DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of the NAS4Free Project. */ require "guiconfig.inc"; unset($input_errors); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (is_validlogin($_POST['username'])) { Session::start(); if ($_POST['username'] === $config['system']['username'] && $_POST['password'] === $config['system']['password']) { Session::initAdmin(); header('Location: index.php'); exit; } else { $users = system_get_user_list(); foreach ($users as $userk => $userv) { $password = crypt($_POST['password'], $userv['password']); if ($_POST['username'] === $userv['name'] && $password === $userv['password']) { // Check if it is a local user if (empty($config['access']['user']) || FALSE === ($cnid = array_search_ex($userv['uid'], $config['access']['user'], "id"))) { break; } // Is user allowed to access the user portal?
$pconfig['userportal'] = FALSE; } if ($_POST) { unset($input_errors); $pconfig = $_POST; if ($_POST['Cancel']) { header("Location: access_users.php"); exit; } $reqdfields = explode(" ", "login fullname primarygroup userid shell"); $reqdfieldsn = array(gettext("Name"), gettext("Full Name"), gettext("Primary Group"), gettext("User ID"), gettext("Shell")); $reqdfieldst = explode(" ", "string string numeric numeric string"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); do_input_validation_type($_POST, $reqdfields, $reqdfieldsn, $reqdfieldst, &$input_errors); // Check for valid login name. if ($_POST['login'] && !is_validlogin($_POST['login'])) { $input_errors[] = gettext("The login name contains invalid characters."); } if ($_POST['login'] && strlen($_POST['login']) > 16) { $input_errors[] = gettext("The login name is limited to 16 characters."); } if ($_POST['login'] && in_array($_POST['login'], $reservedlogin)) { $input_errors[] = gettext("The login name is a reserved login name."); } // Check for valid Full name. if ($_POST['fullname'] && !is_validdesc($_POST['fullname'])) { $input_errors[] = gettext("The full name contains invalid characters."); } // Check for name conflicts. Only check if user is created. if (!(isset($uuid) && FALSE !== $cnid) && (is_array($a_user_system) && array_key_exists($_POST['login'], $a_user_system) || false !== array_search_ex($_POST['login'], $a_user, "login"))) { $input_errors[] = gettext("This user already exists in the user list.");