/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 87489e5c

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	c5d81585	Renato Botelho	* system_usermanager.php
4	7d2e572f	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	b8f91b7c	Luiz Souza	* Copyright (c) 2004-2018 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			* All rights reserved.
10	191cb31d	Stephen Beaver	*
11	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	7d2e572f	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
16			* you may not use this file except in compliance with the License.
17			* You may obtain a copy of the License at
18	7d2e572f	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
20	7d2e572f	Stephen Beaver	*
21	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
22			* distributed under the License is distributed on an "AS IS" BASIS,
23			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24			* See the License for the specific language governing permissions and
25			* limitations under the License.
26	7d2e572f	Stephen Beaver	*/
27	fab7ff44	Bill Marquette
28	6b07c15a	Matthew Grooms	##\|+PRIV
29			##\|*IDENT=page-system-usermanager
30	5230f468	jim-p	##\|*NAME=System: User Manager
31	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
32	57188e47	Phil Davis	##\|*WARN=standard-warning-root
33	6b07c15a	Matthew Grooms	##\|MATCH=system_usermanager.php
34			##\|-PRIV
35
36	c81ef6e2	Phil Davis	require_once("certs.inc");
37			require_once("guiconfig.inc");
38	43e07671	doktornotor	require_once("pfsense-utils.inc");
39	fab7ff44	Bill Marquette
40	e33be77c	Ermal	// start admin user code
41	4611e283	Steve Beaver	if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) {
42			$id = $_REQUEST['userid'];
43	73fa304b	Phil Davis	}
44	1df17ba9	Scott Ullrich
45	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
46	e33be77c	Ermal	$config['system']['user'] = array();
47	73fa304b	Phil Davis	}
48	1df17ba9	Scott Ullrich
49	e33be77c	Ermal	$a_user = &$config['system']['user'];
50	4611e283	Steve Beaver	$act = $_REQUEST['act'];
51	45ee90ed	Matthew Grooms
52	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
53	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
54	73fa304b	Phil Davis	} else {
55	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
56	73fa304b	Phil Davis	}
57	7c2d0050	Renato Botelho
58	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
59			$pconfig['usernamefld'] = $a_user[$id]['name'];
60			$pconfig['descr'] = $a_user[$id]['descr'];
61			$pconfig['expires'] = $a_user[$id]['expires'];
62	8bab524e	Phil Davis	$pconfig['customsettings'] = isset($a_user[$id]['customsettings']);
63			$pconfig['webguicss'] = $a_user[$id]['webguicss'];
64			$pconfig['webguifixedmenu'] = $a_user[$id]['webguifixedmenu'];
65			$pconfig['webguihostnamemenu'] = $a_user[$id]['webguihostnamemenu'];
66			$pconfig['dashboardcolumns'] = $a_user[$id]['dashboardcolumns'];
67	1d3510cf	Phil Davis	$pconfig['interfacessort'] = isset($a_user[$id]['interfacessort']);
68	8bab524e	Phil Davis	$pconfig['dashboardavailablewidgetspanel'] = isset($a_user[$id]['dashboardavailablewidgetspanel']);
69			$pconfig['systemlogsfilterpanel'] = isset($a_user[$id]['systemlogsfilterpanel']);
70			$pconfig['systemlogsmanagelogpanel'] = isset($a_user[$id]['systemlogsmanagelogpanel']);
71			$pconfig['statusmonitoringsettingspanel'] = isset($a_user[$id]['statusmonitoringsettingspanel']);
72			$pconfig['webguileftcolumnhyper'] = isset($a_user[$id]['webguileftcolumnhyper']);
73	d9058974	Phil Davis	$pconfig['disablealiaspopupdetail'] = isset($a_user[$id]['disablealiaspopupdetail']);
74	8bab524e	Phil Davis	$pconfig['pagenamefirst'] = isset($a_user[$id]['pagenamefirst']);
75	adacdf5f	jim-p	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
76			$pconfig['utype'] = $a_user[$id]['scope'];
77			$pconfig['uid'] = $a_user[$id]['uid'];
78			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
79			$pconfig['priv'] = $a_user[$id]['priv'];
80			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
81			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
82			}
83
84	f5c9c0c7	Steve Beaver	if ($_POST['act'] == "deluser") {
85	45ee90ed	Matthew Grooms
86	f5c9c0c7	Steve Beaver	if (!isset($_POST['username']) \|\| !isset($a_user[$id]) \|\| ($_POST['username'] != $a_user[$id]['name'])) {
87	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
88			exit;
89	6b07c15a	Matthew Grooms	}
90
91	f5c9c0c7	Steve Beaver	if ($_POST['username'] == $_SESSION['Username']) {
92			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_POST['username']);
93	d6b79c39	Phil Davis	} else {
94			local_user_del($a_user[$id]);
95			$userdeleted = $a_user[$id]['name'];
96			unset($a_user[$id]);
97	92c27793	jim-p	/* Reindex the array to avoid operating on an incorrect index https://redmine.pfsense.org/issues/7733 */
98			$a_user = array_values($a_user);
99	d6b79c39	Phil Davis	write_config();
100			$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
101			}
102	f5c9c0c7	Steve Beaver
103	d61309a0	Phil Davis	} else if ($act == "new") {
104	e33be77c	Ermal	/*
105			* set this value cause the text field is read only
106			* and the user should not be able to mess with this
107			* setting.
108			*/
109			$pconfig['utype'] = "user";
110			$pconfig['lifetime'] = 3650;
111	fc1913fe	jim-p
112			$nonPrvCas = array();
113			if (is_array($config['ca']) && count($config['ca']) > 0) {
114			foreach ($config['ca'] as $ca) {
115			if (!$ca['prv']) {
116			continue;
117			}
118
119			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
120			}
121			}
122
123	e33be77c	Ermal	}
124	45ee90ed	Matthew Grooms
125	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
126	4e21c82e	bruno
127			$del_users = $_POST['delete_check'];
128	d6b79c39	Phil Davis	$deleted_users = "";
129			$deleted_count = 0;
130			$comma = "";
131	4e21c82e	bruno
132	73fa304b	Phil Davis	if (!empty($del_users)) {
133			foreach ($del_users as $userid) {
134	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
135	d6b79c39	Phil Davis	if ($a_user[$userid]['name'] == $_SESSION['Username']) {
136			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $a_user[$userid]['name']);
137			} else {
138			$deleted_users = $deleted_users . $comma . $a_user[$userid]['name'];
139			$comma = ", ";
140			$deleted_count++;
141			local_user_del($a_user[$userid]);
142			unset($a_user[$userid]);
143			}
144			} else {
145			$delete_errors[] = sprintf(gettext("Cannot delete user %s because it is a system user."), $a_user[$userid]['name']);
146	4e21c82e	bruno	}
147			}
148	d6b79c39	Phil Davis
149			if ($deleted_count > 0) {
150			if ($deleted_count == 1) {
151			$savemsg = sprintf(gettext("User %s successfully deleted."), $deleted_users);
152			} else {
153			$savemsg = sprintf(gettext("Users %s successfully deleted."), $deleted_users);
154			}
155	92c27793	jim-p	/* Reindex the array to avoid operating on an incorrect index https://redmine.pfsense.org/issues/7733 */
156			$a_user = array_values($a_user);
157	d6b79c39	Phil Davis	write_config($savemsg);
158			}
159	4e21c82e	bruno	}
160			}
161
162	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
163
164			if (!$a_user[$id]) {
165			pfSenseHeader("system_usermanager.php");
166			exit;
167			}
168
169			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
170			$certdeleted = $certdeleted['descr'];
171			unset($a_user[$id]['cert'][$_POST['certid']]);
172			write_config();
173			$_POST['act'] = "edit";
174	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
175	98402844	Stephen Beaver	}
176	64c31615	Stephen Beaver
177	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
178			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
179			unset($a_user[$id]['priv'][$_POST['privid']]);
180			local_user_set($a_user[$id]);
181			write_config();
182			$_POST['act'] = "edit";
183	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
184	4c879f95	heper	}
185	98402844	Stephen Beaver
186	1a6769a6	Renato Botelho	if ($_POST['save']) {
187	e33be77c	Ermal	unset($input_errors);
188			$pconfig = $_POST;
189	45ee90ed	Matthew Grooms
190	e33be77c	Ermal	/* input validation */
191			if (isset($id) && ($a_user[$id])) {
192			$reqdfields = explode(" ", "usernamefld");
193			$reqdfieldsn = array(gettext("Username"));
194			} else {
195			if (empty($_POST['name'])) {
196			$reqdfields = explode(" ", "usernamefld passwordfld1");
197			$reqdfieldsn = array(
198			gettext("Username"),
199			gettext("Password"));
200	45ee90ed	Matthew Grooms	} else {
201	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
202			$reqdfieldsn = array(
203			gettext("Username"),
204			gettext("Password"),
205			gettext("Descriptive name"),
206			gettext("Certificate authority"),
207			gettext("Key length"),
208			gettext("Lifetime"));
209	45ee90ed	Matthew Grooms	}
210	e33be77c	Ermal	}
211	45ee90ed	Matthew Grooms
212	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
213	45ee90ed	Matthew Grooms
214	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
215	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
216	73fa304b	Phil Davis	}
217	45ee90ed	Matthew Grooms
218	a84fb545	Andrei Miu	if (strlen($_POST['usernamefld']) > 32) {
219			$input_errors[] = gettext("The username is longer than 32 characters.");
220	73fa304b	Phil Davis	}
221	94d455da	jim-p
222	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
223	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
224	73fa304b	Phil Davis	}
225	45ee90ed	Matthew Grooms
226	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
227	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
228	73fa304b	Phil Davis	}
229	123d8700	Renato Botelho
230	e63321a5	jim-p	/* Check the POSTed groups to ensure they are valid and exist */
231	9d3e8723	Phil Davis	if (is_array($_POST['groups'])) {
232	9f472202	NewEraCracker	foreach ($_POST['groups'] as $newgroup) {
233			if (empty(getGroupEntry($newgroup))) {
234			$input_errors[] = gettext("One or more invalid groups was submitted.");
235			}
236	e63321a5	jim-p	}
237			}
238
239	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
240	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
241	73fa304b	Phil Davis	} else {
242	e33be77c	Ermal	$oldusername = "";
243	73fa304b	Phil Davis	}
244	e33be77c	Ermal	/* make sure this user name is unique */
245			if (!$input_errors) {
246			foreach ($a_user as $userent) {
247			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
248			$input_errors[] = gettext("Another entry with the same username already exists.");
249			break;
250	58664cc9	Scott Ullrich	}
251	3dec33d4	Erik Fonnesbeck	}
252	e33be77c	Ermal	}
253			/* also make sure it is not reserved */
254			if (!$input_errors) {
255			$system_users = explode("\n", file_get_contents("/etc/passwd"));
256			foreach ($system_users as $s_user) {
257			$ent = explode(":", $s_user);
258			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
259			$input_errors[] = gettext("That username is reserved by the system.");
260			break;
261	8339ab6d	jim-p	}
262	7e4a4513	Scott Ullrich	}
263	e33be77c	Ermal	}
264	1df17ba9	Scott Ullrich
265	e33be77c	Ermal	/*
266	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
267	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
268	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
269			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
270			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
271	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
272	e33be77c	Ermal	*/
273	73fa304b	Phil Davis	if ($_POST['expires']) {
274	4d148b59	Yehuda Katz	try {
275			$expdate = new DateTime($_POST['expires']);
276			//convert from any DateTime compatible date to MM/DD/YYYY
277			$_POST['expires'] = $expdate->format("m/d/Y");
278	73fa304b	Phil Davis	} catch (Exception $ex) {
279	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
280	0092b3bd	mgrooms	}
281	e33be77c	Ermal	}
282	0092b3bd	mgrooms
283	e33be77c	Ermal	if (!empty($_POST['name'])) {
284			$ca = lookup_ca($_POST['caref']);
285	73fa304b	Phil Davis	if (!$ca) {
286	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
287	73fa304b	Phil Davis	}
288	e33be77c	Ermal	}
289	c9794c06	Ermal
290	e33be77c	Ermal	if (!$input_errors) {
291	4ee51131	Sjon Hortensius
292	e33be77c	Ermal	$userent = array();
293	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
294	e33be77c	Ermal	$userent = $a_user[$id];
295	73fa304b	Phil Davis	}
296	e879fc81	Ermal
297	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
298
299			/* the user name was modified */
300	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
301	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
302	fdcf104c	jim-p	local_user_del($userent);
303			}
304	1df17ba9	Scott Ullrich
305	e30050b6	Phil Davis	/* the user password was modified */
306	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
307	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
308	73fa304b	Phil Davis	}
309	1df17ba9	Scott Ullrich
310	5cde9005	NewEraCracker	/* only change description if sent */
311			if (isset($_POST['descr'])) {
312			$userent['descr'] = $_POST['descr'];
313			}
314
315	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
316			$userent['expires'] = $_POST['expires'];
317	8bab524e	Phil Davis	$userent['dashboardcolumns'] = $_POST['dashboardcolumns'];
318	e33be77c	Ermal	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
319			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
320	3ccb9689	Charlie Marshall
321	73fa304b	Phil Davis	if ($_POST['disabled']) {
322	e33be77c	Ermal	$userent['disabled'] = true;
323	73fa304b	Phil Davis	} else {
324	e33be77c	Ermal	unset($userent['disabled']);
325	73fa304b	Phil Davis	}
326	e33be77c	Ermal
327	8bab524e	Phil Davis	if ($_POST['customsettings']) {
328			$userent['customsettings'] = true;
329			} else {
330			unset($userent['customsettings']);
331			}
332
333			if ($_POST['webguicss']) {
334			$userent['webguicss'] = $_POST['webguicss'];
335			} else {
336			unset($userent['webguicss']);
337			}
338
339			if ($_POST['webguifixedmenu']) {
340			$userent['webguifixedmenu'] = $_POST['webguifixedmenu'];
341			} else {
342			unset($userent['webguifixedmenu']);
343			}
344
345			if ($_POST['webguihostnamemenu']) {
346			$userent['webguihostnamemenu'] = $_POST['webguihostnamemenu'];
347			} else {
348			unset($userent['webguihostnamemenu']);
349			}
350
351	1d3510cf	Phil Davis	if ($_POST['interfacessort']) {
352			$userent['interfacessort'] = true;
353			} else {
354			unset($userent['interfacessort']);
355			}
356
357	8bab524e	Phil Davis	if ($_POST['dashboardavailablewidgetspanel']) {
358			$userent['dashboardavailablewidgetspanel'] = true;
359			} else {
360			unset($userent['dashboardavailablewidgetspanel']);
361			}
362
363			if ($_POST['systemlogsfilterpanel']) {
364			$userent['systemlogsfilterpanel'] = true;
365			} else {
366			unset($userent['systemlogsfilterpanel']);
367			}
368
369			if ($_POST['systemlogsmanagelogpanel']) {
370			$userent['systemlogsmanagelogpanel'] = true;
371			} else {
372			unset($userent['systemlogsmanagelogpanel']);
373			}
374
375			if ($_POST['statusmonitoringsettingspanel']) {
376			$userent['statusmonitoringsettingspanel'] = true;
377			} else {
378			unset($userent['statusmonitoringsettingspanel']);
379			}
380
381			if ($_POST['webguileftcolumnhyper']) {
382			$userent['webguileftcolumnhyper'] = true;
383			} else {
384			unset($userent['webguileftcolumnhyper']);
385			}
386
387	d9058974	Phil Davis	if ($_POST['disablealiaspopupdetail']) {
388			$userent['disablealiaspopupdetail'] = true;
389			} else {
390			unset($userent['disablealiaspopupdetail']);
391			}
392
393	8bab524e	Phil Davis	if ($_POST['pagenamefirst']) {
394			$userent['pagenamefirst'] = true;
395			} else {
396			unset($userent['pagenamefirst']);
397			}
398
399	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
400	e33be77c	Ermal	$a_user[$id] = $userent;
401	73fa304b	Phil Davis	} else {
402	e33be77c	Ermal	if (!empty($_POST['name'])) {
403			$cert = array();
404			$cert['refid'] = uniqid();
405	4c291f4c	Renato Botelho	$userent['cert'] = array();
406	e33be77c	Ermal
407			$cert['descr'] = $_POST['name'];
408
409	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
410	e33be77c	Ermal
411	4c291f4c	Renato Botelho	$dn = array(
412			'countryName' => $subject[0]['v'],
413			'stateOrProvinceName' => $subject[1]['v'],
414			'localityName' => $subject[2]['v'],
415			'organizationName' => $subject[3]['v'],
416			'emailAddress' => $subject[4]['v'],
417			'commonName' => $userent['name']);
418	e562fca2	jim-p	$cn_altname = cert_add_altname_type($userent['name']);
419			if (!empty($cn_altname)) {
420			$dn['subjectAltName'] = $cn_altname;
421	b767fe6c	jim-p	}
422	e33be77c	Ermal
423			cert_create($cert, $_POST['caref'], $_POST['keylen'],
424			(int)$_POST['lifetime'], $dn);
425
426	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
427	e33be77c	Ermal	$config['cert'] = array();
428	73fa304b	Phil Davis	}
429	e33be77c	Ermal	$config['cert'][] = $cert;
430			$userent['cert'][] = $cert['refid'];
431			}
432			$userent['uid'] = $config['system']['nextuid']++;
433			/* Add the user to All Users group. */
434			foreach ($config['system']['group'] as $gidx => $group) {
435			if ($group['name'] == "all") {
436	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
437	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
438	73fa304b	Phil Davis	}
439	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
440			break;
441			}
442			}
443	970db70b	Scott Ullrich
444	e33be77c	Ermal	$a_user[] = $userent;
445	45ee90ed	Matthew Grooms	}
446	e33be77c	Ermal
447	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
448	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
449	e33be77c	Ermal	local_user_set($userent);
450	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
451	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
452	e33be77c	Ermal	write_config();
453
454	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
455	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
456	73fa304b	Phil Davis	}
457	e33be77c	Ermal
458	3ccb9689	Charlie Marshall
459	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
460	45ee90ed	Matthew Grooms	}
461	e33be77c	Ermal	}
462	fab7ff44	Bill Marquette
463	7411c285	Stephen Beaver	function build_priv_table() {
464			global $a_user, $id;
465
466			$privhtml = '<div class="table-responsive">';
467			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
468			$privhtml .= '<thead>';
469	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
470			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
471			$privhtml .= '<th>' . gettext('Name') . '</th>';
472			$privhtml .= '<th>' . gettext('Description') . '</th>';
473	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
474	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
475	7411c285	Stephen Beaver	$privhtml .= '</thead>';
476			$privhtml .= '<tbody>';
477
478	945204b1	Stephen Beaver	$i = 0;
479	57188e47	Phil Davis	$user_has_root_priv = false;
480	945204b1	Stephen Beaver
481			foreach (get_user_privdesc($a_user[$id]) as $priv) {
482			$group = false;
483			if ($priv['group']) {
484			$group = $priv['group'];
485			}
486
487	7411c285	Stephen Beaver	$privhtml .= '<tr>';
488			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
489			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
490	57188e47	Phil Davis	$privhtml .= '<td>' . htmlspecialchars($priv['descr']);
491			if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
492	21312954	Phil Davis	$privhtml .= ' ' . gettext('(admin privilege)');
493	57188e47	Phil Davis	$user_has_root_priv = true;
494			}
495			$privhtml .= '</td>';
496	945204b1	Stephen Beaver	$privhtml .= '<td>';
497	d61309a0	Phil Davis	if (!$group) {
498	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
499	d61309a0	Phil Davis	}
500	945204b1	Stephen Beaver
501			$privhtml .= '</td>';
502	7411c285	Stephen Beaver	$privhtml .= '</tr>';
503	945204b1	Stephen Beaver
504	d61309a0	Phil Davis	if (!$group) {
505	945204b1	Stephen Beaver	$i++;
506	d61309a0	Phil Davis	}
507	7411c285	Stephen Beaver	}
508
509	57188e47	Phil Davis	if ($user_has_root_priv) {
510			$privhtml .= '<tr>';
511			$privhtml .= '<td colspan="3">';
512	9187d6f7	Phil Davis	$privhtml .= '<b>' . gettext('Security notice: This user effectively has administrator-level access') . '</b>';
513	57188e47	Phil Davis	$privhtml .= '</td>';
514			$privhtml .= '<td>';
515			$privhtml .= '</td>';
516			$privhtml .= '</tr>';
517	f5c9c0c7	Steve Beaver
518	57188e47	Phil Davis	}
519
520	7411c285	Stephen Beaver	$privhtml .= '</tbody>';
521			$privhtml .= '</table>';
522			$privhtml .= '</div>';
523
524			$privhtml .= '<nav class="action-buttons">';
525	4611e283	Steve Beaver	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
526	7411c285	Stephen Beaver	$privhtml .= '</nav>';
527
528			return($privhtml);
529			}
530	98402844	Stephen Beaver
531	7411c285	Stephen Beaver	function build_cert_table() {
532			global $a_user, $id;
533
534			$certhtml = '<div class="table-responsive">';
535			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
536			$certhtml .= '<thead>';
537	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
538			$certhtml .= '<th>' . gettext('Name') . '</th>';
539			$certhtml .= '<th>' . gettext('CA') . '</th>';
540	98402844	Stephen Beaver	$certhtml .= '<th></th>';
541	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
542	7411c285	Stephen Beaver	$certhtml .= '</thead>';
543			$certhtml .= '<tbody>';
544
545			$a_cert = $a_user[$id]['cert'];
546			if (is_array($a_cert)) {
547			$i = 0;
548			foreach ($a_cert as $certref) {
549	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
550			$ca = lookup_ca($cert['caref']);
551			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
552
553	7411c285	Stephen Beaver	$certhtml .= '<tr>';
554	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
555	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
556	db676e5b	Stephen Beaver	$certhtml .= '<td>';
557	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
558	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
559	db676e5b	Stephen Beaver	$certhtml .= '</td>';
560	7411c285	Stephen Beaver	$certhtml .= '</tr>';
561	db676e5b	Stephen Beaver	$i++;
562	7411c285	Stephen Beaver	}
563	db676e5b	Stephen Beaver
564	7411c285	Stephen Beaver	}
565
566			$certhtml .= '</tbody>';
567			$certhtml .= '</table>';
568			$certhtml .= '</div>';
569
570			$certhtml .= '<nav class="action-buttons">';
571	4611e283	Steve Beaver	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
572	7411c285	Stephen Beaver	$certhtml .= '</nav>';
573
574			return($certhtml);
575			}
576
577	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
578	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_usermanager.php");
579	8f1ab2a4	k-paulius
580			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
581			$pgtitle[] = gettext('Edit');
582	edcd7535	Phil Davis	$pglinks[] = "@self";
583	8f1ab2a4	k-paulius	}
584	4611e283	Steve Beaver
585	e33be77c	Ermal	include("head.inc");
586	fab7ff44	Bill Marquette
587	d6b79c39	Phil Davis	if ($delete_errors) {
588			print_input_errors($delete_errors);
589			}
590
591	d61309a0	Phil Davis	if ($input_errors) {
592	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
593	d61309a0	Phil Davis	}
594	98402844	Stephen Beaver
595	d61309a0	Phil Davis	if ($savemsg) {
596	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
597	d61309a0	Phil Davis	}
598	4ee51131	Sjon Hortensius
599			$tab_array = array();
600			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
601			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
602			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
603	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
604	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
605
606	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
607	64600f94	Sjon Hortensius	?>
608	64c31615	Stephen Beaver	<form method="post">
609	060ed238	Stephen Beaver	<div class="panel panel-default">
610			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
611			<div class="panel-body">
612			<div class="table-responsive">
613	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
614	060ed238	Stephen Beaver	<thead>
615			<tr>
616			<th> </th>
617			<th><?=gettext("Username")?></th>
618			<th><?=gettext("Full name")?></th>
619	edd88334	NOYB	<th><?=gettext("Status")?></th>
620	060ed238	Stephen Beaver	<th><?=gettext("Groups")?></th>
621	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
622	060ed238	Stephen Beaver	</tr>
623			</thead>
624			<tbody>
625	a0165602	Sjon Hortensius	<?php
626	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
627	a0165602	Sjon Hortensius	?>
628	060ed238	Stephen Beaver	<tr>
629			<td>
630	d6b79c39	Phil Davis	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=((($userent['scope'] == "system") \|\| ($userent['name'] == $_SESSION['Username'])) ? 'disabled' : '')?>/>
631	060ed238	Stephen Beaver	</td>
632			<td>
633	a0165602	Sjon Hortensius	<?php
634	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
635	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
636	d61309a0	Phil Davis	} else {
637	a0165602	Sjon Hortensius	$usrimg = 'user';
638	d61309a0	Phil Davis	}
639	a0165602	Sjon Hortensius	?>
640	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
641			<?=htmlspecialchars($userent['name'])?>
642			</td>
643			<td><?=htmlspecialchars($userent['descr'])?></td>
644	0fdbaca8	NOYB	<td><i class="fa fa-<?= (isset($userent['disabled'])) ? 'ban" title="' . gettext("Disabled") . '"' : 'check" title="' . gettext("Enabled") . '"' ; ?>><span style='display: none'><?= (isset($userent['disabled'])) ? gettext("Disabled") : gettext("Enabled") ; ?></span></i></td>
645	060ed238	Stephen Beaver	<td><?=implode(",", local_user_get_groups($userent))?></td>
646			<td>
647	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
648	d6b79c39	Phil Davis	<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?>
649	f5c9c0c7	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" usepost></a>
650	a0165602	Sjon Hortensius	<?php endif; ?>
651	060ed238	Stephen Beaver	</td>
652			</tr>
653	a0165602	Sjon Hortensius	<?php endforeach; ?>
654	060ed238	Stephen Beaver	</tbody>
655			</table>
656			</div>
657			</div>
658	94404d94	Sander van Leeuwen	</div>
659	c10cb196	Stephen Beaver	<nav class="action-buttons">
660	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-sm btn-success">
661	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
662	b921ab63	Stephen Beaver	<?=gettext("Add")?>
663			</a>
664	64c31615	Stephen Beaver
665			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
666			<i class="fa fa-trash icon-embed-btn"></i>
667			<?=gettext("Delete")?>
668			</button>
669	f5c9c0c7	Steve Beaver
670	94404d94	Sander van Leeuwen	</nav>
671	d825dfea	NOYB	</form>
672	3c3ede28	Stephen Beaver	<div class="infoblock">
673	a0165602	Sjon Hortensius	<?php
674	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
675			"the webConfigurator can be assigned directly or inherited from group memberships. " .
676			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
677			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
678			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
679			);
680	f5c9c0c7	Steve Beaver
681	d3f59a8c	Steve Beaver	?></div>
682
683	f5c9c0c7	Steve Beaver	<?php
684	a0165602	Sjon Hortensius	include("foot.inc");
685			exit;
686			}
687	4ee51131	Sjon Hortensius
688			$form = new Form;
689
690	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
691	4ee51131	Sjon Hortensius
692	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
693			'act',
694			null,
695			'hidden',
696			''
697			));
698	4ee51131	Sjon Hortensius
699	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
700			'userid',
701			null,
702			'hidden',
703			isset($id) ? $id:''
704			));
705	4ee51131	Sjon Hortensius
706	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
707			'privid',
708			null,
709			'hidden',
710			''
711			));
712	4ee51131	Sjon Hortensius
713	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
714			'certid',
715			null,
716			'hidden',
717			''
718			));
719	4ee51131	Sjon Hortensius
720	7411c285	Stephen Beaver	$ro = "";
721			if ($pconfig['utype'] == "system") {
722	c4b60a9a	Colin Fleming	$ro = "readonly";
723	7411c285	Stephen Beaver	}
724	4ee51131	Sjon Hortensius
725	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
726	4ee51131	Sjon Hortensius
727	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
728			'Defined by',
729			strtoupper($pconfig['utype'])
730			));
731	4ee51131	Sjon Hortensius
732	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
733			'utype',
734			null,
735			'hidden',
736			$pconfig['utype']
737			));
738	4ee51131	Sjon Hortensius
739	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
740			'disabled',
741			'Disabled',
742			'This user cannot login',
743			$pconfig['disabled']
744			));
745	6b07c15a	Matthew Grooms
746	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
747			'usernamefld',
748	153c3aa6	Phil Davis	'*Username',
749	7411c285	Stephen Beaver	'text',
750			$pconfig['usernamefld']
751			));
752	61dec0b0	Renato Botelho
753	d61309a0	Phil Davis	if ($ro) {
754	1fe9cc38	Stephen Beaver	$input->setReadonly();
755	d61309a0	Phil Davis	}
756	7411c285	Stephen Beaver
757			$form->addGlobal(new Form_Input(
758			'oldusername',
759	4ee51131	Sjon Hortensius	null,
760	7411c285	Stephen Beaver	'hidden',
761			$pconfig['usernamefld']
762	4ee51131	Sjon Hortensius	));
763	6b07c15a	Matthew Grooms
764	153c3aa6	Phil Davis	if ($act == "edit") {
765			$pwd_required = "";
766			} else {
767			$pwd_required = "*";
768			}
769
770			$group = new Form_Group($pwd_required . 'Password');
771	7411c285	Stephen Beaver	$group->add(new Form_Input(
772			'passwordfld1',
773			'Password',
774			'password'
775			));
776			$group->add(new Form_Input(
777			'passwordfld2',
778			'Confirm Password',
779			'password'
780			));
781
782			$section->add($group);
783
784			$section->addInput($input = new Form_Input(
785			'descr',
786			'Full name',
787			'text',
788			htmlspecialchars($pconfig['descr'])
789	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
790	7411c285	Stephen Beaver
791	d61309a0	Phil Davis	if ($ro) {
792	7411c285	Stephen Beaver	$input->setDisabled();
793	d61309a0	Phil Davis	}
794	7411c285	Stephen Beaver
795			$section->addInput(new Form_Input(
796			'expires',
797			'Expiration date',
798	d78dbc34	Stephen Beaver	'text',
799	7411c285	Stephen Beaver	$pconfig['expires']
800			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
801	98b87cfa	Jonathon Anderson	'the expiration date as MM/DD/YYYY');
802	7411c285	Stephen Beaver
803	8bab524e	Phil Davis	$section->addInput(new Form_Checkbox(
804			'customsettings',
805			'Custom Settings',
806			'Use individual customized GUI options and dashboard layout for this user.',
807			$pconfig['customsettings']
808			));
809
810			gen_user_settings_fields($section, $pconfig);
811
812	7411c285	Stephen Beaver	// ==== Group membership ==================================================
813			$group = new Form_Group('Group membership');
814
815	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
816	7411c285	Stephen Beaver	// those which this user is a member of
817			$systemGroups = array();
818			$usersGroups = array();
819
820			$usergid = [$pconfig['usernamefld']];
821
822			foreach ($config['system']['group'] as $Ggroup) {
823	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
824			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
825	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
826	d61309a0	Phil Davis	} else {
827	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
828	d61309a0	Phil Davis	}
829	b4333696	Stephen Beaver	}
830	7411c285	Stephen Beaver	}
831
832			$group->add(new Form_Select(
833			'sysgroups',
834			null,
835			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
836			$systemGroups,
837			true
838	953385a3	heper	))->setHelp('Not member of');
839	6b07c15a	Matthew Grooms
840	7411c285	Stephen Beaver	$group->add(new Form_Select(
841			'groups',
842			null,
843			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
844			$usersGroups,
845			true
846	953385a3	heper	))->setHelp('Member of');
847	7411c285	Stephen Beaver
848			$section->add($group);
849
850			$group = new Form_Group('');
851
852			$group->add(new Form_Button(
853			'movetoenabled',
854	faab522f	Renato Botelho	'Move to "Member of" list',
855	37676f4e	jim-p	null,
856			'fa-angle-double-right'
857	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
858	7411c285	Stephen Beaver
859			$group->add(new Form_Button(
860			'movetodisabled',
861	faab522f	Renato Botelho	'Move to "Not member of" list',
862	37676f4e	jim-p	null,
863			'fa-angle-double-left'
864	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
865	4ee51131	Sjon Hortensius
866	e4c7d45f	NewEraCracker	$group->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
867	7411c285	Stephen Beaver	$section->add($group);
868	4ee51131	Sjon Hortensius
869	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
870	d61309a0	Phil Davis	if ($act == 'new') {
871	fc1913fe	jim-p	if (count($nonPrvCas) > 0) {
872			$section->addInput(new Form_Checkbox(
873			'showcert',
874			'Certificate',
875			'Click to create a user certificate',
876			false
877			));
878			} else {
879			$section->addInput(new Form_StaticText(
880			'Certificate',
881			gettext('No private CAs found. A private CA is required to create a new user certificate. ' .
882			'Save the user first to import an external certificate.')
883			));
884			}
885	6b07c15a	Matthew Grooms	}
886
887	7411c285	Stephen Beaver	$form->add($section);
888	6b07c15a	Matthew Grooms
889	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
890			if (isset($pconfig['uid'])) {
891			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
892			// is the best way to make the display we need.
893	6b07c15a	Matthew Grooms
894	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
895	4ee51131	Sjon Hortensius
896	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
897			null,
898			build_priv_table()
899			));
900	4ee51131	Sjon Hortensius
901	7411c285	Stephen Beaver	$form->add($section);
902	4ee51131	Sjon Hortensius
903	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
904	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
905	7411c285	Stephen Beaver
906			$section->addInput(new Form_StaticText(
907			null,
908			build_cert_table()
909			));
910	64600f94	Sjon Hortensius
911			$form->add($section);
912	c9794c06	Ermal	}
913	7411c285	Stephen Beaver
914	f14ff867	Phil Davis	// ==== Add user certificate for a new user
915			if (is_array($config['ca']) && count($config['ca']) > 0) {
916	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
917	f14ff867	Phil Davis	$section->addClass('cert-options');
918	c9794c06	Ermal
919	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
920			$section->addInput(new Form_Input(
921			'name',
922			'Descriptive name',
923			'text',
924			$pconfig['name']
925			));
926	7411c285	Stephen Beaver
927	f14ff867	Phil Davis	$section->addInput(new Form_Select(
928			'caref',
929			'Certificate authority',
930			null,
931			$nonPrvCas
932			));
933	7411c285	Stephen Beaver
934	f14ff867	Phil Davis	$section->addInput(new Form_Select(
935			'keylen',
936			'Key length',
937			2048,
938			array(
939			512 => '512 bits',
940			1024 => '1024 bits',
941	16897690	jim-p	2048 => '2048 bits',
942	d5018c6a	stilez	3072 => '3072 bits',
943	f14ff867	Phil Davis	4096 => '4096 bits',
944	d5018c6a	stilez	7680 => '7680 bits',
945			8192 => '8192 bits',
946			15360 => '15360 bits',
947			16384 => '16384 bits'
948	f14ff867	Phil Davis	)
949	4dd437e4	Phil Davis	))->setHelp('The larger the key, the more security it offers, but larger keys take considerably more time to generate, ' .
950			'and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). ' .
951			'As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. ' .
952			'For more information see %1$s.', '<a href="https://keylength.com">keylength.com</a>');
953	7411c285	Stephen Beaver
954	f14ff867	Phil Davis	$section->addInput(new Form_Input(
955			'lifetime',
956			'Lifetime',
957			'number',
958			$pconfig['lifetime']
959			));
960	7411c285	Stephen Beaver	}
961
962	f14ff867	Phil Davis	$form->add($section);
963			}
964
965	7411c285	Stephen Beaver	endif;
966			// ==== Paste a key for the new user
967	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
968
969	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
970			'showkey',
971			'Authorized keys',
972			'Click to paste an authorized key',
973			false
974			));
975
976	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
977			'authorizedkeys',
978	d1e73829	Stephen Beaver	'Authorized SSH Keys',
979	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
980	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
981	4ee51131	Sjon Hortensius
982	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
983	4ee51131	Sjon Hortensius	'ipsecpsk',
984			'IPsec Pre-Shared Key',
985			'text',
986			$pconfig['ipsecpsk']
987			));
988
989			$form->add($section);
990	7411c285	Stephen Beaver
991	a0165602	Sjon Hortensius	print $form;
992	8bab524e	Phil Davis
993			$csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />");
994	7411c285	Stephen Beaver	?>
995	8fd9052f	Colin Fleming	<script type="text/javascript">
996	7411c285	Stephen Beaver	//<![CDATA[
997	d61309a0	Phil Davis	events.push(function() {
998	7411c285	Stephen Beaver
999	8bab524e	Phil Davis	function setcustomoptions() {
1000			var adv = $('#customsettings').prop('checked');
1001
1002			hideInput('webguicss', !adv);
1003			hideInput('webguifixedmenu', !adv);
1004			hideInput('webguihostnamemenu', !adv);
1005			hideInput('dashboardcolumns', !adv);
1006	1d3510cf	Phil Davis	hideCheckbox('interfacessort', !adv);
1007	8bab524e	Phil Davis	hideCheckbox('dashboardavailablewidgetspanel', !adv);
1008			hideCheckbox('systemlogsfilterpanel', !adv);
1009			hideCheckbox('systemlogsmanagelogpanel', !adv);
1010			hideCheckbox('statusmonitoringsettingspanel', !adv);
1011			hideCheckbox('webguileftcolumnhyper', !adv);
1012	d9058974	Phil Davis	hideCheckbox('disablealiaspopupdetail', !adv);
1013	8bab524e	Phil Davis	hideCheckbox('pagenamefirst', !adv);
1014			}
1015
1016			// Handle displaying a warning message if a user-created theme is selected.
1017			function setThemeWarning() {
1018			if ($('#webguicss').val().startsWith("pfSense")) {
1019			$('#csstxt').html("").addClass("text-default");
1020			} else {
1021			$('#csstxt').html("<?=$csswarning?>").addClass("text-danger");
1022			}
1023			}
1024
1025			$('#webguicss').change(function() {
1026			setThemeWarning();
1027			});
1028
1029			setThemeWarning();
1030
1031	7411c285	Stephen Beaver	// On click . .
1032	8bab524e	Phil Davis	$('#customsettings').click(function () {
1033			setcustomoptions();
1034			});
1035
1036	7411c285	Stephen Beaver	$("#movetodisabled").click(function() {
1037			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
1038			});
1039
1040			$("#movetoenabled").click(function() {
1041			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
1042			});
1043
1044			$("#showcert").click(function() {
1045			hideClass('cert-options', !this.checked);
1046			});
1047
1048			$("#showkey").click(function() {
1049	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
1050			hideCheckbox('showkey', true);
1051	7411c285	Stephen Beaver	});
1052
1053	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
1054	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1055	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
1056			$('#userid').val('<?=$id;?>');
1057			$('#act').val('delcert');
1058			$('form').submit();
1059			}
1060			});
1061	945204b1	Stephen Beaver
1062	408d0882	heper	$('[id^=delprivid]').click(function(event) {
1063	d61309a0	Phil Davis	if (confirm(event.target.title)) {
1064	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
1065	408d0882	heper	$('#userid').val('<?=$id;?>');
1066			$('#act').val('delprivid');
1067			$('form').submit();
1068			}
1069			});
1070	64c31615	Stephen Beaver
1071	53c38ff1	Stephen Beaver	$('#expires').datepicker();
1072	98402844	Stephen Beaver
1073	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1074
1075			hideClass('cert-options', true);
1076			//hideInput('authorizedkeys', true);
1077	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
1078	8bab524e	Phil Davis	setcustomoptions();
1079	7411c285	Stephen Beaver
1080			// On submit mark all the user's groups as "selected"
1081	d61309a0	Phil Davis	$('form').submit(function() {
1082	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
1083			});
1084	f5c9c0c7	Steve Beaver
1085	7411c285	Stephen Beaver	});
1086			//]]>
1087			</script>
1088			<?php
1089	bb1b5c6f	heper	include('foot.inc');
1090	d6b79c39	Phil Davis	?>

Project

General

Profile

pfSense