__('Default'), HOME_SCREEN_VISUAL_CONSOLE => __('Visual console'), HOME_SCREEN_EVENT_LIST => __('Event list'), HOME_SCREEN_GROUP_VIEW => __('Group view'), HOME_SCREEN_TACTICAL_VIEW => __('Tactical view'), HOME_SCREEN_ALERT_DETAIL => __('Alert detail'), HOME_SCREEN_EXTERNAL_LINK => __('External link'), HOME_SCREEN_OTHER => __('Other'), HOME_SCREEN_DASHBOARD => __('Dashboard'), ]; // This defines the working user. Beware with this, old code get confusses // and operates with current logged user (dangerous). $id = get_parameter('id', get_parameter('id_user', '')); if (empty($id) === true) { $id = $config['id_user']; } // Check if we are the same user for edit or we have a proper profile for edit users. if ($id !== $config['id_user']) { if ((bool) check_acl($config['id_user'], 0, 'UM') === false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to access User Management' ); include 'general/noaccess.php'; return; } } // ID given as parameter. $pure = get_parameter('pure', 0); $user_info = get_user_info($id); if (is_metaconsole() === true) { $user_info['section'] = $user_info['metaconsole_section']; $user_info['data_section'] = $user_info['metaconsole_data_section']; $user_info['default_event_filter'] = $user_info['metaconsole_default_event_filter']; } $is_err = false; if (is_ajax() === true) { $delete_profile = (bool) get_parameter('delete_profile'); $get_user_profile = (bool) get_parameter('get_user_profile'); if ($get_user_profile === true) { $profile_id = (int) get_parameter('profile_id'); $group_id = (int) get_parameter('group_id', -1); $user_id = (string) get_parameter('user_id', ''); $no_hierarchy = (int) get_parameter('no_hierarchy', -1); $assigned_by = (string) get_parameter('assigned_by', ''); $id_policy = (int) get_parameter('id_policy', -1); $tags = (string) get_parameter('id_policy', ''); $filter = []; if ($group_id > -1) { $filter['id_perfil'] = $profile_id; } if ($group_id > -1) { $filter['id_grupo'] = $group_id; } if ($user_id !== '') { $filter['id_usuario'] = $user_id; } if ($no_hierarchy > -1) { $filter['no_hierarchy'] = $no_hierarchy; } if ($assigned_by !== '') { $filter['assigned_by'] = $assigned_by; } if ($id_policy > -1) { $filter['id_policy'] = $id_policy; } if ($tags !== '') { $filter['tags'] = $tags; } $profile = db_get_all_rows_filter( 'tusuario_perfil', $filter ); if ($profile !== false && count($profile) > 0) { echo json_encode($profile); return; } else { echo json_encode(''); } return; } if ($delete_profile === true) { // Get parameters. $result = false; $id_user = (string) get_parameter('id_user'); $id_up = (int) get_parameter('id_user_profile'); $delete_user = (bool) get_parameter('delete_user', false); $user_is_global_admin = users_is_admin($id_user); $perfilUser = db_get_row('tusuario_perfil', 'id_up', $id_up); $id_perfil = $perfilUser['id_perfil']; db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Deleted profile for user '.io_safe_output($id_user), false, false, 'The profile with id '.$id_perfil.' in the group '.$perfilUser['id_grupo'] ); // Delete profile. $profile_deleted = profile_delete_user_profile($id_user, $id_up); // Check if exists more profiles. $has_profile = db_get_row('tusuario_perfil', 'id_usuario', $id_user); if ($profile_deleted === true) { if ($has_profile === false && $user_is_global_admin === false && $delete_user === true) { if (is_metaconsole() === true) { $servers = metaconsole_get_servers(); foreach ($servers as $server) { // Connect to the remote console. metaconsole_connect($server); // Delete the user. $result = delete_user($id_user); if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __('Deleted user %s from metaconsole', io_safe_output($id_user)) ); } // Restore the db connection. metaconsole_restore_db(); // Log to the metaconsole too. if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __( 'Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name']) ) ); } } $result = delete_user((string) $id_user); if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __('Deleted user %s', io_safe_output($id_user)) ); } } else { $result = delete_user((string) $id_user); if ($result === true) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, __('Deleted user %s', io_safe_output($id_user)) ); } } } else { $result = $profile_deleted; } } return $result; } } $tab = get_parameter('tab', 'user'); // Save autorefresh list. $autorefresh_list = (array) get_parameter_post('autorefresh_list'); $autorefresh_white_list = (($autorefresh_list[0] === '') || ($autorefresh_list[0] === '0')) ? '' : json_encode($autorefresh_list); // Header. if (is_metaconsole() === true) { user_meta_print_header(); $sec = 'advanced'; } else { $edit_user = get_parameter('edit_user'); $title = ($edit_user) ? sprintf('%s [ %s ]', __('Update User'), $id) : __('Create User'); user_print_header($pure, $tab, $title); $sec = 'gusuarios'; } if ((bool) $config['user_can_update_info'] === true) { $view_mode = false; } else { $view_mode = true; } $delete_profile = (bool) get_parameter('delete_profile'); $new_user = (bool) get_parameter('new_user'); $create_user = (bool) get_parameter('create_user'); $add_profile = (bool) get_parameter('add_profile'); $update_user = (bool) get_parameter('update_user'); $renewAPIToken = (bool) get_parameter('renewAPIToken'); $status = get_parameter('status', -1); $json_profile = get_parameter('json_profile', ''); // Reset status var if current action is not update_user. if ($new_user === true || $create_user === true || $add_profile === true || $delete_profile === true || $update_user === true ) { $status = -1; } if ($new_user === true && (bool) $config['admin_can_add_user'] === true) { $user_info = []; $id = ''; $user_info['fullname'] = ''; $user_info['firstname'] = ''; $user_info['lastname'] = ''; $user_info['email'] = ''; $user_info['phone'] = ''; $user_info['comments'] = ''; $user_info['is_admin'] = 0; $user_info['language'] = 'default'; $user_info['timezone'] = ''; $user_info['not_login'] = false; $user_info['local_user'] = false; $user_info['strict_acl'] = false; $user_info['session_time'] = 0; $user_info['middlename'] = 0; if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $user_info['id_skin'] = ''; } $user_info['section'] = ''; $user_info['data_section'] = ''; // This attributes are inherited from global configuration. $user_info['block_size'] = $config['block_size']; if (enterprise_installed() === true && is_metaconsole() === true) { $user_info['metaconsole_agents_manager'] = 0; $user_info['metaconsole_access_node'] = 0; } if (isset($config['ehorus_user_level_conf']) === true && (bool) $config['ehorus_user_level_conf'] === true) { $user_info['ehorus_user_level_user'] = ''; $user_info['ehorus_user_level_pass'] = ''; $user_info['ehorus_user_level_enabled'] = true; } } if ($create_user === true) { if ((bool) $config['admin_can_add_user'] === false) { ui_print_error_message( __('The current authentication scheme doesn\'t support creating users on %s', get_product_name()) ); return; } if (html_print_csrf_error() === true) { return; } $user_is_admin = (get_parameter('is_admin', 0) === 0) ? 0 : 1; if (users_is_admin() === false && $user_is_admin !== 0) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to create with administrator privileges to user by non administrator user '.$config['id_user'] ); include 'general/noaccess.php'; exit; } $values = []; $values['id_user'] = (string) get_parameter('id_user'); $values['fullname'] = (string) get_parameter('fullname'); $values['firstname'] = (string) get_parameter('firstname'); $values['lastname'] = (string) get_parameter('lastname'); $password_new = (string) get_parameter('password_new', ''); $password_confirm = (string) get_parameter('password_confirm', ''); $values['email'] = (string) get_parameter('email'); $values['phone'] = (string) get_parameter('phone'); $values['comments'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('comments')))); $values['allowed_ip_active'] = ((int) get_parameter_switch('allowed_ip_active', -1) === 0); $values['allowed_ip_list'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('allowed_ip_list')))); $values['is_admin'] = $user_is_admin; $values['language'] = get_parameter('language', 'default'); $values['timezone'] = (string) get_parameter('timezone'); $values['default_event_filter'] = (int) get_parameter('default_event_filter'); $values['default_custom_view'] = (int) get_parameter('default_custom_view'); $values['time_autorefresh'] = (int) get_parameter('time_autorefresh', 0); $values['show_tips_startup'] = (int) get_parameter_switch('show_tips_startup'); $values['integria_user_level_pass'] = (string) get_parameter('integria_user_level_pass'); $dashboard = get_parameter('dashboard', ''); $visual_console = get_parameter('visual_console', ''); if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $values['id_skin'] = (int) get_parameter('skin', 0); } $values['block_size'] = (int) get_parameter('block_size', $config['block_size']); $values['section'] = get_parameter('section'); if (($values['section'] === HOME_SCREEN_EVENT_LIST) || ($values['section'] === HOME_SCREEN_GROUP_VIEW) || ($values['section'] === HOME_SCREEN_ALERT_DETAIL) || ($values['section'] === HOME_SCREEN_TACTICAL_VIEW) || ($values['section'] === HOME_SCREEN_DEFAULT)) { $values['data_section'] = ''; } else if ($values['section'] === HOME_SCREEN_DASHBOARD) { $values['data_section'] = $dashboard; } else if (io_safe_output($values['section']) === HOME_SCREEN_VISUAL_CONSOLE) { $values['data_section'] = $visual_console; } else if ($values['section'] === HOME_SCREEN_OTHER || io_safe_output($values['section']) === HOME_SCREEN_EXTERNAL_LINK) { $values['data_section'] = get_parameter('data_section'); } if (is_metaconsole() === true) { $values['metaconsole_section'] = $values['section']; $values['metaconsole_data_section'] = $values['data_section']; } // $values['section'] = $homeScreenValues[$values['section']]; if (enterprise_installed() === true) { $values['force_change_pass'] = 1; $values['last_pass_change'] = date('Y/m/d H:i:s', get_system_time()); if (is_metaconsole() === true) { $values['metaconsole_access'] = get_parameter('metaconsole_access', 'basic'); $values['metaconsole_agents_manager'] = ($user_is_admin == 1 ? 1 : get_parameter('metaconsole_agents_manager', '0')); $values['metaconsole_access_node'] = ($user_is_admin == 1 ? 1 : get_parameter('metaconsole_access_node', '0')); } } $values['not_login'] = (bool) get_parameter('not_login', false); $values['local_user'] = (bool) get_parameter('local_user', false); $values['middlename'] = get_parameter('middlename', 0); $values['strict_acl'] = (bool) get_parameter('strict_acl', false); $values['session_time'] = (int) get_parameter('session_time', 0); // Previously defined. $values['autorefresh_white_list'] = $autorefresh_white_list; // eHorus user level conf. if ((bool) $config['ehorus_user_level_conf'] === true) { $values['ehorus_user_level_enabled'] = (bool) get_parameter('ehorus_user_level_enabled', false); if ($values['ehorus_user_level_enabled'] === true) { $values['ehorus_user_level_user'] = (string) get_parameter('ehorus_user_level_user'); $values['ehorus_user_level_pass'] = (string) get_parameter('ehorus_user_level_pass'); } else { $values['ehorus_user_level_user'] = null; $values['ehorus_user_level_pass'] = null; } } // Generate new API token. $values['api_token'] = api_token_generate(); // Validate the user ID if it already exists. $user_exists = get_user_info($values['id_user']); if (empty($values['id_user']) === true) { ui_print_error_message(__('User ID cannot be empty')); $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (isset($user_exists['id_user'])) { $is_err = true; ui_print_error_message(__('User ID already exists')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (preg_match('/^\s+|\s+$/', io_safe_output($id))) { ui_print_error_message(__('Invalid user ID: leading or trailing blank spaces not allowed')); $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (empty($password_new) === true) { $is_err = true; ui_print_error_message(__('Passwords cannot be empty')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if ($password_new != $password_confirm) { $is_err = true; ui_print_error_message(__('Passwords didn\'t match')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else if (enterprise_hook('excludedPassword', [$password_new]) === true) { $is_err = true; ui_print_error_message(__('The password provided is not valid. Please set another one.')); $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else { if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) { $pass_ok = login_validate_pass($password_new, $id, true); if ($pass_ok != 1) { ui_print_error_message($pass_ok); } else { $result = create_user($id, $password_new, $values); } } else { $result = create_user($id, $password_new, $values); } $info = '{"Id_user":"'.$values['id_user'].'","FullName":"'.$values['fullname'].'","Firstname":"'.$values['firstname'].'","Lastname":"'.$values['lastname'].'","Email":"'.$values['email'].'","Phone":"'.$values['phone'].'","Comments":"'.$values['comments'].'","Is_admin":"'.$values['is_admin'].'","Language":"'.$values['language'].'","Timezone":"'.$values['timezone'].'","Block size":"'.$values['block_size'].'"'; if ($values['allowed_ip_active'] === true) { $info .= ',"IPS Allowed":"'.$values['allowed_ip_list'].'"'; } if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $info .= ',"Skin":"'.$values['id_skin'].'"}'; } else { $info .= '}'; } $can_create = false; if ($result) { $res = save_pass_history($id, $password_new); } else { $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Created user '.io_safe_output($id), false, false, $info ); ui_print_result_message( $result, __('Successfully created'), __('Could not be created') ); $password_new = ''; $password_confirm = ''; if ($result) { if ($values['strict_acl']) { if ($values['is_admin']) { ui_print_info_message(__('Strict ACL is not recommended for admin users because performance could be affected.')); } } $user_info = get_user_info($id); $new_user = false; if (empty($json_profile) === false) { $json_profile = json_decode(io_safe_output($json_profile), true); foreach ($json_profile as $key => $profile) { if (is_array($profile) === false) { $profile = json_decode($profile, true); } if (!empty($profile)) { $group2 = $profile['group']; $profile2 = $profile['profile']; $tags = $profile['tags']; foreach ($tags as $k => $tag) { if (empty($tag)) { unset($tags[$k]); } } $tags = implode(',', $tags); $no_hierarchy = $profile['hierarchy']; db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Added profile for user '.io_safe_output($id2), false, false, 'Profile: '.$profile2.' Group: '.$group2.' Tags: '.$tags ); $result_profile = profile_create_user_profile($id, $profile2, $group2, false, $tags, $no_hierarchy); if ($result_profile === false) { $is_err = true; $user_info = $values; $password_new = ''; $password_confirm = ''; $new_user = true; } else { $pm = db_get_value_filter('pandora_management', 'tperfil', ['id_perfil' => $profile2]); if ((int) $pm === 1) { $user_source = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($user_source === false) { $notificationSources = db_get_all_rows_filter('tnotification_source', [], 'id'); foreach ($notificationSources as $notification) { if ((int) $notification['id'] === 1 || (int) $notification['id'] === 5) { $notification_user = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($notification_user === false) { @db_process_sql_insert( 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); } } } } } } ui_print_result_message( $result_profile, __('Profile added successfully'), __('Profile cannot be added') ); } } } } else { $user_info = $values; $new_user = true; } } } if ($update_user) { if (html_print_csrf_error() === true) { return; } $values = []; $values['fullname'] = (string) get_parameter('fullname'); $values['firstname'] = (string) get_parameter('firstname'); $values['lastname'] = (string) get_parameter('lastname'); $values['email'] = (string) get_parameter('email'); $values['phone'] = (string) get_parameter('phone'); $values['comments'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('comments')))); if (users_is_admin($config['id_user']) === true || (bool) check_acl($config['id_user'], 0, 'PM') === true) { $values['allowed_ip_active'] = ((int) get_parameter('allowed_ip_active', -1) === 0); $values['allowed_ip_list'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('allowed_ip_list')))); } $values['is_admin'] = (get_parameter('is_admin', 0) === 0) ? 0 : 1; $values['language'] = (string) get_parameter('language'); $values['timezone'] = (string) get_parameter('timezone'); $values['default_event_filter'] = (int) get_parameter('default_event_filter'); $values['default_custom_view'] = (int) get_parameter('default_custom_view'); $values['show_tips_startup'] = (int) get_parameter_switch('show_tips_startup'); $values['time_autorefresh'] = (int) get_parameter('time_autorefresh'); // API Token information. $apiTokenRenewed = (bool) get_parameter('renewAPIToken'); $values['api_token'] = ($apiTokenRenewed === true) ? api_token_generate() : users_get_API_token($id); if (users_is_admin() === false && (bool) $values['is_admin'] !== false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to add administrator privileges to user by non administrator user '.$config['id_user'] ); include 'general/noaccess.php'; exit; } // Ehorus user level conf. $values['ehorus_user_level_enabled'] = (bool) get_parameter('ehorus_user_level_enabled', false); $values['ehorus_user_level_user'] = (string) get_parameter('ehorus_user_level_user'); $values['ehorus_user_level_pass'] = (string) get_parameter('ehorus_user_level_pass'); $values['integria_user_level_pass'] = (string) get_parameter('integria_user_level_pass'); $values['middlename'] = get_parameter('middlename', 0); $dashboard = get_parameter('dashboard', ''); $visual_console = get_parameter('visual_console', ''); if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $values['id_skin'] = get_parameter('skin', 0); } $values['block_size'] = get_parameter('block_size', $config['block_size']); $values['section'] = get_parameter('section'); if (($values['section'] === HOME_SCREEN_EVENT_LIST) || ($values['section'] === HOME_SCREEN_GROUP_VIEW) || ($values['section'] === HOME_SCREEN_ALERT_DETAIL) || ($values['section'] === HOME_SCREEN_TACTICAL_VIEW) || ($values['section'] === HOME_SCREEN_DEFAULT)) { $values['data_section'] = ''; } else if ($values['section'] === HOME_SCREEN_DASHBOARD) { $values['data_section'] = $dashboard; } else if (io_safe_output($values['section']) === HOME_SCREEN_VISUAL_CONSOLE) { $values['data_section'] = $visual_console; } else if ($values['section'] === HOME_SCREEN_OTHER || io_safe_output($values['section']) === HOME_SCREEN_EXTERNAL_LINK) { $values['data_section'] = get_parameter('data_section'); } // $values['section'] = $homeScreenValues[$values['section']]; if (enterprise_installed() === true && is_metaconsole() === true) { if (users_is_admin() === true) { $values['metaconsole_access'] = get_parameter('metaconsole_access'); $values['metaconsole_agents_manager'] = get_parameter('metaconsole_agents_manager', '0'); $values['metaconsole_access_node'] = get_parameter('metaconsole_access_node', '0'); } else { $values['metaconsole_access'] = $user_info['metaconsole_access']; $values['metaconsole_agents_manager'] = $user_info['metaconsole_agents_manager']; $values['metaconsole_access_node'] = db_get_value('metaconsole_access_node', 'tusuario', 'id_user', $id); } } $values['not_login'] = (bool) get_parameter('not_login', false); $values['local_user'] = (bool) get_parameter('local_user', false); $values['strict_acl'] = (bool) get_parameter('strict_acl', false); $values['session_time'] = (int) get_parameter('session_time', 0); $force_update_session_expire = false; if ($values['session_time'] !== $user_info['session_time']) { $force_update_session_expire = true; } // Previously defined. $values['autorefresh_white_list'] = $autorefresh_white_list; $res1 = update_user($id, $values); if ($force_update_session_expire === true) { config_prepare_expire_time_session(true); } if ($config['user_can_update_password']) { $password_new = (string) get_parameter('password_new', ''); $password_confirm = (string) get_parameter('password_confirm', ''); $own_password_confirm = (string) get_parameter('own_password_confirm', ''); $id_user = (string) get_parameter('id_user', ''); if ($password_new != '') { if ($config['auth'] !== 'mysql' && $values['local_user'] === false) { ui_print_error_message(__('It is not possible to change the password because external authentication is being used')); } else { $correct_password = false; $user_credentials_check = process_user_login($id_user, $own_password_confirm, true); if ($user_credentials_check !== false) { $correct_password = true; } if ((string) $password_confirm === (string) $password_new) { if ($correct_password === true || is_user_admin($config['id_user'])) { if ((is_user_admin($config['id_user']) === false || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) { $pass_ok = login_validate_pass($password_new, $id, true); if ($pass_ok != 1) { ui_print_error_message($pass_ok); } else { $res2 = update_user_password($id, $password_new); if ($res2) { db_process_sql_insert( 'tsesion', [ 'id_sesion' => '', 'id_usuario' => $id, 'ip_origen' => $_SERVER['REMOTE_ADDR'], 'accion' => 'Password change', 'descripcion' => 'Access password updated', 'fecha' => date('Y-m-d H:i:s'), 'utimestamp' => time(), ] ); $res3 = save_pass_history($id, $password_new); // Generate new API token. $newToken = api_token_generate(); $res4 = update_user($id, ['api_token' => $newToken]); } ui_print_result_message( $res1 || $res2, __('User info successfully updated'), __('Error updating user info (no change?)') ); } } else { $res2 = update_user_password($id, $password_new); if ($res2) { $res3 = save_pass_history($id, $password_new); db_process_sql_insert( 'tsesion', [ 'id_sesion' => '', 'id_usuario' => $id, 'ip_origen' => $_SERVER['REMOTE_ADDR'], 'accion' => 'Password change', 'descripcion' => 'Access password updated', 'fecha' => date('Y-m-d H:i:s'), 'utimestamp' => time(), ] ); // Generate new API token. $newToken = api_token_generate(); $res4 = update_user($id, ['api_token' => $newToken]); } ui_print_result_message( $res1 || $res2, __('User info successfully updated'), __('Error updating user info (no change?)') ); } } else { if ($own_password_confirm === '') { ui_print_error_message(__('Password of the active user is required to perform password change')); } else { ui_print_error_message(__('Password of active user is not correct')); } } } else { db_process_sql_insert( 'tsesion', [ 'id_sesion' => '', 'id_usuario' => $id, 'ip_origen' => $_SERVER['REMOTE_ADDR'], 'accion' => 'Password change', 'descripcion' => 'Access password update failed', 'fecha' => date('Y-m-d H:i:s'), 'utimestamp' => time(), ] ); ui_print_error_message(__('Passwords does not match')); } } } else { $has_skin = false; $has_wizard = false; $info = '{"id_user":"'.$id.'", "FullName":"'.$values['fullname'].'", "Firstname":"'.$values['firstname'].'", "Lastname":"'.$values['lastname'].'", "Email":"'.$values['email'].'", "Phone":"'.$values['phone'].'", "Comments":"'.$values['comments'].'", "Is_admin":"'.$values['is_admin'].'", "Language":"'.$values['language'].'", "Timezone":"'.$values['timezone'].'", "Block size":"'.$values['block_size'].'", "Section":"'.$values['section'].'"'; if ($values['allowed_ip_active'] === true) { $info .= ',"IPS Allowed":"'.$values['allowed_ip_list'].'"'; } if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $info .= ',"Skin":"'.$values['id_skin'].'"'; $has_skin = true; } if (enterprise_installed() === true && is_metaconsole() === true) { $info .= ',"Wizard access":"'.$values['metaconsole_access'].'"}'; $has_wizard = true; } else if ($has_skin === true) { $info .= '}'; } if ($has_skin === false && $has_wizard === false) { $info .= '}'; } db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Updated user '.io_safe_output($id), false, false, $info ); ui_print_result_message( $res1, ($apiTokenRenewed === true) ? __('You have generated a new API Token.') : __('User info successfully updated'), __('Error updating user info (no change?)') ); } } else { ui_print_result_message( $res1, __('User info successfully updated'), __('Error updating user info (no change?)') ); } if ((bool) $values['strict_acl'] === true) { $count_groups = 0; $count_tags = 0; $profiles = db_get_all_rows_field_filter('tusuario_perfil', 'id_usuario', $id); if ($profiles === false) { $profiles = []; } foreach ($profiles as $profile) { $count_groups++; $arr_tags = explode(',', $profile['tags']); $count_tags = ($count_tags + count($arr_tags)); } if (($count_groups > 3) && ($count_tags > 10)) { ui_print_info_message(__('Strict ACL is not recommended for this user. Performance could be affected.')); } } $user_info = $values; } if ((int) $status !== -1) { ui_print_result_message( $status, __('User info successfully updated'), __('Error updating user info (no change?)') ); } if ($add_profile && empty($json_profile)) { $id2 = (string) get_parameter('id', get_parameter('id_user')); $group2 = (int) get_parameter('assign_group'); $profile2 = (int) get_parameter('assign_profile'); $tags = (array) get_parameter('assign_tags'); $no_hierarchy = (int) get_parameter('no_hierarchy', 0); foreach ($tags as $k => $tag) { if (empty($tag) === true) { unset($tags[$k]); } } $tags = implode(',', $tags); db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, 'Added profile for user '.io_safe_output($id2), false, false, 'Profile: '.$profile2.' Group: '.$group2.' Tags: '.$tags ); $return = profile_create_user_profile($id2, $profile2, $group2, false, $tags, $no_hierarchy); if ($return === false) { $is_err = true; } else { $pm = db_get_value_filter('pandora_management', 'tperfil', ['id_perfil' => $profile2]); if ((int) $pm === 1) { $user_source = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($user_source === false) { $notificationSources = db_get_all_rows_filter('tnotification_source', [], 'id'); foreach ($notificationSources as $notification) { if ((int) $notification['id'] === 1 || (int) $notification['id'] === 5) { $notification_user = db_get_value_filter( 'id_source', 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); if ($notification_user === false) { @db_process_sql_insert( 'tnotification_source_user', [ 'id_source' => $notification['id'], 'id_user' => $id, ] ); } } } } } } ui_print_result_message( $return, __('Profile added successfully'), __('Profile cannot be added') ); } if (isset($values) === true && empty($values) === false) { $user_info = $values; } if (!users_is_admin() && $config['id_user'] !== $id && $new_user === false) { $group_um = users_get_groups_UM($config['id_user']); if (isset($group_um[0]) === true) { $group_um_string = implode(',', array_keys(users_get_groups($config['id_user'], 'um', true))); } else { $group_um_string = implode(',', array_keys($group_um)); } $sql = sprintf( "SELECT tusuario_perfil.* FROM tusuario_perfil INNER JOIN tperfil ON tperfil.id_perfil = tusuario_perfil.id_perfil WHERE id_usuario like '%s' AND id_grupo IN (%s) AND user_management = 1", $config['id_user'], $group_um_string ); $result = db_get_all_rows_sql($sql); if ((bool) $result === false && (bool) $user_info['is_admin'] === false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to access User Management' ); include 'general/noaccess.php'; return; } } if (!$new_user) { $user_id = '
'.__('User ID').':
'; $user_id .= ''.$id.''; $user_id .= html_print_input_hidden('id_user', $id, true); $user_id .= ''.__('Language').'
'; $language .= html_print_select_from_sql( 'SELECT id_language, name FROM tlanguage', 'language', $user_info['language'], '', __('Default'), 'default', true ).''.__('Timezone').ui_print_help_tip( __('The timezone must be that of the associated server.'), true ).'
'; $timezone .= html_print_timezone_select('timezone', $user_info['timezone']).''.__('Administrator user').'
'; $global_profile .= html_print_checkbox_switch( 'is_admin', 0, $user_info['is_admin'], true ); $global_profile .= ''.__('Comments').'
'; $comments .= html_print_textarea( 'comments', 2, 65, $user_info['comments'], ($view_mode ? 'readonly="readonly"' : ''), true ); $allowedIP = ''; $allowedIP .= __('Login allowed IP list').' '; $allowedIP .= ui_print_help_tip(__('Add the source IPs that will allow console access. Each IP must be separated only by comma. * allows all.'), true).' '; $allowedIP .= html_print_checkbox_switch( 'allowed_ip_active', 0, ($user_info['allowed_ip_active'] ?? 0), true ); $allowedIP .= '
'; $allowedIP .= html_print_textarea( 'allowed_ip_list', 2, 65, ($user_info['allowed_ip_list'] ?? 0), (((bool) $view_mode === true) ? 'readonly="readonly"' : ''), true ); // If we want to create a new user, skins displayed are the skins of the creator's group. If we want to update, skins displayed are the skins of the modified user. $own_info = get_user_info($config['id_user']); if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'PM')) { $display_all_group = true; } else { $display_all_group = false; } if ($new_user) { $usr_groups = (users_get_groups($config['id_user'], 'AR', $display_all_group)); $id_usr = $config['id_user']; } else { $usr_groups = (users_get_groups($id, 'AR', $display_all_group)); $id_usr = $id; } if (is_metaconsole() === false) { // User only can change skins if has more than one group. if (function_exists('skins_print_select')) { if (count($usr_groups) > 1) { if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $skin = ''.__('Skin').'
'; $skin .= skins_print_select($id_usr, 'skin', $user_info['id_skin'], '', __('None'), 0, true).''.__('Block size for pagination').'
'; $size_pagination .= html_print_input_text( 'block_size', $user_info['block_size'], '', 5, 5, true ).''.__('Default event filter').'
'; $default_event_filter .= html_print_select( $event_filter, 'default_event_filter', ($user_info['default_event_filter'] ?? 0), '', '', __('None'), true, false, false ).''.__('eHorus user access enabled').'
'; $ehorus .= html_print_checkbox_switch( 'ehorus_user_level_enabled', 1, $user_info['ehorus_user_level_enabled'], true ).''.__('eHorus user').'
'; $ehorus .= html_print_input_text( 'ehorus_user_level_user', $user_info['ehorus_user_level_user'], '', 15, 45, true ).''.__('eHorus password').'
'; $ehorus .= html_print_input_password( 'ehorus_user_level_pass', io_output_password($user_info['ehorus_user_level_pass']), '', 15, 45, true ).'