tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-01-22 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* pandoradb_migrate_20_to_21.sql, pandoradb.sql: Added user table updates
	You'll have to do the alter tables before upgrading to the latest version
	but it adds functionality and enforces unique usernames
	
	* general/header.php: Don't rely on session variables
	
	* include/auth/dev.php, include/functions_ui.php: Minimal changes to 
	comply with guidelines and new links
	
	* include/auth/mysql.php, include/auth/ldap.php: Added functions and 
	removed bugs.
	
	* include/functions_db.php: Added some functions for profile handling
	
	* include/functions_html.php: Text input is now readonly instead of 
	disabled. This allows copying data from the textbox.
	
	* include/styles/tip.css: Set min-width instead of fixed width for tip
	that way we can have bigger tips without overflowing
	
	* operation/reporting/reporting_xml.php: Added auth there as well
	
	* operation/users/user.php, operation/users/user_edit.php, 
	operation/users/user_statistics.php: New auth functions, better look
	
	* index.php: Process_user_contact sits in logon_db. Saves a query
	
	* godmode/users/configure_user.php, godmode/users/user_list.php: New
	auth functions, better look.

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1390 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2009-01-22 17:44:33 +00:00
parent 2de0d0b915
commit 6fa769e08c
19 changed files with 659 additions and 549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pandora_console/ChangeLog
View File

@ -1,3 +1,35 @@
2009-01-22 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandoradb_migrate_20_to_21.sql, pandoradb.sql: Added user table updates
You'll have to do the alter tables before upgrading to the latest version
but it adds functionality and enforces unique usernames
* general/header.php: Don't rely on session variables
* include/auth/dev.php, include/functions_ui.php: Minimal changes to
comply with guidelines and new links
* include/auth/mysql.php, include/auth/ldap.php: Added functions and
removed bugs.
* include/functions_db.php: Added some functions for profile handling
* include/functions_html.php: Text input is now readonly instead of
disabled. This allows copying data from the textbox.
* include/styles/tip.css: Set min-width instead of fixed width for tip
that way we can have bigger tips without overflowing
* operation/reporting/reporting_xml.php: Added auth there as well
* operation/users/user.php, operation/users/user_edit.php,
operation/users/user_statistics.php: New auth functions, better look
* index.php: Process_user_contact sits in logon_db. Saves a query
* godmode/users/configure_user.php, godmode/users/user_list.php: New
auth functions, better look.
2009-01-22 Jorge Gonzalez <jorgegonz@svn.gnome.org>
* include/help/en/help_wmiquery.php,

2
pandora_console/general/header.php
View File

@ -33,7 +33,7 @@ echo '<a href="index.php"><img src="images/pandora_logo_head.png" alt="logo" sty
echo '</td><td width="20">&nbsp;</td>';
// First column (identifier)
echo '<td width="20%"><img src="images/user_'.((dame_admin ($_SESSION["id_usuario"]) == 1) ? 'suit' : 'green' ).'.png" class="bot">&nbsp;'.'<a class="white">'.__('You are').' [<b>'.$_SESSION["id_usuario"].'</b>]</a>';
echo '<td width="20%"><img src="images/user_'.((is_user_admin ($config["id_user"]) == 1) ? 'suit' : 'green' ).'.png" class="bot">&nbsp;'.'<a class="white">'.__('You are').' [<b>'.$config["id_user"].'</b>]</a>';
//First column, second row (logout button)
echo '<br /><br />';

416
pandora_console/godmode/users/configure_user.php
View File

@ -21,6 +21,10 @@ require_once ("include/config.php");
check_login ();
$id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter
$user_info = get_user_info ($id);
$id = $user_info["id_user"];
if (! give_acl ($config['id_user'], 0, "UM")) {
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation",
"Trying to access User Management");
@ -28,259 +32,193 @@ if (! give_acl ($config['id_user'], 0, "UM")) {
exit;
}
// Init. vars
$comentarios = "";
$direccion = "";
$telefono = "";
$password = "";
$password2 = "";
$id_usuario_mio = "";
$nombre_real = "";
$nivel = 0;
// Default is create mode (creacion)
$modo = "creacion";
if (isset ($_GET["borrar_grupo"])) { // if modified some parameter
$grupo = get_parameter ("borrar_grupo");
$sql = "DELETE FROM tusuario_perfil WHERE id_up = ".$grupo;
$resq1 = mysql_query ($sql);
if ($config["user_can_update_info"]) {
$view_mode = false;
} else {
$view_mode = true;
}
if (isset ($_GET["id_usuario_mio"])) { // if any parameter changed
$modo = "edicion";
$id_usuario_mio = get_parameter ("id_usuario_mio");
// Read user data to include in form
$sql = "SELECT * FROM tusuario WHERE id_usuario = '".$id_usuario_mio."'";
$result = mysql_query ($sql);
$rowdup = mysql_fetch_array ($result);
if (! $rowdup) {
echo "<h3 class='error'>".__('There was a problem loading user')."</h3>";
echo "</table>";
include ("general/footer.php");
exit;
} else {
$password="";
}
$password2 = "";
$comentarios = $rowdup["comentarios"];
$direccion = $rowdup["direccion"];
$telefono = $rowdup["telefono"];
$nivel = $rowdup["nivel"];
$nombre_real = $rowdup["nombre_real"];
}
// Edit user
if (isset ($_POST["edicion"])) {
// We do it
if (isset ($_POST["pass1"])) {
$nombre = get_parameter_post ("nombre");
$nombre_real = get_parameter_post ("nombre_real");
$nombre_viejo = get_parameter_post ("id_usuario_antiguo");
$password = get_parameter_post ("pass1");
$password2 = get_parameter_post ("pass2");
if ($password != $password2){
echo "<h3 class='error'>".__('Passwords don\'t match. Please repeat again')."</h3>";
if (isset ($_GET["create"]) && $config["admin_can_add_user"]) {
$user_info = array ();
$id = '';
$user_info["fullname"] = '';
$user_info["firstname"] = '';
$user_info["lastname"] = '';
$user_info["email"] = '';
$user_info["phone"] = '';
$user_info["comments"] = '';
} elseif (isset ($_GET["create"])) {
print_error_message (false, '', __('The current authentication scheme doesn\'t support creating users from Pandora FMS'));
} elseif (isset ($_GET["user_mod"])) {
$mod = get_parameter_get ("user_mod", 0); //0 is no user info modify (can modify passwords and admin status), 1 is modify, 2 is create
$upd_info = array ();
$upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]);
$upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]);
$upd_info["lastname"] = get_parameter_post ("lastname", $user_info["lastname"]);
$password_old = get_parameter_post ("password_old", "-");
$password_new = get_parameter_post ("password_new", "-");
$password_confirm = get_parameter_post ("password_confirm", "-");
$upd_info["email"] = get_parameter_post ("email", $user_info["email"]);
$upd_info["phone"] = get_parameter_post ("phone", $user_info["phone"]);
$upd_info["comments"] = get_parameter_post ("comments", $user_info["comments"]);
$is_admin = get_parameter_post ("is_admin", $user_info["is_admin"]);
$group = get_parameter_post ("assign_group", 0);
$profile = get_parameter_post ("assign_profile", 0);
if ($config["admin_can_add_user"] && $mod == 2) {
if ($password_new !== $password_confirm) {
print_error_message (false, '', __('Passwords didn\t match'));
$user_info = $upd_info; //Fill in the blanks again
} else {
if (isset($_POST["nivel"]))
$nivel = get_parameter_post ("nivel");
$direccion = get_parameter_post ("direccion");
$telefono = get_parameter_post ("telefono");
$comentarios = get_parameter_post ("comentarios");
if ($password != "") {
$password = md5 ($password);
$sql = "UPDATE tusuario SET nombre_real ='".$nombre_real."', id_usuario ='".$nombre."', password = '".$password."', telefono ='".$telefono."', direccion ='".$direccion." ', nivel = '".$nivel."', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre_viejo."'";
} else {
$sql = "UPDATE tusuario SET nombre_real ='".$nombre_real."', id_usuario ='".$nombre."', telefono ='".$telefono."', direccion ='".$direccion." ', nivel = '".$nivel."', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre_viejo."'";
}
$resq2 = mysql_query ($sql);
// Add group
if (isset($_POST["grupo"]))
if ($_POST["grupo"] != "") {
$grupo = $_POST["grupo"];
$perfil = $_POST["perfil"];
$id_usuario_edit = $_SESSION["id_usuario"];
$sql = "INSERT INTO tusuario_perfil (id_usuario,id_perfil,id_grupo,assigned_by) VALUES ('".$nombre."',$perfil,$grupo,'".$id_usuario_edit."')";
// echo "DEBUG:".$sql;
$resq2=mysql_query($sql);
}
$query1 = "SELECT * FROM tusuario WHERE id_usuario = '".$nombre."'";
$id_usuario_mio = $nombre;
$resq1 = mysql_query ($query1);
$rowdup = mysql_fetch_array ($resq1);
$password="";
$password2= "";
$comentarios=$rowdup["comentarios"];
$direccion=$rowdup["direccion"];
$telefono=$rowdup["telefono"];
$nivel = $rowdup["nivel"];
$nombre_real=$rowdup["nombre_real"];
$modo ="edicion";
echo "<h3 class='suc'>".__('User successfully updated')."</h3>";
$id = get_parameter_post ("id_user");
$return = create_user ($id, $password_new, $upd_info);
print_error_message ($return, __('User successfully created'), __('Error creating user'));
$user_info = get_user_info ($id);
$id = $user_info["id_user"];
$_GET["create"] = 1; //Set create mode back on
}
} else {
echo "<h3 class='error'>".__('There was a problem updating user')."</h3>";
} elseif ($config["user_can_update_info"] && mod == 1) {
$return = process_user_info ($id, $upd_info);
print_error_message ($return, __('User info successfully updated'), __('Error updating user info'));
$user_info = get_user_info ($id);
$id = $user_info["id_user"];
}
}
// Create user
if (isset ($_GET["nuevo_usuario"])) {
// Get data from POST
$nombre = get_parameter_post ("nombre");
$password = get_parameter_post ("pass1");
$password2 = get_parameter_post ("pass2");
$nombre_real=get_parameter_post ("nombre_real");
if ($password <> $password2){
echo "<h3 class='error'>".__('Passwords don\'t match. Please repeat again')."</h3>";
//If User can update password and the new password is not the same as the old one, it's not the default and it's not empty and the new password is the same as the confirmed one
if ($config["user_can_update_password"] && $password_old !== $password_new && $password_new !== "-" && !empty ($password_new) && $password_confirm == $password_new) {
$return = process_user_password ($id, $password_old, $password_new);
print_error_message ($return, __('Password successfully updated'), __('Error updating passwords').": ".$config["auth_error"]);
} elseif ($password_new !== "-") {
print_error_message (false, '', __('Passwords didn\'t match or other problem encountered while updating passwords'));
}
$direccion = get_parameter_post ("direccion");
$telefono = get_parameter_post ("telefono");
$comentarios = get_parameter_post ("comentarios");
if (isset ($_POST["nivel"]))
$nivel = get_parameter_post ("nivel");
$password = md5 ($password);
$ahora = date("Y/m/d H:i:s");
$sql = "INSERT INTO tusuario (id_usuario,direccion,password,telefono,fecha_registro,nivel,comentarios, nombre_real) VALUES ('".$nombre."','".$direccion."','".$password."','".$telefono."','".$ahora."','".$nivel."','".$comentarios."','".$nombre_real."')";
$resq1 = mysql_query ($sql);
if (! $resq1)
echo "<h3 class='error'>".__('User creation failed')."</h3>";
else {
echo "<h3 class='suc'>".__('User created successfully')."</h3>";
if ($is_admin != $user_info["is_admin"]) {
$return = process_user_isadmin ($id, $is_admin);
print_error_message ($return, __('User admin status succesfully update'), __('Error updating admin status'));
}
$id_usuario_mio = $nombre;
$modo ="edicion";
$password = "";
$password2 = "";
if ($group != 0 && $profile != 0) {
$return = create_user_profile ($id, $profile, $group);
print_error_message ($return, __('User profile succesfully created'), __('Error creating user profile'));
}
} elseif (isset ($_GET["profile_mod"])) {
$id_up = (int) get_parameter_post ("delete_profile", 0);
$return = delete_user_profile ($id, $id_up);
print_error_message ($return, __('Profile successfully deleted'), __('Error deleting profile'));
}
echo "<h2>".__('User management')." &gt; ";
if (isset($_GET["alta"])) {
if ($_GET["alta"] == 1) {
echo __('Create user');
}
}
if (isset ($_GET["id_usuario_mio"]) || isset ($_GET["nuevo_usuario"])) {
echo __('Update user');
}
echo "</h2>";
?>
<table width='500' cellpadding='4' cellspacing='4' class='databox_color'>
<?php
if (isset ($_GET["alta"]))
echo '<form name="new_user" method="post" action="index.php?sec=gusuarios&sec2=godmode/users/configure_user&nuevo_usuario=1">';
else
echo '<form name="user_mod" method="post" action="index.php?sec=gusuarios&sec2=godmode/users/configure_user&id_usuario_mio='.$id_usuario_mio.'">';
?>
<tr>
<td class="datos"><?php echo __('User ID') ?></td>
<td class="datos"><input type="text" name="nombre" value="<?php echo $id_usuario_mio ?>"></td>
<tr><td class="datos2"><?php echo __('Real name') ?>
<td class="datos2"><input type="text" name="nombre_real" value="<?php echo $nombre_real ?>"></td>
echo "<h2>".__('Pandora users')." &gt; ".__('User detail editor')."</h2>";
<?php
echo '<tr><td class="datos">';
echo __('Password');
if (!empty ($id)) {
echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&sec2=godmode/users/configure_user&id='.$id.'&user_mod=1">';
} else {
echo '<form name="user_create" method="post" action="index.php?sec=usuarios&sec2=godmode/users/configure_user&user_mod=2">';
}
echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600px">';
echo '<tr><td class="datos">'.__('User ID').'</td>';
echo '<td class="datos">';
echo '<input type="password" name="pass1" value="'.$password.'"></td>';
echo '<tr><td class="datos2">';
echo __('Password confirmation').'</td>';
echo '<td class="datos">';
echo '<input type="password" name="pass2" value="'.$password2.'"></td>';
echo '<tr><td class="datos">E-Mail</td>';
?>
<td class="datos"><input type="text" name="direccion" size="40" value="<?php echo $direccion ?>"></td>
<tr><td class="datos2"><?php echo __('Telephone') ?></td>
<td class="datos2"><input type="text" name="telefono" value="<?php echo $telefono ?>"></td>
<tr><td class="datos"><?php echo __('Global Profile') ?></td>
print_input_text_extended ("id_user", $id, '', '', '', '', $view_mode, '', 'class="input"');
<td class="datos">
<?php
echo '</td></tr><tr><td class="datos2">'.__('Full (display) name').'</td><td class="datos2">';
print_input_text_extended ("fullname", $user_info["fullname"], '', '', '', '', $view_mode, '', 'class="input"');
echo __('Administrator');
print_radio_button ('nivel', '1', '', $nivel);
print_help_tip (__("This user has permissions to manage all. This is admin user and overwrites all permissions given in profiles/groups"));
print __('Standard user');
print_radio_button ('nivel', '0', '', $nivel);
print_help_tip (__("This user has separated permissions to view data in his group agents, create incidents belong to his groups, add notes in another incidents, create personal assignments or reviews and other tasks, on different profiles"));
?>
echo '</td></tr><tr><td class="datos">'.__('First name').'</td><td class="datos">';
print_input_text_extended ("firstname", $user_info["firstname"], '', '', '', '', $view_mode, '', 'class="input"');
<tr><td class="datos2" colspan="2"><?php echo __('Comments') ?></td>
<tr><td class="datos" colspan="2">
<textarea name="comentarios" cols="60" rows="4"><?php echo $comentarios ?></textarea>
</td></tr>
echo '</td></tr><tr><td class="datos2">'.__('Last name').'</td><td class="datos2">';
print_input_text_extended ("lastname", $user_info["lastname"], '', '', '', '', $view_mode, '', 'class="input"');
<?php
if ($modo == "edicion") { // Only show groups for existing users
// Combo for group
echo '<input type="hidden" name="edicion" value="1">';
echo '<input type="hidden" name="id_usuario_antiguo" value="'.$id_usuario_mio.'">';
echo '<tr><td class="datos2">'.__('Group(s) available').'</td>
<td class="datos2">
<select name="grupo" class="w155">';
echo "<option value=''>".__('None');
$sql1='SELECT * FROM tgrupo ORDER BY nombre';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
echo "<option value='".$row["id_grupo"]."'>".$row["nombre"]."</option>";
echo '</td></tr><tr><td class="datos">'.__('Password').'</td><td class="datos">';
if ($config["user_can_update_password"]) {
if (!isset ($_GET["create"])) {
print_input_text_extended ("password_old", "", '', '', '', '', $view_mode, '', 'class="input"', false, true);
}
echo '</select>';
echo '</td></tr>';
echo "<tr><td class='datos'>".__('Profiles')."</td>";
echo "<td class='datos'>
<select name='perfil' class='w155'>";
$sql1='SELECT * FROM tperfil ORDER BY name';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
echo "<option value='".$row["id_perfil"]."'>".$row["name"]."</option>";
}
echo '</select>';
echo '</td>';
echo '</tr></table>';
echo "<table width=500>";
echo "<tr><td align='right'>";
echo "<input name='uptbutton' type='submit' class='sub upd' value='".__('Update')."'></td></tr></table><br>";
// Show user profile / groups assigned
$sql1='SELECT * FROM tusuario_perfil WHERE id_usuario = "'.$id_usuario_mio.'"';
$result=mysql_query($sql1);
echo '<h3>'.__('Profiles/Groups assigned to this user').'</h3>';
echo "<table width='500' cellpadding='4' cellspacing='4' class='databox'>";
if (mysql_num_rows($result)){
echo '<tr>';
$color=1;
while ($row=mysql_fetch_array($result)){
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
echo '<td class="'.$tdcolor.'">';
echo "<b style='margin-left:10px'>".get_profile_name ($row["id_perfil"])."</b> / ";
echo "<b>".get_group_name ($row["id_grupo"])."</b>";
echo '<td class="'.$tdcolor.'t"><a href="index.php?sec=gusuarios&sec2=godmode/users/configure_user&id_usuario_mio='.$id_usuario_mio.'&borrar_grupo='.$row["id_up"].' " onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;"><img border=0 src="images/cross.png"></a><tr>';
}
}
else {
echo '<div class="nf">'.__('This user doesn\'t have any assigned profile/group').'</div>';
}
}
?>
echo '</td></tr><tr><td class="datos">'.__('New Password').'</td><td class="datos">';
print_input_text_extended ("password_new", "", '', '', '', '', $view_mode, '', 'class="input"', false, true);
echo '</td></tr><tr><td class="datos">'.__('Password confirmation').'</td><td class="datos">';
print_input_text_extended ("password_conf", "", '', '', '', '', $view_mode, '', 'class="input"', false, true);
} else {
echo '<i>'.__('You can not change passwords from Pandora FMS under the current authentication scheme').'</i>';
}
<?php
if (isset($_GET["alta"])) {
echo '</tr></table>';
echo '<table width="500">';
echo '<tr><td align="right">';
echo '<input name="crtbutton" type="submit" class="sub wand" value="'.__('Create').'">';
}
?>
</form>
</td></tr></table>
echo '</td></tr><tr><td class="datos2">'.__('Global Profile').'</td><td class="datos2">';
if ($config["admin_can_make_admin"]) {
echo __('Administrator');
print_radio_button ('is_admin', '1', '', $user_info["is_admin"]);
print_help_tip (__("This user has permissions to manage all. This is admin user and overwrites all permissions given in profiles/groups"));
print __('Standard user');
print_radio_button ('is_admin', '0', '', $user_info["is_admin"]);
print_help_tip (__("This user has separated permissions to view data in his group agents, create incidents belong to his groups, add notes in another incidents, create personal assignments or reviews and other tasks, on different profiles"));
} else {
echo '<i>'.__('You can not change admin status from Pandora FMS under the current authentication scheme').'</i>';
}
echo '</td></tr><tr><td class="datos">'.__('E-mail').'</td><td class="datos">';
print_input_text_extended ("email", $user_info["email"], '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos2">'.__('Phone number').'</td><td class="datos2">';
print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos">'.__('Comments').'</td><td class="datos">';
print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : ''));
echo '<tr><td class="datos2">'.__('Group(s) available').'</td><td class="datos2">';
$groups = get_user_groups ($config["id_user"], "UM");
print_select ($groups, "assign_group", 0, '', __('None'), 0, false, false, false, 'w155');
echo '</td></tr><tr><td class="datos">'.__('Profiles').'</td><td class="datos">';
$profiles = get_profiles ();
print_select ($profiles, "assign_profile", 0, '', __('None'), 0, false, false, false, 'w155');
echo '</td></tr></table>';
echo '<div style="width:600px; text-align:right;">';
print_submit_button (__('Update'), 'uptbutton', false, 'class="sub upd"');
echo '</div></form><br />';
echo '<h3>'.__('Profiles/Groups assigned to this user').'</h3>';
$table->width = 600;
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->data = array ();
$table->head = array ();
$table->align = array ();
$table->head[0] = __('Profile name');
$table->head[1] = __('Group name');
$table->head[2] = '';
$table->align[0] = 'center';
$table->align[1] = 'center';
$table->align[2] = 'center';
$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_info["id_user"]);
if ($result === false) {
$result = array ();
}
foreach ($result as $profile) {
$data[0] = '<b><a href="index.php?sec=gperfiles&sec2=godmode/profiles/profile_list&id='.$profile["id_perfil"].'">'.get_profile_name ($profile["id_perfil"]).'</a></b>';
$data[1] = '<b><a href="index.php?sec=gagente&sec2=godmode/groups/group_list&id_group='.$profile["id_grupo"].'">'.get_group_name ($profile["id_grupo"]).'</a></b>';
$data[2] = print_input_image ("delete_profile", "images/delete.png", $profile["id_up"], 'border:0px;', true);
array_push ($table->data, $data);
}
if (!empty ($table->data)) {
echo '<form name="profile_mod" method="post" action="index.php?sec=usuarios&sec2=godmode/users/configure_user&id='.$id.'&profile_mod=1">';
print_table ($table);
echo '</form>';
} else {
echo '<div class="nf">'.__('This user doesn\'t have any assigned profile/group').'</div>';
}
unset ($table);
?>

171
pandora_console/godmode/users/user_list.php
View File

@ -28,87 +28,150 @@ if (! give_acl ($config['id_user'], 0, "UM")) {
exit;
}
if (isset($_GET["borrar_usuario"])) { // if delete user
$nombre = get_parameter_get ("borrar_usuario");
// Delete user
// Delete cols from table tgrupo_usuario
$result = delete_user ($nombre);
if ($result === false) {
echo '<h3 class="error">'.__('There was a problem deleting user').'</h3>';
} else {
echo '<h3 class="suc">'.__('User successfully deleted').'</h3>';
}
if (isset ($_GET["user_del"])) { //delete user
$id_user = get_parameter_post ("delete_user");
$result = delete_user ($id_user);
print_error_message ($result, __('User successfully deleted'), __('There was a problem deleting the user'));
} elseif (isset ($_GET["profile_del"])) { //delete profile
$id_profile = (int) get_parameter_post ("delete_profile");
$result = delete_profile ($id_profile);
print_error_message ($result, __('Profile successfully deleted'), __('There was a problem deleting the profile'));
}
echo '<h2>'.__('User management').' &gt; '.__('Users defined in Pandora').'</h2>';
$table->width = 700;
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->width = 700;
$table->class = "databox";
$table->head = array ();
$table->size = array ();
$table->data = array ();
$table->align = array ();
$table->size = array ();
$table->head[0] = __('User ID');
$table->head[1] = __('Last contact');
$table->align[1] = "center";
$table->head[2] = __('Profile');
$table->align[2] = "center";
$table->head[3] = __('Name');
$table->align[3] = "center";
$table->head[1] = __('Name');
$table->head[2] = __('Last contact');
$table->head[3] = __('Profile');
$table->head[4] = __('Description');
$table->align[4] = "center";
$table->head[5] = '';
$table->head[5] = __('Delete');
$table->align[2] = "center";
$table->align[3] = "center";
$table->align[5] = "center";
$table->size[5] = 40;
$result = get_db_all_rows_in_table ('tusuario');
$info = array ();
$info = get_users ();
foreach ($result as $row) {
$data = array ();
$data[0] = "<a href='index.php?sec=gusuarios&sec2=godmode/users/configure_user&id_usuario_mio=".$row["id_usuario"]."'><b>".$row["id_usuario"]."</b></a>";
$data[1] = print_timestamp ($row["fecha_registro"], true);
if ($row["nivel"] == 1) {
$data[2] = '<img src="images/user_suit.png" />';
foreach ($info as $user_id => $user_info) {
$data[0] = '<a href="index.php?sec=usuarios&sec2=operation/users/user_edit&id='.$user_id.'">'.$user_id.'</a>';
$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
$data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';
$data[1] .= __('Phone').': '.$user_info["phone"].'<br />';
$data[1] .= __('E-mail').': '.$user_info["email"].'<br />';
$data[1] .= '</span></a>';
$data[2] = print_timestamp ($user_info["last_connect"], true);
if ($user_info["is_admin"]) {
$data[3] = '<img src="images/user_suit.png" />&nbsp;';
} else {
$data[2] = '<img src="images/user_green.png" />';
$data[3] = '<img src="images/user_green.png" />&nbsp;';
}
$data[2] .= '<a href="#" class="tip"><span>';
$profiles = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $row["id_usuario"]);
if ($profiles === false) {
$data[2] .= __('This user doesn\'t have any assigned profile/group');
$profiles = array ();
$data[3] .= '<a href="#" class="tip"><span>';
$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id);
if ($result !== false) {
foreach ($result as $row) {
$data[3] .= get_profile_name ($row["id_perfil"]);
$data[3] .= " / ";
$data[3] .= get_group_name ($row["id_grupo"]);
$data[3] .= "<br />";
}
} else {
$data[3] .= __('The user doesn\'t have any assigned profile/group');
}
$data[3] .= "</span></a>";
foreach ($profiles as $profile) {
$data[2] .= get_profile_name ($profile["id_perfil"])." / ";
$data[2] .= get_group_name ($profile["id_grupo"])."<br />";
$data[4] = print_string_substr ($user_info["comments"], 24, true);
if ($config["admin_can_delete_user"]) {
$data[5] = print_input_image ("delete_user", "images/delete.png", $user_id, 'border:0px;', true); //Delete user button
} else {
$data[5] = ''; //Delete button not in this mode
}
$data[2] .= "</span></a>";
$data[3] = substr ($row["nombre_real"], 0, 16);
$data[4] = $row["comentarios"];
$data[5] = '<a href="index.php?sec=gagente&sec2=godmode/users/user_list&borrar_usuario='.$row["id_usuario"].'" onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">';
$data[5] .= '<img border="0" src="images/cross.png" /></a>';
array_push ($table->data, $data);
}
echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/user_list&user_del=1">';
print_table ($table);
echo '</form>';
unset ($table);
echo '<div style="width:680px; text-align:right"><form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/configure_user&alta=1">';
print_submit_button (__('Create user'), "crt", false, 'class="sub next"');
echo "</form></div>";
echo '<div style="width:680px; text-align:right">';
if ($config["admin_can_add_user"] !== false) {
echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/configure_user&create=1">';
print_submit_button (__('Create user'), "crt", false, 'class="sub next"');
echo '</form>';
} else {
echo '<i>'.__('The current authentication scheme doesn\'t support creating users from Pandora FMS').'</i>';
}
echo '</div>';
echo '<h3>'.__('Profiles defined in Pandora').'</h3>';
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = 'databox';
$table->width = 700;
$table->head = array ();
$table->data = array ();
$table->size = array ();
$table->align = array ();
$table->head[0] = __('Profiles');
$table->head[1] = "IR".print_help_tip (__('System incidents reading'), true);
$table->head[2] = "IW".print_help_tip (__('System incidents writing'), true);
$table->head[3] = "IM".print_help_tip (__('System incidents management'), true);
$table->head[4] = "AR".print_help_tip (__('Agents reading'), true);
$table->head[5] = "AW".print_help_tip (__('Agents management'), true);
$table->head[6] = "LW".print_help_tip (__('Alerts editing'), true);
$table->head[7] = "UM".print_help_tip (__('Users management'), true);
$table->head[8] = "DM".print_help_tip (__('Database management'), true);
$table->head[9] = "LM".print_help_tip (__('Alerts management'), true);
$table->head[10] = "PM".print_help_tip (__('Systems management'), true);
$table->head[11] = '';
$table->align = array_fill (1, 10, "center");
$table->size = array_fill (1, 10, 40);
$profiles = get_db_all_rows_in_table ("tperfil");
$img = print_image ("images/ok.png", true, array ("border" => 0));
foreach ($profiles as $profile) {
$data[0] = $profile["name"];
$data[1] = ($profile["incident_view"] ? $img : '');
$data[2] = ($profile["incident_edit"] ? $img : '');
$data[3] = ($profile["incident_management"] ? $img : '');
$data[4] = ($profile["agent_view"] ? $img : '');
$data[5] = ($profile["agent_edit"] ? $img : '');
$data[6] = ($profile["alert_edit"] ? $img : '');
$data[7] = ($profile["user_management"] ? $img : '');
$data[8] = ($profile["db_management"] ? $img : '');
$data[9] = ($profile["alert_management"] ? $img : '');
$data[10] = ($profile["pandora_management"] ? $img : '');
$data[11] = print_input_image ("delete_profile", "images/delete.png", $profile["id_perfil"], 'border:0px;', true); //Delete profile button
array_push ($table->data, $data);
}
echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/user_list&profile_del=1">';
print_table ($table);
echo '</form>';
unset ($table);
?>

4
pandora_console/include/auth/dev.php
View File

@ -72,7 +72,7 @@ function is_user ($id_user) {
*
* @return string The users full name
*/
function get_user_realname ($id_user) {
function get_user_fullname ($id_user) {
return "admin";
return "";
return false;
@ -107,7 +107,7 @@ function get_users ($order = "nombre_real") {
*
* @param string User id
*/
function update_user_contact ($id_user) {
function process_user_contact ($id_user) {
//void
}

41
pandora_console/include/auth/ldap.php
View File

@ -20,11 +20,13 @@ if (!isset ($config)) {
die ('You cannot access this file directly!');
}
//TODO: Make the following 4 valid throughout Pandora FMS
//TODO: Make the following 5 valid throughout Pandora FMS
$config["user_can_update_info"] = false;
$config["user_can_update_password"] = false;
$config["admin_can_add_user"] = false;
$config["admin_can_delete_user"] = false;
$config["admin_can_disable_user"] = false;
$config["admin_can_make_admin"] = false;
//Required and optional keys for this function to work
$req_keys = array ("ldap_server", "ldap_base_dn", "ldap_login_attr", "ldap_admin_group_name", "ldap_admin_group_attr", "ldap_admin_group_type", "ldap_user_filter", "ldap_user_attr");
@ -44,7 +46,7 @@ function process_user_login ($login, $pass) {
}
global $config;
$profile = get_db_value ("id_usuario", "tusuario_perfil", "id_usuario", $login);
$profile = get_db_value ("id_user", "tusuario_perfil", "id_user", $login);
if ($profile === false && empty ($config["auth"]["create_user_undefined"])) {
$config["auth_error"] = "No profile"; //Error message, don't translate
@ -98,13 +100,13 @@ function is_user ($id_user) {
*
* @return string The users full name
*/
function get_user_realname ($id_user) {
function get_user_fullname ($id_user) {
$info = get_user_info ($id_user);
if (empty ($info)) {
//User doesn't exist
return '';
}
return (string) $info["nombre_real"];
return (string) $info["fullname"];
}
/**
@ -116,7 +118,7 @@ function get_user_realname ($id_user) {
*/
function get_user_email ($id_user) {
$info = get_user_info ($id_user);
return (string) $info["direccion"];
return (string) $info["email"];
}
/**
@ -183,7 +185,7 @@ function get_user_admins () {
*
* @param string User id
*/
function update_user_contact ($id_user) {
function process_user_contact ($id_user) {
//Empty function
}
@ -301,8 +303,9 @@ function ldap_load_user ($login) {
} else {
$ret = array ();
foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) {
$ret["fecha_registro"] = get_system_time ();
$ret["nivel"] = is_user_admin ($info[0][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]);
$ret["last_connect"] = get_system_time ();
$ret["registered"] = get_system_time ();
$ret["is_admin"] = is_user_admin ($info[0][$config["auth"]["ldap_user_attr"]["id_user"]][0]);
if (isset ($info[0][$ldap_key])) {
$ret[$internal_key] = $info[0][$ldap_key][0];
} else {
@ -328,7 +331,7 @@ function ldap_load_user ($login) {
function create_user () {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported.';
$ldap_cache["error"] = 'Not yet supported.';
return false;
}
@ -337,10 +340,10 @@ function create_user () {
*
* @return bool false
*/
function update_user () {
function process_user () {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported.';
$ldap_cache["error"] = 'Not yet supported.';
return false;
}
@ -349,10 +352,10 @@ function update_user () {
*
* @return bool false
*/
function update_user_password ( $user, $password ) {
function process_user_password ( $user, $password_old, $password_new ) {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported';
$ldap_cache["error"] = 'Not yet supported';
return false;
}
@ -366,7 +369,7 @@ function update_user_password ( $user, $password ) {
function delete_user ($user) {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported';
$ldap_cache["error"] = 'Not yet supported';
return false;
}
@ -391,17 +394,17 @@ function get_users ($order = false) {
if (!$sr) {
$ldap_cache["error"] .= 'Error searching LDAP server (get_users): ' . ldap_error( $ldap_cache["ds"] );
} else {
ldap_sort ($ldap_cache["ds"], $sr, $config["auth"]["ldap_user_attr"]["nombre_real"]);
ldap_sort ($ldap_cache["ds"], $sr, $config["auth"]["ldap_user_attr"]["fullname"]);
$info = @ldap_get_entries( $ldap_cache["ds"], $sr );
for ( $i = 0; $i < $info['count']; $i++ ) {
foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) {
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]]["fecha_registro"] = get_system_time ();
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]]["last_connect"] = get_system_time ();
if (isset ($info[$i][$ldap_key])) {
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]][$internal_key] = $info[$i][$ldap_key][0];
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]][$internal_key] = $info[$i][$ldap_key][0];
} else {
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]][$internal_key] = '';
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]][$internal_key] = '';
}
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]]["nivel"] = is_user_admin ($info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]);
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]]["is_admin"] = is_user_admin ($info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]);
}
}
@ldap_free_result($sr);

118
pandora_console/include/auth/mysql.php
View File

@ -20,10 +20,12 @@ if (!isset ($config)) {
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Database configuration (default ones)
$config["user_can_update_info"] = true;
$config["user_can_update_password"] = true;
$config["admin_can_add_user"] = true;
$config["admin_can_delete_user"] = true;
$config["admin_can_disable_user"] = true;
$config["admin_can_disable_user"] = false; //currently not implemented
$config["admin_can_make_admin"] = true;
/**
* process_user_login accepts $login and $pass and handles it according to current authentication scheme
@ -37,7 +39,7 @@ function process_user_login ($login, $pass) {
global $mysql_cache;
// Connect to Database
$sql = sprintf ("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'", $login);
$sql = sprintf ("SELECT `id_user`, `password` FROM `tusuario` WHERE `id_user` = '%s'", $login);
$row = get_db_row_sql ($sql);
//Check that row exists, that password is not empty and that password is the same hash
@ -48,7 +50,7 @@ function process_user_login ($login, $pass) {
// We get DB nick to put in PHP Session variable,
// to avoid problems with case-sensitive usernames.
// Thanks to David Muñiz for Bug discovery :)
return $row["id_usuario"];
return $row["id_user"];
} else {
$mysql_cache["auth_error"] = "User not found in database or incorrect password";
}
@ -63,12 +65,7 @@ function process_user_login ($login, $pass) {
* @return bool True is the user is admin
*/
function is_user_admin ($id_user) {
$level = get_db_value ('nivel', 'tusuario', 'id_usuario', $id_user);
if ($level == 1) {
return true;
} else {
return false;
}
return (bool) get_db_value ('is_admin', 'tusuario', 'id_user', $id_user);
}
/**
@ -79,7 +76,7 @@ function is_user_admin ($id_user) {
* @return bool True if the user exists.
*/
function is_user ($id_user) {
$user = get_db_row ('tusuario', 'id_usuario', $id_user);
$user = get_db_row ('tusuario', 'id_user', $id_user);
if (! $user)
return false;
return true;
@ -92,8 +89,8 @@ function is_user ($id_user) {
*
* @return string The users full name
*/
function get_user_realname ($id_user) {
return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user);
function get_user_fullname ($id_user) {
return (string) get_db_value ('fullname', 'tusuario', 'id_user', $id_user);
}
/**
@ -104,7 +101,7 @@ function get_user_realname ($id_user) {
* @return string The users email address
*/
function get_user_email ($id_user) {
return (string) get_db_value ('direccion', 'tusuario', 'id_usuario', $id_user);
return (string) get_db_value ('email', 'tusuario', 'id_user', $id_user);
}
/**
@ -115,7 +112,7 @@ function get_user_email ($id_user) {
* @return mixed An array of users
*/
function get_user_info ($id_user) {
return get_db_row ("tusuario", "id_usuario", $id_user);
return get_db_row ("tusuario", "id_user", $id_user);
}
/**
@ -123,18 +120,19 @@ function get_user_info ($id_user) {
* We can't simplify this because some auth schemes (like LDAP) automatically (or it's at least cheaper to) return all the information
* Functions like get_user_info allow selection of specifics (in functions_db)
*
* @param string Field to order by (id_usuario, nombre_real or fecha_registro)
* @param string Field to order by (id_user, fullname or registered)
*
* @return array An array of user information
*/
function get_users ($order = "nombre_real") {
function get_users ($order = "fullname") {
switch ($order) {
case "id_usuario":
case "fecha_registro":
case "nombre_real":
case "id_user":
case "registered":
case "last_connect":
case "fullname":
break;
default:
$order = "nombre_real";
$order = "fullname";
}
$output = array();
@ -142,7 +140,7 @@ function get_users ($order = "nombre_real") {
$result = get_db_all_rows_in_table ("tusuario", $order);
if ($result !== false) {
foreach ($result as $row) {
$output[$row["id_usuario"]] = $row;
$output[$row["id_user"]] = $row;
}
}
@ -154,9 +152,42 @@ function get_users ($order = "nombre_real") {
*
* @param string User id
*/
function update_user_contact ($id_user) {
$sql = sprintf ("UPDATE tusuario SET fecha_registro = NOW() WHERE id_usuario = '%s'", $id_user);
process_sql ($sql);
function process_user_contact ($id_user) {
return process_sql_update ("tusuario", array ("last_connect" => get_system_time ()), array ("id_user" => $id_user));
}
/**
* Create a new user
*
* @return bool false
*/
function create_user ($id_user, $password, $user_info) {
$values = array ();
$values["id_user"] = $id_user;
$values["password"] = md5 ($password);
$values["last_connect"] = 0;
$values["registered"] = get_system_time ();
foreach ($user_info as $key => $value) {
switch ($key) {
case "fullname":
case "firstname":
case "lastname":
case "middlename":
case "comments":
case "email":
case "phone":
$values[$key] = $value;
break;
default:
continue; //ignore
break;
}
}
process_sql_insert ("tusuario", $values);
return (bool) process_sql ($sql);
}
/**
@ -165,12 +196,12 @@ function update_user_contact ($id_user) {
* @param string User id
*/
function delete_user ($id_user) {
$sql = "DELETE FROM tgrupo_usuario WHERE usuario = '".$id_user."'";
$sql = "DELETE FROM tusuario_perfil WHERE id_usuario = '".$id_user."'";
$result = process_sql ($sql);
if ($result === false) {
return false;
}
$sql = "DELETE FROM tusuario WHERE id_usuario = '".$id_user."'";
$sql = "DELETE FROM tusuario WHERE id_user = '".$id_user."'";
$result = process_sql ($sql);
if ($result === false) {
return false;
@ -178,6 +209,39 @@ function delete_user ($id_user) {
return true;
}
//Reference the global use authorization error to last ldap error.
function process_user_password ( $user, $password_old, $password_new ) {
$user = process_user_login ($user, $password_old);
if ($user === false) {
global $mysql_cache;
$mysql_cache["auth_error"] = "Invalid login/password combination";
return false;
}
return process_sql_update ("tusuario", array ("password" => md5 ($password_new)), array ("id_user" => $id_user));
}
function process_user_info ($id_user, $user_info) {
$values = array ();
foreach ($user_info as $key => $value) {
switch ($key) {
case "fullname":
case "firstname":
case "lastname":
case "middlename":
case "comments":
case "email":
case "phone":
$values[$key] = $value;
break;
default:
continue; //ignore
break;
}
}
return process_sql_update ("tusuario", $values, array ("id_user" => $id_user));
}
//Reference the global use authorization error to last auth error.
$config["auth_error"] = &$mysql_cache["auth_error"];
?>

63
pandora_console/include/functions_db.php
View File

@ -73,16 +73,16 @@ function give_acl ($id_user, $id_group, $access) {
return 1;
//Apparently nivel is 1 if user has full admin access
}
//Joined multiple queries into one. That saves on the query overhead and query cache.
if ($id_group == 0) {
$query1=sprintf("SELECT tperfil.incident_view,tperfil.incident_edit,tperfil.incident_management,tperfil.agent_view,tperfil.agent_edit,tperfil.alert_edit,tperfil.alert_management,tperfil.pandora_management,tperfil.db_management,tperfil.user_management FROM tusuario_perfil,tperfil WHERE tusuario_perfil.id_perfil = tperfil.id_perfil AND tusuario_perfil.id_usuario = '%s'", $id_user);
//GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0
} else {
$query1=sprintf("SELECT tperfil.incident_view,tperfil.incident_edit,tperfil.incident_management,tperfil.agent_view,tperfil.agent_edit,tperfil.alert_edit,tperfil.alert_management,tperfil.pandora_management,tperfil.db_management,tperfil.user_management FROM tusuario_perfil,tperfil WHERE tusuario_perfil.id_perfil = tperfil.id_perfil
AND tusuario_perfil.id_usuario = '%s' AND (tusuario_perfil.id_grupo = %d OR tusuario_perfil.id_grupo= 1)", $id_user, $id_group);
AND tusuario_perfil.id_usuario = '%s' AND (tusuario_perfil.id_grupo = %d OR tusuario_perfil.id_grupo= 1)", $id_user, $id_group);
}
$rowdup = get_db_all_rows_sql ($query1);
$result = 0;
@ -128,7 +128,7 @@ AND tusuario_perfil.id_usuario = '%s' AND (tusuario_perfil.id_grupo = %d OR tusu
$result = 1;
return $result;
}
/**
* Adds an audit log entry.
*
@ -153,7 +153,7 @@ function audit_db ($id, $ip, $accion, $descripcion){
function logon_db ($id_user, $ip) {
audit_db ($id_user, $ip, "Logon", "Logged in");
// Update last registry of user to set last logon. How do we audit when the user was created then?
update_user_contact ($id_user);
process_user_contact ($id_user);
}
/**
@ -177,6 +177,24 @@ function get_profile_name ($id_profile) {
return (string) get_db_value ('name', 'tperfil', 'id_perfil', (int) $id_profile);
}
/**
* Selects all profiles (array (id => name))
*
* @return array List of all profiles
*/
function get_profiles () {
$profiles = get_db_all_rows_in_table ("tperfil", "name");
$return = array ();
if ($profiles === false) {
return $return;
}
foreach ($profiles as $profile) {
$return[$profile["id_perfil"]] = $profile["name"];
}
return $return;
}
/**
* Create Profile for User
*
@ -206,6 +224,30 @@ function create_user_profile ($id_user, $id_profile = 1, $id_group = 1) {
return (bool) process_sql_insert ("tusuario_perfil", $insert);
}
/**
* Delete user profile from database
*
* @param string User ID
* @param int Profile ID
*
* @return bool Whether or not it's deleted
*/
function delete_user_profile ($id_user, $id_profile) {
$sql = sprintf ("DELETE FROM tusuario_perfil WHERE id_usuario = '%s' AND id_up = %d", $id_user, $id_profile);
return (bool) process_sql ($sql);
}
/**
* Delete profile from database (not user-profile link (tusuario_perfil), but the actual profile (tperfil))
*
* @param int Profile ID
*
* @return bool Whether or not it's deleted
*/
function delete_profile ($id_profile) {
$sql = sprintf ("DELETE FROM tperfil WHERE id_perfil = %d", $id_profile);
return (bool) process_sql ($sql);
}
/**
* Get disabled field of a group
@ -394,13 +436,6 @@ function get_agent_name ($id_agent, $case = "upper") {
}
}
/**
* DEPRECATED: Don't use this anymore. Use pre-defined functions according to authorization scheme. Passwords can't always be retrieved
*/
function get_user_password ($id_user) {
return (string) get_db_value ('password', 'tusuario', 'id_usuario', $id_user);
}
/**
* Get type name for alerts (e-mail, text, internal, ...) based on type number
*
@ -502,10 +537,10 @@ function get_agentmodule_type ($id_agentmodule) {
}
/**
* DEPRECATED: User get_user_realname
* DEPRECATED: User get_user_fullname
*/
function dame_nombre_real ($id_user) {
return get_user_realname ($id_user);
return get_user_fullname ($id_user);
}
/**

4
pandora_console/include/functions_html.php
View File

@ -168,8 +168,8 @@ function print_input_text_extended ($name, $value, $id, $alt, $size, $maxlength,
$htmlid = 'text-'.sprintf ('%04d', $idcounter);
$output .= ' id="'.$htmlid.'"';
}
if ($disabled)
$output .= ' disabled';
if ($disabled) //We want readonly, not disabled - disabled disables copying from the field as well
$output .= ' readonly';
if ($attributes != '')
$output .= ' '.$attributes;

2
pandora_console/include/functions_ui.php
View File

@ -131,7 +131,7 @@ function print_timestamp ($unixtime, $return = false, $option = array ()) {
* @return string HTML code if return parameter is true.
*/
function print_username ($username, $return = false) {
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$username.'">'.get_user_realname ($username).'</a>';
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&id='.$username.'">'.get_user_fullname ($username).'</a>';
if ($return)
return $string;

2
pandora_console/include/styles/tip.css
View File

@ -59,7 +59,7 @@ a.info2:hover span, a.help:hover span, a.info_table:hover span {
z-index: 99;
top: 20px;
left: 6px;
width: 150px;
min-width: 150px;
border: 1px solid #708090;
background-color: #d4ddc6;
color: #000;

2
pandora_console/index.php
View File

@ -154,7 +154,6 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) {
$loginhash_user = get_parameter("loginhash_user", "");
if ($loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
update_user_contact ($loginhash_user);
logon_db ($loginhash_user, $REMOTE_ADDR);
$_SESSION['id_usuario'] = $loginhash_user;
$config["id_user"] = $loginhash_user;
@ -180,7 +179,6 @@ elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
if ($nick !== false) {
unset ($_GET["sec2"]);
$_GET["sec"] = "general/logon_ok";
update_user_contact ($nick);
logon_db ($nick, $REMOTE_ADDR);
$_SESSION['id_usuario'] = $nick;
$config['id_user'] = $nick;

54
pandora_console/operation/reporting/reporting_xml.php
View File

@ -53,47 +53,43 @@ if (isset ($_GET["direct"])) {
}
*/
require_once ("../../include/config.php");
require_once ("../../include/functions.php");
require_once ("../../include/functions_db.php");
require_once ("../../include/functions_reporting.php");
if (!isset ($config["auth"])) {
require_once ("include/auth/mysql.php");
} else {
require_once ("include/auth/".$config["auth"]["scheme"].".php");
}
$nick = get_parameter ("nick");
$pass = get_parameter ("pass");
$sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
$row = get_db_row_sql ($sql);
$nick = process_user_login ($nick, $pass);
// For every registry
if ($row !== false) {
if ($row["password"] == md5 ($pass)) {
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
// is not case sensitive)
// We get DB nick to put in PHP Session variable,
// to avoid problems with case-sensitive usernames.
// Thanks to David Muñiz for Bug discovery :)
$nick = $row["id_usuario"];
update_user_contact ($nick);
$_SESSION['id_usuario'] = $nick;
$config['id_user'] = $nick;
unset ($_GET['pass'], $pass);
} else {
// Login failed (bad password)
echo "Logon failed";
audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
"Incorrect password: " . $nick);
exit;
}
if ($nick !== false) {
unset ($_GET["sec2"]);
$_GET["sec"] = "general/logon_ok";
logon_db ($nick, $REMOTE_ADDR);
$_SESSION['id_usuario'] = $nick;
$config['id_user'] = $nick;
//Remove everything that might have to do with people's passwords or logins
unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good);
} else {
// User not known
echo "Logon failed";
audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", "Invalid username: " . $nick);
$login_failed = true;
require_once ('general/login_page.php');
audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick);
exit;
}
} else {
require_once ("include/config.php");
require_once ("include/functions_reporting.php");
if (!isset ($config["auth"])) {
require_once ("include/auth/mysql.php");
} else {
require_once ("include/auth/".$config["auth"]["scheme"].".php");
}
}
check_login();
@ -102,7 +98,7 @@ $id_report = (int) get_parameter ('id');
if (! $id_report) {
audit_db ($config['id_user'], $REMOTE_ADDR, "HACK Attempt",
"Trying to access graph viewer withoud ID");
"Trying to access graph viewer without valid ID");
require ("general/noaccess.php");
exit;
}

19
pandora_console/operation/users/user.php
View File

@ -49,11 +49,16 @@ if (give_acl ($config["id_user"], 0, "UM") == 1) {
}
foreach ($info as $user_id => $user_info) {
$data[0] = $user_id;
$data[1] = $user_info["nombre_real"];
$data[2] = print_timestamp ($user_info["fecha_registro"], true);
$data[0] = '<a href="index.php?sec=usuarios&sec2=operation/users/user_edit&id='.$user_id.'">'.$user_id.'</a>';
$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
$data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';
$data[1] .= __('Phone').': '.$user_info["phone"].'<br />';
$data[1] .= __('E-mail').': '.$user_info["email"].'<br />';
$data[1] .= '</span></a>';
$data[2] = print_timestamp ($user_info["last_connect"], true);
if ($user_info["nivel"]) {
if ($user_info["is_admin"]) {
$data[3] = '<img src="images/user_suit.png" />&nbsp;';
} else {
$data[3] = '<img src="images/user_green.png" />&nbsp;';
@ -73,7 +78,7 @@ foreach ($info as $user_id => $user_info) {
}
$data[3] .= "</span></a>";
$data[4] = print_string_substr ($user_info["comentarios"], 24, true);
$data[4] = print_string_substr ($user_info["comments"], 24, true);
array_push ($table->data, $data);
}
@ -138,6 +143,4 @@ foreach ($profiles as $profile) {
print_table ($table);
unset ($table);
?>
</tr></table>
?>

231
pandora_console/operation/users/user_edit.php
View File

@ -20,146 +20,117 @@ require_once ("include/config.php");
check_login ();
$view_mode = 0;
$id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter
$user_info = get_user_info ($id);
$id = $user_info["id_user"]; //This is done in case there are problems with uppercase/lowercase (MySQL auth has that problem)
if (isset ($_GET["ver"])){ // Only view mode,
$id = get_parameter_get ("ver"); // ID given as parameter
if ($config['id_user'] == $id) {
$view_mode = 0;
//If current user is editing himself or if the user has UM (User Management) rights on any groups the user is part of AND the authorization scheme allows for users/admins to update info
if (($config["id_user"] == $id || give_acl ($config["id_user"], get_user_groups ($id), "UM")) && $config["user_can_update_info"]) {
$view_mode = false;
} else {
$view_mode = true;
}
if (isset ($_GET["modified"]) && !$view_mode) {
$upd_info = array ();
$upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]);
$upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]);
$upd_info["lastname"] = get_parameter_post ("lastname", $user_info["lastname"]);
$password_old = get_parameter_post ("password_old", "-");
$password_new = get_parameter_post ("password_new", "-");
$password_confirm = get_parameter_post ("password_confirm", "-");
$upd_info["email"] = get_parameter_post ("email", $user_info["email"]);
$upd_info["phone"] = get_parameter_post ("phone", $user_info["phone"]);
$upd_info["comments"] = get_parameter_post ("comments", $user_info["comments"]);
//If User can update password and the new password is not the same as the old one, it's not the default and it's not empty and the new password is the same as the confirmed one
if ($config["user_can_update_password"] && $password_old !== $password_new && $password_new !== "-" && !empty ($password_new) && $password_confirm == $password_new) {
$return = process_user_password ($id, $pass);
print_error_message ($return, __('Password successfully updated'), __('Error updating passwords').": ".$config["auth_error"]);
} elseif ($password_new !== "-") {
print_error_message (false, '', __('Passwords didn\'t match or other problem encountered while updating passwords'));
}
$return = process_user_info ($id, $upd_info);
print_error_message ($return, __('User info successfully updated'), __('Error updating user info'));
$user_info = get_user_info ($id); //Reread it
}
echo "<h2>".__('Pandora users')." &gt; ".__('User detail editor')."</h2>";
echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&sec2=operation/users/user_edit&modified=1&id='.$id.'">';
echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600px">';
echo '<tr><td class="datos">'.__('User ID').'</td>';
echo '<td class="datos">';
print_input_text_extended ("id_user", $id, '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos2">'.__('Full (display) name').'</td><td class="datos2">';
print_input_text_extended ("fullname", $user_info["fullname"], '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos">'.__('First name').'</td><td class="datos">';
print_input_text_extended ("firstname", $user_info["firstname"], '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos2">'.__('Last name').'</td><td class="datos2">';
print_input_text_extended ("lastname", $user_info["lastname"], '', '', '', '', $view_mode, '', 'class="input"');
if ($view_mode === false) {
echo '</td></tr><tr><td class="datos">'.__('Current password').'</td><td class="datos">';
if ($config["user_can_update_password"]) {
print_input_text_extended ("password_old", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true);
echo '</td></tr><tr><td class="datos">'.__('New Password').'</td><td class="datos">';
print_input_text_extended ("password_new", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true);
echo '</td></tr><tr><td class="datos">'.__('Password confirmation').'</td><td class="datos">';
print_input_text_extended ("password_conf", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true);
} else {
$view_mode = 1;
echo '<i>'.__('You can not change your password from Pandora FMS under the current authentication scheme').'</i>';
}
}
echo '</td></tr><tr><td class="datos2">'.__('E-mail').'</td><td class="datos2">';
print_input_text_extended ("email", $user_info["email"], '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos">'.__('Phone number').'</td><td class="datos">';
print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"');
$query1="SELECT * FROM tusuario WHERE id_usuario = '".$id."'";
$resq1=mysql_query($query1);
$rowdup=mysql_fetch_array($resq1);
$nombre=$rowdup["id_usuario"];
echo '</td></tr><tr><td class="datos2">'.__('Comments').'</td><td class="datos2">';
print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : ''));
echo '</td></tr></table>';
// Get user ID to modify data of current user.
if (isset ($_GET["modificado"])){
// Se realiza la modificaci<63>n
if (isset ($_POST["pass1"])){
if ( isset($_POST["nombre"]) && ($_POST["nombre"] != $_SESSION["id_usuario"])) {
audit_db($_SESSION["id_usuario"],$REMOTE_ADDR,"Security Alert. Trying to modify another user: (".$_POST['nombre'].") ","Security Alert");
no_permission;
}
// $nombre = $_POST["nombre"]; // Don't allow change name !!
$pass1 = entrada_limpia($_POST["pass1"]);
$pass2 = entrada_limpia($_POST["pass2"]);
$direccion = entrada_limpia($_POST["direccion"]);
$telefono = entrada_limpia($_POST["telefono"]);
$nombre_real = entrada_limpia($_POST["nombre_real"]);
if ($pass1 != $pass2) {
echo "<h3 class='error'>".__('Passwords don\'t match. Please repeat again')."</h3>";
}
else {echo "<h3 class='suc'>".__('User successfully updated')."</h3>";}
//echo "<br>DEBUG for ".$nombre;
//echo "<br>Comments:".$comentarios;
$comentarios = entrada_limpia($_POST["comentarios"]);
if (get_user_password($nombre)!=$pass1){
// Only when change password
$pass1=md5($pass1);
$sql = "UPDATE tusuario SET nombre_real = '".$nombre_real."', password = '".$pass1."', telefono ='".$telefono."', direccion ='".$direccion." ', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre."'";
}
else
$sql = "UPDATE tusuario SET nombre_real = '".$nombre_real."', telefono ='".$telefono."', direccion ='".$direccion." ', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre."'";
$resq2=mysql_query($sql);
// Ahora volvemos a leer el registro para mostrar la info modificada
// $id is well known yet
$query1="SELECT * FROM tusuario WHERE id_usuario = '".$id."'";
$resq1=mysql_query($query1);
$rowdup=mysql_fetch_array($resq1);
$nombre=$rowdup["id_usuario"];
}
else {
echo "<h3 class='error'>".__('Passwords don\'t match. Please repeat again')."</h3>";
}
}
echo "<h2>".__('Pandora users')." &gt; ";
echo __('User detail editor')."</h2>";
// Si no se obtiene la variable "modificado" es que se esta visualizando la informacion y
// preparandola para su modificacion, no se almacenan los datos
$nombre = $rowdup["id_usuario"];
if ($view_mode == 0)
$password=$rowdup["password"];
else
$password="This is not a good idea :-)";
$comentarios = $rowdup["comentarios"];
$direccion = $rowdup["direccion"];
$telefono = $rowdup["telefono"];
$nombre_real = $rowdup["nombre_real"];
?>
<table cellpadding="4" cellspacing="4" class="databox_color" width="500px">
<?php
if ($view_mode == 0)
echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&sec2=operation/users/user_edit&ver='.$config['id_user'].'&modificado=1">';
else
echo '<form name="user_mod" method="post" action="">';
?>
<tr>
<td class="datos"><?php echo __('User ID') ?></td>
<td class="datos"><input class=input type="text" name="nombre" value="<?php echo $nombre ?>" disabled></td>
<tr>
<td class="datos2"><?php echo __('Real name') ?></td>
<td class="datos2">
<input class=input type="text" name="nombre_real" value="<?php echo $nombre_real ?>"></td>
<tr><td class="datos"><?php echo __('Password') ?></td>
<td class="datos">
<input class=input type="password" name="pass1" value="<?php echo $password ?>"></td>
<tr><td class="datos2">
<?php echo __('Password'); echo " ".__('confirmation')?>
<td class="datos2">
<input class=input type="password" name="pass2" value="<?php echo $password ?>"></td>
<tr>
<td class="datos">E-Mail
<td class="datos">
<input class=input type="text" name="direccion" size="40" value="<?php echo $direccion ?>">
<tr>
<td class="datos2"><?php echo __('Telephone') ?>
<td class="datos2"><input class=input type="text" name="telefono" value="<?php echo $telefono ?>">
<tr><td class="datos" colspan="2"><?php echo __('Comments') ?>
<tr><td class="datos2" colspan="2"><textarea name="comentarios" cols="55" rows="4"><?php echo $comentarios ?></textarea>
</table>
<table cellpadding="4" cellspacing="4" width="500px">
<?php
if ($view_mode == 0) {
echo '<tr><td colspan="3" align="right">';
echo "<input name='uptbutton' type='submit' class='sub upd' value='".__('Update')."'></td></tr>";
echo '<div style="width:600px; text-align:right;">';
if (!$config["user_can_update_info"]) {
echo '<i>'.__('You can not change your user info from Pandora FMS under the current authentication scheme').'</i>';
} else {
print_submit_button (__('Update'), 'uptbutton', $view_mode, 'class="sub upd"');
}
echo '</table></form><br>';
echo '</div></form><br />';
echo '<h3>'.__('Profiles/Groups assigned to this user').'</h3>';
echo "<table width='500' cellpadding='4' cellspacing='4' class='databox'>";
$sql = 'SELECT * FROM tusuario_perfil WHERE id_usuario = "'.$nombre.'"';
$result = mysql_query ($sql);
if (mysql_num_rows ($result)) {
echo '<tr>';
$color=1;
while ($row = mysql_fetch_array ($result)) {
if ($color == 1) {
$tdcolor = "datos2";
$color = 0;
} else {
$tdcolor = "datos";
$color = 1;
}
echo '<td class="'.$tdcolor.'">';
echo "<b>".get_profile_name ($row["id_perfil"])."</b> / ";
echo "<b>".get_group_name ($row["id_grupo"])."</b><tr>";
}
} else {
$table->width = 500;
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->data = array ();
$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $id);
if ($result === false) {
$result = array ();
}
foreach ($result as $profile) {
$data[0] = '<b>'.get_profile_name ($profile["id_perfil"]).'</b>';
$data[1] = '<b>'.get_group_name ($profile["id_grupo"]).'</b>';
array_push ($table->data, $data);
}
if (!empty ($table->data)) {
print_table ($table);
} else {
echo '<div class="nf">'.__('This user doesn\'t have any assigned profile/group').'</div>';
}
echo '</table>';
?>

14
pandora_console/operation/users/user_statistics.php
View File

@ -16,14 +16,12 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
require_once ("include/config.php");
if (comprueba_login() == 0) {
echo "<h2>".__('Users defined in Pandora')." &gt; ";
echo __('User activity statistics')."</h2>";
echo '<img src="reporting/fgraph.php?tipo=user_activity" border=0>';
}
check_login ();
echo "<h2>".__('Users defined in Pandora')." &gt; ".__('User activity statistics')."</h2>";
print_image ("reporting/fgraph.php?tipo=user_activity", false, array ("border" => 0));
?>

21
pandora_console/pandoradb.sql
View File

@ -579,18 +579,21 @@ CREATE TABLE IF NOT EXISTS `ttrap` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tusuario` (
`id_usuario` varchar(60) NOT NULL default '0',
`nombre_real` varchar(125) NOT NULL default '',
`id_user` varchar(60) NOT NULL default '0',
`fullname` varchar(255) NOT NULL,
`firstname` varchar(255) NOT NULL,
`lastname` varchar(255) NOT NULL,
`middlename` varchar(255) NOT NULL,
`password` varchar(45) default NULL,
`comentarios` varchar(200) default NULL,
`fecha_registro` datetime NOT NULL default '0000-00-00 00:00:00',
`direccion` varchar(100) default '',
`telefono` varchar(100) default '',
`nivel` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`id_usuario`)
`comments` varchar(200) default NULL,
`last_connect` bigint(20) NOT NULL default '0',
`registered` bigint(20) NOT NULL default '0',
`email` varchar(100) default NULL,
`phone` varchar(100) default NULL,
`is_admin` tinyint(1) unsigned NOT NULL default '0',
UNIQUE KEY `id_user` (`id_user`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tusuario_perfil` (
`id_up` bigint(10) unsigned NOT NULL auto_increment,
`id_usuario` varchar(100) NOT NULL default '',

4
pandora_console/pandoradb_data.sql
View File

@ -224,8 +224,8 @@ INSERT INTO `ttipo_modulo` VALUES
--
-- Dumping data for table `tusuario`
--
INSERT INTO `tusuario` VALUES ('admin','Default Admin','1da7ee7d45b96d0e1f45ee4ee23da560','Admin Pandora','2007-03-27 18:59:39','admin_pandora@nowhere.net','555-555-555',1);
INSERT INTO `tusuario` (`id_user`, `fullname`, `firstname`, `lastname`, `middlename`, `password`, `comments`, `last_connect`, `registered`, `email`, `phone`, `is_admin`) VALUES
('admin', 'Pandora', 'Pandora', 'Admin', '', '1da7ee7d45b96d0e1f45ee4ee23da560', 'Admin Pandora', 1232642121, 0, 'admin@example.com', '555-555-5555', 1);
--
-- Dumping data for table `tusuario_perfil`

8
pandora_console/pandoradb_migrate_20_to_21.sql
View File

@ -170,4 +170,10 @@ DEFAULT '0', ADD `min_critical` DOUBLE( 18, 2 ) NOT NULL DEFAULT
'0', ADD `max_critical` DOUBLE( 18, 2 ) NOT NULL DEFAULT '0', ADD
`min_ff_event` INT( 4 ) UNSIGNED NOT NULL DEFAULT '0';
ALTER TABLE `tusuario` CHANGE `nombre_real` `fullname` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;
ALTER TABLE `tusuario` CHANGE `id_usuario` `id_user` VARCHAR( 60 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '0';
ALTER TABLE `tusuario` CHANGE `fecha_registro` `last_connect` BIGINT( 20 ) NOT NULL DEFAULT '0';
ALTER TABLE `tusuario` ADD UNIQUE (`id_user`);
ALTER TABLE `tusuario` ADD `registered` BIGINT( 20 ) NOT NULL DEFAULT '0' AFTER `last_connect` ;
ALTER TABLE `tusuario` ADD `firstname` VARCHAR( 255 ) NOT NULL AFTER `fullname` , ADD `lastname` VARCHAR( 255 ) NOT NULL AFTER `firstname` , ADD `middlename` VARCHAR( 255 ) NOT NULL AFTER `lastname`;
ALTER TABLE `tusuario` CHANGE `direccion` `email` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , CHANGE `telefono` `phone` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , CHANGE `nivel` `is_admin` TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT '0'