}
default:
/* Builtin Auth */
if (!$user_auth && !$ldap_error) {
/* if auth has not occured process for builtin - AKA Ldap fall through */
$user = db_fetch_row("SELECT * FROM user_auth WHERE username = '******' AND password = md5('" . get_request_var_post("login_password") . "') AND realm = 0");
}
}
/* end of switch */
/* Create user from template if requested */
if (!sizeof($user) && $copy_user && read_config_option("user_template") != "0" && strlen($username) > 0) {
cacti_log("WARN: User '" . $username . "' does not exist, copying template user", false, "AUTH");
/* check that template user exists */
if (db_fetch_row("SELECT id FROM user_auth WHERE username = '******' AND realm = 0")) {
/* template user found */
user_copy(read_config_option("user_template"), $username, 0, $realm);
/* requery newly created user */
$user = db_fetch_row("SELECT * FROM user_auth WHERE username = '******' AND realm = " . $realm);
} else {
/* error */
cacti_log("LOGIN: Template user '" . read_config_option("user_template") . "' does not exist.", false, "AUTH");
auth_display_custom_error_message("Template user '" . read_config_option("user_template") . "' does not exist.");
exit;
}
}
/* Guest account checking - Not for builtin */
$guest_user = false;
if (sizeof($user) < 1 && $user_auth && read_config_option("guest_user") != "0") {
/* Locate guest user record */
$user = db_fetch_row("SELECT * FROM user_auth WHERE username = '******'");
if ($user) {
switch ($_REQUEST["action"]) {
case 'login':
/* --- start ldap section --- */
$ldap_auth = false;
if ((read_config_option("ldap_enabled") == "on") && ($_POST["realm"] == "ldap") && (strlen($_POST["login_password"]))){
$ldap_conn = ldap_connect(read_config_option("ldap_server"));
if ($ldap_conn) {
$ldap_dn = str_replace("<username>",$_POST["login_username"],read_config_option("ldap_dn"));
$ldap_response = @ldap_bind($ldap_conn,$ldap_dn,$_POST["login_password"]);
if ($ldap_response) {
$ldap_auth = true;
if (sizeof(db_fetch_assoc("select * from user_auth where username='******' and realm = 1")) == 0) {
/* copy template user's settings */
user_copy(read_config_option("ldap_template"), $_POST["login_username"], 1);
}
}
}
}
/* --- end ldap section --- */
if ($ldap_auth) {
$user = db_fetch_row("select * from user_auth where username='******' and realm = 1");
} else {
$user = db_fetch_row("select * from user_auth where username='******' and password = '******' and realm = 0");
}
if (sizeof($user)) {
/* make entry in the transactions log */
db_execute("insert into user_log (username,user_id,result,ip,time) values('" . $_POST["login_username"] ."'," . $user["id"] . ",1,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())");
include_once($config["base_path"] . "/lib/auth.php");
$template_user = $_SERVER["argv"][1];
$new_user = $_SERVER["argv"][2];
print "Cacti User Copy Utility\n";
print "Template User: "******"\n";
print "New User: "******"\n";
/* Check that user exists */
$user_auth = db_fetch_row("select * from user_auth where username = '******'");
if (! isset($user_auth)) {
die("Error: Template user does not exist!\n\n");
}
print "\nCopying User...\n";
@user_copy($template_user, $new_user);
$user_auth = db_fetch_row("select * from user_auth where username = '******'");
if (! isset($user_auth)) {
die("Error: User not copied!\n\n");
}
print "User copied...\n";
?>
if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
if (empty($_SERVER["argv"][2])) {
print "\nIt is highly recommended that you use the web interface to copy users as this script will only copy Local Cacti users.\n\n";
print "Syntax:\n php copy_cacti_user.php <template user> <new user>\n\n";
exit;
}
$no_http_headers = true;
include dirname(__FILE__) . "/../include/global.php";
include_once $config["base_path"] . "/lib/auth.php";
$template_user = $_SERVER["argv"][1];
$new_user = $_SERVER["argv"][2];
print "\nIt is highly recommended that you use the web interface to copy users as this script will only copy Local Cacti users.\n\n";
print "Cacti User Copy Utility\n";
print "Template User: "******"\n";
print "New User: "******"\n";
/* Check that user exists */
$user_auth = db_fetch_row("SELECT * FROM user_auth WHERE username = '******' AND realm = 0");
if (!isset($user_auth)) {
die("Error: Template user does not exist!\n\n");
}
print "\nCopying User...\n";
if (user_copy($template_user, $new_user) === false) {
die("Error: User not copied!\n\n");
}
$user_auth = db_fetch_row("SELECT * FROM user_auth WHERE username = '******' AND realm = 0");
if (!isset($user_auth)) {
die("Error: User not copied!\n\n");
}
print "User copied...\n";
function form_actions() {
global $colors, $user_actions, $auth_realms;
/* if we are to save this form, instead of display it */
if (isset($_POST["selected_items"])) {
if (get_request_var_post("drp_action") != "2") {
$selected_items = unserialize(stripslashes(get_request_var_post("selected_items")));
}
if (get_request_var_post("drp_action") == "1") { /* delete */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_remove($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "2") { /* copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("selected_items"));
input_validate_input_number(get_request_var_post("new_realm"));
/* ==================================================== */
$new_username = get_request_var_post("new_username");
$new_realm = get_request_var_post("new_realm", 0);
$template_user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("selected_items"));
$overwrite = array( "full_name" => get_request_var_post("new_fullname") );
if (strlen($new_username)) {
if (sizeof(db_fetch_assoc("SELECT username FROM user_auth WHERE username = '******' AND realm = " . $new_realm))) {
raise_message(19);
} else {
if (user_copy($template_user["username"], $new_username, $template_user["realm"], $new_realm, false, $overwrite) === false) {
raise_message(2);
} else {
raise_message(1);
}
}
}
}
if (get_request_var_post("drp_action") == "3") { /* enable */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_enable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "4") { /* disable */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_disable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "5") { /* batch copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("template_user"));
/* ==================================================== */
$copy_error = false;
$template = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("template_user"));
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
$user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . $selected_items[$i]);
if ((isset($user)) && (isset($template))) {
if (user_copy($template["username"], $user["username"], $template["realm"], $user["realm"], true) === false) {
$copy_error = true;
}
}
}
if ($copy_error) {
raise_message(2);
} else {
raise_message(1);
}
}
header("Location: user_admin.php");
exit;
}
/* loop through each of the users and process them */
$user_list = "";
$user_array = array();
$i = 0;
while (list($var,$val) = each($_POST)) {
if (ereg("^chk_([0-9]+)$", $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post("drp_action") != "2") {
$user_list .= "<li>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1]) . "<br>";
}
$user_array[$i] = $matches[1];
}
$i++;
}
include_once("./include/top_header.php");
html_start_box("<strong>" . $user_actions[get_request_var_post("drp_action")] . "</strong>", "60%", $colors["header_panel"], "3", "center", "");
print "<form action='user_admin.php' method='post'>\n";
if ((get_request_var_post("drp_action") == "1") && (sizeof($user_array))) { /* delete */
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Are you sure you want to delete the following users?</p>
<p>$user_list</p>
</td>
</tr>\n";
}
$user_id = "";
if ((get_request_var_post("drp_action") == "2") && (sizeof($user_array))) { /* copy */
$user_id = $user_array[0];
$user_realm = db_fetch_cell("SELECT realm FROM user_auth WHERE id = " . $user_id);
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
Would you like to copy this user?<br><br>
</td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
Template Username: <i>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $user_id) . "</i>
</td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
New Username: "******"new_username", "", "", 25);
print " </td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
New Full Name: ";
print form_text_box("new_fullname", "", "", 35);
print " </td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
New Realm: \n";
print form_dropdown("new_realm", $auth_realms, "", "", $user_realm, "", 0);
print " </td>
</tr>\n";
}
if ((get_request_var_post("drp_action") == "3") && (sizeof($user_array))) { /* enable */
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Are you sure you want to enable the following users?</p>
<p>$user_list</p>
</td>
</tr>\n";
}
if ((get_request_var_post("drp_action") == "4") && (sizeof($user_array))) { /* disable */
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Are you sure you want to disable the following users?</p>
<p>$user_list</p>
</td>
</tr>\n";
}
if ((get_request_var_post("drp_action") == "5") && (sizeof($user_array))) { /* batch copy */
$usernames = db_fetch_assoc("SELECT id,username FROM user_auth WHERE realm = 0 ORDER BY username");
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>Are you sure you want to overwrite the selected users with the selected template users settings and permissions? Original user Full Name, Password, Realm and Enable status will be retained, all other fields will be overwritten from template user.<br><br></td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
Template User: \n";
print form_dropdown("template_user", $usernames, "username", "id", "", "", 0);
print " </td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Users to update:
$user_list</p>
</td>
</tr>\n";
}
if (sizeof($user_array) == 0) {
print "<tr><td bgcolor='#" . $colors["form_alternate1"]. "'><span class='textError'>You must select at least one user.</span></td></tr>\n";
$save_html = "<a href='user_admin.php'><img src='images/button_cancel.gif' alt='Cancel' align='absmiddle' border='0'></a>";
}else{
$save_html = "<a href='user_admin.php'><img src='images/button_no.gif' alt='Cancel' align='absmiddle' border='0'></a> <input type='image' src='images/button_yes.gif' alt='Save' align='absmiddle'>";
}
print " <tr>
<td align='right' bgcolor='#eaeaea'>
<input type='hidden' name='action' value='actions'>";
if (get_request_var_post("drp_action") == "2") { /* copy */
print " <input type='hidden' name='selected_items' value='" . $user_id . "'>\n";
}else{
print " <input type='hidden' name='selected_items' value='" . (isset($user_array) ? serialize($user_array) : '') . "'>\n";
}
print " <input type='hidden' name='drp_action' value='" . get_request_var_post("drp_action") . "'>
$save_html
</td>
</tr>
";
html_end_box();
include_once("./include/bottom_footer.php");
}
}
switch ($_REQUEST["action"]) {
case 'login':
$username = sanitize_search_string(get_request_var_post('login_username'));
/* --- start ldap section --- */
$ldap_auth = false;
if (read_config_option("ldap_enabled") == "on" && $_POST["realm"] == "ldap" && strlen($username) && strlen($username)) {
$ldap_conn = ldap_connect(read_config_option("ldap_server"));
if ($ldap_conn) {
$ldap_dn = str_replace("<username>", $username, read_config_option("ldap_dn"));
$ldap_response = @ldap_bind($ldap_conn, $ldap_dn, stripslashes($_POST["login_password"]));
if ($ldap_response) {
$ldap_auth = true;
if (sizeof(db_fetch_assoc("select * from user_auth where username='******' and realm = 1")) == 0) {
/* copy template user's settings */
user_copy(read_config_option("ldap_template"), $username, 1);
}
}
}
}
/* --- end ldap section --- */
if ($ldap_auth) {
$user = db_fetch_row("select * from user_auth where username='******' and realm = 1");
} else {
$user = db_fetch_row("select * from user_auth where username='******' and password = '******' and realm = 0");
}
if (sizeof($user)) {
/* make entry in the transactions log */
db_execute("insert into user_log (username,user_id,result,ip,time) values('{$username}'," . $user["id"] . ",1,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())");
/* set the php session */
$_SESSION["sess_user_id"] = $user["id"];
function domains_login_process()
{
global $user, $realm, $username, $user_auth, $ldap_error, $ldap_error_message;
if (is_numeric(get_request_var_post('realm')) && strlen(get_request_var_post('login_password')) > 0) {
/* include LDAP lib */
include_once './lib/ldap.php';
/* get user DN */
$ldap_dn_search_response = domains_ldap_search_dn($username, get_request_var_post('realm'));
if ($ldap_dn_search_response['error_num'] == '0') {
$ldap_dn = $ldap_dn_search_response['dn'];
} else {
/* Error searching */
cacti_log('LOGIN: LDAP Error: ' . $ldap_dn_search_response['error_text'], false, 'AUTH');
$ldap_error = true;
$ldap_error_message = 'LDAP Search Error: ' . $ldap_dn_search_response['error_text'];
$user_auth = false;
$user = array();
}
if (!$ldap_error) {
/* auth user with LDAP */
$ldap_auth_response = domains_ldap_auth($username, stripslashes(get_request_var_post('login_password')), $ldap_dn, get_request_var_post('realm'));
if ($ldap_auth_response['error_num'] == '0') {
/* User ok */
$user_auth = true;
$copy_user = true;
$realm = get_request_var_post('realm');
/* Locate user in database */
cacti_log("LOGIN: LDAP User '" . $username . "' Authenticated from Domain '" . db_fetch_cell('SELECT domain_name FROM user_domains WHERE domain_id=' . ($realm - 1000)) . "'", false, 'AUTH');
$user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE username = ? AND realm = ?', array($username, $realm));
/* Create user from template if requested */
$template_user = db_fetch_cell_prepared('SELECT user_id FROM user_domains WHERE domain_id = ?', array(get_request_var_post('realm') - 1000));
$template_username = db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($template_user));
if (!sizeof($user) && $copy_user && $template_user != '0' && strlen($username) > 0) {
cacti_log("WARN: User '" . $username . "' does not exist, copying template user", false, 'AUTH');
/* check that template user exists */
if (db_fetch_row_prepared('SELECT id FROM user_auth WHERE id = ? AND realm = 0', array($template_user))) {
/* template user found */
user_copy($template_username, $username, 0, $realm);
/* requery newly created user */
$user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE username = ? AND realm = ?', array($username, $realm));
} else {
/* error */
cacti_log("LOGIN: Template user '" . $template_username . "' does not exist.", false, 'AUTH');
auth_display_custom_error_message("Template user '" . $template_username . "' does not exist.");
exit;
}
}
} else {
/* error */
cacti_log('LOGIN: LDAP Error: ' . $ldap_auth_response['error_text'], false, 'AUTH');
$ldap_error = true;
$ldap_error_message = 'LDAP Error: ' . $ldap_auth_response['error_text'];
$user_auth = false;
$user = array();
}
}
}
}
function form_actions()
{
global $user_actions, $auth_realms;
/* ================= input validation ================= */
input_validate_input_regex(get_request_var_post('drp_action'), "^([a-zA-Z0-9_]+)\$");
/* ==================================================== */
/* if we are to save this form, instead of display it */
if (isset($_POST["selected_items"])) {
if (get_request_var_post("drp_action") != "2") {
$selected_items = sanitize_unserialize_selected_items($_POST['selected_items']);
}
if ($selected_items != false) {
if (get_request_var_post("drp_action") == "1") {
/* delete */
for ($i = 0; $i < count($selected_items); $i++) {
user_remove($selected_items[$i]);
api_plugin_hook_function('user_remove', $selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "2") {
/* copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("selected_items"));
input_validate_input_number(get_request_var_post("new_realm"));
/* ==================================================== */
$new_username = get_request_var_post("new_username");
$new_realm = get_request_var_post("new_realm", 0);
$template_user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("selected_items"));
$overwrite = array("full_name" => get_request_var_post("new_fullname"));
if (strlen($new_username)) {
if (sizeof(db_fetch_assoc("SELECT username FROM user_auth WHERE username = '******' AND realm = " . $new_realm))) {
raise_message(19);
} else {
if (user_copy($template_user["username"], $new_username, $template_user["realm"], $new_realm, false, $overwrite) === false) {
raise_message(2);
} else {
raise_message(1);
}
}
}
}
if (get_request_var_post("drp_action") == "3") {
/* enable */
for ($i = 0; $i < count($selected_items); $i++) {
user_enable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "4") {
/* disable */
for ($i = 0; $i < count($selected_items); $i++) {
user_disable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "5") {
/* batch copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("template_user"));
/* ==================================================== */
$copy_error = false;
$template = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("template_user"));
for ($i = 0; $i < count($selected_items); $i++) {
$user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . $selected_items[$i]);
if (isset($user) && isset($template)) {
if (user_copy($template["username"], $user["username"], $template["realm"], $user["realm"], true) === false) {
$copy_error = true;
}
}
}
if ($copy_error) {
raise_message(2);
} else {
raise_message(1);
}
}
}
header("Location: user_admin.php");
exit;
}
/* loop through each of the users and process them */
$user_list = "";
$user_array = array();
$i = 0;
while (list($var, $val) = each($_POST)) {
if (preg_match("/^chk_([0-9]+)\$/", $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post("drp_action") != "2") {
$user_list .= "<li>" . htmlspecialchars(db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1])) . "</li>";
}
$user_array[$i] = $matches[1];
$i++;
}
}
/* Check for deleting of Graph Export User */
if (get_request_var_post("drp_action") == "1" && isset($user_array) && sizeof($user_array)) {
/* delete */
$exportuser = read_config_option('export_user_id');
if (in_array($exportuser, $user_array)) {
raise_message(22);
header("Location: user_admin.php");
exit;
}
}
include_once "./include/top_header.php";
html_start_box("<strong>" . $user_actions[get_request_var_post("drp_action")] . "</strong>", "60%", "", "3", "center", "");
print "<form action='user_admin.php' method='post'>\n";
if (isset($user_array) && sizeof($user_array)) {
if (get_request_var_post("drp_action") == "1" && sizeof($user_array)) {
/* delete */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\", the selected User(s) will be deleted.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Delete User(s)'>";
}
$user_id = "";
if (get_request_var_post("drp_action") == "2" && sizeof($user_array)) {
/* copy */
$user_id = $user_array[0];
$user_realm = db_fetch_cell("SELECT realm FROM user_auth WHERE id = " . $user_id);
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tWhen you click \"Continue\" the selected User will be copied to the new User below<br><br>\n\t\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate Username: <i>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $user_id) . "</i>\n\t\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\tNew Username: "******"new_username", "", "", 25);
print "\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tNew Full Name: ";
print form_text_box("new_fullname", "", "", 35);
print "\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tNew Realm: \n";
print form_dropdown("new_realm", $auth_realms, "", "", $user_realm, "", 0);
print "\t\t\t\t</td>\n\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Copy User'>";
}
if (get_request_var_post("drp_action") == "3" && sizeof($user_array)) {
/* enable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be enabled.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Enable User(s)'>";
}
if (get_request_var_post("drp_action") == "4" && sizeof($user_array)) {
/* disable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be disabled.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Disable User(s)'>";
}
if (get_request_var_post("drp_action") == "5" && sizeof($user_array)) {
/* batch copy */
$usernames = db_fetch_assoc("SELECT id,username FROM user_auth WHERE realm = 0 ORDER BY username");
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea' class='odd'>When you click \"Continue\" you will overwrite selected the User(s) settings with the selected template User settings and permissions? Original user Full Name, Password, Realm and Enable status will be retained, all other fields will be overwritten from Template User.<br><br></td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate User: \n";
print form_dropdown("template_user", $usernames, "username", "id", "", "", 0);
print "\t\t</td>\n\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>User(s) to update:\n\t\t\t\t\t\t<ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Reset User(s) Settings'>";
}
} else {
print "<tr><td class='odd'><span class='textError'>You must select at least one user.</span></td></tr>\n";
$save_html = "<input type='button' value='Return' onClick='window.history.back()'>";
}
print " <tr>\n\t\t\t<td align='right' bgcolor='#eaeaea'>\n\t\t\t\t<input type='hidden' name='action' value='actions'>";
if (get_request_var_post("drp_action") == "2") {
/* copy */
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . $user_id . "'>\n";
} else {
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . (isset($user_array) ? serialize($user_array) : '') . "'>\n";
}
print "\t\t\t\t<input type='hidden' name='drp_action' value='" . get_request_var_post("drp_action") . "'>\n\t\t\t\t{$save_html}\n\t\t\t</td>\n\t\t</tr>\n\t\t";
html_end_box();
include_once "./include/bottom_footer.php";
}
function form_actions()
{
global $user_actions, $auth_realms;
/* if we are to save this form, instead of display it */
if (isset($_POST['associate_host'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 3)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 3', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permsd&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_graph'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 1)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 1', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permsg&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_template'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 4)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 4', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permste&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_groups'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_group_members (user_id, group_id) VALUES (?, ?)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_group_members WHERE user_id = ? AND group_id = ?', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permsgr&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_tree'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 2)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 2', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permstr&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['selected_items'])) {
if (get_request_var_post('drp_action') != '2') {
$selected_items = unserialize(stripslashes(get_request_var_post('selected_items')));
}
if (get_request_var_post('drp_action') == '1') {
/* delete */
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_remove($selected_items[$i]);
api_plugin_hook_function('user_remove', $selected_items[$i]);
}
}
if (get_request_var_post('drp_action') == '2') {
/* copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post('selected_items'));
input_validate_input_number(get_request_var_post('new_realm'));
/* ==================================================== */
$new_username = get_request_var_post('new_username');
$new_realm = get_request_var_post('new_realm', 0);
$template_user = db_fetch_row_prepared('SELECT username, realm FROM user_auth WHERE id = ?', array(get_request_var_post('selected_items')));
$overwrite = array('full_name' => get_request_var_post('new_fullname'));
if (strlen($new_username)) {
if (sizeof(db_fetch_assoc_prepared('SELECT username FROM user_auth WHERE username = ? AND realm = ?', array($new_username, $new_realm)))) {
raise_message(19);
} else {
if (user_copy($template_user['username'], $new_username, $template_user['realm'], $new_realm, false, $overwrite) === false) {
raise_message(2);
} else {
raise_message(1);
}
}
}
}
if (get_request_var_post('drp_action') == '3') {
/* enable */
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_enable($selected_items[$i]);
}
}
if (get_request_var_post('drp_action') == '4') {
/* disable */
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_disable($selected_items[$i]);
}
}
if (get_request_var_post('drp_action') == '5') {
/* batch copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post('template_user'));
/* ==================================================== */
$copy_error = false;
$template = db_fetch_row_prepared('SELECT username, realm FROM user_auth WHERE id = ?', array(get_request_var_post('template_user')));
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
$user = db_fetch_row_prepared('SELECT username, realm FROM user_auth WHERE id = ?', array($selected_items[$i]));
if (isset($user) && isset($template)) {
if (user_copy($template['username'], $user['username'], $template['realm'], $user['realm'], true) === false) {
$copy_error = true;
}
}
}
if ($copy_error) {
raise_message(2);
} else {
raise_message(1);
}
}
header('Location: user_admin.php');
exit;
}
/* loop through each of the users and process them */
$user_list = '';
$user_array = array();
$i = 0;
while (list($var, $val) = each($_POST)) {
if (preg_match('/^chk_([0-9]+)$/', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') != '2') {
$user_list .= '<li>' . db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($matches[1])) . '</li>';
}
$user_array[$i] = $matches[1];
$i++;
}
}
/* Check for deleting of Graph Export User */
if (get_request_var_post('drp_action') == '1' && isset($user_array) && sizeof($user_array)) {
/* delete */
$exportuser = read_config_option('export_user_id');
if (in_array($exportuser, $user_array)) {
raise_message(22);
header('Location: user_admin.php');
exit;
}
}
top_header();
html_start_box('<strong>' . $user_actions[get_request_var_post('drp_action')] . '</strong>', '40%', '', '3', 'center', '');
print "<form action='user_admin.php' method='post'>\n";
if (isset($user_array) && sizeof($user_array)) {
if (get_request_var_post('drp_action') == '1' && sizeof($user_array)) {
/* delete */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\", the selected User(s) will be deleted.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Delete User(s)'>";
}
$user_id = '';
if (get_request_var_post('drp_action') == '2' && sizeof($user_array)) {
/* copy */
$user_id = $user_array[0];
$user_realm = db_fetch_cell_prepared('SELECT realm FROM user_auth WHERE id = ?', array($user_id));
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tWhen you click \"Continue\" the selected User will be copied to the new User below<br><br>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate Username: <i>" . db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($user_id)) . "</i>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\tUsername: "******"\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tFull Name: ";
print form_text_box('new_fullname', '', '', 35);
print "\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tRealm: \n";
print form_dropdown('new_realm', $auth_realms, '', '', $user_realm, '', 0);
print "\t\t\t\t</td>\n\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Copy User'>";
}
if (get_request_var_post('drp_action') == '3' && sizeof($user_array)) {
/* enable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be enabled.</p>\n\t\t\t\t\t\t<ul>{$user_list}</ul>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Enable User(s)'>";
}
if (get_request_var_post('drp_action') == '4' && sizeof($user_array)) {
/* disable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be disabled.</p>\n\t\t\t\t\t\t<ul>{$user_list}</ul>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Disable User(s)'>";
}
if (get_request_var_post('drp_action') == '5' && sizeof($user_array)) {
/* batch copy */
$usernames = db_fetch_assoc('SELECT id, username FROM user_auth WHERE realm = 0 ORDER BY username');
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>When you click \"Continue\" you will overwrite selected the User(s) settings with the selected template User settings and permissions? Original user Full Name, Password, Realm and Enable status will be retained, all other fields will be overwritten from Template User.<br><br></td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate User: \n";
print form_dropdown('template_user', $usernames, 'username', 'id', '', '', 0);
print "\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>User(s) to update:\n\t\t\t\t\t\t<ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Reset User(s) Settings'>";
}
} else {
print "<tr><td class='even'><span class='textError'>You must select at least one user.</span></td></tr>\n";
$save_html = "<input type='button' value='Return' onClick='window.history.back()'>";
}
print " <tr>\n\t\t\t<td align='right' class='saveRow'>\n\t\t\t\t<input type='hidden' name='action' value='actions'>";
if (get_request_var_post('drp_action') == '2') {
/* copy */
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . $user_id . "'>\n";
} else {
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . (isset($user_array) ? serialize($user_array) : '') . "'>\n";
}
print "\t\t\t\t<input type='hidden' name='drp_action' value='" . get_request_var_post('drp_action') . "'>\n\t\t\t\t{$save_html}\n\t\t\t</td>\n\t\t</tr>\n\t\t";
html_end_box();
bottom_footer();
}
