"); $pagetitle[] = "Edit user"; if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else { if ($vars['user_id'] && !$vars['edit']) { $user_data = dbFetchRow("SELECT * FROM users WHERE user_id = ?", array($vars['user_id'])); echo("

" . $user_data['realname'] . "

Change...

"); // Perform actions if requested if ($vars['action'] == "deldevperm") { if (dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($vars['device_id'] ,$vars['user_id']))) { dbDelete('devices_perms', "`device_id` = ? AND `user_id` = ?", array($vars['device_id'], $vars['user_id'])); } } if ($vars['action'] == "adddevperm") { if (!dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($vars['device_id'] ,$vars['user_id']))) { dbInsert(array('device_id' => $vars['device_id'], 'user_id' => $vars['user_id']), 'devices_perms'); } } if ($vars['action'] == "delifperm") { if (dbFetchCell("SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?", array($vars['port_id'], $vars['user_id']))) { dbDelete('ports_perms', "`port_id` = ? AND `user_id` = ?", array($vars['port_id'], $vars['user_id'])); } } if ($vars['action'] == "addifperm") { if (!dbFetchCell("SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?", array($vars['port_id'], $vars['user_id']))) { dbInsert(array('port_id' => $vars['port_id'], 'user_id' => $vars['user_id']), 'ports_perms'); } } if ($vars['action'] == "delbillperm") { if (dbFetchCell("SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?", array($vars['bill_id'], $vars['user_id']))) { dbDelete('bill_perms', "`bill_id` = ? AND `user_id` = ?", array($vars['bill_id'], $vars['user_id'])); } } if ($vars['action'] == "addbillperm") { if (!dbFetchCell("SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?", array($vars['bill_id'], $vars['user_id']))) { dbInsert(array('bill_id' => $vars['bill_id'], 'user_id' => $vars['user_id']), 'bill_perms'); } } echo('
'); // Display devices this users has access to echo("

Device Access

"); echo("
"); $device_perms = dbFetchRows("SELECT * from devices_perms as P, devices as D WHERE `user_id` = ? AND D.device_id = P.device_id", array($vars['user_id'])); foreach ($device_perms as $device_perm) { echo(""); $access_list[] = $device_perm['device_id']; $permdone = "yes"; } echo("
Device Action
" . $device_perm['hostname'] . "
"); if (!$permdone) { echo("None Configured"); } // Display devices this user doesn't have access to echo("

Grant access to new device

"); echo("
"); echo("
"); echo("

Interface Access

"); $interface_perms = dbFetchRows("SELECT * from ports_perms as P, ports as I, devices as D WHERE `user_id` = ? AND I.port_id = P.port_id AND D.device_id = I.device_id", array($vars['user_id'])); echo("
"); foreach ($interface_perms as $interface_perm) { echo(""); $ipermdone = "yes"; } echo("
Interface name Action
".$interface_perm['hostname']." - ".$interface_perm['ifDescr']."". "" . $interface_perm['ifAlias'] . "   
"); if (!$ipermdone) { echo("None Configured"); } // Display devices this user doesn't have access to echo("

Grant access to new interface

"); echo("
"); echo("
"); echo("

Bill Access

"); $bill_perms = dbFetchRows("SELECT * from bills AS B, bill_perms AS P WHERE P.user_id = ? AND P.bill_id = B.bill_id", array($vars['user_id'])); echo("
"); foreach ($bill_perms as $bill_perm) { echo(""); $bill_access_list[] = $bill_perm['bill_id']; $bpermdone = "yes"; } echo("
Bill name Action
".$bill_perm['bill_name']."  
"); if (!$bpermdone) { echo("None Configured"); } // Display devices this user doesn't have access to echo("

Grant access to new bill

"); echo("
"); } elseif ($vars['user_id'] && $vars['edit']) { if($_SESSION['userlevel'] == 11) { demo_account(); } else { if(!empty($vars['new_level'])) { if($vars['can_modify_passwd'] == 'on') { $vars['can_modify_passwd'] = '1'; } update_user($vars['user_id'],$vars['new_realname'],$vars['new_level'],$vars['can_modify_passwd'],$vars['new_email']); print_message("User has been updated"); } if(can_update_users() == '1') { $users_details = get_user($vars['user_id']); if(!empty($users_details)) { if(empty($vars['new_realname'])) { $vars['new_realname'] = $users_details['realname']; } if(empty($vars['new_level'])) { $vars['new_level'] = $users_details['level']; } if(empty($vars['can_modify_passwd'])) { $vars['can_modify_passwd'] = $users_details['can_modify_passwd']; } elseif($vars['can_modify_passwd'] == 'on') { $vars['can_modify_passwd'] = '1'; } if(empty($vars['new_email'])) { $vars['new_email'] = $users_details['email']; } if( $config['twofactor'] ) { if( $vars['twofactorremove'] ) { if( dbUpdate(array('twofactor'=>''),users,'user_id = ?',array($vars['user_id'])) ) { echo "
TwoFactor credentials removed.
"; } else { echo "
Couldnt remove user's TwoFactor credentials.
"; } } if( $vars['twofactorunlock'] ) { $twofactor = dbFetchRow("SELECT twofactor FROM users WHERE user_id = ?",array($vars['user_id'])); $twofactor = json_decode($twofactor['twofactor'],true); $twofactor['fails'] = 0; if( dbUpdate(array('twofactor'=>json_encode($twofactor)),users,'user_id = ?',array($vars['user_id'])) ) { echo "
User unlocked.
"; } else { echo "
Couldnt reset user's TwoFactor failures.
"; } } } echo("
"); if( $config['twofactor'] ) { echo "

Two-Factor Authentication

"; $twofactor = dbFetchRow("SELECT twofactor FROM users WHERE user_id = ?",array($vars['user_id'])); $twofactor = json_decode($twofactor['twofactor'],true); if( $twofactor['fails'] >= 3 && (!$config['twofactor_lock'] || (time()-$twofactor['last']) < $config['twofactor_lock']) ) { echo "
"; } if( $twofactor['key'] ) { echo "
"; } else { echo "

No TwoFactor key generated for this user, Nothing to do.

"; } } } else { echo print_error("Error getting user details"); } } else { echo print_error("Authentication method doesn't support updating users"); } } } else { $user_list = get_userlist(); echo("

Select a user to edit

"); echo("
/
"); } } echo("
"); ?>