diff --git a/src/www/system_usermanager.php b/src/www/system_usermanager.php index 87772fab9..ca900a3e5 100644 --- a/src/www/system_usermanager.php +++ b/src/www/system_usermanager.php @@ -1,34 +1,33 @@ . - Copyright (C) 2003-2005 Manuel Kasper . - All rights reserved. + Copyright (C) 2014-2015 Deciso B.V. + Copyright (C) 2008 Shrew Soft Inc. + Copyright (C) 2005 Paul Taylor . + Copyright (C) 2003-2005 Manuel Kasper . + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); function get_user_privdesc(& $user) @@ -37,350 +36,363 @@ function get_user_privdesc(& $user) $privs = array(); - $user_privs = $user['priv']; - if (!is_array($user_privs)) { + if (!isset($user['priv']) || !is_array($user['priv'])) { $user_privs = array(); + } else { + $user_privs = $user['priv']; } $names = local_user_get_groups($user, true); foreach ($names as $name) { $group = getGroupEntry($name); - $group_privs = $group['priv']; - if (!is_array($group_privs)) { - continue; - } - foreach ($group_privs as $pname) { - if (in_array($pname, $user_privs)) { - continue; - } - if (!$priv_list[$pname]) { - continue; - } - $priv = $priv_list[$pname]; - $priv['group'] = $group['name']; - $privs[] = $priv; + if (isset($group['priv']) && is_array($group['priv'])) { + foreach ($group['priv'] as $pname) { + if (in_array($pname, $user_privs)) { + continue; + } + if (empty($priv_list[$pname])) { + continue; + } + $priv = $priv_list[$pname]; + $priv['group'] = $group['name']; + $priv['id'] = $pname; + $privs[] = $priv; + } } } foreach ($user_privs as $pname) { - if ($priv_list[$pname]) { + if (!empty($priv_list[$pname])) { + $priv_list[$pname]['id'] = $pname; $privs[] = $priv_list[$pname]; } } + legacy_html_escape_form_data($privs); return $privs; } - - -// start admin user code -$pgtitle = array(gettext('System'), gettext('Users')); - -// find web ui authentication method -$authcfg_type = auth_get_authserver($config['system']['webgui']['authmode'])['type']; - -$input_errors = array(); - -if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { - $id = $_POST['userid']; -} elseif (isset($_GET['userid']) && is_numericint($_GET['userid'])) { - $id = $_GET['userid']; -} - +// link user section if (!isset($config['system']['user']) || !is_array($config['system']['user'])) { $config['system']['user'] = array(); } - $a_user = &$config['system']['user']; -if (isset($_SERVER['HTTP_REFERER'])) { - $referer = $_SERVER['HTTP_REFERER']; -} else { - $referer = '/system_usermanager.php'; -} - -if (isset($id) && isset($a_user[$id])) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['user_dn'] = isset($a_user[$id]['user_dn']) ? $a_user[$id]['user_dn'] : null; - $pconfig['descr'] = $a_user[$id]['descr']; - $pconfig['expires'] = $a_user[$id]['expires']; - $pconfig['groups'] = local_user_get_groups($a_user[$id]); - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['uid'] = $a_user[$id]['uid']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - $pconfig['priv'] = $a_user[$id]['priv']; - $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk']; - $pconfig['disabled'] = isset($a_user[$id]['disabled']); -} - -if ($_POST['act'] == "deluser") { - if (!isset($_POST['username']) || !isset($a_user[$id]) || ($_POST['username'] != $a_user[$id]['name'])) { - redirectHeader("system_usermanager.php"); - exit; +// reset errors and action +$input_errors = array(); +$act = null; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + // process get type actions + if (isset($_GET['userid']) && isset($a_user[$_GET['userid']])) { + $id = $_GET['userid']; } - - local_user_del($a_user[$id]); - $userdeleted = $a_user[$id]['name']; - unset($a_user[$id]); - write_config(); - $savemsg = gettext("User")." {$userdeleted} ". - gettext("successfully deleted")."
"; -} elseif ($_POST['act'] == "delpriv") { - if (!$a_user[$id]) { - redirectHeader("system_usermanager.php"); - exit; + if (isset($_GET['act'])) { + $act = $_GET['act']; } - - $privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name']; - unset($a_user[$id]['priv'][$_POST['privid']]); - local_user_set($a_user[$id]); - write_config(); - $_POST['act'] = "edit"; - $savemsg = gettext("Privilege")." {$privdeleted} ". - gettext("successfully deleted")."
"; -} elseif ($_POST['act'] == "expcert") { - if (!$a_user[$id]) { - redirectHeader("system_usermanager.php"); - exit; + if (isset($_GET['savemsg'])) { + $savemsg = htmlspecialchars($_GET['savemsg']); } + if ($act == "expcert" && isset($id)) { + // export certificate + $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); - $cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]); + $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); + $exp_data = base64_decode($cert['crt']); + $exp_size = strlen($exp_data); - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); - $exp_data = base64_decode($cert['crt']); - $exp_size = strlen($exp_data); - - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} elseif ($_POST['act'] == "expckey") { - if (!$a_user[$id]) { - redirectHeader("system_usermanager.php"); + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; exit; - } + } elseif ($act == "expckey" && isset($id)) { + // export private key + $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); + $exp_data = base64_decode($cert['prv']); + $exp_size = strlen($exp_data); - $cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]); - - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); - $exp_data = base64_decode($cert['prv']); - $exp_size = strlen($exp_data); - - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} elseif ($_POST['act'] == "delcert") { - if (!$a_user[$id]) { - redirectHeader("system_usermanager.php"); + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; exit; + } elseif ($act == 'new' || $act == 'edit') { + // edit user, load or init data + $fieldnames = array('user_dn', 'descr', 'expires', 'scope', 'uid', 'priv', 'ipsecpsk', 'lifetime'); + if (isset($id)) { + if (isset($a_user[$id]['authorizedkeys'])) { + $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); + } + if (isset($a_user[$id]['name'])) { + $pconfig['usernamefld'] = $a_user[$id]['name']; + } + $pconfig['groups'] = local_user_get_groups($a_user[$id]); + $pconfig['disabled'] = isset($a_user[$id]['disabled']); + foreach ($fieldnames as $fieldname) { + if (isset($a_user[$id][$fieldname])) { + $pconfig[$fieldname] = $a_user[$id][$fieldname]; + } else { + $pconfig[$fieldname] = null; + } + } + } else { + // set defaults + $pconfig['groups'] = null; + $pconfig['disabled'] = false; + $pconfig['scope'] = "user"; + $pconfig['lifetime'] = 365; + $pconfig['usernamefld'] = null; + foreach ($fieldnames as $fieldname) { + if (isset($pconfig[$fieldname])) { + $pconfig[$fieldname] = null; + } + } + } + } +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + // process post type requests + if (isset($_POST['userid']) && isset($a_user[$_POST['userid']])) { + $id = $_POST['userid']; + } + if (isset($_POST['act'])) { + $act = $_POST['act']; } - - $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]); - $certdeleted = $certdeleted['descr']; - unset($a_user[$id]['cert'][$_POST['certid']]); - write_config(); - $_POST['act'] = "edit"; - $savemsg = gettext("Certificate")." {$certdeleted} ". - gettext("association removed.")."
"; -} elseif ($_POST['act'] == "new") { - /* - * set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - $pconfig['lifetime'] = 365; -} - -if (isset($_POST['save'])) { $pconfig = $_POST; - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = array(gettext("Username")); - } else { - if (empty($_POST['name'])) { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = array( - gettext("Username"), - gettext("Password")); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime"); - $reqdfieldsn = array( - gettext("Username"), - gettext("Password"), - gettext("Descriptive name"), - gettext("Certificate authority"), - gettext("Key length"), - gettext("Lifetime")); - } - } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) { - $input_errors[] = gettext("The username contains invalid characters."); - } - - if (strlen($_POST['usernamefld']) > 16) { - $input_errors[] = gettext("The username is longer than 16 characters."); - } - - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) { - $input_errors[] = gettext("The passwords do not match."); - } - - if (isset($id) && $a_user[$id]) { - $oldusername = $a_user[$id]['name']; - } else { - $oldusername = ""; - } - /* make sure this user name is unique */ - if (count($input_errors) == 0) { - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } - } - } - /* also make sure it is not reserved */ - if (count($input_errors) == 0) { - $system_users = explode("\n", file_get_contents("/etc/passwd")); - foreach ($system_users as $s_user) { - $ent = explode(":", $s_user); - if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { - $input_errors[] = gettext("That username is reserved by the system."); - break; - } - } - } - - /* - * Check for a valid expirationdate if one is set at all (valid means, - * DateTime puts out a time stamp so any DateTime compatible time - * format may be used. to keep it simple for the enduser, we only - * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs - * like "+1 day", which will be converted to MM/DD/YYYY based on "now". - * Otherwhise such an entry would lead to an invalid expiration data. - */ - if ($_POST['expires']) { - try { - $expdate = new DateTime($_POST['expires']); - //convert from any DateTime compatible date to MM/DD/YYYY - $_POST['expires'] = $expdate->format("m/d/Y"); - } catch (Exception $ex) { - $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); - } - } - - if (!empty($_POST['name'])) { - $ca = lookup_ca($_POST['caref']); - if (!$ca) { - $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n"; - } - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); + if ($act == "deluser" && isset($id)) { + // drop user + local_user_del($a_user[$id]); + $userdeleted = $a_user[$id]['name']; + unset($a_user[$id]); + write_config(); + $savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted"); + redirectHeader("system_usermanager.php?savemsg=".$savemsg); exit; - } - - if (count($input_errors)==0) { - $userent = array(); - - if (isset($id) && $a_user[$id]) { - $userent = $a_user[$id]; - - /* the user name was modified */ - if ($_POST['usernamefld'] != $_POST['oldusername']) { - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - local_user_del($userent); - } - } - - /* the user password was modified */ - if ($_POST['passwordfld1']) { - local_user_set_password($userent, $_POST['passwordfld1']); - } - - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - - $userent['name'] = $_POST['usernamefld']; - $userent['descr'] = $_POST['descr']; - $userent['expires'] = $_POST['expires']; - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - $userent['ipsecpsk'] = $_POST['ipsecpsk']; - - if ($_POST['disabled']) { - $userent['disabled'] = true; - } else { - unset($userent['disabled']); - } - - if (isset($id) && $a_user[$id]) { - $a_user[$id] = $userent; - } else { - if (!empty($_POST['name'])) { - $cert = array(); - $cert['refid'] = uniqid(); - $userent['cert'] = array(); - - $cert['descr'] = $_POST['name']; - - $subject = cert_get_subject_array($ca['crt']); - - $dn = array( - 'countryName' => $subject[0]['v'], - 'stateOrProvinceName' => $subject[1]['v'], - 'localityName' => $subject[2]['v'], - 'organizationName' => $subject[3]['v'], - 'emailAddress' => $subject[4]['v'], - 'commonName' => $userent['name']); - - cert_create( - $cert, - $_POST['caref'], - $_POST['keylen'], - (int)$_POST['lifetime'], - $dn - ); - - if (!is_array($config['cert'])) { - $config['cert'] = array(); + } elseif ($act == "delpriv" && !empty($pconfig['priv_delete']) && isset($id)) { + // drop privilege from user + // search for priv id to delete + $privid = null; + if (!empty($a_user[$id]['priv'])) { + foreach ($a_user[$id]['priv'] as $key => $value) { + if ($value == $pconfig['priv_delete']) { + $privid = $key; + $privdeleted = $value; } - $config['cert'][] = $cert; - $userent['cert'][] = $cert['refid']; } - $userent['uid'] = $config['system']['nextuid']++; - /* Add the user to All Users group. */ - foreach ($config['system']['group'] as $gidx => $group) { - if ($group['name'] == "all") { - if (!is_array($config['system']['group'][$gidx]['member'])) { - $config['system']['group'][$gidx]['member'] = array(); - } - $config['system']['group'][$gidx]['member'][] = $userent['uid']; + } + + if ($privid !== null) { + unset($a_user[$id]['priv'][$privid]); + local_user_set($a_user[$id]); + write_config(); + $savemsg = gettext("Privilege")." {$privdeleted} ". + gettext("successfully deleted"); + redirectHeader("system_usermanager.php?savemsg=".$savemsg."&act=edit&userid=".$id); + } else { + redirectHeader("system_usermanager.php?act=edit&userid=".$id); + } + exit; + } elseif ($act == "delcert" && isset($id)) { + // remove certificate association + $certdeleted = lookup_cert($a_user[$id]['cert'][$pconfig['certid']]); + $certdeleted = $certdeleted['descr']; + unset($a_user[$id]['cert'][$pconfig['certid']]); + write_config(); + $savemsg = gettext("Certificate")." {$certdeleted} ". + gettext("association removed."); + redirectHeader("system_usermanager.php?savemsg=".$savemsg."&act=edit&userid=".$id); + exit; + } elseif (isset($pconfig['save'])) { + // save user + /* input validation */ + if (isset($id)) { + $reqdfields = explode(" ", "usernamefld"); + $reqdfieldsn = array(gettext("Username")); + } else { + if (empty($pconfig['name'])) { + $reqdfields = explode(" ", "usernamefld passwordfld1"); + $reqdfieldsn = array( + gettext("Username"), + gettext("Password")); + } else { + $reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime"); + $reqdfieldsn = array( + gettext("Username"), + gettext("Password"), + gettext("Descriptive name"), + gettext("Certificate authority"), + gettext("Key length"), + gettext("Lifetime")); + } + } + + do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $pconfig['usernamefld'])) { + $input_errors[] = gettext("The username contains invalid characters."); + } + + if (strlen($_POST['usernamefld']) > 16) { + $input_errors[] = gettext("The username is longer than 16 characters."); + } + + if (($pconfig['passwordfld1']) && ($pconfig['passwordfld1'] != $pconfig['passwordfld2'])) { + $input_errors[] = gettext("The passwords do not match."); + } + + if (isset($id)) { + $oldusername = $a_user[$id]['name']; + } else { + $oldusername = ""; + } + /* make sure this user name is unique */ + if (count($input_errors) == 0) { + foreach ($a_user as $userent) { + if ($userent['name'] == $pconfig['usernamefld'] && $oldusername != $pconfig['usernamefld']) { + $input_errors[] = gettext("Another entry with the same username already exists."); + break; + } + } + } + /* also make sure it is not reserved */ + if (count($input_errors) == 0) { + $system_users = explode("\n", file_get_contents("/etc/passwd")); + foreach ($system_users as $s_user) { + $ent = explode(":", $s_user); + if ($ent[0] == $pconfig['usernamefld'] && $oldusername != $pconfig['usernamefld']) { + $input_errors[] = gettext("That username is reserved by the system."); break; } } - - $a_user[] = $userent; } - local_user_set_groups($userent, $_POST['groups']); - local_user_set($userent); - write_config(); + /* + * Check for a valid expirationdate if one is set at all (valid means, + * DateTime puts out a time stamp so any DateTime compatible time + * format may be used. to keep it simple for the enduser, we only + * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs + * like "+1 day", which will be converted to MM/DD/YYYY based on "now". + * Otherwhise such an entry would lead to an invalid expiration data. + */ + if (!empty($pconfig['expires'])) { + try { + $expdate = new DateTime($pconfig['expires']); + //convert from any DateTime compatible date to MM/DD/YYYY + $pconfig['expires'] = $expdate->format("m/d/Y"); + } catch (Exception $ex) { + $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead."); + } + } + if (!empty($pconfig['name'])) { + $ca = lookup_ca($pconfig['caref']); + if (!$ca) { + $input_errors[] = gettext("Invalid internal Certificate Authority") . "\n"; + } + } + + if (count($input_errors)==0) { + $userent = array(); + + if (isset($id)) { + $userent = $a_user[$id]; + /* the user name was modified */ + if ($pconfig['usernamefld'] != $pconfig['oldusername']) { + local_user_del($userent); + } + } + + /* the user password was modified */ + if (!empty($pconfig['passwordfld1'])) { + local_user_set_password($userent, $pconfig['passwordfld1']); + } + + isset($pconfig['scope']) ? $userent['scope'] = $pconfig['scope'] : $userent['scope'] = "system"; + + $userent['name'] = $pconfig['usernamefld']; + $userent['descr'] = $pconfig['descr']; + $userent['expires'] = $pconfig['expires']; + $userent['authorizedkeys'] = base64_encode($pconfig['authorizedkeys']); + $userent['ipsecpsk'] = $pconfig['ipsecpsk']; + + if (!empty($pconfig['disabled'])) { + $userent['disabled'] = true; + } elseif (isset($userent['disabled'])) { + unset($userent['disabled']); + } + + if (isset($id)) { + $a_user[$id] = $userent; + } else { + if (!empty($pconfig['name'])) { + $cert = array(); + $cert['refid'] = uniqid(); + $userent['cert'] = array(); + + $cert['descr'] = $pconfig['name']; + + $subject = cert_get_subject_array($ca['crt']); + + $dn = array( + 'countryName' => $subject[0]['v'], + 'stateOrProvinceName' => $subject[1]['v'], + 'localityName' => $subject[2]['v'], + 'organizationName' => $subject[3]['v'], + 'emailAddress' => $subject[4]['v'], + 'commonName' => $userent['name']); + + cert_create( + $cert, + $pconfig['caref'], + $pconfig['keylen'], + (int)$pconfig['lifetime'], + $dn + ); + + if (!is_array($config['cert'])) { + $config['cert'] = array(); + } + $config['cert'][] = $cert; + $userent['cert'][] = $cert['refid']; + } + $userent['uid'] = $config['system']['nextuid']++; + /* Add the user to All Users group. */ + foreach ($config['system']['group'] as $gidx => $group) { + if ($group['name'] == "all") { + if (!is_array($config['system']['group'][$gidx]['member'])) { + $config['system']['group'][$gidx]['member'] = array(); + } + $config['system']['group'][$gidx]['member'][] = $userent['uid']; + break; + } + } + + $a_user[] = $userent; + } + + local_user_set($userent); + local_user_set_groups($userent, $pconfig['groups']); + write_config(); + + redirectHeader("system_usermanager.php"); + exit; + } + } elseif (isset($id)) { + redirectHeader("system_usermanager.php?userid=".$id); + exit; + } else { redirectHeader("system_usermanager.php"); + exit; } } +$pgtitle = array(gettext('System'), gettext('Users')); + +legacy_html_escape_form_data($pconfig); +legacy_html_escape_form_data($a_user); $closehead = false; include("head.inc"); ?> @@ -391,682 +403,614 @@ include("head.inc"); + -
-
-
- - 0) { - print_input_errors($input_errors); - } - if (isset($savemsg)) { - print_info_box($savemsg); - } - ?> - -
- -
- - 0 ) : - ?> - -
- - - - - - - - - - - - - - - - - - - - +
+
+ 0) { + print_input_errors($input_errors); + } + if (isset($savemsg)) { + print_info_box($savemsg); + } ?> -
- - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + 0) : + $i = 0; + foreach ($config['ca'] as $ca) { + if (!$ca['prv']) { + continue; + } + $i++; + } +?> + + + + + + + 0) :?> + + + + + + + + + + + + + + + + + + +
- - -
- /> -
- /> - -
- -
- -
-   -
- /> -
- -
- -
-
- - - - - - +
+
+ + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - 0) : - $i = 0; - foreach ($config['ca'] as $ca) { - if (!$ca['prv']) { - continue; - } - $i++; - } - ?> - - - - - - - 0) : - ?> - - - - - - > - - - - > - - + + + +
+ + +
+ + +
+ /> +
+ /> + +
+ +
+
+   + +
+ /> + +
+ +
+ +
+ + + + - - - - - - - - + + + + + - - - -
 
- -
+ -
- 		-
- "> - - -

- "> - - - 		- - -
-
- -
- -
- - - - - - - - - - - - - - - - - - - -
- - - - - - - -
- - - -
-
- - - - - - - - - - - - - - - - - -
- - - (Revoked) - - - - - - - -
- - - -
-
- -
- -
- - -
- +?> + + + + 		+
+ "> + + +

+ "> + + + 		+ +
+ +
+ + + + + + + + + + + + + - - - + + + + + +
+ + +
- -
+ + + +
+
+ + + + + + + + + + + + + + + + + +
+ ".gettext('Revoked').")" : "";?> + + + + "> + + + "> + + + +
+ + + +
+
+ +
+ +
+ +
  + " /> + " + onclick="window.location.href=''" /> + + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - - - +

+ + + +
+ + + + + + "> + + + + + +
-

- +

+ " data-toggle="tooltip" data-placement="left"> + + + + + +
+

+ -

-
+ -

-
+ + + + + + + + + + + + +
+
- '; - document.getElementById('userid').value=''; - document.iform2.submit();"> - - - - - - -
- - - - - - -
- -   - - -   - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
-
-
-
-
+ endif;?> + + + + +