Updating user"; $query = sprintf( "update auth_user set username = '%s', name = '%s', organization = '%s', tel = '%s', email = '%s', - yubikey = '%s', auth_method = '%s' ", addslashes($username), addslashes($name), addslashes($organization), addslashes($tel), addslashes($email), - addslashes($otp_yubikey), addslashes($auth_method) ); if (strlen($password)) { if ($CDRTool['provider']['clear_text_passwords'] != 1) { $query .= sprintf( ", password = '', password_hashed = '%s'", addslashes(md5($password)) ); } else { $query .= sprintf( ", password = '%s', password_hashed = ''", addslashes($password) ); } } if ($perm->have_perm("admin")) { if (strlen($impersonate)) { if (!preg_match("/^[0-9]*\.[0-9]*$/", $impersonate)) { printf("
Failed to update user $id"; print "The error is $db->Error"; } else { if ($delete) { log_accounts_action(sprintf("account %s deleted", $username)); print "
User $name deleted"; } else { log_accounts_action(sprintf("account %s updated", $username)); print "
User $name updated"; if ($mailsettings) { if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } $body .= sprintf("The following login account for CDRTool has been created for you:\n\n"); $body .= sprintf("Username: %s\n", $username); $body .= sprintf("Password: %s\n", $password); $body .= sprintf("URL: %s%s%s\n\n", $protocolURL, $_SERVER['HTTP_HOST'], $CDRTool['tld']); $body .= sprintf("You may use your CDRTool account to access call detail records and \n"); $body .= sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); $from = sprintf("From: %s", $CDRTool['provider']['fromEmail']); mail($email, "CDRTool login account", $body, $from); } } accountList(); } } } else { $query = "select * from auth_user"; if (!$perm->have_perm("admin")) { $query .= sprintf(" where user_id = '%s'", addslashes($uid)); $id=$uid; } else { $query .= sprintf(" where user_id = '%s'", addslashes($id)); } dprint($query); $db->query($query); $db->next_record(); $username = $db->f('username'); $name = $db->f('name'); $email = $db->f('email'); $tel = $db->f('tel'); $password = $db->f('password'); $organization = $db->f('organization'); $perms = $db->f('perms'); $sources = $db->f('sources'); $expire = $db->f('expire'); $aNumberFilter = $db->f('aNumberFilter'); $gatewayFilter = $db->f('gatewayFilter'); $domainFilter = $db->f('domainFilter'); $serviceFilter = $db->f('serviceFilter'); $compidFilter = $db->f('compidFilter'); $cscodeFilter = $db->f('cscodeFilter'); $afterDateFilter = $db->f('afterDateFilter'); $aclFilter = $db->f('aclFilter'); $impersonate = $db->f('impersonate'); - $yubikey = $db->f('yubikey'); $auth_method = $db->f('auth_method'); showForm($id); } } elseif ($action=="insert" && $perm->have_perm("admin")) { print "
"; $uid = $auth->auth["uid"]; if (!$password) $password = random_passwd_gen(); if ($check) { if ($perms) $perms = implode($perms,","); if ($sources) $sources = implode($sources,","); if (strlen($impersonate)) { if (!preg_match("/^[0-9]*\.[0-9]*$/", $impersonate)) { printf("Warning: Impersonate must be formated as CustomerId.ResellerId"); unset($impersonate); } } if ($err = $f->validate()) { print "
$err
"; showForm(); } else { //print "
Adding user"; $hash_secret = "ffdsdsd__ky..."; $user_id = md5(uniqid($hash_secret)); if ($CDRTool['provider']['clear_text_passwords']!=1) { $query = sprintf( "insert into auth_user ( user_id, username, password, password_hashed, name, organization, tel, email, perms, sources, expire, domainFilter, aNumberFilter, serviceFilter, compidFilter, cscodeFilter, gatewayFilter, afterDateFilter, aclFilter, impersonate, - yubikey, auth_method ) values ( '%s', '%s', '', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', - '%s', '%s' )", addslashes($user_id), addslashes($username), addslashes(md5($password)), addslashes($name), addslashes($organization), addslashes($tel), addslashes($email), addslashes($perms), addslashes($sources), addslashes($expire), addslashes($domainFilter), addslashes($aNumberFilter), addslashes($serviceFilter), addslashes($compidFilter), addslashes($cscodeFilter), addslashes($gatewayFilter), addslashes($afterDateFilter), addslashes($aclFilter), addslashes($impersonate), - addslashes($yubikey), addslashes($auth_method) ); } else { $query = sprintf( "insert into auth_user ( user_id, username, password, name, organization, tel, email, perms, sources, expire, domainFilter, aNumberFilter, serviceFilter, compidFilter, cscodeFilter, gatewayFilter, afterDateFilter, aclFilter, impersonate, - yubikey, auth_method ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', - '%s', '%s' )", addslashes($user_id), addslashes($username), addslashes($password), addslashes($name), addslashes($organization), addslashes($tel), addslashes($email), addslashes($perms), addslashes($sources), addslashes($expire), addslashes($domainFilter), addslashes($aNumberFilter), addslashes($serviceFilter), addslashes($compidFilter), addslashes($cscodeFilter), addslashes($gatewayFilter), addslashes($afterDateFilter), addslashes($aclFilter), addslashes($impersonate), - addslashes($yubikey), addslashes($auth_method) ); } dprint($query); if (!$db->query($query)) { printf("
Failed to add user: %s(%s) %s", $db->Error, $db->Errno, $query); } else { log_accounts_action(sprintf("account %s added", $username)); print "
User $name created"; if ($mailsettings) { if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } $body .= sprintf("The following login account for CDRTool has been created for you:\n\n"); $body .= sprintf("Username: %s\n", $username); $body .= sprintf("Password: %s\n", $password); $body .= sprintf("URL: %s%s%s\n\n", $protocolURL, $_SERVER['HTTP_HOST'], $CDRTool['tld']); $body .= sprintf("You may use your CDRTool account to access call detail records and \n"); $body .= sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); $from = sprintf("From: %s", $CDRTool['provider']['fromEmail']); mail($email, "CDRTool login account", $body, $from); } } } } else { showForm(); } print ""; } else { print "