You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
225 lines
7.2 KiB
225 lines
7.2 KiB
<?php
|
|
/*****************************************************************************
|
|
IP Reg, a PHP/MySQL IPAM tool
|
|
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
|
|
Copyright (C) 2011-2023 Thomas Hooge
|
|
|
|
SPDX-License-Identifier: GPL-3.0-or-later
|
|
*****************************************************************************/
|
|
|
|
include("includes.php");
|
|
|
|
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
|
|
$g_error->add('Access denied!');
|
|
$action = ACT_ERR_DENIED;
|
|
}
|
|
|
|
if (isset($_REQUEST['id'])) {
|
|
$id = (int) $_REQUEST['id'] or $id = 0;
|
|
}
|
|
|
|
function makepwd($length) {
|
|
mt_srand((double) microtime() * 1000000);
|
|
$digits = "0123456789";
|
|
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
$umlauts = "ÄÖÜäöüß";
|
|
$specials = "!§$%&/()=?[]{}+~*#.,;:<>|";
|
|
$vocals = "AEIOUaeiou";
|
|
$consonants = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz";
|
|
$passwd = '';
|
|
$possible = $chars . $digits;
|
|
$l = strlen($possible)-1;
|
|
for ($k = 0; $k < $length; $k += 1) {
|
|
$passwd .= $possible[mt_rand(0, $l)];
|
|
}
|
|
return $passwd;
|
|
}
|
|
|
|
// ========== ACTIONS START ===================================================
|
|
switch ($submit = form_get_action()) {
|
|
|
|
case NULL: break;
|
|
|
|
case 'add': $action = ACT_ADD; break;
|
|
case 'view': $action = ACT_VIEW; break;
|
|
case 'edit': $action = ACT_EDIT; break;
|
|
case 'del': $action = ACT_DELETE; break;
|
|
|
|
case 'pass':
|
|
// Create new random password to display once
|
|
$newpass = makepwd(8);
|
|
$sql = "UPDATE user SET user_pass=:pass WHERE user_id=:id";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->bindValue(':id', $id, PDO::PARAM_INT);
|
|
$sth->bindValue(':pass', password_hash($newpass, PASSWORD_BCRYPT), PDO::PARAM_STR);
|
|
try {
|
|
$sth->execute();
|
|
} catch (PDOException $e) {
|
|
$g_warning->Add($e->getMessage());
|
|
}
|
|
$smarty->assign('newpass', $newpass);
|
|
$action = ACT_VIEW;
|
|
break;
|
|
|
|
case 'insert':
|
|
$user_name = strtolower(sanitize($_POST['user_name']));
|
|
$user_displayname = sanitize($_POST['user_displayname']);
|
|
$user_password = md5(sanitize($_POST['user_password']));
|
|
|
|
// check if username exists
|
|
$sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
|
|
$sth->execute([$user_name]);
|
|
|
|
if ($sth->fetchColumn() == 0) {
|
|
$sql = "INSERT INTO user (user_name, user_displayname, user_pass)
|
|
VALUE (?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$user_name, $user_displayname, $user_password]);
|
|
$id = $dbh->lastInsertId();
|
|
$action = ACT_VIEW;
|
|
} else {
|
|
$g_error->Add(_("Username already in use."));
|
|
$action = ACT_ADD;
|
|
}
|
|
break;
|
|
|
|
case 'update':
|
|
$user_name = sanitize($_POST['user_name']);
|
|
$user_displayname = sanitize($_POST['user_displayname']);
|
|
$user_realm = sanitize($_POST['user_realm']);
|
|
// roles
|
|
$role_add = sanitize($_POST['role_add']);
|
|
$role_edit = sanitize($_POST['role_edit']);
|
|
$role_delete = sanitize($_POST['role_delete']);
|
|
$role_manage = sanitize($_POST['role_manage']);
|
|
$role_admin = sanitize($_POST['role_admin']);
|
|
|
|
// construct role set
|
|
$role = array();
|
|
if ($role_add) $role[] = 'add';
|
|
if ($role_edit) $role[] = 'edit';
|
|
if ($role_delete) $role[] = 'delete';
|
|
if ($role_manage) $role[] = 'manage';
|
|
if ($role_admin) $role[] = 'admin';
|
|
$role = empty($role) ? NULL : implode(',', $role);
|
|
|
|
$sql = "UPDATE user SET
|
|
user_name=?, user_displayname=?, user_realm=?,
|
|
user_role=?
|
|
WHERE user_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$user_name ,$user_displayname, $user_realm,
|
|
$role, $id]);
|
|
$action = ACT_VIEW;
|
|
break;
|
|
|
|
case 'delete':
|
|
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
|
|
$sth->execute([$id]);
|
|
$g_message->Add(_("User deleted."));
|
|
$action = ACT_DEFAULT;
|
|
break;
|
|
|
|
default:
|
|
$g_error->Add(submit_error($submit));
|
|
$valid = FALSE;
|
|
}
|
|
|
|
// ========== ACTIONS END =====================================================
|
|
|
|
include("header.php");
|
|
|
|
if ($action == ACT_DEFAULT):
|
|
// ========== VARIANT: default behavior =======================================
|
|
|
|
$sql = "SELECT user_id AS id, user_name AS name,
|
|
user_displayname AS displayname, user_realm AS realm,
|
|
user_role AS role
|
|
FROM user
|
|
ORDER BY user_name";
|
|
$sth = $dbh->query($sql);
|
|
|
|
// role: convert db set to array
|
|
$users = $sth->fetchAll(PDO::FETCH_ASSOC);
|
|
for($i = 0; $i < count($users); $i++) {
|
|
$users[$i]['role'] = explode(',', $users[$i]['role'] );
|
|
}
|
|
$smarty->assign("users", $users);
|
|
|
|
$smarty->display("user.tpl");
|
|
|
|
elseif ($action == ACT_ADD):
|
|
// ========== VARIANT: add record =============================================
|
|
|
|
$realms = db_load_enum('user','user_realm');
|
|
|
|
$smarty->assign("realm_ids", $realms);
|
|
$smarty->assign("realm_names", $realms);
|
|
$smarty->assign("realm_selected", $realms[0]);
|
|
|
|
$smarty->display("useradd.tpl");
|
|
|
|
elseif ($action == ACT_VIEW):
|
|
// ========== VARIANT: view single record =====================================
|
|
|
|
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
|
|
user_realm as realm, user_role AS role, user_flags AS flags
|
|
FROM user
|
|
WHERE user_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$id]);
|
|
$user = $sth->fetch(PDO::FETCH_OBJ);
|
|
$user->role = explode(',', $user->role);
|
|
$user->flags = explode(',', $user->flags);
|
|
$smarty->assign("user", $user);
|
|
|
|
$smarty->display("userview.tpl");
|
|
|
|
elseif ($action == ACT_EDIT):
|
|
// ========== VARIANT: edit single record =====================================
|
|
|
|
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
|
|
user_realm AS realm, user_role AS role, user_flags AS flags
|
|
FROM user
|
|
WHERE user_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$id]);
|
|
|
|
$user = $sth->fetch(PDO::FETCH_OBJ);
|
|
$user->role = explode(',', $user->role);
|
|
$smarty->assign("user", $user);
|
|
|
|
|
|
// auth realms
|
|
$smarty->assign("realm_ids", ['local', 'ldap']);
|
|
$smarty->assign("realm_names", ['Local', 'LDAP']);
|
|
$smarty->assign("realm_selected", $user->realm);
|
|
|
|
$smarty->display("useredit.tpl");
|
|
|
|
elseif ($action == ACT_DELETE):
|
|
// ========== VARIANT: delete record ==========================================
|
|
|
|
$sth = $dbh->prepare("SELECT user_id AS id, user_name AS name FROM user WHERE user_id=?");
|
|
$sth->execute([$id]);
|
|
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
|
|
|
|
$smarty->display("userdel.tpl");
|
|
|
|
elseif ($action == ACT_ERR_DENIED):
|
|
// ========== ERROR ACCESS TO PAGE DENIED =====================================
|
|
|
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
|
echo '<p"><a href="', $_SERVER['HTTP_REFERER'], '">', "Back to last page</a></p>\n";
|
|
}
|
|
echo "<p></p>";
|
|
|
|
else:
|
|
// ========== ERROR UNKNOWN VARIANT ===========================================
|
|
|
|
echo "<p>Unknown function call: Please report to system development!</p>\n";
|
|
|
|
endif; // $action == ...
|
|
// ========== END OF VARIANTS =================================================
|
|
|
|
$smarty->display('footer.tpl');
|
|
|