"; $pagetitle[] = 'Edit user'; if ($_SESSION['userlevel'] != '10') { include 'includes/error-no-perm.inc.php'; } else { if ($vars['user_id'] && !$vars['edit']) { $user_data = dbFetchRow('SELECT * FROM users WHERE user_id = ?', array($vars['user_id'])); echo '

'.$user_data['realname']."

Change...

"; // Perform actions if requested if ($vars['action'] == 'deldevperm') { if (dbFetchCell('SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?', array($vars['device_id'], $vars['user_id']))) { dbDelete('devices_perms', '`device_id` = ? AND `user_id` = ?', array($vars['device_id'], $vars['user_id'])); } } if ($vars['action'] == 'adddevperm') { if (!dbFetchCell('SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?', array($vars['device_id'], $vars['user_id']))) { dbInsert(array('device_id' => $vars['device_id'], 'user_id' => $vars['user_id']), 'devices_perms'); } } if ($vars['action'] == 'delifperm') { if (dbFetchCell('SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?', array($vars['port_id'], $vars['user_id']))) { dbDelete('ports_perms', '`port_id` = ? AND `user_id` = ?', array($vars['port_id'], $vars['user_id'])); } } if ($vars['action'] == 'addifperm') { if (!dbFetchCell('SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?', array($vars['port_id'], $vars['user_id']))) { dbInsert(array('port_id' => $vars['port_id'], 'user_id' => $vars['user_id'], 'access_level' => 0), 'ports_perms'); } } if ($vars['action'] == 'delbillperm') { if (dbFetchCell('SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?', array($vars['bill_id'], $vars['user_id']))) { dbDelete('bill_perms', '`bill_id` = ? AND `user_id` = ?', array($vars['bill_id'], $vars['user_id'])); } } if ($vars['action'] == 'addbillperm') { if (!dbFetchCell('SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?', array($vars['bill_id'], $vars['user_id']))) { dbInsert(array('bill_id' => $vars['bill_id'], 'user_id' => $vars['user_id']), 'bill_perms'); } } echo '
'; // Display devices this users has access to echo '

Device Access

'; echo "
"; $device_perms = dbFetchRows('SELECT * from devices_perms as P, devices as D WHERE `user_id` = ? AND D.device_id = P.device_id', array($vars['user_id'])); foreach ($device_perms as $device_perm) { echo '"; $access_list[] = $device_perm['device_id']; $permdone = 'yes'; } echo '
Device Action
'.$device_perm['hostname']."
'; if (!$permdone) { echo 'None Configured'; } // Display devices this user doesn't have access to echo '

Grant access to new device

'; echo "
"; echo "
"; echo '

Interface Access

'; $interface_perms = dbFetchRows('SELECT * from ports_perms as P, ports as I, devices as D WHERE `user_id` = ? AND I.port_id = P.port_id AND D.device_id = I.device_id', array($vars['user_id'])); echo "
"; foreach ($interface_perms as $interface_perm) { echo '"; $ipermdone = 'yes'; } echo '
Interface name Action
'.$interface_perm['hostname'].' - '.$interface_perm['ifDescr'].''.''.$interface_perm['ifAlias']."   
'; if (!$ipermdone) { echo 'None Configured'; } // Display devices this user doesn't have access to echo '

Grant access to new interface

'; echo "
"; echo "
"; echo '

Bill Access

'; $bill_perms = dbFetchRows('SELECT * from bills AS B, bill_perms AS P WHERE P.user_id = ? AND P.bill_id = B.bill_id', array($vars['user_id'])); echo "
"; foreach ($bill_perms as $bill_perm) { echo '"; $bill_access_list[] = $bill_perm['bill_id']; $bpermdone = 'yes'; } echo '
Bill name Action
'.$bill_perm['bill_name']."  
'; if (!$bpermdone) { echo 'None Configured'; } // Display devices this user doesn't have access to echo '

Grant access to new bill

'; echo "
"; } else if ($vars['user_id'] && $vars['edit']) { if ($_SESSION['userlevel'] == 11) { demo_account(); } else { if (!empty($vars['new_level'])) { if ($vars['can_modify_passwd'] == 'on') { $vars['can_modify_passwd'] = '1'; } update_user($vars['user_id'], $vars['new_realname'], $vars['new_level'], $vars['can_modify_passwd'], $vars['new_email']); print_message('User has been updated'); if (!empty($vars['new_pass1']) && $vars['new_pass1'] == $vars['new_pass2'] && passwordscanchange($vars['cur_username'])) { if (changepassword($vars['cur_username'],$vars['new_pass1']) == 1) { print_message("User password has been updated"); } else { print_error("Password couldn't be updated"); } } elseif (!empty($vars['new_pass1']) && $vars['new_pass1'] != $vars['new_pass2']) { print_error("The supplied passwords didn't match so weren't updated"); } } if (can_update_users() == '1') { $users_details = get_user($vars['user_id']); if (!empty($users_details)) { if (empty($vars['new_realname'])) { $vars['new_realname'] = $users_details['realname']; } if (empty($vars['new_level'])) { $vars['new_level'] = $users_details['level']; } if (empty($vars['can_modify_passwd'])) { $vars['can_modify_passwd'] = $users_details['can_modify_passwd']; } else if ($vars['can_modify_passwd'] == 'on') { $vars['can_modify_passwd'] = '1'; } if (empty($vars['new_email'])) { $vars['new_email'] = $users_details['email']; } if ($config['twofactor']) { if ($vars['twofactorremove']) { if (dbUpdate(array('twofactor' => ''), users, 'user_id = ?', array($vars['user_id']))) { echo "
TwoFactor credentials removed.
"; } else { echo "
Couldnt remove user's TwoFactor credentials.
"; } } if ($vars['twofactorunlock']) { $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE user_id = ?', array($vars['user_id'])); $twofactor = json_decode($twofactor['twofactor'], true); $twofactor['fails'] = 0; if (dbUpdate(array('twofactor' => json_encode($twofactor)), users, 'user_id = ?', array($vars['user_id']))) { echo "
User unlocked.
"; } else { echo "
Couldnt reset user's TwoFactor failures.
"; } } } echo "
"; if (passwordscanchange($users_details['username'])) { echo "
"; } echo "
"; if ($config['twofactor']) { echo "

Two-Factor Authentication

"; $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE user_id = ?', array($vars['user_id'])); $twofactor = json_decode($twofactor['twofactor'], true); if ($twofactor['fails'] >= 3 && (!$config['twofactor_lock'] || (time() - $twofactor['last']) < $config['twofactor_lock'])) { echo "
"; } if ($twofactor['key']) { echo "
"; } else { echo '

No TwoFactor key generated for this user, Nothing to do.

'; } }//end if } else { echo print_error('Error getting user details'); }//end if } else { echo print_error("Authentication method doesn't support updating users"); }//end if }//end if } else { $user_list = get_userlist(); echo '

Select a user to edit

'; echo "
/
"; }//end if }//end if echo '
';