diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 7baac2b9ee..2b3902d608 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,35 @@ +2009-01-22 Evi Vanoost + + * pandoradb_migrate_20_to_21.sql, pandoradb.sql: Added user table updates + You'll have to do the alter tables before upgrading to the latest version + but it adds functionality and enforces unique usernames + + * general/header.php: Don't rely on session variables + + * include/auth/dev.php, include/functions_ui.php: Minimal changes to + comply with guidelines and new links + + * include/auth/mysql.php, include/auth/ldap.php: Added functions and + removed bugs. + + * include/functions_db.php: Added some functions for profile handling + + * include/functions_html.php: Text input is now readonly instead of + disabled. This allows copying data from the textbox. + + * include/styles/tip.css: Set min-width instead of fixed width for tip + that way we can have bigger tips without overflowing + + * operation/reporting/reporting_xml.php: Added auth there as well + + * operation/users/user.php, operation/users/user_edit.php, + operation/users/user_statistics.php: New auth functions, better look + + * index.php: Process_user_contact sits in logon_db. Saves a query + + * godmode/users/configure_user.php, godmode/users/user_list.php: New + auth functions, better look. + 2009-01-22 Jorge Gonzalez * include/help/en/help_wmiquery.php, diff --git a/pandora_console/general/header.php b/pandora_console/general/header.php index 19be37ad5b..1f9457ac20 100644 --- a/pandora_console/general/header.php +++ b/pandora_console/general/header.php @@ -33,7 +33,7 @@ echo 'logo '; // First column (identifier) -echo ' '.''.__('You are').' ['.$_SESSION["id_usuario"].']'; +echo ' '.''.__('You are').' ['.$config["id_user"].']'; //First column, second row (logout button) echo '

'; diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index a123e8e13e..b37716b863 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -21,6 +21,10 @@ require_once ("include/config.php"); check_login (); +$id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter +$user_info = get_user_info ($id); +$id = $user_info["id_user"]; + if (! give_acl ($config['id_user'], 0, "UM")) { audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access User Management"); @@ -28,259 +32,193 @@ if (! give_acl ($config['id_user'], 0, "UM")) { exit; } -// Init. vars -$comentarios = ""; -$direccion = ""; -$telefono = ""; -$password = ""; -$password2 = ""; -$id_usuario_mio = ""; -$nombre_real = ""; -$nivel = 0; -// Default is create mode (creacion) -$modo = "creacion"; - -if (isset ($_GET["borrar_grupo"])) { // if modified some parameter - $grupo = get_parameter ("borrar_grupo"); - $sql = "DELETE FROM tusuario_perfil WHERE id_up = ".$grupo; - $resq1 = mysql_query ($sql); +if ($config["user_can_update_info"]) { + $view_mode = false; +} else { + $view_mode = true; } -if (isset ($_GET["id_usuario_mio"])) { // if any parameter changed - $modo = "edicion"; - $id_usuario_mio = get_parameter ("id_usuario_mio"); - // Read user data to include in form - $sql = "SELECT * FROM tusuario WHERE id_usuario = '".$id_usuario_mio."'"; - $result = mysql_query ($sql); - $rowdup = mysql_fetch_array ($result); - if (! $rowdup) { - echo "

".__('There was a problem loading user')."

"; - echo ""; - include ("general/footer.php"); - exit; - } else { - $password=""; - } - $password2 = ""; - $comentarios = $rowdup["comentarios"]; - $direccion = $rowdup["direccion"]; - $telefono = $rowdup["telefono"]; - $nivel = $rowdup["nivel"]; - $nombre_real = $rowdup["nombre_real"]; -} - -// Edit user -if (isset ($_POST["edicion"])) { - // We do it - if (isset ($_POST["pass1"])) { - $nombre = get_parameter_post ("nombre"); - $nombre_real = get_parameter_post ("nombre_real"); - $nombre_viejo = get_parameter_post ("id_usuario_antiguo"); - $password = get_parameter_post ("pass1"); - $password2 = get_parameter_post ("pass2"); - if ($password != $password2){ - echo "

".__('Passwords don\'t match. Please repeat again')."

"; +if (isset ($_GET["create"]) && $config["admin_can_add_user"]) { + $user_info = array (); + $id = ''; + $user_info["fullname"] = ''; + $user_info["firstname"] = ''; + $user_info["lastname"] = ''; + $user_info["email"] = ''; + $user_info["phone"] = ''; + $user_info["comments"] = ''; +} elseif (isset ($_GET["create"])) { + print_error_message (false, '', __('The current authentication scheme doesn\'t support creating users from Pandora FMS')); +} elseif (isset ($_GET["user_mod"])) { + $mod = get_parameter_get ("user_mod", 0); //0 is no user info modify (can modify passwords and admin status), 1 is modify, 2 is create + + $upd_info = array (); + $upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]); + $upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]); + $upd_info["lastname"] = get_parameter_post ("lastname", $user_info["lastname"]); + $password_old = get_parameter_post ("password_old", "-"); + $password_new = get_parameter_post ("password_new", "-"); + $password_confirm = get_parameter_post ("password_confirm", "-"); + $upd_info["email"] = get_parameter_post ("email", $user_info["email"]); + $upd_info["phone"] = get_parameter_post ("phone", $user_info["phone"]); + $upd_info["comments"] = get_parameter_post ("comments", $user_info["comments"]); + $is_admin = get_parameter_post ("is_admin", $user_info["is_admin"]); + $group = get_parameter_post ("assign_group", 0); + $profile = get_parameter_post ("assign_profile", 0); + + + if ($config["admin_can_add_user"] && $mod == 2) { + if ($password_new !== $password_confirm) { + print_error_message (false, '', __('Passwords didn\t match')); + $user_info = $upd_info; //Fill in the blanks again } else { - if (isset($_POST["nivel"])) - $nivel = get_parameter_post ("nivel"); - $direccion = get_parameter_post ("direccion"); - $telefono = get_parameter_post ("telefono"); - $comentarios = get_parameter_post ("comentarios"); - - if ($password != "") { - $password = md5 ($password); - $sql = "UPDATE tusuario SET nombre_real ='".$nombre_real."', id_usuario ='".$nombre."', password = '".$password."', telefono ='".$telefono."', direccion ='".$direccion." ', nivel = '".$nivel."', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre_viejo."'"; - } else { - $sql = "UPDATE tusuario SET nombre_real ='".$nombre_real."', id_usuario ='".$nombre."', telefono ='".$telefono."', direccion ='".$direccion." ', nivel = '".$nivel."', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre_viejo."'"; - } - $resq2 = mysql_query ($sql); - - // Add group - if (isset($_POST["grupo"])) - if ($_POST["grupo"] != "") { - $grupo = $_POST["grupo"]; - $perfil = $_POST["perfil"]; - $id_usuario_edit = $_SESSION["id_usuario"]; - $sql = "INSERT INTO tusuario_perfil (id_usuario,id_perfil,id_grupo,assigned_by) VALUES ('".$nombre."',$perfil,$grupo,'".$id_usuario_edit."')"; - // echo "DEBUG:".$sql; - $resq2=mysql_query($sql); - } - - $query1 = "SELECT * FROM tusuario WHERE id_usuario = '".$nombre."'"; - $id_usuario_mio = $nombre; - $resq1 = mysql_query ($query1); - $rowdup = mysql_fetch_array ($resq1); - $password=""; - $password2= ""; - $comentarios=$rowdup["comentarios"]; - $direccion=$rowdup["direccion"]; - $telefono=$rowdup["telefono"]; - $nivel = $rowdup["nivel"]; - $nombre_real=$rowdup["nombre_real"]; - $modo ="edicion"; - echo "

".__('User successfully updated')."

"; + $id = get_parameter_post ("id_user"); + $return = create_user ($id, $password_new, $upd_info); + print_error_message ($return, __('User successfully created'), __('Error creating user')); + $user_info = get_user_info ($id); + $id = $user_info["id_user"]; + $_GET["create"] = 1; //Set create mode back on } - } else { - echo "

".__('There was a problem updating user')."

"; + } elseif ($config["user_can_update_info"] && mod == 1) { + $return = process_user_info ($id, $upd_info); + print_error_message ($return, __('User info successfully updated'), __('Error updating user info')); + $user_info = get_user_info ($id); + $id = $user_info["id_user"]; } -} - -// Create user -if (isset ($_GET["nuevo_usuario"])) { - // Get data from POST - $nombre = get_parameter_post ("nombre"); - $password = get_parameter_post ("pass1"); - $password2 = get_parameter_post ("pass2"); - $nombre_real=get_parameter_post ("nombre_real"); - if ($password <> $password2){ - echo "

".__('Passwords don\'t match. Please repeat again')."

"; + + //If User can update password and the new password is not the same as the old one, it's not the default and it's not empty and the new password is the same as the confirmed one + if ($config["user_can_update_password"] && $password_old !== $password_new && $password_new !== "-" && !empty ($password_new) && $password_confirm == $password_new) { + $return = process_user_password ($id, $password_old, $password_new); + print_error_message ($return, __('Password successfully updated'), __('Error updating passwords').": ".$config["auth_error"]); + } elseif ($password_new !== "-") { + print_error_message (false, '', __('Passwords didn\'t match or other problem encountered while updating passwords')); } - $direccion = get_parameter_post ("direccion"); - $telefono = get_parameter_post ("telefono"); - $comentarios = get_parameter_post ("comentarios"); - if (isset ($_POST["nivel"])) - $nivel = get_parameter_post ("nivel"); - $password = md5 ($password); - $ahora = date("Y/m/d H:i:s"); - $sql = "INSERT INTO tusuario (id_usuario,direccion,password,telefono,fecha_registro,nivel,comentarios, nombre_real) VALUES ('".$nombre."','".$direccion."','".$password."','".$telefono."','".$ahora."','".$nivel."','".$comentarios."','".$nombre_real."')"; - $resq1 = mysql_query ($sql); - if (! $resq1) - echo "

".__('User creation failed')."

"; - else { - echo "

".__('User created successfully')."

"; + + if ($is_admin != $user_info["is_admin"]) { + $return = process_user_isadmin ($id, $is_admin); + print_error_message ($return, __('User admin status succesfully update'), __('Error updating admin status')); } - $id_usuario_mio = $nombre; - $modo ="edicion"; - $password = ""; - $password2 = ""; + + if ($group != 0 && $profile != 0) { + $return = create_user_profile ($id, $profile, $group); + print_error_message ($return, __('User profile succesfully created'), __('Error creating user profile')); + } +} elseif (isset ($_GET["profile_mod"])) { + $id_up = (int) get_parameter_post ("delete_profile", 0); + $return = delete_user_profile ($id, $id_up); + print_error_message ($return, __('Profile successfully deleted'), __('Error deleting profile')); } - echo "

".__('User management')." > "; - if (isset($_GET["alta"])) { - if ($_GET["alta"] == 1) { - echo __('Create user'); - } - } - if (isset ($_GET["id_usuario_mio"]) || isset ($_GET["nuevo_usuario"])) { - echo __('Update user'); - } -echo "

"; -?> - -'; -else - echo ''; -?> - - - - +echo "

".__('Pandora users')." > ".__('User detail editor')."

"; -
-'; -echo __('Password'); +if (!empty ($id)) { + echo ''; +} else { + echo ''; +} + +echo ''; + +echo ''; echo ''; -echo ''; -echo ''; -echo ''; -?> - - - - +print_input_text_extended ("id_user", $id, '', '', '', '', $view_mode, '', 'class="input"'); - - +echo ' - '; - echo ""; - echo "'; - echo '
'.__('User ID').''; -echo '
'; -echo __('Password confirmation').''; -echo '
E-Mail
-
'.__('Full (display) name').''; +print_input_text_extended ("fullname", $user_info["fullname"], '', '', '', '', $view_mode, '', 'class="input"'); -echo __('Administrator'); -print_radio_button ('nivel', '1', '', $nivel); -print_help_tip (__("This user has permissions to manage all. This is admin user and overwrites all permissions given in profiles/groups")); -print __('Standard user'); -print_radio_button ('nivel', '0', '', $nivel); -print_help_tip (__("This user has separated permissions to view data in his group agents, create incidents belong to his groups, add notes in another incidents, create personal assignments or reviews and other tasks, on different profiles")); -?> +echo '
'.__('First name').''; +print_input_text_extended ("firstname", $user_info["firstname"], '', '', '', '', $view_mode, '', 'class="input"'); -
- -
'.__('Last name').''; +print_input_text_extended ("lastname", $user_info["lastname"], '', '', '', '', $view_mode, '', 'class="input"'); -'; - echo ''; - - echo '
'.__('Group(s) available').' -
'.__('Password').''; +if ($config["user_can_update_password"]) { + if (!isset ($_GET["create"])) { + print_input_text_extended ("password_old", "", '', '', '', '', $view_mode, '', 'class="input"', false, true); } - echo ''; - - echo '
".__('Profiles')." - '; - echo '
'; - echo ""; - echo "
"; - echo "

"; - // Show user profile / groups assigned - $sql1='SELECT * FROM tusuario_perfil WHERE id_usuario = "'.$id_usuario_mio.'"'; - $result=mysql_query($sql1); - - echo '

'.__('Profiles/Groups assigned to this user').'

'; - echo ""; - if (mysql_num_rows($result)){ - echo ''; - $color=1; - while ($row=mysql_fetch_array($result)){ - if ($color == 1){ - $tdcolor = "datos"; - $color = 0; - } - else { - $tdcolor = "datos2"; - $color = 1; - } - echo ''; - } - } - else { - echo '
'.__('This user doesn\'t have any assigned profile/group').'
'; - } -} -?> + echo '
'; - echo "".get_profile_name ($row["id_perfil"])." / "; - echo "".get_group_name ($row["id_grupo"]).""; - echo '
'.__('New Password').''; + print_input_text_extended ("password_new", "", '', '', '', '', $view_mode, '', 'class="input"', false, true); + echo '
'.__('Password confirmation').''; + print_input_text_extended ("password_conf", "", '', '', '', '', $view_mode, '', 'class="input"', false, true); +} else { + echo ''.__('You can not change passwords from Pandora FMS under the current authentication scheme').''; +} -
'; - echo ''; - echo '
'; - echo ''; -} -?> - -
+echo '
'.__('Global Profile').''; +if ($config["admin_can_make_admin"]) { + echo __('Administrator'); + print_radio_button ('is_admin', '1', '', $user_info["is_admin"]); + print_help_tip (__("This user has permissions to manage all. This is admin user and overwrites all permissions given in profiles/groups")); + print __('Standard user'); + print_radio_button ('is_admin', '0', '', $user_info["is_admin"]); + print_help_tip (__("This user has separated permissions to view data in his group agents, create incidents belong to his groups, add notes in another incidents, create personal assignments or reviews and other tasks, on different profiles")); +} else { + echo ''.__('You can not change admin status from Pandora FMS under the current authentication scheme').''; +} + +echo '
'.__('E-mail').''; +print_input_text_extended ("email", $user_info["email"], '', '', '', '', $view_mode, '', 'class="input"'); + +echo '
'.__('Phone number').''; +print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"'); + +echo '
'.__('Comments').''; +print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : '')); + +echo '
'.__('Group(s) available').''; + +$groups = get_user_groups ($config["id_user"], "UM"); +print_select ($groups, "assign_group", 0, '', __('None'), 0, false, false, false, 'w155'); + +echo '
'.__('Profiles').''; +$profiles = get_profiles (); +print_select ($profiles, "assign_profile", 0, '', __('None'), 0, false, false, false, 'w155'); +echo '
'; + +echo '
'; +print_submit_button (__('Update'), 'uptbutton', false, 'class="sub upd"'); +echo '

'; + + +echo '

'.__('Profiles/Groups assigned to this user').'

'; + +$table->width = 600; +$table->cellpadding = 4; +$table->cellspacing = 4; +$table->class = "databox"; + +$table->data = array (); +$table->head = array (); +$table->align = array (); + +$table->head[0] = __('Profile name'); +$table->head[1] = __('Group name'); +$table->head[2] = ''; + +$table->align[0] = 'center'; +$table->align[1] = 'center'; +$table->align[2] = 'center'; + + +$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_info["id_user"]); +if ($result === false) { + $result = array (); +} + +foreach ($result as $profile) { + $data[0] = ''.get_profile_name ($profile["id_perfil"]).''; + $data[1] = ''.get_group_name ($profile["id_grupo"]).''; + $data[2] = print_input_image ("delete_profile", "images/delete.png", $profile["id_up"], 'border:0px;', true); + array_push ($table->data, $data); +} + +if (!empty ($table->data)) { + echo '
'; + print_table ($table); + echo '
'; +} else { + echo '
'.__('This user doesn\'t have any assigned profile/group').'
'; +} +unset ($table); +?> \ No newline at end of file diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 91ded2c1e1..32ba755f3c 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -28,87 +28,150 @@ if (! give_acl ($config['id_user'], 0, "UM")) { exit; } -if (isset($_GET["borrar_usuario"])) { // if delete user - $nombre = get_parameter_get ("borrar_usuario"); - // Delete user - // Delete cols from table tgrupo_usuario - - $result = delete_user ($nombre); - if ($result === false) { - echo '

'.__('There was a problem deleting user').'

'; - } else { - echo '

'.__('User successfully deleted').'

'; - } +if (isset ($_GET["user_del"])) { //delete user + $id_user = get_parameter_post ("delete_user"); + $result = delete_user ($id_user); + print_error_message ($result, __('User successfully deleted'), __('There was a problem deleting the user')); +} elseif (isset ($_GET["profile_del"])) { //delete profile + $id_profile = (int) get_parameter_post ("delete_profile"); + $result = delete_profile ($id_profile); + print_error_message ($result, __('Profile successfully deleted'), __('There was a problem deleting the profile')); } echo '

'.__('User management').' > '.__('Users defined in Pandora').'

'; -$table->width = 700; $table->cellpadding = 4; $table->cellspacing = 4; +$table->width = 700; $table->class = "databox"; - $table->head = array (); -$table->size = array (); $table->data = array (); $table->align = array (); +$table->size = array (); $table->head[0] = __('User ID'); - -$table->head[1] = __('Last contact'); -$table->align[1] = "center"; - -$table->head[2] = __('Profile'); -$table->align[2] = "center"; - -$table->head[3] = __('Name'); -$table->align[3] = "center"; - +$table->head[1] = __('Name'); +$table->head[2] = __('Last contact'); +$table->head[3] = __('Profile'); $table->head[4] = __('Description'); -$table->align[4] = "center"; +$table->head[5] = ''; -$table->head[5] = __('Delete'); +$table->align[2] = "center"; +$table->align[3] = "center"; $table->align[5] = "center"; +$table->size[5] = 40; -$result = get_db_all_rows_in_table ('tusuario'); +$info = array (); +$info = get_users (); -foreach ($result as $row) { - $data = array (); - - $data[0] = "".$row["id_usuario"].""; - $data[1] = print_timestamp ($row["fecha_registro"], true); - if ($row["nivel"] == 1) { - $data[2] = ''; +foreach ($info as $user_id => $user_info) { + $data[0] = ''.$user_id.''; + $data[1] = $user_info["fullname"].''; + $data[1] .= __('First name').': '.$user_info["firstname"].'
'; + $data[1] .= __('Last name').': '.$user_info["lastname"].'
'; + $data[1] .= __('Phone').': '.$user_info["phone"].'
'; + $data[1] .= __('E-mail').': '.$user_info["email"].'
'; + $data[1] .= ''; + $data[2] = print_timestamp ($user_info["last_connect"], true); + + if ($user_info["is_admin"]) { + $data[3] = ' '; } else { - $data[2] = ''; + $data[3] = ' '; } - $data[2] .= ''; - $profiles = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $row["id_usuario"]); - if ($profiles === false) { - $data[2] .= __('This user doesn\'t have any assigned profile/group'); - $profiles = array (); + $data[3] .= ''; + $result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id); + if ($result !== false) { + foreach ($result as $row) { + $data[3] .= get_profile_name ($row["id_perfil"]); + $data[3] .= " / "; + $data[3] .= get_group_name ($row["id_grupo"]); + $data[3] .= "
"; + } + } else { + $data[3] .= __('The user doesn\'t have any assigned profile/group'); } + $data[3] .= ""; - foreach ($profiles as $profile) { - $data[2] .= get_profile_name ($profile["id_perfil"])." / "; - $data[2] .= get_group_name ($profile["id_grupo"])."
"; + $data[4] = print_string_substr ($user_info["comments"], 24, true); + if ($config["admin_can_delete_user"]) { + $data[5] = print_input_image ("delete_user", "images/delete.png", $user_id, 'border:0px;', true); //Delete user button + } else { + $data[5] = ''; //Delete button not in this mode } - - $data[2] .= ""; - - $data[3] = substr ($row["nombre_real"], 0, 16); - $data[4] = $row["comentarios"]; - - $data[5] = ''; - $data[5] .= ''; array_push ($table->data, $data); } +echo '
'; print_table ($table); +echo '
'; unset ($table); -echo '
'; -print_submit_button (__('Create user'), "crt", false, 'class="sub next"'); -echo "
"; + +echo '
'; +if ($config["admin_can_add_user"] !== false) { + echo '
'; + print_submit_button (__('Create user'), "crt", false, 'class="sub next"'); + echo '
'; +} else { + echo ''.__('The current authentication scheme doesn\'t support creating users from Pandora FMS').''; +} +echo '
'; + +echo '

'.__('Profiles defined in Pandora').'

'; + +$table->cellpadding = 4; +$table->cellspacing = 4; +$table->class = 'databox'; +$table->width = 700; + +$table->head = array (); +$table->data = array (); +$table->size = array (); +$table->align = array (); + +$table->head[0] = __('Profiles'); + +$table->head[1] = "IR".print_help_tip (__('System incidents reading'), true); +$table->head[2] = "IW".print_help_tip (__('System incidents writing'), true); +$table->head[3] = "IM".print_help_tip (__('System incidents management'), true); +$table->head[4] = "AR".print_help_tip (__('Agents reading'), true); +$table->head[5] = "AW".print_help_tip (__('Agents management'), true); +$table->head[6] = "LW".print_help_tip (__('Alerts editing'), true); +$table->head[7] = "UM".print_help_tip (__('Users management'), true); +$table->head[8] = "DM".print_help_tip (__('Database management'), true); +$table->head[9] = "LM".print_help_tip (__('Alerts management'), true); +$table->head[10] = "PM".print_help_tip (__('Systems management'), true); +$table->head[11] = ''; + +$table->align = array_fill (1, 10, "center"); +$table->size = array_fill (1, 10, 40); + +$profiles = get_db_all_rows_in_table ("tperfil"); + +$img = print_image ("images/ok.png", true, array ("border" => 0)); + +foreach ($profiles as $profile) { + $data[0] = $profile["name"]; + + $data[1] = ($profile["incident_view"] ? $img : ''); + $data[2] = ($profile["incident_edit"] ? $img : ''); + $data[3] = ($profile["incident_management"] ? $img : ''); + $data[4] = ($profile["agent_view"] ? $img : ''); + $data[5] = ($profile["agent_edit"] ? $img : ''); + $data[6] = ($profile["alert_edit"] ? $img : ''); + $data[7] = ($profile["user_management"] ? $img : ''); + $data[8] = ($profile["db_management"] ? $img : ''); + $data[9] = ($profile["alert_management"] ? $img : ''); + $data[10] = ($profile["pandora_management"] ? $img : ''); + $data[11] = print_input_image ("delete_profile", "images/delete.png", $profile["id_perfil"], 'border:0px;', true); //Delete profile button + + array_push ($table->data, $data); +} + +echo '
'; +print_table ($table); +echo '
'; +unset ($table); ?> diff --git a/pandora_console/include/auth/dev.php b/pandora_console/include/auth/dev.php index 465bf5d90f..9d3f90e7f5 100644 --- a/pandora_console/include/auth/dev.php +++ b/pandora_console/include/auth/dev.php @@ -72,7 +72,7 @@ function is_user ($id_user) { * * @return string The users full name */ -function get_user_realname ($id_user) { +function get_user_fullname ($id_user) { return "admin"; return ""; return false; @@ -107,7 +107,7 @@ function get_users ($order = "nombre_real") { * * @param string User id */ -function update_user_contact ($id_user) { +function process_user_contact ($id_user) { //void } diff --git a/pandora_console/include/auth/ldap.php b/pandora_console/include/auth/ldap.php index e62e8a396b..503162d37a 100644 --- a/pandora_console/include/auth/ldap.php +++ b/pandora_console/include/auth/ldap.php @@ -20,11 +20,13 @@ if (!isset ($config)) { die ('You cannot access this file directly!'); } -//TODO: Make the following 4 valid throughout Pandora FMS +//TODO: Make the following 5 valid throughout Pandora FMS +$config["user_can_update_info"] = false; $config["user_can_update_password"] = false; $config["admin_can_add_user"] = false; $config["admin_can_delete_user"] = false; $config["admin_can_disable_user"] = false; +$config["admin_can_make_admin"] = false; //Required and optional keys for this function to work $req_keys = array ("ldap_server", "ldap_base_dn", "ldap_login_attr", "ldap_admin_group_name", "ldap_admin_group_attr", "ldap_admin_group_type", "ldap_user_filter", "ldap_user_attr"); @@ -44,7 +46,7 @@ function process_user_login ($login, $pass) { } global $config; - $profile = get_db_value ("id_usuario", "tusuario_perfil", "id_usuario", $login); + $profile = get_db_value ("id_user", "tusuario_perfil", "id_user", $login); if ($profile === false && empty ($config["auth"]["create_user_undefined"])) { $config["auth_error"] = "No profile"; //Error message, don't translate @@ -98,13 +100,13 @@ function is_user ($id_user) { * * @return string The users full name */ -function get_user_realname ($id_user) { +function get_user_fullname ($id_user) { $info = get_user_info ($id_user); if (empty ($info)) { //User doesn't exist return ''; } - return (string) $info["nombre_real"]; + return (string) $info["fullname"]; } /** @@ -116,7 +118,7 @@ function get_user_realname ($id_user) { */ function get_user_email ($id_user) { $info = get_user_info ($id_user); - return (string) $info["direccion"]; + return (string) $info["email"]; } /** @@ -183,7 +185,7 @@ function get_user_admins () { * * @param string User id */ -function update_user_contact ($id_user) { +function process_user_contact ($id_user) { //Empty function } @@ -301,8 +303,9 @@ function ldap_load_user ($login) { } else { $ret = array (); foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) { - $ret["fecha_registro"] = get_system_time (); - $ret["nivel"] = is_user_admin ($info[0][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]); + $ret["last_connect"] = get_system_time (); + $ret["registered"] = get_system_time (); + $ret["is_admin"] = is_user_admin ($info[0][$config["auth"]["ldap_user_attr"]["id_user"]][0]); if (isset ($info[0][$ldap_key])) { $ret[$internal_key] = $info[0][$ldap_key][0]; } else { @@ -328,7 +331,7 @@ function ldap_load_user ($login) { function create_user () { global $ldap_cache; - $ldap_cache["error"] .= 'Not yet supported.'; + $ldap_cache["error"] = 'Not yet supported.'; return false; } @@ -337,10 +340,10 @@ function create_user () { * * @return bool false */ -function update_user () { +function process_user () { global $ldap_cache; - $ldap_cache["error"] .= 'Not yet supported.'; + $ldap_cache["error"] = 'Not yet supported.'; return false; } @@ -349,10 +352,10 @@ function update_user () { * * @return bool false */ -function update_user_password ( $user, $password ) { +function process_user_password ( $user, $password_old, $password_new ) { global $ldap_cache; - $ldap_cache["error"] .= 'Not yet supported'; + $ldap_cache["error"] = 'Not yet supported'; return false; } @@ -366,7 +369,7 @@ function update_user_password ( $user, $password ) { function delete_user ($user) { global $ldap_cache; - $ldap_cache["error"] .= 'Not yet supported'; + $ldap_cache["error"] = 'Not yet supported'; return false; } @@ -391,17 +394,17 @@ function get_users ($order = false) { if (!$sr) { $ldap_cache["error"] .= 'Error searching LDAP server (get_users): ' . ldap_error( $ldap_cache["ds"] ); } else { - ldap_sort ($ldap_cache["ds"], $sr, $config["auth"]["ldap_user_attr"]["nombre_real"]); + ldap_sort ($ldap_cache["ds"], $sr, $config["auth"]["ldap_user_attr"]["fullname"]); $info = @ldap_get_entries( $ldap_cache["ds"], $sr ); for ( $i = 0; $i < $info['count']; $i++ ) { foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) { - $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]]["fecha_registro"] = get_system_time (); + $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]]["last_connect"] = get_system_time (); if (isset ($info[$i][$ldap_key])) { - $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]][$internal_key] = $info[$i][$ldap_key][0]; + $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]][$internal_key] = $info[$i][$ldap_key][0]; } else { - $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]][$internal_key] = ''; + $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]][$internal_key] = ''; } - $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]]["nivel"] = is_user_admin ($info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]); + $ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]]["is_admin"] = is_user_admin ($info[$i][$config["auth"]["ldap_user_attr"]["id_user"]][0]); } } @ldap_free_result($sr); diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 4a5b0bc25e..b061dbe5fb 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -20,10 +20,12 @@ if (!isset ($config)) { // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Database configuration (default ones) +$config["user_can_update_info"] = true; $config["user_can_update_password"] = true; $config["admin_can_add_user"] = true; $config["admin_can_delete_user"] = true; -$config["admin_can_disable_user"] = true; +$config["admin_can_disable_user"] = false; //currently not implemented +$config["admin_can_make_admin"] = true; /** * process_user_login accepts $login and $pass and handles it according to current authentication scheme @@ -37,7 +39,7 @@ function process_user_login ($login, $pass) { global $mysql_cache; // Connect to Database - $sql = sprintf ("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'", $login); + $sql = sprintf ("SELECT `id_user`, `password` FROM `tusuario` WHERE `id_user` = '%s'", $login); $row = get_db_row_sql ($sql); //Check that row exists, that password is not empty and that password is the same hash @@ -48,7 +50,7 @@ function process_user_login ($login, $pass) { // We get DB nick to put in PHP Session variable, // to avoid problems with case-sensitive usernames. // Thanks to David Muñiz for Bug discovery :) - return $row["id_usuario"]; + return $row["id_user"]; } else { $mysql_cache["auth_error"] = "User not found in database or incorrect password"; } @@ -63,12 +65,7 @@ function process_user_login ($login, $pass) { * @return bool True is the user is admin */ function is_user_admin ($id_user) { - $level = get_db_value ('nivel', 'tusuario', 'id_usuario', $id_user); - if ($level == 1) { - return true; - } else { - return false; - } + return (bool) get_db_value ('is_admin', 'tusuario', 'id_user', $id_user); } /** @@ -79,7 +76,7 @@ function is_user_admin ($id_user) { * @return bool True if the user exists. */ function is_user ($id_user) { - $user = get_db_row ('tusuario', 'id_usuario', $id_user); + $user = get_db_row ('tusuario', 'id_user', $id_user); if (! $user) return false; return true; @@ -92,8 +89,8 @@ function is_user ($id_user) { * * @return string The users full name */ -function get_user_realname ($id_user) { - return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user); +function get_user_fullname ($id_user) { + return (string) get_db_value ('fullname', 'tusuario', 'id_user', $id_user); } /** @@ -104,7 +101,7 @@ function get_user_realname ($id_user) { * @return string The users email address */ function get_user_email ($id_user) { - return (string) get_db_value ('direccion', 'tusuario', 'id_usuario', $id_user); + return (string) get_db_value ('email', 'tusuario', 'id_user', $id_user); } /** @@ -115,7 +112,7 @@ function get_user_email ($id_user) { * @return mixed An array of users */ function get_user_info ($id_user) { - return get_db_row ("tusuario", "id_usuario", $id_user); + return get_db_row ("tusuario", "id_user", $id_user); } /** @@ -123,18 +120,19 @@ function get_user_info ($id_user) { * We can't simplify this because some auth schemes (like LDAP) automatically (or it's at least cheaper to) return all the information * Functions like get_user_info allow selection of specifics (in functions_db) * - * @param string Field to order by (id_usuario, nombre_real or fecha_registro) + * @param string Field to order by (id_user, fullname or registered) * * @return array An array of user information */ -function get_users ($order = "nombre_real") { +function get_users ($order = "fullname") { switch ($order) { - case "id_usuario": - case "fecha_registro": - case "nombre_real": + case "id_user": + case "registered": + case "last_connect": + case "fullname": break; default: - $order = "nombre_real"; + $order = "fullname"; } $output = array(); @@ -142,7 +140,7 @@ function get_users ($order = "nombre_real") { $result = get_db_all_rows_in_table ("tusuario", $order); if ($result !== false) { foreach ($result as $row) { - $output[$row["id_usuario"]] = $row; + $output[$row["id_user"]] = $row; } } @@ -154,9 +152,42 @@ function get_users ($order = "nombre_real") { * * @param string User id */ -function update_user_contact ($id_user) { - $sql = sprintf ("UPDATE tusuario SET fecha_registro = NOW() WHERE id_usuario = '%s'", $id_user); - process_sql ($sql); +function process_user_contact ($id_user) { + return process_sql_update ("tusuario", array ("last_connect" => get_system_time ()), array ("id_user" => $id_user)); +} + +/** + * Create a new user + * + * @return bool false + */ +function create_user ($id_user, $password, $user_info) { + $values = array (); + $values["id_user"] = $id_user; + $values["password"] = md5 ($password); + $values["last_connect"] = 0; + $values["registered"] = get_system_time (); + + foreach ($user_info as $key => $value) { + switch ($key) { + case "fullname": + case "firstname": + case "lastname": + case "middlename": + case "comments": + case "email": + case "phone": + $values[$key] = $value; + break; + default: + continue; //ignore + break; + } + } + + process_sql_insert ("tusuario", $values); + + return (bool) process_sql ($sql); } /** @@ -165,12 +196,12 @@ function update_user_contact ($id_user) { * @param string User id */ function delete_user ($id_user) { - $sql = "DELETE FROM tgrupo_usuario WHERE usuario = '".$id_user."'"; + $sql = "DELETE FROM tusuario_perfil WHERE id_usuario = '".$id_user."'"; $result = process_sql ($sql); if ($result === false) { return false; } - $sql = "DELETE FROM tusuario WHERE id_usuario = '".$id_user."'"; + $sql = "DELETE FROM tusuario WHERE id_user = '".$id_user."'"; $result = process_sql ($sql); if ($result === false) { return false; @@ -178,6 +209,39 @@ function delete_user ($id_user) { return true; } -//Reference the global use authorization error to last ldap error. +function process_user_password ( $user, $password_old, $password_new ) { + $user = process_user_login ($user, $password_old); + if ($user === false) { + global $mysql_cache; + + $mysql_cache["auth_error"] = "Invalid login/password combination"; + return false; + } + + return process_sql_update ("tusuario", array ("password" => md5 ($password_new)), array ("id_user" => $id_user)); +} + +function process_user_info ($id_user, $user_info) { + $values = array (); + foreach ($user_info as $key => $value) { + switch ($key) { + case "fullname": + case "firstname": + case "lastname": + case "middlename": + case "comments": + case "email": + case "phone": + $values[$key] = $value; + break; + default: + continue; //ignore + break; + } + } + return process_sql_update ("tusuario", $values, array ("id_user" => $id_user)); +} + +//Reference the global use authorization error to last auth error. $config["auth_error"] = &$mysql_cache["auth_error"]; ?> \ No newline at end of file diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index 717fea16dd..bbb14100f1 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -73,16 +73,16 @@ function give_acl ($id_user, $id_group, $access) { return 1; //Apparently nivel is 1 if user has full admin access } - + //Joined multiple queries into one. That saves on the query overhead and query cache. if ($id_group == 0) { $query1=sprintf("SELECT tperfil.incident_view,tperfil.incident_edit,tperfil.incident_management,tperfil.agent_view,tperfil.agent_edit,tperfil.alert_edit,tperfil.alert_management,tperfil.pandora_management,tperfil.db_management,tperfil.user_management FROM tusuario_perfil,tperfil WHERE tusuario_perfil.id_perfil = tperfil.id_perfil AND tusuario_perfil.id_usuario = '%s'", $id_user); //GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0 } else { $query1=sprintf("SELECT tperfil.incident_view,tperfil.incident_edit,tperfil.incident_management,tperfil.agent_view,tperfil.agent_edit,tperfil.alert_edit,tperfil.alert_management,tperfil.pandora_management,tperfil.db_management,tperfil.user_management FROM tusuario_perfil,tperfil WHERE tusuario_perfil.id_perfil = tperfil.id_perfil -AND tusuario_perfil.id_usuario = '%s' AND (tusuario_perfil.id_grupo = %d OR tusuario_perfil.id_grupo= 1)", $id_user, $id_group); + AND tusuario_perfil.id_usuario = '%s' AND (tusuario_perfil.id_grupo = %d OR tusuario_perfil.id_grupo= 1)", $id_user, $id_group); } - + $rowdup = get_db_all_rows_sql ($query1); $result = 0; @@ -128,7 +128,7 @@ AND tusuario_perfil.id_usuario = '%s' AND (tusuario_perfil.id_grupo = %d OR tusu $result = 1; return $result; } - + /** * Adds an audit log entry. * @@ -153,7 +153,7 @@ function audit_db ($id, $ip, $accion, $descripcion){ function logon_db ($id_user, $ip) { audit_db ($id_user, $ip, "Logon", "Logged in"); // Update last registry of user to set last logon. How do we audit when the user was created then? - update_user_contact ($id_user); + process_user_contact ($id_user); } /** @@ -177,6 +177,24 @@ function get_profile_name ($id_profile) { return (string) get_db_value ('name', 'tperfil', 'id_perfil', (int) $id_profile); } +/** + * Selects all profiles (array (id => name)) + * + * @return array List of all profiles + */ +function get_profiles () { + $profiles = get_db_all_rows_in_table ("tperfil", "name"); + $return = array (); + if ($profiles === false) { + return $return; + } + foreach ($profiles as $profile) { + $return[$profile["id_perfil"]] = $profile["name"]; + } + return $return; +} + + /** * Create Profile for User * @@ -206,6 +224,30 @@ function create_user_profile ($id_user, $id_profile = 1, $id_group = 1) { return (bool) process_sql_insert ("tusuario_perfil", $insert); } +/** + * Delete user profile from database + * + * @param string User ID + * @param int Profile ID + * + * @return bool Whether or not it's deleted + */ +function delete_user_profile ($id_user, $id_profile) { + $sql = sprintf ("DELETE FROM tusuario_perfil WHERE id_usuario = '%s' AND id_up = %d", $id_user, $id_profile); + return (bool) process_sql ($sql); +} + +/** + * Delete profile from database (not user-profile link (tusuario_perfil), but the actual profile (tperfil)) + * + * @param int Profile ID + * + * @return bool Whether or not it's deleted + */ +function delete_profile ($id_profile) { + $sql = sprintf ("DELETE FROM tperfil WHERE id_perfil = %d", $id_profile); + return (bool) process_sql ($sql); +} /** * Get disabled field of a group @@ -394,13 +436,6 @@ function get_agent_name ($id_agent, $case = "upper") { } } -/** - * DEPRECATED: Don't use this anymore. Use pre-defined functions according to authorization scheme. Passwords can't always be retrieved - */ -function get_user_password ($id_user) { - return (string) get_db_value ('password', 'tusuario', 'id_usuario', $id_user); -} - /** * Get type name for alerts (e-mail, text, internal, ...) based on type number * @@ -502,10 +537,10 @@ function get_agentmodule_type ($id_agentmodule) { } /** - * DEPRECATED: User get_user_realname + * DEPRECATED: User get_user_fullname */ function dame_nombre_real ($id_user) { - return get_user_realname ($id_user); + return get_user_fullname ($id_user); } /** diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index 202e905cc0..71492fcc1b 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -168,8 +168,8 @@ function print_input_text_extended ($name, $value, $id, $alt, $size, $maxlength, $htmlid = 'text-'.sprintf ('%04d', $idcounter); $output .= ' id="'.$htmlid.'"'; } - if ($disabled) - $output .= ' disabled'; + if ($disabled) //We want readonly, not disabled - disabled disables copying from the field as well + $output .= ' readonly'; if ($attributes != '') $output .= ' '.$attributes; diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index 5e12d97064..d6af549c89 100644 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -131,7 +131,7 @@ function print_timestamp ($unixtime, $return = false, $option = array ()) { * @return string HTML code if return parameter is true. */ function print_username ($username, $return = false) { - $string = ''.get_user_realname ($username).''; + $string = ''.get_user_fullname ($username).''; if ($return) return $string; diff --git a/pandora_console/include/styles/tip.css b/pandora_console/include/styles/tip.css index c6a557777a..f5137d7e3f 100644 --- a/pandora_console/include/styles/tip.css +++ b/pandora_console/include/styles/tip.css @@ -59,7 +59,7 @@ a.info2:hover span, a.help:hover span, a.info_table:hover span { z-index: 99; top: 20px; left: 6px; - width: 150px; + min-width: 150px; border: 1px solid #708090; background-color: #d4ddc6; color: #000; diff --git a/pandora_console/index.php b/pandora_console/index.php index 9d63b3e551..2be4180012 100644 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -154,7 +154,6 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) { $loginhash_user = get_parameter("loginhash_user", ""); if ($loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) { - update_user_contact ($loginhash_user); logon_db ($loginhash_user, $REMOTE_ADDR); $_SESSION['id_usuario'] = $loginhash_user; $config["id_user"] = $loginhash_user; @@ -180,7 +179,6 @@ elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) { if ($nick !== false) { unset ($_GET["sec2"]); $_GET["sec"] = "general/logon_ok"; - update_user_contact ($nick); logon_db ($nick, $REMOTE_ADDR); $_SESSION['id_usuario'] = $nick; $config['id_user'] = $nick; diff --git a/pandora_console/operation/reporting/reporting_xml.php b/pandora_console/operation/reporting/reporting_xml.php index eebb0d8751..ac972178b5 100644 --- a/pandora_console/operation/reporting/reporting_xml.php +++ b/pandora_console/operation/reporting/reporting_xml.php @@ -53,47 +53,43 @@ if (isset ($_GET["direct"])) { } */ require_once ("../../include/config.php"); - require_once ("../../include/functions.php"); - require_once ("../../include/functions_db.php"); require_once ("../../include/functions_reporting.php"); + if (!isset ($config["auth"])) { + require_once ("include/auth/mysql.php"); + } else { + require_once ("include/auth/".$config["auth"]["scheme"].".php"); + } + $nick = get_parameter ("nick"); $pass = get_parameter ("pass"); - $sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick); - $row = get_db_row_sql ($sql); + $nick = process_user_login ($nick, $pass); - // For every registry - if ($row !== false) { - if ($row["password"] == md5 ($pass)) { - // Login OK - // Nick could be uppercase or lowercase (select in MySQL - // is not case sensitive) - // We get DB nick to put in PHP Session variable, - // to avoid problems with case-sensitive usernames. - // Thanks to David Muñiz for Bug discovery :) - $nick = $row["id_usuario"]; - update_user_contact ($nick); - $_SESSION['id_usuario'] = $nick; - $config['id_user'] = $nick; - unset ($_GET['pass'], $pass); - } else { - // Login failed (bad password) - echo "Logon failed"; - audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", - "Incorrect password: " . $nick); - exit; - } + if ($nick !== false) { + unset ($_GET["sec2"]); + $_GET["sec"] = "general/logon_ok"; + logon_db ($nick, $REMOTE_ADDR); + $_SESSION['id_usuario'] = $nick; + $config['id_user'] = $nick; + //Remove everything that might have to do with people's passwords or logins + unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good); } else { // User not known - echo "Logon failed"; - audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", "Invalid username: " . $nick); + $login_failed = true; + require_once ('general/login_page.php'); + audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick); exit; } - } else { require_once ("include/config.php"); require_once ("include/functions_reporting.php"); + + if (!isset ($config["auth"])) { + require_once ("include/auth/mysql.php"); + } else { + require_once ("include/auth/".$config["auth"]["scheme"].".php"); + } } check_login(); @@ -102,7 +98,7 @@ $id_report = (int) get_parameter ('id'); if (! $id_report) { audit_db ($config['id_user'], $REMOTE_ADDR, "HACK Attempt", - "Trying to access graph viewer withoud ID"); + "Trying to access graph viewer without valid ID"); require ("general/noaccess.php"); exit; } diff --git a/pandora_console/operation/users/user.php b/pandora_console/operation/users/user.php index 1a116fb870..15d0d4bb3e 100644 --- a/pandora_console/operation/users/user.php +++ b/pandora_console/operation/users/user.php @@ -49,11 +49,16 @@ if (give_acl ($config["id_user"], 0, "UM") == 1) { } foreach ($info as $user_id => $user_info) { - $data[0] = $user_id; - $data[1] = $user_info["nombre_real"]; - $data[2] = print_timestamp ($user_info["fecha_registro"], true); + $data[0] = ''.$user_id.''; + $data[1] = $user_info["fullname"].''; + $data[1] .= __('First name').': '.$user_info["firstname"].'
'; + $data[1] .= __('Last name').': '.$user_info["lastname"].'
'; + $data[1] .= __('Phone').': '.$user_info["phone"].'
'; + $data[1] .= __('E-mail').': '.$user_info["email"].'
'; + $data[1] .= ''; + $data[2] = print_timestamp ($user_info["last_connect"], true); - if ($user_info["nivel"]) { + if ($user_info["is_admin"]) { $data[3] = ' '; } else { $data[3] = ' '; @@ -73,7 +78,7 @@ foreach ($info as $user_id => $user_info) { } $data[3] .= ""; - $data[4] = print_string_substr ($user_info["comentarios"], 24, true); + $data[4] = print_string_substr ($user_info["comments"], 24, true); array_push ($table->data, $data); } @@ -138,6 +143,4 @@ foreach ($profiles as $profile) { print_table ($table); unset ($table); - -?> - +?> \ No newline at end of file diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index 8a3b002994..876500615e 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -20,146 +20,117 @@ require_once ("include/config.php"); check_login (); -$view_mode = 0; +$id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter +$user_info = get_user_info ($id); +$id = $user_info["id_user"]; //This is done in case there are problems with uppercase/lowercase (MySQL auth has that problem) -if (isset ($_GET["ver"])){ // Only view mode, - $id = get_parameter_get ("ver"); // ID given as parameter - if ($config['id_user'] == $id) { - $view_mode = 0; +//If current user is editing himself or if the user has UM (User Management) rights on any groups the user is part of AND the authorization scheme allows for users/admins to update info +if (($config["id_user"] == $id || give_acl ($config["id_user"], get_user_groups ($id), "UM")) && $config["user_can_update_info"]) { + $view_mode = false; +} else { + $view_mode = true; +} + +if (isset ($_GET["modified"]) && !$view_mode) { + $upd_info = array (); + $upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]); + $upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]); + $upd_info["lastname"] = get_parameter_post ("lastname", $user_info["lastname"]); + $password_old = get_parameter_post ("password_old", "-"); + $password_new = get_parameter_post ("password_new", "-"); + $password_confirm = get_parameter_post ("password_confirm", "-"); + $upd_info["email"] = get_parameter_post ("email", $user_info["email"]); + $upd_info["phone"] = get_parameter_post ("phone", $user_info["phone"]); + $upd_info["comments"] = get_parameter_post ("comments", $user_info["comments"]); + + //If User can update password and the new password is not the same as the old one, it's not the default and it's not empty and the new password is the same as the confirmed one + if ($config["user_can_update_password"] && $password_old !== $password_new && $password_new !== "-" && !empty ($password_new) && $password_confirm == $password_new) { + $return = process_user_password ($id, $pass); + print_error_message ($return, __('Password successfully updated'), __('Error updating passwords').": ".$config["auth_error"]); + } elseif ($password_new !== "-") { + print_error_message (false, '', __('Passwords didn\'t match or other problem encountered while updating passwords')); + } + + $return = process_user_info ($id, $upd_info); + print_error_message ($return, __('User info successfully updated'), __('Error updating user info')); + $user_info = get_user_info ($id); //Reread it +} + +echo "

".__('Pandora users')." > ".__('User detail editor')."

"; + +echo '
'; + +echo ''; + +echo ''; +echo '
'.__('User ID').''; +print_input_text_extended ("id_user", $id, '', '', '', '', $view_mode, '', 'class="input"'); + +echo '
'.__('Full (display) name').''; +print_input_text_extended ("fullname", $user_info["fullname"], '', '', '', '', $view_mode, '', 'class="input"'); + +echo '
'.__('First name').''; +print_input_text_extended ("firstname", $user_info["firstname"], '', '', '', '', $view_mode, '', 'class="input"'); + +echo '
'.__('Last name').''; +print_input_text_extended ("lastname", $user_info["lastname"], '', '', '', '', $view_mode, '', 'class="input"'); + +if ($view_mode === false) { + echo '
'.__('Current password').''; + if ($config["user_can_update_password"]) { + print_input_text_extended ("password_old", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true); + echo '
'.__('New Password').''; + print_input_text_extended ("password_new", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true); + echo '
'.__('Password confirmation').''; + print_input_text_extended ("password_conf", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true); } else { - $view_mode = 1; + echo ''.__('You can not change your password from Pandora FMS under the current authentication scheme').''; } } +echo '
'.__('E-mail').''; +print_input_text_extended ("email", $user_info["email"], '', '', '', '', $view_mode, '', 'class="input"'); +echo '
'.__('Phone number').''; +print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"'); -$query1="SELECT * FROM tusuario WHERE id_usuario = '".$id."'"; -$resq1=mysql_query($query1); -$rowdup=mysql_fetch_array($resq1); -$nombre=$rowdup["id_usuario"]; +echo '
'.__('Comments').''; +print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : '')); + +echo '
'; -// Get user ID to modify data of current user. - -if (isset ($_GET["modificado"])){ - // Se realiza la modificaci�n - if (isset ($_POST["pass1"])){ - if ( isset($_POST["nombre"]) && ($_POST["nombre"] != $_SESSION["id_usuario"])) { - audit_db($_SESSION["id_usuario"],$REMOTE_ADDR,"Security Alert. Trying to modify another user: (".$_POST['nombre'].") ","Security Alert"); - no_permission; - } - - // $nombre = $_POST["nombre"]; // Don't allow change name !! - $pass1 = entrada_limpia($_POST["pass1"]); - $pass2 = entrada_limpia($_POST["pass2"]); - $direccion = entrada_limpia($_POST["direccion"]); - $telefono = entrada_limpia($_POST["telefono"]); - $nombre_real = entrada_limpia($_POST["nombre_real"]); - if ($pass1 != $pass2) { - echo "

".__('Passwords don\'t match. Please repeat again')."

"; - } - else {echo "

".__('User successfully updated')."

";} - //echo "
DEBUG for ".$nombre; - //echo "
Comments:".$comentarios; - $comentarios = entrada_limpia($_POST["comentarios"]); - if (get_user_password($nombre)!=$pass1){ - // Only when change password - $pass1=md5($pass1); - $sql = "UPDATE tusuario SET nombre_real = '".$nombre_real."', password = '".$pass1."', telefono ='".$telefono."', direccion ='".$direccion." ', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre."'"; - } - else - $sql = "UPDATE tusuario SET nombre_real = '".$nombre_real."', telefono ='".$telefono."', direccion ='".$direccion." ', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre."'"; - $resq2=mysql_query($sql); - - // Ahora volvemos a leer el registro para mostrar la info modificada - // $id is well known yet - $query1="SELECT * FROM tusuario WHERE id_usuario = '".$id."'"; - $resq1=mysql_query($query1); - $rowdup=mysql_fetch_array($resq1); - $nombre=$rowdup["id_usuario"]; - } - else { - echo "

".__('Passwords don\'t match. Please repeat again')."

"; - } -} -echo "

".__('Pandora users')." > "; -echo __('User detail editor')."

"; - -// Si no se obtiene la variable "modificado" es que se esta visualizando la informacion y -// preparandola para su modificacion, no se almacenan los datos - -$nombre = $rowdup["id_usuario"]; -if ($view_mode == 0) - $password=$rowdup["password"]; -else - $password="This is not a good idea :-)"; - -$comentarios = $rowdup["comentarios"]; -$direccion = $rowdup["direccion"]; -$telefono = $rowdup["telefono"]; -$nombre_real = $rowdup["nombre_real"]; - -?> - -'; -else - echo ''; -?> - - - - - - - - - - - -
-
-
- - -
E-Mail - - -
- -
-
-
- -"; +echo '
'; +if (!$config["user_can_update_info"]) { + echo ''.__('You can not change your user info from Pandora FMS under the current authentication scheme').''; +} else { + print_submit_button (__('Update'), 'uptbutton', $view_mode, 'class="sub upd"'); } -echo '
'; - echo "

'; +echo '
'; + + echo '

'.__('Profiles/Groups assigned to this user').'

'; -echo ""; -$sql = 'SELECT * FROM tusuario_perfil WHERE id_usuario = "'.$nombre.'"'; -$result = mysql_query ($sql); -if (mysql_num_rows ($result)) { - echo ''; - $color=1; - while ($row = mysql_fetch_array ($result)) { - if ($color == 1) { - $tdcolor = "datos2"; - $color = 0; - } else { - $tdcolor = "datos"; - $color = 1; - } - echo '"; - } -} else { + +$table->width = 500; +$table->cellpadding = 4; +$table->cellspacing = 4; +$table->class = "databox"; + +$table->data = array (); + +$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $id); +if ($result === false) { + $result = array (); +} + +foreach ($result as $profile) { + $data[0] = ''.get_profile_name ($profile["id_perfil"]).''; + $data[1] = ''.get_group_name ($profile["id_grupo"]).''; + array_push ($table->data, $data); +} + +if (!empty ($table->data)) { + print_table ($table); +} else { echo '
'.__('This user doesn\'t have any assigned profile/group').'
'; } -echo '
'; - echo "".get_profile_name ($row["id_perfil"])." / "; - echo "".get_group_name ($row["id_grupo"])."
'; - ?> diff --git a/pandora_console/operation/users/user_statistics.php b/pandora_console/operation/users/user_statistics.php index 4c128f1d92..81405fbcef 100644 --- a/pandora_console/operation/users/user_statistics.php +++ b/pandora_console/operation/users/user_statistics.php @@ -16,14 +16,12 @@ // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - // Load global vars -require("include/config.php"); +require_once ("include/config.php"); -if (comprueba_login() == 0) { -echo "

".__('Users defined in Pandora')." > "; -echo __('User activity statistics')."

"; -echo ''; -} +check_login (); + +echo "

".__('Users defined in Pandora')." > ".__('User activity statistics')."

"; + +print_image ("reporting/fgraph.php?tipo=user_activity", false, array ("border" => 0)); ?> diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index c64ce66071..39533a8729 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -579,18 +579,21 @@ CREATE TABLE IF NOT EXISTS `ttrap` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `tusuario` ( - `id_usuario` varchar(60) NOT NULL default '0', - `nombre_real` varchar(125) NOT NULL default '', + `id_user` varchar(60) NOT NULL default '0', + `fullname` varchar(255) NOT NULL, + `firstname` varchar(255) NOT NULL, + `lastname` varchar(255) NOT NULL, + `middlename` varchar(255) NOT NULL, `password` varchar(45) default NULL, - `comentarios` varchar(200) default NULL, - `fecha_registro` datetime NOT NULL default '0000-00-00 00:00:00', - `direccion` varchar(100) default '', - `telefono` varchar(100) default '', - `nivel` tinyint(1) NOT NULL default '0', - PRIMARY KEY (`id_usuario`) + `comments` varchar(200) default NULL, + `last_connect` bigint(20) NOT NULL default '0', + `registered` bigint(20) NOT NULL default '0', + `email` varchar(100) default NULL, + `phone` varchar(100) default NULL, + `is_admin` tinyint(1) unsigned NOT NULL default '0', + UNIQUE KEY `id_user` (`id_user`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; - CREATE TABLE IF NOT EXISTS `tusuario_perfil` ( `id_up` bigint(10) unsigned NOT NULL auto_increment, `id_usuario` varchar(100) NOT NULL default '', diff --git a/pandora_console/pandoradb_data.sql b/pandora_console/pandoradb_data.sql index d31409f631..8a241a331d 100644 --- a/pandora_console/pandoradb_data.sql +++ b/pandora_console/pandoradb_data.sql @@ -224,8 +224,8 @@ INSERT INTO `ttipo_modulo` VALUES -- -- Dumping data for table `tusuario` -- - -INSERT INTO `tusuario` VALUES ('admin','Default Admin','1da7ee7d45b96d0e1f45ee4ee23da560','Admin Pandora','2007-03-27 18:59:39','admin_pandora@nowhere.net','555-555-555',1); +INSERT INTO `tusuario` (`id_user`, `fullname`, `firstname`, `lastname`, `middlename`, `password`, `comments`, `last_connect`, `registered`, `email`, `phone`, `is_admin`) VALUES +('admin', 'Pandora', 'Pandora', 'Admin', '', '1da7ee7d45b96d0e1f45ee4ee23da560', 'Admin Pandora', 1232642121, 0, 'admin@example.com', '555-555-5555', 1); -- -- Dumping data for table `tusuario_perfil` diff --git a/pandora_console/pandoradb_migrate_20_to_21.sql b/pandora_console/pandoradb_migrate_20_to_21.sql index ecdc3ba9e2..268731b31b 100644 --- a/pandora_console/pandoradb_migrate_20_to_21.sql +++ b/pandora_console/pandoradb_migrate_20_to_21.sql @@ -170,4 +170,10 @@ DEFAULT '0', ADD `min_critical` DOUBLE( 18, 2 ) NOT NULL DEFAULT '0', ADD `max_critical` DOUBLE( 18, 2 ) NOT NULL DEFAULT '0', ADD `min_ff_event` INT( 4 ) UNSIGNED NOT NULL DEFAULT '0'; - +ALTER TABLE `tusuario` CHANGE `nombre_real` `fullname` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL; +ALTER TABLE `tusuario` CHANGE `id_usuario` `id_user` VARCHAR( 60 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '0'; +ALTER TABLE `tusuario` CHANGE `fecha_registro` `last_connect` BIGINT( 20 ) NOT NULL DEFAULT '0'; +ALTER TABLE `tusuario` ADD UNIQUE (`id_user`); +ALTER TABLE `tusuario` ADD `registered` BIGINT( 20 ) NOT NULL DEFAULT '0' AFTER `last_connect` ; +ALTER TABLE `tusuario` ADD `firstname` VARCHAR( 255 ) NOT NULL AFTER `fullname` , ADD `lastname` VARCHAR( 255 ) NOT NULL AFTER `firstname` , ADD `middlename` VARCHAR( 255 ) NOT NULL AFTER `lastname`; +ALTER TABLE `tusuario` CHANGE `direccion` `email` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , CHANGE `telefono` `phone` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , CHANGE `nivel` `is_admin` TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT '0' \ No newline at end of file