function save() {
$save = array();
$save["id"] = array("type" => DB_TYPE_INTEGER, "value" => $_SESSION["sess_user_id"]);
$save["current_theme"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["current_theme"], "current_theme", "", true, 3));
if (!is_error_message()) {
$user_id = api_user_save($save);
if ($user_id) {
/* user saved */
raise_message(1);
/* reset local settings cache so the user sees the new settings */
kill_session_var("sess_current_theme");
}else{
/* error saving */
raise_message(2);
}
}
header("Location: user_settings.php");
}
log_save(sprintf(_("LOGIN: User '%s' is disabled"), $user["username"]), SEV_WARNING, FACIL_AUTH);
auth_display_custom_error_message(_("Access Denied, user account disabled."));
exit;
}
$action = "";
} else {
/* set the php session */
$_SESSION["sess_user_id"] = $user["id"];
log_save(_("LOGIN: Setting up session variables"), SEV_DEBUG, FACIL_AUTH);
/* Update ip and lastlogin information for the user*/
log_save(_("LOGIN: Updating user last login information"), SEV_DEBUG, FACIL_AUTH);
$user_save = array();
$user_save["id"] = array("type" => DB_TYPE_INTEGER, "value" => $user["id"]);
$user_save["last_login"] = array("type" => DB_TYPE_FUNC_NOW, "value" => "");
$user_save["last_login_ip"] = array("type" => DB_TYPE_STRING, "value" => $_SERVER["REMOTE_ADDR"]);
api_user_save($user_save);
unset($user_save);
/* handle "force change password" */
if ($user["must_change_password"] == "on") {
log_save(_("LOGIN: Setting user force change password"), SEV_DEBUG, FACIL_AUTH);
$_SESSION["sess_change_password"] = true;
}
/* ok, at the point the user has been sucessfully authenticated; so we must
decide what to do next */
log_save(_("LOGIN: Figuring out URL to send user to"), SEV_DEBUG, FACIL_AUTH);
switch ($user["login_opts"]) {
case '1':
/* referer */
if (sizeof(db_fetch_assoc("select realm_id from user_auth_realm where realm_id=8 and user_id=" . $_SESSION["sess_user_id"])) == 0) {
$url_location = "graph_view.php";
} else {
function form_save() {
global $settings_graphs;
/* graph permissions */
if ((isset($_POST["save_component_graph_perms"])) && (!is_error_message())) {
$add_button_clicked = false;
if (isset($_POST["add_graph_y"])) {
api_user_graph_perms_add("graph",$_POST["id"],$_POST["perm_graphs"]);
$add_button_clicked = true;
}elseif (isset($_POST["add_tree_y"])) {
api_user_graph_perms_add("tree",$_POST["id"],$_POST["perm_trees"]);
$add_button_clicked = true;
}elseif (isset($_POST["add_host_y"])) {
api_user_graph_perms_add("host",$_POST["id"],$_POST["perm_hosts"]);
$add_button_clicked = true;
}elseif (isset($_POST["add_graph_template_y"])) {
api_user_graph_perms_add("graph_template",$_POST["id"],$_POST["perm_graph_templates"]);
$add_button_clicked = true;
}
if ($add_button_clicked == true) {
header("Location: user_admin.php?action=graph_perms_edit&id=" . $_POST["id"]);
exit;
}
}
/* user management save */
if (isset($_POST["save_component_user"])) {
/* check to make sure the passwords match; if not error */
if ($_POST["password"] != $_POST["password_confirm"]) {
raise_message(4);
}
/* check for duplicate username */
$user = api_user_info( array( "username" => $_POST["username"] ) );
if (sizeof($user)) {
if (!empty($_POST["id"])) {
if (($user["id"] != $_POST["id"]) && ($user["realm"] == $_POST["realm"])) {
raise_message(12);
}
}else{
raise_message(12);
}
}
/* password processing */
if ((empty($_POST["password"])) && (empty($_POST["password_confirm"]))) {
$user = api_user_info( array( "id" => $_POST["id"] ) );
if (sizeof($user)) {
$password = $user["password"];
}else{
$password = "";
}
}else{
$password = md5($_POST["password"]);
}
form_input_validate($_POST["password"], "password", "" . preg_quote($_POST["password_confirm"]) . "", true, 4);
form_input_validate($_POST["password_confirm"], "password_confirm", "" . preg_quote($_POST["password"]) . "", true, 4);
$save["id"] = array("type" => DB_TYPE_INTEGER, "value" => $_POST["id"]);
$save["username"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["username"], "username", "^[A-Za-z_0-9\.]+$", false, 3));
$save["full_name"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["full_name"], "full_name", "", true, 3));
$save["password"] = array("type" => DB_TYPE_STRING, "value" => $password);
$save["email_address_primary"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["email_address_primary"], "email_address_primary", "", true, 3));
$save["email_address_secondary"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["email_address_secondary"], "email_address_secondary", "", true, 3));
$save["must_change_password"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["must_change_password"]) ? $_POST["must_change_password"] : ""), "must_change_password", "", true, 3));
$save["show_tree"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["show_tree"]) ? $_POST["show_tree"] : ""), "show_tree", "", true, 3));
$save["show_list"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["show_list"]) ? $_POST["show_list"] : ""), "show_list", "", true, 3));
$save["show_preview"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["show_preview"]) ? $_POST["show_preview"] : ""), "show_preview", "", true, 3));
$save["graph_settings"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["graph_settings"]) ? $_POST["graph_settings"] : ""), "graph_settings", "", true, 3));
$save["login_opts"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["login_opts"], "login_opts", "", true, 3));
$save["enabled"] = array("type" => DB_TYPE_INTEGER, "value" => form_input_validate($_POST["enabled"], "enabled", "", true, 3));
$save["password_expire_length"] = array("type" => DB_TYPE_INTEGER, "value" => form_input_validate($_POST["password_expire_length"], "password_expire_length", "", true, 3));
$save["current_theme"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["current_theme"], "current_theme", "", true, 3));
$save["policy_graphs"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_graphs"]) ? $_POST["policy_graphs"] : $_POST["_policy_graphs"]), "policy_graphs", "", true, 3));
$save["policy_trees"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_trees"]) ? $_POST["policy_trees"] : $_POST["_policy_trees"]), "policy_trees", "", true, 3));
$save["policy_hosts"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_hosts"]) ? $_POST["policy_hosts"] : $_POST["_policy_hosts"]), "policy_hosts", "", true, 3));
$save["policy_graph_templates"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_graph_templates"]) ? $_POST["policy_graph_templates"] : $_POST["_policy_graph_templates"]), "policy_graph_templates", "", true, 3));
/* New user, update created */
if (empty($_POST["id"])) {
$save["created"] = array("type" => DB_TYPE_INTEGER, "value" => "now()");
}
if (!is_error_message()) {
if (api_user_save($save) != 0) {
/* user saved */
raise_message(1);
}else{
/* error saving */
raise_message(2);
}
if ($_SESSION["sess_user_id"] == $_POST["id"]) {
/* reset local settings cache so the user sees the new settings */
kill_session_var("sess_current_theme");
}
/* realms perms */
if (isset($_POST["save_component_realm_perms"])) {
$i = 0;
$realm_perms_list = array();
while (list($var, $val) = each($_POST)) {
if (substr($var, 0, 7) == "section") {
$realm_perms_list[$i] = substr($var, 7);
$i++;
}
}
api_user_realms_save($user_id,$realm_perms_list);
/* graph settings */
}elseif (isset($_POST["save_component_graph_settings"])) {
if (api_user_graph_setting_save($_POST["id"],$_POST) == 1) {
raise_message(2);
}
if ($_SESSION["sess_user_id"] == $_POST["id"]) {
/* reset local settings cache so the user sees the new settings */
kill_session_var("sess_graph_config_array");
}
/* graph perms - allow/deny */
}elseif (isset($_POST["save_component_graph_perms"])) {
$user = array();
$user["policy_graphs"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_graphs"]);
$user["policy_tress"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_trees"]);
$user["policy_hosts"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_hosts"]);
$user["policy_graph_templates"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_graph_templates"]);
$user["id"] = array("type" => DB_TYPE_INTEGER, "value" => $_POST["id"]);
if (api_user_save($user) == 0) {
raise_message(2);
}
}
}
}
/* redirect page */
header("Location: user_admin.php?action=" . (isset($_POST["last_action"]) ? $_POST["last_action"] : "user_edit") . "&id=" . (empty($user_id) ? $_POST["id"] : $user_id));
}
