/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_usermanager.php @ 06de3aea

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38			pfSense_BUILDER_BINARIES:
39			pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	31b53653	Scott Ullrich
53	e33be77c	Ermal	// start admin user code
54			$pgtitle = array(gettext("System"),gettext("User Manager"));
55	fab7ff44	Bill Marquette
56	e33be77c	Ermal	$id = $_GET['id'];
57			if (isset($_POST['id']))
58			$id = $_POST['id'];
59	1df17ba9	Scott Ullrich
60	e33be77c	Ermal	if (!is_array($config['system']['user']))
61			$config['system']['user'] = array();
62	1df17ba9	Scott Ullrich
63	e33be77c	Ermal	$a_user = &$config['system']['user'];
64	45ee90ed	Matthew Grooms
65	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
66			$pconfig['usernamefld'] = $a_user[$id]['name'];
67			$pconfig['descr'] = $a_user[$id]['descr'];
68			$pconfig['expires'] = $a_user[$id]['expires'];
69			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
70			$pconfig['utype'] = $a_user[$id]['scope'];
71			$pconfig['uid'] = $a_user[$id]['uid'];
72			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
73			$pconfig['priv'] = $a_user[$id]['priv'];
74			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
75			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
76			}
77
78	e33be77c	Ermal	if ($_GET['act'] == "deluser") {
79	45ee90ed	Matthew Grooms
80	e33be77c	Ermal	if (!$a_user[$id]) {
81			pfSenseHeader("system_usermanager.php");
82			exit;
83	6b07c15a	Matthew Grooms	}
84
85	e33be77c	Ermal	local_user_del($a_user[$id]);
86			$userdeleted = $a_user[$id]['name'];
87			unset($a_user[$id]);
88			write_config();
89			$savemsg = gettext("User")." {$userdeleted} ".
90			gettext("successfully deleted")."<br/>";
91			}
92			else if ($_GET['act'] == "delpriv") {
93	6b07c15a	Matthew Grooms
94	e33be77c	Ermal	if (!$a_user[$id]) {
95			pfSenseHeader("system_usermanager.php");
96			exit;
97	45ee90ed	Matthew Grooms	}
98
99	e33be77c	Ermal	$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
100			unset($a_user[$id]['priv'][$_GET['privid']]);
101			local_user_set($a_user[$id]);
102			write_config();
103			$_GET['act'] = "edit";
104			$savemsg = gettext("Privilege")." {$privdeleted} ".
105			gettext("successfully deleted")."<br/>";
106			}
107			else if ($_GET['act'] == "expcert") {
108	93823b10	Matthew Grooms
109	e33be77c	Ermal	if (!$a_user[$id]) {
110			pfSenseHeader("system_usermanager.php");
111	93823b10	Matthew Grooms	exit;
112			}
113
114	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
115	93823b10	Matthew Grooms
116	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
117			$exp_data = base64_decode($cert['crt']);
118			$exp_size = strlen($exp_data);
119	93823b10	Matthew Grooms
120	e33be77c	Ermal	header("Content-Type: application/octet-stream");
121			header("Content-Disposition: attachment; filename={$exp_name}");
122			header("Content-Length: $exp_size");
123			echo $exp_data;
124			exit;
125			}
126			else if ($_GET['act'] == "expckey") {
127	93823b10	Matthew Grooms
128	e33be77c	Ermal	if (!$a_user[$id]) {
129			pfSenseHeader("system_usermanager.php");
130	93823b10	Matthew Grooms	exit;
131			}
132
133	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
134	58fdb8ad	Matthew Grooms
135	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
136			$exp_data = base64_decode($cert['prv']);
137			$exp_size = strlen($exp_data);
138	58fdb8ad	Matthew Grooms
139	e33be77c	Ermal	header("Content-Type: application/octet-stream");
140			header("Content-Disposition: attachment; filename={$exp_name}");
141			header("Content-Length: $exp_size");
142			echo $exp_data;
143			exit;
144			}
145			else if ($_GET['act'] == "delcert") {
146	58fdb8ad	Matthew Grooms
147	e33be77c	Ermal	if (!$a_user[$id]) {
148			pfSenseHeader("system_usermanager.php");
149			exit;
150	45ee90ed	Matthew Grooms	}
151
152	e33be77c	Ermal	$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
153			$certdeleted = $certdeleted['descr'];
154			unset($a_user[$id]['cert'][$_GET['certid']]);
155			write_config();
156			$_GET['act'] = "edit";
157			$savemsg = gettext("Certificate")." {$certdeleted} ".
158			gettext("association removed.")."<br/>";
159			}
160			else if ($_GET['act'] == "new") {
161			/*
162			* set this value cause the text field is read only
163			* and the user should not be able to mess with this
164			* setting.
165			*/
166			$pconfig['utype'] = "user";
167			$pconfig['lifetime'] = 3650;
168			}
169	45ee90ed	Matthew Grooms
170	e33be77c	Ermal	if ($_POST) {
171			unset($input_errors);
172			$pconfig = $_POST;
173	45ee90ed	Matthew Grooms
174	e33be77c	Ermal	/* input validation */
175			if (isset($id) && ($a_user[$id])) {
176			$reqdfields = explode(" ", "usernamefld");
177			$reqdfieldsn = array(gettext("Username"));
178			} else {
179			if (empty($_POST['name'])) {
180			$reqdfields = explode(" ", "usernamefld passwordfld1");
181			$reqdfieldsn = array(
182			gettext("Username"),
183			gettext("Password"));
184	45ee90ed	Matthew Grooms	} else {
185	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
186			$reqdfieldsn = array(
187			gettext("Username"),
188			gettext("Password"),
189			gettext("Descriptive name"),
190			gettext("Certificate authority"),
191			gettext("Key length"),
192			gettext("Lifetime"));
193	45ee90ed	Matthew Grooms	}
194	e33be77c	Ermal	}
195	45ee90ed	Matthew Grooms
196	e33be77c	Ermal	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
197	45ee90ed	Matthew Grooms
198	e33be77c	Ermal	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
199			$input_errors[] = gettext("The username contains invalid characters.");
200	45ee90ed	Matthew Grooms
201	e33be77c	Ermal	if (strlen($_POST['usernamefld']) > 16)
202			$input_errors[] = gettext("The username is longer than 16 characters.");
203	94d455da	jim-p
204	e33be77c	Ermal	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
205			$input_errors[] = gettext("The passwords do not match.");
206	45ee90ed	Matthew Grooms
207	e33be77c	Ermal	if (isset($id) && $a_user[$id])
208			$oldusername = $a_user[$id]['name'];
209			else
210			$oldusername = "";
211			/* make sure this user name is unique */
212			if (!$input_errors) {
213			foreach ($a_user as $userent) {
214			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
215			$input_errors[] = gettext("Another entry with the same username already exists.");
216			break;
217	58664cc9	Scott Ullrich	}
218	3dec33d4	Erik Fonnesbeck	}
219	e33be77c	Ermal	}
220			/* also make sure it is not reserved */
221			if (!$input_errors) {
222			$system_users = explode("\n", file_get_contents("/etc/passwd"));
223			foreach ($system_users as $s_user) {
224			$ent = explode(":", $s_user);
225			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
226			$input_errors[] = gettext("That username is reserved by the system.");
227			break;
228	8339ab6d	jim-p	}
229	7e4a4513	Scott Ullrich	}
230	e33be77c	Ermal	}
231	1df17ba9	Scott Ullrich
232	e33be77c	Ermal	/*
233			* Check for a valid expirationdate if one is set at all (valid means,
234	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
235	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
236			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
237			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
238			* Otherwhise such an entry would lead to an invalid expiration data.
239			*/
240			if ($_POST['expires']){
241	4d148b59	Yehuda Katz	try {
242			$expdate = new DateTime($_POST['expires']);
243			//convert from any DateTime compatible date to MM/DD/YYYY
244			$_POST['expires'] = $expdate->format("m/d/Y");
245			} catch ( Exception $ex ) {
246	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
247	0092b3bd	mgrooms	}
248	e33be77c	Ermal	}
249	0092b3bd	mgrooms
250	e33be77c	Ermal	if (!empty($_POST['name'])) {
251			$ca = lookup_ca($_POST['caref']);
252			if (!$ca)
253			$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
254			}
255	c9794c06	Ermal
256	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
257			if (isAjax() && is_array($input_errors)) {
258			input_errors2Ajax($input_errors);
259			exit;
260			}
261	1df17ba9	Scott Ullrich
262	e33be77c	Ermal	if (!$input_errors) {
263			conf_mount_rw();
264			$userent = array();
265			if (isset($id) && $a_user[$id])
266			$userent = $a_user[$id];
267	e879fc81	Ermal
268	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
269
270			/* the user name was modified */
271	fdcf104c	jim-p	if ($_POST['usernamefld'] <> $_POST['oldusername']) {
272	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
273	fdcf104c	jim-p	local_user_del($userent);
274			}
275	1df17ba9	Scott Ullrich
276	e33be77c	Ermal	/* the user password was mofified */
277			if ($_POST['passwordfld1'])
278			local_user_set_password($userent, $_POST['passwordfld1']);
279	1df17ba9	Scott Ullrich
280	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
281			$userent['descr'] = $_POST['descr'];
282			$userent['expires'] = $_POST['expires'];
283			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
284			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
285
286			if($_POST['disabled'])
287			$userent['disabled'] = true;
288			else
289			unset($userent['disabled']);
290
291			if (isset($id) && $a_user[$id])
292			$a_user[$id] = $userent;
293			else {
294			if (!empty($_POST['name'])) {
295			$cert = array();
296			$cert['refid'] = uniqid();
297			$userent['cert'] = array();
298
299			$cert['descr'] = $_POST['name'];
300
301			$subject = cert_get_subject_array($ca['crt']);
302
303			$dn = array(
304			'countryName' => $subject[0]['v'],
305			'stateOrProvinceName' => $subject[1]['v'],
306			'localityName' => $subject[2]['v'],
307			'organizationName' => $subject[3]['v'],
308			'emailAddress' => $subject[4]['v'],
309			'commonName' => $userent['name']);
310
311			cert_create($cert, $_POST['caref'], $_POST['keylen'],
312			(int)$_POST['lifetime'], $dn);
313
314			if (!is_array($config['cert']))
315			$config['cert'] = array();
316			$config['cert'][] = $cert;
317			$userent['cert'][] = $cert['refid'];
318			}
319			$userent['uid'] = $config['system']['nextuid']++;
320			/* Add the user to All Users group. */
321			foreach ($config['system']['group'] as $gidx => $group) {
322			if ($group['name'] == "all") {
323			if (!is_array($config['system']['group'][$gidx]['member']))
324			$config['system']['group'][$gidx]['member'] = array();
325			$config['system']['group'][$gidx]['member'][] = $userent['uid'];
326			break;
327			}
328			}
329	970db70b	Scott Ullrich
330	e33be77c	Ermal	$a_user[] = $userent;
331	45ee90ed	Matthew Grooms	}
332	e33be77c	Ermal
333			local_user_set_groups($userent,$_POST['groups']);
334			local_user_set($userent);
335			write_config();
336
337			if(is_dir("/etc/inc/privhooks"))
338			run_plugins("/etc/inc/privhooks");
339
340			conf_mount_ro();
341
342			pfSenseHeader("system_usermanager.php");
343	45ee90ed	Matthew Grooms	}
344	e33be77c	Ermal	}
345	fab7ff44	Bill Marquette
346	e33be77c	Ermal	include("head.inc");
347	1df17ba9	Scott Ullrich	?>
348	fab7ff44	Bill Marquette
349	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
350	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
351	0092b3bd	mgrooms	<!--
352			//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
353			//Script featured on JavaScript Kit (http://www.javascriptkit.com)
354			//For this script, visit http://www.javascriptkit.com
355			// -->
356	6b8588c6	Colin Fleming	<script type="text/javascript" src="javascript/datetimepicker.js"></script>
357			<script type="text/javascript">
358			//<![CDATA[
359	6b07c15a	Matthew Grooms
360			function setall_selected(id) {
361			selbox = document.getElementById(id);
362			count = selbox.options.length;
363			for (index = 0; index<count; index++)
364			selbox.options[index].selected = true;
365			}
366
367			function clear_selected(id) {
368			selbox = document.getElementById(id);
369			count = selbox.options.length;
370			for (index = 0; index<count; index++)
371			selbox.options[index].selected = false;
372			}
373
374			function remove_selected(id) {
375			selbox = document.getElementById(id);
376			index = selbox.options.length - 1;
377			for (; index >= 0; index--)
378			if (selbox.options[index].selected)
379			selbox.remove(index);
380			}
381
382			function copy_selected(srcid, dstid) {
383			src_selbox = document.getElementById(srcid);
384			dst_selbox = document.getElementById(dstid);
385			count = src_selbox.options.length;
386			for (index = 0; index < count; index++) {
387			if (src_selbox.options[index].selected) {
388			option = document.createElement('option');
389			option.text = src_selbox.options[index].text;
390			option.value = src_selbox.options[index].value;
391			dst_selbox.add(option, null);
392			}
393			}
394			}
395
396			function move_selected(srcid, dstid) {
397			copy_selected(srcid, dstid);
398			remove_selected(srcid);
399			}
400
401			function presubmit() {
402			clear_selected('notgroups');
403			setall_selected('groups');
404			}
405
406	c9794c06	Ermal	function usercertClicked(obj) {
407			if (obj.checked) {
408			document.getElementById("usercertchck").style.display="none";
409			document.getElementById("usercert").style.display="";
410			} else {
411			document.getElementById("usercert").style.display="none";
412			document.getElementById("usercertchck").style.display="";
413			}
414			}
415
416			function sshkeyClicked(obj) {
417			if (obj.checked) {
418			document.getElementById("sshkeychck").style.display="none";
419			document.getElementById("sshkey").style.display="";
420			} else {
421			document.getElementById("sshkey").style.display="none";
422			document.getElementById("sshkeychck").style.display="";
423			}
424			}
425	6b8588c6	Colin Fleming	//]]>
426	6b07c15a	Matthew Grooms	</script>
427	1df17ba9	Scott Ullrich	<?php
428	45ee90ed	Matthew Grooms	if ($input_errors)
429			print_input_errors($input_errors);
430			if ($savemsg)
431			print_info_box($savemsg);
432	1df17ba9	Scott Ullrich	?>
433	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="user manager">
434	45ee90ed	Matthew Grooms	<tr>
435	e30001cf	Matthew Grooms	<td>
436	45ee90ed	Matthew Grooms	<?php
437			$tab_array = array();
438			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
439	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
440	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
441	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
442	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
443			?>
444			</td>
445			</tr>
446			<tr>
447	e30001cf	Matthew Grooms	<td id="mainarea">
448			<div class="tabcont">
449
450			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
451
452			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
453	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
454	e30001cf	Matthew Grooms	<?php
455			$ro = "";
456			if ($pconfig['utype'] == "system")
457	6b8588c6	Colin Fleming	$ro = "readonly=\"readonly\"";
458	e30001cf	Matthew Grooms	?>
459			<tr>
460			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
461			<td width="78%" class="vtable">
462	8db87547	jim-p	<strong><?=strtoupper(htmlspecialchars($pconfig['utype']));?></strong>
463	6b8588c6	Colin Fleming	<input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>" />
464	e30001cf	Matthew Grooms	</td>
465			</tr>
466	b4bfd25d	sullrich	<tr>
467	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
468	b4bfd25d	sullrich	<td width="78%" class="vtable">
469	6b8588c6	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "checked=\"checked\""; ?> />
470	b4bfd25d	sullrich	</td>
471			</tr>
472	e30001cf	Matthew Grooms	<tr>
473			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
474			<td width="78%" class="vtable">
475	6b8588c6	Colin Fleming	<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?> />
476	e30001cf	Matthew Grooms	<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
477			</td>
478			</tr>
479			<tr>
480			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
481			<td width="78%" class="vtable">
482			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
483			</td>
484			</tr>
485			<tr>
486			<td width="78%" class="vtable">
487			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
488			</td>
489			</tr>
490			<tr>
491			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
492			<td width="78%" class="vtable">
493	6b8588c6	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?> />
494	e30001cf	Matthew Grooms	<br/>
495			<?=gettext("User's full name, for your own information only");?>
496			</td>
497			</tr>
498	0092b3bd	mgrooms	<tr>
499	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
500	0092b3bd	mgrooms	<td width="78%" class="vtable">
501	6b8588c6	Colin Fleming	<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>" />
502	0092b3bd	mgrooms	<a href="javascript:NewCal('expires','mmddyyyy')">
503	6b8588c6	Colin Fleming	<img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="<?=gettext("Pick a date");?>" />
504	0092b3bd	mgrooms	</a>
505	6b8588c6	Colin Fleming	<br/>
506	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
507	0092b3bd	mgrooms	</tr>
508	e30001cf	Matthew Grooms	<tr>
509			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
510			<td width="78%" class="vtable" align="center">
511	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="group membership">
512	e30001cf	Matthew Grooms	<tr>
513			<td align="center" width="50%">
514	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Not Member Of"); ?></strong><br/>
515	e30001cf	Matthew Grooms	<br/>
516	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onchange="clear_selected('groups')" multiple="multiple">
517	e30001cf	Matthew Grooms	<?php
518			foreach ($config['system']['group'] as $group):
519			if ($group['gid'] == 1998) /* all users group */
520			continue;
521	08724afa	jim-p	if (is_array($pconfig['groups']) && in_array($group['name'],$pconfig['groups']))
522	e30001cf	Matthew Grooms	continue;
523			?>
524			<option value="<?=$group['name'];?>" <?=$selected;?>>
525			<?=htmlspecialchars($group['name']);?>
526			</option>
527			<?php endforeach; ?>
528			</select>
529			<br/>
530			</td>
531			<td>
532			<br/>
533			<a href="javascript:move_selected('notgroups','groups')">
534	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
535	e30001cf	Matthew Grooms	</a>
536			<br/><br/>
537			<a href="javascript:move_selected('groups','notgroups')">
538	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
539	e30001cf	Matthew Grooms	</a>
540			</td>
541			<td align="center" width="50%">
542	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Member Of"); ?></strong><br/>
543	e30001cf	Matthew Grooms	<br/>
544	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onchange="clear_selected('nogroups')" multiple="multiple">
545	e30001cf	Matthew Grooms	<?php
546	08724afa	jim-p	if (is_array($pconfig['groups'])) {
547	e30001cf	Matthew Grooms	foreach ($config['system']['group'] as $group):
548			if ($group['gid'] == 1998) /* all users group */
549			continue;
550			if (!in_array($group['name'],$pconfig['groups']))
551			continue;
552			?>
553			<option value="<?=$group['name'];?>">
554			<?=htmlspecialchars($group['name']);?>
555			</option>
556	08724afa	jim-p	<?php endforeach;
557			} ?>
558	e30001cf	Matthew Grooms	</select>
559			<br/>
560			</td>
561			</tr>
562			</table>
563			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
564			</td>
565			</tr>
566
567	ff9eda9d	jim-p	<?php if (isset($pconfig['uid'])): ?>
568	e30001cf	Matthew Grooms
569			<tr>
570			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
571			<td width="78%" class="vtable">
572	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges">
573	e30001cf	Matthew Grooms	<tr>
574			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
575			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
576			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
577			<td class="list"></td>
578			</tr>
579			<?php
580
581			$privdesc = get_user_privdesc($a_user[$id]);
582			if(is_array($privdesc)):
583			$i = 0;
584			foreach ($privdesc as $priv):
585			$group = false;
586			if ($priv['group'])
587			$group = $priv['group'];
588			?>
589			<tr>
590			<td class="listlr"><?=$group;?></td>
591			<td class="listr">
592			<?=htmlspecialchars($priv['name']);?>
593			</td>
594			<td class="listbg">
595			<?=htmlspecialchars($priv['descr']);?>
596			</td>
597	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
598	e30001cf	Matthew Grooms	<?php if (!$group): ?>
599	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
600			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" />
601	e30001cf	Matthew Grooms	</a>
602			<?php endif; ?>
603			</td>
604			</tr>
605			<?php
606			/* can only delete user priv indexes */
607			if (!$group)
608			$i++;
609			endforeach;
610			endif;
611			?>
612			<tr>
613			<td class="list" colspan="3"></td>
614			<td class="list">
615			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
616	6b8588c6	Colin Fleming	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
617	e30001cf	Matthew Grooms	</a>
618			</td>
619			</tr>
620			</table>
621			</td>
622			</tr>
623			<tr>
624			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
625			<td width="78%" class="vtable">
626	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="certificates">
627	e30001cf	Matthew Grooms	<tr>
628			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
629			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
630			<td class="list"></td>
631			</tr>
632			<?php
633
634			$a_cert = $a_user[$id]['cert'];
635			if(is_array($a_cert)):
636			$i = 0;
637	c25f73ae	jim-p	foreach ($a_cert as $certref):
638			$cert = lookup_cert($certref);
639			$ca = lookup_ca($cert['caref']);
640	e30001cf	Matthew Grooms	?>
641			<tr>
642			<td class="listlr">
643	f2a86ca9	jim-p	<?=htmlspecialchars($cert['descr']);?>
644	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
645			(<b>Revoked</b>)
646			<?php endif; ?>
647	e30001cf	Matthew Grooms	</td>
648			<td class="listr">
649	f2a86ca9	jim-p	<?=htmlspecialchars($ca['descr']);?>
650	e30001cf	Matthew Grooms	</td>
651	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
652			<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
653	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
654	e30001cf	Matthew Grooms	</a>
655	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
656	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
657	e30001cf	Matthew Grooms	</a>
658	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')">
659	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
660	e30001cf	Matthew Grooms	</a>
661			</td>
662			</tr>
663			<?php
664			$i++;
665			endforeach;
666			endif;
667			?>
668			<tr>
669			<td class="list" colspan="2"></td>
670			<td class="list">
671	6b8588c6	Colin Fleming	<a href="system_certmanager.php?act=new&userid=<?=$id?>">
672			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
673	e30001cf	Matthew Grooms	</a>
674			</td>
675			</tr>
676			</table>
677			</td>
678			</tr>
679	45ee90ed	Matthew Grooms
680	c9794c06	Ermal	<?php else : ?>
681	b4e6524c	jim-p	<?php if (is_array($config['ca']) && count($config['ca']) > 0): ?>
682			<?php $i = 0; foreach( $config['ca'] as $ca) {
683	c9794c06	Ermal	if (!$ca['prv'])
684			continue;
685			$i++;
686			}
687			?>
688
689	6b8588c6	Colin Fleming	<tr id="usercertchck">
690	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
691			<td width="78%" class="vtable">
692	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:usercertClicked(this)" /> <?=gettext("Click to create a user certificate."); ?>
693	c9794c06	Ermal	</td>
694			</tr>
695
696			<?php if ($i > 0): ?>
697
698			<tr id="usercert" name="usercert" style="display:none">
699			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
700			<td width="78%" class="vtable">
701	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="certificate">
702	c9794c06	Ermal	<tr>
703			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
704			<td width="78%" class="vtable">
705	6b8588c6	Colin Fleming	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" />
706	c9794c06	Ermal	</td>
707			</tr>
708			<tr>
709			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
710			<td width="78%" class="vtable">
711	6b8588c6	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
712	c9794c06	Ermal	<?php
713	b4e6524c	jim-p	foreach( $config['ca'] as $ca):
714	c9794c06	Ermal	if (!$ca['prv'])
715			continue;
716			?>
717	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"><?=$ca['descr'];?></option>
718	c9794c06	Ermal	<?php endforeach; ?>
719			</select>
720			</td>
721			</tr>
722			<tr>
723			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
724			<td width="78%" class="vtable">
725			<select name='keylen' class="formselect">
726			<?php
727	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
728	c9794c06	Ermal	foreach( $cert_keylens as $len):
729			?>
730			<option value="<?=$len;?>"><?=$len;?></option>
731			<?php endforeach; ?>
732			</select>
733			bits
734			</td>
735			</tr>
736			<tr>
737			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
738			<td width="78%" class="vtable">
739	6b8588c6	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />days
740	c9794c06	Ermal	</td>
741			</tr>
742			</table>
743			</td>
744			</tr>
745
746			<?php endif; endif; ?>
747	e30001cf	Matthew Grooms	<?php endif; ?>
748	45ee90ed	Matthew Grooms
749	6b8588c6	Colin Fleming	<tr id="sshkeychck">
750	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
751			<td width="78%" class="vtable">
752	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:sshkeyClicked(this)" /> <?=gettext("Click to paste an authorized key."); ?>
753	c9794c06	Ermal	</td>
754			</tr>
755	6b8588c6	Colin Fleming	<tr id="sshkey" style="display:none">
756	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
757			<td width="78%" class="vtable">
758			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
759			<br/>
760			<?=gettext("Paste an authorized keys file here.");?>
761			</td>
762			</tr>
763	6b8588c6	Colin Fleming	<tr id="ipsecpskrow">
764	ddd1fb7f	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
765			<td width="78%" class="vtable">
766	6b8588c6	Colin Fleming	<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>" />
767	ddd1fb7f	jim-p	</td>
768			</tr>
769	e30001cf	Matthew Grooms	<tr>
770			<td width="22%" valign="top"> </td>
771			<td width="78%">
772	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
773	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
774			<input name="id" type="hidden" value="<?=$id;?>" />
775			<?php endif;?>
776			</td>
777			</tr>
778			</table>
779			</form>
780
781			<?php else: ?>
782
783	6b8588c6	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
784	5b42a459	bcyrill	<thead>
785			<tr>
786			<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th>
787			<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th>
788			<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th>
789			<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th>
790	6b8588c6	Colin Fleming	<th width="10%" class="list"></th>
791	5b42a459	bcyrill	</tr>
792			</thead>
793	6b8588c6	Colin Fleming	<tfoot>
794			<tr>
795			<td class="list" colspan="4"></td>
796			<td class="list">
797			<a href="system_usermanager.php?act=new">
798			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
799			</a>
800			</td>
801			</tr>
802			<tr>
803			<td colspan="4">
804			<p>
805			<?=gettext("Additional users can be added here. User permissions for accessing " .
806			"the webConfigurator can be assigned directly or inherited from group memberships. " .
807			"An icon that appears grey indicates that it is a system defined object. " .
808			"Some system object properties can be modified but they cannot be deleted."); ?>
809			<br/><br/>
810			<?=gettext("Accounts created here are also used for other parts of the system " .
811			"such as OpenVPN, IPsec, and Captive Portal.");?>
812			</p>
813			</td>
814			</tr>
815			</tfoot>
816	5b42a459	bcyrill	<tbody>
817			<?php
818			$i = 0;
819			foreach($a_user as $userent):
820			?>
821	6b8588c6	Colin Fleming	<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
822	5b42a459	bcyrill	<td class="listlr">
823	6b8588c6	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icons">
824	5b42a459	bcyrill	<tr>
825	6b8588c6	Colin Fleming	<td align="left" valign="middle">
826	5b42a459	bcyrill	<?php
827			if($userent['scope'] != "user")
828			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
829			else
830			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
831			?>
832			<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
833			</td>
834			<td align="left" valign="middle">
835			<?=htmlspecialchars($userent['name']);?>
836			</td>
837			</tr>
838			</table>
839			</td>
840			<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td>
841			<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
842			<td class="listbg">
843			<?=implode(",",local_user_get_groups($userent));?>
844
845			</td>
846	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
847			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
848	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
849			</a>
850			<?php if($userent['scope'] != "system"): ?>
851
852	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
853	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
854			</a>
855			<?php endif; ?>
856			</td>
857			</tr>
858			<?php
859			$i++;
860			endforeach;
861			?>
862			</tbody>
863	45ee90ed	Matthew Grooms	</table>
864
865	e30001cf	Matthew Grooms	<?php endif; ?>
866	45ee90ed	Matthew Grooms
867	e30001cf	Matthew Grooms	</div>
868	45ee90ed	Matthew Grooms	</td>
869			</tr>
870	1df17ba9	Scott Ullrich	</table>
871	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
872			</body>
873	6b8588c6	Colin Fleming	</html>

Project

General

Profile

pfSense