userent;
437	45ee90ed	Matthew Grooms	}
438	e33be77c	Ermal
439	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
440	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
441	e33be77c	Ermal	local_user_set($userent);
442	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
443	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
444	e33be77c	Ermal	write_config();
445
446	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
447	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
448	73fa304b	Phil Davis	}
449	e33be77c	Ermal
450	3ccb9689	Charlie Marshall
451	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
452	45ee90ed	Matthew Grooms	}
453	e33be77c	Ermal	}
454	fab7ff44	Bill Marquette
455	7411c285	Stephen Beaver	function build_priv_table() {
456			global $a_user, $id;
457
458			$privhtml = '<div class="table-responsive">';
459			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
460			$privhtml .= '<thead>';
461	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
462			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
463			$privhtml .= '<th>' . gettext('Name') . '</th>';
464			$privhtml .= '<th>' . gettext('Description') . '</th>';
465	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
466	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
467	7411c285	Stephen Beaver	$privhtml .= '</thead>';
468			$privhtml .= '<tbody>';
469
470	945204b1	Stephen Beaver	$i = 0;
471	57188e47	Phil Davis	$user_has_root_priv = false;
472	945204b1	Stephen Beaver
473			foreach (get_user_privdesc($a_user[$id]) as $priv) {
474			$group = false;
475			if ($priv['group']) {
476			$group = $priv['group'];
477			}
478
479	7411c285	Stephen Beaver	$privhtml .= '<tr>';
480			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
481			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
482	57188e47	Phil Davis	$privhtml .= '<td>' . htmlspecialchars($priv['descr']);
483			if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
484	21312954	Phil Davis	$privhtml .= ' ' . gettext('(admin privilege)');
485	57188e47	Phil Davis	$user_has_root_priv = true;
486			}
487			$privhtml .= '</td>';
488	945204b1	Stephen Beaver	$privhtml .= '<td>';
489	d61309a0	Phil Davis	if (!$group) {
490	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
491	d61309a0	Phil Davis	}
492	945204b1	Stephen Beaver
493			$privhtml .= '</td>';
494	7411c285	Stephen Beaver	$privhtml .= '</tr>';
495	945204b1	Stephen Beaver
496	d61309a0	Phil Davis	if (!$group) {
497	945204b1	Stephen Beaver	$i++;
498	d61309a0	Phil Davis	}
499	7411c285	Stephen Beaver	}
500
501	57188e47	Phil Davis	if ($user_has_root_priv) {
502			$privhtml .= '<tr>';
503			$privhtml .= '<td colspan="3">';
504	9187d6f7	Phil Davis	$privhtml .= '<b>' . gettext('Security notice: This user effectively has administrator-level access') . '</b>';
505	57188e47	Phil Davis	$privhtml .= '</td>';
506			$privhtml .= '<td>';
507			$privhtml .= '</td>';
508			$privhtml .= '</tr>';
509	f5c9c0c7	Steve Beaver
510	57188e47	Phil Davis	}
511
512	7411c285	Stephen Beaver	$privhtml .= '</tbody>';
513			$privhtml .= '</table>';
514			$privhtml .= '</div>';
515
516			$privhtml .= '<nav class="action-buttons">';
517	4611e283	Steve Beaver	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
518	7411c285	Stephen Beaver	$privhtml .= '</nav>';
519
520			return($privhtml);
521			}
522	98402844	Stephen Beaver
523	7411c285	Stephen Beaver	function build_cert_table() {
524			global $a_user, $id;
525
526			$certhtml = '<div class="table-responsive">';
527			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
528			$certhtml .= '<thead>';
529	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
530			$certhtml .= '<th>' . gettext('Name') . '</th>';
531			$certhtml .= '<th>' . gettext('CA') . '</th>';
532	98402844	Stephen Beaver	$certhtml .= '<th></th>';
533	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
534	7411c285	Stephen Beaver	$certhtml .= '</thead>';
535			$certhtml .= '<tbody>';
536
537			$a_cert = $a_user[$id]['cert'];
538			if (is_array($a_cert)) {
539			$i = 0;
540			foreach ($a_cert as $certref) {
541	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
542			$ca = lookup_ca($cert['caref']);
543			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
544
545	7411c285	Stephen Beaver	$certhtml .= '<tr>';
546	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
547	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
548	db676e5b	Stephen Beaver	$certhtml .= '<td>';
549	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
550	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
551	db676e5b	Stephen Beaver	$certhtml .= '</td>';
552	7411c285	Stephen Beaver	$certhtml .= '</tr>';
553	db676e5b	Stephen Beaver	$i++;
554	7411c285	Stephen Beaver	}
555	db676e5b	Stephen Beaver
556	7411c285	Stephen Beaver	}
557
558			$certhtml .= '</tbody>';
559			$certhtml .= '</table>';
560			$certhtml .= '</div>';
561
562			$certhtml .= '<nav class="action-buttons">';
563	4611e283	Steve Beaver	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
564	7411c285	Stephen Beaver	$certhtml .= '</nav>';
565
566			return($certhtml);
567			}
568
569	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
570	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_usermanager.php");
571	8f1ab2a4	k-paulius
572			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
573			$pgtitle[] = gettext('Edit');
574	edcd7535	Phil Davis	$pglinks[] = "@self";
575	8f1ab2a4	k-paulius	}
576	4611e283	Steve Beaver
577	e33be77c	Ermal	include("head.inc");
578	fab7ff44	Bill Marquette
579	d6b79c39	Phil Davis	if ($delete_errors) {
580			print_input_errors($delete_errors);
581			}
582
583	d61309a0	Phil Davis	if ($input_errors) {
584	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
585	d61309a0	Phil Davis	}
586	98402844	Stephen Beaver
587	d61309a0	Phil Davis	if ($savemsg) {
588	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
589	d61309a0	Phil Davis	}
590	4ee51131	Sjon Hortensius
591			$tab_array = array();
592			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
593			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
594			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
595	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
596	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
597
598	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
599	64600f94	Sjon Hortensius	?>
600	64c31615	Stephen Beaver	<form method="post">
601	060ed238	Stephen Beaver	<div class="panel panel-default">
602			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
603			<div class="panel-body">
604			<div class="table-responsive">
605	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
606	060ed238	Stephen Beaver	<thead>
607			<tr>
608			<th> </th>
609			<th><?=gettext("Username")?></th>
610			<th><?=gettext("Full name")?></th>
611	edd88334	NOYB	<th><?=gettext("Status")?></th>
612	060ed238	Stephen Beaver	<th><?=gettext("Groups")?></th>
613	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
614	060ed238	Stephen Beaver	</tr>
615			</thead>
616			<tbody>
617	a0165602	Sjon Hortensius	<?php
618	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
619	a0165602	Sjon Hortensius	?>
620	060ed238	Stephen Beaver	<tr>
621			<td>
622	d6b79c39	Phil Davis	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=((($userent['scope'] == "system") \|\| ($userent['name'] == $_SESSION['Username'])) ? 'disabled' : '')?>/>
623	060ed238	Stephen Beaver	</td>
624			<td>
625	a0165602	Sjon Hortensius	<?php
626	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
627	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
628	d61309a0	Phil Davis	} else {
629	a0165602	Sjon Hortensius	$usrimg = 'user';
630	d61309a0	Phil Davis	}
631	a0165602	Sjon Hortensius	?>
632	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
633			<?=htmlspecialchars($userent['name'])?>
634			</td>
635			<td><?=htmlspecialchars($userent['descr'])?></td>
636	0fdbaca8	NOYB	<td><i class="fa fa-<?= (isset($userent['disabled'])) ? 'ban" title="' . gettext("Disabled") . '"' : 'check" title="' . gettext("Enabled") . '"' ; ?>><span style='display: none'><?= (isset($userent['disabled'])) ? gettext("Disabled") : gettext("Enabled") ; ?></span></i></td>
637	060ed238	Stephen Beaver	<td><?=implode(",", local_user_get_groups($userent))?></td>
638			<td>
639	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
640	d6b79c39	Phil Davis	<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?>
641	f5c9c0c7	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" usepost></a>
642	a0165602	Sjon Hortensius	<?php endif; ?>
643	060ed238	Stephen Beaver	</td>
644			</tr>
645	a0165602	Sjon Hortensius	<?php endforeach; ?>
646	060ed238	Stephen Beaver	</tbody>
647			</table>
648			</div>
649			</div>
650	94404d94	Sander van Leeuwen	</div>
651	c10cb196	Stephen Beaver	<nav class="action-buttons">
652	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-sm btn-success">
653	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
654	b921ab63	Stephen Beaver	<?=gettext("Add")?>
655			</a>
656	64c31615	Stephen Beaver
657			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
658			<i class="fa fa-trash icon-embed-btn"></i>
659			<?=gettext("Delete")?>
660			</button>
661	f5c9c0c7	Steve Beaver
662	94404d94	Sander van Leeuwen	</nav>
663	d825dfea	NOYB	</form>
664	3c3ede28	Stephen Beaver	<div class="infoblock">
665	a0165602	Sjon Hortensius	<?php
666	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
667			"the webConfigurator can be assigned directly or inherited from group memberships. " .
668			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
669			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
670			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
671			);
672	f5c9c0c7	Steve Beaver
673	d3f59a8c	Steve Beaver	?></div>
674
675	f5c9c0c7	Steve Beaver	<?php
676	a0165602	Sjon Hortensius	include("foot.inc");
677			exit;
678			}
679	4ee51131	Sjon Hortensius
680			$form = new Form;
681
682	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
683	4ee51131	Sjon Hortensius
684	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
685			'act',
686			null,
687			'hidden',
688			''
689			));
690	4ee51131	Sjon Hortensius
691	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
692			'userid',
693			null,
694			'hidden',
695			isset($id) ? $id:''
696			));
697	4ee51131	Sjon Hortensius
698	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
699			'privid',
700			null,
701			'hidden',
702			''
703			));
704	4ee51131	Sjon Hortensius
705	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
706			'certid',
707			null,
708			'hidden',
709			''
710			));
711	4ee51131	Sjon Hortensius
712	7411c285	Stephen Beaver	$ro = "";
713			if ($pconfig['utype'] == "system") {
714	c4b60a9a	Colin Fleming	$ro = "readonly";
715	7411c285	Stephen Beaver	}
716	4ee51131	Sjon Hortensius
717	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
718	4ee51131	Sjon Hortensius
719	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
720			'Defined by',
721			strtoupper($pconfig['utype'])
722			));
723	4ee51131	Sjon Hortensius
724	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
725			'utype',
726			null,
727			'hidden',
728			$pconfig['utype']
729			));
730	4ee51131	Sjon Hortensius
731	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
732			'disabled',
733			'Disabled',
734			'This user cannot login',
735			$pconfig['disabled']
736			));
737	6b07c15a	Matthew Grooms
738	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
739			'usernamefld',
740	153c3aa6	Phil Davis	'*Username',
741	7411c285	Stephen Beaver	'text',
742			$pconfig['usernamefld']
743			));
744	61dec0b0	Renato Botelho
745	d61309a0	Phil Davis	if ($ro) {
746	1fe9cc38	Stephen Beaver	$input->setReadonly();
747	d61309a0	Phil Davis	}
748	7411c285	Stephen Beaver
749			$form->addGlobal(new Form_Input(
750			'oldusername',
751	4ee51131	Sjon Hortensius	null,
752	7411c285	Stephen Beaver	'hidden',
753			$pconfig['usernamefld']
754	4ee51131	Sjon Hortensius	));
755	6b07c15a	Matthew Grooms
756	153c3aa6	Phil Davis	if ($act == "edit") {
757			$pwd_required = "";
758			} else {
759			$pwd_required = "*";
760			}
761
762			$group = new Form_Group($pwd_required . 'Password');
763	7411c285	Stephen Beaver	$group->add(new Form_Input(
764			'passwordfld1',
765			'Password',
766			'password'
767			));
768			$group->add(new Form_Input(
769			'passwordfld2',
770			'Confirm Password',
771			'password'
772			));
773
774			$section->add($group);
775
776			$section->addInput($input = new Form_Input(
777			'descr',
778			'Full name',
779			'text',
780			htmlspecialchars($pconfig['descr'])
781	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
782	7411c285	Stephen Beaver
783	d61309a0	Phil Davis	if ($ro) {
784	7411c285	Stephen Beaver	$input->setDisabled();
785	d61309a0	Phil Davis	}
786	7411c285	Stephen Beaver
787			$section->addInput(new Form_Input(
788			'expires',
789			'Expiration date',
790	d78dbc34	Stephen Beaver	'text',
791	7411c285	Stephen Beaver	$pconfig['expires']
792			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
793	98b87cfa	Jonathon Anderson	'the expiration date as MM/DD/YYYY');
794	7411c285	Stephen Beaver
795	8bab524e	Phil Davis	$section->addInput(new Form_Checkbox(
796			'customsettings',
797			'Custom Settings',
798			'Use individual customized GUI options and dashboard layout for this user.',
799			$pconfig['customsettings']
800			));
801
802			gen_user_settings_fields($section, $pconfig);
803
804	7411c285	Stephen Beaver	// ==== Group membership ==================================================
805			$group = new Form_Group('Group membership');
806
807	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
808	7411c285	Stephen Beaver	// those which this user is a member of
809			$systemGroups = array();
810			$usersGroups = array();
811
812			$usergid = [$pconfig['usernamefld']];
813
814			foreach ($config['system']['group'] as $Ggroup) {
815	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
816			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
817	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
818	d61309a0	Phil Davis	} else {
819	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
820	d61309a0	Phil Davis	}
821	b4333696	Stephen Beaver	}
822	7411c285	Stephen Beaver	}
823
824			$group->add(new Form_Select(
825			'sysgroups',
826			null,
827			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
828			$systemGroups,
829			true
830	953385a3	heper	))->setHelp('Not member of');
831	6b07c15a	Matthew Grooms
832	7411c285	Stephen Beaver	$group->add(new Form_Select(
833			'groups',
834			null,
835			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
836			$usersGroups,
837			true
838	953385a3	heper	))->setHelp('Member of');
839	7411c285	Stephen Beaver
840			$section->add($group);
841
842			$group = new Form_Group('');
843
844			$group->add(new Form_Button(
845			'movetoenabled',
846	faab522f	Renato Botelho	'Move to "Member of" list',
847	37676f4e	jim-p	null,
848			'fa-angle-double-right'
849	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
850	7411c285	Stephen Beaver
851			$group->add(new Form_Button(
852			'movetodisabled',
853	faab522f	Renato Botelho	'Move to "Not member of" list',
854	37676f4e	jim-p	null,
855			'fa-angle-double-left'
856	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
857	4ee51131	Sjon Hortensius
858	e4c7d45f	NewEraCracker	$group->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
859	7411c285	Stephen Beaver	$section->add($group);
860	4ee51131	Sjon Hortensius
861	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
862	d61309a0	Phil Davis	if ($act == 'new') {
863	fc1913fe	jim-p	if (count($nonPrvCas) > 0) {
864			$section->addInput(new Form_Checkbox(
865			'showcert',
866			'Certificate',
867			'Click to create a user certificate',
868			false
869			));
870			} else {
871			$section->addInput(new Form_StaticText(
872			'Certificate',
873			gettext('No private CAs found. A private CA is required to create a new user certificate. ' .
874			'Save the user first to import an external certificate.')
875			));
876			}
877	6b07c15a	Matthew Grooms	}
878
879	7411c285	Stephen Beaver	$form->add($section);
880	6b07c15a	Matthew Grooms
881	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
882			if (isset($pconfig['uid'])) {
883			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
884			// is the best way to make the display we need.
885	6b07c15a	Matthew Grooms
886	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
887	4ee51131	Sjon Hortensius
888	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
889			null,
890			build_priv_table()
891			));
892	4ee51131	Sjon Hortensius
893	7411c285	Stephen Beaver	$form->add($section);
894	4ee51131	Sjon Hortensius
895	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
896	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
897	7411c285	Stephen Beaver
898			$section->addInput(new Form_StaticText(
899			null,
900			build_cert_table()
901			));
902	64600f94	Sjon Hortensius
903			$form->add($section);
904	c9794c06	Ermal	}
905	7411c285	Stephen Beaver
906	f14ff867	Phil Davis	// ==== Add user certificate for a new user
907			if (is_array($config['ca']) && count($config['ca']) > 0) {
908	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
909	f14ff867	Phil Davis	$section->addClass('cert-options');
910	c9794c06	Ermal
911	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
912			$section->addInput(new Form_Input(
913			'name',
914			'Descriptive name',
915			'text',
916			$pconfig['name']
917			));
918	7411c285	Stephen Beaver
919	f14ff867	Phil Davis	$section->addInput(new Form_Select(
920			'caref',
921			'Certificate authority',
922			null,
923			$nonPrvCas
924			));
925	7411c285	Stephen Beaver
926	f14ff867	Phil Davis	$section->addInput(new Form_Select(
927			'keylen',
928			'Key length',
929			2048,
930			array(
931			512 => '512 bits',
932			1024 => '1024 bits',
933	16897690	jim-p	2048 => '2048 bits',
934	d5018c6a	stilez	3072 => '3072 bits',
935	f14ff867	Phil Davis	4096 => '4096 bits',
936	d5018c6a	stilez	7680 => '7680 bits',
937			8192 => '8192 bits',
938			15360 => '15360 bits',
939			16384 => '16384 bits'
940	f14ff867	Phil Davis	)
941	4dd437e4	Phil Davis	))->setHelp('The larger the key, the more security it offers, but larger keys take considerably more time to generate, ' .
942			'and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). ' .
943			'As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. ' .
944			'For more information see %1$s.', '<a href="https://keylength.com">keylength.com</a>');
945	7411c285	Stephen Beaver
946	f14ff867	Phil Davis	$section->addInput(new Form_Input(
947			'lifetime',
948			'Lifetime',
949			'number',
950			$pconfig['lifetime']
951			));
952	7411c285	Stephen Beaver	}
953
954	f14ff867	Phil Davis	$form->add($section);
955			}
956
957	7411c285	Stephen Beaver	endif;
958			// ==== Paste a key for the new user
959	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
960
961	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
962			'showkey',
963			'Authorized keys',
964			'Click to paste an authorized key',
965			false
966			));
967
968	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
969			'authorizedkeys',
970	d1e73829	Stephen Beaver	'Authorized SSH Keys',
971	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
972	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
973	4ee51131	Sjon Hortensius
974	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
975	4ee51131	Sjon Hortensius	'ipsecpsk',
976			'IPsec Pre-Shared Key',
977			'text',
978			$pconfig['ipsecpsk']
979			));
980
981			$form->add($section);
982	7411c285	Stephen Beaver
983	a0165602	Sjon Hortensius	print $form;
984	8bab524e	Phil Davis
985			$csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />");
986	7411c285	Stephen Beaver	?>
987	8fd9052f	Colin Fleming	<script type="text/javascript">
988	7411c285	Stephen Beaver	//<![CDATA[
989	d61309a0	Phil Davis	events.push(function() {
990	7411c285	Stephen Beaver
991	8bab524e	Phil Davis	function setcustomoptions() {
992			var adv = $('#customsettings').prop('checked');
993
994			hideInput('webguicss', !adv);
995			hideInput('webguifixedmenu', !adv);
996			hideInput('webguihostnamemenu', !adv);
997			hideInput('dashboardcolumns', !adv);
998	1d3510cf	Phil Davis	hideCheckbox('interfacessort', !adv);
999	8bab524e	Phil Davis	hideCheckbox('dashboardavailablewidgetspanel', !adv);
1000			hideCheckbox('systemlogsfilterpanel', !adv);
1001			hideCheckbox('systemlogsmanagelogpanel', !adv);
1002			hideCheckbox('statusmonitoringsettingspanel', !adv);
1003			hideCheckbox('webguileftcolumnhyper', !adv);
1004	d9058974	Phil Davis	hideCheckbox('disablealiaspopupdetail', !adv);
1005	8bab524e	Phil Davis	hideCheckbox('pagenamefirst', !adv);
1006			}
1007
1008			// Handle displaying a warning message if a user-created theme is selected.
1009			function setThemeWarning() {
1010			if ($('#webguicss').val().startsWith("pfSense")) {
1011			$('#csstxt').html("").addClass("text-default");
1012			} else {
1013			$('#csstxt').html("<?=$csswarning?>").addClass("text-danger");
1014			}
1015			}
1016
1017			$('#webguicss').change(function() {
1018			setThemeWarning();
1019			});
1020
1021			setThemeWarning();
1022
1023	7411c285	Stephen Beaver	// On click . .
1024	8bab524e	Phil Davis	$('#customsettings').click(function () {
1025			setcustomoptions();
1026			});
1027
1028	7411c285	Stephen Beaver	$("#movetodisabled").click(function() {
1029			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
1030			});
1031
1032			$("#movetoenabled").click(function() {
1033			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
1034			});
1035
1036			$("#showcert").click(function() {
1037			hideClass('cert-options', !this.checked);
1038			});
1039
1040			$("#showkey").click(function() {
1041	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
1042			hideCheckbox('showkey', true);
1043	7411c285	Stephen Beaver	});
1044
1045	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
1046	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1047	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
1048			$('#userid').val('<?=$id;?>');
1049			$('#act').val('delcert');
1050			$('form').submit();
1051			}
1052			});
1053	945204b1	Stephen Beaver
1054	408d0882	heper	$('[id^=delprivid]').click(function(event) {
1055	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1056	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
1057	408d0882	heper	$('#userid').val('<?=$id;?>');
1058			$('#act').val('delprivid');
1059			$('form').submit();
1060			}
1061			});
1062	64c31615	Stephen Beaver
1063	53c38ff1	Stephen Beaver	$('#expires').datepicker();
1064	98402844	Stephen Beaver
1065	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1066
1067			hideClass('cert-options', true);
1068			//hideInput('authorizedkeys', true);
1069	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
1070	8bab524e	Phil Davis	setcustomoptions();
1071	7411c285	Stephen Beaver
1072			// On submit mark all the user's groups as "selected"
1073	d61309a0	Phil Davis	$('form').submit(function() {
1074	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
1075			});
1076	f5c9c0c7	Steve Beaver
1077	7411c285	Stephen Beaver	});
1078			//]]>
1079			</script>
1080			<?php
1081	bb1b5c6f	heper	include('foot.inc');
1082	d6b79c39	Phil Davis	?>

Project

General

Profile

pfSense