/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 7fead243

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	c5d81585	Renato Botelho	* system_usermanager.php
4	7d2e572f	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	b8f91b7c	Luiz Souza	* Copyright (c) 2004-2018 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			* All rights reserved.
10	191cb31d	Stephen Beaver	*
11	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	7d2e572f	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
16			* you may not use this file except in compliance with the License.
17			* You may obtain a copy of the License at
18	7d2e572f	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
20	7d2e572f	Stephen Beaver	*
21	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
22			* distributed under the License is distributed on an "AS IS" BASIS,
23			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24			* See the License for the specific language governing permissions and
25			* limitations under the License.
26	7d2e572f	Stephen Beaver	*/
27	fab7ff44	Bill Marquette
28	6b07c15a	Matthew Grooms	##\|+PRIV
29			##\|*IDENT=page-system-usermanager
30	5230f468	jim-p	##\|*NAME=System: User Manager
31	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
32	57188e47	Phil Davis	##\|*WARN=standard-warning-root
33	6b07c15a	Matthew Grooms	##\|MATCH=system_usermanager.php
34			##\|-PRIV
35
36	c81ef6e2	Phil Davis	require_once("certs.inc");
37			require_once("guiconfig.inc");
38	43e07671	doktornotor	require_once("pfsense-utils.inc");
39	fab7ff44	Bill Marquette
40	3fa6d462	jim-p	$logging_level = LOG_WARNING;
41			$logging_prefix = gettext("Local User Database");
42
43	e33be77c	Ermal	// start admin user code
44	4611e283	Steve Beaver	if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) {
45			$id = $_REQUEST['userid'];
46	73fa304b	Phil Davis	}
47	1df17ba9	Scott Ullrich
48	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
49	e33be77c	Ermal	$config['system']['user'] = array();
50	73fa304b	Phil Davis	}
51	1df17ba9	Scott Ullrich
52	e33be77c	Ermal	$a_user = &$config['system']['user'];
53	4611e283	Steve Beaver	$act = $_REQUEST['act'];
54	45ee90ed	Matthew Grooms
55	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
56	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
57	73fa304b	Phil Davis	} else {
58	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
59	73fa304b	Phil Davis	}
60	7c2d0050	Renato Botelho
61	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
62			$pconfig['usernamefld'] = $a_user[$id]['name'];
63			$pconfig['descr'] = $a_user[$id]['descr'];
64			$pconfig['expires'] = $a_user[$id]['expires'];
65	8bab524e	Phil Davis	$pconfig['customsettings'] = isset($a_user[$id]['customsettings']);
66			$pconfig['webguicss'] = $a_user[$id]['webguicss'];
67			$pconfig['webguifixedmenu'] = $a_user[$id]['webguifixedmenu'];
68			$pconfig['webguihostnamemenu'] = $a_user[$id]['webguihostnamemenu'];
69			$pconfig['dashboardcolumns'] = $a_user[$id]['dashboardcolumns'];
70	1d3510cf	Phil Davis	$pconfig['interfacessort'] = isset($a_user[$id]['interfacessort']);
71	8bab524e	Phil Davis	$pconfig['dashboardavailablewidgetspanel'] = isset($a_user[$id]['dashboardavailablewidgetspanel']);
72			$pconfig['systemlogsfilterpanel'] = isset($a_user[$id]['systemlogsfilterpanel']);
73			$pconfig['systemlogsmanagelogpanel'] = isset($a_user[$id]['systemlogsmanagelogpanel']);
74			$pconfig['statusmonitoringsettingspanel'] = isset($a_user[$id]['statusmonitoringsettingspanel']);
75			$pconfig['webguileftcolumnhyper'] = isset($a_user[$id]['webguileftcolumnhyper']);
76	d9058974	Phil Davis	$pconfig['disablealiaspopupdetail'] = isset($a_user[$id]['disablealiaspopupdetail']);
77	8bab524e	Phil Davis	$pconfig['pagenamefirst'] = isset($a_user[$id]['pagenamefirst']);
78	adacdf5f	jim-p	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
79			$pconfig['utype'] = $a_user[$id]['scope'];
80			$pconfig['uid'] = $a_user[$id]['uid'];
81			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
82			$pconfig['priv'] = $a_user[$id]['priv'];
83			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
84			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
85			}
86
87	f5c9c0c7	Steve Beaver	if ($_POST['act'] == "deluser") {
88	45ee90ed	Matthew Grooms
89	f5c9c0c7	Steve Beaver	if (!isset($_POST['username']) \|\| !isset($a_user[$id]) \|\| ($_POST['username'] != $a_user[$id]['name'])) {
90	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
91			exit;
92	6b07c15a	Matthew Grooms	}
93
94	f5c9c0c7	Steve Beaver	if ($_POST['username'] == $_SESSION['Username']) {
95			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_POST['username']);
96	d6b79c39	Phil Davis	} else {
97			local_user_del($a_user[$id]);
98			$userdeleted = $a_user[$id]['name'];
99			unset($a_user[$id]);
100	92c27793	jim-p	/* Reindex the array to avoid operating on an incorrect index https://redmine.pfsense.org/issues/7733 */
101			$a_user = array_values($a_user);
102	3fa6d462	jim-p	$savemsg = sprintf(gettext("Successfully deleted user: %s"), $userdeleted);
103			write_config($savemsg);
104			syslog($logging_level, "{$logging_prefix}: {$savemsg}");
105	d6b79c39	Phil Davis	}
106	f5c9c0c7	Steve Beaver
107	d61309a0	Phil Davis	} else if ($act == "new") {
108	e33be77c	Ermal	/*
109			* set this value cause the text field is read only
110			* and the user should not be able to mess with this
111			* setting.
112			*/
113			$pconfig['utype'] = "user";
114			$pconfig['lifetime'] = 3650;
115	fc1913fe	jim-p
116			$nonPrvCas = array();
117			if (is_array($config['ca']) && count($config['ca']) > 0) {
118			foreach ($config['ca'] as $ca) {
119			if (!$ca['prv']) {
120			continue;
121			}
122
123			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
124			}
125			}
126
127	e33be77c	Ermal	}
128	45ee90ed	Matthew Grooms
129	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
130	4e21c82e	bruno
131			$del_users = $_POST['delete_check'];
132	3fa6d462	jim-p	$deleted_users = array();
133	4e21c82e	bruno
134	73fa304b	Phil Davis	if (!empty($del_users)) {
135			foreach ($del_users as $userid) {
136	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
137	d6b79c39	Phil Davis	if ($a_user[$userid]['name'] == $_SESSION['Username']) {
138			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $a_user[$userid]['name']);
139			} else {
140	3fa6d462	jim-p	$deleted_users[] = $a_user[$userid]['name'];
141	d6b79c39	Phil Davis	local_user_del($a_user[$userid]);
142			unset($a_user[$userid]);
143			}
144			} else {
145			$delete_errors[] = sprintf(gettext("Cannot delete user %s because it is a system user."), $a_user[$userid]['name']);
146	4e21c82e	bruno	}
147			}
148	d6b79c39	Phil Davis
149	3fa6d462	jim-p	if (count($deleted_users) > 0) {
150			$savemsg = sprintf(gettext("Successfully deleted %s: %s"), (count($deleted_users) == 1) ? gettext("user") : gettext("users"), implode(', ', $deleted_users));
151	92c27793	jim-p	/* Reindex the array to avoid operating on an incorrect index https://redmine.pfsense.org/issues/7733 */
152			$a_user = array_values($a_user);
153	d6b79c39	Phil Davis	write_config($savemsg);
154	3fa6d462	jim-p	syslog($logging_level, "{$logging_prefix}: {$savemsg}");
155	d6b79c39	Phil Davis	}
156	4e21c82e	bruno	}
157			}
158
159	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
160
161			if (!$a_user[$id]) {
162			pfSenseHeader("system_usermanager.php");
163			exit;
164			}
165
166			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
167			$certdeleted = $certdeleted['descr'];
168			unset($a_user[$id]['cert'][$_POST['certid']]);
169	3fa6d462	jim-p	$savemsg = sprintf(gettext("Removed certificate association \"%s\" from user %s"), $certdeleted, $a_user[$id]['name']);
170			write_config($savemsg);
171			syslog($logging_level, "{$logging_prefix}: {$savemsg}");
172	98402844	Stephen Beaver	$_POST['act'] = "edit";
173			}
174	64c31615	Stephen Beaver
175	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
176			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
177			unset($a_user[$id]['priv'][$_POST['privid']]);
178			local_user_set($a_user[$id]);
179	3fa6d462	jim-p	$savemsg = sprintf(gettext("Removed Privilege \"%s\" from user %s"), $privdeleted, $a_user[$id]['name']);
180			write_config($savemsg);
181			syslog($logging_level, "{$logging_prefix}: {$savemsg}");
182	945204b1	Stephen Beaver	$_POST['act'] = "edit";
183	4c879f95	heper	}
184	98402844	Stephen Beaver
185	1a6769a6	Renato Botelho	if ($_POST['save']) {
186	e33be77c	Ermal	unset($input_errors);
187			$pconfig = $_POST;
188	45ee90ed	Matthew Grooms
189	e33be77c	Ermal	/* input validation */
190			if (isset($id) && ($a_user[$id])) {
191			$reqdfields = explode(" ", "usernamefld");
192			$reqdfieldsn = array(gettext("Username"));
193			} else {
194			if (empty($_POST['name'])) {
195			$reqdfields = explode(" ", "usernamefld passwordfld1");
196			$reqdfieldsn = array(
197			gettext("Username"),
198			gettext("Password"));
199	45ee90ed	Matthew Grooms	} else {
200	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
201			$reqdfieldsn = array(
202			gettext("Username"),
203			gettext("Password"),
204			gettext("Descriptive name"),
205			gettext("Certificate authority"),
206			gettext("Key length"),
207			gettext("Lifetime"));
208	45ee90ed	Matthew Grooms	}
209	e33be77c	Ermal	}
210	45ee90ed	Matthew Grooms
211	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
212	45ee90ed	Matthew Grooms
213	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
214	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
215	73fa304b	Phil Davis	}
216	45ee90ed	Matthew Grooms
217	a84fb545	Andrei Miu	if (strlen($_POST['usernamefld']) > 32) {
218			$input_errors[] = gettext("The username is longer than 32 characters.");
219	73fa304b	Phil Davis	}
220	94d455da	jim-p
221	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
222	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
223	73fa304b	Phil Davis	}
224	45ee90ed	Matthew Grooms
225	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
226	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
227	73fa304b	Phil Davis	}
228	123d8700	Renato Botelho
229	e63321a5	jim-p	/* Check the POSTed groups to ensure they are valid and exist */
230	9d3e8723	Phil Davis	if (is_array($_POST['groups'])) {
231	9f472202	NewEraCracker	foreach ($_POST['groups'] as $newgroup) {
232			if (empty(getGroupEntry($newgroup))) {
233			$input_errors[] = gettext("One or more invalid groups was submitted.");
234			}
235	e63321a5	jim-p	}
236			}
237
238	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
239	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
240	73fa304b	Phil Davis	} else {
241	e33be77c	Ermal	$oldusername = "";
242	73fa304b	Phil Davis	}
243	e33be77c	Ermal	/* make sure this user name is unique */
244			if (!$input_errors) {
245			foreach ($a_user as $userent) {
246			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
247			$input_errors[] = gettext("Another entry with the same username already exists.");
248			break;
249	58664cc9	Scott Ullrich	}
250	3dec33d4	Erik Fonnesbeck	}
251	e33be77c	Ermal	}
252			/* also make sure it is not reserved */
253			if (!$input_errors) {
254			$system_users = explode("\n", file_get_contents("/etc/passwd"));
255			foreach ($system_users as $s_user) {
256			$ent = explode(":", $s_user);
257			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
258			$input_errors[] = gettext("That username is reserved by the system.");
259			break;
260	8339ab6d	jim-p	}
261	7e4a4513	Scott Ullrich	}
262	e33be77c	Ermal	}
263	1df17ba9	Scott Ullrich
264	e33be77c	Ermal	/*
265	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
266	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
267	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
268			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
269			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
270	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
271	e33be77c	Ermal	*/
272	73fa304b	Phil Davis	if ($_POST['expires']) {
273	4d148b59	Yehuda Katz	try {
274			$expdate = new DateTime($_POST['expires']);
275			//convert from any DateTime compatible date to MM/DD/YYYY
276			$_POST['expires'] = $expdate->format("m/d/Y");
277	73fa304b	Phil Davis	} catch (Exception $ex) {
278	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
279	0092b3bd	mgrooms	}
280	e33be77c	Ermal	}
281	0092b3bd	mgrooms
282	e33be77c	Ermal	if (!empty($_POST['name'])) {
283			$ca = lookup_ca($_POST['caref']);
284	73fa304b	Phil Davis	if (!$ca) {
285	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
286	73fa304b	Phil Davis	}
287	e33be77c	Ermal	}
288	9ceace25	jim-p	validate_webguicss_field($input_errors, $_POST['webguicss']);
289			validate_webguifixedmenu_field($input_errors, $_POST['webguifixedmenu']);
290			validate_webguihostnamemenu_field($input_errors, $_POST['webguihostnamemenu']);
291			validate_dashboardcolumns_field($input_errors, $_POST['dashboardcolumns']);
292	c9794c06	Ermal
293	e33be77c	Ermal	if (!$input_errors) {
294	4ee51131	Sjon Hortensius
295	e33be77c	Ermal	$userent = array();
296	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
297	e33be77c	Ermal	$userent = $a_user[$id];
298	73fa304b	Phil Davis	}
299	e879fc81	Ermal
300	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
301
302			/* the user name was modified */
303	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
304	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
305	fdcf104c	jim-p	local_user_del($userent);
306			}
307	1df17ba9	Scott Ullrich
308	e30050b6	Phil Davis	/* the user password was modified */
309	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
310	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
311	73fa304b	Phil Davis	}
312	1df17ba9	Scott Ullrich
313	5cde9005	NewEraCracker	/* only change description if sent */
314			if (isset($_POST['descr'])) {
315			$userent['descr'] = $_POST['descr'];
316			}
317
318	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
319			$userent['expires'] = $_POST['expires'];
320	8bab524e	Phil Davis	$userent['dashboardcolumns'] = $_POST['dashboardcolumns'];
321	e33be77c	Ermal	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
322			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
323	3ccb9689	Charlie Marshall
324	73fa304b	Phil Davis	if ($_POST['disabled']) {
325	e33be77c	Ermal	$userent['disabled'] = true;
326	73fa304b	Phil Davis	} else {
327	e33be77c	Ermal	unset($userent['disabled']);
328	73fa304b	Phil Davis	}
329	e33be77c	Ermal
330	8bab524e	Phil Davis	if ($_POST['customsettings']) {
331			$userent['customsettings'] = true;
332			} else {
333			unset($userent['customsettings']);
334			}
335
336			if ($_POST['webguicss']) {
337			$userent['webguicss'] = $_POST['webguicss'];
338			} else {
339			unset($userent['webguicss']);
340			}
341
342			if ($_POST['webguifixedmenu']) {
343			$userent['webguifixedmenu'] = $_POST['webguifixedmenu'];
344			} else {
345			unset($userent['webguifixedmenu']);
346			}
347
348			if ($_POST['webguihostnamemenu']) {
349			$userent['webguihostnamemenu'] = $_POST['webguihostnamemenu'];
350			} else {
351			unset($userent['webguihostnamemenu']);
352			}
353
354	1d3510cf	Phil Davis	if ($_POST['interfacessort']) {
355			$userent['interfacessort'] = true;
356			} else {
357			unset($userent['interfacessort']);
358			}
359
360	8bab524e	Phil Davis	if ($_POST['dashboardavailablewidgetspanel']) {
361			$userent['dashboardavailablewidgetspanel'] = true;
362			} else {
363			unset($userent['dashboardavailablewidgetspanel']);
364			}
365
366			if ($_POST['systemlogsfilterpanel']) {
367			$userent['systemlogsfilterpanel'] = true;
368			} else {
369			unset($userent['systemlogsfilterpanel']);
370			}
371
372			if ($_POST['systemlogsmanagelogpanel']) {
373			$userent['systemlogsmanagelogpanel'] = true;
374			} else {
375			unset($userent['systemlogsmanagelogpanel']);
376			}
377
378			if ($_POST['statusmonitoringsettingspanel']) {
379			$userent['statusmonitoringsettingspanel'] = true;
380			} else {
381			unset($userent['statusmonitoringsettingspanel']);
382			}
383
384			if ($_POST['webguileftcolumnhyper']) {
385			$userent['webguileftcolumnhyper'] = true;
386			} else {
387			unset($userent['webguileftcolumnhyper']);
388			}
389
390	d9058974	Phil Davis	if ($_POST['disablealiaspopupdetail']) {
391			$userent['disablealiaspopupdetail'] = true;
392			} else {
393			unset($userent['disablealiaspopupdetail']);
394			}
395
396	8bab524e	Phil Davis	if ($_POST['pagenamefirst']) {
397			$userent['pagenamefirst'] = true;
398			} else {
399			unset($userent['pagenamefirst']);
400			}
401
402	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
403	e33be77c	Ermal	$a_user[$id] = $userent;
404	73fa304b	Phil Davis	} else {
405	e33be77c	Ermal	if (!empty($_POST['name'])) {
406			$cert = array();
407			$cert['refid'] = uniqid();
408	4c291f4c	Renato Botelho	$userent['cert'] = array();
409	e33be77c	Ermal
410			$cert['descr'] = $_POST['name'];
411
412	1ec79365	jim-p	$subject = cert_get_subject_hash($ca['crt']);
413
414			$dn = array();
415			if (!empty($subject['C'])) {
416			$dn['countryName'] = $subject['C'];
417			}
418			if (!empty($subject['ST'])) {
419			$dn['stateOrProvinceName'] = $subject['ST'];
420			}
421			if (!empty($subject['L'])) {
422			$dn['localityName'] = $subject['L'];
423			}
424			if (!empty($subject['O'])) {
425			$dn['organizationName'] = $subject['O'];
426			}
427			if (!empty($subject['OU'])) {
428			$dn['organizationalUnit'] = $subject['OU'];
429			}
430			$dn['commonName'] = $userent['name'];
431	e562fca2	jim-p	$cn_altname = cert_add_altname_type($userent['name']);
432			if (!empty($cn_altname)) {
433			$dn['subjectAltName'] = $cn_altname;
434	b767fe6c	jim-p	}
435	e33be77c	Ermal
436			cert_create($cert, $_POST['caref'], $_POST['keylen'],
437			(int)$_POST['lifetime'], $dn);
438
439	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
440	e33be77c	Ermal	$config['cert'] = array();
441	73fa304b	Phil Davis	}
442	e33be77c	Ermal	$config['cert'][] = $cert;
443			$userent['cert'][] = $cert['refid'];
444			}
445			$userent['uid'] = $config['system']['nextuid']++;
446			/* Add the user to All Users group. */
447			foreach ($config['system']['group'] as $gidx => $group) {
448			if ($group['name'] == "all") {
449	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
450	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
451	73fa304b	Phil Davis	}
452	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
453			break;
454			}
455			}
456	970db70b	Scott Ullrich
457	e33be77c	Ermal	$a_user[] = $userent;
458	45ee90ed	Matthew Grooms	}
459	e33be77c	Ermal
460	dc3bc1f8	Renato Botelho	/* Sort it alphabetically */
461			usort($config['system']['user'], function($a, $b) {
462			return strcmp($a['name'], $b['name']);
463			});
464
465	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
466	e33be77c	Ermal	local_user_set($userent);
467	3fa6d462	jim-p	$savemsg = sprintf(gettext("Successfully %s user %s"), (isset($id)) ? gettext("edited") : gettext("created"), $userent['name']);
468			write_config($savemsg);
469			syslog($logging_level, "{$logging_prefix}: {$savemsg}");
470	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
471	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
472	73fa304b	Phil Davis	}
473	e33be77c	Ermal
474			pfSenseHeader("system_usermanager.php");
475	45ee90ed	Matthew Grooms	}
476	e33be77c	Ermal	}
477	fab7ff44	Bill Marquette
478	7411c285	Stephen Beaver	function build_priv_table() {
479			global $a_user, $id;
480
481			$privhtml = '<div class="table-responsive">';
482			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
483			$privhtml .= '<thead>';
484	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
485			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
486			$privhtml .= '<th>' . gettext('Name') . '</th>';
487			$privhtml .= '<th>' . gettext('Description') . '</th>';
488	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
489	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
490	7411c285	Stephen Beaver	$privhtml .= '</thead>';
491			$privhtml .= '<tbody>';
492
493	945204b1	Stephen Beaver	$i = 0;
494	57188e47	Phil Davis	$user_has_root_priv = false;
495	945204b1	Stephen Beaver
496			foreach (get_user_privdesc($a_user[$id]) as $priv) {
497			$group = false;
498			if ($priv['group']) {
499			$group = $priv['group'];
500			}
501
502	7411c285	Stephen Beaver	$privhtml .= '<tr>';
503			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
504			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
505	57188e47	Phil Davis	$privhtml .= '<td>' . htmlspecialchars($priv['descr']);
506			if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
507	21312954	Phil Davis	$privhtml .= ' ' . gettext('(admin privilege)');
508	57188e47	Phil Davis	$user_has_root_priv = true;
509			}
510			$privhtml .= '</td>';
511	945204b1	Stephen Beaver	$privhtml .= '<td>';
512	d61309a0	Phil Davis	if (!$group) {
513	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
514	d61309a0	Phil Davis	}
515	945204b1	Stephen Beaver
516			$privhtml .= '</td>';
517	7411c285	Stephen Beaver	$privhtml .= '</tr>';
518	945204b1	Stephen Beaver
519	d61309a0	Phil Davis	if (!$group) {
520	945204b1	Stephen Beaver	$i++;
521	d61309a0	Phil Davis	}
522	7411c285	Stephen Beaver	}
523
524	57188e47	Phil Davis	if ($user_has_root_priv) {
525			$privhtml .= '<tr>';
526			$privhtml .= '<td colspan="3">';
527	9187d6f7	Phil Davis	$privhtml .= '<b>' . gettext('Security notice: This user effectively has administrator-level access') . '</b>';
528	57188e47	Phil Davis	$privhtml .= '</td>';
529			$privhtml .= '<td>';
530			$privhtml .= '</td>';
531			$privhtml .= '</tr>';
532	f5c9c0c7	Steve Beaver
533	57188e47	Phil Davis	}
534
535	7411c285	Stephen Beaver	$privhtml .= '</tbody>';
536			$privhtml .= '</table>';
537			$privhtml .= '</div>';
538
539			$privhtml .= '<nav class="action-buttons">';
540	4611e283	Steve Beaver	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
541	7411c285	Stephen Beaver	$privhtml .= '</nav>';
542
543			return($privhtml);
544			}
545	98402844	Stephen Beaver
546	7411c285	Stephen Beaver	function build_cert_table() {
547			global $a_user, $id;
548
549			$certhtml = '<div class="table-responsive">';
550			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
551			$certhtml .= '<thead>';
552	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
553			$certhtml .= '<th>' . gettext('Name') . '</th>';
554			$certhtml .= '<th>' . gettext('CA') . '</th>';
555	98402844	Stephen Beaver	$certhtml .= '<th></th>';
556	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
557	7411c285	Stephen Beaver	$certhtml .= '</thead>';
558			$certhtml .= '<tbody>';
559
560			$a_cert = $a_user[$id]['cert'];
561			if (is_array($a_cert)) {
562			$i = 0;
563			foreach ($a_cert as $certref) {
564	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
565			$ca = lookup_ca($cert['caref']);
566			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
567
568	7411c285	Stephen Beaver	$certhtml .= '<tr>';
569	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
570	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
571	db676e5b	Stephen Beaver	$certhtml .= '<td>';
572	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
573	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
574	db676e5b	Stephen Beaver	$certhtml .= '</td>';
575	7411c285	Stephen Beaver	$certhtml .= '</tr>';
576	db676e5b	Stephen Beaver	$i++;
577	7411c285	Stephen Beaver	}
578	db676e5b	Stephen Beaver
579	7411c285	Stephen Beaver	}
580
581			$certhtml .= '</tbody>';
582			$certhtml .= '</table>';
583			$certhtml .= '</div>';
584
585			$certhtml .= '<nav class="action-buttons">';
586	4611e283	Steve Beaver	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
587	7411c285	Stephen Beaver	$certhtml .= '</nav>';
588
589			return($certhtml);
590			}
591
592	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
593	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_usermanager.php");
594	8f1ab2a4	k-paulius
595			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
596			$pgtitle[] = gettext('Edit');
597	edcd7535	Phil Davis	$pglinks[] = "@self";
598	8f1ab2a4	k-paulius	}
599	4611e283	Steve Beaver
600	e33be77c	Ermal	include("head.inc");
601	fab7ff44	Bill Marquette
602	d6b79c39	Phil Davis	if ($delete_errors) {
603			print_input_errors($delete_errors);
604			}
605
606	d61309a0	Phil Davis	if ($input_errors) {
607	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
608	d61309a0	Phil Davis	}
609	98402844	Stephen Beaver
610	d61309a0	Phil Davis	if ($savemsg) {
611	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
612	d61309a0	Phil Davis	}
613	4ee51131	Sjon Hortensius
614			$tab_array = array();
615			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
616			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
617			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
618	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
619	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
620
621	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
622	64600f94	Sjon Hortensius	?>
623	64c31615	Stephen Beaver	<form method="post">
624	060ed238	Stephen Beaver	<div class="panel panel-default">
625			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
626			<div class="panel-body">
627			<div class="table-responsive">
628	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
629	060ed238	Stephen Beaver	<thead>
630			<tr>
631			<th> </th>
632			<th><?=gettext("Username")?></th>
633			<th><?=gettext("Full name")?></th>
634	edd88334	NOYB	<th><?=gettext("Status")?></th>
635	060ed238	Stephen Beaver	<th><?=gettext("Groups")?></th>
636	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
637	060ed238	Stephen Beaver	</tr>
638			</thead>
639			<tbody>
640	a0165602	Sjon Hortensius	<?php
641	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
642	a0165602	Sjon Hortensius	?>
643	060ed238	Stephen Beaver	<tr>
644			<td>
645	d6b79c39	Phil Davis	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=((($userent['scope'] == "system") \|\| ($userent['name'] == $_SESSION['Username'])) ? 'disabled' : '')?>/>
646	060ed238	Stephen Beaver	</td>
647			<td>
648	a0165602	Sjon Hortensius	<?php
649	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
650	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
651	d61309a0	Phil Davis	} else {
652	a0165602	Sjon Hortensius	$usrimg = 'user';
653	d61309a0	Phil Davis	}
654	a0165602	Sjon Hortensius	?>
655	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
656			<?=htmlspecialchars($userent['name'])?>
657			</td>
658			<td><?=htmlspecialchars($userent['descr'])?></td>
659	0fdbaca8	NOYB	<td><i class="fa fa-<?= (isset($userent['disabled'])) ? 'ban" title="' . gettext("Disabled") . '"' : 'check" title="' . gettext("Enabled") . '"' ; ?>><span style='display: none'><?= (isset($userent['disabled'])) ? gettext("Disabled") : gettext("Enabled") ; ?></span></i></td>
660	060ed238	Stephen Beaver	<td><?=implode(",", local_user_get_groups($userent))?></td>
661			<td>
662	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
663	d6b79c39	Phil Davis	<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?>
664	f5c9c0c7	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" usepost></a>
665	a0165602	Sjon Hortensius	<?php endif; ?>
666	060ed238	Stephen Beaver	</td>
667			</tr>
668	a0165602	Sjon Hortensius	<?php endforeach; ?>
669	060ed238	Stephen Beaver	</tbody>
670			</table>
671			</div>
672			</div>
673	94404d94	Sander van Leeuwen	</div>
674	c10cb196	Stephen Beaver	<nav class="action-buttons">
675	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-sm btn-success">
676	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
677	b921ab63	Stephen Beaver	<?=gettext("Add")?>
678			</a>
679	64c31615	Stephen Beaver
680			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
681			<i class="fa fa-trash icon-embed-btn"></i>
682			<?=gettext("Delete")?>
683			</button>
684	f5c9c0c7	Steve Beaver
685	94404d94	Sander van Leeuwen	</nav>
686	d825dfea	NOYB	</form>
687	3c3ede28	Stephen Beaver	<div class="infoblock">
688	a0165602	Sjon Hortensius	<?php
689	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
690			"the webConfigurator can be assigned directly or inherited from group memberships. " .
691			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
692			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
693			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
694			);
695	f5c9c0c7	Steve Beaver
696	d3f59a8c	Steve Beaver	?></div>
697
698	f5c9c0c7	Steve Beaver	<?php
699	a0165602	Sjon Hortensius	include("foot.inc");
700			exit;
701			}
702	4ee51131	Sjon Hortensius
703			$form = new Form;
704
705	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
706	4ee51131	Sjon Hortensius
707	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
708			'act',
709			null,
710			'hidden',
711			''
712			));
713	4ee51131	Sjon Hortensius
714	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
715			'userid',
716			null,
717			'hidden',
718			isset($id) ? $id:''
719			));
720	4ee51131	Sjon Hortensius
721	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
722			'privid',
723			null,
724			'hidden',
725			''
726			));
727	4ee51131	Sjon Hortensius
728	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
729			'certid',
730			null,
731			'hidden',
732			''
733			));
734	4ee51131	Sjon Hortensius
735	7411c285	Stephen Beaver	$ro = "";
736			if ($pconfig['utype'] == "system") {
737	c4b60a9a	Colin Fleming	$ro = "readonly";
738	7411c285	Stephen Beaver	}
739	4ee51131	Sjon Hortensius
740	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
741	4ee51131	Sjon Hortensius
742	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
743			'Defined by',
744			strtoupper($pconfig['utype'])
745			));
746	4ee51131	Sjon Hortensius
747	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
748			'utype',
749			null,
750			'hidden',
751			$pconfig['utype']
752			));
753	4ee51131	Sjon Hortensius
754	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
755			'disabled',
756			'Disabled',
757			'This user cannot login',
758			$pconfig['disabled']
759			));
760	6b07c15a	Matthew Grooms
761	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
762			'usernamefld',
763	153c3aa6	Phil Davis	'*Username',
764	7411c285	Stephen Beaver	'text',
765			$pconfig['usernamefld']
766			));
767	61dec0b0	Renato Botelho
768	d61309a0	Phil Davis	if ($ro) {
769	1fe9cc38	Stephen Beaver	$input->setReadonly();
770	d61309a0	Phil Davis	}
771	7411c285	Stephen Beaver
772			$form->addGlobal(new Form_Input(
773			'oldusername',
774	4ee51131	Sjon Hortensius	null,
775	7411c285	Stephen Beaver	'hidden',
776			$pconfig['usernamefld']
777	4ee51131	Sjon Hortensius	));
778	6b07c15a	Matthew Grooms
779	153c3aa6	Phil Davis	if ($act == "edit") {
780			$pwd_required = "";
781			} else {
782			$pwd_required = "*";
783			}
784
785			$group = new Form_Group($pwd_required . 'Password');
786	7411c285	Stephen Beaver	$group->add(new Form_Input(
787			'passwordfld1',
788			'Password',
789			'password'
790			));
791			$group->add(new Form_Input(
792			'passwordfld2',
793			'Confirm Password',
794			'password'
795			));
796
797			$section->add($group);
798
799			$section->addInput($input = new Form_Input(
800			'descr',
801			'Full name',
802			'text',
803			htmlspecialchars($pconfig['descr'])
804	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
805	7411c285	Stephen Beaver
806	d61309a0	Phil Davis	if ($ro) {
807	7411c285	Stephen Beaver	$input->setDisabled();
808	d61309a0	Phil Davis	}
809	7411c285	Stephen Beaver
810			$section->addInput(new Form_Input(
811			'expires',
812			'Expiration date',
813	d78dbc34	Stephen Beaver	'text',
814	7411c285	Stephen Beaver	$pconfig['expires']
815			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
816	98b87cfa	Jonathon Anderson	'the expiration date as MM/DD/YYYY');
817	7411c285	Stephen Beaver
818	8bab524e	Phil Davis	$section->addInput(new Form_Checkbox(
819			'customsettings',
820			'Custom Settings',
821			'Use individual customized GUI options and dashboard layout for this user.',
822			$pconfig['customsettings']
823			));
824
825			gen_user_settings_fields($section, $pconfig);
826
827	7411c285	Stephen Beaver	// ==== Group membership ==================================================
828			$group = new Form_Group('Group membership');
829
830	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
831	7411c285	Stephen Beaver	// those which this user is a member of
832			$systemGroups = array();
833			$usersGroups = array();
834
835			$usergid = [$pconfig['usernamefld']];
836
837			foreach ($config['system']['group'] as $Ggroup) {
838	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
839	5c3a8a9c	Stephen Jones	if (($act == 'edit' \|\| $input_errors) && $Ggroup['member'] && in_array($a_user[$id]['uid'], $Ggroup['member'])) {
840	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
841	d61309a0	Phil Davis	} else {
842	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
843	d61309a0	Phil Davis	}
844	b4333696	Stephen Beaver	}
845	7411c285	Stephen Beaver	}
846
847			$group->add(new Form_Select(
848			'sysgroups',
849			null,
850			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
851			$systemGroups,
852			true
853	953385a3	heper	))->setHelp('Not member of');
854	6b07c15a	Matthew Grooms
855	7411c285	Stephen Beaver	$group->add(new Form_Select(
856			'groups',
857			null,
858			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
859			$usersGroups,
860			true
861	953385a3	heper	))->setHelp('Member of');
862	7411c285	Stephen Beaver
863			$section->add($group);
864
865			$group = new Form_Group('');
866
867			$group->add(new Form_Button(
868			'movetoenabled',
869	faab522f	Renato Botelho	'Move to "Member of" list',
870	37676f4e	jim-p	null,
871			'fa-angle-double-right'
872	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
873	7411c285	Stephen Beaver
874			$group->add(new Form_Button(
875			'movetodisabled',
876	faab522f	Renato Botelho	'Move to "Not member of" list',
877	37676f4e	jim-p	null,
878			'fa-angle-double-left'
879	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
880	4ee51131	Sjon Hortensius
881	e4c7d45f	NewEraCracker	$group->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
882	7411c285	Stephen Beaver	$section->add($group);
883	4ee51131	Sjon Hortensius
884	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
885	d61309a0	Phil Davis	if ($act == 'new') {
886	fc1913fe	jim-p	if (count($nonPrvCas) > 0) {
887			$section->addInput(new Form_Checkbox(
888			'showcert',
889			'Certificate',
890			'Click to create a user certificate',
891			false
892			));
893			} else {
894			$section->addInput(new Form_StaticText(
895			'Certificate',
896			gettext('No private CAs found. A private CA is required to create a new user certificate. ' .
897			'Save the user first to import an external certificate.')
898			));
899			}
900	6b07c15a	Matthew Grooms	}
901
902	7411c285	Stephen Beaver	$form->add($section);
903	6b07c15a	Matthew Grooms
904	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
905			if (isset($pconfig['uid'])) {
906			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
907			// is the best way to make the display we need.
908	6b07c15a	Matthew Grooms
909	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
910	4ee51131	Sjon Hortensius
911	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
912			null,
913			build_priv_table()
914			));
915	4ee51131	Sjon Hortensius
916	7411c285	Stephen Beaver	$form->add($section);
917	4ee51131	Sjon Hortensius
918	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
919	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
920	7411c285	Stephen Beaver
921			$section->addInput(new Form_StaticText(
922			null,
923			build_cert_table()
924			));
925	64600f94	Sjon Hortensius
926			$form->add($section);
927	c9794c06	Ermal	}
928	7411c285	Stephen Beaver
929	f14ff867	Phil Davis	// ==== Add user certificate for a new user
930			if (is_array($config['ca']) && count($config['ca']) > 0) {
931	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
932	f14ff867	Phil Davis	$section->addClass('cert-options');
933	c9794c06	Ermal
934	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
935			$section->addInput(new Form_Input(
936			'name',
937			'Descriptive name',
938			'text',
939			$pconfig['name']
940			));
941	7411c285	Stephen Beaver
942	f14ff867	Phil Davis	$section->addInput(new Form_Select(
943			'caref',
944			'Certificate authority',
945			null,
946			$nonPrvCas
947			));
948	7411c285	Stephen Beaver
949	f14ff867	Phil Davis	$section->addInput(new Form_Select(
950			'keylen',
951			'Key length',
952			2048,
953			array(
954			512 => '512 bits',
955			1024 => '1024 bits',
956	16897690	jim-p	2048 => '2048 bits',
957	d5018c6a	stilez	3072 => '3072 bits',
958	f14ff867	Phil Davis	4096 => '4096 bits',
959	d5018c6a	stilez	7680 => '7680 bits',
960			8192 => '8192 bits',
961			15360 => '15360 bits',
962			16384 => '16384 bits'
963	f14ff867	Phil Davis	)
964	4dd437e4	Phil Davis	))->setHelp('The larger the key, the more security it offers, but larger keys take considerably more time to generate, ' .
965			'and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). ' .
966			'As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. ' .
967			'For more information see %1$s.', '<a href="https://keylength.com">keylength.com</a>');
968	7411c285	Stephen Beaver
969	f14ff867	Phil Davis	$section->addInput(new Form_Input(
970			'lifetime',
971			'Lifetime',
972			'number',
973			$pconfig['lifetime']
974			));
975	7411c285	Stephen Beaver	}
976
977	f14ff867	Phil Davis	$form->add($section);
978			}
979
980	7411c285	Stephen Beaver	endif;
981			// ==== Paste a key for the new user
982	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
983
984	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
985			'showkey',
986			'Authorized keys',
987			'Click to paste an authorized key',
988			false
989			));
990
991	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
992			'authorizedkeys',
993	d1e73829	Stephen Beaver	'Authorized SSH Keys',
994	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
995	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
996	4ee51131	Sjon Hortensius
997	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
998	4ee51131	Sjon Hortensius	'ipsecpsk',
999			'IPsec Pre-Shared Key',
1000			'text',
1001			$pconfig['ipsecpsk']
1002			));
1003
1004			$form->add($section);
1005	7411c285	Stephen Beaver
1006	a0165602	Sjon Hortensius	print $form;
1007	8bab524e	Phil Davis
1008			$csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />");
1009	7411c285	Stephen Beaver	?>
1010	8fd9052f	Colin Fleming	<script type="text/javascript">
1011	7411c285	Stephen Beaver	//<![CDATA[
1012	d61309a0	Phil Davis	events.push(function() {
1013	7411c285	Stephen Beaver
1014	8bab524e	Phil Davis	function setcustomoptions() {
1015			var adv = $('#customsettings').prop('checked');
1016
1017			hideInput('webguicss', !adv);
1018			hideInput('webguifixedmenu', !adv);
1019			hideInput('webguihostnamemenu', !adv);
1020			hideInput('dashboardcolumns', !adv);
1021	1d3510cf	Phil Davis	hideCheckbox('interfacessort', !adv);
1022	8bab524e	Phil Davis	hideCheckbox('dashboardavailablewidgetspanel', !adv);
1023			hideCheckbox('systemlogsfilterpanel', !adv);
1024			hideCheckbox('systemlogsmanagelogpanel', !adv);
1025			hideCheckbox('statusmonitoringsettingspanel', !adv);
1026			hideCheckbox('webguileftcolumnhyper', !adv);
1027	d9058974	Phil Davis	hideCheckbox('disablealiaspopupdetail', !adv);
1028	8bab524e	Phil Davis	hideCheckbox('pagenamefirst', !adv);
1029			}
1030
1031			// Handle displaying a warning message if a user-created theme is selected.
1032			function setThemeWarning() {
1033			if ($('#webguicss').val().startsWith("pfSense")) {
1034			$('#csstxt').html("").addClass("text-default");
1035			} else {
1036			$('#csstxt').html("<?=$csswarning?>").addClass("text-danger");
1037			}
1038			}
1039
1040			$('#webguicss').change(function() {
1041			setThemeWarning();
1042			});
1043
1044			setThemeWarning();
1045
1046	7411c285	Stephen Beaver	// On click . .
1047	8bab524e	Phil Davis	$('#customsettings').click(function () {
1048			setcustomoptions();
1049			});
1050
1051	7411c285	Stephen Beaver	$("#movetodisabled").click(function() {
1052			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
1053			});
1054
1055			$("#movetoenabled").click(function() {
1056			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
1057			});
1058
1059			$("#showcert").click(function() {
1060			hideClass('cert-options', !this.checked);
1061			});
1062
1063			$("#showkey").click(function() {
1064	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
1065			hideCheckbox('showkey', true);
1066	7411c285	Stephen Beaver	});
1067
1068	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
1069	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1070	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
1071			$('#userid').val('<?=$id;?>');
1072			$('#act').val('delcert');
1073			$('form').submit();
1074			}
1075			});
1076	945204b1	Stephen Beaver
1077	408d0882	heper	$('[id^=delprivid]').click(function(event) {
1078	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1079	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
1080	408d0882	heper	$('#userid').val('<?=$id;?>');
1081			$('#act').val('delprivid');
1082			$('form').submit();
1083			}
1084			});
1085	64c31615	Stephen Beaver
1086	53c38ff1	Stephen Beaver	$('#expires').datepicker();
1087	98402844	Stephen Beaver
1088	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1089
1090			hideClass('cert-options', true);
1091			//hideInput('authorizedkeys', true);
1092	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
1093	8bab524e	Phil Davis	setcustomoptions();
1094	7411c285	Stephen Beaver
1095			// On submit mark all the user's groups as "selected"
1096	d61309a0	Phil Davis	$('form').submit(function() {
1097	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
1098			});
1099	f5c9c0c7	Steve Beaver
1100	7411c285	Stephen Beaver	});
1101			//]]>
1102			</script>
1103			<?php
1104	bb1b5c6f	heper	include('foot.inc');
1105	d6b79c39	Phil Davis	?>

Project

General

Profile

pfSense