/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_usermanager.php @ d291634a

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	1df17ba9	Scott Ullrich	system_usermanager.php
5			part of m0n0wall (http://m0n0.ch/wall)
6
7	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
8			All rights reserved.
9
10	1df17ba9	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	fab7ff44	Bill Marquette	*/
37	1d333258	Scott Ullrich	/*
38	3ccb9689	Charlie Marshall	pfSense_BUILDER_BINARIES:
39	1d333258	Scott Ullrich	pfSense_MODULE: auth
40			*/
41	fab7ff44	Bill Marquette
42	6b07c15a	Matthew Grooms	##\|+PRIV
43			##\|*IDENT=page-system-usermanager
44			##\|*NAME=System: User Manager page
45			##\|*DESCR=Allow access to the 'System: User Manager' page.
46			##\|MATCH=system_usermanager.php
47			##\|-PRIV
48
49	ead24d63	sullrich	require("certs.inc");
50	fab7ff44	Bill Marquette	require("guiconfig.inc");
51
52	31b53653	Scott Ullrich
53	e33be77c	Ermal	// start admin user code
54			$pgtitle = array(gettext("System"),gettext("User Manager"));
55	fab7ff44	Bill Marquette
56	e33be77c	Ermal	$id = $_GET['id'];
57			if (isset($_POST['id']))
58			$id = $_POST['id'];
59	1df17ba9	Scott Ullrich
60	3ccb9689	Charlie Marshall	if (!is_array($config['system']['user']))
61	e33be77c	Ermal	$config['system']['user'] = array();
62	1df17ba9	Scott Ullrich
63	e33be77c	Ermal	$a_user = &$config['system']['user'];
64	45ee90ed	Matthew Grooms
65	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
66			$pconfig['usernamefld'] = $a_user[$id]['name'];
67			$pconfig['descr'] = $a_user[$id]['descr'];
68			$pconfig['expires'] = $a_user[$id]['expires'];
69			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
70			$pconfig['utype'] = $a_user[$id]['scope'];
71			$pconfig['uid'] = $a_user[$id]['uid'];
72			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
73			$pconfig['priv'] = $a_user[$id]['priv'];
74			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
75			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
76			}
77
78	e33be77c	Ermal	if ($_GET['act'] == "deluser") {
79	45ee90ed	Matthew Grooms
80	e33be77c	Ermal	if (!$a_user[$id]) {
81			pfSenseHeader("system_usermanager.php");
82			exit;
83	6b07c15a	Matthew Grooms	}
84
85	8a0ae97f	Renato Botelho	conf_mount_rw();
86	e33be77c	Ermal	local_user_del($a_user[$id]);
87	8a0ae97f	Renato Botelho	conf_mount_ro();
88	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
89			unset($a_user[$id]);
90			write_config();
91			$savemsg = gettext("User")." {$userdeleted} ".
92			gettext("successfully deleted")."<br/>";
93			}
94			else if ($_GET['act'] == "delpriv") {
95	6b07c15a	Matthew Grooms
96	e33be77c	Ermal	if (!$a_user[$id]) {
97			pfSenseHeader("system_usermanager.php");
98			exit;
99	45ee90ed	Matthew Grooms	}
100
101	e33be77c	Ermal	$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
102			unset($a_user[$id]['priv'][$_GET['privid']]);
103			local_user_set($a_user[$id]);
104			write_config();
105			$_GET['act'] = "edit";
106			$savemsg = gettext("Privilege")." {$privdeleted} ".
107			gettext("successfully deleted")."<br/>";
108			}
109			else if ($_GET['act'] == "expcert") {
110	93823b10	Matthew Grooms
111	e33be77c	Ermal	if (!$a_user[$id]) {
112			pfSenseHeader("system_usermanager.php");
113	93823b10	Matthew Grooms	exit;
114			}
115
116	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
117	93823b10	Matthew Grooms
118	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
119			$exp_data = base64_decode($cert['crt']);
120			$exp_size = strlen($exp_data);
121	93823b10	Matthew Grooms
122	e33be77c	Ermal	header("Content-Type: application/octet-stream");
123			header("Content-Disposition: attachment; filename={$exp_name}");
124			header("Content-Length: $exp_size");
125			echo $exp_data;
126			exit;
127			}
128			else if ($_GET['act'] == "expckey") {
129	93823b10	Matthew Grooms
130	e33be77c	Ermal	if (!$a_user[$id]) {
131			pfSenseHeader("system_usermanager.php");
132	93823b10	Matthew Grooms	exit;
133			}
134
135	e33be77c	Ermal	$cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
136	58fdb8ad	Matthew Grooms
137	e33be77c	Ermal	$exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
138			$exp_data = base64_decode($cert['prv']);
139			$exp_size = strlen($exp_data);
140	58fdb8ad	Matthew Grooms
141	e33be77c	Ermal	header("Content-Type: application/octet-stream");
142			header("Content-Disposition: attachment; filename={$exp_name}");
143			header("Content-Length: $exp_size");
144			echo $exp_data;
145			exit;
146			}
147			else if ($_GET['act'] == "delcert") {
148	58fdb8ad	Matthew Grooms
149	e33be77c	Ermal	if (!$a_user[$id]) {
150			pfSenseHeader("system_usermanager.php");
151			exit;
152	45ee90ed	Matthew Grooms	}
153
154	e33be77c	Ermal	$certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
155			$certdeleted = $certdeleted['descr'];
156			unset($a_user[$id]['cert'][$_GET['certid']]);
157			write_config();
158			$_GET['act'] = "edit";
159			$savemsg = gettext("Certificate")." {$certdeleted} ".
160			gettext("association removed.")."<br/>";
161			}
162			else if ($_GET['act'] == "new") {
163			/*
164			* set this value cause the text field is read only
165			* and the user should not be able to mess with this
166			* setting.
167			*/
168			$pconfig['utype'] = "user";
169			$pconfig['lifetime'] = 3650;
170			}
171	45ee90ed	Matthew Grooms
172	e33be77c	Ermal	if ($_POST) {
173			unset($input_errors);
174			$pconfig = $_POST;
175	45ee90ed	Matthew Grooms
176	e33be77c	Ermal	/* input validation */
177			if (isset($id) && ($a_user[$id])) {
178			$reqdfields = explode(" ", "usernamefld");
179			$reqdfieldsn = array(gettext("Username"));
180			} else {
181			if (empty($_POST['name'])) {
182			$reqdfields = explode(" ", "usernamefld passwordfld1");
183			$reqdfieldsn = array(
184			gettext("Username"),
185			gettext("Password"));
186	45ee90ed	Matthew Grooms	} else {
187	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
188			$reqdfieldsn = array(
189			gettext("Username"),
190			gettext("Password"),
191			gettext("Descriptive name"),
192			gettext("Certificate authority"),
193			gettext("Key length"),
194			gettext("Lifetime"));
195	45ee90ed	Matthew Grooms	}
196	e33be77c	Ermal	}
197	45ee90ed	Matthew Grooms
198	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
199	45ee90ed	Matthew Grooms
200	e33be77c	Ermal	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
201			$input_errors[] = gettext("The username contains invalid characters.");
202	45ee90ed	Matthew Grooms
203	e33be77c	Ermal	if (strlen($_POST['usernamefld']) > 16)
204			$input_errors[] = gettext("The username is longer than 16 characters.");
205	94d455da	jim-p
206	e33be77c	Ermal	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
207			$input_errors[] = gettext("The passwords do not match.");
208	45ee90ed	Matthew Grooms
209	e33be77c	Ermal	if (isset($id) && $a_user[$id])
210			$oldusername = $a_user[$id]['name'];
211			else
212			$oldusername = "";
213			/* make sure this user name is unique */
214			if (!$input_errors) {
215			foreach ($a_user as $userent) {
216			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
217			$input_errors[] = gettext("Another entry with the same username already exists.");
218			break;
219	58664cc9	Scott Ullrich	}
220	3dec33d4	Erik Fonnesbeck	}
221	e33be77c	Ermal	}
222			/* also make sure it is not reserved */
223			if (!$input_errors) {
224			$system_users = explode("\n", file_get_contents("/etc/passwd"));
225			foreach ($system_users as $s_user) {
226			$ent = explode(":", $s_user);
227			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
228			$input_errors[] = gettext("That username is reserved by the system.");
229			break;
230	8339ab6d	jim-p	}
231	7e4a4513	Scott Ullrich	}
232	e33be77c	Ermal	}
233	1df17ba9	Scott Ullrich
234	e33be77c	Ermal	/*
235			* Check for a valid expirationdate if one is set at all (valid means,
236	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
237	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
238			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
239			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
240			* Otherwhise such an entry would lead to an invalid expiration data.
241			*/
242			if ($_POST['expires']){
243	4d148b59	Yehuda Katz	try {
244			$expdate = new DateTime($_POST['expires']);
245			//convert from any DateTime compatible date to MM/DD/YYYY
246			$_POST['expires'] = $expdate->format("m/d/Y");
247			} catch ( Exception $ex ) {
248	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
249	0092b3bd	mgrooms	}
250	e33be77c	Ermal	}
251	0092b3bd	mgrooms
252	e33be77c	Ermal	if (!empty($_POST['name'])) {
253			$ca = lookup_ca($_POST['caref']);
254			if (!$ca)
255			$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
256			}
257	c9794c06	Ermal
258	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
259			if (isAjax() && is_array($input_errors)) {
260			input_errors2Ajax($input_errors);
261			exit;
262			}
263	1df17ba9	Scott Ullrich
264	e33be77c	Ermal	if (!$input_errors) {
265			conf_mount_rw();
266			$userent = array();
267			if (isset($id) && $a_user[$id])
268			$userent = $a_user[$id];
269	e879fc81	Ermal
270	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
271
272			/* the user name was modified */
273	fdcf104c	jim-p	if ($_POST['usernamefld'] <> $_POST['oldusername']) {
274	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
275	fdcf104c	jim-p	local_user_del($userent);
276			}
277	1df17ba9	Scott Ullrich
278	e33be77c	Ermal	/* the user password was mofified */
279			if ($_POST['passwordfld1'])
280			local_user_set_password($userent, $_POST['passwordfld1']);
281	1df17ba9	Scott Ullrich
282	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
283			$userent['descr'] = $_POST['descr'];
284			$userent['expires'] = $_POST['expires'];
285			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
286			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
287	3ccb9689	Charlie Marshall
288	e33be77c	Ermal	if($_POST['disabled'])
289			$userent['disabled'] = true;
290	3ccb9689	Charlie Marshall	else
291	e33be77c	Ermal	unset($userent['disabled']);
292
293			if (isset($id) && $a_user[$id])
294			$a_user[$id] = $userent;
295			else {
296			if (!empty($_POST['name'])) {
297			$cert = array();
298			$cert['refid'] = uniqid();
299			$userent['cert'] = array();
300
301			$cert['descr'] = $_POST['name'];
302
303			$subject = cert_get_subject_array($ca['crt']);
304
305			$dn = array(
306			'countryName' => $subject[0]['v'],
307			'stateOrProvinceName' => $subject[1]['v'],
308			'localityName' => $subject[2]['v'],
309			'organizationName' => $subject[3]['v'],
310			'emailAddress' => $subject[4]['v'],
311			'commonName' => $userent['name']);
312
313			cert_create($cert, $_POST['caref'], $_POST['keylen'],
314			(int)$_POST['lifetime'], $dn);
315
316			if (!is_array($config['cert']))
317			$config['cert'] = array();
318			$config['cert'][] = $cert;
319			$userent['cert'][] = $cert['refid'];
320			}
321			$userent['uid'] = $config['system']['nextuid']++;
322			/* Add the user to All Users group. */
323			foreach ($config['system']['group'] as $gidx => $group) {
324			if ($group['name'] == "all") {
325			if (!is_array($config['system']['group'][$gidx]['member']))
326			$config['system']['group'][$gidx]['member'] = array();
327			$config['system']['group'][$gidx]['member'][] = $userent['uid'];
328			break;
329			}
330			}
331	970db70b	Scott Ullrich
332	e33be77c	Ermal	$a_user[] = $userent;
333	45ee90ed	Matthew Grooms	}
334	e33be77c	Ermal
335			local_user_set_groups($userent,$_POST['groups']);
336			local_user_set($userent);
337			write_config();
338
339			if(is_dir("/etc/inc/privhooks"))
340			run_plugins("/etc/inc/privhooks");
341
342			conf_mount_ro();
343	3ccb9689	Charlie Marshall
344	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
345	45ee90ed	Matthew Grooms	}
346	e33be77c	Ermal	}
347	fab7ff44	Bill Marquette
348	e33be77c	Ermal	include("head.inc");
349	1df17ba9	Scott Ullrich	?>
350	fab7ff44	Bill Marquette
351	12c2ec2e	Charlie Marshall	<link rel="stylesheet" type="text/css" href="/javascript/jquery-ui-timepicker-addon/css/jquery-ui-timepicker-addon.css" />
352			<link rel="stylesheet" type="text/css" href="/javascript/jquery/jquery-ui.custom.css" />
353
354			<script>
355			jQuery(function() {
356	23991e58	Charlie Marshall	jQuery( "#expires" ).datepicker( { dateFormat: 'mm/dd/yy', changeYear: true, yearRange: "+0:+100" } );
357	12c2ec2e	Charlie Marshall	});
358			</script>
359
360	1df17ba9	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
361	6b07c15a	Matthew Grooms	<?php include("fbegin.inc"); ?>
362	12c2ec2e	Charlie Marshall
363	6b8588c6	Colin Fleming	<script type="text/javascript">
364			//<![CDATA[
365	6b07c15a	Matthew Grooms
366			function setall_selected(id) {
367			selbox = document.getElementById(id);
368			count = selbox.options.length;
369			for (index = 0; index<count; index++)
370			selbox.options[index].selected = true;
371			}
372
373			function clear_selected(id) {
374			selbox = document.getElementById(id);
375			count = selbox.options.length;
376			for (index = 0; index<count; index++)
377			selbox.options[index].selected = false;
378			}
379
380			function remove_selected(id) {
381			selbox = document.getElementById(id);
382			index = selbox.options.length - 1;
383			for (; index >= 0; index--)
384			if (selbox.options[index].selected)
385			selbox.remove(index);
386			}
387
388			function copy_selected(srcid, dstid) {
389			src_selbox = document.getElementById(srcid);
390			dst_selbox = document.getElementById(dstid);
391			count = src_selbox.options.length;
392			for (index = 0; index < count; index++) {
393			if (src_selbox.options[index].selected) {
394			option = document.createElement('option');
395			option.text = src_selbox.options[index].text;
396			option.value = src_selbox.options[index].value;
397			dst_selbox.add(option, null);
398			}
399			}
400			}
401
402			function move_selected(srcid, dstid) {
403			copy_selected(srcid, dstid);
404			remove_selected(srcid);
405			}
406
407			function presubmit() {
408			clear_selected('notgroups');
409			setall_selected('groups');
410			}
411
412	c9794c06	Ermal	function usercertClicked(obj) {
413			if (obj.checked) {
414			document.getElementById("usercertchck").style.display="none";
415			document.getElementById("usercert").style.display="";
416			} else {
417			document.getElementById("usercert").style.display="none";
418			document.getElementById("usercertchck").style.display="";
419			}
420			}
421
422			function sshkeyClicked(obj) {
423			if (obj.checked) {
424			document.getElementById("sshkeychck").style.display="none";
425			document.getElementById("sshkey").style.display="";
426			} else {
427			document.getElementById("sshkey").style.display="none";
428			document.getElementById("sshkeychck").style.display="";
429			}
430			}
431	6b8588c6	Colin Fleming	//]]>
432	6b07c15a	Matthew Grooms	</script>
433	1df17ba9	Scott Ullrich	<?php
434	45ee90ed	Matthew Grooms	if ($input_errors)
435			print_input_errors($input_errors);
436			if ($savemsg)
437			print_info_box($savemsg);
438	1df17ba9	Scott Ullrich	?>
439	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="user manager">
440	45ee90ed	Matthew Grooms	<tr>
441	e30001cf	Matthew Grooms	<td>
442	45ee90ed	Matthew Grooms	<?php
443			$tab_array = array();
444			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
445	6b07c15a	Matthew Grooms	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
446	45ee90ed	Matthew Grooms	$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
447	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
448	45ee90ed	Matthew Grooms	display_top_tabs($tab_array);
449			?>
450			</td>
451			</tr>
452			<tr>
453	e30001cf	Matthew Grooms	<td id="mainarea">
454			<div class="tabcont">
455
456			<?php if ($_GET['act'] == "new" \|\| $_GET['act'] == "edit" \|\| $input_errors): ?>
457
458			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
459	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
460	e30001cf	Matthew Grooms	<?php
461			$ro = "";
462			if ($pconfig['utype'] == "system")
463	6b8588c6	Colin Fleming	$ro = "readonly=\"readonly\"";
464	e30001cf	Matthew Grooms	?>
465			<tr>
466			<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
467			<td width="78%" class="vtable">
468	8db87547	jim-p	<strong><?=strtoupper(htmlspecialchars($pconfig['utype']));?></strong>
469	6b8588c6	Colin Fleming	<input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>" />
470	e30001cf	Matthew Grooms	</td>
471			</tr>
472	b4bfd25d	sullrich	<tr>
473	2afddcb1	sullrich	<td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td>
474	b4bfd25d	sullrich	<td width="78%" class="vtable">
475	6b8588c6	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" <?php if($pconfig['disabled']) echo "checked=\"checked\""; ?> />
476	b4bfd25d	sullrich	</td>
477			</tr>
478	e30001cf	Matthew Grooms	<tr>
479			<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
480			<td width="78%" class="vtable">
481	6b8588c6	Colin Fleming	<input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?> />
482	e30001cf	Matthew Grooms	<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
483			</td>
484			</tr>
485			<tr>
486			<td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
487			<td width="78%" class="vtable">
488			<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" />
489			</td>
490			</tr>
491			<tr>
492			<td width="78%" class="vtable">
493			<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?>
494			</td>
495			</tr>
496			<tr>
497			<td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
498			<td width="78%" class="vtable">
499	6b8588c6	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?> />
500	e30001cf	Matthew Grooms	<br/>
501			<?=gettext("User's full name, for your own information only");?>
502			</td>
503			</tr>
504	0092b3bd	mgrooms	<tr>
505	b79454a7	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td>
506	0092b3bd	mgrooms	<td width="78%" class="vtable">
507	6b8588c6	Colin Fleming	<input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>" />
508			<br/>
509	b79454a7	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span></td>
510	0092b3bd	mgrooms	</tr>
511	e30001cf	Matthew Grooms	<tr>
512			<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
513			<td width="78%" class="vtable" align="center">
514	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="group membership">
515	e30001cf	Matthew Grooms	<tr>
516			<td align="center" width="50%">
517	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Not Member Of"); ?></strong><br/>
518	e30001cf	Matthew Grooms	<br/>
519	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onchange="clear_selected('groups')" multiple="multiple">
520	e30001cf	Matthew Grooms	<?php
521			foreach ($config['system']['group'] as $group):
522			if ($group['gid'] == 1998) /* all users group */
523			continue;
524	08724afa	jim-p	if (is_array($pconfig['groups']) && in_array($group['name'],$pconfig['groups']))
525	e30001cf	Matthew Grooms	continue;
526			?>
527			<option value="<?=$group['name'];?>" <?=$selected;?>>
528			<?=htmlspecialchars($group['name']);?>
529			</option>
530			<?php endforeach; ?>
531			</select>
532			<br/>
533			</td>
534			<td>
535			<br/>
536			<a href="javascript:move_selected('notgroups','groups')">
537	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" />
538	e30001cf	Matthew Grooms	</a>
539			<br/><br/>
540			<a href="javascript:move_selected('groups','notgroups')">
541	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" />
542	e30001cf	Matthew Grooms	</a>
543			</td>
544			<td align="center" width="50%">
545	b79454a7	Carlos Eduardo Ramos	<strong><?=gettext("Member Of"); ?></strong><br/>
546	e30001cf	Matthew Grooms	<br/>
547	6b8588c6	Colin Fleming	<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onchange="clear_selected('nogroups')" multiple="multiple">
548	e30001cf	Matthew Grooms	<?php
549	08724afa	jim-p	if (is_array($pconfig['groups'])) {
550	e30001cf	Matthew Grooms	foreach ($config['system']['group'] as $group):
551			if ($group['gid'] == 1998) /* all users group */
552			continue;
553			if (!in_array($group['name'],$pconfig['groups']))
554			continue;
555			?>
556			<option value="<?=$group['name'];?>">
557			<?=htmlspecialchars($group['name']);?>
558			</option>
559	08724afa	jim-p	<?php endforeach;
560			} ?>
561	e30001cf	Matthew Grooms	</select>
562			<br/>
563			</td>
564			</tr>
565			</table>
566			<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
567			</td>
568			</tr>
569
570	ff9eda9d	jim-p	<?php if (isset($pconfig['uid'])): ?>
571	e30001cf	Matthew Grooms
572			<tr>
573			<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
574			<td width="78%" class="vtable">
575	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges">
576	e30001cf	Matthew Grooms	<tr>
577			<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
578			<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
579			<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
580			<td class="list"></td>
581			</tr>
582			<?php
583	3ccb9689	Charlie Marshall
584	e30001cf	Matthew Grooms	$privdesc = get_user_privdesc($a_user[$id]);
585			if(is_array($privdesc)):
586			$i = 0;
587			foreach ($privdesc as $priv):
588			$group = false;
589			if ($priv['group'])
590			$group = $priv['group'];
591			?>
592			<tr>
593			<td class="listlr"><?=$group;?></td>
594			<td class="listr">
595			<?=htmlspecialchars($priv['name']);?>
596			</td>
597			<td class="listbg">
598			<?=htmlspecialchars($priv['descr']);?>
599			</td>
600	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
601	e30001cf	Matthew Grooms	<?php if (!$group): ?>
602	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
603			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" />
604	e30001cf	Matthew Grooms	</a>
605			<?php endif; ?>
606			</td>
607			</tr>
608			<?php
609			/* can only delete user priv indexes */
610			if (!$group)
611			$i++;
612			endforeach;
613			endif;
614			?>
615			<tr>
616			<td class="list" colspan="3"></td>
617			<td class="list">
618			<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
619	6b8588c6	Colin Fleming	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
620	e30001cf	Matthew Grooms	</a>
621			</td>
622			</tr>
623			</table>
624			</td>
625			</tr>
626			<tr>
627			<td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td>
628			<td width="78%" class="vtable">
629	6b8588c6	Colin Fleming	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="certificates">
630	e30001cf	Matthew Grooms	<tr>
631			<td width="45%" class="listhdrr"><?=gettext("Name");?></td>
632			<td width="45%" class="listhdrr"><?=gettext("CA");?></td>
633			<td class="list"></td>
634			</tr>
635			<?php
636	3ccb9689	Charlie Marshall
637	e30001cf	Matthew Grooms	$a_cert = $a_user[$id]['cert'];
638			if(is_array($a_cert)):
639			$i = 0;
640	c25f73ae	jim-p	foreach ($a_cert as $certref):
641			$cert = lookup_cert($certref);
642			$ca = lookup_ca($cert['caref']);
643	e30001cf	Matthew Grooms	?>
644			<tr>
645			<td class="listlr">
646	f2a86ca9	jim-p	<?=htmlspecialchars($cert['descr']);?>
647	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
648			(<b>Revoked</b>)
649			<?php endif; ?>
650	e30001cf	Matthew Grooms	</td>
651			<td class="listr">
652	f2a86ca9	jim-p	<?=htmlspecialchars($ca['descr']);?>
653	e30001cf	Matthew Grooms	</td>
654	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
655			<a href="system_usermanager.php?act=expckey&id=<?=$id;?>&certid=<?=$i;?>">
656	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export private key"); ?>" alt="<?=gettext("export private key"); ?>" width="17" height="17" border="0" />
657	e30001cf	Matthew Grooms	</a>
658	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>">
659	b79454a7	Carlos Eduardo Ramos	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" />
660	e30001cf	Matthew Grooms	</a>
661	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')">
662	2b33f342	Renato Botelho	<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" />
663	e30001cf	Matthew Grooms	</a>
664			</td>
665			</tr>
666			<?php
667			$i++;
668			endforeach;
669			endif;
670			?>
671			<tr>
672			<td class="list" colspan="2"></td>
673			<td class="list">
674	6b8588c6	Colin Fleming	<a href="system_certmanager.php?act=new&userid=<?=$id?>">
675			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" />
676	e30001cf	Matthew Grooms	</a>
677			</td>
678			</tr>
679			</table>
680			</td>
681			</tr>
682	45ee90ed	Matthew Grooms
683	c9794c06	Ermal	<?php else : ?>
684	b4e6524c	jim-p	<?php if (is_array($config['ca']) && count($config['ca']) > 0): ?>
685			<?php $i = 0; foreach( $config['ca'] as $ca) {
686	c9794c06	Ermal	if (!$ca['prv'])
687			continue;
688			$i++;
689			}
690			?>
691
692	6b8588c6	Colin Fleming	<tr id="usercertchck">
693	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
694			<td width="78%" class="vtable">
695	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:usercertClicked(this)" /> <?=gettext("Click to create a user certificate."); ?>
696	c9794c06	Ermal	</td>
697			</tr>
698
699			<?php if ($i > 0): ?>
700
701			<tr id="usercert" name="usercert" style="display:none">
702			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td>
703			<td width="78%" class="vtable">
704	6b8588c6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="certificate">
705	c9794c06	Ermal	<tr>
706			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
707			<td width="78%" class="vtable">
708	6b8588c6	Colin Fleming	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" />
709	c9794c06	Ermal	</td>
710			</tr>
711			<tr>
712			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
713			<td width="78%" class="vtable">
714	6b8588c6	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
715	c9794c06	Ermal	<?php
716	b4e6524c	jim-p	foreach( $config['ca'] as $ca):
717	c9794c06	Ermal	if (!$ca['prv'])
718			continue;
719			?>
720	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"><?=$ca['descr'];?></option>
721	c9794c06	Ermal	<?php endforeach; ?>
722			</select>
723			</td>
724			</tr>
725			<tr>
726			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
727			<td width="78%" class="vtable">
728			<select name='keylen' class="formselect">
729			<?php
730	3b4b9ff3	Ermal	$cert_keylens = array( "2048", "512", "1024", "4096");
731	c9794c06	Ermal	foreach( $cert_keylens as $len):
732			?>
733			<option value="<?=$len;?>"><?=$len;?></option>
734			<?php endforeach; ?>
735			</select>
736			bits
737			</td>
738			</tr>
739			<tr>
740			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
741			<td width="78%" class="vtable">
742	6b8588c6	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />days
743	c9794c06	Ermal	</td>
744			</tr>
745			</table>
746			</td>
747			</tr>
748
749			<?php endif; endif; ?>
750	e30001cf	Matthew Grooms	<?php endif; ?>
751	45ee90ed	Matthew Grooms
752	1c8faa89	jim-p	<tr id="sshkeychck" <?php if(!empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
753	c9794c06	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
754			<td width="78%" class="vtable">
755	6b8588c6	Colin Fleming	<input type="checkbox" onclick="javascript:sshkeyClicked(this)" /> <?=gettext("Click to paste an authorized key."); ?>
756	c9794c06	Ermal	</td>
757			</tr>
758	1c8faa89	jim-p	<tr id="sshkey" <?php if(empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>>
759	e30001cf	Matthew Grooms	<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
760			<td width="78%" class="vtable">
761			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
762			<br/>
763			<?=gettext("Paste an authorized keys file here.");?>
764			</td>
765			</tr>
766	6b8588c6	Colin Fleming	<tr id="ipsecpskrow">
767	ddd1fb7f	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
768			<td width="78%" class="vtable">
769	6b8588c6	Colin Fleming	<input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>" />
770	ddd1fb7f	jim-p	</td>
771			</tr>
772	e30001cf	Matthew Grooms	<tr>
773			<td width="22%" valign="top"> </td>
774			<td width="78%">
775	6e707e77	Vinicius Coque	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
776	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_user[$id]): ?>
777			<input name="id" type="hidden" value="<?=$id;?>" />
778			<?php endif;?>
779			</td>
780			</tr>
781			</table>
782			</form>
783
784			<?php else: ?>
785
786	6b8588c6	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
787	5b42a459	bcyrill	<thead>
788			<tr>
789			<th width="25%" class="listhdrr"><?=gettext("Username"); ?></th>
790			<th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th>
791			<th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th>
792			<th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th>
793	6b8588c6	Colin Fleming	<th width="10%" class="list"></th>
794	5b42a459	bcyrill	</tr>
795			</thead>
796	6b8588c6	Colin Fleming	<tfoot>
797			<tr>
798			<td class="list" colspan="4"></td>
799			<td class="list">
800			<a href="system_usermanager.php?act=new">
801			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add user"); ?>" alt="<?=gettext("add user"); ?>" width="17" height="17" border="0" />
802			</a>
803			</td>
804			</tr>
805			<tr>
806			<td colspan="4">
807			<p>
808			<?=gettext("Additional users can be added here. User permissions for accessing " .
809			"the webConfigurator can be assigned directly or inherited from group memberships. " .
810			"An icon that appears grey indicates that it is a system defined object. " .
811			"Some system object properties can be modified but they cannot be deleted."); ?>
812			<br/><br/>
813			<?=gettext("Accounts created here are also used for other parts of the system " .
814			"such as OpenVPN, IPsec, and Captive Portal.");?>
815			</p>
816			</td>
817			</tr>
818			</tfoot>
819	5b42a459	bcyrill	<tbody>
820			<?php
821			$i = 0;
822			foreach($a_user as $userent):
823			?>
824	6b8588c6	Colin Fleming	<tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'">
825	5b42a459	bcyrill	<td class="listlr">
826	6b8588c6	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icons">
827	5b42a459	bcyrill	<tr>
828	6b8588c6	Colin Fleming	<td align="left" valign="middle">
829	5b42a459	bcyrill	<?php
830			if($userent['scope'] != "user")
831			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
832			else
833			$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
834			?>
835			<img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" />
836			</td>
837			<td align="left" valign="middle">
838			<?=htmlspecialchars($userent['name']);?>
839			</td>
840			</tr>
841			</table>
842			</td>
843			<td class="listr"><?=htmlspecialchars($userent['descr']);?> </td>
844			<td class="listr"><?php if(isset($userent['disabled'])) echo "*"; ?></td>
845			<td class="listbg">
846			<?=implode(",",local_user_get_groups($userent));?>
847
848			</td>
849	6b8588c6	Colin Fleming	<td valign="middle" class="list nowrap">
850			<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
851	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit user"); ?>" alt="<?=gettext("edit user"); ?>" width="17" height="17" border="0" />
852			</a>
853			<?php if($userent['scope'] != "system"): ?>
854
855	6b8588c6	Colin Fleming	<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
856	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete user"); ?>" alt="<?=gettext("delete user"); ?>" width="17" height="17" border="0" />
857			</a>
858			<?php endif; ?>
859			</td>
860			</tr>
861			<?php
862			$i++;
863			endforeach;
864			?>
865			</tbody>
866	45ee90ed	Matthew Grooms	</table>
867
868	e30001cf	Matthew Grooms	<?php endif; ?>
869	45ee90ed	Matthew Grooms
870	e30001cf	Matthew Grooms	</div>
871	45ee90ed	Matthew Grooms	</td>
872			</tr>
873	1df17ba9	Scott Ullrich	</table>
874	45ee90ed	Matthew Grooms	<?php include("fend.inc");?>
875			</body>
876	12c2ec2e	Charlie Marshall	</html>

Project

General

Profile

pfSense