__('Default'), HOME_SCREEN_VISUAL_CONSOLE => __('Visual console'), HOME_SCREEN_EVENT_LIST => __('Event list'), HOME_SCREEN_GROUP_VIEW => __('Group view'), HOME_SCREEN_TACTICAL_VIEW => __('Tactical view'), HOME_SCREEN_ALERT_DETAIL => __('Alert detail'), HOME_SCREEN_EXTERNAL_LINK => __('External link'), HOME_SCREEN_OTHER => __('Other'), HOME_SCREEN_DASHBOARD => __('Dashboard'), ]; // This defines the working user. Beware with this, old code get confusses // and operates with current logged user (dangerous). $id = get_parameter('id', get_parameter('id_user', '')); if (empty($id) === true) { $id = $config['id_user']; } // Check if we are the same user for edit or we have a proper profile for edit users. if ($id !== $config['id_user']) { if ((bool) check_acl($config['id_user'], 0, 'UM') === false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to access User Management' ); include 'general/noaccess.php'; return; } } // ID given as parameter. $pure = get_parameter('pure', 0); $user_info = get_user_info($id); if (is_metaconsole() === true) { $user_info['section'] = $user_info['metaconsole_section']; $user_info['data_section'] = $user_info['metaconsole_data_section']; $user_info['default_event_filter'] = $user_info['metaconsole_default_event_filter']; } $is_err = false; if (is_ajax() === true) { $delete_profile = (bool) get_parameter('delete_profile'); $get_user_profile = (bool) get_parameter('get_user_profile'); if ($get_user_profile === true) { $profile_id = (int) get_parameter('profile_id'); $group_id = (int) get_parameter('group_id', -1); $user_id = (string) get_parameter('user_id', ''); $no_hierarchy = (int) get_parameter('no_hierarchy', -1); $assigned_by = (string) get_parameter('assigned_by', ''); $id_policy = (int) get_parameter('id_policy', -1); $tags = (string) get_parameter('id_policy', ''); $filter = []; if ($group_id > -1) { $filter['id_perfil'] = $profile_id; } if ($group_id > -1) { $filter['id_grupo'] = $group_id; } if ($user_id !== '') { $filter['id_usuario'] = $user_id; } if ($no_hierarchy > -1) { $filter['no_hierarchy'] = $no_hierarchy; } if ($assigned_by !== '') { $filter['assigned_by'] = $assigned_by; } if ($id_policy > -1) { $filter['id_policy'] = $id_policy; } if ($tags !== '') { $filter['tags'] = $tags; } $profile = db_get_all_rows_filter( 'tusuario_perfil', $filter ); if ($profile !== false && count($profile) > 0) { echo json_encode($profile); return; } else { echo json_encode(''); } return; } } $tab = get_parameter('tab', 'user'); // Save autorefresh list. $autorefresh_list = (array) get_parameter_post('autorefresh_list'); $autorefresh_white_list = (($autorefresh_list[0] === '') || ($autorefresh_list[0] === '0')) ? '' : json_encode($autorefresh_list); // Header. if (is_metaconsole() === true) { user_meta_print_header(); $sec = 'advanced'; } else { if ((bool) check_acl($config['id_user'], 0, 'UM') === false) { $buttons = []; } else { $buttons = [ 'user' => [ 'active' => false, 'text' => ''.html_print_image( 'images/user.svg', true, [ 'title' => __('User management'), 'class' => 'invert_filter main_menu_icon', ] ).'', ], 'profile' => [ 'active' => false, 'text' => ''.html_print_image( 'images/suitcase@svg.svg', true, [ 'title' => __('Profile management'), 'class' => 'invert_filter main_menu_icon', ] ).'', ], ]; $buttons[$tab]['active'] = true; } $edit_user = get_parameter('edit_user'); ui_print_standard_header( ($edit_user) ? sprintf('%s [ %s ]', __('Update User'), $id) : __('Create User'), 'images/gm_users.png', false, '', true, $buttons, [ [ 'link' => '', 'label' => __('Profiles'), ], [ 'link' => ui_get_full_url('index.php?sec=gusuarios&sec2=godmode/users/user_list'), 'label' => __('Manage users'), ], [ 'link' => '', 'label' => __('User Detail Editor'), ], ] ); $sec = 'gusuarios'; } if ((bool) $config['user_can_update_info'] === true) { $view_mode = false; } else { $view_mode = true; } $delete_profile = (bool) get_parameter('delete_profile'); $new_user = (bool) get_parameter('new_user'); $create_user = (bool) get_parameter('create_user'); $add_profile = (bool) get_parameter('add_profile'); $update_user = (bool) get_parameter('update_user'); $renewAPIToken = (bool) get_parameter('renewAPIToken'); $status = get_parameter('status', -1); $json_profile = get_parameter('json_profile', ''); // Reset status var if current action is not update_user. if ($new_user === true || $create_user === true || $add_profile === true || $delete_profile === true || $update_user === true ) { $status = -1; } if ($new_user === true && (bool) $config['admin_can_add_user'] === true) { $user_info = []; $id = ''; $user_info['fullname'] = ''; $user_info['firstname'] = ''; $user_info['lastname'] = ''; $user_info['email'] = ''; $user_info['phone'] = ''; $user_info['comments'] = ''; $user_info['is_admin'] = 0; $user_info['language'] = 'default'; $user_info['timezone'] = ''; $user_info['not_login'] = false; $user_info['local_user'] = false; $user_info['strict_acl'] = false; $user_info['session_time'] = 0; $user_info['middlename'] = 0; if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $user_info['id_skin'] = ''; } $user_info['section'] = ''; $user_info['data_section'] = ''; // This attributes are inherited from global configuration. $user_info['block_size'] = $config['block_size']; if (enterprise_installed() === true && is_metaconsole() === true) { $user_info['metaconsole_agents_manager'] = 0; $user_info['metaconsole_access_node'] = 0; } if (isset($config['ehorus_user_level_conf']) === true && (bool) $config['ehorus_user_level_conf'] === true) { $user_info['ehorus_user_level_user'] = ''; $user_info['ehorus_user_level_pass'] = ''; $user_info['ehorus_user_level_enabled'] = true; } } if ($create_user === true) { if ((bool) $config['admin_can_add_user'] === false) { ui_print_error_message( __('The current authentication scheme doesn\'t support creating users on %s', get_product_name()) ); return; } if (html_print_csrf_error() === true) { return; } $user_is_admin = (get_parameter('is_admin', 0) === 0) ? 0 : 1; if (users_is_admin() === false && $user_is_admin !== 0) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to create with administrator privileges to user by non administrator user '.$config['id_user'] ); include 'general/noaccess.php'; exit; } $values = []; $values['id_user'] = (string) get_parameter('id_user'); $values['fullname'] = (string) get_parameter('fullname'); $values['firstname'] = (string) get_parameter('firstname'); $values['lastname'] = (string) get_parameter('lastname'); $password_new = (string) get_parameter('password_new', ''); $password_confirm = (string) get_parameter('password_confirm', ''); $values['email'] = (string) get_parameter('email'); $values['phone'] = (string) get_parameter('phone'); $values['comments'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('comments')))); $values['allowed_ip_active'] = ((int) get_parameter_switch('allowed_ip_active', -1) === 0); $values['allowed_ip_list'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('allowed_ip_list')))); $values['is_admin'] = $user_is_admin; $values['language'] = get_parameter('language', 'default'); $values['timezone'] = (string) get_parameter('timezone'); $values['default_event_filter'] = (int) get_parameter('default_event_filter'); $values['default_custom_view'] = (int) get_parameter('default_custom_view'); $values['time_autorefresh'] = (int) get_parameter('time_autorefresh', 0); $values['show_tips_startup'] = (int) get_parameter_switch('show_tips_startup'); $values['integria_user_level_pass'] = (string) get_parameter('integria_user_level_pass'); $dashboard = get_parameter('dashboard', ''); $visual_console = get_parameter('visual_console', ''); if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $values['id_skin'] = (int) get_parameter('skin', 0); } $values['block_size'] = (int) get_parameter('block_size', $config['block_size']); $values['section'] = get_parameter('section'); if (($values['section'] === HOME_SCREEN_EVENT_LIST) || ($values['section'] === HOME_SCREEN_GROUP_VIEW) || ($values['section'] === HOME_SCREEN_ALERT_DETAIL) || ($values['section'] === HOME_SCREEN_TACTICAL_VIEW) || ($values['section'] === HOME_SCREEN_DEFAULT)) { $values['data_section'] = ''; } else if ($values['section'] === HOME_SCREEN_DASHBOARD) { $values['data_section'] = $dashboard; } else if (io_safe_output($values['section']) === HOME_SCREEN_VISUAL_CONSOLE) { $values['data_section'] = $visual_console; } else if ($values['section'] === HOME_SCREEN_OTHER || io_safe_output($values['section']) === HOME_SCREEN_EXTERNAL_LINK) { $values['data_section'] = get_parameter('data_section'); } // $values['section'] = $homeScreenValues[$values['section']]; if (enterprise_installed() === true) { $values['force_change_pass'] = 1; $values['last_pass_change'] = date('Y/m/d H:i:s', get_system_time()); if (is_metaconsole() === true) { $values['metaconsole_access'] = get_parameter('metaconsole_access', 'basic'); $values['metaconsole_agents_manager'] = ($user_is_admin == 1 ? 1 : get_parameter('metaconsole_agents_manager', '0')); $values['metaconsole_access_node'] = ($user_is_admin == 1 ? 1 : get_parameter('metaconsole_access_node', '0')); } } $values['not_login'] = (bool) get_parameter('not_login', false); $values['local_user'] = (bool) get_parameter('local_user', false); $values['middlename'] = get_parameter('middlename', 0); $values['strict_acl'] = (bool) get_parameter('strict_acl', false); $values['session_time'] = (int) get_parameter('session_time', 0); // Previously defined. $values['autorefresh_white_list'] = $autorefresh_white_list; // eHorus user level conf. if ((bool) $config['ehorus_user_level_conf'] === true) { $values['ehorus_user_level_enabled'] = (bool) get_parameter('ehorus_user_level_enabled', false); if ($values['ehorus_user_level_enabled'] === true) { $values['ehorus_user_level_user'] = (string) get_parameter('ehorus_user_level_user'); $values['ehorus_user_level_pass'] = (string) get_parameter('ehorus_user_level_pass'); } else { $values['ehorus_user_level_user'] = null; $values['ehorus_user_level_pass'] = null; } } // Generate new API token. $values['api_token'] = api_token_generate(); // Validate the user ID if it already exists. $user_exists = get_user_info($values['id_user']); if (empty($values['id_user']) === true) { ui_print_error_message(__('User ID cannot be empty')); $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (isset($user_exists['id_user'])) { $is_err = true; ui_print_error_message(__('User ID already exists')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (preg_match('/^\s+|\s+$/', io_safe_output($id))) { ui_print_error_message(__('Invalid user ID: leading or trailing blank spaces not allowed')); $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (empty($password_new) === true) { $is_err = true; ui_print_error_message(__('Passwords cannot be empty')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if ($password_new != $password_confirm) { $is_err = true; ui_print_error_message(__('Passwords didn\'t match')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (enterprise_hook('excludedPassword', [$password_new]) === true) { $is_err = true; ui_print_error_message(__('The password provided is not valid. Please set another one.')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else { if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) { $pass_ok = login_validate_pass($password_new, $id, true); if ($pass_ok != 1) { ui_print_error_message($pass_ok); } else { $result = create_user($id, $password_new, $values); } } else { $result = create_user($id, $password_new, $values); } $info = '{"Id_user":"'.$values['id_user'].'","FullName":"'.$values['fullname'].'","Firstname":"'.$values['firstname'].'","Lastname":"'.$values['lastname'].'","Email":"'.$values['email'].'","Phone":"'.$values['phone'].'","Comments":"'.$values['comments'].'","Is_admin":"'.$values['is_admin'].'","Language":"'.$values['language'].'","Timezone":"'.$values['timezone'].'","Block size":"'.$values['block_size'].'"'; if ($values['allowed_ip_active'] === true) { $info .= ',"IPS Allowed":"'.$values['allowed_ip_list'].'"'; } if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $info .= ',"Skin":"'.$values['id_skin'].'"}'; } else { $info .= '}'; } $can_create = false; if ($result) { $res = save_pass_history($id, $password_new); } else { $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Created user '.io_safe_output($id), false, false, $info ); ui_print_result_message( $result, __('Successfully created'), __('Could not be created') ); $password_new = ''; $password_confirm = ''; if ($result) { if ($values['strict_acl']) { if ($values['is_admin']) { ui_print_info_message(__('Strict ACL is not recommended for admin users because performance could be affected.')); } } $user_info = get_user_info($id); $new_user = false; if (empty($json_profile) === false) { $json_profile = json_decode(io_safe_output($json_profile), true); foreach ($json_profile as $key => $profile) { if (is_array($profile) === false) { $profile = json_decode($profile, true); } if (!empty($profile)) { $group2 = $profile['group']; $profile2 = $profile['profile']; $tags = $profile['tags']; foreach ($tags as $k => $tag) { if (empty($tag)) { unset($tags[$k]); } } $tags = implode(',', $tags); $no_hierarchy = $profile['hierarchy']; db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Added profile for user '.io_safe_output($id2), false, false, 'Profile: '.$profile2.' Group: '.$group2.' Tags: '.$tags ); $result_profile = profile_create_user_profile($id, $profile2, $group2, false, $tags, $no_hierarchy); if ($result_profile === false) { $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else { $pm = db_get_value_filter('pandora_management', 'tperfil', ['id_perfil' => $profile2]); if ((int) $pm === 1) { $user_source = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($user_source === false) { $notificationSources = db_get_all_rows_filter('tnotification_source', [], 'id'); foreach ($notificationSources as $notification) { if ((int) $notification['id'] === 1 || (int) $notification['id'] === 5) { $notification_user = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($notification_user === false) { @db_process_sql_insert( 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); } } } } } } ui_print_result_message( $result_profile, __('Profile added successfully'), __('Profile cannot be added') ); } } } } else { $user_info = $values; $new_user = true; } } } if ($update_user) { if (html_print_csrf_error() === true) { return; } $values = []; $values['fullname'] = (string) get_parameter('fullname'); $values['firstname'] = (string) get_parameter('firstname'); $values['lastname'] = (string) get_parameter('lastname'); $values['email'] = (string) get_parameter('email'); $values['phone'] = (string) get_parameter('phone'); $values['comments'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('comments')))); $values['allowed_ip_active'] = ((int) get_parameter('allowed_ip_active', -1) === 0); $values['allowed_ip_list'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('allowed_ip_list')))); $values['is_admin'] = (get_parameter('is_admin', 0) === 0) ? 0 : 1; $values['language'] = (string) get_parameter('language'); $values['timezone'] = (string) get_parameter('timezone'); $values['default_event_filter'] = (int) get_parameter('default_event_filter'); $values['default_custom_view'] = (int) get_parameter('default_custom_view'); $values['show_tips_startup'] = (int) get_parameter_switch('show_tips_startup'); $values['time_autorefresh'] = (int) get_parameter('time_autorefresh'); // API Token information. $apiTokenRenewed = (bool) get_parameter('renewAPIToken'); $values['api_token'] = ($apiTokenRenewed === true) ? api_token_generate() : users_get_API_token($id); if (users_is_admin() === false && (bool) $values['is_admin'] !== false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to add administrator privileges to user by non administrator user '.$config['id_user'] ); include 'general/noaccess.php'; exit; } // Ehorus user level conf. $values['ehorus_user_level_enabled'] = (bool) get_parameter('ehorus_user_level_enabled', false); $values['ehorus_user_level_user'] = (string) get_parameter('ehorus_user_level_user'); $values['ehorus_user_level_pass'] = (string) get_parameter('ehorus_user_level_pass'); $values['integria_user_level_pass'] = (string) get_parameter('integria_user_level_pass'); $values['middlename'] = get_parameter('middlename', 0); $dashboard = get_parameter('dashboard', ''); $visual_console = get_parameter('visual_console', ''); if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $values['id_skin'] = get_parameter('skin', 0); } $values['block_size'] = get_parameter('block_size', $config['block_size']); $values['section'] = get_parameter('section'); if (($values['section'] === HOME_SCREEN_EVENT_LIST) || ($values['section'] === HOME_SCREEN_GROUP_VIEW) || ($values['section'] === HOME_SCREEN_ALERT_DETAIL) || ($values['section'] === HOME_SCREEN_TACTICAL_VIEW) || ($values['section'] === HOME_SCREEN_DEFAULT)) { $values['data_section'] = ''; } else if ($values['section'] === HOME_SCREEN_DASHBOARD) { $values['data_section'] = $dashboard; } else if (io_safe_output($values['section']) === HOME_SCREEN_VISUAL_CONSOLE) { $values['data_section'] = $visual_console; } else if ($values['section'] === HOME_SCREEN_OTHER || io_safe_output($values['section']) === HOME_SCREEN_EXTERNAL_LINK) { $values['data_section'] = get_parameter('data_section'); } // $values['section'] = $homeScreenValues[$values['section']]; if (enterprise_installed() === true && is_metaconsole() === true) { if (users_is_admin() === true) { $values['metaconsole_access'] = get_parameter('metaconsole_access'); $values['metaconsole_agents_manager'] = get_parameter('metaconsole_agents_manager', '0'); $values['metaconsole_access_node'] = get_parameter('metaconsole_access_node', '0'); } else { $values['metaconsole_access'] = $user_info['metaconsole_access']; $values['metaconsole_agents_manager'] = $user_info['metaconsole_agents_manager']; $values['metaconsole_access_node'] = db_get_value('metaconsole_access_node', 'tusuario', 'id_user', $id); } } $values['not_login'] = (bool) get_parameter('not_login', false); $values['local_user'] = (bool) get_parameter('local_user', false); $values['strict_acl'] = (bool) get_parameter('strict_acl', false); $values['session_time'] = (int) get_parameter('session_time', 0); $force_update_session_expire = false; if ($values['session_time'] !== $user_info['session_time']) { $force_update_session_expire = true; } // Previously defined. $values['autorefresh_white_list'] = $autorefresh_white_list; $res1 = update_user($id, $values); if ($force_update_session_expire === true) { config_prepare_expire_time_session(true); } if ($config['user_can_update_password']) { $password_new = (string) get_parameter('password_new', ''); $password_confirm = (string) get_parameter('password_confirm', ''); $own_password_confirm = (string) get_parameter('own_password_confirm', ''); $id_user = (string) get_parameter('id_user', ''); if ($password_new != '') { $correct_password = false; $user_credentials_check = process_user_login($id_user, $own_password_confirm, true); if ($user_credentials_check !== false) { $correct_password = true; } if ((string) $password_confirm === (string) $password_new) { if ($correct_password === true || is_user_admin($config['id_user'])) { if ((is_user_admin($config['id_user']) === false || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) { $pass_ok = login_validate_pass($password_new, $id, true); if ($pass_ok != 1) { ui_print_error_message($pass_ok); } else { $res2 = update_user_password($id, $password_new); if ($res2) { db_process_sql_insert( 'tsesion', [ 'id_sesion' => '', 'id_usuario' => $id, 'ip_origen' => $_SERVER['REMOTE_ADDR'], 'accion' => 'Password change', 'descripcion' => 'Access password updated', 'fecha' => date('Y-m-d H:i:s'), 'utimestamp' => time(), ] ); $res3 = save_pass_history($id, $password_new); // Generate new API token. $newToken = api_token_generate(); $res4 = update_user($id, ['api_token' => $newToken]); } ui_print_result_message( $res1 || $res2, __('User info successfully updated'), __('Error updating user info (no change?)') ); } } else { $res2 = update_user_password($id, $password_new); if ($res2) { $res3 = save_pass_history($id, $password_new); db_process_sql_insert( 'tsesion', [ 'id_sesion' => '', 'id_usuario' => $id, 'ip_origen' => $_SERVER['REMOTE_ADDR'], 'accion' => 'Password change', 'descripcion' => 'Access password updated', 'fecha' => date('Y-m-d H:i:s'), 'utimestamp' => time(), ] ); // Generate new API token. $newToken = api_token_generate(); $res4 = update_user($id, ['api_token' => $newToken]); } ui_print_result_message( $res1 || $res2, __('User info successfully updated'), __('Error updating user info (no change?)') ); } } else { if ($own_password_confirm === '') { ui_print_error_message(__('Password of the active user is required to perform password change')); } else { ui_print_error_message(__('Password of active user is not correct')); } } } else { db_process_sql_insert( 'tsesion', [ 'id_sesion' => '', 'id_usuario' => $id, 'ip_origen' => $_SERVER['REMOTE_ADDR'], 'accion' => 'Password change', 'descripcion' => 'Access password update failed', 'fecha' => date('Y-m-d H:i:s'), 'utimestamp' => time(), ] ); ui_print_error_message(__('Passwords does not match')); } } else { $has_skin = false; $has_wizard = false; $info = '{"id_user":"'.$id.'", "FullName":"'.$values['fullname'].'", "Firstname":"'.$values['firstname'].'", "Lastname":"'.$values['lastname'].'", "Email":"'.$values['email'].'", "Phone":"'.$values['phone'].'", "Comments":"'.$values['comments'].'", "Is_admin":"'.$values['is_admin'].'", "Language":"'.$values['language'].'", "Timezone":"'.$values['timezone'].'", "Block size":"'.$values['block_size'].'", "Section":"'.$values['section'].'"'; if ($values['allowed_ip_active'] === true) { $info .= ',"IPS Allowed":"'.$values['allowed_ip_list'].'"'; } if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $info .= ',"Skin":"'.$values['id_skin'].'"'; $has_skin = true; } if (enterprise_installed() === true && is_metaconsole() === true) { $info .= ',"Wizard access":"'.$values['metaconsole_access'].'"}'; $has_wizard = true; } else if ($has_skin === true) { $info .= '}'; } if ($has_skin === false && $has_wizard === false) { $info .= '}'; } db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Updated user '.io_safe_output($id), false, false, $info ); ui_print_result_message( $res1, ($apiTokenRenewed === true) ? __('You have generated a new API Token.') : __('User info successfully updated'), __('Error updating user info (no change?)') ); } } else { ui_print_result_message( $res1, __('User info successfully updated'), __('Error updating user info (no change?)') ); } if ((bool) $values['strict_acl'] === true) { $count_groups = 0; $count_tags = 0; $profiles = db_get_all_rows_field_filter('tusuario_perfil', 'id_usuario', $id); if ($profiles === false) { $profiles = []; } foreach ($profiles as $profile) { $count_groups++; $arr_tags = explode(',', $profile['tags']); $count_tags = ($count_tags + count($arr_tags)); } if (($count_groups > 3) && ($count_tags > 10)) { ui_print_info_message(__('Strict ACL is not recommended for this user. Performance could be affected.')); } } $user_info = $values; } if ($delete_profile) { $id2 = (string) get_parameter('id_user'); $id_up = (int) get_parameter('id_user_profile'); $perfilUser = db_get_row('tusuario_perfil', 'id_up', $id_up); $id_perfil = $perfilUser['id_perfil']; $perfil = db_get_row('tperfil', 'id_perfil', $id_perfil); db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Deleted profile for user '.io_safe_output($id2), false, false, 'The profile with id '.$id_perfil.' in the group '.$perfilUser['id_grupo'] ); $return = profile_delete_user_profile($id2, $id_up); ui_print_result_message( $return, __('Successfully deleted'), __('Could not be deleted') ); $has_profile = db_get_row('tusuario_perfil', 'id_usuario', $id2); $user_is_global_admin = users_is_admin($id2); if ($has_profile === false && $user_is_global_admin === false) { $result = delete_user($id2); if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __('Deleted user %s', io_safe_output($id_user)) ); } ui_print_result_message( $result, __('Successfully deleted'), __('There was a problem deleting the user') ); // Delete the user in all the consoles. if (is_metaconsole() === true) { $servers = metaconsole_get_servers(); foreach ($servers as $server) { // Connect to the remote console. metaconsole_connect($server); // Delete the user. $result = delete_user($id_user); if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __('Deleted user %s from metaconsole', io_safe_output($id_user)) ); } // Restore the db connection. metaconsole_restore_db(); // Log to the metaconsole too. if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __( 'Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name']) ) ); } ui_print_result_message( $result, __('Successfully deleted from %s', io_safe_input($server['server_name'])), __('There was a problem deleting the user from %s', io_safe_input($server['server_name'])) ); } } } } if ((int) $status !== -1) { ui_print_result_message( $status, __('User info successfully updated'), __('Error updating user info (no change?)') ); } if ($add_profile && empty($json_profile)) { $id2 = (string) get_parameter('id', get_parameter('id_user')); $group2 = (int) get_parameter('assign_group'); $profile2 = (int) get_parameter('assign_profile'); $tags = (array) get_parameter('assign_tags'); $no_hierarchy = (int) get_parameter('no_hierarchy', 0); foreach ($tags as $k => $tag) { if (empty($tag) === true) { unset($tags[$k]); } } $tags = implode(',', $tags); db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Added profile for user '.io_safe_output($id2), false, false, 'Profile: '.$profile2.' Group: '.$group2.' Tags: '.$tags ); $return = profile_create_user_profile($id2, $profile2, $group2, false, $tags, $no_hierarchy); if ($return === false) { $is_err = true; } else { $pm = db_get_value_filter('pandora_management', 'tperfil', ['id_perfil' => $profile2]); if ((int) $pm === 1) { $user_source = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($user_source === false) { $notificationSources = db_get_all_rows_filter('tnotification_source', [], 'id'); foreach ($notificationSources as $notification) { if ((int) $notification['id'] === 1 || (int) $notification['id'] === 5) { $notification_user = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($notification_user === false) { @db_process_sql_insert( 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); } } } } } } ui_print_result_message( $return, __('Profile added successfully'), __('Profile cannot be added') ); } if (isset($values) === true && empty($values) === false) { $user_info = $values; } if (!users_is_admin() && $config['id_user'] !== $id && $new_user === false) { $group_um = users_get_groups_UM($config['id_user']); if (isset($group_um[0]) === true) { $group_um_string = implode(',', array_keys(users_get_groups($config['id_user'], 'um', true))); } else { $group_um_string = implode(',', array_keys($group_um)); } $sql = sprintf( "SELECT tusuario_perfil.* FROM tusuario_perfil INNER JOIN tperfil ON tperfil.id_perfil = tusuario_perfil.id_perfil WHERE id_usuario like '%s' AND id_grupo IN (%s) AND user_management = 1", $config['id_user'], $group_um_string ); $result = db_get_all_rows_sql($sql); if ((bool) $result === false && (bool) $user_info['is_admin'] === false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to access User Management' ); include 'general/noaccess.php'; return; } } if (!$new_user) { $user_id = '

'.__('User ID').':

'; $user_id .= ''.$id.''; $user_id .= html_print_input_hidden('id_user', $id, true); $user_id .= '
'; $apiTokenContentElements[] = ''.__('API Token').''; $apiTokenContentElements[] = html_print_button( __('Renew'), 'renew_api_token', false, sprintf( 'javascript:renewAPIToken("%s", "%s", "%s")', __('Warning'), __('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'), 'user_profile_form', ), [ 'mode' => 'link', 'style' => 'min-width: initial;', ], true, ); $apiTokenContentElements[] = html_print_button( __('Show'), 'show_api_token', false, sprintf( 'javascript:showAPIToken("%s", "%s", "%s", "%s")', __('API Token'), __('Your API Token is:'), base64_encode(users_get_API_token($id)), __('Please, avoid share this string with others.'), ), [ 'mode' => 'link', 'style' => 'min-width: initial;', ], true, ); $apiTokenContent = html_print_div( [ 'class' => 'flex-row-center', 'content' => implode('', $apiTokenContentElements), ], true ); $user_id .= $apiTokenContent; $CodeQRContent .= html_print_div(['id' => 'qr_container_image', 'class' => 'scale-0-8'], true); $CodeQRContent .= html_print_anchor( ['id' => 'qr_code_agent_view'], true ); $CodeQRContent .= '
'.$custom_id_div; // QR code div. $CodeQRTable = html_print_div( [ 'class' => 'agent_qr', 'content' => $CodeQRContent, ], true ); } else { $user_id = '
'.html_print_input_text_extended( 'id_user', $id, '', '', 20, 255, !$new_user || $view_mode, '', [ 'class' => 'input_line', 'placeholder' => __('User ID'), ], true ).'
'; } if (is_user_admin($id) === true) { $avatar = html_print_image( 'images/people_1.png', true, ['class' => 'user_avatar'] ); } else { $avatar = html_print_image( 'images/people_2.png', true, ['class' => 'user_avatar'] ); } $full_name = '
'.html_print_input_text_extended( 'fullname', $user_info['fullname'], 'fullname', '', 20, 100, $view_mode, '', [ 'class' => 'input', 'placeholder' => __('Full (display) name'), ], true ).'
'; $language = '

'.__('Language').'

'; $language .= html_print_select_from_sql( 'SELECT id_language, name FROM tlanguage', 'language', $user_info['language'], '', __('Default'), 'default', true ).'
'; $timezone = '

'.__('Timezone').ui_print_help_tip( __('The timezone must be that of the associated server.'), true ).'

'; $timezone .= html_print_timezone_select('timezone', $user_info['timezone']).'
'; if ($config['user_can_update_password']) { $new_pass = '
'.html_print_input_text_extended( 'password_new', '', 'password_new', '', '25', '45', $view_mode, '', [ 'class' => 'input', 'placeholder' => __('Password'), ], true, true ).'
'; $new_pass_confirm = '
'.html_print_input_text_extended( 'password_confirm', '', 'password_conf', '', '20', '45', $view_mode, '', [ 'class' => 'input', 'placeholder' => __('Password confirmation'), ], true, true ).'
'; if (!is_user_admin($config['id_user'])) { $own_pass_confirm = '
'.html_print_input_text_extended( 'own_password_confirm', '', 'own_password_confirm', '', '20', '45', $view_mode, '', [ 'class' => 'input', 'placeholder' => __('Own password confirmation'), ], true, true ).'
'; } } if (users_is_admin() === true) { $global_profile = '
'; $global_profile .= '

'.__('Administrator user').'

'; $global_profile .= html_print_checkbox_switch( 'is_admin', 0, $user_info['is_admin'], true ); $global_profile .= '
'; } else { $global_profile = html_print_input_hidden( 'is_admin_sent', 0, true ); } $email = '
'.html_print_input_text_extended( 'email', $user_info['email'], 'email', '', '25', '100', $view_mode, '', [ 'class' => 'input input_line', 'placeholder' => __('E-mail'), ], true ).'
'; $phone = '
'.html_print_input_text_extended( 'phone', $user_info['phone'], 'phone', '', '20', '30', $view_mode, '', [ 'class' => 'input input_line phone_icon_input', 'placeholder' => __('Phone number'), ], true ).'
'; $comments = '

'.__('Comments').'

'; $comments .= html_print_textarea( 'comments', 2, 65, $user_info['comments'], ($view_mode ? 'readonly="readonly"' : ''), true ); $allowedIP = '

'; $allowedIP .= __('Login allowed IP list').' '; $allowedIP .= ui_print_help_tip(__('Add the source IPs that will allow console access. Each IP must be separated only by comma. * allows all.'), true).' '; $allowedIP .= html_print_checkbox_switch( 'allowed_ip_active', 0, ($user_info['allowed_ip_active'] ?? 0), true ); $allowedIP .= '

'; $allowedIP .= html_print_textarea( 'allowed_ip_list', 2, 65, ($user_info['allowed_ip_list'] ?? 0), (((bool) $view_mode === true) ? 'readonly="readonly"' : ''), true ); // If we want to create a new user, skins displayed are the skins of the creator's group. If we want to update, skins displayed are the skins of the modified user. $own_info = get_user_info($config['id_user']); if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'PM')) { $display_all_group = true; } else { $display_all_group = false; } if ($new_user) { $usr_groups = (users_get_groups($config['id_user'], 'AR', $display_all_group)); $id_usr = $config['id_user']; } else { $usr_groups = (users_get_groups($id, 'AR', $display_all_group)); $id_usr = $id; } if (is_metaconsole() === false) { // User only can change skins if has more than one group. if (function_exists('skins_print_select')) { if (count($usr_groups) > 1) { if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $skin = '

'.__('Skin').'

'; $skin .= skins_print_select($id_usr, 'skin', $user_info['id_skin'], '', __('None'), 0, true).'
'; } } } } if (is_metaconsole() === true) { $array_filters = get_filters_custom_fields_view(0, true); $searchCustomFieldView = []; $searchCustomFieldView[] = __('Search custom field view'); $searchCustomFieldView[] = html_print_select( $array_filters, 'default_custom_view', $user_info['default_custom_view'], '', __('None'), 0, true, false, true, '', false ).ui_print_input_placeholder( __('Load by default the selected view in custom field view'), true ); } $values = [ -1 => __('Use global conf'), 1 => __('Yes'), 0 => __('No'), ]; $home_screen = '

'.__('Home screen').ui_print_help_tip( __('User can customize the home page. By default, will display \'Agent Detail\'. Example: Select \'Other\' and type index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=1 to show agent detail view'), true ).'

'; $dashboards = Manager::getDashboards( -1, -1, false, false, $id_usr ); $dashboards_aux = []; if ($dashboards === false) { $dashboards = ['None' => 'None']; } else { foreach ($dashboards as $key => $dashboard) { $dashboards_aux[$dashboard['id']] = $dashboard['name']; } } $home_screen .= ''; $layouts = visual_map_get_user_layouts($config['id_user'], true); $layouts_aux = []; if ($layouts === false) { $layouts_aux = ['None' => 'None']; } else { foreach ($layouts as $layout) { $layouts_aux[$layout] = $layout; } } $home_screen .= ''; $home_screen .= html_print_input_text( 'data_section', $user_info['data_section'], '', 60, 255, true, false ); $home_screen = ''; $size_pagination = '

'.__('Block size for pagination').'

'; $size_pagination .= html_print_input_text( 'block_size', $user_info['block_size'], '', 5, 5, true ).'
'; if ($id === $config['id_user']) { $language .= html_print_input_hidden( 'quick_language_change', 1, true ); } if (enterprise_installed() === true && is_metaconsole() === true) { $user_info_metaconsole_access = 'only_console'; if (isset($user_info['metaconsole_access'])) { $user_info_metaconsole_access = $user_info['metaconsole_access']; } $metaconsole_accesses = [ 'basic' => __('Basic'), 'advanced' => __('Advanced'), ]; $outputMetaAccess = []; $outputMetaAccess[] = __('Metaconsole access'); $outputMetaAccess[] = html_print_select( $metaconsole_accesses, 'metaconsole_access', $user_info_metaconsole_access, '', '', -1, true, false, false ); } $user_groups = implode(',', array_keys((users_get_groups($id, 'AR', $display_all_group)))); if (empty($user_groups) === false) { $event_filter_data = db_get_all_rows_sql('SELECT id_name, id_filter FROM tevent_filter WHERE id_group_filter IN ('.$user_groups.')'); if ($event_filter_data === false) { $event_filter_data = []; } } else { $event_filter_data = []; } $event_filter = []; $event_filter[0] = __('None'); foreach ($event_filter_data as $filter) { $event_filter[$filter['id_filter']] = $filter['id_name']; } if (is_metaconsole() === true && empty($user_info['metaconsole_default_event_filter']) !== true) { $user_info['default_event_filter'] = $user_info['metaconsole_default_event_filter']; } $default_event_filter = '

'.__('Default event filter').'

'; $default_event_filter .= html_print_select( $event_filter, 'default_event_filter', ($user_info['default_event_filter'] ?? 0), '', '', __('None'), true, false, false ).'
'; if (isset($config['ehorus_user_level_conf']) === true && (bool) $config['ehorus_user_level_conf'] === true) { $ehorus = '

'.__('eHorus user access enabled').'

'; $ehorus .= html_print_checkbox_switch( 'ehorus_user_level_enabled', 1, $user_info['ehorus_user_level_enabled'], true ).'
'; $ehorus .= '
'; $ehorus .= '

'.__('eHorus user').'

'; $ehorus .= html_print_input_text( 'ehorus_user_level_user', $user_info['ehorus_user_level_user'], '', 15, 45, true ).'
'; $ehorus .= '

'.__('eHorus password').'

'; $ehorus .= html_print_input_password( 'ehorus_user_level_pass', io_output_password($user_info['ehorus_user_level_pass']), '', 15, 45, true ).'
'; $ehorus .= '
'; } // Double authentication. $doubleAuthElementsContent = []; if (isset($config['double_auth_enabled']) === true && (bool) ($config['double_auth_enabled']) === true && check_acl($config['id_user'], 0, 'PM')) { // Know if Double Auth is enabled. $double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id); // Double authentication elements. $doubleAuthElementsSubContent = []; // Caption. $doubleAuthElementsSubContent[] = ''.__('Double authentication').''; // Switch. if (($config['2FA_all_users'] == '' && !$double_auth_enabled) || ($config['double_auth_enabled'] == '' && $double_auth_enabled) || check_acl($config['id_user'], 0, 'PM') ) { if ($new_user === false) { $doubleAuthElementsSubContent[] = html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true); } else { $doubleAuthElementsSubContent[] = ui_print_help_tip(__('User must be created before activating double authentication.'), true); } } // Control for show. $doubleAuthElementsContent[] = html_print_div( [ 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', 'class' => 'margin-top-10', 'content' => implode('', $doubleAuthElementsSubContent), ], true ); // Dialog. $doubleAuthElementsContent[] = html_print_div( [ 'id' => 'dialog-double_auth', 'class' => 'invisible', 'content' => html_print_div(['id' => 'dialog-double_auth-container'], true), ], true ); } if ($double_auth_enabled === true && (bool) $config['double_auth_enabled'] === true && empty($config['2FA_all_users']) === false) { $doubleAuthElementsContent[] = html_print_button( __('Show information'), 'show_info', false, 'javascript:show_double_auth_info();', '', true ); } if (empty($doubleAuthElementsContent) === false) { $doubleAuthentication = html_print_div(['content' => implode('', $doubleAuthElementsContent)], true); } else { $doubleAuthentication = ''; } $autorefresh_list_out = []; if (is_metaconsole() === false || is_centralized() === true) { $autorefresh_list_out['operation/agentes/estado_agente'] = 'Agent detail'; $autorefresh_list_out['operation/agentes/alerts_status'] = 'Alert detail'; $autorefresh_list_out['enterprise/operation/cluster/cluster'] = 'Cluster view'; $autorefresh_list_out['operation/gis_maps/render_view'] = 'Gis Map'; $autorefresh_list_out['operation/reporting/graph_viewer'] = 'Graph Viewer'; $autorefresh_list_out['operation/snmpconsole/snmp_view'] = 'SNMP console'; if (enterprise_installed()) { $autorefresh_list_out['general/sap_view'] = 'SAP view'; } } $autorefresh_list_out['operation/agentes/tactical'] = 'Tactical view'; $autorefresh_list_out['operation/agentes/group_view'] = 'Group view'; $autorefresh_list_out['operation/agentes/status_monitor'] = 'Monitor detail'; $autorefresh_list_out['enterprise/operation/services/services'] = 'Services'; $autorefresh_list_out['operation/dashboard/dashboard'] = 'Dashboard'; $autorefresh_list_out['operation/visual_console/render_view'] = 'Visual console'; $autorefresh_list_out['operation/events/events'] = 'Events'; if (isset($autorefresh_list) === false || empty($autorefresh_list) === true || empty($autorefresh_list[0]) === true) { $select = db_process_sql("SELECT autorefresh_white_list FROM tusuario WHERE id_user = '".$id."'"); $autorefresh_list = json_decode($select[0]['autorefresh_white_list']); if ($autorefresh_list === null || $autorefresh_list === 0) { $autorefresh_list = []; $autorefresh_list[0] = __('None'); } else { $aux = []; $count_autorefresh_list = count($autorefresh_list); for ($i = 0; $i < $count_autorefresh_list; $i++) { if ($autorefresh_list[$i] === 'operation/agentes/pandora_networkmap') { continue; } $aux[$autorefresh_list[$i]] = $autorefresh_list_out[$autorefresh_list[$i]]; unset($autorefresh_list_out[$autorefresh_list[$i]]); $autorefresh_list[$i] = $aux; } $autorefresh_list = $aux; } } else { if (is_array($autorefresh_list) === false || empty($autorefresh_list[0]) === true || $autorefresh_list[0] === '0') { $autorefresh_list = []; $autorefresh_list[0] = __('None'); } else { $aux = []; $count_autorefresh_list = count($autorefresh_list); for ($i = 0; $i < $count_autorefresh_list; $i++) { $aux[$autorefresh_list[$i]] = $autorefresh_list_out[$autorefresh_list[$i]]; unset($autorefresh_list_out[$autorefresh_list[$i]]); $autorefresh_list[$i] = $aux; } $autorefresh_list = $aux; } } if (is_metaconsole() === true) { enterprise_include_once('include/functions_metaconsole.php'); $access_node = db_get_value('metaconsole_access_node', 'tusuario', 'id_user', $id); $metaconsoleAgentManager = []; $metaconsoleAgentManager[] = __('Enable agents managment'); $metaconsoleAgentManager[] = html_print_checkbox_switch( 'metaconsole_agents_manager', 1, $user_info['metaconsole_agents_manager'], true ); $metaconsoleAgentManager[] = __('Enable node access').ui_print_help_tip( __('With this option enabled, the user will can access to nodes console'), true ); $metaconsoleAgentManager[] = html_print_checkbox_switch( 'metaconsole_access_node', 1, $access_node, true ); } echo '
'; echo '
'; if (!$id) { $user_id_update_view = $user_id; $user_id_create = ''; } else { $user_id_update_view = ''; $user_id_create = $user_id; } // User management form. require_once 'user_management.php'; if ((bool) $config['admin_can_add_user'] === true) { html_print_csrf_hidden(); html_print_input_hidden((($new_user === true) ? 'create_user' : 'update_user'), 1); } echo '
'; html_print_input_hidden('json_profile', $json_profile); echo ''; // User Profile definition table. (Only where user is not creating). if ((bool) check_acl($config['id_user'], 0, 'UM') === true) { profile_print_profile_table($id, io_safe_output($json_profile), false, ($is_err === true)); } echo '
'; $actionButtons = []; if ((bool) $config['admin_can_add_user'] === true) { if ($new_user === true) { $submitButtonCaption = __('Create'); $submitButtonName = 'crtbutton'; $submitButtonIcon = 'wand'; } else { $submitButtonCaption = __('Update'); $submitButtonName = 'uptbutton'; $submitButtonIcon = 'update'; } $actionButtons[] = html_print_submit_button( $submitButtonCaption, $submitButtonName, false, [ 'icon' => $submitButtonIcon, 'form' => 'user_profile_form', ], true ); } if ((bool) check_acl($config['id_user'], 0, 'UM') === true) { $actionButtons[] = html_print_go_back_button( ui_get_full_url('index.php?sec=gusuarios&sec2=godmode/users/user_list&tab=user&pure=0'), ['button_class' => ''], true ); } html_print_action_buttons(implode('', $actionButtons), ['type' => 'form_action']); echo ''; // This is an image generated for JS. $delete_image = html_print_input_image( 'del', 'images/delete.svg', 1, '', true, [ 'onclick' => 'delete_profile(event, this)', 'class' => 'invert_filter main_menu_icon', ] ); if (is_metaconsole() === false) { ?> '."\n\t"; echo ''."\n\t"; // Closes no meta condition. } ?>