tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added new Flag readonly into user system, readonly user

Browse Source
This commit is contained in:
Andre Lorbach 2010-02-22 11:43:29 +01:00
parent fdf23a1c94
commit a03bbb9236
4 changed files with 108 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
src/admin/users.php
View File

@ -58,46 +58,83 @@ IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] ); DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] );
if ( isset($_GET['miniop']) && $_GET['miniop'] == "setisadmin" ) if ( isset($_GET['miniop']) )
{ {
if ( isset($_GET['id']) && isset($_GET['newval']) ) if ( isset($_GET['id']) && isset($_GET['newval']) )
{ {
//PreInit these values if ( $_GET['miniop'] == "setisadmin" )
$content['USERID'] = intval(DB_RemoveBadChars($_GET['id'])); {
$iNewVal = intval(DB_RemoveBadChars($_GET['newval'])); //PreInit these values
$content['USERID'] = intval(DB_RemoveBadChars($_GET['id']));
$iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
// --- handle special case // --- handle special case
if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0) if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0)
{ {
// This will print an additional secure check which the user needs to confirm and exit the script execution. // This will print an additional secure check which the user needs to confirm and exit the script execution.
PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] ); PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] );
}
// ---
// Perform SQL Query!
$sqlquery = "SELECT * " .
" FROM " . DB_USERS .
" WHERE ID = " . $content['USERID'];
$result = DB_Query($sqlquery);
$myuser = DB_GetSingleRow($result, true);
if ( isset($myuser['username']) )
{
// Update is_admin setting!
$result = DB_Query("UPDATE " . DB_USERS . " SET
is_admin = $iNewVal
WHERE ID = " . $content['USERID']);
DB_FreeQuery($result);
}
else
{
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID'] );
}
} }
// --- else if ( $_GET['miniop'] == "setisreadonly" )
// Perform SQL Query!
$sqlquery = "SELECT * " .
" FROM " . DB_USERS .
" WHERE ID = " . $content['USERID'];
$result = DB_Query($sqlquery);
$myuser = DB_GetSingleRow($result, true);
if ( isset($myuser['username']) )
{ {
// Update is_admin setting! //PreInit these values
$result = DB_Query("UPDATE " . DB_USERS . " SET $content['USERID'] = intval(DB_RemoveBadChars($_GET['id']));
is_admin = $iNewVal $iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
WHERE ID = " . $content['USERID']);
DB_FreeQuery($result); // --- handle special case
} if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 1)
else {
{ // This will print an additional secure check which the user needs to confirm and exit the script execution.
$content['ISERROR'] = true; PrintSecureUserCheck( $content['LN_USER_WARNRADYONLYADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] );
$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID'] ); }
// ---
// Perform SQL Query!
$sqlquery = "SELECT * " .
" FROM " . DB_USERS .
" WHERE ID = " . $content['USERID'];
$result = DB_Query($sqlquery);
$myuser = DB_GetSingleRow($result, true);
if ( isset($myuser['username']) )
{
// Update is_admin setting!
$result = DB_Query("UPDATE " . DB_USERS . " SET
is_readonly = $iNewVal
WHERE ID = " . $content['USERID']);
DB_FreeQuery($result);
}
else
{
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID'] );
}
} }
} }
else else
{ {
$content['ISERROR'] = true; $content['ISERROR'] = true;
$content['ERROR_MSG'] = "Error setting is_admin flat, invalid ID, User not found"; $content['ERROR_MSG'] = $content['LN_USER_ERROR_SETTINGFLAG'];
} }
} }
@ -145,6 +182,11 @@ if ( isset($_GET['op']) )
else else
$content['CHECKED_ISADMIN'] = ""; $content['CHECKED_ISADMIN'] = "";
// Set is_readonly flag
if ( $myuser['is_readonly'] == 1 )
$content['CHECKED_ISREADONLY'] = "checked";
else
$content['CHECKED_ISREADONLY'] = "";
} }
else else
{ {
@ -228,7 +270,7 @@ if ( isset($_POST['op']) )
if ( isset ($_POST['password1']) ) { $content['PASSWORD1'] = DB_RemoveBadChars($_POST['password1']); } else {$content['PASSWORD1'] = ""; } if ( isset ($_POST['password1']) ) { $content['PASSWORD1'] = DB_RemoveBadChars($_POST['password1']); } else {$content['PASSWORD1'] = ""; }
if ( isset ($_POST['password2']) ) { $content['PASSWORD2'] = DB_RemoveBadChars($_POST['password2']); } else {$content['PASSWORD2'] = ""; } if ( isset ($_POST['password2']) ) { $content['PASSWORD2'] = DB_RemoveBadChars($_POST['password2']); } else {$content['PASSWORD2'] = ""; }
if ( isset ($_POST['isadmin']) ) { $content['ISADMIN'] = 1; } else {$content['ISADMIN'] = 0; } if ( isset ($_POST['isadmin']) ) { $content['ISADMIN'] = 1; } else {$content['ISADMIN'] = 0; }
if ( isset ($_POST['isreadonly']) ) { $content['ISREADONLY'] = 1; } else {$content['ISREADONLY'] = 0; }
// Check mandotary values // Check mandotary values
if ( $content['USERNAME'] == "" ) if ( $content['USERNAME'] == "" )
@ -265,10 +307,11 @@ if ( isset($_POST['op']) )
$content['PASSWORDHASH'] = md5( $content['PASSWORD1'] ); $content['PASSWORDHASH'] = md5( $content['PASSWORD1'] );
// Add new User now! // Add new User now!
$result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) $result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin, is_readonly)
VALUES ('" . $content['USERNAME'] . "', VALUES ('" . $content['USERNAME'] . "',
'" . $content['PASSWORDHASH'] . "', '" . $content['PASSWORDHASH'] . "',
" . $content['ISADMIN'] . ")"); " . $content['ISADMIN'] . ",
" . $content['ISREADONLY'] . ")");
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
@ -306,7 +349,8 @@ if ( isset($_POST['op']) )
$result = DB_Query("UPDATE " . DB_USERS . " SET $result = DB_Query("UPDATE " . DB_USERS . " SET
username = '" . $content['USERNAME'] . "', username = '" . $content['USERNAME'] . "',
password = '" . $content['PASSWORDHASH'] . "', password = '" . $content['PASSWORDHASH'] . "',
is_admin = " . $content['ISADMIN'] . " is_admin = " . $content['ISADMIN'] . ",
is_readonly = " . $content['ISREADONLY'] . "
WHERE ID = " . $content['USERID']); WHERE ID = " . $content['USERID']);
DB_FreeQuery($result); DB_FreeQuery($result);
} }
@ -316,7 +360,8 @@ if ( isset($_POST['op']) )
// Edit the User now! // Edit the User now!
$result = DB_Query("UPDATE " . DB_USERS . " SET $result = DB_Query("UPDATE " . DB_USERS . " SET
username = '" . $content['USERNAME'] . "', username = '" . $content['USERNAME'] . "',
is_admin = " . $content['ISADMIN'] . " is_admin = " . $content['ISADMIN'] . ",
is_readonly = " . $content['ISREADONLY'] . "
WHERE ID = " . $content['USERID']); WHERE ID = " . $content['USERID']);
DB_FreeQuery($result); DB_FreeQuery($result);
} }
@ -336,7 +381,8 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) )
// Read all Serverentries // Read all Serverentries
$sqlquery = "SELECT ID, " . $sqlquery = "SELECT ID, " .
" username, " . " username, " .
" is_admin " . " is_admin, " .
" is_readonly " .
" FROM " . DB_USERS . " FROM " . DB_USERS .
" ORDER BY ID "; " ORDER BY ID ";
$result = DB_Query($sqlquery); $result = DB_Query($sqlquery);
@ -345,7 +391,7 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) )
// --- Process Users // --- Process Users
for($i = 0; $i < count($content['USERS']); $i++) for($i = 0; $i < count($content['USERS']); $i++)
{ {
// --- Set Image for IsClanMember // --- Set Image for IsAdmin
if ( $content['USERS'][$i]['is_admin'] == 1 ) if ( $content['USERS'][$i]['is_admin'] == 1 )
{ {
$content['USERS'][$i]['is_isadmin_string'] = $content['MENU_SELECTION_ENABLED']; $content['USERS'][$i]['is_isadmin_string'] = $content['MENU_SELECTION_ENABLED'];
@ -358,6 +404,19 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) )
} }
// --- // ---
// --- Set Image for IsReadonly
if ( $content['USERS'][$i]['is_readonly'] == 1 )
{
$content['USERS'][$i]['is_readonly_string'] = $content['MENU_SELECTION_ENABLED'];
$content['USERS'][$i]['set_isreadonly'] = 0;
}
else
{
$content['USERS'][$i]['is_readonly_string'] = $content['MENU_SELECTION_DISABLED'];
$content['USERS'][$i]['set_isreadonly'] = 1;
}
// ---
// --- Set CSS Class // --- Set CSS Class
if ( $i % 2 == 0 ) if ( $i % 2 == 0 )
$content['USERS'][$i]['cssclass'] = "line1"; $content['USERS'][$i]['cssclass'] = "line1";

2
src/include/db_update_v9.txt
View File

@ -14,6 +14,8 @@ CREATE TABLE `logcon_savedreports` (
PRIMARY KEY (`ID`) PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT = 'Table to store saved reports' AUTO_INCREMENT=1 ; ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT = 'Table to store saved reports' AUTO_INCREMENT=1 ;
ALTER TABLE `logcon_users` ADD `is_readonly` BOOL NOT NULL DEFAULT '0' AFTER `is_admin` ;
-- Insert data -- Insert data
-- Updated Data -- Updated Data

4
src/lang/en/admin.php
View File

@ -130,6 +130,10 @@ $content['LN_USER_ADDEDIT'] = "Add/Edit User";
$content['LN_USER_WARNREMOVEADMIN'] = "You are about to revoke your own administrative priviledges. Are you sure to remove your admin status?"; $content['LN_USER_WARNREMOVEADMIN'] = "You are about to revoke your own administrative priviledges. Are you sure to remove your admin status?";
$content['LN_USER_WARNDELETEUSER'] = "Are you sure that you want to delete the User '%1'? All his personal settings will be deleted as well."; $content['LN_USER_WARNDELETEUSER'] = "Are you sure that you want to delete the User '%1'? All his personal settings will be deleted as well.";
$content['LN_USER_ERROR_INVALIDSESSIONS'] = "Invalid User Session."; $content['LN_USER_ERROR_INVALIDSESSIONS'] = "Invalid User Session.";
$content['LN_USER_ERROR_SETTINGFLAG'] = "Error setting flag, invalid ID or User not found";
$content['LN_USER_WARNRADYONLYADMIN'] = "You are about to set your account to readonly! This will prevent you from changing any settings! Are you sure that you want to proceed?";
$content['LN_USER_ISREADONLY'] = "Readonly User?";
$content['LN_USER_'] = "";
$content['LN_USER_'] = ""; $content['LN_USER_'] = "";
// Group center // Group center

8
src/templates/admin/admin_users.html
View File

@ -27,6 +27,7 @@
<td align="center" width="50" class="cellmenu1"><b>{LN_USER_ID}</b></td> <td align="center" width="50" class="cellmenu1"><b>{LN_USER_ID}</b></td>
<td align="center" width="300" class="cellmenu1"><b>{LN_USER_NAME}</b></td> <td align="center" width="300" class="cellmenu1"><b>{LN_USER_NAME}</b></td>
<td align="center" width="100" class="cellmenu1"><b>{LN_USER_ISADMIN}</b></td> <td align="center" width="100" class="cellmenu1"><b>{LN_USER_ISADMIN}</b></td>
<td align="center" width="100" class="cellmenu1"><b>{LN_USER_ISREADONLY}</b></td>
<td align="center" width="200" class="cellmenu1"><b>{LN_GEN_ACTIONS}</b></td> <td align="center" width="200" class="cellmenu1"><b>{LN_GEN_ACTIONS}</b></td>
</tr> </tr>
<!-- BEGIN USERS --> <!-- BEGIN USERS -->
@ -34,6 +35,7 @@
<td align="center" class="{cssclass}"><b>{ID}</b></td> <td align="center" class="{cssclass}"><b>{ID}</b></td>
<td align="center" class="{cssclass}"><a href="{BASEPATH}admin/users.php?op=edit&id={ID}">{username}</a></td> <td align="center" class="{cssclass}"><a href="{BASEPATH}admin/users.php?op=edit&id={ID}">{username}</a></td>
<td align="center" class="{cssclass}"><a href="{BASEPATH}admin/users.php?miniop=setisadmin&id={ID}&newval={set_isadmin}"><img src="{is_isadmin_string}" width="16"></a></td> <td align="center" class="{cssclass}"><a href="{BASEPATH}admin/users.php?miniop=setisadmin&id={ID}&newval={set_isadmin}"><img src="{is_isadmin_string}" width="16"></a></td>
<td align="center" class="{cssclass}"><a href="{BASEPATH}admin/users.php?miniop=setisreadonly&id={ID}&newval={set_isreadonly}"><img src="{is_readonly_string}" width="16"></a></td>
<td align="center" class="{cssclass}"> <td align="center" class="{cssclass}">
&nbsp;<a href="{BASEPATH}admin/users.php?op=edit&id={ID}"><img src="{MENU_EDIT}" width="16" title="{LN_USER_EDIT}"></a> &nbsp;<a href="{BASEPATH}admin/users.php?op=edit&id={ID}"><img src="{MENU_EDIT}" width="16" title="{LN_USER_EDIT}"></a>
&nbsp;<a href="{BASEPATH}admin/users.php?op=delete&id={ID}"><img src="{MENU_DELETE}" width="16" title="{LN_USER_DELETE}"></a> &nbsp;<a href="{BASEPATH}admin/users.php?op=delete&id={ID}"><img src="{MENU_DELETE}" width="16" title="{LN_USER_DELETE}"></a>
@ -41,7 +43,7 @@
</tr> </tr>
<!-- END USERS --> <!-- END USERS -->
<tr> <tr>
<td align="center" colspan="4" class="line0"><b><a href="{BASEPATH}admin/users.php?op=add"><img src="{MENU_ADDUSER}" title="{LN_USER_ADD}">&nbsp;{LN_USER_ADD}</a></b></td> <td align="center" colspan="5" class="line0"><b><a href="{BASEPATH}admin/users.php?op=add"><img src="{MENU_ADDUSER}" title="{LN_USER_ADD}">&nbsp;{LN_USER_ADD}</a></b></td>
</tr> </tr>
</table> </table>
<!-- ENDIF LISTUSERS="true" --> <!-- ENDIF LISTUSERS="true" -->
@ -68,6 +70,10 @@
<td align="left" class="cellmenu2" nowrap><b>{LN_USER_ISADMIN}</b></td> <td align="left" class="cellmenu2" nowrap><b>{LN_USER_ISADMIN}</b></td>
<td align="right" class="line1"><input type="checkbox" name="isadmin" value="yes" {CHECKED_ISADMIN}></td> <td align="right" class="line1"><input type="checkbox" name="isadmin" value="yes" {CHECKED_ISADMIN}></td>
</tr> </tr>
<tr>
<td align="left" class="cellmenu2" nowrap><b>{LN_USER_ISREADONLY}</b></td>
<td align="right" class="line1"><input type="checkbox" name="isreadonly" value="yes" {CHECKED_ISREADONLY}></td>
</tr>
<tr> <tr>
<td align="center" colspan="2"> <td align="center" colspan="2">
<input type="submit" value="{USER_SENDBUTTON}"> <input type="submit" value="{USER_SENDBUTTON}">