function save() { $save = array(); $save["id"] = array("type" => DB_TYPE_INTEGER, "value" => $_SESSION["sess_user_id"]); $save["current_theme"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["current_theme"], "current_theme", "", true, 3)); if (!is_error_message()) { $user_id = api_user_save($save); if ($user_id) { /* user saved */ raise_message(1); /* reset local settings cache so the user sees the new settings */ kill_session_var("sess_current_theme"); }else{ /* error saving */ raise_message(2); } } header("Location: user_settings.php"); }
log_save(sprintf(_("LOGIN: User '%s' is disabled"), $user["username"]), SEV_WARNING, FACIL_AUTH); auth_display_custom_error_message(_("Access Denied, user account disabled.")); exit; } $action = ""; } else { /* set the php session */ $_SESSION["sess_user_id"] = $user["id"]; log_save(_("LOGIN: Setting up session variables"), SEV_DEBUG, FACIL_AUTH); /* Update ip and lastlogin information for the user*/ log_save(_("LOGIN: Updating user last login information"), SEV_DEBUG, FACIL_AUTH); $user_save = array(); $user_save["id"] = array("type" => DB_TYPE_INTEGER, "value" => $user["id"]); $user_save["last_login"] = array("type" => DB_TYPE_FUNC_NOW, "value" => ""); $user_save["last_login_ip"] = array("type" => DB_TYPE_STRING, "value" => $_SERVER["REMOTE_ADDR"]); api_user_save($user_save); unset($user_save); /* handle "force change password" */ if ($user["must_change_password"] == "on") { log_save(_("LOGIN: Setting user force change password"), SEV_DEBUG, FACIL_AUTH); $_SESSION["sess_change_password"] = true; } /* ok, at the point the user has been sucessfully authenticated; so we must decide what to do next */ log_save(_("LOGIN: Figuring out URL to send user to"), SEV_DEBUG, FACIL_AUTH); switch ($user["login_opts"]) { case '1': /* referer */ if (sizeof(db_fetch_assoc("select realm_id from user_auth_realm where realm_id=8 and user_id=" . $_SESSION["sess_user_id"])) == 0) { $url_location = "graph_view.php"; } else {
function form_save() { global $settings_graphs; /* graph permissions */ if ((isset($_POST["save_component_graph_perms"])) && (!is_error_message())) { $add_button_clicked = false; if (isset($_POST["add_graph_y"])) { api_user_graph_perms_add("graph",$_POST["id"],$_POST["perm_graphs"]); $add_button_clicked = true; }elseif (isset($_POST["add_tree_y"])) { api_user_graph_perms_add("tree",$_POST["id"],$_POST["perm_trees"]); $add_button_clicked = true; }elseif (isset($_POST["add_host_y"])) { api_user_graph_perms_add("host",$_POST["id"],$_POST["perm_hosts"]); $add_button_clicked = true; }elseif (isset($_POST["add_graph_template_y"])) { api_user_graph_perms_add("graph_template",$_POST["id"],$_POST["perm_graph_templates"]); $add_button_clicked = true; } if ($add_button_clicked == true) { header("Location: user_admin.php?action=graph_perms_edit&id=" . $_POST["id"]); exit; } } /* user management save */ if (isset($_POST["save_component_user"])) { /* check to make sure the passwords match; if not error */ if ($_POST["password"] != $_POST["password_confirm"]) { raise_message(4); } /* check for duplicate username */ $user = api_user_info( array( "username" => $_POST["username"] ) ); if (sizeof($user)) { if (!empty($_POST["id"])) { if (($user["id"] != $_POST["id"]) && ($user["realm"] == $_POST["realm"])) { raise_message(12); } }else{ raise_message(12); } } /* password processing */ if ((empty($_POST["password"])) && (empty($_POST["password_confirm"]))) { $user = api_user_info( array( "id" => $_POST["id"] ) ); if (sizeof($user)) { $password = $user["password"]; }else{ $password = ""; } }else{ $password = md5($_POST["password"]); } form_input_validate($_POST["password"], "password", "" . preg_quote($_POST["password_confirm"]) . "", true, 4); form_input_validate($_POST["password_confirm"], "password_confirm", "" . preg_quote($_POST["password"]) . "", true, 4); $save["id"] = array("type" => DB_TYPE_INTEGER, "value" => $_POST["id"]); $save["username"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["username"], "username", "^[A-Za-z_0-9\.]+$", false, 3)); $save["full_name"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["full_name"], "full_name", "", true, 3)); $save["password"] = array("type" => DB_TYPE_STRING, "value" => $password); $save["email_address_primary"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["email_address_primary"], "email_address_primary", "", true, 3)); $save["email_address_secondary"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["email_address_secondary"], "email_address_secondary", "", true, 3)); $save["must_change_password"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["must_change_password"]) ? $_POST["must_change_password"] : ""), "must_change_password", "", true, 3)); $save["show_tree"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["show_tree"]) ? $_POST["show_tree"] : ""), "show_tree", "", true, 3)); $save["show_list"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["show_list"]) ? $_POST["show_list"] : ""), "show_list", "", true, 3)); $save["show_preview"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["show_preview"]) ? $_POST["show_preview"] : ""), "show_preview", "", true, 3)); $save["graph_settings"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["graph_settings"]) ? $_POST["graph_settings"] : ""), "graph_settings", "", true, 3)); $save["login_opts"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["login_opts"], "login_opts", "", true, 3)); $save["enabled"] = array("type" => DB_TYPE_INTEGER, "value" => form_input_validate($_POST["enabled"], "enabled", "", true, 3)); $save["password_expire_length"] = array("type" => DB_TYPE_INTEGER, "value" => form_input_validate($_POST["password_expire_length"], "password_expire_length", "", true, 3)); $save["current_theme"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate($_POST["current_theme"], "current_theme", "", true, 3)); $save["policy_graphs"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_graphs"]) ? $_POST["policy_graphs"] : $_POST["_policy_graphs"]), "policy_graphs", "", true, 3)); $save["policy_trees"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_trees"]) ? $_POST["policy_trees"] : $_POST["_policy_trees"]), "policy_trees", "", true, 3)); $save["policy_hosts"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_hosts"]) ? $_POST["policy_hosts"] : $_POST["_policy_hosts"]), "policy_hosts", "", true, 3)); $save["policy_graph_templates"] = array("type" => DB_TYPE_STRING, "value" => form_input_validate((isset($_POST["policy_graph_templates"]) ? $_POST["policy_graph_templates"] : $_POST["_policy_graph_templates"]), "policy_graph_templates", "", true, 3)); /* New user, update created */ if (empty($_POST["id"])) { $save["created"] = array("type" => DB_TYPE_INTEGER, "value" => "now()"); } if (!is_error_message()) { if (api_user_save($save) != 0) { /* user saved */ raise_message(1); }else{ /* error saving */ raise_message(2); } if ($_SESSION["sess_user_id"] == $_POST["id"]) { /* reset local settings cache so the user sees the new settings */ kill_session_var("sess_current_theme"); } /* realms perms */ if (isset($_POST["save_component_realm_perms"])) { $i = 0; $realm_perms_list = array(); while (list($var, $val) = each($_POST)) { if (substr($var, 0, 7) == "section") { $realm_perms_list[$i] = substr($var, 7); $i++; } } api_user_realms_save($user_id,$realm_perms_list); /* graph settings */ }elseif (isset($_POST["save_component_graph_settings"])) { if (api_user_graph_setting_save($_POST["id"],$_POST) == 1) { raise_message(2); } if ($_SESSION["sess_user_id"] == $_POST["id"]) { /* reset local settings cache so the user sees the new settings */ kill_session_var("sess_graph_config_array"); } /* graph perms - allow/deny */ }elseif (isset($_POST["save_component_graph_perms"])) { $user = array(); $user["policy_graphs"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_graphs"]); $user["policy_tress"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_trees"]); $user["policy_hosts"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_hosts"]); $user["policy_graph_templates"] = array("type" => DB_TYPE_STRING, "value" => $_POST["policy_graph_templates"]); $user["id"] = array("type" => DB_TYPE_INTEGER, "value" => $_POST["id"]); if (api_user_save($user) == 0) { raise_message(2); } } } } /* redirect page */ header("Location: user_admin.php?action=" . (isset($_POST["last_action"]) ? $_POST["last_action"] : "user_edit") . "&id=" . (empty($user_id) ? $_POST["id"] : $user_id)); }