/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_usermanager.php @ a0fca224

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38	3ccb9689	Charlie Marshall	pfSense_BUILDER_BINARIES:
39	1d333258	Scott Ullrich	pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	31b53653	Scott Ullrich
53	e33be77c	Ermal	// start admin user code
54			$pgtitle = array(gettext("System"),gettext("User Manager"));
55	fab7ff44	Bill Marquette
56	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
57			$id = $_GET['id'];
58			if (isset($_POST['id']) && is_numericint($_POST['id']))
59	e33be77c	Ermal	$id = $_POST['id'];
60	1df17ba9	Scott Ullrich
61	3ccb9689	Charlie Marshall	if (!is_array($config['system']['user']))
62	e33be77c	Ermal	$config['system']['user'] = array();
63	1df17ba9	Scott Ullrich
64	e33be77c	Ermal	$a_user = &$config['system']['user'];
65	45ee90ed	Matthew Grooms
66	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
67			$pconfig['usernamefld'] = $a_user[$id]['name'];
68			$pconfig['descr'] = $a_user[$id]['descr'];
69			$pconfig['expires'] = $a_user[$id]['expires'];
70			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
71			$pconfig['utype'] = $a_user[$id]['scope'];
72			$pconfig['uid'] = $a_user[$id]['uid'];
73			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
74			$pconfig['priv'] = $a_user[$id]['priv'];
75			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
76			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
77			}
78
79	e33be77c	Ermal	if ($_GET['act'] == "deluser") {
80	45ee90ed	Matthew Grooms
81	e33be77c	Ermal	if (!$a_user[$id]) {
82			pfSenseHeader("system_usermanager.php");
83			exit;
84	6b07c15a	Matthew Grooms	}
85
86	8a0ae97f	Renato Botelho	conf_mount_rw();
87	e33be77c	Ermal	local_user_del($a_user[$id]);
88	8a0ae97f	Renato Botelho	conf_mount_ro();
89	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
90			unset($a_user[$id]);
91			write_config();
92			$savemsg = gettext("User")." {$userdeleted} ".
93	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
94	e33be77c	Ermal	}
95			else if ($_GET['act'] == "delpriv") {
96	6b07c15a	Matthew Grooms
97	e33be77c	Ermal	if (!$a_user[$id]) {
98			pfSenseHeader("system_usermanager.php");
99			exit;
100	45ee90ed	Matthew Grooms	}
101
102	e33be77c	Ermal	$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
103			unset($a_user[$id]['priv'][$_GET['privid']]);
104			local_user_set($a_user[$id]);
105			write_config();
106			$_GET['act'] = "edit";
107			$savemsg = gettext("Privilege")." {$privdeleted} ".
108	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
109	e33be77c	Ermal	}
110			else if ($_GET['act'] == "expcert") {
111	93823b10	Matthew Grooms
112	e33be77c	Ermal	if (!$a_user[$id]) {
113			pfSenseHeader("system_usermanager.php");
114	93823b10	Matthew Grooms	exit;
115			}
116
117	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
118	93823b10	Matthew Grooms
119	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
120			$exp_data = base64_decode($cert['crt']);
121			$exp_size = strlen($exp_data);
122	93823b10	Matthew Grooms
123	e33be77c	Ermal	header("Content-Type: application/octet-stream");
124			header("Content-Disposition: attachment; filename={$exp_name}");
125			header("Content-Length: $exp_size");
126			echo $exp_data;
127			exit;
128			}
129			else if ($_GET['act'] == "expckey") {
130	93823b10	Matthew Grooms
131	e33be77c	Ermal	if (!$a_user[$id]) {
132			pfSenseHeader("system_usermanager.php");
133	93823b10	Matthew Grooms	exit;
134			}
135
136	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
137	58fdb8ad	Matthew Grooms
138	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
139			$exp_data = base64_decode($cert['prv']);
140			$exp_size = strlen($exp_data);
141	58fdb8ad	Matthew Grooms
142	e33be77c	Ermal	header("Content-Type: application/octet-stream");
143			header("Content-Disposition: attachment; filename={$exp_name}");
144			header("Content-Length: $exp_size");
145			echo $exp_data;
146			exit;
147			}
148			else if ($_GET['act'] == "delcert") {
149	58fdb8ad	Matthew Grooms
150	e33be77c	Ermal	if (!$a_user[$id]) {
151			pfSenseHeader("system_usermanager.php");
152			exit;
153	45ee90ed	Matthew Grooms	}
154
155	e33be77c	Ermal	$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
156			$certdeleted = $certdeleted['descr'];
157			unset($a_user[$id]['cert'][$_GET['certid']]);
158			write_config();
159			$_GET['act'] = "edit";
160			$savemsg = gettext("Certificate")." {$certdeleted} ".
161	8cd558b6	ayvis	gettext("association removed.")."<br />";
162	e33be77c	Ermal	}
163			else if ($_GET['act'] == "new") {
164			/*
165			* set this value cause the text field is read only
166			* and the user should not be able to mess with this
167			* setting.
168			*/
169			$pconfig['utype'] = "user";
170			$pconfig['lifetime'] = 3650;
171			}
172	45ee90ed	Matthew Grooms
173	e33be77c	Ermal	if ($_POST) {
174			unset($input_errors);
175			$pconfig = $_POST;
176	45ee90ed	Matthew Grooms
177	e33be77c	Ermal	/* input validation */
178			if (isset($id) && ($a_user[$id])) {
179			$reqdfields = explode(" ", "usernamefld");
180			$reqdfieldsn = array(gettext("Username"));
181			} else {
182			if (empty($_POST['name'])) {
183			$reqdfields = explode(" ", "usernamefld passwordfld1");
184			$reqdfieldsn = array(
185			gettext("Username"),
186			gettext("Password"));
187	45ee90ed	Matthew Grooms	} else {
188	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
189			$reqdfieldsn = array(
190			gettext("Username"),
191			gettext("Password"),
192			gettext("Descriptive name"),
193			gettext("Certificate authority"),
194			gettext("Key length"),
195			gettext("Lifetime"));
196	45ee90ed	Matthew Grooms	}
197	e33be77c	Ermal	}
198	45ee90ed	Matthew Grooms
199	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
200	45ee90ed	Matthew Grooms
201	e33be77c	Ermal	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
202			$input_errors[] = gettext("The username contains invalid characters.");
203	45ee90ed	Matthew Grooms
204	e33be77c	Ermal	if (strlen($_POST['usernamefld']) > 16)
205			$input_errors[] = gettext("The username is longer than 16 characters.");
206	94d455da	jim-p
207	e33be77c	Ermal	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
208			$input_errors[] = gettext("The passwords do not match.");
209	45ee90ed	Matthew Grooms
210	e33be77c	Ermal	if (isset($id) && $a_user[$id])
211			$oldusername = $a_user[$id]['name'];
212			else
213			$oldusername = "";
214			/* make sure this user name is unique */
215			if (!$input_errors) {
216			foreach ($a_user as $userent) {
217			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
218			$input_errors[] = gettext("Another entry with the same username already exists.");
219			break;
220	58664cc9	Scott Ullrich	}
221	3dec33d4	Erik Fonnesbeck	}
222	e33be77c	Ermal	}
223			/* also make sure it is not reserved */
224			if (!$input_errors) {
225			$system_users = explode("\n", file_get_contents("/etc/passwd"));
226			foreach ($system_users as $s_user) {
227			$ent = explode(":", $s_user);
228			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
229			$input_errors[] = gettext("That username is reserved by the system.");
230			break;
231	8339ab6d	jim-p	}
232	7e4a4513	Scott Ullrich	}
233	e33be77c	Ermal	}
234	1df17ba9	Scott Ullrich
235	e33be77c	Ermal	/*
236			* Check for a valid expirationdate if one is set at all (valid means,
237	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
238	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
239			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
240			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
241			* Otherwhise such an entry would lead to an invalid expiration data.
242			*/
243			if ($_POST['expires']){
244	4d148b59	Yehuda Katz	try {
245			$expdate = new DateTime($_POST['expires']);
246			//convert from any DateTime compatible date to MM/DD/YYYY
247			$_POST['expires'] = $expdate->format("m/d/Y");
248			} catch ( Exception $ex ) {
249	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
250	0092b3bd	mgrooms	}
251	e33be77c	Ermal	}
252	0092b3bd	mgrooms
253	e33be77c	Ermal	if (!empty($_POST['name'])) {
254			$ca = lookup_ca($_POST['caref']);
255			if (!$ca)
256			$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
257			}
258	c9794c06	Ermal
259	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
260			if (isAjax() && is_array($input_errors)) {
261			input_errors2Ajax($input_errors);
262			exit;
263			}
264	1df17ba9	Scott Ullrich
265	e33be77c	Ermal	if (!$input_errors) {
266			conf_mount_rw();
267			$userent = array();
268			if (isset($id) && $a_user[$id])
269			$userent = $a_user[$id];
270	e879fc81	Ermal
271	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
272
273			/* the user name was modified */
274	fdcf104c	jim-p	if ($_POST['usernamefld'] <> $_POST['oldusername']) {
275	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
276	fdcf104c	jim-p	local_user_del($userent);
277			}
278	1df17ba9	Scott Ullrich
279	e33be77c	Ermal	/* the user password was mofified */
280			if ($_POST['passwordfld1'])
281			local_user_set_password($userent, $_POST['passwordfld1']);
282	1df17ba9	Scott Ullrich
283	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
284			$userent['descr'] = $_POST['descr'];
285			$userent['expires'] = $_POST['expires'];
286			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
287			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
288	3ccb9689	Charlie Marshall
289	e33be77c	Ermal	if($_POST['disabled'])
290			$userent['disabled'] = true;
291	3ccb9689	Charlie Marshall	else
292	e33be77c	Ermal	unset($userent['disabled']);
293
294			if (isset($id) && $a_user[$id])
295			$a_user[$id] = $userent;
296			else {
297			if (!empty($_POST['name'])) {
298			$cert = array();
299			$cert['refid'] = uniqid();
300			$userent['cert'] = array();
301
302			$cert['descr'] = $_POST['name'];
303
304			$subject = cert_get_subject_array($ca['crt']);
305
306			$dn = array(
307			'countryName' => $subject[0]['v'],
308			'stateOrProvinceName' => $subject[1]['v'],
309			'localityName' => $subject[2]['v'],
310			'organizationName' => $subject[3]['v'],
311			'emailAddress' => $subject[4]['v'],
312			'commonName' => $userent['name']);
313
314			cert_create($cert, $_POST['caref'], $_POST['keylen'],
315			(int)$_POST['lifetime'], $dn);
316
317			if (!is_array($config['cert']))
318			$config['cert'] = array();
319			$config['cert'][] = $cert;
320			$userent['cert'][] = $cert['refid'];
321			}
322			$userent['uid'] = $config['system']['nextuid']++;
323			/* Add the user to All Users group. */
324			foreach ($config['system']['group'] as $gidx => $group) {
325			if ($group['name'] == "all") {
326			if (!is_array($config['system']['group'][$gidx]['member']))
327			$config['system']['group'][$gidx]['member'] = array();
328			$config['system']['group'][$gidx]['member'][] = $userent['uid'];
329			break;
330			}
331			}
332	970db70b	Scott Ullrich
333	e33be77c	Ermal	$a_user[] = $userent;
334	45ee90ed	Matthew Grooms	}
335	e33be77c	Ermal
336			local_user_set_groups($userent,$_POST['groups']);
337			local_user_set($userent);
338			write_config();
339
340			if(is_dir("/etc/inc/privhooks"))
341			run_plugins("/etc/inc/privhooks");
342
343			conf_mount_ro();
344	3ccb9689	Charlie Marshall
345	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
346	45ee90ed	Matthew Grooms	}
347	e33be77c	Ermal	}
348	fab7ff44	Bill Marquette
349	e33be77c	Ermal	include("head.inc");
350	1df17ba9	Scott Ullrich	?>
351	fab7ff44	Bill Marquette
352	12c2ec2e	Charlie Marshall	<link rel="stylesheet" type="text/css" href="/javascript/jquery-ui-timepicker-addon/css/jquery-ui-timepicker-addon.css" />
353			<link rel="stylesheet" type="text/css" href="/javascript/jquery/jquery-ui.custom.css" />
354
355	07130afe	ayvis	<script type="text/javascript">
356	12c2ec2e	Charlie Marshall	jQuery(function() {
357	23991e58	Charlie Marshall	jQuery( "#expires" ).datepicker( { dateFormat: 'mm/dd/yy', changeYear: true, yearRange: "+0:+100" } );
358	12c2ec2e	Charlie Marshall	});
359			</script>
360
361	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
362	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
363	12c2ec2e	Charlie Marshall
364	6b8588c6	Colin Fleming	<script type="text/javascript">
365			//<![CDATA[
366	6b07c15a	Matthew Grooms
367			function setall_selected(id) {
368			selbox = document.getElementById(id);
369			count = selbox.options.length;
370			for (index = 0; index<count; index++)
371			selbox.options[index].selected = true;
372			}
373
374			function clear_selected(id) {
375			selbox = document.getElementById(id);
376			count = selbox.options.length;
377			for (index = 0; index<count; index++)
378			selbox.options[index].selected = false;
379			}
380
381			function remove_selected(id) {
382			selbox = document.getElementById(id);
383			index = selbox.options.length - 1;
384			for (; index >= 0; index--)
385			if (selbox.options[index].selected)
386			selbox.remove(index);
387			}
388
389			function copy_selected(srcid, dstid) {
390			src_selbox = document.getElementById(srcid);
391			dst_selbox = document.getElementById(dstid);
392			count = src_selbox.options.length;
393			for (index = 0; index < count; index++) {
394			if (src_selbox.options[index].selected) {
395			option = document.createElement('option');
396			option.text = src_selbox.options[index].text;
397			option.value = src_selbox.options[index].value;
398			dst_selbox.add(option, null);
399			}
400			}
401			}
402
403			function move_selected(srcid, dstid) {
404			copy_selected(srcid, dstid);
405			remove_selected(srcid);
406			}
407
408			function presubmit() {
409			clear_selected('notgroups');
410			setall_selected('groups');
411			}
412
413	c9794c06	Ermal	function usercertClicked(obj) {
414			if (obj.checked) {
415			document.getElementById("usercertchck").style.display="none";
416			document.getElementById("usercert").style.display="";
417			} else {
418			document.getElementById("usercert").style.display="none";
419			document.getElementById("usercertchck").style.display="";
420			}
421			}
422
423			function sshkeyClicked(obj) {
424			if (obj.checked) {
425			document.getElementById("sshkeychck").style.display="none";
426			document.getElementById("sshkey").style.display="";
427			} else {
428			document.getElementById("sshkey").style.display="none";
429			document.getElementById("sshkeychck").style.display="";
430			}
431			}
432	6b8588c6	Colin Fleming	//]]>
433	6b07c15a	Matthew Grooms	</script>
434	1df17ba9	Scott Ullrich	<?php
435	45ee90ed	Matthew Grooms	if ($input_errors)
436			print_input_errors($input_errors);
437			if ($savemsg)
438			print_info_box($savemsg);
439	1df17ba9	Scott Ullrich	?>
440	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="user manager">
441	45ee90ed	Matthew Grooms	<tr>
442	e30001cf	Matthew Grooms	<td>
443	45ee90ed	Matthew Grooms	<?php
444			$tab_array = array();
445			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
446	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
447	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
448	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
449	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
450			?>
451			</td>
452			</tr>
453			<tr>
454	e30001cf	Matthew Grooms	<td id="mainarea">
455			<div class="tabcont">
456
457			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
458
459			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
460	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
461	e30001cf	Matthew Grooms	<?php
462			$ro = "";
463			if ($pconfig['utype'] == "system")
464	6b8588c6	Colin Fleming	$ro = "readonly=\"readonly\"";
465	e30001cf	Matthew Grooms	?>
466			<tr>
467			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
468			<td width="78%" class="vtable">
469	8db87547	jim-p	<strong><?=strtoupper(htmlspecialchars($pconfig['utype']));?></strong>
470	6b8588c6	Colin Fleming	<input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>" />
471	e30001cf	Matthew Grooms	</td>
472			</tr>
473	b4bfd25d	sullrich	<tr>
474	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
475	b4bfd25d	sullrich	<td width="78%" class="vtable">
476	6b8588c6	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "checked=\"checked\""; ?> />
477	b4bfd25d	sullrich	</td>
478			</tr>
479	e30001cf	Matthew Grooms	<tr>
480			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
481			<td width="78%" class="vtable">
482	6b8588c6	Colin Fleming	<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?> />
483	e30001cf	Matthew Grooms	<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
484			</td>
485			</tr>
486			<tr>
487			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
488			<td width="78%" class="vtable">
489			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
490			</td>
491			</tr>
492			<tr>
493			<td width="78%" class="vtable">
494			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
495			</td>
496			</tr>
497			<tr>
498			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
499			<td width="78%" class="vtable">
500	6b8588c6	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?> />
501	8cd558b6	ayvis	<br />
502	e30001cf	Matthew Grooms	<?=gettext("User's full name, for your own information only");?>
503			</td>
504			</tr>
505	0092b3bd	mgrooms	<tr>
506	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
507	0092b3bd	mgrooms	<td width="78%" class="vtable">
508	6b8588c6	Colin Fleming	<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>" />
509	8cd558b6	ayvis	<br />
510	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
511	0092b3bd	mgrooms	</tr>
512	e30001cf	Matthew Grooms	<tr>
513			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
514			<td width="78%" class="vtable" align="center">
515	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="group membership">
516	e30001cf	Matthew Grooms	<tr>
517			<td align="center" width="50%">
518	8cd558b6	ayvis	<strong><?=gettext("Not Member Of"); ?></strong><br />
519			<br />
520	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onchange="clear_selected('groups')" multiple="multiple">
521	e30001cf	Matthew Grooms	<?php
522			foreach ($config['system']['group'] as $group):
523			if ($group['gid'] == 1998) /* all users group */
524			continue;
525	08724afa	jim-p	if (is_array($pconfig['groups']) && in_array($group['name'],$pconfig['groups']))
526	e30001cf	Matthew Grooms	continue;
527			?>
528			<option value="<?=$group['name'];?>" <?=$selected;?>>
529			<?=htmlspecialchars($group['name']);?>
530			</option>
531			<?php endforeach; ?>
532			</select>
533	8cd558b6	ayvis	<br />
534	e30001cf	Matthew Grooms	</td>
535			<td>
536	8cd558b6	ayvis	<br />
537	e30001cf	Matthew Grooms	<a href="javascript:move_selected('notgroups','groups')">
538	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
539	e30001cf	Matthew Grooms	</a>
540	8cd558b6	ayvis	<br /><br />
541	e30001cf	Matthew Grooms	<a href="javascript:move_selected('groups','notgroups')">
542	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
543	e30001cf	Matthew Grooms	</a>
544			</td>
545			<td align="center" width="50%">
546	8cd558b6	ayvis	<strong><?=gettext("Member Of"); ?></strong><br />
547			<br />
548	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onchange="clear_selected('nogroups')" multiple="multiple">
549	e30001cf	Matthew Grooms	<?php
550	08724afa	jim-p	if (is_array($pconfig['groups'])) {
551	e30001cf	Matthew Grooms	foreach ($config['system']['group'] as $group):
552			if ($group['gid'] == 1998) /* all users group */
553			continue;
554			if (!in_array($group['name'],$pconfig['groups']))
555			continue;
556			?>
557			<option value="<?=$group['name'];?>">
558			<?=htmlspecialchars($group['name']);?>
559			</option>
560	08724afa	jim-p	<?php endforeach;
561			} ?>
562	e30001cf	Matthew Grooms	</select>
563	8cd558b6	ayvis	<br />
564	e30001cf	Matthew Grooms	</td>
565			</tr>
566			</table>
567			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
568			</td>
569			</tr>
570
571	ff9eda9d	jim-p	<?php if (isset($pconfig['uid'])): ?>
572	e30001cf	Matthew Grooms
573			<tr>
574			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
575			<td width="78%" class="vtable">
576	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges">
577	e30001cf	Matthew Grooms	<tr>
578			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
579			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
580			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
581			<td class="list"></td>
582			</tr>
583			<?php
584	3ccb9689	Charlie Marshall
585	e30001cf	Matthew Grooms	$privdesc = get_user_privdesc($a_user[$id]);
586			if(is_array($privdesc)):
587			$i = 0;
588			foreach ($privdesc as $priv):
589			$group = false;
590			if ($priv['group'])
591			$group = $priv['group'];
592			?>
593			<tr>
594			<td class="listlr"><?=$group;?></td>
595			<td class="listr">
596			<?=htmlspecialchars($priv['name']);?>
597			</td>
598			<td class="listbg">
599			<?=htmlspecialchars($priv['descr']);?>
600			</td>
601	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
602	e30001cf	Matthew Grooms	<?php if (!$group): ?>
603	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
604			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" />
605	e30001cf	Matthew Grooms	</a>
606			<?php endif; ?>
607			</td>
608			</tr>
609			<?php
610			/* can only delete user priv indexes */
611			if (!$group)
612			$i++;
613			endforeach;
614			endif;
615			?>
616			<tr>
617			<td class="list" colspan="3"></td>
618			<td class="list">
619			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
620	6b8588c6	Colin Fleming	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
621	e30001cf	Matthew Grooms	</a>
622			</td>
623			</tr>
624			</table>
625			</td>
626			</tr>
627			<tr>
628			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
629			<td width="78%" class="vtable">
630	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="certificates">
631	e30001cf	Matthew Grooms	<tr>
632			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
633			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
634			<td class="list"></td>
635			</tr>
636			<?php
637	3ccb9689	Charlie Marshall
638	e30001cf	Matthew Grooms	$a_cert = $a_user[$id]['cert'];
639			if(is_array($a_cert)):
640			$i = 0;
641	c25f73ae	jim-p	foreach ($a_cert as $certref):
642			$cert = lookup_cert($certref);
643			$ca = lookup_ca($cert['caref']);
644	e30001cf	Matthew Grooms	?>
645			<tr>
646			<td class="listlr">
647	f2a86ca9	jim-p	<?=htmlspecialchars($cert['descr']);?>
648	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
649			(<b>Revoked</b>)
650			<?php endif; ?>
651	e30001cf	Matthew Grooms	</td>
652			<td class="listr">
653	f2a86ca9	jim-p	<?=htmlspecialchars($ca['descr']);?>
654	e30001cf	Matthew Grooms	</td>
655	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
656			<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
657	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
658	e30001cf	Matthew Grooms	</a>
659	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
660	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
661	e30001cf	Matthew Grooms	</a>
662	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')">
663	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
664	e30001cf	Matthew Grooms	</a>
665			</td>
666			</tr>
667			<?php
668			$i++;
669			endforeach;
670			endif;
671			?>
672			<tr>
673			<td class="list" colspan="2"></td>
674			<td class="list">
675	6b8588c6	Colin Fleming	<a href="system_certmanager.php?act=new&userid=<?=$id?>">
676			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
677	e30001cf	Matthew Grooms	</a>
678			</td>
679			</tr>
680			</table>
681			</td>
682			</tr>
683	45ee90ed	Matthew Grooms
684	c9794c06	Ermal	<?php else : ?>
685	b4e6524c	jim-p	<?php if (is_array($config['ca']) && count($config['ca']) > 0): ?>
686			<?php $i = 0; foreach( $config['ca'] as $ca) {
687	c9794c06	Ermal	if (!$ca['prv'])
688			continue;
689			$i++;
690			}
691			?>
692
693	6b8588c6	Colin Fleming	<tr id="usercertchck">
694	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
695			<td width="78%" class="vtable">
696	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:usercertClicked(this)" /> <?=gettext("Click to create a user certificate."); ?>
697	c9794c06	Ermal	</td>
698			</tr>
699
700			<?php if ($i > 0): ?>
701
702			<tr id="usercert" name="usercert" style="display:none">
703			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
704			<td width="78%" class="vtable">
705	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="certificate">
706	c9794c06	Ermal	<tr>
707			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
708			<td width="78%" class="vtable">
709	6b8588c6	Colin Fleming	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" />
710	c9794c06	Ermal	</td>
711			</tr>
712			<tr>
713			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
714			<td width="78%" class="vtable">
715	6b8588c6	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
716	c9794c06	Ermal	<?php
717	b4e6524c	jim-p	foreach( $config['ca'] as $ca):
718	c9794c06	Ermal	if (!$ca['prv'])
719			continue;
720			?>
721	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"><?=$ca['descr'];?></option>
722	c9794c06	Ermal	<?php endforeach; ?>
723			</select>
724			</td>
725			</tr>
726			<tr>
727			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
728			<td width="78%" class="vtable">
729			<select name='keylen' class="formselect">
730			<?php
731	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
732	c9794c06	Ermal	foreach( $cert_keylens as $len):
733			?>
734			<option value="<?=$len;?>"><?=$len;?></option>
735			<?php endforeach; ?>
736			</select>
737			bits
738			</td>
739			</tr>
740			<tr>
741			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
742			<td width="78%" class="vtable">
743	6b8588c6	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />days
744	c9794c06	Ermal	</td>
745			</tr>
746			</table>
747			</td>
748			</tr>
749
750			<?php endif; endif; ?>
751	e30001cf	Matthew Grooms	<?php endif; ?>
752	45ee90ed	Matthew Grooms
753	1c8faa89	jim-p	<tr id="sshkeychck" <?php if(!empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
754	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
755			<td width="78%" class="vtable">
756	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:sshkeyClicked(this)" /> <?=gettext("Click to paste an authorized key."); ?>
757	c9794c06	Ermal	</td>
758			</tr>
759	1c8faa89	jim-p	<tr id="sshkey" <?php if(empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
760	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
761			<td width="78%" class="vtable">
762			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
763	8cd558b6	ayvis	<br />
764	e30001cf	Matthew Grooms	<?=gettext("Paste an authorized keys file here.");?>
765			</td>
766			</tr>
767	6b8588c6	Colin Fleming	<tr id="ipsecpskrow">
768	ddd1fb7f	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
769			<td width="78%" class="vtable">
770	6b8588c6	Colin Fleming	<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>" />
771	ddd1fb7f	jim-p	</td>
772			</tr>
773	e30001cf	Matthew Grooms	<tr>
774			<td width="22%" valign="top"> </td>
775			<td width="78%">
776	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
777	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
778	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
779	e30001cf	Matthew Grooms	<?php endif;?>
780			</td>
781			</tr>
782			</table>
783			</form>
784
785			<?php else: ?>
786
787	6b8588c6	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
788	5b42a459	bcyrill	<thead>
789			<tr>
790			<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th>
791			<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th>
792			<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th>
793			<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th>
794	6b8588c6	Colin Fleming	<th width="10%" class="list"></th>
795	5b42a459	bcyrill	</tr>
796			</thead>
797	6b8588c6	Colin Fleming	<tfoot>
798			<tr>
799			<td class="list" colspan="4"></td>
800			<td class="list">
801			<a href="system_usermanager.php?act=new">
802			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
803			</a>
804			</td>
805			</tr>
806			<tr>
807			<td colspan="4">
808			<p>
809			<?=gettext("Additional users can be added here. User permissions for accessing " .
810			"the webConfigurator can be assigned directly or inherited from group memberships. " .
811			"An icon that appears grey indicates that it is a system defined object. " .
812			"Some system object properties can be modified but they cannot be deleted."); ?>
813	8cd558b6	ayvis	<br /><br />
814	6b8588c6	Colin Fleming	<?=gettext("Accounts created here are also used for other parts of the system " .
815			"such as OpenVPN, IPsec, and Captive Portal.");?>
816			</p>
817			</td>
818			</tr>
819			</tfoot>
820	5b42a459	bcyrill	<tbody>
821			<?php
822			$i = 0;
823			foreach($a_user as $userent):
824			?>
825	6b8588c6	Colin Fleming	<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
826	5b42a459	bcyrill	<td class="listlr">
827	6b8588c6	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icons">
828	5b42a459	bcyrill	<tr>
829	6b8588c6	Colin Fleming	<td align="left" valign="middle">
830	5b42a459	bcyrill	<?php
831			if($userent['scope'] != "user")
832			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
833			else
834			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
835			?>
836			<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
837			</td>
838			<td align="left" valign="middle">
839			<?=htmlspecialchars($userent['name']);?>
840			</td>
841			</tr>
842			</table>
843			</td>
844			<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td>
845			<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
846			<td class="listbg">
847			<?=implode(",",local_user_get_groups($userent));?>
848
849			</td>
850	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
851			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
852	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
853			</a>
854			<?php if($userent['scope'] != "system"): ?>
855
856	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
857	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
858			</a>
859			<?php endif; ?>
860			</td>
861			</tr>
862			<?php
863			$i++;
864			endforeach;
865			?>
866			</tbody>
867	45ee90ed	Matthew Grooms	</table>
868
869	e30001cf	Matthew Grooms	<?php endif; ?>
870	45ee90ed	Matthew Grooms
871	e30001cf	Matthew Grooms	</div>
872	45ee90ed	Matthew Grooms	</td>
873			</tr>
874	1df17ba9	Scott Ullrich	</table>
875	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
876			</body>
877	12c2ec2e	Charlie Marshall	</html>

Project

General

Profile

pfSense