/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 8150bd51

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	c5d81585	Renato Botelho	* system_usermanager.php
4	7d2e572f	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	81299b5c	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			* All rights reserved.
10	191cb31d	Stephen Beaver	*
11	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	7d2e572f	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
16			* you may not use this file except in compliance with the License.
17			* You may obtain a copy of the License at
18	7d2e572f	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
20	7d2e572f	Stephen Beaver	*
21	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
22			* distributed under the License is distributed on an "AS IS" BASIS,
23			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24			* See the License for the specific language governing permissions and
25			* limitations under the License.
26	7d2e572f	Stephen Beaver	*/
27	fab7ff44	Bill Marquette
28	6b07c15a	Matthew Grooms	##\|+PRIV
29			##\|*IDENT=page-system-usermanager
30	5230f468	jim-p	##\|*NAME=System: User Manager
31	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
32	57188e47	Phil Davis	##\|*WARN=standard-warning-root
33	6b07c15a	Matthew Grooms	##\|MATCH=system_usermanager.php
34			##\|-PRIV
35
36	c81ef6e2	Phil Davis	require_once("certs.inc");
37			require_once("guiconfig.inc");
38	43e07671	doktornotor	require_once("pfsense-utils.inc");
39	fab7ff44	Bill Marquette
40	e33be77c	Ermal	// start admin user code
41	4611e283	Steve Beaver	if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) {
42			$id = $_REQUEST['userid'];
43	73fa304b	Phil Davis	}
44	1df17ba9	Scott Ullrich
45	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
46	e33be77c	Ermal	$config['system']['user'] = array();
47	73fa304b	Phil Davis	}
48	1df17ba9	Scott Ullrich
49	e33be77c	Ermal	$a_user = &$config['system']['user'];
50	4611e283	Steve Beaver	$act = $_REQUEST['act'];
51	45ee90ed	Matthew Grooms
52	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
53	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
54	73fa304b	Phil Davis	} else {
55	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
56	73fa304b	Phil Davis	}
57	7c2d0050	Renato Botelho
58	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
59			$pconfig['usernamefld'] = $a_user[$id]['name'];
60			$pconfig['descr'] = $a_user[$id]['descr'];
61			$pconfig['expires'] = $a_user[$id]['expires'];
62	8bab524e	Phil Davis	$pconfig['customsettings'] = isset($a_user[$id]['customsettings']);
63			$pconfig['webguicss'] = $a_user[$id]['webguicss'];
64			$pconfig['webguifixedmenu'] = $a_user[$id]['webguifixedmenu'];
65			$pconfig['webguihostnamemenu'] = $a_user[$id]['webguihostnamemenu'];
66			$pconfig['dashboardcolumns'] = $a_user[$id]['dashboardcolumns'];
67	1d3510cf	Phil Davis	$pconfig['interfacessort'] = isset($a_user[$id]['interfacessort']);
68	8bab524e	Phil Davis	$pconfig['dashboardavailablewidgetspanel'] = isset($a_user[$id]['dashboardavailablewidgetspanel']);
69			$pconfig['systemlogsfilterpanel'] = isset($a_user[$id]['systemlogsfilterpanel']);
70			$pconfig['systemlogsmanagelogpanel'] = isset($a_user[$id]['systemlogsmanagelogpanel']);
71			$pconfig['statusmonitoringsettingspanel'] = isset($a_user[$id]['statusmonitoringsettingspanel']);
72			$pconfig['webguileftcolumnhyper'] = isset($a_user[$id]['webguileftcolumnhyper']);
73	d9058974	Phil Davis	$pconfig['disablealiaspopupdetail'] = isset($a_user[$id]['disablealiaspopupdetail']);
74	8bab524e	Phil Davis	$pconfig['pagenamefirst'] = isset($a_user[$id]['pagenamefirst']);
75	adacdf5f	jim-p	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
76			$pconfig['utype'] = $a_user[$id]['scope'];
77			$pconfig['uid'] = $a_user[$id]['uid'];
78			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
79			$pconfig['priv'] = $a_user[$id]['priv'];
80			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
81			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
82			}
83
84	f5c9c0c7	Steve Beaver	if ($_POST['act'] == "deluser") {
85	45ee90ed	Matthew Grooms
86	f5c9c0c7	Steve Beaver	if (!isset($_POST['username']) \|\| !isset($a_user[$id]) \|\| ($_POST['username'] != $a_user[$id]['name'])) {
87	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
88			exit;
89	6b07c15a	Matthew Grooms	}
90
91	f5c9c0c7	Steve Beaver	if ($_POST['username'] == $_SESSION['Username']) {
92			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_POST['username']);
93	d6b79c39	Phil Davis	} else {
94			local_user_del($a_user[$id]);
95			$userdeleted = $a_user[$id]['name'];
96			unset($a_user[$id]);
97			write_config();
98			$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
99			}
100	f5c9c0c7	Steve Beaver
101	d61309a0	Phil Davis	} else if ($act == "new") {
102	e33be77c	Ermal	/*
103			* set this value cause the text field is read only
104			* and the user should not be able to mess with this
105			* setting.
106			*/
107			$pconfig['utype'] = "user";
108			$pconfig['lifetime'] = 3650;
109	fc1913fe	jim-p
110			$nonPrvCas = array();
111			if (is_array($config['ca']) && count($config['ca']) > 0) {
112			foreach ($config['ca'] as $ca) {
113			if (!$ca['prv']) {
114			continue;
115			}
116
117			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
118			}
119			}
120
121	e33be77c	Ermal	}
122	45ee90ed	Matthew Grooms
123	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
124	4e21c82e	bruno
125			$del_users = $_POST['delete_check'];
126	d6b79c39	Phil Davis	$deleted_users = "";
127			$deleted_count = 0;
128			$comma = "";
129	4e21c82e	bruno
130	73fa304b	Phil Davis	if (!empty($del_users)) {
131			foreach ($del_users as $userid) {
132	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
133	d6b79c39	Phil Davis	if ($a_user[$userid]['name'] == $_SESSION['Username']) {
134			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $a_user[$userid]['name']);
135			} else {
136			$deleted_users = $deleted_users . $comma . $a_user[$userid]['name'];
137			$comma = ", ";
138			$deleted_count++;
139			local_user_del($a_user[$userid]);
140			unset($a_user[$userid]);
141			}
142			} else {
143			$delete_errors[] = sprintf(gettext("Cannot delete user %s because it is a system user."), $a_user[$userid]['name']);
144	4e21c82e	bruno	}
145			}
146	d6b79c39	Phil Davis
147			if ($deleted_count > 0) {
148			if ($deleted_count == 1) {
149			$savemsg = sprintf(gettext("User %s successfully deleted."), $deleted_users);
150			} else {
151			$savemsg = sprintf(gettext("Users %s successfully deleted."), $deleted_users);
152			}
153			write_config($savemsg);
154			}
155	4e21c82e	bruno	}
156			}
157
158	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
159
160			if (!$a_user[$id]) {
161			pfSenseHeader("system_usermanager.php");
162			exit;
163			}
164
165			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
166			$certdeleted = $certdeleted['descr'];
167			unset($a_user[$id]['cert'][$_POST['certid']]);
168			write_config();
169			$_POST['act'] = "edit";
170	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
171	98402844	Stephen Beaver	}
172	64c31615	Stephen Beaver
173	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
174			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
175			unset($a_user[$id]['priv'][$_POST['privid']]);
176			local_user_set($a_user[$id]);
177			write_config();
178			$_POST['act'] = "edit";
179	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
180	4c879f95	heper	}
181	98402844	Stephen Beaver
182	1a6769a6	Renato Botelho	if ($_POST['save']) {
183	e33be77c	Ermal	unset($input_errors);
184			$pconfig = $_POST;
185	45ee90ed	Matthew Grooms
186	e33be77c	Ermal	/* input validation */
187			if (isset($id) && ($a_user[$id])) {
188			$reqdfields = explode(" ", "usernamefld");
189			$reqdfieldsn = array(gettext("Username"));
190			} else {
191			if (empty($_POST['name'])) {
192			$reqdfields = explode(" ", "usernamefld passwordfld1");
193			$reqdfieldsn = array(
194			gettext("Username"),
195			gettext("Password"));
196	45ee90ed	Matthew Grooms	} else {
197	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
198			$reqdfieldsn = array(
199			gettext("Username"),
200			gettext("Password"),
201			gettext("Descriptive name"),
202			gettext("Certificate authority"),
203			gettext("Key length"),
204			gettext("Lifetime"));
205	45ee90ed	Matthew Grooms	}
206	e33be77c	Ermal	}
207	45ee90ed	Matthew Grooms
208	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
209	45ee90ed	Matthew Grooms
210	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
211	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
212	73fa304b	Phil Davis	}
213	45ee90ed	Matthew Grooms
214	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
215	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
216	73fa304b	Phil Davis	}
217	94d455da	jim-p
218	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
219	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
220	73fa304b	Phil Davis	}
221	45ee90ed	Matthew Grooms
222	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
223	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
224	73fa304b	Phil Davis	}
225	123d8700	Renato Botelho
226	e63321a5	jim-p	/* Check the POSTed groups to ensure they are valid and exist */
227	9d3e8723	Phil Davis	if (is_array($_POST['groups'])) {
228	9f472202	NewEraCracker	foreach ($_POST['groups'] as $newgroup) {
229			if (empty(getGroupEntry($newgroup))) {
230			$input_errors[] = gettext("One or more invalid groups was submitted.");
231			}
232	e63321a5	jim-p	}
233			}
234
235	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
236	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
237	73fa304b	Phil Davis	} else {
238	e33be77c	Ermal	$oldusername = "";
239	73fa304b	Phil Davis	}
240	e33be77c	Ermal	/* make sure this user name is unique */
241			if (!$input_errors) {
242			foreach ($a_user as $userent) {
243			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
244			$input_errors[] = gettext("Another entry with the same username already exists.");
245			break;
246	58664cc9	Scott Ullrich	}
247	3dec33d4	Erik Fonnesbeck	}
248	e33be77c	Ermal	}
249			/* also make sure it is not reserved */
250			if (!$input_errors) {
251			$system_users = explode("\n", file_get_contents("/etc/passwd"));
252			foreach ($system_users as $s_user) {
253			$ent = explode(":", $s_user);
254			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
255			$input_errors[] = gettext("That username is reserved by the system.");
256			break;
257	8339ab6d	jim-p	}
258	7e4a4513	Scott Ullrich	}
259	e33be77c	Ermal	}
260	1df17ba9	Scott Ullrich
261	e33be77c	Ermal	/*
262	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
263	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
264	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
265			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
266			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
267	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
268	e33be77c	Ermal	*/
269	73fa304b	Phil Davis	if ($_POST['expires']) {
270	4d148b59	Yehuda Katz	try {
271			$expdate = new DateTime($_POST['expires']);
272			//convert from any DateTime compatible date to MM/DD/YYYY
273			$_POST['expires'] = $expdate->format("m/d/Y");
274	73fa304b	Phil Davis	} catch (Exception $ex) {
275	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
276	0092b3bd	mgrooms	}
277	e33be77c	Ermal	}
278	0092b3bd	mgrooms
279	e33be77c	Ermal	if (!empty($_POST['name'])) {
280			$ca = lookup_ca($_POST['caref']);
281	73fa304b	Phil Davis	if (!$ca) {
282	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
283	73fa304b	Phil Davis	}
284	e33be77c	Ermal	}
285	c9794c06	Ermal
286	e33be77c	Ermal	if (!$input_errors) {
287	4ee51131	Sjon Hortensius
288	e33be77c	Ermal	$userent = array();
289	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
290	e33be77c	Ermal	$userent = $a_user[$id];
291	73fa304b	Phil Davis	}
292	e879fc81	Ermal
293	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
294
295			/* the user name was modified */
296	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
297	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
298	fdcf104c	jim-p	local_user_del($userent);
299			}
300	1df17ba9	Scott Ullrich
301	e30050b6	Phil Davis	/* the user password was modified */
302	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
303	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
304	73fa304b	Phil Davis	}
305	1df17ba9	Scott Ullrich
306	5cde9005	NewEraCracker	/* only change description if sent */
307			if (isset($_POST['descr'])) {
308			$userent['descr'] = $_POST['descr'];
309			}
310
311	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
312			$userent['expires'] = $_POST['expires'];
313	8bab524e	Phil Davis	$userent['dashboardcolumns'] = $_POST['dashboardcolumns'];
314	e33be77c	Ermal	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
315			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
316	3ccb9689	Charlie Marshall
317	73fa304b	Phil Davis	if ($_POST['disabled']) {
318	e33be77c	Ermal	$userent['disabled'] = true;
319	73fa304b	Phil Davis	} else {
320	e33be77c	Ermal	unset($userent['disabled']);
321	73fa304b	Phil Davis	}
322	e33be77c	Ermal
323	8bab524e	Phil Davis	if ($_POST['customsettings']) {
324			$userent['customsettings'] = true;
325			} else {
326			unset($userent['customsettings']);
327			}
328
329			if ($_POST['webguicss']) {
330			$userent['webguicss'] = $_POST['webguicss'];
331			} else {
332			unset($userent['webguicss']);
333			}
334
335			if ($_POST['webguifixedmenu']) {
336			$userent['webguifixedmenu'] = $_POST['webguifixedmenu'];
337			} else {
338			unset($userent['webguifixedmenu']);
339			}
340
341			if ($_POST['webguihostnamemenu']) {
342			$userent['webguihostnamemenu'] = $_POST['webguihostnamemenu'];
343			} else {
344			unset($userent['webguihostnamemenu']);
345			}
346
347	1d3510cf	Phil Davis	if ($_POST['interfacessort']) {
348			$userent['interfacessort'] = true;
349			} else {
350			unset($userent['interfacessort']);
351			}
352
353	8bab524e	Phil Davis	if ($_POST['dashboardavailablewidgetspanel']) {
354			$userent['dashboardavailablewidgetspanel'] = true;
355			} else {
356			unset($userent['dashboardavailablewidgetspanel']);
357			}
358
359			if ($_POST['systemlogsfilterpanel']) {
360			$userent['systemlogsfilterpanel'] = true;
361			} else {
362			unset($userent['systemlogsfilterpanel']);
363			}
364
365			if ($_POST['systemlogsmanagelogpanel']) {
366			$userent['systemlogsmanagelogpanel'] = true;
367			} else {
368			unset($userent['systemlogsmanagelogpanel']);
369			}
370
371			if ($_POST['statusmonitoringsettingspanel']) {
372			$userent['statusmonitoringsettingspanel'] = true;
373			} else {
374			unset($userent['statusmonitoringsettingspanel']);
375			}
376
377			if ($_POST['webguileftcolumnhyper']) {
378			$userent['webguileftcolumnhyper'] = true;
379			} else {
380			unset($userent['webguileftcolumnhyper']);
381			}
382
383	d9058974	Phil Davis	if ($_POST['disablealiaspopupdetail']) {
384			$userent['disablealiaspopupdetail'] = true;
385			} else {
386			unset($userent['disablealiaspopupdetail']);
387			}
388
389	8bab524e	Phil Davis	if ($_POST['pagenamefirst']) {
390			$userent['pagenamefirst'] = true;
391			} else {
392			unset($userent['pagenamefirst']);
393			}
394
395	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
396	e33be77c	Ermal	$a_user[$id] = $userent;
397	73fa304b	Phil Davis	} else {
398	e33be77c	Ermal	if (!empty($_POST['name'])) {
399			$cert = array();
400			$cert['refid'] = uniqid();
401	4c291f4c	Renato Botelho	$userent['cert'] = array();
402	e33be77c	Ermal
403			$cert['descr'] = $_POST['name'];
404
405	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
406	e33be77c	Ermal
407	4c291f4c	Renato Botelho	$dn = array(
408			'countryName' => $subject[0]['v'],
409			'stateOrProvinceName' => $subject[1]['v'],
410			'localityName' => $subject[2]['v'],
411			'organizationName' => $subject[3]['v'],
412			'emailAddress' => $subject[4]['v'],
413			'commonName' => $userent['name']);
414	b767fe6c	jim-p	$altnames_tmp = array(cert_add_altname_type($userent['name']));
415			if (!empty($altnames_tmp)) {
416			$dn['subjectAltName'] = implode(",", $altnames_tmp);
417			}
418	e33be77c	Ermal
419			cert_create($cert, $_POST['caref'], $_POST['keylen'],
420			(int)$_POST['lifetime'], $dn);
421
422	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
423	e33be77c	Ermal	$config['cert'] = array();
424	73fa304b	Phil Davis	}
425	e33be77c	Ermal	$config['cert'][] = $cert;
426			$userent['cert'][] = $cert['refid'];
427			}
428			$userent['uid'] = $config['system']['nextuid']++;
429			/* Add the user to All Users group. */
430			foreach ($config['system']['group'] as $gidx => $group) {
431			if ($group['name'] == "all") {
432	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
433	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
434	73fa304b	Phil Davis	}
435	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
436			break;
437			}
438			}
439	970db70b	Scott Ullrich
440	e33be77c	Ermal	$a_user[] = $userent;
441	45ee90ed	Matthew Grooms	}
442	e33be77c	Ermal
443	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
444	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
445	e33be77c	Ermal	local_user_set($userent);
446	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
447	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
448	e33be77c	Ermal	write_config();
449
450	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
451	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
452	73fa304b	Phil Davis	}
453	e33be77c	Ermal
454	3ccb9689	Charlie Marshall
455	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
456	45ee90ed	Matthew Grooms	}
457	e33be77c	Ermal	}
458	fab7ff44	Bill Marquette
459	7411c285	Stephen Beaver	function build_priv_table() {
460			global $a_user, $id;
461
462			$privhtml = '<div class="table-responsive">';
463			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
464			$privhtml .= '<thead>';
465	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
466			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
467			$privhtml .= '<th>' . gettext('Name') . '</th>';
468			$privhtml .= '<th>' . gettext('Description') . '</th>';
469	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
470	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
471	7411c285	Stephen Beaver	$privhtml .= '</thead>';
472			$privhtml .= '<tbody>';
473
474	945204b1	Stephen Beaver	$i = 0;
475	57188e47	Phil Davis	$user_has_root_priv = false;
476	945204b1	Stephen Beaver
477			foreach (get_user_privdesc($a_user[$id]) as $priv) {
478			$group = false;
479			if ($priv['group']) {
480			$group = $priv['group'];
481			}
482
483	7411c285	Stephen Beaver	$privhtml .= '<tr>';
484			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
485			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
486	57188e47	Phil Davis	$privhtml .= '<td>' . htmlspecialchars($priv['descr']);
487			if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
488	21312954	Phil Davis	$privhtml .= ' ' . gettext('(admin privilege)');
489	57188e47	Phil Davis	$user_has_root_priv = true;
490			}
491			$privhtml .= '</td>';
492	945204b1	Stephen Beaver	$privhtml .= '<td>';
493	d61309a0	Phil Davis	if (!$group) {
494	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
495	d61309a0	Phil Davis	}
496	945204b1	Stephen Beaver
497			$privhtml .= '</td>';
498	7411c285	Stephen Beaver	$privhtml .= '</tr>';
499	945204b1	Stephen Beaver
500	d61309a0	Phil Davis	if (!$group) {
501	945204b1	Stephen Beaver	$i++;
502	d61309a0	Phil Davis	}
503	7411c285	Stephen Beaver	}
504
505	57188e47	Phil Davis	if ($user_has_root_priv) {
506			$privhtml .= '<tr>';
507			$privhtml .= '<td colspan="3">';
508	9187d6f7	Phil Davis	$privhtml .= '<b>' . gettext('Security notice: This user effectively has administrator-level access') . '</b>';
509	57188e47	Phil Davis	$privhtml .= '</td>';
510			$privhtml .= '<td>';
511			$privhtml .= '</td>';
512			$privhtml .= '</tr>';
513	f5c9c0c7	Steve Beaver
514	57188e47	Phil Davis	}
515
516	7411c285	Stephen Beaver	$privhtml .= '</tbody>';
517			$privhtml .= '</table>';
518			$privhtml .= '</div>';
519
520			$privhtml .= '<nav class="action-buttons">';
521	4611e283	Steve Beaver	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
522	7411c285	Stephen Beaver	$privhtml .= '</nav>';
523
524			return($privhtml);
525			}
526	98402844	Stephen Beaver
527	7411c285	Stephen Beaver	function build_cert_table() {
528			global $a_user, $id;
529
530			$certhtml = '<div class="table-responsive">';
531			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
532			$certhtml .= '<thead>';
533	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
534			$certhtml .= '<th>' . gettext('Name') . '</th>';
535			$certhtml .= '<th>' . gettext('CA') . '</th>';
536	98402844	Stephen Beaver	$certhtml .= '<th></th>';
537	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
538	7411c285	Stephen Beaver	$certhtml .= '</thead>';
539			$certhtml .= '<tbody>';
540
541			$a_cert = $a_user[$id]['cert'];
542			if (is_array($a_cert)) {
543			$i = 0;
544			foreach ($a_cert as $certref) {
545	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
546			$ca = lookup_ca($cert['caref']);
547			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
548
549	7411c285	Stephen Beaver	$certhtml .= '<tr>';
550	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
551	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
552	db676e5b	Stephen Beaver	$certhtml .= '<td>';
553	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
554	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
555	db676e5b	Stephen Beaver	$certhtml .= '</td>';
556	7411c285	Stephen Beaver	$certhtml .= '</tr>';
557	db676e5b	Stephen Beaver	$i++;
558	7411c285	Stephen Beaver	}
559	db676e5b	Stephen Beaver
560	7411c285	Stephen Beaver	}
561
562			$certhtml .= '</tbody>';
563			$certhtml .= '</table>';
564			$certhtml .= '</div>';
565
566			$certhtml .= '<nav class="action-buttons">';
567	4611e283	Steve Beaver	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
568	7411c285	Stephen Beaver	$certhtml .= '</nav>';
569
570			return($certhtml);
571			}
572
573	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
574	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_usermanager.php");
575	8f1ab2a4	k-paulius
576			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
577			$pgtitle[] = gettext('Edit');
578	edcd7535	Phil Davis	$pglinks[] = "@self";
579	8f1ab2a4	k-paulius	}
580	4611e283	Steve Beaver
581	e33be77c	Ermal	include("head.inc");
582	fab7ff44	Bill Marquette
583	d6b79c39	Phil Davis	if ($delete_errors) {
584			print_input_errors($delete_errors);
585			}
586
587	d61309a0	Phil Davis	if ($input_errors) {
588	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
589	d61309a0	Phil Davis	}
590	98402844	Stephen Beaver
591	d61309a0	Phil Davis	if ($savemsg) {
592	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
593	d61309a0	Phil Davis	}
594	4ee51131	Sjon Hortensius
595			$tab_array = array();
596			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
597			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
598			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
599	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
600	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
601
602	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
603	64600f94	Sjon Hortensius	?>
604	64c31615	Stephen Beaver	<form method="post">
605	060ed238	Stephen Beaver	<div class="panel panel-default">
606			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
607			<div class="panel-body">
608			<div class="table-responsive">
609	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
610	060ed238	Stephen Beaver	<thead>
611			<tr>
612			<th> </th>
613			<th><?=gettext("Username")?></th>
614			<th><?=gettext("Full name")?></th>
615	edd88334	NOYB	<th><?=gettext("Status")?></th>
616	060ed238	Stephen Beaver	<th><?=gettext("Groups")?></th>
617	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
618	060ed238	Stephen Beaver	</tr>
619			</thead>
620			<tbody>
621	a0165602	Sjon Hortensius	<?php
622	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
623	a0165602	Sjon Hortensius	?>
624	060ed238	Stephen Beaver	<tr>
625			<td>
626	d6b79c39	Phil Davis	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=((($userent['scope'] == "system") \|\| ($userent['name'] == $_SESSION['Username'])) ? 'disabled' : '')?>/>
627	060ed238	Stephen Beaver	</td>
628			<td>
629	a0165602	Sjon Hortensius	<?php
630	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
631	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
632	d61309a0	Phil Davis	} else {
633	a0165602	Sjon Hortensius	$usrimg = 'user';
634	d61309a0	Phil Davis	}
635	a0165602	Sjon Hortensius	?>
636	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
637			<?=htmlspecialchars($userent['name'])?>
638			</td>
639			<td><?=htmlspecialchars($userent['descr'])?></td>
640	0fdbaca8	NOYB	<td><i class="fa fa-<?= (isset($userent['disabled'])) ? 'ban" title="' . gettext("Disabled") . '"' : 'check" title="' . gettext("Enabled") . '"' ; ?>><span style='display: none'><?= (isset($userent['disabled'])) ? gettext("Disabled") : gettext("Enabled") ; ?></span></i></td>
641	060ed238	Stephen Beaver	<td><?=implode(",", local_user_get_groups($userent))?></td>
642			<td>
643	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
644	d6b79c39	Phil Davis	<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?>
645	f5c9c0c7	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" usepost></a>
646	a0165602	Sjon Hortensius	<?php endif; ?>
647	060ed238	Stephen Beaver	</td>
648			</tr>
649	a0165602	Sjon Hortensius	<?php endforeach; ?>
650	060ed238	Stephen Beaver	</tbody>
651			</table>
652			</div>
653			</div>
654	94404d94	Sander van Leeuwen	</div>
655	c10cb196	Stephen Beaver	<nav class="action-buttons">
656	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-sm btn-success">
657	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
658	b921ab63	Stephen Beaver	<?=gettext("Add")?>
659			</a>
660	64c31615	Stephen Beaver
661			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
662			<i class="fa fa-trash icon-embed-btn"></i>
663			<?=gettext("Delete")?>
664			</button>
665	f5c9c0c7	Steve Beaver
666	94404d94	Sander van Leeuwen	</nav>
667	d825dfea	NOYB	</form>
668	3c3ede28	Stephen Beaver	<div class="infoblock">
669	a0165602	Sjon Hortensius	<?php
670	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
671			"the webConfigurator can be assigned directly or inherited from group memberships. " .
672			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
673			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
674			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
675			);
676	f5c9c0c7	Steve Beaver
677	d3f59a8c	Steve Beaver	?></div>
678
679	f5c9c0c7	Steve Beaver	<?php
680	a0165602	Sjon Hortensius	include("foot.inc");
681			exit;
682			}
683	4ee51131	Sjon Hortensius
684			$form = new Form;
685
686	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
687	4ee51131	Sjon Hortensius
688	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
689			'act',
690			null,
691			'hidden',
692			''
693			));
694	4ee51131	Sjon Hortensius
695	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
696			'userid',
697			null,
698			'hidden',
699			isset($id) ? $id:''
700			));
701	4ee51131	Sjon Hortensius
702	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
703			'privid',
704			null,
705			'hidden',
706			''
707			));
708	4ee51131	Sjon Hortensius
709	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
710			'certid',
711			null,
712			'hidden',
713			''
714			));
715	4ee51131	Sjon Hortensius
716	7411c285	Stephen Beaver	$ro = "";
717			if ($pconfig['utype'] == "system") {
718	c4b60a9a	Colin Fleming	$ro = "readonly";
719	7411c285	Stephen Beaver	}
720	4ee51131	Sjon Hortensius
721	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
722	4ee51131	Sjon Hortensius
723	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
724			'Defined by',
725			strtoupper($pconfig['utype'])
726			));
727	4ee51131	Sjon Hortensius
728	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
729			'utype',
730			null,
731			'hidden',
732			$pconfig['utype']
733			));
734	4ee51131	Sjon Hortensius
735	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
736			'disabled',
737			'Disabled',
738			'This user cannot login',
739			$pconfig['disabled']
740			));
741	6b07c15a	Matthew Grooms
742	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
743			'usernamefld',
744	153c3aa6	Phil Davis	'*Username',
745	7411c285	Stephen Beaver	'text',
746			$pconfig['usernamefld']
747			));
748	61dec0b0	Renato Botelho
749	d61309a0	Phil Davis	if ($ro) {
750	1fe9cc38	Stephen Beaver	$input->setReadonly();
751	d61309a0	Phil Davis	}
752	7411c285	Stephen Beaver
753			$form->addGlobal(new Form_Input(
754			'oldusername',
755	4ee51131	Sjon Hortensius	null,
756	7411c285	Stephen Beaver	'hidden',
757			$pconfig['usernamefld']
758	4ee51131	Sjon Hortensius	));
759	6b07c15a	Matthew Grooms
760	153c3aa6	Phil Davis	if ($act == "edit") {
761			$pwd_required = "";
762			} else {
763			$pwd_required = "*";
764			}
765
766			$group = new Form_Group($pwd_required . 'Password');
767	7411c285	Stephen Beaver	$group->add(new Form_Input(
768			'passwordfld1',
769			'Password',
770			'password'
771			));
772			$group->add(new Form_Input(
773			'passwordfld2',
774			'Confirm Password',
775			'password'
776			));
777
778			$section->add($group);
779
780			$section->addInput($input = new Form_Input(
781			'descr',
782			'Full name',
783			'text',
784			htmlspecialchars($pconfig['descr'])
785	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
786	7411c285	Stephen Beaver
787	d61309a0	Phil Davis	if ($ro) {
788	7411c285	Stephen Beaver	$input->setDisabled();
789	d61309a0	Phil Davis	}
790	7411c285	Stephen Beaver
791			$section->addInput(new Form_Input(
792			'expires',
793			'Expiration date',
794	d78dbc34	Stephen Beaver	'text',
795	7411c285	Stephen Beaver	$pconfig['expires']
796			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
797	98b87cfa	Jonathon Anderson	'the expiration date as MM/DD/YYYY');
798	7411c285	Stephen Beaver
799	8bab524e	Phil Davis	$section->addInput(new Form_Checkbox(
800			'customsettings',
801			'Custom Settings',
802			'Use individual customized GUI options and dashboard layout for this user.',
803			$pconfig['customsettings']
804			));
805
806			gen_user_settings_fields($section, $pconfig);
807
808	7411c285	Stephen Beaver	// ==== Group membership ==================================================
809			$group = new Form_Group('Group membership');
810
811	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
812	7411c285	Stephen Beaver	// those which this user is a member of
813			$systemGroups = array();
814			$usersGroups = array();
815
816			$usergid = [$pconfig['usernamefld']];
817
818			foreach ($config['system']['group'] as $Ggroup) {
819	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
820			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
821	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
822	d61309a0	Phil Davis	} else {
823	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
824	d61309a0	Phil Davis	}
825	b4333696	Stephen Beaver	}
826	7411c285	Stephen Beaver	}
827
828			$group->add(new Form_Select(
829			'sysgroups',
830			null,
831			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
832			$systemGroups,
833			true
834	953385a3	heper	))->setHelp('Not member of');
835	6b07c15a	Matthew Grooms
836	7411c285	Stephen Beaver	$group->add(new Form_Select(
837			'groups',
838			null,
839			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
840			$usersGroups,
841			true
842	953385a3	heper	))->setHelp('Member of');
843	7411c285	Stephen Beaver
844			$section->add($group);
845
846			$group = new Form_Group('');
847
848			$group->add(new Form_Button(
849			'movetoenabled',
850	faab522f	Renato Botelho	'Move to "Member of" list',
851	37676f4e	jim-p	null,
852			'fa-angle-double-right'
853	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
854	7411c285	Stephen Beaver
855			$group->add(new Form_Button(
856			'movetodisabled',
857	faab522f	Renato Botelho	'Move to "Not member of" list',
858	37676f4e	jim-p	null,
859			'fa-angle-double-left'
860	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
861	4ee51131	Sjon Hortensius
862	e4c7d45f	NewEraCracker	$group->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
863	7411c285	Stephen Beaver	$section->add($group);
864	4ee51131	Sjon Hortensius
865	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
866	d61309a0	Phil Davis	if ($act == 'new') {
867	fc1913fe	jim-p	if (count($nonPrvCas) > 0) {
868			$section->addInput(new Form_Checkbox(
869			'showcert',
870			'Certificate',
871			'Click to create a user certificate',
872			false
873			));
874			} else {
875			$section->addInput(new Form_StaticText(
876			'Certificate',
877			gettext('No private CAs found. A private CA is required to create a new user certificate. ' .
878			'Save the user first to import an external certificate.')
879			));
880			}
881	6b07c15a	Matthew Grooms	}
882
883	7411c285	Stephen Beaver	$form->add($section);
884	6b07c15a	Matthew Grooms
885	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
886			if (isset($pconfig['uid'])) {
887			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
888			// is the best way to make the display we need.
889	6b07c15a	Matthew Grooms
890	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
891	4ee51131	Sjon Hortensius
892	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
893			null,
894			build_priv_table()
895			));
896	4ee51131	Sjon Hortensius
897	7411c285	Stephen Beaver	$form->add($section);
898	4ee51131	Sjon Hortensius
899	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
900	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
901	7411c285	Stephen Beaver
902			$section->addInput(new Form_StaticText(
903			null,
904			build_cert_table()
905			));
906	64600f94	Sjon Hortensius
907			$form->add($section);
908	c9794c06	Ermal	}
909	7411c285	Stephen Beaver
910	f14ff867	Phil Davis	// ==== Add user certificate for a new user
911			if (is_array($config['ca']) && count($config['ca']) > 0) {
912	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
913	f14ff867	Phil Davis	$section->addClass('cert-options');
914	c9794c06	Ermal
915	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
916			$section->addInput(new Form_Input(
917			'name',
918			'Descriptive name',
919			'text',
920			$pconfig['name']
921			));
922	7411c285	Stephen Beaver
923	f14ff867	Phil Davis	$section->addInput(new Form_Select(
924			'caref',
925			'Certificate authority',
926			null,
927			$nonPrvCas
928			));
929	7411c285	Stephen Beaver
930	f14ff867	Phil Davis	$section->addInput(new Form_Select(
931			'keylen',
932			'Key length',
933			2048,
934			array(
935			512 => '512 bits',
936			1024 => '1024 bits',
937	16897690	jim-p	2048 => '2048 bits',
938	d5018c6a	stilez	3072 => '3072 bits',
939	f14ff867	Phil Davis	4096 => '4096 bits',
940	d5018c6a	stilez	7680 => '7680 bits',
941			8192 => '8192 bits',
942			15360 => '15360 bits',
943			16384 => '16384 bits'
944	f14ff867	Phil Davis	)
945	4dd437e4	Phil Davis	))->setHelp('The larger the key, the more security it offers, but larger keys take considerably more time to generate, ' .
946			'and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). ' .
947			'As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. ' .
948			'For more information see %1$s.', '<a href="https://keylength.com">keylength.com</a>');
949	7411c285	Stephen Beaver
950	f14ff867	Phil Davis	$section->addInput(new Form_Input(
951			'lifetime',
952			'Lifetime',
953			'number',
954			$pconfig['lifetime']
955			));
956	7411c285	Stephen Beaver	}
957
958	f14ff867	Phil Davis	$form->add($section);
959			}
960
961	7411c285	Stephen Beaver	endif;
962			// ==== Paste a key for the new user
963	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
964
965	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
966			'showkey',
967			'Authorized keys',
968			'Click to paste an authorized key',
969			false
970			));
971
972	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
973			'authorizedkeys',
974	d1e73829	Stephen Beaver	'Authorized SSH Keys',
975	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
976	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
977	4ee51131	Sjon Hortensius
978	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
979	4ee51131	Sjon Hortensius	'ipsecpsk',
980			'IPsec Pre-Shared Key',
981			'text',
982			$pconfig['ipsecpsk']
983			));
984
985			$form->add($section);
986	7411c285	Stephen Beaver
987	a0165602	Sjon Hortensius	print $form;
988	8bab524e	Phil Davis
989			$csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />");
990	7411c285	Stephen Beaver	?>
991	8fd9052f	Colin Fleming	<script type="text/javascript">
992	7411c285	Stephen Beaver	//<![CDATA[
993	d61309a0	Phil Davis	events.push(function() {
994	7411c285	Stephen Beaver
995	8bab524e	Phil Davis	function setcustomoptions() {
996			var adv = $('#customsettings').prop('checked');
997
998			hideInput('webguicss', !adv);
999			hideInput('webguifixedmenu', !adv);
1000			hideInput('webguihostnamemenu', !adv);
1001			hideInput('dashboardcolumns', !adv);
1002	1d3510cf	Phil Davis	hideCheckbox('interfacessort', !adv);
1003	8bab524e	Phil Davis	hideCheckbox('dashboardavailablewidgetspanel', !adv);
1004			hideCheckbox('systemlogsfilterpanel', !adv);
1005			hideCheckbox('systemlogsmanagelogpanel', !adv);
1006			hideCheckbox('statusmonitoringsettingspanel', !adv);
1007			hideCheckbox('webguileftcolumnhyper', !adv);
1008	d9058974	Phil Davis	hideCheckbox('disablealiaspopupdetail', !adv);
1009	8bab524e	Phil Davis	hideCheckbox('pagenamefirst', !adv);
1010			}
1011
1012			// Handle displaying a warning message if a user-created theme is selected.
1013			function setThemeWarning() {
1014			if ($('#webguicss').val().startsWith("pfSense")) {
1015			$('#csstxt').html("").addClass("text-default");
1016			} else {
1017			$('#csstxt').html("<?=$csswarning?>").addClass("text-danger");
1018			}
1019			}
1020
1021			$('#webguicss').change(function() {
1022			setThemeWarning();
1023			});
1024
1025			setThemeWarning();
1026
1027	7411c285	Stephen Beaver	// On click . .
1028	8bab524e	Phil Davis	$('#customsettings').click(function () {
1029			setcustomoptions();
1030			});
1031
1032	7411c285	Stephen Beaver	$("#movetodisabled").click(function() {
1033			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
1034			});
1035
1036			$("#movetoenabled").click(function() {
1037			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
1038			});
1039
1040			$("#showcert").click(function() {
1041			hideClass('cert-options', !this.checked);
1042			});
1043
1044			$("#showkey").click(function() {
1045	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
1046			hideCheckbox('showkey', true);
1047	7411c285	Stephen Beaver	});
1048
1049	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
1050	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1051	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
1052			$('#userid').val('<?=$id;?>');
1053			$('#act').val('delcert');
1054			$('form').submit();
1055			}
1056			});
1057	945204b1	Stephen Beaver
1058	408d0882	heper	$('[id^=delprivid]').click(function(event) {
1059	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1060	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
1061	408d0882	heper	$('#userid').val('<?=$id;?>');
1062			$('#act').val('delprivid');
1063			$('form').submit();
1064			}
1065			});
1066	64c31615	Stephen Beaver
1067	53c38ff1	Stephen Beaver	$('#expires').datepicker();
1068	98402844	Stephen Beaver
1069	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1070
1071			hideClass('cert-options', true);
1072			//hideInput('authorizedkeys', true);
1073	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
1074	8bab524e	Phil Davis	setcustomoptions();
1075	7411c285	Stephen Beaver
1076			// On submit mark all the user's groups as "selected"
1077	d61309a0	Phil Davis	$('form').submit(function() {
1078	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
1079			});
1080	f5c9c0c7	Steve Beaver
1081	7411c285	Stephen Beaver	});
1082			//]]>
1083			</script>
1084			<?php
1085	bb1b5c6f	heper	include('foot.inc');
1086	d6b79c39	Phil Davis	?>

Project

General

Profile

pfSense