/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_usermanager.php @ 675b5fa6

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38			pfSense_BUILDER_BINARIES:
39			pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	31b53653	Scott Ullrich
53	e33be77c	Ermal	// start admin user code
54			$pgtitle = array(gettext("System"),gettext("User Manager"));
55	fab7ff44	Bill Marquette
56	e33be77c	Ermal	$id = $_GET['id'];
57			if (isset($_POST['id']))
58			$id = $_POST['id'];
59	1df17ba9	Scott Ullrich
60	e33be77c	Ermal	if (!is_array($config['system']['user']))
61			$config['system']['user'] = array();
62	1df17ba9	Scott Ullrich
63	e33be77c	Ermal	$a_user = &$config['system']['user'];
64	45ee90ed	Matthew Grooms
65	e33be77c	Ermal	if ($_GET['act'] == "deluser") {
66	45ee90ed	Matthew Grooms
67	e33be77c	Ermal	if (!$a_user[$id]) {
68			pfSenseHeader("system_usermanager.php");
69			exit;
70	6b07c15a	Matthew Grooms	}
71
72	e33be77c	Ermal	local_user_del($a_user[$id]);
73			$userdeleted = $a_user[$id]['name'];
74			unset($a_user[$id]);
75			write_config();
76			$savemsg = gettext("User")." {$userdeleted} ".
77			gettext("successfully deleted")."<br/>";
78			}
79			else if ($_GET['act'] == "delpriv") {
80	6b07c15a	Matthew Grooms
81	e33be77c	Ermal	if (!$a_user[$id]) {
82			pfSenseHeader("system_usermanager.php");
83			exit;
84	45ee90ed	Matthew Grooms	}
85
86	e33be77c	Ermal	$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
87			unset($a_user[$id]['priv'][$_GET['privid']]);
88			local_user_set($a_user[$id]);
89			write_config();
90			$_GET['act'] = "edit";
91			$savemsg = gettext("Privilege")." {$privdeleted} ".
92			gettext("successfully deleted")."<br/>";
93			}
94			else if ($_GET['act'] == "expcert") {
95	93823b10	Matthew Grooms
96	e33be77c	Ermal	if (!$a_user[$id]) {
97			pfSenseHeader("system_usermanager.php");
98	93823b10	Matthew Grooms	exit;
99			}
100
101	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
102	93823b10	Matthew Grooms
103	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
104			$exp_data = base64_decode($cert['crt']);
105			$exp_size = strlen($exp_data);
106	93823b10	Matthew Grooms
107	e33be77c	Ermal	header("Content-Type: application/octet-stream");
108			header("Content-Disposition: attachment; filename={$exp_name}");
109			header("Content-Length: $exp_size");
110			echo $exp_data;
111			exit;
112			}
113			else if ($_GET['act'] == "expckey") {
114	93823b10	Matthew Grooms
115	e33be77c	Ermal	if (!$a_user[$id]) {
116			pfSenseHeader("system_usermanager.php");
117	93823b10	Matthew Grooms	exit;
118			}
119
120	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
121	58fdb8ad	Matthew Grooms
122	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
123			$exp_data = base64_decode($cert['prv']);
124			$exp_size = strlen($exp_data);
125	58fdb8ad	Matthew Grooms
126	e33be77c	Ermal	header("Content-Type: application/octet-stream");
127			header("Content-Disposition: attachment; filename={$exp_name}");
128			header("Content-Length: $exp_size");
129			echo $exp_data;
130			exit;
131			}
132			else if ($_GET['act'] == "delcert") {
133	58fdb8ad	Matthew Grooms
134	e33be77c	Ermal	if (!$a_user[$id]) {
135			pfSenseHeader("system_usermanager.php");
136			exit;
137	45ee90ed	Matthew Grooms	}
138
139	e33be77c	Ermal	$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
140			$certdeleted = $certdeleted['descr'];
141			unset($a_user[$id]['cert'][$_GET['certid']]);
142			write_config();
143			$_GET['act'] = "edit";
144			$savemsg = gettext("Certificate")." {$certdeleted} ".
145			gettext("association removed.")."<br/>";
146			}
147			else if ($_GET['act'] == "edit") {
148			if (isset($id) && $a_user[$id]) {
149			$pconfig['usernamefld'] = $a_user[$id]['name'];
150			$pconfig['descr'] = $a_user[$id]['descr'];
151			$pconfig['expires'] = $a_user[$id]['expires'];
152			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
153			$pconfig['utype'] = $a_user[$id]['scope'];
154			$pconfig['uid'] = $a_user[$id]['uid'];
155			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
156			$pconfig['priv'] = $a_user[$id]['priv'];
157			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
158			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
159	45ee90ed	Matthew Grooms	}
160	e33be77c	Ermal	}
161			else if ($_GET['act'] == "new") {
162			/*
163			* set this value cause the text field is read only
164			* and the user should not be able to mess with this
165			* setting.
166			*/
167			$pconfig['utype'] = "user";
168			$pconfig['lifetime'] = 3650;
169			}
170	45ee90ed	Matthew Grooms
171	e33be77c	Ermal	if ($_POST) {
172			unset($input_errors);
173			$pconfig = $_POST;
174	45ee90ed	Matthew Grooms
175	e33be77c	Ermal	/* input validation */
176			if (isset($id) && ($a_user[$id])) {
177			$reqdfields = explode(" ", "usernamefld");
178			$reqdfieldsn = array(gettext("Username"));
179			} else {
180			if (empty($_POST['name'])) {
181			$reqdfields = explode(" ", "usernamefld passwordfld1");
182			$reqdfieldsn = array(
183			gettext("Username"),
184			gettext("Password"));
185	45ee90ed	Matthew Grooms	} else {
186	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
187			$reqdfieldsn = array(
188			gettext("Username"),
189			gettext("Password"),
190			gettext("Descriptive name"),
191			gettext("Certificate authority"),
192			gettext("Key length"),
193			gettext("Lifetime"));
194	45ee90ed	Matthew Grooms	}
195	e33be77c	Ermal	}
196	45ee90ed	Matthew Grooms
197	e33be77c	Ermal	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
198	45ee90ed	Matthew Grooms
199	e33be77c	Ermal	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
200			$input_errors[] = gettext("The username contains invalid characters.");
201	45ee90ed	Matthew Grooms
202	e33be77c	Ermal	if (strlen($_POST['usernamefld']) > 16)
203			$input_errors[] = gettext("The username is longer than 16 characters.");
204	94d455da	jim-p
205	e33be77c	Ermal	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
206			$input_errors[] = gettext("The passwords do not match.");
207	45ee90ed	Matthew Grooms
208	e33be77c	Ermal	if (isset($id) && $a_user[$id])
209			$oldusername = $a_user[$id]['name'];
210			else
211			$oldusername = "";
212			/* make sure this user name is unique */
213			if (!$input_errors) {
214			foreach ($a_user as $userent) {
215			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
216			$input_errors[] = gettext("Another entry with the same username already exists.");
217			break;
218	58664cc9	Scott Ullrich	}
219	3dec33d4	Erik Fonnesbeck	}
220	e33be77c	Ermal	}
221			/* also make sure it is not reserved */
222			if (!$input_errors) {
223			$system_users = explode("\n", file_get_contents("/etc/passwd"));
224			foreach ($system_users as $s_user) {
225			$ent = explode(":", $s_user);
226			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
227			$input_errors[] = gettext("That username is reserved by the system.");
228			break;
229	8339ab6d	jim-p	}
230	7e4a4513	Scott Ullrich	}
231	e33be77c	Ermal	}
232	1df17ba9	Scott Ullrich
233	e33be77c	Ermal	/*
234			* Check for a valid expirationdate if one is set at all (valid means,
235			* strtotime() puts out a time stamp so any strtotime compatible time
236			* format may be used. to keep it simple for the enduser, we only
237			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
238			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
239			* Otherwhise such an entry would lead to an invalid expiration data.
240			*/
241			if ($_POST['expires']){
242			if(strtotime($_POST['expires']) > 0){
243			if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
244			// Allow items to lie in the past which ends up disabling.
245	0092b3bd	mgrooms	} else {
246	e33be77c	Ermal	//convert from any strtotime compatible date to MM/DD/YYYY
247			$expdate = strtotime($_POST['expires']);
248			$_POST['expires'] = date("m/d/Y",$expdate);
249	0092b3bd	mgrooms	}
250	e33be77c	Ermal	} else {
251			$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
252	0092b3bd	mgrooms	}
253	e33be77c	Ermal	}
254	0092b3bd	mgrooms
255	e33be77c	Ermal	if (!empty($_POST['name'])) {
256			$ca = lookup_ca($_POST['caref']);
257			if (!$ca)
258			$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
259			}
260	c9794c06	Ermal
261	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
262			if (isAjax() && is_array($input_errors)) {
263			input_errors2Ajax($input_errors);
264			exit;
265			}
266	1df17ba9	Scott Ullrich
267	e33be77c	Ermal	if (!$input_errors) {
268			conf_mount_rw();
269			$userent = array();
270			if (isset($id) && $a_user[$id])
271			$userent = $a_user[$id];
272	e879fc81	Ermal
273	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
274
275			/* the user name was modified */
276			if ($_POST['usernamefld'] <> $_POST['oldusername'])
277			$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
278	1df17ba9	Scott Ullrich
279	e33be77c	Ermal	/* the user password was mofified */
280			if ($_POST['passwordfld1'])
281			local_user_set_password($userent, $_POST['passwordfld1']);
282	1df17ba9	Scott Ullrich
283	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
284			$userent['descr'] = $_POST['descr'];
285			$userent['expires'] = $_POST['expires'];
286			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
287			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
288
289			if($_POST['disabled'])
290			$userent['disabled'] = true;
291			else
292			unset($userent['disabled']);
293
294			if (isset($id) && $a_user[$id])
295			$a_user[$id] = $userent;
296			else {
297			if (!empty($_POST['name'])) {
298			$cert = array();
299			$cert['refid'] = uniqid();
300			$userent['cert'] = array();
301
302			$cert['descr'] = $_POST['name'];
303
304			$subject = cert_get_subject_array($ca['crt']);
305
306			$dn = array(
307			'countryName' => $subject[0]['v'],
308			'stateOrProvinceName' => $subject[1]['v'],
309			'localityName' => $subject[2]['v'],
310			'organizationName' => $subject[3]['v'],
311			'emailAddress' => $subject[4]['v'],
312			'commonName' => $userent['name']);
313
314			cert_create($cert, $_POST['caref'], $_POST['keylen'],
315			(int)$_POST['lifetime'], $dn);
316
317			if (!is_array($config['cert']))
318			$config['cert'] = array();
319			$config['cert'][] = $cert;
320			$userent['cert'][] = $cert['refid'];
321			}
322			$userent['uid'] = $config['system']['nextuid']++;
323			/* Add the user to All Users group. */
324			foreach ($config['system']['group'] as $gidx => $group) {
325			if ($group['name'] == "all") {
326			if (!is_array($config['system']['group'][$gidx]['member']))
327			$config['system']['group'][$gidx]['member'] = array();
328			$config['system']['group'][$gidx]['member'][] = $userent['uid'];
329			break;
330			}
331			}
332	970db70b	Scott Ullrich
333	e33be77c	Ermal	$a_user[] = $userent;
334	45ee90ed	Matthew Grooms	}
335	e33be77c	Ermal
336			local_user_set_groups($userent,$_POST['groups']);
337			local_user_set($userent);
338			write_config();
339
340			if(is_dir("/etc/inc/privhooks"))
341			run_plugins("/etc/inc/privhooks");
342
343			conf_mount_ro();
344
345			pfSenseHeader("system_usermanager.php");
346	45ee90ed	Matthew Grooms	}
347	e33be77c	Ermal	}
348	fab7ff44	Bill Marquette
349	e33be77c	Ermal	include("head.inc");
350	1df17ba9	Scott Ullrich	?>
351	fab7ff44	Bill Marquette
352	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
353	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
354	0092b3bd	mgrooms	<!--
355			//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
356			//Script featured on JavaScript Kit (http://www.javascriptkit.com)
357			//For this script, visit http://www.javascriptkit.com
358			// -->
359	9344dd7b	mgrooms	<script language="javascript" type="text/javascript" src="javascript/datetimepicker.js"></script>
360	6b07c15a	Matthew Grooms	<script language="JavaScript">
361			<!--
362
363			function setall_selected(id) {
364			selbox = document.getElementById(id);
365			count = selbox.options.length;
366			for (index = 0; index<count; index++)
367			selbox.options[index].selected = true;
368			}
369
370			function clear_selected(id) {
371			selbox = document.getElementById(id);
372			count = selbox.options.length;
373			for (index = 0; index<count; index++)
374			selbox.options[index].selected = false;
375			}
376
377			function remove_selected(id) {
378			selbox = document.getElementById(id);
379			index = selbox.options.length - 1;
380			for (; index >= 0; index--)
381			if (selbox.options[index].selected)
382			selbox.remove(index);
383			}
384
385			function copy_selected(srcid, dstid) {
386			src_selbox = document.getElementById(srcid);
387			dst_selbox = document.getElementById(dstid);
388			count = src_selbox.options.length;
389			for (index = 0; index < count; index++) {
390			if (src_selbox.options[index].selected) {
391			option = document.createElement('option');
392			option.text = src_selbox.options[index].text;
393			option.value = src_selbox.options[index].value;
394			dst_selbox.add(option, null);
395			}
396			}
397			}
398
399			function move_selected(srcid, dstid) {
400			copy_selected(srcid, dstid);
401			remove_selected(srcid);
402			}
403
404			function presubmit() {
405			clear_selected('notgroups');
406			setall_selected('groups');
407			}
408
409	c9794c06	Ermal	function usercertClicked(obj) {
410			if (obj.checked) {
411			document.getElementById("usercertchck").style.display="none";
412			document.getElementById("usercert").style.display="";
413			} else {
414			document.getElementById("usercert").style.display="none";
415			document.getElementById("usercertchck").style.display="";
416			}
417			}
418
419			function sshkeyClicked(obj) {
420			if (obj.checked) {
421			document.getElementById("sshkeychck").style.display="none";
422			document.getElementById("sshkey").style.display="";
423			} else {
424			document.getElementById("sshkey").style.display="none";
425			document.getElementById("sshkeychck").style.display="";
426			}
427			}
428	6b07c15a	Matthew Grooms	//-->
429			</script>
430	1df17ba9	Scott Ullrich	<?php
431	45ee90ed	Matthew Grooms	if ($input_errors)
432			print_input_errors($input_errors);
433			if ($savemsg)
434			print_info_box($savemsg);
435	1df17ba9	Scott Ullrich	?>
436	45ee90ed	Matthew Grooms	<table width="100%" border="0" cellpadding="0" cellspacing="0">
437			<tr>
438	e30001cf	Matthew Grooms	<td>
439	45ee90ed	Matthew Grooms	<?php
440			$tab_array = array();
441			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
442	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
443	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
444	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
445	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
446			?>
447			</td>
448			</tr>
449			<tr>
450	e30001cf	Matthew Grooms	<td id="mainarea">
451			<div class="tabcont">
452
453			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
454
455			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
456			<table width="100%" border="0" cellpadding="6" cellspacing="0">
457			<?php
458			$ro = "";
459			if ($pconfig['utype'] == "system")
460			$ro = "readonly = \"readonly\"";
461			?>
462			<tr>
463			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
464			<td width="78%" class="vtable">
465	93458966	Carlos Eduardo Ramos	<strong><?=strtoupper($pconfig['utype']);?></strong>
466	dd5bf424	Scott Ullrich	<input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>"/>
467	e30001cf	Matthew Grooms	</td>
468			</tr>
469	b4bfd25d	sullrich	<tr>
470	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
471	b4bfd25d	sullrich	<td width="78%" class="vtable">
472			<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "CHECKED"; ?>>
473			</td>
474			</tr>
475	e30001cf	Matthew Grooms	<tr>
476			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
477			<td width="78%" class="vtable">
478	94d455da	jim-p	<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/>
479	e30001cf	Matthew Grooms	<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
480			</td>
481			</tr>
482			<tr>
483			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
484			<td width="78%" class="vtable">
485			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
486			</td>
487			</tr>
488			<tr>
489			<td width="78%" class="vtable">
490			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
491			</td>
492			</tr>
493			<tr>
494			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
495			<td width="78%" class="vtable">
496	9ff73b79	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?>/>
497	e30001cf	Matthew Grooms	<br/>
498			<?=gettext("User's full name, for your own information only");?>
499			</td>
500			</tr>
501	0092b3bd	mgrooms	<tr>
502	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
503	0092b3bd	mgrooms	<td width="78%" class="vtable">
504	dd5bf424	Scott Ullrich	<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>">
505	0092b3bd	mgrooms	<a href="javascript:NewCal('expires','mmddyyyy')">
506	2b33f342	Renato Botelho	<img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="<?=gettext("Pick a date");?>">
507	0092b3bd	mgrooms	</a>
508			<br>
509	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
510	0092b3bd	mgrooms	</tr>
511	e30001cf	Matthew Grooms	<tr>
512			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
513			<td width="78%" class="vtable" align="center">
514			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
515			<tr>
516			<td align="center" width="50%">
517	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Not Member Of"); ?></strong><br/>
518	e30001cf	Matthew Grooms	<br/>
519			<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onChange="clear_selected('groups')" multiple>
520			<?php
521			foreach ($config['system']['group'] as $group):
522			if ($group['gid'] == 1998) /* all users group */
523			continue;
524	08724afa	jim-p	if (is_array($pconfig['groups']) && in_array($group['name'],$pconfig['groups']))
525	e30001cf	Matthew Grooms	continue;
526			?>
527			<option value="<?=$group['name'];?>" <?=$selected;?>>
528			<?=htmlspecialchars($group['name']);?>
529			</option>
530			<?php endforeach; ?>
531			</select>
532			<br/>
533			</td>
534			<td>
535			<br/>
536			<a href="javascript:move_selected('notgroups','groups')">
537	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
538	e30001cf	Matthew Grooms	</a>
539			<br/><br/>
540			<a href="javascript:move_selected('groups','notgroups')">
541	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
542	e30001cf	Matthew Grooms	</a>
543			</td>
544			<td align="center" width="50%">
545	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Member Of"); ?></strong><br/>
546	e30001cf	Matthew Grooms	<br/>
547			<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onChange="clear_selected('nogroups')" multiple>
548			<?php
549	08724afa	jim-p	if (is_array($pconfig['groups'])) {
550	e30001cf	Matthew Grooms	foreach ($config['system']['group'] as $group):
551			if ($group['gid'] == 1998) /* all users group */
552			continue;
553			if (!in_array($group['name'],$pconfig['groups']))
554			continue;
555			?>
556			<option value="<?=$group['name'];?>">
557			<?=htmlspecialchars($group['name']);?>
558			</option>
559	08724afa	jim-p	<?php endforeach;
560			} ?>
561	e30001cf	Matthew Grooms	</select>
562			<br/>
563			</td>
564			</tr>
565			</table>
566			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
567			</td>
568			</tr>
569
570			<?php if ($pconfig['uid']): ?>
571
572			<tr>
573			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
574			<td width="78%" class="vtable">
575			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
576			<tr>
577			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
578			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
579			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
580			<td class="list"></td>
581			</tr>
582			<?php
583
584			$privdesc = get_user_privdesc($a_user[$id]);
585			if(is_array($privdesc)):
586			$i = 0;
587			foreach ($privdesc as $priv):
588			$group = false;
589			if ($priv['group'])
590			$group = $priv['group'];
591			?>
592			<tr>
593			<td class="listlr"><?=$group;?></td>
594			<td class="listr">
595			<?=htmlspecialchars($priv['name']);?>
596			</td>
597			<td class="listbg">
598			<?=htmlspecialchars($priv['descr']);?>
599			</td>
600			<td valign="middle" nowrap class="list">
601			<?php if (!$group): ?>
602			<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
603			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
604			</a>
605			<?php endif; ?>
606			</td>
607			</tr>
608			<?php
609			/* can only delete user priv indexes */
610			if (!$group)
611			$i++;
612			endforeach;
613			endif;
614			?>
615			<tr>
616			<td class="list" colspan="3"></td>
617			<td class="list">
618			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
619			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
620			</a>
621			</td>
622			</tr>
623			</table>
624			</td>
625			</tr>
626			<tr>
627			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
628			<td width="78%" class="vtable">
629			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
630			<tr>
631			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
632			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
633			<td class="list"></td>
634			</tr>
635			<?php
636
637			$a_cert = $a_user[$id]['cert'];
638			if(is_array($a_cert)):
639			$i = 0;
640	c25f73ae	jim-p	foreach ($a_cert as $certref):
641			$cert = lookup_cert($certref);
642			$ca = lookup_ca($cert['caref']);
643	e30001cf	Matthew Grooms	?>
644			<tr>
645			<td class="listlr">
646	f2a86ca9	jim-p	<?=htmlspecialchars($cert['descr']);?>
647	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
648			(<b>Revoked</b>)
649			<?php endif; ?>
650	e30001cf	Matthew Grooms	</td>
651			<td class="listr">
652	f2a86ca9	jim-p	<?=htmlspecialchars($ca['descr']);?>
653	e30001cf	Matthew Grooms	</td>
654			<td valign="middle" nowrap class="list">
655			<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
656	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
657	e30001cf	Matthew Grooms	</a>
658			<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
659	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
660	e30001cf	Matthew Grooms	</a>
661	ad9b5c67	jim-p	<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')">
662	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
663	e30001cf	Matthew Grooms	</a>
664			</td>
665			</tr>
666			<?php
667			$i++;
668			endforeach;
669			endif;
670			?>
671			<tr>
672			<td class="list" colspan="2"></td>
673			<td class="list">
674	ad9b5c67	jim-p	<a href="system_certmanager.php?act=new&userid=<?=$id?>">
675	e30001cf	Matthew Grooms	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
676			</a>
677			</td>
678			</tr>
679			</table>
680			</td>
681			</tr>
682	45ee90ed	Matthew Grooms
683	c9794c06	Ermal	<?php else : ?>
684	b4e6524c	jim-p	<?php if (is_array($config['ca']) && count($config['ca']) > 0): ?>
685			<?php $i = 0; foreach( $config['ca'] as $ca) {
686	c9794c06	Ermal	if (!$ca['prv'])
687			continue;
688			$i++;
689			}
690			?>
691
692			<tr id="usercertchck" name="usercertchck" >
693			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
694			<td width="78%" class="vtable">
695	b79454a7	Carlos Eduardo Ramos	<input type="checkbox" onClick="javascript:usercertClicked(this)"> <?=gettext("Click to create a user certificate."); ?>
696	c9794c06	Ermal	</td>
697			</tr>
698
699			<?php if ($i > 0): ?>
700
701			<tr id="usercert" name="usercert" style="display:none">
702			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
703			<td width="78%" class="vtable">
704	d0412d85	Ermal	<table width="100%" border="0" cellpadding="6" cellspacing="0">
705	c9794c06	Ermal	<tr>
706			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
707			<td width="78%" class="vtable">
708	fa6c42d0	Erik Fonnesbeck	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
709	c9794c06	Ermal	</td>
710			</tr>
711			<tr>
712			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
713			<td width="78%" class="vtable">
714			<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
715			<?php
716	b4e6524c	jim-p	foreach( $config['ca'] as $ca):
717	c9794c06	Ermal	if (!$ca['prv'])
718			continue;
719			?>
720	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"><?=$ca['descr'];?></option>
721	c9794c06	Ermal	<?php endforeach; ?>
722			</select>
723			</td>
724			</tr>
725			<tr>
726			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
727			<td width="78%" class="vtable">
728			<select name='keylen' class="formselect">
729			<?php
730	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
731	c9794c06	Ermal	foreach( $cert_keylens as $len):
732			?>
733			<option value="<?=$len;?>"><?=$len;?></option>
734			<?php endforeach; ?>
735			</select>
736			bits
737			</td>
738			</tr>
739			<tr>
740			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
741			<td width="78%" class="vtable">
742			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>days
743			</td>
744			</tr>
745			</table>
746			</td>
747			</tr>
748
749			<?php endif; endif; ?>
750	e30001cf	Matthew Grooms	<?php endif; ?>
751	45ee90ed	Matthew Grooms
752	c9794c06	Ermal	<tr id="sshkeychck" name="sshkeychck" >
753			<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
754			<td width="78%" class="vtable">
755	b79454a7	Carlos Eduardo Ramos	<input type="checkbox" onClick="javascript:sshkeyClicked(this)"> <?=gettext("Click to paste an authorized key."); ?>
756	c9794c06	Ermal	</td>
757			</tr>
758			<tr id="sshkey" name="sshkey" style="display:none">
759	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
760			<td width="78%" class="vtable">
761			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
762			<br/>
763			<?=gettext("Paste an authorized keys file here.");?>
764			</td>
765			</tr>
766	ddd1fb7f	jim-p	<tr id="ipsecpskrow" name="ipsecpskrow">
767			<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
768			<td width="78%" class="vtable">
769			<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>">
770			</td>
771			</tr>
772	e30001cf	Matthew Grooms	<tr>
773			<td width="22%" valign="top"> </td>
774			<td width="78%">
775	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
776	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
777			<input name="id" type="hidden" value="<?=$id;?>" />
778			<?php endif;?>
779			</td>
780			</tr>
781			</table>
782			</form>
783
784			<?php else: ?>
785
786			<table width="100%" border="0" cellpadding="0" cellspacing="0">
787	45ee90ed	Matthew Grooms	<tr>
788	b79454a7	Carlos Eduardo Ramos	<td width="25%" class="listhdrr"><?=gettext("Username"); ?></td>
789			<td width="25%" class="listhdrr"><?=gettext("Full name"); ?></td>
790			<td width="5%" class="listhdrr"><?=gettext("Disabled"); ?></td>
791			<td width="25%" class="listhdrr"><?=gettext("Groups"); ?></td>
792	e30001cf	Matthew Grooms	<td width="10%" class="list"></td>
793	45ee90ed	Matthew Grooms	</tr>
794	e30001cf	Matthew Grooms	<?php
795			$i = 0;
796			foreach($a_user as $userent):
797			?>
798			<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
799			<td class="listlr">
800			<table border="0" cellpadding="0" cellspacing="0">
801	6b07c15a	Matthew Grooms	<tr>
802	e30001cf	Matthew Grooms	<td align="left" valign="center">
803			<?php
804			if($userent['scope'] != "user")
805			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
806			else
807			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
808			?>
809	b79454a7	Carlos Eduardo Ramos	<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
810	6b07c15a	Matthew Grooms	</td>
811	e30001cf	Matthew Grooms	<td align="left" valign="middle">
812			<?=htmlspecialchars($userent['name']);?>
813	6b07c15a	Matthew Grooms	</td>
814			</tr>
815			</table>
816	45ee90ed	Matthew Grooms	</td>
817	9ff73b79	jim-p	<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td>
818	b4bfd25d	sullrich	<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
819	e30001cf	Matthew Grooms	<td class="listbg">
820			<?=implode(",",local_user_get_groups($userent));?>
821
822	45ee90ed	Matthew Grooms	</td>
823	e30001cf	Matthew Grooms	<td valign="middle" nowrap class="list">
824			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
825	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
826	e30001cf	Matthew Grooms	</a>
827			<?php if($userent['scope'] != "system"): ?>
828
829			<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
830	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
831	e30001cf	Matthew Grooms	</a>
832			<?php endif; ?>
833	58fdb8ad	Matthew Grooms	</td>
834			</tr>
835	e30001cf	Matthew Grooms	<?php
836			$i++;
837			endforeach;
838			?>
839	fb1266d3	Matthew Grooms	<tr>
840	b4bfd25d	sullrich	<td class="list" colspan="4"></td>
841	e30001cf	Matthew Grooms	<td class="list">
842			<a href="system_usermanager.php?act=new">
843	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
844	e30001cf	Matthew Grooms	</a>
845	fb1266d3	Matthew Grooms	</td>
846			</tr>
847	45ee90ed	Matthew Grooms	<tr>
848	b4bfd25d	sullrich	<td colspan="4">
849	e30001cf	Matthew Grooms	<p>
850	5b1dcebf	Vinicius Coque	<?=gettext("Additional webConfigurator users can be added here.
851			User permissions can be assigned directly or inherited from group memberships.
852			An icon that appears grey indicates that it is a system defined object.
853			Some system object properties can be modified but they cannot be deleted."); ?>
854	e30001cf	Matthew Grooms	</p>
855	45ee90ed	Matthew Grooms	</td>
856			</tr>
857			</table>
858
859	e30001cf	Matthew Grooms	<?php endif; ?>
860	45ee90ed	Matthew Grooms
861	e30001cf	Matthew Grooms	</div>
862	45ee90ed	Matthew Grooms	</td>
863			</tr>
864	1df17ba9	Scott Ullrich	</table>
865	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
866			</body>
867	e33be77c	Ermal	</html>

Project

General

Profile

pfSense