Revision f5c9c0c7
Added by Steve Beaver over 8 years ago
| src/usr/local/www/system_usermanager.php | ||
|---|---|---|
| 50 | 50 |
} |
| 51 | 51 |
|
| 52 | 52 |
$a_user = &$config['system']['user']; |
| 53 |
$act = $_GET['act']; |
|
| 53 |
|
|
| 54 |
if (isset($_POST['act'])) {
|
|
| 55 |
$act = $_POST['act']; |
|
| 56 |
} else {
|
|
| 57 |
$act = $_GET['act']; |
|
| 58 |
} |
|
| 54 | 59 |
|
| 55 | 60 |
if (isset($_SERVER['HTTP_REFERER'])) {
|
| 56 | 61 |
$referer = $_SERVER['HTTP_REFERER']; |
| ... | ... | |
| 82 | 87 |
$pconfig['disabled'] = isset($a_user[$id]['disabled']); |
| 83 | 88 |
} |
| 84 | 89 |
|
| 85 |
if ($_GET['act'] == "deluser") {
|
|
| 90 |
if ($_POST['act'] == "deluser") {
|
|
| 86 | 91 |
|
| 87 |
if (!isset($_GET['username']) || !isset($a_user[$id]) || ($_GET['username'] != $a_user[$id]['name'])) {
|
|
| 92 |
if (!isset($_POST['username']) || !isset($a_user[$id]) || ($_POST['username'] != $a_user[$id]['name'])) {
|
|
| 88 | 93 |
pfSenseHeader("system_usermanager.php");
|
| 89 | 94 |
exit; |
| 90 | 95 |
} |
| 91 | 96 |
|
| 92 |
if ($_GET['username'] == $_SESSION['Username']) {
|
|
| 93 |
$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_GET['username']);
|
|
| 97 |
if ($_POST['username'] == $_SESSION['Username']) {
|
|
| 98 |
$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_POST['username']);
|
|
| 94 | 99 |
} else {
|
| 95 | 100 |
local_user_del($a_user[$id]); |
| 96 | 101 |
$userdeleted = $a_user[$id]['name']; |
| ... | ... | |
| 98 | 103 |
write_config(); |
| 99 | 104 |
$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
|
| 100 | 105 |
} |
| 106 |
|
|
| 101 | 107 |
} else if ($act == "new") {
|
| 102 | 108 |
/* |
| 103 | 109 |
* set this value cause the text field is read only |
| ... | ... | |
| 482 | 488 |
$privhtml .= '<td>'; |
| 483 | 489 |
$privhtml .= '</td>'; |
| 484 | 490 |
$privhtml .= '</tr>'; |
| 485 |
|
|
| 491 |
|
|
| 486 | 492 |
} |
| 487 | 493 |
|
| 488 | 494 |
$privhtml .= '</tbody>'; |
| ... | ... | |
| 611 | 617 |
<td><?php if (isset($userent['disabled'])) echo "*"?></td> |
| 612 | 618 |
<td><?=implode(",", local_user_get_groups($userent))?></td>
|
| 613 | 619 |
<td> |
| 614 |
<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
|
|
| 620 |
<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>" usepost></a>
|
|
| 615 | 621 |
<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?> |
| 616 |
<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
|
|
| 622 |
<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" usepost></a>
|
|
| 617 | 623 |
<?php endif; ?> |
| 618 | 624 |
</td> |
| 619 | 625 |
</tr> |
| ... | ... | |
| 624 | 630 |
</div> |
| 625 | 631 |
</div> |
| 626 | 632 |
<nav class="action-buttons"> |
| 627 |
<a href="?act=new" class="btn btn-sm btn-success"> |
|
| 633 |
<a href="?act=new" class="btn btn-sm btn-success" usepost>
|
|
| 628 | 634 |
<i class="fa fa-plus icon-embed-btn"></i> |
| 629 | 635 |
<?=gettext("Add")?>
|
| 630 | 636 |
</a> |
| ... | ... | |
| 633 | 639 |
<i class="fa fa-trash icon-embed-btn"></i> |
| 634 | 640 |
<?=gettext("Delete")?>
|
| 635 | 641 |
</button> |
| 642 |
|
|
| 636 | 643 |
</nav> |
| 637 | 644 |
</form> |
| 638 | 645 |
<div class="infoblock"> |
| ... | ... | |
| 643 | 650 |
'<p>' . gettext("Accounts added here are also used for other parts of the system " .
|
| 644 | 651 |
"such as OpenVPN, IPsec, and Captive Portal.") . '</p>' |
| 645 | 652 |
); |
| 646 |
?></div><?php |
|
| 653 |
|
|
| 654 |
|
|
| 655 |
// The scripts that follow are an EXPERIMENT in using jQuery/Javascript to automatically convert |
|
| 656 |
// GET calls to POST calls |
|
| 657 |
// Any anchor with the attribute "usepost" usses these functions. In this file "Edit user", "Delete user" and "Add" |
|
| 658 |
// have that attribute |
|
| 659 |
// These function can be moved to an included file |
|
| 660 |
|
|
| 661 |
?></div> |
|
| 662 |
|
|
| 663 |
<script type="text/javascript"> |
|
| 664 |
//<![CDATA[ |
|
| 665 |
events.push(function() {
|
|
| 666 |
|
|
| 667 |
// Any time an anchor is clicked and the "usepost" attibute is present, convert the href attribute |
|
| 668 |
// to POST format, make a POST form and submit it |
|
| 669 |
$('a').click(function(e) {
|
|
| 670 |
// Does the clicker anchor have the "usepost" attribute? |
|
| 671 |
var attr = $(this).attr('usepost');
|
|
| 672 |
|
|
| 673 |
if (typeof attr !== typeof undefined && attr !== false) {
|
|
| 674 |
var href = $(this).attr("href");
|
|
| 675 |
|
|
| 676 |
postSubmit(get2post(href)); |
|
| 677 |
|
|
| 678 |
return false; |
|
| 679 |
} |
|
| 680 |
}); |
|
| 681 |
|
|
| 682 |
|
|
| 683 |
// Convert a GET argument list such as ?name=fred&action=delete into an array of POST |
|
| 684 |
// parameters such as [[name, fred],[action, delete]] |
|
| 685 |
function get2post(getargs) {
|
|
| 686 |
var arglist = new Array(); |
|
| 687 |
|
|
| 688 |
getargs = getargs.substring(getargs.indexOf("?") + 1);
|
|
| 689 |
var argarray = getargs.split('&');
|
|
| 690 |
|
|
| 691 |
for (var i=0;i<argarray.length;i++) {
|
|
| 692 |
var thisarg = argarray[i].split('=');
|
|
| 693 |
var arg = new Array(thisarg[0], thisarg[1]); |
|
| 694 |
arglist[i] = arg; |
|
| 695 |
} |
|
| 696 |
|
|
| 697 |
return arglist; |
|
| 698 |
} |
|
| 699 |
|
|
| 700 |
// Create a form, add, the POST data and submit it |
|
| 701 |
function postSubmit(data) {
|
|
| 702 |
|
|
| 703 |
var form = $(document.createElement('form'));
|
|
| 704 |
|
|
| 705 |
$(form).attr("method", "POST");
|
|
| 706 |
|
|
| 707 |
for (var i=0;i<data.length;i++) {
|
|
| 708 |
var input = $("<input>").attr("type", "hidden").attr("name", data[i][0]).val(data[i][1]);
|
|
| 709 |
$(form).append($(input)); |
|
| 710 |
} |
|
| 711 |
|
|
| 712 |
// The CSRF magic is required because we will be viewing the results of the POST |
|
| 713 |
var input = $("<input>").attr("type", "hidden").attr("name", "__csrf_magic").val($('[name=__csrf_magic]').val());
|
|
| 714 |
$(form).append($(input)); |
|
| 715 |
|
|
| 716 |
$(form).appendTo('body').submit();
|
|
| 717 |
} |
|
| 718 |
|
|
| 719 |
}); |
|
| 720 |
//]]> |
|
| 721 |
</script> |
|
| 722 |
|
|
| 723 |
<?php |
|
| 647 | 724 |
include("foot.inc");
|
| 648 | 725 |
exit; |
| 649 | 726 |
} |
| ... | ... | |
| 1040 | 1117 |
$('form').submit(function() {
|
| 1041 | 1118 |
AllServers($('[name="groups[]"] option'), true);
|
| 1042 | 1119 |
}); |
| 1120 |
|
|
| 1043 | 1121 |
}); |
| 1044 | 1122 |
//]]> |
| 1045 | 1123 |
</script> |
Also available in: Unified diff
Experimental method to convert GET calls to POST