/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_usermanager.php @ bfb0b9dc

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38			pfSense_BUILDER_BINARIES:
39			pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	45ee90ed	Matthew Grooms	if (isAllowedPage("system_usermanager")) {
53	31b53653	Scott Ullrich
54	45ee90ed	Matthew Grooms	// start admin user code
55	b79454a7	Carlos Eduardo Ramos	$pgtitle = array(gettext("System"),gettext("User Manager"));
56	fab7ff44	Bill Marquette
57	45ee90ed	Matthew Grooms	$id = $_GET['id'];
58			if (isset($_POST['id']))
59			$id = $_POST['id'];
60	1df17ba9	Scott Ullrich
61	7e4a4513	Scott Ullrich	if (!is_array($config['system']['user']))
62			$config['system']['user'] = array();
63	1df17ba9	Scott Ullrich
64	6b07c15a	Matthew Grooms	$a_user = &$config['system']['user'];
65	45ee90ed	Matthew Grooms
66	6b07c15a	Matthew Grooms	if ($_GET['act'] == "deluser") {
67	45ee90ed	Matthew Grooms
68	58fdb8ad	Matthew Grooms	if (!$a_user[$id]) {
69	6b07c15a	Matthew Grooms	pfSenseHeader("system_usermanager.php");
70			exit;
71	45ee90ed	Matthew Grooms	}
72
73	58fdb8ad	Matthew Grooms	local_user_del($a_user[$id]);
74			$userdeleted = $a_user[$id]['name'];
75			unset($a_user[$id]);
76	6b07c15a	Matthew Grooms	write_config();
77			$savemsg = gettext("User")." {$userdeleted} ".
78			gettext("successfully deleted")."<br/>";
79			}
80
81			if ($_GET['act'] == "delpriv") {
82
83	58fdb8ad	Matthew Grooms	if (!$a_user[$id]) {
84	6b07c15a	Matthew Grooms	pfSenseHeader("system_usermanager.php");
85			exit;
86	45ee90ed	Matthew Grooms	}
87	6b07c15a	Matthew Grooms
88			$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
89			unset($a_user[$id]['priv'][$_GET['privid']]);
90			write_config();
91			$_GET['act'] = "edit";
92			$savemsg = gettext("Privilege")." {$privdeleted} ".
93			gettext("successfully deleted")."<br/>";
94	45ee90ed	Matthew Grooms	}
95
96	93823b10	Matthew Grooms	if ($_GET['act'] == "expcert") {
97
98			if (!$a_user[$id]) {
99			pfSenseHeader("system_usermanager.php");
100			exit;
101			}
102
103			$cert =& $a_user[$id]['cert'][$_GET['certid']];
104
105			$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['name']}.crt");
106			$exp_data = base64_decode($cert['crt']);
107			$exp_size = strlen($exp_data);
108
109			header("Content-Type: application/octet-stream");
110			header("Content-Disposition: attachment; filename={$exp_name}");
111			header("Content-Length: $exp_size");
112			echo $exp_data;
113			exit;
114			}
115
116			if ($_GET['act'] == "expckey") {
117
118			if (!$a_user[$id]) {
119			pfSenseHeader("system_usermanager.php");
120			exit;
121			}
122
123			$cert =& $a_user[$id]['cert'][$_GET['certid']];
124
125			$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['name']}.key");
126			$exp_data = base64_decode($cert['prv']);
127			$exp_size = strlen($exp_data);
128
129			header("Content-Type: application/octet-stream");
130			header("Content-Disposition: attachment; filename={$exp_name}");
131			header("Content-Length: $exp_size");
132			echo $exp_data;
133			exit;
134			}
135
136	58fdb8ad	Matthew Grooms	if ($_GET['act'] == "delcert") {
137
138			if (!$a_user[$id]) {
139			pfSenseHeader("system_usermanager.php");
140			exit;
141			}
142
143			$certdeleted = $a_user[$id]['cert'][$_GET['certid']]['name'];
144			unset($a_user[$id]['cert'][$_GET['certid']]);
145			write_config();
146			$_GET['act'] = "edit";
147			$savemsg = gettext("Certificate")." {$certdeleted} ".
148			gettext("successfully deleted")."<br/>";
149			}
150
151	45ee90ed	Matthew Grooms	if ($_GET['act'] == "edit") {
152			if (isset($id) && $a_user[$id]) {
153			$pconfig['usernamefld'] = $a_user[$id]['name'];
154			$pconfig['fullname'] = $a_user[$id]['fullname'];
155	0092b3bd	mgrooms	$pconfig['expires'] = $a_user[$id]['expires'];
156	659fa7f2	Matthew Grooms	$pconfig['groups'] = local_user_get_groups($a_user[$id]);
157	45ee90ed	Matthew Grooms	$pconfig['utype'] = $a_user[$id]['scope'];
158			$pconfig['uid'] = $a_user[$id]['uid'];
159			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
160	6b07c15a	Matthew Grooms	$pconfig['priv'] = $a_user[$id]['priv'];
161	b4bfd25d	sullrich	$pconfig['disabled'] = isset($a_user[$id]['disabled']);
162	45ee90ed	Matthew Grooms	}
163			}
164
165			if ($_GET['act'] == "new") {
166			/*
167			* set this value cause the text field is read only
168			* and the user should not be able to mess with this
169			* setting.
170			*/
171			$pconfig['utype'] = "user";
172	13646069	Ermal	$pconfig['lifetime'] = 3650;
173	45ee90ed	Matthew Grooms	}
174
175			if ($_POST) {
176	dff1a09d	Scott Ullrich	conf_mount_rw();
177	45ee90ed	Matthew Grooms	unset($input_errors);
178			$pconfig = $_POST;
179
180			/* input validation */
181			if (isset($id) && ($a_user[$id])) {
182			$reqdfields = explode(" ", "usernamefld");
183	76d49f20	Renato Botelho	$reqdfieldsn = array(gettext("Username"));
184	45ee90ed	Matthew Grooms	} else {
185	c9794c06	Ermal	if (empty($_POST['name'])) {
186			$reqdfields = explode(" ", "usernamefld passwordfld1");
187	76d49f20	Renato Botelho	$reqdfieldsn = array(
188			gettext("Username"),
189			gettext("Password"));
190	c9794c06	Ermal	} else {
191			$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
192	76d49f20	Renato Botelho	$reqdfieldsn = array(
193			gettext("Username"),
194			gettext("Password"),
195			gettext("Descriptive name"),
196			gettext("Certificate authority"),
197			gettext("Key length"),
198			gettext("Lifetime"));
199	c9794c06	Ermal	}
200	45ee90ed	Matthew Grooms	}
201
202			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
203
204			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
205			$input_errors[] = gettext("The username contains invalid characters.");
206
207			if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
208			$input_errors[] = gettext("The passwords do not match.");
209
210			/* make sure this user name is unique */
211			if (!$input_errors && !(isset($id) && $a_user[$id])) {
212			foreach ($a_user as $userent) {
213			if ($userent['name'] == $_POST['usernamefld']) {
214			$input_errors[] = gettext("Another entry with the same username already exists.");
215			break;
216			}
217	58664cc9	Scott Ullrich	}
218	7e4a4513	Scott Ullrich	}
219	1df17ba9	Scott Ullrich
220	0092b3bd	mgrooms	/*
221			* Check for a valid expirationdate if one is set at all (valid means,
222			* strtotime() puts out a time stamp so any strtotime compatible time
223			* format may be used. to keep it simple for the enduser, we only
224			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
225			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
226			* Otherwhise such an entry would lead to an invalid expiration data.
227			*/
228			if ($_POST['expires']){
229			if(strtotime($_POST['expires']) > 0){
230			if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expires'])))) {
231	0a82fa9b	sullrich	// Allow items to lie in the past which ends up disabling.
232	0092b3bd	mgrooms	} else {
233			//convert from any strtotime compatible date to MM/DD/YYYY
234			$expdate = strtotime($_POST['expires']);
235			$_POST['expires'] = date("m/d/Y",$expdate);
236			}
237			} else {
238	b79454a7	Carlos Eduardo Ramos	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
239	0092b3bd	mgrooms	}
240			}
241
242	c9794c06	Ermal	if (!empty($_POST['name'])) {
243			$ca = lookup_ca($_POST['caref']);
244			if (!$ca)
245	39c0be7b	Vinicius Coque	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
246	c9794c06	Ermal	}
247
248	45ee90ed	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
249			if (isAjax() && is_array($input_errors)) {
250			input_errors2Ajax($input_errors);
251			exit;
252			}
253	1df17ba9	Scott Ullrich
254	45ee90ed	Matthew Grooms	if (!$input_errors) {
255			$userent = array();
256			if (isset($id) && $a_user[$id])
257			$userent = $a_user[$id];
258	1df17ba9	Scott Ullrich
259	fb1266d3	Matthew Grooms	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
260
261	659fa7f2	Matthew Grooms	/* the user name was modified */
262	45ee90ed	Matthew Grooms	if ($_POST['usernamefld'] <> $_POST['oldusername'])
263			$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
264	7e4a4513	Scott Ullrich
265	659fa7f2	Matthew Grooms	/* the user password was mofified */
266			if ($_POST['passwordfld1'])
267			local_user_set_password($userent, $_POST['passwordfld1']);
268
269	45ee90ed	Matthew Grooms	$userent['name'] = $_POST['usernamefld'];
270			$userent['fullname'] = $_POST['fullname'];
271	0092b3bd	mgrooms	$userent['expires'] = $_POST['expires'];
272	fb1266d3	Matthew Grooms	$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
273	b4bfd25d	sullrich
274			if($_POST['disabled'])
275			$userent['disabled'] = true;
276			else
277			unset($userent['disabled']);
278	1df17ba9	Scott Ullrich
279	45ee90ed	Matthew Grooms	if (isset($id) && $a_user[$id])
280			$a_user[$id] = $userent;
281			else {
282	c9794c06	Ermal	if (!empty($_POST['name'])) {
283			$cert = array();
284			$userent['cert'] = array();
285
286			$cert['name'] = $_POST['name'];
287
288			$subject = cert_get_subject_array($ca['crt']);
289
290			$dn = array(
291			'countryName' => $subject[0]['v'],
292			'stateOrProvinceName' => $subject[1]['v'],
293			'localityName' => $subject[2]['v'],
294			'organizationName' => $subject[3]['v'],
295			'emailAddress' => $subject[4]['v'],
296			'commonName' => $userent['name']);
297
298			cert_create($cert, $_POST['caref'], $_POST['keylen'],
299			(int)$_POST['lifetime'], $dn);
300
301			$userent['cert'][] = $cert;
302			}
303	45ee90ed	Matthew Grooms	$userent['uid'] = $config['system']['nextuid']++;
304			$a_user[] = $userent;
305			}
306	1df17ba9	Scott Ullrich
307	659fa7f2	Matthew Grooms	local_user_set($userent);
308			local_user_set_groups($userent,$_POST['groups']);
309	45ee90ed	Matthew Grooms	write_config();
310	1df17ba9	Scott Ullrich
311	970db70b	Scott Ullrich	if(is_dir("/etc/inc/privhooks"))
312			run_plugins("/etc/inc/privhooks");
313
314	dff1a09d	Scott Ullrich	conf_mount_ro();
315
316	45ee90ed	Matthew Grooms	pfSenseHeader("system_usermanager.php");
317			}
318			}
319	fab7ff44	Bill Marquette
320	45ee90ed	Matthew Grooms	include("head.inc");
321	1df17ba9	Scott Ullrich	?>
322	fab7ff44	Bill Marquette
323	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
324	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
325	0092b3bd	mgrooms	<!--
326			//Date Time Picker script- by TengYong Ng of http://www.rainforestnet.com
327			//Script featured on JavaScript Kit (http://www.javascriptkit.com)
328			//For this script, visit http://www.javascriptkit.com
329			// -->
330	9344dd7b	mgrooms	<script language="javascript" type="text/javascript" src="javascript/datetimepicker.js"></script>
331	6b07c15a	Matthew Grooms	<script language="JavaScript">
332			<!--
333
334			function setall_selected(id) {
335			selbox = document.getElementById(id);
336			count = selbox.options.length;
337			for (index = 0; index<count; index++)
338			selbox.options[index].selected = true;
339			}
340
341			function clear_selected(id) {
342			selbox = document.getElementById(id);
343			count = selbox.options.length;
344			for (index = 0; index<count; index++)
345			selbox.options[index].selected = false;
346			}
347
348			function remove_selected(id) {
349			selbox = document.getElementById(id);
350			index = selbox.options.length - 1;
351			for (; index >= 0; index--)
352			if (selbox.options[index].selected)
353			selbox.remove(index);
354			}
355
356			function copy_selected(srcid, dstid) {
357			src_selbox = document.getElementById(srcid);
358			dst_selbox = document.getElementById(dstid);
359			count = src_selbox.options.length;
360			for (index = 0; index < count; index++) {
361			if (src_selbox.options[index].selected) {
362			option = document.createElement('option');
363			option.text = src_selbox.options[index].text;
364			option.value = src_selbox.options[index].value;
365			dst_selbox.add(option, null);
366			}
367			}
368			}
369
370			function move_selected(srcid, dstid) {
371			copy_selected(srcid, dstid);
372			remove_selected(srcid);
373			}
374
375			function presubmit() {
376			clear_selected('notgroups');
377			setall_selected('groups');
378			}
379
380	c9794c06	Ermal	function usercertClicked(obj) {
381			if (obj.checked) {
382			document.getElementById("usercertchck").style.display="none";
383			document.getElementById("usercert").style.display="";
384			} else {
385			document.getElementById("usercert").style.display="none";
386			document.getElementById("usercertchck").style.display="";
387			}
388			}
389
390			function sshkeyClicked(obj) {
391			if (obj.checked) {
392			document.getElementById("sshkeychck").style.display="none";
393			document.getElementById("sshkey").style.display="";
394			} else {
395			document.getElementById("sshkey").style.display="none";
396			document.getElementById("sshkeychck").style.display="";
397			}
398			}
399	6b07c15a	Matthew Grooms	//-->
400			</script>
401	1df17ba9	Scott Ullrich	<?php
402	45ee90ed	Matthew Grooms	if ($input_errors)
403			print_input_errors($input_errors);
404			if ($savemsg)
405			print_info_box($savemsg);
406	1df17ba9	Scott Ullrich	?>
407	45ee90ed	Matthew Grooms	<table width="100%" border="0" cellpadding="0" cellspacing="0">
408			<tr>
409	e30001cf	Matthew Grooms	<td>
410	45ee90ed	Matthew Grooms	<?php
411			$tab_array = array();
412			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
413	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
414	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
415	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
416	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
417			?>
418			</td>
419			</tr>
420			<tr>
421	e30001cf	Matthew Grooms	<td id="mainarea">
422			<div class="tabcont">
423
424			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
425
426			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
427			<table width="100%" border="0" cellpadding="6" cellspacing="0">
428			<?php
429			$ro = "";
430			if ($pconfig['utype'] == "system")
431			$ro = "readonly = \"readonly\"";
432			?>
433			<tr>
434			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
435			<td width="78%" class="vtable">
436			<strong><?=strtoupper($pconfig['utype']);?></strong>
437			<input name="utype" type="hidden" value="<?=$pconfig['utype']?>"/>
438			</td>
439			</tr>
440	b4bfd25d	sullrich	<tr>
441	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
442	b4bfd25d	sullrich	<td width="78%" class="vtable">
443			<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "CHECKED"; ?>>
444			</td>
445			</tr>
446	e30001cf	Matthew Grooms	<tr>
447			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
448			<td width="78%" class="vtable">
449			<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/>
450			<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
451			</td>
452			</tr>
453			<tr>
454			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
455			<td width="78%" class="vtable">
456			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
457			</td>
458			</tr>
459			<tr>
460			<td width="78%" class="vtable">
461			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
462			</td>
463			</tr>
464			<tr>
465			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
466			<td width="78%" class="vtable">
467			<input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?=$ro;?>/>
468			<br/>
469			<?=gettext("User's full name, for your own information only");?>
470			</td>
471			</tr>
472	0092b3bd	mgrooms	<tr>
473	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
474	0092b3bd	mgrooms	<td width="78%" class="vtable">
475			<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=$pconfig['expires'];?>">
476			<a href="javascript:NewCal('expires','mmddyyyy')">
477	2b33f342	Renato Botelho	<img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_cal.gif" width="16" height="16" border="0" alt="<?=gettext("Pick a date");?>">
478	0092b3bd	mgrooms	</a>
479			<br>
480	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
481	0092b3bd	mgrooms	</tr>
482	e30001cf	Matthew Grooms	<tr>
483			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
484			<td width="78%" class="vtable" align="center">
485			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
486			<tr>
487			<td align="center" width="50%">
488	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Not Member Of"); ?></strong><br/>
489	e30001cf	Matthew Grooms	<br/>
490			<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onChange="clear_selected('groups')" multiple>
491			<?php
492			foreach ($config['system']['group'] as $group):
493			if ($group['gid'] == 1998) /* all users group */
494			continue;
495			if (in_array($group['name'],$pconfig['groups']))
496			continue;
497			?>
498			<option value="<?=$group['name'];?>" <?=$selected;?>>
499			<?=htmlspecialchars($group['name']);?>
500			</option>
501			<?php endforeach; ?>
502			</select>
503			<br/>
504			</td>
505			<td>
506			<br/>
507			<a href="javascript:move_selected('notgroups','groups')">
508	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
509	e30001cf	Matthew Grooms	</a>
510			<br/><br/>
511			<a href="javascript:move_selected('groups','notgroups')">
512	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
513	e30001cf	Matthew Grooms	</a>
514			</td>
515			<td align="center" width="50%">
516	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Member Of"); ?></strong><br/>
517	e30001cf	Matthew Grooms	<br/>
518			<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onChange="clear_selected('nogroups')" multiple>
519			<?php
520			foreach ($config['system']['group'] as $group):
521			if ($group['gid'] == 1998) /* all users group */
522			continue;
523			if (!in_array($group['name'],$pconfig['groups']))
524			continue;
525			?>
526			<option value="<?=$group['name'];?>">
527			<?=htmlspecialchars($group['name']);?>
528			</option>
529			<?php endforeach; ?>
530			</select>
531			<br/>
532			</td>
533			</tr>
534			</table>
535			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
536			</td>
537			</tr>
538
539			<?php if ($pconfig['uid']): ?>
540
541			<tr>
542			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
543			<td width="78%" class="vtable">
544			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
545			<tr>
546			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
547			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
548			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
549			<td class="list"></td>
550			</tr>
551			<?php
552
553			$privdesc = get_user_privdesc($a_user[$id]);
554			if(is_array($privdesc)):
555			$i = 0;
556			foreach ($privdesc as $priv):
557			$group = false;
558			if ($priv['group'])
559			$group = $priv['group'];
560			?>
561			<tr>
562			<td class="listlr"><?=$group;?></td>
563			<td class="listr">
564			<?=htmlspecialchars($priv['name']);?>
565			</td>
566			<td class="listbg">
567			<?=htmlspecialchars($priv['descr']);?>
568			</td>
569			<td valign="middle" nowrap class="list">
570			<?php if (!$group): ?>
571			<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
572			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
573			</a>
574			<?php endif; ?>
575			</td>
576			</tr>
577			<?php
578			/* can only delete user priv indexes */
579			if (!$group)
580			$i++;
581			endforeach;
582			endif;
583			?>
584			<tr>
585			<td class="list" colspan="3"></td>
586			<td class="list">
587			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
588			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
589			</a>
590			</td>
591			</tr>
592			</table>
593			</td>
594			</tr>
595			<tr>
596			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
597			<td width="78%" class="vtable">
598			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
599			<tr>
600			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
601			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
602			<td class="list"></td>
603			</tr>
604			<?php
605
606			$a_cert = $a_user[$id]['cert'];
607			if(is_array($a_cert)):
608			$i = 0;
609			foreach ($a_cert as $cert):
610			$ca = lookup_ca($cert['caref']);
611			?>
612			<tr>
613			<td class="listlr">
614			<?=htmlspecialchars($cert['name']);?>
615			</td>
616			<td class="listr">
617			<?=htmlspecialchars($ca['name']);?>
618			</td>
619			<td valign="middle" nowrap class="list">
620			<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
621	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
622	e30001cf	Matthew Grooms	</a>
623			<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
624	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
625	e30001cf	Matthew Grooms	</a>
626			<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this certificate?");?>')">
627	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
628	e30001cf	Matthew Grooms	</a>
629			</td>
630			</tr>
631			<?php
632			$i++;
633			endforeach;
634			endif;
635			?>
636			<tr>
637			<td class="list" colspan="2"></td>
638			<td class="list">
639			<a href="system_usermanager_addcert.php?userid=<?=$id?>">
640			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
641			</a>
642			</td>
643			</tr>
644			</table>
645			</td>
646			</tr>
647	45ee90ed	Matthew Grooms
648	c9794c06	Ermal	<?php else : ?>
649			<?php if (is_array($config['system']['ca']) && count($config['system']['ca']) > 0): ?>
650			<?php $i = 0; foreach( $config['system']['ca'] as $ca) {
651			if (!$ca['prv'])
652			continue;
653			$i++;
654			}
655			?>
656
657			<tr id="usercertchck" name="usercertchck" >
658			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
659			<td width="78%" class="vtable">
660	b79454a7	Carlos Eduardo Ramos	<input type="checkbox" onClick="javascript:usercertClicked(this)"> <?=gettext("Click to create a user certificate."); ?>
661	c9794c06	Ermal	</td>
662			</tr>
663
664			<?php if ($i > 0): ?>
665
666			<tr id="usercert" name="usercert" style="display:none">
667			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
668			<td width="78%" class="vtable">
669	d0412d85	Ermal	<table width="100%" border="0" cellpadding="6" cellspacing="0">
670	c9794c06	Ermal	<tr>
671			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
672			<td width="78%" class="vtable">
673			<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
674			</td>
675			</tr>
676			<tr>
677			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
678			<td width="78%" class="vtable">
679			<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
680			<?php
681			foreach( $config['system']['ca'] as $ca):
682			if (!$ca['prv'])
683			continue;
684			?>
685			<option value="<?=$ca['refid'];?>"><?=$ca['name'];?></option>
686			<?php endforeach; ?>
687			</select>
688			</td>
689			</tr>
690			<tr>
691			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
692			<td width="78%" class="vtable">
693			<select name='keylen' class="formselect">
694			<?php
695	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
696	c9794c06	Ermal	foreach( $cert_keylens as $len):
697			?>
698			<option value="<?=$len;?>"><?=$len;?></option>
699			<?php endforeach; ?>
700			</select>
701			bits
702			</td>
703			</tr>
704			<tr>
705			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
706			<td width="78%" class="vtable">
707			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>days
708			</td>
709			</tr>
710			</table>
711			</td>
712			</tr>
713
714			<?php endif; endif; ?>
715	e30001cf	Matthew Grooms	<?php endif; ?>
716	45ee90ed	Matthew Grooms
717	c9794c06	Ermal	<tr id="sshkeychck" name="sshkeychck" >
718			<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
719			<td width="78%" class="vtable">
720	b79454a7	Carlos Eduardo Ramos	<input type="checkbox" onClick="javascript:sshkeyClicked(this)"> <?=gettext("Click to paste an authorized key."); ?>
721	c9794c06	Ermal	</td>
722			</tr>
723			<tr id="sshkey" name="sshkey" style="display:none">
724	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
725			<td width="78%" class="vtable">
726			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
727			<br/>
728			<?=gettext("Paste an authorized keys file here.");?>
729			</td>
730			</tr>
731			<tr>
732			<td width="22%" valign="top"> </td>
733			<td width="78%">
734	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
735	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
736			<input name="id" type="hidden" value="<?=$id;?>" />
737			<?php endif;?>
738			</td>
739			</tr>
740			</table>
741			</form>
742
743			<?php else: ?>
744
745			<table width="100%" border="0" cellpadding="0" cellspacing="0">
746	45ee90ed	Matthew Grooms	<tr>
747	b79454a7	Carlos Eduardo Ramos	<td width="25%" class="listhdrr"><?=gettext("Username"); ?></td>
748			<td width="25%" class="listhdrr"><?=gettext("Full name"); ?></td>
749			<td width="5%" class="listhdrr"><?=gettext("Disabled"); ?></td>
750			<td width="25%" class="listhdrr"><?=gettext("Groups"); ?></td>
751	e30001cf	Matthew Grooms	<td width="10%" class="list"></td>
752	45ee90ed	Matthew Grooms	</tr>
753	e30001cf	Matthew Grooms	<?php
754			$i = 0;
755			foreach($a_user as $userent):
756			?>
757			<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
758			<td class="listlr">
759			<table border="0" cellpadding="0" cellspacing="0">
760	6b07c15a	Matthew Grooms	<tr>
761	e30001cf	Matthew Grooms	<td align="left" valign="center">
762			<?php
763			if($userent['scope'] != "user")
764			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
765			else
766			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
767			?>
768	b79454a7	Carlos Eduardo Ramos	<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
769	6b07c15a	Matthew Grooms	</td>
770	e30001cf	Matthew Grooms	<td align="left" valign="middle">
771			<?=htmlspecialchars($userent['name']);?>
772	6b07c15a	Matthew Grooms	</td>
773			</tr>
774			</table>
775	45ee90ed	Matthew Grooms	</td>
776	e30001cf	Matthew Grooms	<td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td>
777	b4bfd25d	sullrich	<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
778	e30001cf	Matthew Grooms	<td class="listbg">
779			<?=implode(",",local_user_get_groups($userent));?>
780
781	45ee90ed	Matthew Grooms	</td>
782	e30001cf	Matthew Grooms	<td valign="middle" nowrap class="list">
783			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
784	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
785	e30001cf	Matthew Grooms	</a>
786			<?php if($userent['scope'] != "system"): ?>
787
788			<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
789	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
790	e30001cf	Matthew Grooms	</a>
791			<?php endif; ?>
792	58fdb8ad	Matthew Grooms	</td>
793			</tr>
794	e30001cf	Matthew Grooms	<?php
795			$i++;
796			endforeach;
797			?>
798	fb1266d3	Matthew Grooms	<tr>
799	b4bfd25d	sullrich	<td class="list" colspan="4"></td>
800	e30001cf	Matthew Grooms	<td class="list">
801			<a href="system_usermanager.php?act=new">
802	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
803	e30001cf	Matthew Grooms	</a>
804	fb1266d3	Matthew Grooms	</td>
805			</tr>
806	45ee90ed	Matthew Grooms	<tr>
807	b4bfd25d	sullrich	<td colspan="4">
808	e30001cf	Matthew Grooms	<p>
809	5b1dcebf	Vinicius Coque	<?=gettext("Additional webConfigurator users can be added here.
810			User permissions can be assigned directly or inherited from group memberships.
811			An icon that appears grey indicates that it is a system defined object.
812			Some system object properties can be modified but they cannot be deleted."); ?>
813	e30001cf	Matthew Grooms	</p>
814	45ee90ed	Matthew Grooms	</td>
815			</tr>
816			</table>
817
818	e30001cf	Matthew Grooms	<?php endif; ?>
819	45ee90ed	Matthew Grooms
820	e30001cf	Matthew Grooms	</div>
821	45ee90ed	Matthew Grooms	</td>
822			</tr>
823	1df17ba9	Scott Ullrich	</table>
824	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
825			</body>
826
827	1df17ba9	Scott Ullrich	<?php
828
829	45ee90ed	Matthew Grooms	// end admin user code
830
831			} else {
832
833			// start normal user code
834	6b07c15a	Matthew Grooms
835	b79454a7	Carlos Eduardo Ramos	$pgtitle = array(gettext("System"),gettext("User Password"));
836	45ee90ed	Matthew Grooms
837			if (isset($_POST['save'])) {
838			unset($input_errors);
839
840			/* input validation */
841			$reqdfields = explode(" ", "passwordfld1");
842	76d49f20	Renato Botelho	$reqdfieldsn = array(gettext("Password"));
843	1df17ba9	Scott Ullrich
844	45ee90ed	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
845	1df17ba9	Scott Ullrich
846	45ee90ed	Matthew Grooms	if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
847	b79454a7	Carlos Eduardo Ramos	$input_errors[] = gettext("The passwords do not match.");
848	1df17ba9	Scott Ullrich
849	45ee90ed	Matthew Grooms	if (!$input_errors) {
850			// all values are okay --> saving changes
851			$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
852	1df17ba9	Scott Ullrich
853	45ee90ed	Matthew Grooms	write_config();
854	683c26cf	Vinicius Coque	$savemsg = gettext("Password successfully changed") . "<br />";
855	45ee90ed	Matthew Grooms	}
856			}
857
858	4494cf6a	Chris Buechler	/* determine if user is not local to system */
859	45ee90ed	Matthew Grooms	$islocal = false;
860			foreach($config['system']['user'] as $user)
861			if($user['name'] == $_SESSION['Username'])
862			$islocal = true;
863	fab7ff44	Bill Marquette	?>
864	1df17ba9	Scott Ullrich
865	45ee90ed	Matthew Grooms	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
866	1df17ba9	Scott Ullrich	<?php
867			include("head.inc");
868	45ee90ed	Matthew Grooms	include("fbegin.inc");
869			if ($input_errors)
870			print_input_errors($input_errors);
871			if ($savemsg)
872			print_info_box($savemsg);
873
874			if($islocal == false) {
875	b79454a7	Carlos Eduardo Ramos	echo gettext("Sorry, you cannot change the password for a LDAP user.");
876	45ee90ed	Matthew Grooms	include("fend.inc");
877			exit;
878			}
879	1df17ba9	Scott Ullrich	?>
880	e30001cf	Matthew Grooms	<div id="mainarea">
881			<div class="tabcont">
882			<form action="system_usermanager.php" method="post" name="iform" id="iform">
883			<table width="100%" border="0" cellpadding="6" cellspacing="0">
884			<tr>
885	b79454a7	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td>
886	e30001cf	Matthew Grooms	</tr>
887			<tr>
888	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td>
889	e30001cf	Matthew Grooms	<td width="78%" class="vtable">
890			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" />
891			</td>
892			</tr>
893			<tr>
894			<td width="78%" class="vtable">
895			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" />
896			<?=gettext("(confirmation)");?>
897			<br/>
898			<span class="vexpl">
899			<?=gettext("Select a new password");?>
900			</span>
901			</td>
902			</tr>
903			<tr>
904			<td width="22%" valign="top"> </td>
905			<td width="78%">
906			<input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
907			</td>
908			</tr>
909			</table>
910			</form>
911			</div>
912			</div>
913	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
914			</body>
915	82e913df	Scott Ullrich
916	1df17ba9	Scott Ullrich	<?php
917
918	6b07c15a	Matthew Grooms	} // end of normal user code
919	45ee90ed	Matthew Grooms
920			?>

Project

General

Profile

pfSense