/** * Add group and "registration group" to accesspoint * * @author Alberto Basso */ function sumo_add_accesspoint_group($groups_exist = array(), $name = '', $enabled = TRUE) { global $SUMO; $group_exist = is_array($groups_exist) ? '' : $groups_exist; $groups_exist = !is_array($groups_exist) ? array($groups_exist) : $groups_exist; $group_name = sumo_get_grouplevel(sumo_get_user_available_group($SUMO['user']['user']), TRUE); $name = $name ? $name : 'newgroup'; $disabled = $enabled ? '' : ' disabled'; $available = FALSE; $list = "<select name='" . $name . "'" . $disabled . ">\n" . "<option value='" . $group_exist . "'>" . $group_exist . "</option>\n"; for ($g = 0; $g < count($group_name); $g++) { if ($group_name[$g] == 'sumo') { $available_group = sumo_get_available_group(); //$list = "<select name='".$name."'>\n<option></option>\n"; //if(!in_array('sumo', $group_exist)) $list .= "<option value='sumo' style='color:#BB0000'>sumo</option>\n"; for ($g = 0; $g < count($available_group); $g++) { //if(!in_array($available_group[$g], $group_exist) && $available_group[$g] != 'sumo') if (!in_array($available_group[$g], $groups_exist)) { $style = $available_group[$g] == 'sumo' ? " style='color:#BB0000'" : ""; $list .= "<option value='" . $available_group[$g] . "'{$style}>" . $available_group[$g] . "</option>\n"; } } $available = TRUE; break; } else { if (!in_array($group_name[$g], $group_exist)) { $list .= "<option value='" . $group_name[$g] . "'>" . $group_name[$g] . "</option>\n"; $available = TRUE; } } } $list .= "</select>"; if (!$available) { $list = ''; } return $list; }
// Delete if ($SUMO['user']['group_level']['sumo'] > 4 && (!sumo_verify_is_console($tab['path']) || $tab['id'] != 1)) { $msg = sumo_get_simple_rand_string(4, "123456789"); $delete = "<div class='sub-module-icon' " . "onmouseover='this.style.outline=\"1px solid #999999\";this.style.background=\"#FFFFFF\"' " . "onmouseout='this.style.outline=\"\";this.style.background=\"\"'>" . "<a href=\"javascript:" . "sumo_show_message('msg{$msg}', '" . htmlspecialchars(sumo_get_message('AreYouSureDelete', array($tab['path'], htmlspecialchars(sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']), ENT_QUOTES)))) . "', \n\t\t\t\t\t\t'h', 0, \n\t\t\t\t\t\t'" . base64_encode(sumo_get_form_req('', 'delete', 'id=' . $tab['id'])) . "',\n\t\t\t\t\t\t'" . base64_encode('') . "',\n\t\t\t\t\t\t'" . base64_encode("<input type='button' value='" . $language['Cancel'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "',\n\t\t\t\t\t\t'" . base64_encode("<input type='submit' value='" . $language['Ok'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "'\n\t\t\t\t);\">" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/modules/accesspoints/remove.png' vspace='4'><br>" . $language['Remove'] . "</a>" . "</div>"; } else { $delete = sumo_get_action_icon("", "remove"); } $tpl['GET:ID'] = $tab['id']; $tpl['GET:RegGroup'] = $tab['reg_group']; $tpl['GET:Updated'] = sumo_get_human_date($tab['updated']); $tpl['GET:Created'] = sumo_get_human_date($tab['created']); $tpl['GET:UpdateForm'] = sumo_get_form_req('', 'modify', 'id=' . $tab['id']); $tpl['GET:Created'] = sumo_get_human_date($tab['created']); $tpl['PUT:Node'] = $tab['id'] > 1 ? sumo_put_node($tab['node']) : sumo_put_node($tab['node'], true); $tpl['PUT:Groups'] = sumo_put_accesspoint_group($tab['id']); $tpl['PUT:AddGroup'] = sumo_add_accesspoint_group(sumo_get_grouplevel($tab['usergroup'], true)); $tpl['PUT:AddRegGroup'] = sumo_add_accesspoint_group($tab['reg_group'], 'reg_group', $checked['reg_group']); $tpl['PUT:Theme'] = sumo_put_themes($tab['theme']); $tpl['PUT:Name'] = sumo_put_accesspoint_name($form_name, sumo_get_accesspoint_name($tab['name'])); $tpl['PUT:Filtering'] = "<input type='checkbox' name='filtering' " . $checked['filtering'] . ">"; $tpl['PUT:ChangePwd'] = $is_console ? "<input type='checkbox' name='change_pwd' disabled " . $checked['change_pwd'] . " />" : "<input type='checkbox' name='change_pwd' " . $checked['change_pwd'] . " />"; $tpl['PUT:Registration'] = $is_console ? "<input type='checkbox' name='registration' disabled " . $checked['registration'] . " " : "<input type='checkbox' name='registration' " . $checked['registration'] . " " . "onclick='if(document.{$form_name}.registration.checked==true){document.{$form_name}.reg_group.disabled=false;}else{document.{$form_name}.reg_group.disabled=true;}' />"; $tpl['PUT:Path'] = $tab['id'] > 1 ? "<input type='text' size='50' name='path' value='" . $tab['path'] . "' onchange='if(this.form.path.value!=\"{$path_console}\"){document.{$form_name}.filtering.disabled=false;}else{document.{$form_name}.filtering.disabled=true;}' />" : "<input type='hidden' name='path' value='" . $tab['path'] . "'><input type='text' size='50' name='path2' value='" . $tab['path'] . "' disabled>"; $tpl['PUT:HTTPAuth'] = "<input type='checkbox' name='http_auth' " . $checked['http_auth'] . " " . "onclick='if(document.{$form_name}.http_auth.checked==true && document.{$form_name}.pwd_encrypt.disabled==false){document.{$form_name}.pwd_encrypt.checked=false;}' />"; $tpl['PUT:PwdEncrypt'] = "<input type='checkbox' name='pwd_encrypt' " . $checked['pwd_encrypt'] . " " . "onclick='if(document.{$form_name}.pwd_encrypt.checked==true){document.{$form_name}.http_auth.checked=false;}' />"; $tpl['LINK:Add'] = sumo_verify_permissions(5, 'sumo') ? sumo_get_action_icon("", "add", "accesspoints.content", "?module=accesspoints&action=new&decoration=false") : sumo_get_action_icon("", "add"); $tpl['LINK:Edit'] = sumo_get_action_icon("", "edit"); $tpl['LINK:Remove'] = $delete; $tpl['BUTTON:Back'] = "<input type='button' class='button-red' value='" . $language["Back"] . "' onclick='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=view&id=" . $tab['id'] . "\");'>"; // Use REQUEST method because when delete a group on AP // the command came from a link
$_POST['group'] = sumo_get_normalized_group(implode(";", $_POST['group']), TRUE); } $_POST['path'] = sumo_get_normalized_accesspoint($_POST['path']); // If new group exist add it if ($_POST['newgroup']) { $_POST['group'] = sumo_get_normalized_group($_POST['newgroup'] . ";" . $_POST['group'], TRUE); } // If registration enabled require reg_group $reg_group = $_POST['registration'] ? 1 : 0; $data = array(array('id', $_GET['id'], 1), array('node', $_POST['node'], 1), array('name', $_POST['name'], 1), array('path', $_POST['path'], 1), array('usergroup', $_POST['group'], 1), array('reg_group', $_POST['reg_group'], $reg_group), array('boolean', $_POST['http_auth'], 1), array('boolean', $_POST['filtering'], 1), array('boolean', $_POST['pwd_encrypt'], 1), array('boolean', $_POST['change_pwd'], 1), array('boolean', $_POST['registration'], 1), array('theme', $_POST['theme'])); $validate = sumo_validate_accesspoint_data($data, TRUE); // verify if accesspoint already exist //if(sumo_verify_accesspoint_exist($_POST['node'], $_POST['path'])) $validate = array(FALSE, sumo_get_message('I07002C', $_POST['path'])); // Verify submittedd groups with current user group if ($validate[0]) { $submitted_group = sumo_get_grouplevel($_POST['group'], TRUE); $available_group = sumo_get_available_group(); for ($g = 0; $g < count($submitted_group); $g++) { if (!in_array($submitted_group[$g], $available_group) && $submitted_group[$g]) { //$validate = array(false, sumo_get_message('GroupNotAvailable', $submitted_group[$g])); $validate[0] = true; $warning = sumo_get_message('GroupNotAvailable', $submitted_group[$g]); break; } } } if (!$validate[0]) { $tpl['MESSAGE:H'] = $language['AccessPointNotUpdated'] . ": " . $validate[1]; } else { $update = sumo_update_accesspoint_data(array('id' => $_GET['id'], 'node' => $_POST['node'], 'path' => $_POST['path'], 'name' => $_POST['name'], 'group' => $_POST['group'], 'reg_group' => $_POST['reg_group'], 'http_auth' => $_POST['http_auth'], 'filtering' => $_POST['filtering'], 'pwd_encrypt' => $_POST['pwd_encrypt'], 'change_pwd' => $_POST['change_pwd'], 'registration' => $_POST['registration'], 'theme' => $_POST['theme'])); if ($update && !$warning) {
* @package SUMO * @category Console */ $tab = sumo_get_user_info($_GET['id'], 'id', false); if (sumo_verify_permissions(4, $tab['group'], null, false) || sumo_verify_permissions(false, false, $tab['username'], false) || $SUMO['user']['id'] == $tab['owner_id']) { $tpl['PUT:NewPassword'] = $tpl['PUT:NewPassword'] ? $tpl['PUT:NewPassword'] : ''; $tpl['PUT:ReNewPassword'] = $tpl['PUT:ReNewPassword'] ? $tpl['PUT:ReNewPassword'] : ''; // If id not exist if (!$tab['username']) { $tpl['MESSAGE:H'] = sumo_get_message('W00001C', $_GET['id']); } // get data source of user $datasource = sumo_get_datasource_info($tab['datasource_id']); $tpl['PUT:Status'] = ""; $tpl['PUT:GroupLevel'] = sumo_put_user_grouplevel($_GET['id']); $tpl['PUT:AddGroupLevel'] = $tab['username'] == 'sumo' ? "<input type='hidden' name='newgroup' value='sumo:7'>" : sumo_add_user_grouplevel('ModifyUsers', sumo_get_grouplevel($tab['usergroup'], true)); $tpl['BUTTON:AddGroup'] = $tab['username'] == 'sumo' ? "" : "<input type='submit' class='button' value='" . $language['AddGroup'] . "'>"; $tpl['PUT:DataSourceType'] = ($tab['username'] == 'sumo' || $tab['username'] == $SUMO['user']['user']) && $SUMO['user']['id'] != $tab['owner_id'] ? "<input name='datasource_id' type='hidden' value='" . $datasource['id'] . "'>" . $datasource['name'] : sumo_put_datasource($datasource['id']); $tpl['GET:LastLogin'] = sumo_get_human_date($tab['last_login']); $tpl['GET:PwdUpdated'] = sumo_get_human_date($tab['pwd_updated']); $tpl['GET:AccountCreated'] = sumo_get_human_date($tab['created']); $tpl['GET:Modified'] = sumo_get_human_date($tab['modified']); $tpl['GET:UserAccessPages'] = sumo_get_user_accesspoints($tab['id'], true); $tpl['GET:UpdateForm'] = sumo_get_form_req('', 'modify', 'id=' . $tab['id'], 'POST', ' enctype="multipart/form-data"'); $tpl['GET:Expire'] = $tab['day_limit'] ? sumo_get_human_date($tab['day_limit'] * 86400 + $SUMO['server']['time'], false) : $language['Never']; $tpl['GET:User'] = $tab['username'] . "<input type='hidden' name='user' value='" . $tab['username'] . "'>"; $tpl['IMG:User'] = "******" . $tab['id'] . "' alt='" . $tab['username'] . "' class='user'>"; $tpl['IMG:Language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $tab['language'] . ".png' alt='" . ucwords(sumo_get_string_languages($tab['language'])) . "' class='flag' id='userflag'>"; $tpl['LINK:AddUser'] = sumo_get_action_icon("users", "new", "users.content", "?module=users&action=new&decoration=false"); $tpl['LINK:EditUser'] = sumo_get_action_icon("users", "edit"); // Verify image support for refection effects
/** * Get info of user * If not specify an user return current session user info * $type specify a search method, user is default * * @global resource $SUMO * @return array $user_data * @author Alberto Basso <*****@*****.**> */ function sumo_get_user_info($value = FALSE, $field = 'username', $cache = TRUE) { global $SUMO; $cache_time = 30; if (!$value) { $value = $_SESSION['user']['user']; } switch (strtolower($field)) { case '': case 'user': $field = "username"; $value = "'" . $value . "'"; break; case 'username': $field = "username"; $value = "'" . $value . "'"; break; case 'email': $field = "email"; $value = "'" . $value . "'"; break; case 'id': $field = "id"; $value = intval($value); break; } $query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\tWHERE " . $field . "=" . $value; // ...to disable cached password when user changed it if (isset($_SESSION['pwd_changed'])) { if ($_SESSION['pwd_changed'] + $cache_time > time()) { $cache = false; } else { $cache = true; unset($_SESSION['pwd_changed']); } } if ($cache) { $rs = $SUMO['DB']->CacheExecute($cache_time, $query); } else { $rs = $SUMO['DB']->Execute($query); } $user_data = $rs->FetchRow(); $user_data['user'] = $user_data['username']; $user_data['datasource_id'] = $user_data['datasource_id'] == "" ? false : $user_data['datasource_id']; $user_data['ip'] = empty($user_data['ip']) ? array() : sumo_get_iprange($user_data['ip']); $user_data['group_level'] = empty($user_data['usergroup']) ? array() : sumo_get_grouplevel($user_data['usergroup']); $user_data['group'] = empty($user_data['usergroup']) ? array() : sumo_get_grouplevel($user_data['usergroup'], true); $user_data['datasource_type'] = 'SUMO'; $user_data['datasource_name'] = 'SUMO Access Manager'; // Get authorization type (if defined) if ($user_data['datasource_id'] != 1 && $user_data['datasource_type'] != 'Unix') { $ds = sumo_get_datasource_info($user_data['datasource_id']); $user_data['datasource_type'] = $ds['type']; $user_data['datasource_enctype'] = $ds['enctype']; $user_data['datasource_name'] = $ds['name']; } // Get shadow password for local Unix users if ($user_data['datasource_type'] == 'Unix') { $u = exec("egrep \"^{$user_data['user']}:\" /etc/shadow"); $p = explode(":", $u); $a = explode(" ", exec("passwd -S {$user_data['user']}")); $user_data['active'] = $a[1] == "P" ? 1 : 0; $user_data['password'] = $p[1]; } return $user_data; }
$pwd_verify = 'new_password2'; break; default: $pwd_verify = 'new_password'; break; } $data = array(array('id', $_GET['id'], 1), array('username', $_POST['user'], 1), array('name', $_POST['firstname']), array('name', $_POST['lastname']), array('active', $_POST['active']), array('email', $_POST['email']), array('language', $_POST['language']), array('datasource_id', $_POST['datasource_id'], 1), array('usergroup', $_POST['group']), array('ip', $_POST['ip']), array('day_limit', $_POST['day_limit']), array($pwd_verify, array($_POST['new_password'], $_POST['renew_password']))); $validate = sumo_validate_data($data, true); // verify if current user is sumo to change administrator account if ($_POST['user'] == 'sumo' && $SUMO['user']['user'] != 'sumo') { $validate = array(false, $language['CannotModifyAccount']); } // Verify submittedd groups with current user group if ($validate[0]) { $submitted_group_level = sumo_get_grouplevel($_POST['group']); $submitted_group = sumo_get_grouplevel($_POST['group'], true); $available_group = sumo_get_available_group(); for ($g = 0; $g < count($submitted_group); $g++) { if (!in_array($submitted_group[$g], $available_group) && $submitted_group[$g]) { $validate = array(false, sumo_get_message('GroupNotAvailable', $submitted_group[$g])); break; } if (!in_array('sumo', $SUMO['user']['group']) || $submitted_group[$g] == 'sumo') { if ($SUMO['user']['group_level'][$submitted_group[$g]] < $submitted_group_level[$submitted_group[$g]] || $SUMO['user']['group_level'][$submitted_group[$g]] < $tab['group_level'][$submitted_group[$g]]) { $submitted_group_level[$submitted_group[$g]] = $tab['group_level'][$submitted_group[$g]]; } // User can't change his group level if ($_GET['id'] == $SUMO['user']['id'] && $submitted_group_level[$submitted_group[$g]] != $SUMO['user']['group_level'][$submitted_group[$g]]) { $validate = array(false, sumo_get_message('WrongLevel', $submitted_group_level[$submitted_group[$g]])); } }
/** * Combo box to add group and relative level to user */ function sumo_add_user_grouplevel($form_name = '', $group_exist = array()) { global $SUMO; $groups_array = sumo_get_grouplevel(sumo_get_user_available_group($SUMO['user']['user'])); $groups_name = array_keys($groups_array); $form_name = $form_name ? $form_name : ucfirst($_SESSION['action']) . ucfirst($_SESSION['module']); $available = FALSE; $script = ""; $change = "n=document.forms['{$form_name}'].group;\n" . "l=document.forms['{$form_name}'].newgroup;\n" . "gr=n.options[n.selectedIndex].value;\n" . "ls=g[gr];l.options.length=0;if(!gr)return;\n" . "for(i=0;i<ls.length;i+=2){l.options[i/2]=new Option(ls[i],ls[i+1]);}\n"; $list = "<select name='group' onchange=\"" . $change . "\">\n<option></option>\n"; for ($g = 0; $g < count($groups_name); $g++) { // ...administrator can add all groups if ($groups_name[$g] == 'sumo') { $available_group = sumo_get_available_group(); // ...to display 'sumo' group on top //if(!in_array('sumo', $group_exist)) // $list .= " <option value='sumo' style='color:#BB0000'>sumo</option>\n"; for ($g = 0; $g < count($available_group); $g++) { // create levels for ($l = 1; $l <= 7; $l++) { $value[$l] = $l . ",'" . $available_group[$g] . ":" . $l . "'"; if ($available_group[$g] == 'sumo' && $SUMO['user']['group_level']['sumo'] <= $l) { break; } } $script .= "g['" . $available_group[$g] . "']=new Array(" . implode(',', $value) . ");\n"; // if (!in_array($available_group[$g], $group_exist)) { $list .= " <option value='" . $available_group[$g] . "'>" . $available_group[$g] . "</option>\n"; } } $available = TRUE; break; } else { // create levels for ($l = 1; $l <= $groups_array[$groups_name[$g]]; $l++) { $value[$l] = $l . ",'" . $groups_name[$g] . ":" . $l . "'"; } $script .= "g['" . $groups_name[$g] . "']=new Array(" . implode(',', $value) . ");"; // if (!in_array($groups_name[$g], $group_exist)) { $list .= " <option value='" . $groups_name[$g] . "'>" . $groups_name[$g] . "</option>\n"; $available = TRUE; } } } $list .= "</select> : <select name='newgroup'></select>"; $list = str_replace("onchange=\"", "onchange=\"g=new Array();" . $script, $list); return $available ? $list : ''; }
} $color = $tab['active'] ? 'on' : 'off'; $rowcolor = $tab['active'] ? '' : " class='row-null'"; $last_login = $tab['last_login'] ? sumo_get_human_date($tab['last_login']) : ' '; $created = $tab['created'] ? sumo_get_human_date($tab['created']) : ' '; $expire = $tab['day_limit'] != NULL ? sumo_get_human_date($tab['day_limit'] * 86400 + $SUMO['server']['time'], FALSE) : ''; $style = $tab['username'] == $SUMO['user']['user'] ? 'tab-row-highlight' : sumo_alternate_str('tab-row-on', 'tab-row-off'); //$style2 = ($tab['modified'] > $SUMO['server']['time'] - 10) ? " style='border-top:1px solid #FF7722;border-bottom:1px solid #FF7722'" : ""; $username = sumo_get_formatted_username($tab['firstname'], $tab['lastname']); // Format group string to display it $group = preg_replace("/sumo:7/", "<b><font color='#BB0000'>sumo:7</font></b>", $tab['usergroup']); $group = preg_replace("/sumo:/", "<font color='#BB0000'>sumo</font>:", $group); $group = str_replace(';', ', ', $group); $group = strlen(strip_tags($group)) > 50 ? substr($group, 0, 50) . '...' : $group; // $usergroup = sumo_get_grouplevel($tab['usergroup'], true); for ($g = 0; $g < count($usergroup); $g++) { if (!in_array($usergroup[$g], $available_group)) { $group = str_replace($usergroup[$g], '<strike>' . $usergroup[$g] . '</strike>', $group); } } if ($search) { $tab['username'] = sumo_color_match_string($field['username'][1], $tab['username']); $tab['email'] = sumo_color_match_string($field['email'][1], $tab['email']); $group = sumo_color_match_string($field['usergroup'][1], strip_tags($group)); $username = sumo_color_match_string(array_merge($field['firstname'][1], $field['lastname'][1]), $username); } $list .= "<tr" . $rowcolor . ">\n"; if ($col[6]) { $list .= " <td class='" . $style . "'><img src='themes/" . $SUMO['page']['theme'] . "/images/modules/users/user_" . $color . ".gif' alt='•'></td>\n"; }