mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
MOAR AUTHMODULE, with some parts left to do...
git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Tom Laermans
40
adduser.php
40
adduser.php
@@ -5,17 +5,33 @@ include("includes/defaults.inc.php");
|
||||
include("config.php");
|
||||
include("includes/functions.php");
|
||||
|
||||
if($argv[1] && $argv[2] && $argv[3]) {
|
||||
if($argv[4]) {
|
||||
mysql_query("INSERT INTO `users` (`username`,`password`,`level`) VALUES ('".mres($argv[1])."',MD5('".$argv[2]."'),'".mres($argv[3])."'),'".mres($argv[4])."')");
|
||||
} else {
|
||||
mysql_query("INSERT INTO `users` (`username`,`password`,`level`) VALUES ('".mres($argv[1])."',MD5('".$argv[2]."'),'".mres($argv[3])."')");
|
||||
}
|
||||
if(mysql_affected_rows()) {
|
||||
echo("User ".$argv[1]." added successfully\n");
|
||||
}
|
||||
} else {
|
||||
echo("Add User Tool\nUsage: ./adduser.php <username> <password> <level 1-10> [email]\n");
|
||||
}
|
||||
if (file_exists('html/includes/authentication/' . $config['auth_mechanism'] . '.inc.php'))
|
||||
{
|
||||
include('html/includes/authentication/' . $config['auth_mechanism'] . '.inc.php');
|
||||
}
|
||||
else
|
||||
{
|
||||
echo "ERROR: no valid auth_mechanism defined.\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
if (auth_usermanagement())
|
||||
{
|
||||
if($argv[1] && $argv[2] && $argv[3])
|
||||
{
|
||||
if(adduser($argv[1],$argv[2],$argv[3],$argv[4]))
|
||||
{
|
||||
echo("User ".$argv[1]." added successfully\n");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo("Add User Tool\nUsage: ./adduser.php <username> <password> <level 1-10> [email]\n");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo "Auth module does not allow adding users!\n";
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@@ -34,5 +34,21 @@ function changepassword($username,$newpassword)
|
||||
# Not supported
|
||||
}
|
||||
|
||||
function auth_usermanagement()
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
function adduser($username, $password, $level, $email = "", $realname = "")
|
||||
{
|
||||
mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."',MD5('".mres($password)."'),'".mres($level)."','".mres($email)."','".mres($realname)."')");
|
||||
|
||||
return mysql_affected_rows();
|
||||
}
|
||||
|
||||
function user_exists($username)
|
||||
{
|
||||
return mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0);
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -43,5 +43,22 @@ function changepassword($username,$newpassword)
|
||||
{
|
||||
# Not supported (for now)
|
||||
}
|
||||
|
||||
|
||||
function auth_usermanagement()
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
function adduser($username, $password, $level, $email = "", $realname = "")
|
||||
{
|
||||
# Not supported
|
||||
return 0;
|
||||
}
|
||||
|
||||
function user_exists($username)
|
||||
{
|
||||
return 0; # FIXME to be implemented
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
@@ -25,4 +25,21 @@ function changepassword($username,$newpassword)
|
||||
$query = mysql_query($sql);
|
||||
}
|
||||
|
||||
function auth_usermanagement()
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
function adduser($username, $password, $level, $email = "", $realname = "")
|
||||
{
|
||||
mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."',MD5('".mres($password)."'),'".mres($level)."','".mres($email)."','".mres($realname)."')");
|
||||
|
||||
return mysql_affected_rows();
|
||||
}
|
||||
|
||||
function user_exists($username)
|
||||
{
|
||||
return mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0);
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -23,7 +23,7 @@ echo("<div style='margin:auto; text-align: center; margin-top: 20px; max-width:4
|
||||
</div>
|
||||
<b class='rounded'>
|
||||
<b class='rounded5'></b>
|
||||
<b class='unded4'></b>
|
||||
<b class='rounded4'></b>
|
||||
<b class='rounded3'></b>
|
||||
<b class='rounded2'></b>
|
||||
<b class='rounded1'></b></b>
|
||||
|
||||
@@ -214,11 +214,16 @@ echo(' <li><hr /></li>
|
||||
echo('
|
||||
<li><hr width="140" /></li>
|
||||
<li><a href="/statistics/"><img src="images/16/report.png" border="0" align="absmiddle" /> Statistics</a></li>
|
||||
<li><hr width="140" /></li>
|
||||
<li><a href="?page=adduser"><img src="images/16/user_add.png" border="0" align="absmiddle" /> Add User</a></li>
|
||||
<li><a href="?page=deluser"><img src="images/16/user_delete.png" border="0" align="absmiddle" /> Remove User</a></li>
|
||||
<li><hr width="140" /></li>');
|
||||
if (auth_usermanagement())
|
||||
{
|
||||
echo('
|
||||
<li><a href="adduser/"><img src="images/16/user_add.png" border="0" align="absmiddle" /> Add User</a></li>
|
||||
<li><a href="deluser/"><img src="images/16/user_delete.png" border="0" align="absmiddle" /> Remove User</a></li>
|
||||
<li><a href="?page=edituser"><img src="images/16/user_edit.png" border="0" align="absmiddle" /> Edit User</a></li>
|
||||
<li><hr width="140" /></li>
|
||||
<li><hr width="140" /></li>');
|
||||
}
|
||||
echo ('
|
||||
<li><a href="authlog/"><img src="images/16/lock.png" border="0" align="absmiddle" /> Authlog</a></li>');
|
||||
} ?>
|
||||
</ul>
|
||||
|
||||
@@ -2,50 +2,66 @@
|
||||
|
||||
echo("<div style='margin: 10px;'>");
|
||||
|
||||
if($_SESSION['userlevel'] != '10') {
|
||||
if($_SESSION['userlevel'] != '10')
|
||||
{
|
||||
include("includes/error-no-perm.inc.php");
|
||||
} else {
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
echo("<h3>Add User</h3>");
|
||||
|
||||
if($_POST['action'] == "add") {
|
||||
if($_POST['new_username'] && $_POST['new_password'] && !mysql_result(mysql_query("SELECT * FROM users WHERE username = '".$_POST['new_username']."'"),0) ) {
|
||||
mysql_query("INSERT INTO `users` (`username`, `realname`, `password`, `level`) VALUES ('" . mres($_POST['new_username']) . "', '" . mres($_POST['new_realname']) . "', MD5('" . mres($_POST['new_password']) . "'), '" . mres($_POST['new_level']) . "')");
|
||||
if(mysql_affected_rows()) { echo("<span class=info>User " . $_POST['username'] . " added!</span>"); }
|
||||
if (auth_usermanagement())
|
||||
{
|
||||
if($_POST['action'] == "add")
|
||||
{
|
||||
if($_POST['new_username'])
|
||||
{
|
||||
if (!user_exists($_POST['new_username']))
|
||||
{
|
||||
# FIXME: missing email field here on the form
|
||||
if (adduser($_POST['new_username'], $_POST['new_password'], $_POST['new_level'], '', $_POST['realname']))
|
||||
{
|
||||
echo("<span class=info>User " . $_POST['username'] . " added!</span>");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo('<div class="red">User with this name already exists!</div>');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo('<div class="red">Please enter a username!</div>');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
echo("<form method='post' action='?page=adduser'>
|
||||
<input type='hidden' value='add' name='action'>");
|
||||
|
||||
echo("Username <input style='margin: 1px;' name='new_username'></input><br />");
|
||||
if($_POST['action'] == "add" && !$_POST['new_username']) {
|
||||
echo("<div class=red>Please enter a username!</div>");
|
||||
} elseif( mysql_result(mysql_query("SELECT * FROM users WHERE username = '".$_POST['new_username']."'"),0)) {
|
||||
echo("<span class=red>User with this name already exists!</span><br />");
|
||||
}
|
||||
echo("<form method='post' action='?page=adduser'> <input type='hidden' value='add' name='action'>");
|
||||
echo("Username <input style='margin: 1px;' name='new_username'></input><br />");
|
||||
?>
|
||||
Password <input style='margin: 1px;' name='new_password' id='new_password' type=password /><br />
|
||||
<?php
|
||||
if($_POST['action'] == "add" && !$_POST['new_password']) {
|
||||
echo("<span class=red>Please enter a password!</span><br />");
|
||||
}
|
||||
echo("Realname <input style='margin: 1px;' name='new_realname'></input><br />");
|
||||
if($_POST['action'] == "add" && !$_POST['new_password'])
|
||||
{
|
||||
echo("<span class=red>Please enter a password!</span><br />");
|
||||
}
|
||||
echo("Realname <input style='margin: 1px;' name='new_realname'></input><br />");
|
||||
?>
|
||||
<?php
|
||||
echo("Level <select style='margin: 5px;' name='new_level'>
|
||||
echo("Level <select style='margin: 5px;' name='new_level'>
|
||||
<option value='1'>Normal User</option>
|
||||
<option value='5'>Global Read</option>
|
||||
<option value='10'>Administrator</option>
|
||||
</select><br /><br />");
|
||||
|
||||
echo(" <input type='submit' Value='Add' >");
|
||||
|
||||
echo("</form>");
|
||||
|
||||
echo(" <input type='submit' Value='Add' >");
|
||||
echo("</form>");
|
||||
}
|
||||
else
|
||||
{
|
||||
echo('<span class="red">Auth module does not allow user management!</span><br />');
|
||||
}
|
||||
}
|
||||
|
||||
echo("</div>");
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -2,37 +2,46 @@
|
||||
|
||||
echo("<div style='margin: 10px;'>");
|
||||
|
||||
if($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else {
|
||||
|
||||
if($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else
|
||||
{
|
||||
echo("<h3>Delete User</h3>");
|
||||
|
||||
if($_GET['action'] == "del") {
|
||||
if (auth_usermanagement())
|
||||
{
|
||||
|
||||
$delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . mres($_GET['user_id']) . "'"),0);
|
||||
if($_GET['action'] == "del")
|
||||
{
|
||||
$delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . mres($_GET['user_id']) . "'"),0);
|
||||
|
||||
if($_GET['confirm'] == "yes") {
|
||||
if($_GET['confirm'] == "yes")
|
||||
{
|
||||
mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
|
||||
# FIXME v sql query should be replaced by authmodule
|
||||
mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
|
||||
|
||||
mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
|
||||
mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
|
||||
|
||||
if(mysql_affected_rows()) { echo("<span class=info>User '$delete_username' deleted!</span>"); }
|
||||
|
||||
} else {
|
||||
|
||||
echo("<span class=alert>You have requested deletion of the user '$delete_username'. This action can not be reversed.<br /><a href='?page=deluser&action=del&user_id=" . $_GET['user_id'] . "&confirm=yes'>Click to confirm</a></span>");
|
||||
if(mysql_affected_rows()) { echo("<span class=info>User '$delete_username' deleted!</span>"); }
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
echo("<span class=alert>You have requested deletion of the user '$delete_username'. This action can not be reversed.<br /><a href='?page=deluser&action=del&user_id=" . $_GET['user_id'] . "&confirm=yes'>Click to confirm</a></span>");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
# FIXME v mysql query should be replaced by authmodule
|
||||
$userlist = mysql_query("SELECT * FROM `users`");
|
||||
|
||||
$userlist = mysql_query("SELECT * FROM `users`");
|
||||
|
||||
while($userentry = mysql_fetch_array($userlist)) {
|
||||
$i++;
|
||||
echo($i . ". " . $userentry['username'] . "
|
||||
while($userentry = mysql_fetch_array($userlist))
|
||||
{
|
||||
$i++;
|
||||
echo($i . ". " . $userentry['username'] . "
|
||||
<a href='?page=deluser&action=del&user_id=" . $userentry['user_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a><br/>");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo("<span class=red>Auth module does not allow user management!</span><br />");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
echo("</div>");
|
||||
|
||||
Reference in New Issue
Block a user