/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_usermanager.php @ 49f61a1c

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38			pfSense_BUILDER_BINARIES:
39			pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	45ee90ed	Matthew Grooms	if (isAllowedPage("system_usermanager")) {
53	31b53653	Scott Ullrich
54	45ee90ed	Matthew Grooms	// start admin user code
55	b79454a7	Carlos Eduardo Ramos	$pgtitle = array(gettext("System"),gettext("User Manager"));
56	fab7ff44	Bill Marquette
57	45ee90ed	Matthew Grooms	$id = $_GET['id'];
58			if (isset($_POST['id']))
59			$id = $_POST['id'];
60	1df17ba9	Scott Ullrich
61	7e4a4513	Scott Ullrich	if (!is_array($config['system']['user']))
62			$config['system']['user'] = array();
63	1df17ba9	Scott Ullrich
64	6b07c15a	Matthew Grooms	$a_user = &$config['system']['user'];
65	45ee90ed	Matthew Grooms
66	6b07c15a	Matthew Grooms	if ($_GET['act'] == "deluser") {
67	45ee90ed	Matthew Grooms
68	58fdb8ad	Matthew Grooms	if (!$a_user[$id]) {
69	6b07c15a	Matthew Grooms	pfSenseHeader("system_usermanager.php");
70			exit;
71	45ee90ed	Matthew Grooms	}
72
73	58fdb8ad	Matthew Grooms	local_user_del($a_user[$id]);
74			$userdeleted = $a_user[$id]['name'];
75			unset($a_user[$id]);
76	6b07c15a	Matthew Grooms	write_config();
77			$savemsg = gettext("User")." {$userdeleted} ".
78			gettext("successfully deleted")."<br/>";
79			}
80
81			if ($_GET['act'] == "delpriv") {
82
83	58fdb8ad	Matthew Grooms	if (!$a_user[$id]) {
84	6b07c15a	Matthew Grooms	pfSenseHeader("system_usermanager.php");
85			exit;
86	45ee90ed	Matthew Grooms	}
87	6b07c15a	Matthew Grooms
88			$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
89			unset($a_user[$id]['priv'][$_GET['privid']]);
90			write_config();
91			$_GET['act'] = "edit";
92			$savemsg = gettext("Privilege")." {$privdeleted} ".
93			gettext("successfully deleted")."<br/>";
94	45ee90ed	Matthew Grooms	}
95
96	93823b10	Matthew Grooms	if ($_GET['act'] == "expcert") {
97
98			if (!$a_user[$id]) {
99			pfSenseHeader("system_usermanager.php");
100			exit;
101			}
102
103	c25f73ae	jim-p	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
104	93823b10	Matthew Grooms
105			$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['name']}.crt");
106			$exp_data = base64_decode($cert['crt']);
107			$exp_size = strlen($exp_data);
108
109			header("Content-Type: application/octet-stream");
110			header("Content-Disposition: attachment; filename={$exp_name}");
111			header("Content-Length: $exp_size");
112			echo $exp_data;
113			exit;
114			}
115
116			if ($_GET['act'] == "expckey") {
117
118			if (!$a_user[$id]) {
119			pfSenseHeader("system_usermanager.php");
120			exit;
121			}
122
123	c25f73ae	jim-p	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
124	93823b10	Matthew Grooms
125			$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['name']}.key");
126			$exp_data = base64_decode($cert['prv']);
127			$exp_size = strlen($exp_data);
128
129			header("Content-Type: application/octet-stream");
130			header("Content-Disposition: attachment; filename={$exp_name}");
131			header("Content-Length: $exp_size");
132			echo $exp_data;
133			exit;
134			}
135
136	58fdb8ad	Matthew Grooms	if ($_GET['act'] == "delcert") {
137
138			if (!$a_user[$id]) {
139			pfSenseHeader("system_usermanager.php");
140			exit;
141			}
142
143	c25f73ae	jim-p	$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
144			$certdeleted = $certdeleted['name'];
145	58fdb8ad	Matthew Grooms	unset($a_user[$id]['cert'][$_GET['certid']]);
146			write_config();
147			$_GET['act'] = "edit";
148			$savemsg = gettext("Certificate")." {$certdeleted} ".
149	c25f73ae	jim-p	gettext("association removed.")."<br/>";
150	58fdb8ad	Matthew Grooms	}
151
152	45ee90ed	Matthew Grooms	if ($_GET['act'] == "edit") {
153			if (isset($id) && $a_user[$id]) {
154			$pconfig['usernamefld'] = $a_user[$id]['name'];
155			$pconfig['fullname'] = $a_user[$id]['fullname'];
156	0092b3bd	mgrooms	$pconfig['expires'] = $a_user[$id]['expires'];
157	659fa7f2	Matthew Grooms	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
158	45ee90ed	Matthew Grooms	$pconfig['utype'] = $a_user[$id]['scope'];
159			$pconfig['uid'] = $a_user[$id]['uid'];
160			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
161	6b07c15a	Matthew Grooms	$pconfig['priv'] = $a_user[$id]['priv'];
162	ddd1fb7f	jim-p	$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
163	b4bfd25d	sullrich	$pconfig['disabled'] = isset($a_user[$id]['disabled']);
164	45ee90ed	Matthew Grooms	}
165			}
166
167			if ($_GET['act'] == "new") {
168			/*
169			* set this value cause the text field is read only
170			* and the user should not be able to mess with this
171			* setting.
172			*/
173			$pconfig['utype'] = "user";
174	13646069	Ermal	$pconfig['lifetime'] = 3650;
175	45ee90ed	Matthew Grooms	}
176
177			if ($_POST) {
178			unset($input_errors);
179			$pconfig = $_POST;
180
181			/* input validation */
182			if (isset($id) && ($a_user[$id])) {
183			$reqdfields = explode(" ", "usernamefld");
184	76d49f20	Renato Botelho	$reqdfieldsn = array(gettext("Username"));
185	45ee90ed	Matthew Grooms	} else {
186	c9794c06	Ermal	if (empty($_POST['name'])) {
187			$reqdfields = explode(" ", "usernamefld passwordfld1");
188	76d49f20	Renato Botelho	$reqdfieldsn = array(
189			gettext("Username"),
190			gettext("Password"));
191	c9794c06	Ermal	} else {
192			$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
193	76d49f20	Renato Botelho	$reqdfieldsn = array(
194			gettext("Username"),
195			gettext("Password"),
196			gettext("Descriptive name"),
197			gettext("Certificate authority"),
198			gettext("Key length"),
199			gettext("Lifetime"));
200	c9794c06	Ermal	}
201	45ee90ed	Matthew Grooms	}
202
203			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
204
205			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
206			$input_errors[] = gettext("The username contains invalid characters.");
207
208			if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
209			$input_errors[] = gettext("The passwords do not match.");
210
211	3dec33d4	Erik Fonnesbeck	if (isset($id) && $a_user[$id])
212			$oldusername = $a_user[$id]['name'];
213			else
214			$oldusername = "";
215	45ee90ed	Matthew Grooms	/* make sure this user name is unique */
216	3dec33d4	Erik Fonnesbeck	if (!$input_errors) {
217	45ee90ed	Matthew Grooms	foreach ($a_user as $userent) {
218	3dec33d4	Erik Fonnesbeck	if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
219	45ee90ed	Matthew Grooms	$input_errors[] = gettext("Another entry with the same username already exists.");
220			break;
221			}
222	58664cc9	Scott Ullrich	}
223	3dec33d4	Erik Fonnesbeck	}
224			/* also make sure it is not reserved */
225			if (!$input_errors) {
226	8339ab6d	jim-p	$system_users = explode("\n", file_get_contents("/etc/passwd"));
227			foreach ($system_users as $s_user) {
228			$ent = explode(":", $s_user);
229	3dec33d4	Erik Fonnesbeck	if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
230			$input_errors[] = gettext("That username is reserved by the system.");
231	8339ab6d	jim-p	break;
232			}
233			}
234	7e4a4513	Scott Ullrich	}
235	1df17ba9	Scott Ullrich
236	0092b3bd	mgrooms	/*
237			* Check for a valid expirationdate if one is set at all (valid means,
238			* strtotime() puts out a time stamp so any strtotime compatible time
239			* format may be used. to keep it simple for the enduser, we only
240			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
241			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
242			* Otherwhise such an entry would lead to an invalid expiration data.
243			*/
244			if ($_POST['expires']){
245			if(strtotime($_POST['expires']) > 0){
246			if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
247	0a82fa9b	sullrich	// Allow items to lie in the past which ends up disabling.
248	0092b3bd	mgrooms	} else {
249			//convert from any strtotime compatible date to MM/DD/YYYY
250			$expdate = strtotime($_POST['expires']);
251			$_POST['expires'] = date("m/d/Y",$expdate);
252			}
253			} else {
254	b79454a7	Carlos Eduardo Ramos	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
255	0092b3bd	mgrooms	}
256			}
257
258	c9794c06	Ermal	if (!empty($_POST['name'])) {
259			$ca = lookup_ca($_POST['caref']);
260			if (!$ca)
261	39c0be7b	Vinicius Coque	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
262	c9794c06	Ermal	}
263
264	45ee90ed	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
265			if (isAjax() && is_array($input_errors)) {
266			input_errors2Ajax($input_errors);
267			exit;
268			}
269	1df17ba9	Scott Ullrich
270	45ee90ed	Matthew Grooms	if (!$input_errors) {
271	e879fc81	Ermal	conf_mount_rw();
272	45ee90ed	Matthew Grooms	$userent = array();
273			if (isset($id) && $a_user[$id])
274			$userent = $a_user[$id];
275	1df17ba9	Scott Ullrich
276	fb1266d3	Matthew Grooms	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
277
278	659fa7f2	Matthew Grooms	/* the user name was modified */
279	45ee90ed	Matthew Grooms	if ($_POST['usernamefld'] <> $_POST['oldusername'])
280			$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
281	7e4a4513	Scott Ullrich
282	659fa7f2	Matthew Grooms	/* the user password was mofified */
283			if ($_POST['passwordfld1'])
284			local_user_set_password($userent, $_POST['passwordfld1']);
285
286	45ee90ed	Matthew Grooms	$userent['name'] = $_POST['usernamefld'];
287			$userent['fullname'] = $_POST['fullname'];
288	0092b3bd	mgrooms	$userent['expires'] = $_POST['expires'];
289	fb1266d3	Matthew Grooms	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
290	ddd1fb7f	jim-p	$userent['ipsecpsk'] = $_POST['ipsecpsk'];
291	b4bfd25d	sullrich
292			if($_POST['disabled'])
293			$userent['disabled'] = true;
294			else
295			unset($userent['disabled']);
296	1df17ba9	Scott Ullrich
297	45ee90ed	Matthew Grooms	if (isset($id) && $a_user[$id])
298			$a_user[$id] = $userent;
299			else {
300	c9794c06	Ermal	if (!empty($_POST['name'])) {
301			$cert = array();
302	3d6bbe4c	jim-p	$cert['refid'] = uniqid();
303	c9794c06	Ermal	$userent['cert'] = array();
304
305			$cert['name'] = $_POST['name'];
306
307			$subject = cert_get_subject_array($ca['crt']);
308
309			$dn = array(
310			'countryName' => $subject[0]['v'],
311			'stateOrProvinceName' => $subject[1]['v'],
312			'localityName' => $subject[2]['v'],
313			'organizationName' => $subject[3]['v'],
314			'emailAddress' => $subject[4]['v'],
315			'commonName' => $userent['name']);
316
317			cert_create($cert, $_POST['caref'], $_POST['keylen'],
318			(int)$_POST['lifetime'], $dn);
319
320	c25f73ae	jim-p	if (!is_array($config['cert']))
321			$config['cert'] = array();
322			$config['cert'][] = $cert;
323			$userent['cert'][] = $cert['refid'];
324	c9794c06	Ermal	}
325	45ee90ed	Matthew Grooms	$userent['uid'] = $config['system']['nextuid']++;
326	e879fc81	Ermal	/* Add the user to All Users group. */
327			foreach ($config['system']['group'] as $gidx => $group) {
328			if ($group['name'] == "all") {
329	a803793f	jim-p	if (!is_array($config['system']['group'][$gidx]['member']))
330			$config['system']['group'][$gidx]['member'] = array();
331	e879fc81	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
332			break;
333			}
334			}
335
336	45ee90ed	Matthew Grooms	$a_user[] = $userent;
337			}
338	1df17ba9	Scott Ullrich
339	659fa7f2	Matthew Grooms	local_user_set_groups($userent,$_POST['groups']);
340	2934322e	jim-p	local_user_set($userent);
341	45ee90ed	Matthew Grooms	write_config();
342	1df17ba9	Scott Ullrich
343	970db70b	Scott Ullrich	if(is_dir("/etc/inc/privhooks"))
344			run_plugins("/etc/inc/privhooks");
345
346	dff1a09d	Scott Ullrich	conf_mount_ro();
347
348	45ee90ed	Matthew Grooms	pfSenseHeader("system_usermanager.php");
349			}
350			}
351	fab7ff44	Bill Marquette
352	45ee90ed	Matthew Grooms	include("head.inc");
353	1df17ba9	Scott Ullrich	?>
354	fab7ff44	Bill Marquette
355	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
356	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
357	0092b3bd	mgrooms	<!--
358			//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
359			//Script featured on JavaScript Kit (http://www.javascriptkit.com)
360			//For this script, visit http://www.javascriptkit.com
361			// -->
362	9344dd7b	mgrooms	<script language="javascript" type="text/javascript" src="javascript/datetimepicker.js"></script>
363	6b07c15a	Matthew Grooms	<script language="JavaScript">
364			<!--
365
366			function setall_selected(id) {
367			selbox = document.getElementById(id);
368			count = selbox.options.length;
369			for (index = 0; index<count; index++)
370			selbox.options[index].selected = true;
371			}
372
373			function clear_selected(id) {
374			selbox = document.getElementById(id);
375			count = selbox.options.length;
376			for (index = 0; index<count; index++)
377			selbox.options[index].selected = false;
378			}
379
380			function remove_selected(id) {
381			selbox = document.getElementById(id);
382			index = selbox.options.length - 1;
383			for (; index >= 0; index--)
384			if (selbox.options[index].selected)
385			selbox.remove(index);
386			}
387
388			function copy_selected(srcid, dstid) {
389			src_selbox = document.getElementById(srcid);
390			dst_selbox = document.getElementById(dstid);
391			count = src_selbox.options.length;
392			for (index = 0; index < count; index++) {
393			if (src_selbox.options[index].selected) {
394			option = document.createElement('option');
395			option.text = src_selbox.options[index].text;
396			option.value = src_selbox.options[index].value;
397			dst_selbox.add(option, null);
398			}
399			}
400			}
401
402			function move_selected(srcid, dstid) {
403			copy_selected(srcid, dstid);
404			remove_selected(srcid);
405			}
406
407			function presubmit() {
408			clear_selected('notgroups');
409			setall_selected('groups');
410			}
411
412	c9794c06	Ermal	function usercertClicked(obj) {
413			if (obj.checked) {
414			document.getElementById("usercertchck").style.display="none";
415			document.getElementById("usercert").style.display="";
416			} else {
417			document.getElementById("usercert").style.display="none";
418			document.getElementById("usercertchck").style.display="";
419			}
420			}
421
422			function sshkeyClicked(obj) {
423			if (obj.checked) {
424			document.getElementById("sshkeychck").style.display="none";
425			document.getElementById("sshkey").style.display="";
426			} else {
427			document.getElementById("sshkey").style.display="none";
428			document.getElementById("sshkeychck").style.display="";
429			}
430			}
431	6b07c15a	Matthew Grooms	//-->
432			</script>
433	1df17ba9	Scott Ullrich	<?php
434	45ee90ed	Matthew Grooms	if ($input_errors)
435			print_input_errors($input_errors);
436			if ($savemsg)
437			print_info_box($savemsg);
438	1df17ba9	Scott Ullrich	?>
439	45ee90ed	Matthew Grooms	<table width="100%" border="0" cellpadding="0" cellspacing="0">
440			<tr>
441	e30001cf	Matthew Grooms	<td>
442	45ee90ed	Matthew Grooms	<?php
443			$tab_array = array();
444			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
445	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
446	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
447	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
448	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
449			?>
450			</td>
451			</tr>
452			<tr>
453	e30001cf	Matthew Grooms	<td id="mainarea">
454			<div class="tabcont">
455
456			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
457
458			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
459			<table width="100%" border="0" cellpadding="6" cellspacing="0">
460			<?php
461			$ro = "";
462			if ($pconfig['utype'] == "system")
463			$ro = "readonly = \"readonly\"";
464			?>
465			<tr>
466			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
467			<td width="78%" class="vtable">
468	93458966	Carlos Eduardo Ramos	<strong><?=strtoupper($pconfig['utype']);?></strong>
469	e30001cf	Matthew Grooms	<input name="utype" type="hidden" value="<?=$pconfig['utype']?>"/>
470			</td>
471			</tr>
472	b4bfd25d	sullrich	<tr>
473	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
474	b4bfd25d	sullrich	<td width="78%" class="vtable">
475			<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "CHECKED"; ?>>
476			</td>
477			</tr>
478	e30001cf	Matthew Grooms	<tr>
479			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
480			<td width="78%" class="vtable">
481			<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/>
482			<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
483			</td>
484			</tr>
485			<tr>
486			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
487			<td width="78%" class="vtable">
488			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
489			</td>
490			</tr>
491			<tr>
492			<td width="78%" class="vtable">
493			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
494			</td>
495			</tr>
496			<tr>
497			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
498			<td width="78%" class="vtable">
499			<input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?=$ro;?>/>
500			<br/>
501			<?=gettext("User's full name, for your own information only");?>
502			</td>
503			</tr>
504	0092b3bd	mgrooms	<tr>
505	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
506	0092b3bd	mgrooms	<td width="78%" class="vtable">
507			<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=$pconfig['expires'];?>">
508			<a href="javascript:NewCal('expires','mmddyyyy')">
509	2b33f342	Renato Botelho	<img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="<?=gettext("Pick a date");?>">
510	0092b3bd	mgrooms	</a>
511			<br>
512	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
513	0092b3bd	mgrooms	</tr>
514	e30001cf	Matthew Grooms	<tr>
515			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
516			<td width="78%" class="vtable" align="center">
517			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
518			<tr>
519			<td align="center" width="50%">
520	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Not Member Of"); ?></strong><br/>
521	e30001cf	Matthew Grooms	<br/>
522			<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onChange="clear_selected('groups')" multiple>
523			<?php
524			foreach ($config['system']['group'] as $group):
525			if ($group['gid'] == 1998) /* all users group */
526			continue;
527			if (in_array($group['name'],$pconfig['groups']))
528			continue;
529			?>
530			<option value="<?=$group['name'];?>" <?=$selected;?>>
531			<?=htmlspecialchars($group['name']);?>
532			</option>
533			<?php endforeach; ?>
534			</select>
535			<br/>
536			</td>
537			<td>
538			<br/>
539			<a href="javascript:move_selected('notgroups','groups')">
540	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
541	e30001cf	Matthew Grooms	</a>
542			<br/><br/>
543			<a href="javascript:move_selected('groups','notgroups')">
544	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
545	e30001cf	Matthew Grooms	</a>
546			</td>
547			<td align="center" width="50%">
548	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Member Of"); ?></strong><br/>
549	e30001cf	Matthew Grooms	<br/>
550			<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onChange="clear_selected('nogroups')" multiple>
551			<?php
552			foreach ($config['system']['group'] as $group):
553			if ($group['gid'] == 1998) /* all users group */
554			continue;
555			if (!in_array($group['name'],$pconfig['groups']))
556			continue;
557			?>
558			<option value="<?=$group['name'];?>">
559			<?=htmlspecialchars($group['name']);?>
560			</option>
561			<?php endforeach; ?>
562			</select>
563			<br/>
564			</td>
565			</tr>
566			</table>
567			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
568			</td>
569			</tr>
570
571			<?php if ($pconfig['uid']): ?>
572
573			<tr>
574			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
575			<td width="78%" class="vtable">
576			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
577			<tr>
578			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
579			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
580			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
581			<td class="list"></td>
582			</tr>
583			<?php
584
585			$privdesc = get_user_privdesc($a_user[$id]);
586			if(is_array($privdesc)):
587			$i = 0;
588			foreach ($privdesc as $priv):
589			$group = false;
590			if ($priv['group'])
591			$group = $priv['group'];
592			?>
593			<tr>
594			<td class="listlr"><?=$group;?></td>
595			<td class="listr">
596			<?=htmlspecialchars($priv['name']);?>
597			</td>
598			<td class="listbg">
599			<?=htmlspecialchars($priv['descr']);?>
600			</td>
601			<td valign="middle" nowrap class="list">
602			<?php if (!$group): ?>
603			<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
604			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
605			</a>
606			<?php endif; ?>
607			</td>
608			</tr>
609			<?php
610			/* can only delete user priv indexes */
611			if (!$group)
612			$i++;
613			endforeach;
614			endif;
615			?>
616			<tr>
617			<td class="list" colspan="3"></td>
618			<td class="list">
619			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
620			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
621			</a>
622			</td>
623			</tr>
624			</table>
625			</td>
626			</tr>
627			<tr>
628			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
629			<td width="78%" class="vtable">
630			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
631			<tr>
632			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
633			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
634			<td class="list"></td>
635			</tr>
636			<?php
637
638			$a_cert = $a_user[$id]['cert'];
639			if(is_array($a_cert)):
640			$i = 0;
641	c25f73ae	jim-p	foreach ($a_cert as $certref):
642			$cert = lookup_cert($certref);
643			$ca = lookup_ca($cert['caref']);
644	e30001cf	Matthew Grooms	?>
645			<tr>
646			<td class="listlr">
647			<?=htmlspecialchars($cert['name']);?>
648			</td>
649			<td class="listr">
650			<?=htmlspecialchars($ca['name']);?>
651			</td>
652			<td valign="middle" nowrap class="list">
653			<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
654	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
655	e30001cf	Matthew Grooms	</a>
656			<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
657	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
658	e30001cf	Matthew Grooms	</a>
659	ad9b5c67	jim-p	<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')">
660	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
661	e30001cf	Matthew Grooms	</a>
662			</td>
663			</tr>
664			<?php
665			$i++;
666			endforeach;
667			endif;
668			?>
669			<tr>
670			<td class="list" colspan="2"></td>
671			<td class="list">
672	ad9b5c67	jim-p	<a href="system_certmanager.php?act=new&userid=<?=$id?>">
673	e30001cf	Matthew Grooms	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
674			</a>
675			</td>
676			</tr>
677			</table>
678			</td>
679			</tr>
680	45ee90ed	Matthew Grooms
681	c9794c06	Ermal	<?php else : ?>
682	b4e6524c	jim-p	<?php if (is_array($config['ca']) && count($config['ca']) > 0): ?>
683			<?php $i = 0; foreach( $config['ca'] as $ca) {
684	c9794c06	Ermal	if (!$ca['prv'])
685			continue;
686			$i++;
687			}
688			?>
689
690			<tr id="usercertchck" name="usercertchck" >
691			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
692			<td width="78%" class="vtable">
693	b79454a7	Carlos Eduardo Ramos	<input type="checkbox" onClick="javascript:usercertClicked(this)"> <?=gettext("Click to create a user certificate."); ?>
694	c9794c06	Ermal	</td>
695			</tr>
696
697			<?php if ($i > 0): ?>
698
699			<tr id="usercert" name="usercert" style="display:none">
700			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
701			<td width="78%" class="vtable">
702	d0412d85	Ermal	<table width="100%" border="0" cellpadding="6" cellspacing="0">
703	c9794c06	Ermal	<tr>
704			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
705			<td width="78%" class="vtable">
706			<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
707			</td>
708			</tr>
709			<tr>
710			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
711			<td width="78%" class="vtable">
712			<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
713			<?php
714	b4e6524c	jim-p	foreach( $config['ca'] as $ca):
715	c9794c06	Ermal	if (!$ca['prv'])
716			continue;
717			?>
718			<option value="<?=$ca['refid'];?>"><?=$ca['name'];?></option>
719			<?php endforeach; ?>
720			</select>
721			</td>
722			</tr>
723			<tr>
724			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
725			<td width="78%" class="vtable">
726			<select name='keylen' class="formselect">
727			<?php
728	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
729	c9794c06	Ermal	foreach( $cert_keylens as $len):
730			?>
731			<option value="<?=$len;?>"><?=$len;?></option>
732			<?php endforeach; ?>
733			</select>
734			bits
735			</td>
736			</tr>
737			<tr>
738			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
739			<td width="78%" class="vtable">
740			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>days
741			</td>
742			</tr>
743			</table>
744			</td>
745			</tr>
746
747			<?php endif; endif; ?>
748	e30001cf	Matthew Grooms	<?php endif; ?>
749	45ee90ed	Matthew Grooms
750	c9794c06	Ermal	<tr id="sshkeychck" name="sshkeychck" >
751			<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
752			<td width="78%" class="vtable">
753	b79454a7	Carlos Eduardo Ramos	<input type="checkbox" onClick="javascript:sshkeyClicked(this)"> <?=gettext("Click to paste an authorized key."); ?>
754	c9794c06	Ermal	</td>
755			</tr>
756			<tr id="sshkey" name="sshkey" style="display:none">
757	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
758			<td width="78%" class="vtable">
759			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
760			<br/>
761			<?=gettext("Paste an authorized keys file here.");?>
762			</td>
763			</tr>
764	ddd1fb7f	jim-p	<tr id="ipsecpskrow" name="ipsecpskrow">
765			<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
766			<td width="78%" class="vtable">
767			<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>">
768			</td>
769			</tr>
770	e30001cf	Matthew Grooms	<tr>
771			<td width="22%" valign="top"> </td>
772			<td width="78%">
773	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
774	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
775			<input name="id" type="hidden" value="<?=$id;?>" />
776			<?php endif;?>
777			</td>
778			</tr>
779			</table>
780			</form>
781
782			<?php else: ?>
783
784			<table width="100%" border="0" cellpadding="0" cellspacing="0">
785	45ee90ed	Matthew Grooms	<tr>
786	b79454a7	Carlos Eduardo Ramos	<td width="25%" class="listhdrr"><?=gettext("Username"); ?></td>
787			<td width="25%" class="listhdrr"><?=gettext("Full name"); ?></td>
788			<td width="5%" class="listhdrr"><?=gettext("Disabled"); ?></td>
789			<td width="25%" class="listhdrr"><?=gettext("Groups"); ?></td>
790	e30001cf	Matthew Grooms	<td width="10%" class="list"></td>
791	45ee90ed	Matthew Grooms	</tr>
792	e30001cf	Matthew Grooms	<?php
793			$i = 0;
794			foreach($a_user as $userent):
795			?>
796			<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
797			<td class="listlr">
798			<table border="0" cellpadding="0" cellspacing="0">
799	6b07c15a	Matthew Grooms	<tr>
800	e30001cf	Matthew Grooms	<td align="left" valign="center">
801			<?php
802			if($userent['scope'] != "user")
803			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
804			else
805			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
806			?>
807	b79454a7	Carlos Eduardo Ramos	<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
808	6b07c15a	Matthew Grooms	</td>
809	e30001cf	Matthew Grooms	<td align="left" valign="middle">
810			<?=htmlspecialchars($userent['name']);?>
811	6b07c15a	Matthew Grooms	</td>
812			</tr>
813			</table>
814	45ee90ed	Matthew Grooms	</td>
815	e30001cf	Matthew Grooms	<td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td>
816	b4bfd25d	sullrich	<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
817	e30001cf	Matthew Grooms	<td class="listbg">
818			<?=implode(",",local_user_get_groups($userent));?>
819
820	45ee90ed	Matthew Grooms	</td>
821	e30001cf	Matthew Grooms	<td valign="middle" nowrap class="list">
822			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
823	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
824	e30001cf	Matthew Grooms	</a>
825			<?php if($userent['scope'] != "system"): ?>
826
827			<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
828	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
829	e30001cf	Matthew Grooms	</a>
830			<?php endif; ?>
831	58fdb8ad	Matthew Grooms	</td>
832			</tr>
833	e30001cf	Matthew Grooms	<?php
834			$i++;
835			endforeach;
836			?>
837	fb1266d3	Matthew Grooms	<tr>
838	b4bfd25d	sullrich	<td class="list" colspan="4"></td>
839	e30001cf	Matthew Grooms	<td class="list">
840			<a href="system_usermanager.php?act=new">
841	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
842	e30001cf	Matthew Grooms	</a>
843	fb1266d3	Matthew Grooms	</td>
844			</tr>
845	45ee90ed	Matthew Grooms	<tr>
846	b4bfd25d	sullrich	<td colspan="4">
847	e30001cf	Matthew Grooms	<p>
848	5b1dcebf	Vinicius Coque	<?=gettext("Additional webConfigurator users can be added here.
849			User permissions can be assigned directly or inherited from group memberships.
850			An icon that appears grey indicates that it is a system defined object.
851			Some system object properties can be modified but they cannot be deleted."); ?>
852	e30001cf	Matthew Grooms	</p>
853	45ee90ed	Matthew Grooms	</td>
854			</tr>
855			</table>
856
857	e30001cf	Matthew Grooms	<?php endif; ?>
858	45ee90ed	Matthew Grooms
859	e30001cf	Matthew Grooms	</div>
860	45ee90ed	Matthew Grooms	</td>
861			</tr>
862	1df17ba9	Scott Ullrich	</table>
863	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
864			</body>
865
866	1df17ba9	Scott Ullrich	<?php
867
868	45ee90ed	Matthew Grooms	// end admin user code
869
870			} else {
871
872			// start normal user code
873	6b07c15a	Matthew Grooms
874	b79454a7	Carlos Eduardo Ramos	$pgtitle = array(gettext("System"),gettext("User Password"));
875	45ee90ed	Matthew Grooms
876			if (isset($_POST['save'])) {
877			unset($input_errors);
878
879			/* input validation */
880			$reqdfields = explode(" ", "passwordfld1");
881	76d49f20	Renato Botelho	$reqdfieldsn = array(gettext("Password"));
882	1df17ba9	Scott Ullrich
883	45ee90ed	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
884	1df17ba9	Scott Ullrich
885	45ee90ed	Matthew Grooms	if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
886	b79454a7	Carlos Eduardo Ramos	$input_errors[] = gettext("The passwords do not match.");
887	1df17ba9	Scott Ullrich
888	45ee90ed	Matthew Grooms	if (!$input_errors) {
889			// all values are okay --> saving changes
890			$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
891	1df17ba9	Scott Ullrich
892	45ee90ed	Matthew Grooms	write_config();
893	683c26cf	Vinicius Coque	$savemsg = gettext("Password successfully changed") . "<br />";
894	45ee90ed	Matthew Grooms	}
895			}
896
897	4494cf6a	Chris Buechler	/* determine if user is not local to system */
898	45ee90ed	Matthew Grooms	$islocal = false;
899			foreach($config['system']['user'] as $user)
900			if($user['name'] == $_SESSION['Username'])
901			$islocal = true;
902	fab7ff44	Bill Marquette	?>
903	1df17ba9	Scott Ullrich
904	45ee90ed	Matthew Grooms	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
905	1df17ba9	Scott Ullrich	<?php
906			include("head.inc");
907	45ee90ed	Matthew Grooms	include("fbegin.inc");
908			if ($input_errors)
909			print_input_errors($input_errors);
910			if ($savemsg)
911			print_info_box($savemsg);
912
913			if($islocal == false) {
914	b79454a7	Carlos Eduardo Ramos	echo gettext("Sorry, you cannot change the password for a LDAP user.");
915	45ee90ed	Matthew Grooms	include("fend.inc");
916			exit;
917			}
918	1df17ba9	Scott Ullrich	?>
919	e30001cf	Matthew Grooms	<div id="mainarea">
920			<div class="tabcont">
921			<form action="system_usermanager.php" method="post" name="iform" id="iform">
922			<table width="100%" border="0" cellpadding="6" cellspacing="0">
923			<tr>
924	b79454a7	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td>
925	e30001cf	Matthew Grooms	</tr>
926			<tr>
927	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td>
928	e30001cf	Matthew Grooms	<td width="78%" class="vtable">
929			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" />
930			</td>
931			</tr>
932			<tr>
933			<td width="78%" class="vtable">
934			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" />
935			<?=gettext("(confirmation)");?>
936			<br/>
937			<span class="vexpl">
938			<?=gettext("Select a new password");?>
939			</span>
940			</td>
941			</tr>
942			<tr>
943			<td width="22%" valign="top"> </td>
944			<td width="78%">
945			<input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
946			</td>
947			</tr>
948			</table>
949			</form>
950			</div>
951			</div>
952	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
953			</body>
954	82e913df	Scott Ullrich
955	1df17ba9	Scott Ullrich	<?php
956
957	6b07c15a	Matthew Grooms	} // end of normal user code
958	45ee90ed	Matthew Grooms
959			?>

Project

General

Profile

pfSense