<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'edit': $action = ACT_EDIT; break;
case 'pass': $action = ACT_PASSWORD; break;
case 'update':
$id = $_SESSION['suser_id'];
$language = $_POST['user_language'];
$imagesize = sanitize($_POST['user_imagesize']);
$imagecount = sanitize($_POST['user_imagecount']);
$mac = sanitize($_POST['user_mac']);
$dateformat = sanitize($_POST['user_dateformat']);
$dns1suffix = sanitize($_POST['user_dns1suffix']);
$dns2suffix = sanitize($_POST['user_dns2suffix']);
$tooltips = sanitize($_POST['user_tooltips']);
$menu_assets = sanitize($_POST['user_menu_assets']);
$menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
$menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
$menu_cables = sanitize($_POST['user_menu_cables']);
$menu_locations = sanitize($_POST['user_menu_locations']);
$menu_nodes = sanitize($_POST['user_menu_nodes']);
$menu_subnets = sanitize($_POST['user_menu_subnets']);
$menu_vlans = sanitize($_POST['user_menu_vlans']);
$menu_zones = sanitize($_POST['user_menu_zones']);
// construct menu set
$menu = array();
if ($menu_assets) $menu[] = 'asset';
if ($menu_assetclasses) $menu[] = 'class';
if ($menu_assetclassgroups) $menu[] = 'group';
if ($menu_cables) $menu[] = 'cable';
if ($menu_locations) $menu[] = 'location';
if ($menu_nodes) $menu[] = 'node';
if ($menu_subnets) $menu[] = 'subnet';
if ($menu_vlans) $menu[] = 'vlan';
if ($menu_zones) $menu[] = 'zone';
$menu = empty($menu) ? NULL : implode(',', $menu);
$sql = "UPDATE user SET
user_language=?, user_imagesize=?, user_imagecount=?,
user_mac=?, user_dateformat=?, user_dns1suffix=?,
user_dns2suffix=?, user_tooltips=?, user_menu=?
WHERE
user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$language, $imagesize, $imagecount,
$mac, $dateformat, $dns1suffix,
$dns2suffix, $tooltips, $menu,
$id]);
$_SESSION['suser_language'] = $language;
$_SESSION['suser_imagesize'] = $imagesize;
$_SESSION['suser_imagecount'] = $imagecount;
$_SESSION['suser_mac'] = $mac;
$_SESSION['suser_dateformat'] = $dateformat;
$_SESSION['suser_dns1suffix'] = $dns1suffix;
$_SESSION['suser_dns2suffix'] = $dns2suffix;
$_SESSION['suser_menu_assets'] = $menu_assets;
$_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
$_SESSION['suser_menu_cables'] = $menu_cables;
$_SESSION['suser_menu_locations'] = $menu_locations;
$_SESSION['suser_menu_nodes'] = $menu_nodes;
$_SESSION['suser_menu_subnets'] = $menu_subnets;
$_SESSION['suser_menu_vlans'] = $menu_vlans;
$_SESSION['suser_menu_zones'] = $menu_zones;
$_SESSION['suser_tooltips'] = $tooltips;
$action = ACT_DEFAULT;
break;
case 'exec-pass':
$user_id = $_SESSION['suser_id'];
$currentpass = sanitize($_POST['user_currentpass']);
$newpass1 = sanitize($_POST['user_newpass1']);
$newpass2 = sanitize($_POST['user_newpass2']);
$sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
$sth->execute([$user_id]);
$userpass = $sth->fetchColumn();
$action = ACT_PASSWORD;
if (password_verify($currentpass, $userpass)) {
if (strlen($newpass1) >= 5) {
if (!strcmp($newpass1, $newpass2)) {
$sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
$newhash = password_hash($newpass1, PASSWORD_BCRYPT);
$sth->execute([$newhash, $user_id]);
$action = ACT_DEFAULT;
} else {
$g_error->Add('New passwords do not match!');
}
} else {
$g_error->Add('New password is to simple!');
}
} else {
$g_error->Add('Current password wrong!');
}
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$smarty->assign('realm', $_SESSION['suser_realm']);
$smarty->assign('role_add', $_SESSION['suser_role_add']);
$smarty->assign('role_edit', $_SESSION['suser_role_edit']);
$smarty->assign('role_delete', $_SESSION['suser_role_delete']);
$smarty->assign('role_manage', $_SESSION['suser_role_manage']);
$smarty->assign('role_admin', $_SESSION['suser_role_admin']);
$smarty->display("options.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit display options ===================================
$smarty->assign("language", $language);
if($_SESSION['suser_menu_assets']=='on') {
$user_menu_assets_checked = 'checked';
} else {
$user_menu_assets_checked = '';
}
// assetclasses
if($_SESSION['suser_menu_assetclasses']=='on') {
$user_menu_assetclasses_checked = 'checked';
} else {
$user_menu_assetclasses_checked = '';
}
// assetclassgroups
if($_SESSION['suser_menu_assetclassgroups']=='on') {
$user_menu_assetclassgroups_checked = 'checked';
} else {
$user_menu_assetclassgroups_checked = '';
}
// cables
if($_SESSION['suser_menu_cables']=='on') {
$user_menu_cables_checked = 'checked';
} else {
$user_menu_cables_checked = '';
}
// locations
if($_SESSION['suser_menu_locations']=='on') {
$user_menu_locations_checked = 'checked';
} else {
$user_menu_locations_checked = '';
}
// nodes
if($_SESSION['suser_menu_nodes']=='on') {
$user_menu_nodes_checked = 'checked';
} else {
$user_menu_nodes_checked = '';
}
// subnets
if($_SESSION['suser_menu_subnets']=='on') {
$user_menu_subnets_checked = 'checked';
} else {
$user_menu_subnets_checked = '';
}
// vlans
if($_SESSION['suser_menu_vlans']=='on') {
$user_menu_vlans_checked = 'checked';
} else {
$user_menu_vlans_checked = '';
}
// zones
if($_SESSION['suser_menu_zones']=='on') {
$user_menu_zones_checked = 'checked';
} else {
$user_menu_zones_checked = '';
}
// tooltips
if($_SESSION['suser_tooltips']=='on') {
$user_tooltips_checked = 'checked';
} else {
$user_tooltips_checked = '';
}
$smarty->assign("user_id", $_SESSION['suser_id']);
$smarty->assign("user_imagesize", $_SESSION['suser_imagesize']);
$smarty->assign("user_imagecount", $_SESSION['suser_imagecount']);
$smarty->assign("user_mac", $_SESSION['suser_mac']);
$smarty->assign("user_dateformat", $_SESSION['suser_dateformat']);
$smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
$smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
$smarty->assign("user_language", $_SESSION['suser_language']);
$smarty->assign("user_menu_assets_checked", $user_menu_assets_checked);
$smarty->assign("user_menu_assetclasses_checked", $user_menu_assetclasses_checked);
$smarty->assign("user_menu_assetclassgroups_checked", $user_menu_assetclassgroups_checked);
$smarty->assign("user_menu_cables_checked", $user_menu_cables_checked);
$smarty->assign("user_menu_locations_checked", $user_menu_locations_checked);
$smarty->assign("user_menu_nodes_checked", $user_menu_nodes_checked);
$smarty->assign("user_menu_subnets_checked", $user_menu_subnets_checked);
$smarty->assign("user_menu_vlans_checked", $user_menu_vlans_checked);
$smarty->assign("user_menu_zones_checked", $user_menu_zones_checked);
$smarty->assign("user_tooltips_checked", $user_tooltips_checked);
$smarty->display("optionseditdisplay.tpl");
elseif ($action == ACT_PASSWORD):
// ========== VARIANT: password ===============================================
$smarty->display("optionseditpassword.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');