From 7f1eebced37dd53eb0a23087d410b9ec30a873d0 Mon Sep 17 00:00:00 2001 From: ptaylor Date: Wed, 8 Feb 2006 21:25:46 +0000 Subject: [PATCH] Modified user and group manager code to use a more standard XML format. git-svn-id: https://svn.m0n0.ch/wall/trunk@63 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- phpconf/inc/system.inc | 8 +- phpconf/inc/xmlparse.inc | 2 +- webgui/auth.inc | 33 +++- webgui/fbegin.inc | 2 - webgui/guiconfig.inc | 20 +++ webgui/system_groupmanager.php | 196 ++++++++++------------ webgui/system_usermanager.php | 293 +++++++++++++++------------------ 7 files changed, 279 insertions(+), 275 deletions(-) diff --git a/phpconf/inc/system.inc b/phpconf/inc/system.inc index 63c9df4..9a4758d 100644 --- a/phpconf/inc/system.inc +++ b/phpconf/inc/system.inc @@ -386,10 +386,10 @@ function system_password_configure() { fwrite($fd, $username . ":" . $config['system']['password'] . "\n"); - if (is_array($config['system']['users'])) { - foreach ($config['system']['users'] as $user => $userdata) { - fwrite($fd, $user . ":" - . $userdata['password'] . "\n"); + if (is_array($config['system']['user'])) { + foreach ($config['system']['user'] as $userent) { + fwrite($fd, $userent['name'] . ":" + . $userent['password'] . "\n"); } } diff --git a/phpconf/inc/xmlparse.inc b/phpconf/inc/xmlparse.inc index 229f333..42489ec 100644 --- a/phpconf/inc/xmlparse.inc +++ b/phpconf/inc/xmlparse.inc @@ -30,7 +30,7 @@ */ /* tags that are always to be handled as lists */ -$listtags = explode(" ", "rule user key dnsserver winsserver pages " . +$listtags = explode(" ", "rule user group key dnsserver winsserver pages " . "encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone " . "staticmap route alias pipe queue shellcmd cacert earlyshellcmd mobilekey " . "servernat proxyarpnet passthrumac allowedip wolentry vlan domainoverrides element"); diff --git a/webgui/auth.inc b/webgui/auth.inc index 7cda0a1..9cb2f25 100644 --- a/webgui/auth.inc +++ b/webgui/auth.inc @@ -30,12 +30,41 @@ POSSIBILITY OF SUCH DAMAGE. */ +function index_groups() { + global $g, $config; + + if (isset($config['system']['group'])) { + $i = 0; + foreach($config['system']['group'] as $groupent) { + $groupindex[$groupent['name']] = $i; + $i++; + } + } + return ($groupindex); +} + +function index_users() { + global $g, $config; + + if (isset($config['system']['user'])) { + $i = 0; + foreach($config['system']['user'] as $userent) { + $userindex[$userent['name']] = $i; + $i++; + } + } + return ($userindex); +} + +$groupindex = index_groups(); +$userindex = index_users(); + // Once here, the user has authenticated with the web server. // Now, we give them access only to the appropriate pages for their group. if (!($_SERVER['REMOTE_USER'] === $config['system']['username'])) { $allowed[] = ''; - if (isset($config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages'])) { - $allowed = &$config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages']; + if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$_SERVER['REMOTE_USER']]]['groupname']]]['pages'])) { + $allowed = &$config['system']['group'][$groupindex[$config['system']['user'][$userindex[$_SERVER['REMOTE_USER']]]['groupname']]]['pages']; } // If the user is attempting to hit the default page, set it to specifically look for /index.php. diff --git a/webgui/fbegin.inc b/webgui/fbegin.inc index cbcb73d..34bb316 100644 --- a/webgui/fbegin.inc +++ b/webgui/fbegin.inc @@ -160,8 +160,6 @@ $menu['Diagnostics']['IPsec'] = array('diag_ipsec_sad.php', $menu['Diagnostics']['Ping/Traceroute'] = array('diag_ping.php', 'diag_traceroute.php'); $menu['Diagnostics']['ARP Table'] = array('diag_arp.php'); -$menu['Diagnostics']['NS Lookup'] = array('diag_nslookup.php'); -$menu['Diagnostics']['Whois'] = array('diag_whois.php'); $menu['Diagnostics']['Firewall states'] = array('diag_ipfstat.php'); $menu['Diagnostics']['Reset state'] = array('diag_resetstate.php'); $menu['Diagnostics']['Backup/Restore'] = array('diag_backup.php'); diff --git a/webgui/guiconfig.inc b/webgui/guiconfig.inc index 77d125a..2eaed9b 100644 --- a/webgui/guiconfig.inc +++ b/webgui/guiconfig.inc @@ -342,6 +342,26 @@ function captiveportal_users_sort() { usort($config['captiveportal']['user'], "cpusercmp"); } +function admin_groups_sort() { + global $g, $config; + + function cpusercmp($a, $b) { + return strcasecmp($a['name'], $b['name']); + } + + usort($config['system']['group'], "cpusercmp"); +} + +function admin_users_sort() { + global $g, $config; + + function cpusercmp($a, $b) { + return strcasecmp($a['name'], $b['name']); + } + + usort($config['system']['user'], "cpusercmp"); +} + function staticroutes_sort() { global $g, $config; diff --git a/webgui/system_groupmanager.php b/webgui/system_groupmanager.php index 42da0c7..8b3d1ab 100644 --- a/webgui/system_groupmanager.php +++ b/webgui/system_groupmanager.php @@ -94,108 +94,93 @@ function getAdminPageList() { } } -?> - - - $user) { - if ($user['group'] == $_GET['groupname']) { - $ok_to_delete = false; - $input_errors[] = "users still exist who are members of this group!"; + /* input validation */ + $reqdfields = explode(" ", "groupname"); + $reqdfieldsn = explode(",", "Group Name"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_ ]/", $_POST['groupname'])) + $input_errors[] = "The group name contains invalid characters."; + + if (!$input_errors && !(isset($id) && $a_group[$id])) { + /* make sure there are no dupes */ + foreach ($a_group as $group) { + if ($group['name'] == $_POST['groupname']) { + $input_errors[] = "Another entry with the same group name already exists."; break; } } } - if ($ok_to_delete) { - unset($config['system']['groups'][$_GET['groupname']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg="Group ".$_GET['groupname']." successfully deleted
"; - } -} - -if(isset($_POST['save'])) { - //value-checking - if($_POST['groupname']==""){ - $input_errors[] = "group name must not be empty!"; - } - if($_POST['old_groupname'] != $_POST['groupname']) { - // Either a new group, or one with a group name change - if (isset($config['system']['groups'][$_POST['groupname']])) { - $input_errors[] = "group name can not match an existing group!"; - } - } + if (!$input_errors) { - //check groupname: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: groupname can - //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a groupname, config.xml - //could not be parsed anymore! - if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['groupname'])){ - $input_errors[] = "groupname contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; - } - if(!empty($input_errors)){ - //there are illegal inputs --> print out error message and show formula again - //and fill in all recently entered values except passwords - $_GET['act']="new"; - $_POST['old_groupname']=($_POST['old_groupname'] ? $_POST['old_groupname'] : $_POST['groupname']); - $_GET['groupname']=$_POST['old_groupname']; - - $group['description']=$_POST['description']; - + if (isset($id) && $a_group[$id]) + $group = $a_group[$id]; + + $group['name'] = $_POST['groupname']; + $group['description'] = $_POST['description']; + unset($group['pages']); foreach ($pages as $fname => $title) { - $id = str_replace('.php','',$fname); - if ($_POST[$id] == 'yes') { + $identifier = str_replace('.php','',$fname); + if ($_POST[$identifier] == 'yes') { $group['pages'][] = $fname; } - } + } + + if (isset($id) && $a_group[$id]) + $a_group[$id] = $group; + else + $a_group[] = $group; - } else { - //all values are okay --> saving changes - $_POST['groupname']=trim($_POST['groupname']); - if($_POST['old_groupname']!="" && $_POST['old_groupname']!=$_POST['groupname']){ - //change the groupname (which is used as array-index) - $config['system']['groups'][$_POST['groupname']]=$config['system']['groups'][$_POST['old_groupname']]; - unset($config['system']['groups'][$_POST['old_groupname']]); - - // Group name was changed. Update all users that are members of this group to point to the new groupname. - foreach ($config['system']['users'] as $key => $user) { - if ($user['group'] == $_POST['old_groupname']) - $config['system']['users'][$key]['group'] = $_POST['groupname']; - } - } - $config['system']['groups'][$_POST['groupname']]['description']=trim($_POST['description']); - // Clear pages info and read pages from POST - if (isset($config['system']['groups'][$_POST['groupname']]['pages'])) - unset($config['system']['groups'][$_POST['groupname']]['pages']); - foreach ($pages as $fname => $title) { - $id = str_replace('.php','',$fname); - if ($_POST[$id] == 'yes') { - $config['system']['groups'][$_POST['groupname']]['pages'][] = $fname; - } - } write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg="Group ".$_POST['groupname']." successfully saved
"; + + header("Location: system_groupmanager.php"); + exit; } } ?> + @@ -212,8 +197,12 @@ if(isset($_POST['save'])) { @@ -247,10 +236,10 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){ $title) { - $id = str_replace('.php','',$fname); + $identifier = str_replace('.php','',$fname); ?> + > @@ -263,7 +252,9 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){
@@ -221,13 +210,13 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){
Group name - +
Description - +
Group description, for your own information only
- >
  - + + +
@@ -278,26 +269,21 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){ Pages Accessible - $group){ -?> + - -   - - -   - - - - - -   + +   + + +   + + +   + + +   - + diff --git a/webgui/system_usermanager.php b/webgui/system_usermanager.php index b26ee93..fb59ff4 100644 --- a/webgui/system_usermanager.php +++ b/webgui/system_usermanager.php @@ -36,113 +36,100 @@ require("guiconfig.inc"); // The page title for non-admins $pgtitle = array("System", "User password"); -if ($_SERVER['REMOTE_USER'] === $config['system']['username']) { - $pgtitle = array("System", "User manager"); -} -?> - -"; + } + } - if ($_GET['act']=="new" || $_GET['act']=="edit") { - if (isset($_GET['username'])) { - $user=$config['system']['users'][$_GET['username']]; - } - } - - if (($_GET['act']=='delete') && (isset($_GET['username']))) { - unset($config['system']['users'][$_GET['username']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg="User ".$_GET['username']." successfully deleted
"; - } - - if(isset($_POST['save'])) { - //value-checking - if(trim($_POST['password1'])!="********" && - trim($_POST['password1'])!="" && - trim($_POST['password1'])!=trim($_POST['password2'])){ - //passwords are to be changed but don't match - $input_errors[]="passwords don't match"; - } - if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") && - (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){ - //assume password should be left as is if a password is set already. - if(!empty($config['system']['users'][$_POST['old_username']]['password'])){ - $_POST['password1']="********"; - $_POST['password2']="********"; - } else { - $input_errors[]="password must not be empty"; - } - } else { - if(trim($_POST['password1'])!=trim($_POST['password2'])){ - //passwords are to be changed or set but don't match - $input_errors[]="passwords don't match"; - } else { - //check password for invalid characters - if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){ - $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed"; - //test pw: AZaz_-.@~()&*+§?!$£°%;: - } - } - } - if($_POST['username']==""){ - $input_errors[] = "username must not be empty!"; - } + if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_user[$id])) { + $reqdfields = explode(" ", "username"); + $reqdfieldsn = explode(",", "Username"); + } else { + $reqdfields = explode(" ", "username password"); + $reqdfieldsn = explode(",", "Username,Password"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) + $input_errors[] = "The username contains invalid characters."; + if($_POST['username']==$config['system']['username']) { $input_errors[] = "username can not match the administrator username!"; - } - if($_POST['old_username'] != $_POST['username']) { - // Either a new user, or one with a username change - if (isset($config['system']['users'][$_POST['username']])) { - $input_errors[] = "username can not match an existing user!"; - } - } - if(!isset($config['system']['groups'][$_POST['group']])) { + } + + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) + $input_errors[] = "The passwords do not match."; + + if (!$input_errors && !(isset($id) && $a_user[$id])) { + /* make sure there are no dupes */ + foreach ($a_user as $userent) { + if ($userent['name'] == $_POST['username']) { + $input_errors[] = "Another entry with the same username already exists."; + break; + } + } + } + + if(!isset($groupindex[$_POST['groupname']])) { $input_errors[] = "group does not exist, please define the group before assigning users."; } - - //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can - //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml - //could not be parsed anymore! - if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){ - $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; - } - if(!empty($input_errors)){ - //there are illegal inputs --> print out error message and show formula again - //and fill in all recently entered values except passwords - $_GET['act']="new"; - $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); - $_GET['username']=$_POST['old_username']; - - $user['fullname']=$_POST['fullname']; - - } else { - //all values are okay --> saving changes - $_POST['username']=trim($_POST['username']); - if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ - //change the username (which is used as array-index) - $config['system']['users'][$_POST['username']]=$config['system']['users'][$_POST['old_username']]; - unset($config['system']['users'][$_POST['old_username']]); - } - $config['system']['users'][$_POST['username']]['fullname']=trim($_POST['fullname']); - if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ - $config['system']['users'][$_POST['username']]['password']=crypt(trim($_POST['password1'])); - } - $config['system']['users'][$_POST['username']]['group']=trim($_POST['group']); - // Remove config information from old way of handling sub-admin users. - if (isset($config['system']['users'][$_POST['username']]['pages'])) - unset($config['system']['users'][$_POST['username']]['pages']); - write_config(); + + if (!$input_errors) { + + if (isset($id) && $a_user[$id]) + $userent = $a_user[$id]; + + $userent['name'] = $_POST['username']; + $userent['fullname'] = $_POST['fullname']; + $userent['groupname'] = $_POST['groupname']; + + if ($_POST['password']) + $userent['password'] = crypt($_POST['password']); + + if (isset($id) && $a_user[$id]) + $a_user[$id] = $userent; + else + $a_user[] = $userent; + + write_config(); $retval = system_password_configure(); $savemsg = get_std_save_message($retval); - $savemsg="User ".$_POST['username']." successfully saved
"; - } - } + + header("Location: system_usermanager.php"); + } + } ?> + @@ -158,41 +145,44 @@ if ($_SERVER['REMOTE_USER'] === $config['system']['username']) { - $user){ -?> + - - - - + + + + - + @@ -255,40 +242,23 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){
Username - +
Password - ">
- "> +
+  (confirmation)
Full name - +
User's full name, for your own information only
Group Name - + + @@ -203,7 +193,9 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){   - + + +
@@ -218,26 +210,21 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){ 		Group
-   - -   - - - -   +   + +   + +   + +  
saving changes - if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ - $config['system']['users'][$_SERVER['REMOTE_USER']]['password']=crypt(trim($_POST['password1'])); - } + $config['system']['user'][$userindex[$_SERVER['REMOTE_USER']]]['password']=crypt(trim($_POST['password'])); + write_config(); $retval = system_password_configure(); $savemsg = get_std_save_message($retval); @@ -298,6 +268,7 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){ ?> + @@ -307,7 +278,7 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){ Password - +
 (confirmation)
Select a new password -- 2.25.1