mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
4313cbfd3174aa6ac0c31b739c82155923adad04
librenms-librenms/includes/html/pages/preferences.inc.php

224 lines
8.5 KiB
PHP
Raw Normal View History

Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8
2008-03-09 22:49:53 +00:00
<?php
more title sets git-svn-id: http://www.observium.org/svn/observer/trunk@2691 61d68cd4-352d-0410-923a-c4978735b2b8
2011-10-18 14:41:19 +00:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
use LibreNMS\Authentication\LegacyAuth;
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
use LibreNMS\Authentication\TwoFactor;
Fix coding style part 2
2015-07-13 20:10:26 +02:00
$no_refresh = true;
Updated some of the main pages to no longer refresh
2015-03-21 21:30:55 +00:00
Fix coding style part 2
2015-07-13 20:10:26 +02:00
$pagetitle[] = 'Preferences';
more title sets git-svn-id: http://www.observium.org/svn/observer/trunk@2691 61d68cd4-352d-0410-923a-c4978735b2b8
2011-10-18 14:41:19 +00:00
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png
2015-08-29 21:44:29 +05:30
echo '<h2>User Preferences</h2>';
echo '<hr>';
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8
2008-03-09 22:49:53 +00:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
if (LegacyAuth::user()->isDemoUser()) {
Updated to support a demo user
2015-02-16 23:45:28 +00:00
demo_account();
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings.
2016-08-18 20:28:22 -05:00
} else {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
if ($_POST['action'] == 'changepass') {
Prevent credentials from being leaked in backtrace in some instances (#9817) * Prevent credentials from being leak in backtrace in some instances Particularly before the user is authenticated * fix test
2019-03-05 00:24:14 -06:00
if (LegacyAuth::get()->authenticate(['username' => LegacyAuth::user()->username, 'password' => $_POST['old_pass']])) {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
if ($_POST['new_pass'] == '' || $_POST['new_pass2'] == '') {
$changepass_message = 'Password must not be blank.';
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings.
2016-08-18 20:28:22 -05:00
} elseif ($_POST['new_pass'] == $_POST['new_pass2']) {
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
LegacyAuth::get()->changePassword(LegacyAuth::user()->username, $_POST['new_pass']);
Fix coding style part 2
2015-07-13 20:10:26 +02:00
$changepass_message = 'Password Changed.';
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings.
2016-08-18 20:28:22 -05:00
} else {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
$changepass_message = "Passwords don't match.";
}
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings.
2016-08-18 20:28:22 -05:00
} else {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
$changepass_message = 'Incorrect password';
}
}
refactored some code
2016-10-22 15:51:20 +00:00
if ($vars['action'] === 'changedash') {
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
if (!empty($vars['dashboard'])) {
fix: move user preferences dashboard and twofactor out of users table (#6286) * fix: move user preferences dashboard and twofactor out of users table This allows them to work with any authentication method Add set_user_pref() and get_user_pref() helper functions * fix edit users for other users * Fix updated_at default timestamp * Update and rename 183.sql to 184.sql * removed commented out debug
2017-04-01 16:18:00 -05:00
set_user_pref('dashboard', (int)$vars['dashboard']);
refactored some code
2016-10-22 15:51:20 +00:00
$updatedashboard_message = "User default dashboard updated";
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
}
}
Added alerts schedule notes into device notes (#9258) * Add alerts schedule notes into device notes Signed-off-by: Rémy Jacquin <remy@remyj.fr> * Update preferences.inc.php
2018-11-08 23:01:46 +01:00
if ($vars['action'] === 'changenote') {
set_user_pref('add_schedule_note_to_device', (bool)$vars['notetodevice']);
if ($vars['notetodevice']) {
$updatenote_message = "Schedule notes will now be added to device notes";
} else {
$updatenote_message = "Schedule notes will no longer be added to device notes";
}
}
fix password change for mysql auth git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8
2010-06-21 15:39:43 +00:00
Security fix: unauthorized access (#10091) * Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2019-04-11 23:26:42 -05:00
include 'includes/html/update-preferences-password.inc.php';
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8
2008-03-09 22:49:53 +00:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
if (LegacyAuth::get()->canUpdatePasswords(LegacyAuth::user()->username)) {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
echo '<h3>Change Password</h3>';
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png
2015-08-29 21:44:29 +05:30
echo '<hr>';
echo "<div class='well'>";
Fix coding style part 2
2015-07-13 20:10:26 +02:00
echo $changepass_message;
echo "<form method='post' action='preferences/' class='form-horizontal' role='form'>
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box
2014-01-13 10:05:19 +00:00
<input type=hidden name='action' value='changepass'>
<div class='form-group'>
UI fixes * Removed <hr> and replaced with <br> * "Old Password" changed to "Current Password"
2015-09-22 18:31:14 +05:30
<label for='old_pass' class='col-sm-2 control-label'>Current Password</label>
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box
2014-01-13 10:05:19 +00:00
<div class='col-sm-4'>
<input type=password name=old_pass autocomplete='off' class='form-control input-sm'>
</div>
<div class='col-sm-6'>
</div>
</div>
<div class='form-group'>
<label for='new_pass' class='col-sm-2 control-label'>New Password</label>
<div class='col-sm-4'>
<input type=password name=new_pass autocomplete='off' class='form-control input-sm'>
</div>
<div class='col-sm-6'>
</div>
</div>
<div class='form-group'>
Aligned the New Password text properly
2014-06-17 19:56:20 +01:00
<label for='new_pass2' class='col-sm-2 control-label'>New Password</label>
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box
2014-01-13 10:05:19 +00:00
<div class='col-sm-4'>
<input type=password name=new_pass2 autocomplete='off' class='form-control input-sm'>
UI fixes * Removed <hr> and replaced with <br> * "Old Password" changed to "Current Password"
2015-09-22 18:31:14 +05:30
<br>
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png
2015-08-29 21:44:29 +05:30
<center><button type='submit' class='btn btn-default'>Submit</button></center>
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box
2014-01-13 10:05:19 +00:00
</div>
<div class='col-sm-6'>
</div>
</div>
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png
2015-08-29 21:44:29 +05:30
Fix coding style part 2
2015-07-13 20:10:26 +02:00
</form>";
echo '</div>';
}//end if
if ($config['twofactor'] === true) {
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
$twofactor = get_user_pref('twofactor');
echo '<script src="js/jquery.qrcode.min.js"></script>';
echo '<h3>Two-Factor Authentication</h3>';
echo '<hr>';
echo '<div class="well">';
if (!empty($twofactor)) {
$twofactor['text'] = "<div class='form-group'>
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<label for='twofactorkey' class='col-sm-2 control-label'>Secret Key</label>
<div class='col-sm-4'>
<input type='text' name='twofactorkey' autocomplete='off' disabled class='form-control input-sm' value='".$twofactor['key']."' />
</div>
</div>";
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
if ($twofactor['counter'] !== false) {
$twofactor['uri'] = 'otpauth://hotp/'.LegacyAuth::user()->username.'?issuer=LibreNMS&counter='.$twofactor['counter'].'&secret='.$twofactor['key'];
$twofactor['text'] .= "<div class='form-group'>
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<label for='twofactorcounter' class='col-sm-2 control-label'>Counter</label>
<div class='col-sm-4'>
<input type='text' name='twofactorcounter' autocomplete='off' disabled class='form-control input-sm' value='".$twofactor['counter']."' />
</div>
</div>";
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
} else {
$twofactor['uri'] = 'otpauth://totp/'.LegacyAuth::user()->username.'?issuer=LibreNMS&secret='.$twofactor['key'];
}
Fix coding style part 2
2015-07-13 20:10:26 +02:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
echo '<div id="twofactorqrcontainer">
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<div id="twofactorqr"></div>
<button class="btn btn-default" onclick="$(\'#twofactorkeycontainer\').show(); $(\'#twofactorqrcontainer\').hide();">Manual</button>
</div>';
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
echo '<div id="twofactorkeycontainer">
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<form id="twofactorkey" class="form-horizontal" role="form">'.$twofactor['text'].'</form>
<button class="btn btn-default" onclick="$(\'#twofactorkeycontainer\').hide(); $(\'#twofactorqrcontainer\').show();">QR</button>
</div>';
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
echo '<script>$("#twofactorqr").qrcode({"text": "'.$twofactor['uri'].'"}); $("#twofactorkeycontainer").hide();</script>';
echo '<br/><form method="post" class="form-horizontal" role="form" action="2fa/remove">
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<button class="btn btn-danger" type="submit">Disable TwoFactor</button>
</form>';
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
} else {
echo '<form method="post" class="form-horizontal" role="form" action="2fa/add">
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<div class="form-group">
<label for="twofactortype" class="col-sm-2 control-label">TwoFactor Type</label>
<div class="col-sm-4">
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test...
2019-04-22 19:01:39 -05:00
<select name="twofactortype" class="select form-control">
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
<option value="time">Time Based (TOTP)</option>
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
<option value="counter">Counter Based (HOTP)</option>
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
</select>
</div>
</div>
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
<div class="form-group">
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test...
2019-04-22 19:01:39 -05:00
<div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-default" type="submit" id="twofactor-generate">Generate TwoFactor Secret Key</button>
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
</div>
</div>
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer
2014-12-24 21:22:02 +00:00
</form>';
Fix coding style part 2
2015-07-13 20:10:26 +02:00
}//end if
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
echo '</div>';
Fix coding style part 2
2015-07-13 20:10:26 +02:00
}//end if
}//end if
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
echo "<h3>Default Dashboard</h3>
<hr>
<div class='well'>";
refactored some code
2016-10-22 15:51:20 +00:00
if (!empty($updatedashboard_message)) {
print_message($updatedashboard_message);
}
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
echo "
<form method='post' action='preferences/' class='form-horizontal' role='form'>
<div class='form-group'>
<input type=hidden name='action' value='changedash'>
<div class='form-group'>
<label for='dashboard' class='col-sm-2 control-label'>Dashboard</label>
<div class='col-sm-4'>
<select class='form-control' name='dashboard'>";
fix: move user preferences dashboard and twofactor out of users table (#6286) * fix: move user preferences dashboard and twofactor out of users table This allows them to work with any authentication method Add set_user_pref() and get_user_pref() helper functions * fix edit users for other users * Fix updated_at default timestamp * Update and rename 183.sql to 184.sql * removed commented out debug
2017-04-01 16:18:00 -05:00
foreach (get_dashboards() as $dash) {
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
echo "
fix: move user preferences dashboard and twofactor out of users table (#6286) * fix: move user preferences dashboard and twofactor out of users table This allows them to work with any authentication method Add set_user_pref() and get_user_pref() helper functions * fix edit users for other users * Fix updated_at default timestamp * Update and rename 183.sql to 184.sql * removed commented out debug
2017-04-01 16:18:00 -05:00
<option value='".$dash['dashboard_id']."'".($dash['default'] ? ' selected' : '').">".display($dash['username']).':'.display($dash['dashboard_name'])."</option>";
style fixes
2016-10-19 16:03:51 -06:00
}
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test...
2019-04-22 19:01:39 -05:00
echo '
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
</select>
</div>
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test...
2019-04-22 19:01:39 -05:00
</div>
<div class="form-group">
<div class="col-sm-4 col-sm-offset-2"><button type="submit" class="btn btn-default">Update Dashboard</button></div>
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
</div>
</div>
</form>
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test...
2019-04-22 19:01:39 -05:00
</div>';
Allow regular users to set their own default dashboard from the preferences page
2016-10-19 15:37:26 -06:00
Fix coding style part 2
2015-07-13 20:10:26 +02:00
Added alerts schedule notes into device notes (#9258) * Add alerts schedule notes into device notes Signed-off-by: Rémy Jacquin <remy@remyj.fr> * Update preferences.inc.php
2018-11-08 23:01:46 +01:00
echo "<h3>Add schedule notes to devices notes</h3>
<hr>
<div class='well'>";
if (!empty($updatenote_message)) {
print_message($updatenote_message);
}
echo "
<form method='post' action='preferences/' class='form-horizontal' role='form'>
<div class='form-group'>
<input type=hidden name='action' value='changenote'>
<div class='form-group'>
<label for='dashboard' class='col-sm-3 control-label'>Add schedule notes to devices notes</label>
<div class='col-sm-4'>
<input id='notetodevice' type='checkbox' name='notetodevice' data-size='small' " . ((get_user_pref('add_schedule_note_to_device', false)) ? 'checked' : '') . ">
</div>
</div>
<div class='form-group'>
<div class='col-sm-4 col-sm-offset-3'>
<button type='submit' class='btn btn-default'>Update preferences</button>
</div>
<div class='col-sm-6'></div>
</div>
</div>
</form>
</div>";
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png
2015-08-29 21:44:29 +05:30
echo "<h3>Device Permissions</h3>";
echo "<hr>";
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
echo '<div class="well">';
if (LegacyAuth::user()->hasGlobalAdmin()) {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
echo "<strong class='blue'>Global Administrative Access</strong>";
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
} elseif (LegacyAuth::user()->hasGlobalRead()) {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
echo "<strong class='green'>Global Viewing Access</strong>";
refactor: Don't access $_SESSION directly for Auth (#8513) * Don't access $_SESSION directly for Auth * fix style * add property annotations
2018-04-07 15:55:28 -05:00
} else {
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 07:51:35 -05:00
foreach (dbFetchRows('SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = ? AND P.device_id = D.device_id', array(LegacyAuth::id())) as $perm) {
Fix coding style part 2
2015-07-13 20:10:26 +02:00
// FIXME generatedevicelink?
echo "<a href='device/device=".$perm['device_id']."'>".$perm['hostname'].'</a><br />';
$dev_access = 1;
}
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8
2008-03-09 22:49:53 +00:00
Fix coding style part 2
2015-07-13 20:10:26 +02:00
if (!$dev_access) {
echo 'No access!';
}
restructure/reindent/htmlfix html pages, remove dead code git-svn-id: http://www.observium.org/svn/observer/trunk@1897 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-17 00:09:20 +00:00
}
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8
2008-03-09 22:49:53 +00:00
Fix coding style part 2
2015-07-13 20:10:26 +02:00
echo '</div>';
Added alerts schedule notes into device notes (#9258) * Add alerts schedule notes into device notes Signed-off-by: Rémy Jacquin <remy@remyj.fr> * Update preferences.inc.php
2018-11-08 23:01:46 +01:00
echo "<script>$(\"[name='notetodevice']\").bootstrapSwitch('offColor','danger');</script>";
Reference in New Issue Copy Permalink