diff --git a/accounts.phtml b/accounts.phtml index 7fc225f..73a0a58 100644 --- a/accounts.phtml +++ b/accounts.phtml @@ -1,469 +1,473 @@ "CDRTool_Session", - "auth" => "CDRTool_Auth", - "perm" => "CDRTool_Perm") - ); - -$title = "Login accounts"; +page_open( + array( + "sess" => "CDRTool_Session", + "auth" => "CDRTool_Auth", + "perm" => "CDRTool_Perm" + ) +); + +$title = "Login accounts"; require("login_accounts.php"); if (is_readable("/etc/cdrtool/local/header.phtml")) { include("/etc/cdrtool/local/header.phtml"); } else { include("header.phtml"); } -function log_accounts_action($action){ +function log_accounts_action($action) +{ global $auth; $location = "Unknown"; - $_loc=geoip_record_by_name($_SERVER['REMOTE_ADDR']); + $_loc = geoip_record_by_name($_SERVER['REMOTE_ADDR']); if ($_loc['country_name']) { - $location = $_loc['country_name']; + $location = $_loc['country_name']; } $log = sprintf( "CDRTool login username=%s, IP=%s, location=%s, action=%s, script=%s", $auth->auth["uname"], $_SERVER['REMOTE_ADDR'], $location, $action, $_SERVER['PHP_SELF'] ); syslog(LOG_NOTICE, $log); } $loginname = $auth->auth["uname"]; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; $next = isset($_REQUEST['next']) ? $_REQUEST['next'] : ''; $search_text = isset($_REQUEST['search_text']) ? $_REQUEST['search_text'] : ''; $username = isset($_REQUEST['username']) ? $_REQUEST['username'] : ''; $password = isset($_REQUEST['password']) ? $_REQUEST['password'] : ''; $name = isset($_REQUEST['name']) ? $_REQUEST['name'] : ''; $organization = isset($_REQUEST['organization']) ? $_REQUEST['organization'] : ''; $tel = isset($_REQUEST['tel']) ? $_REQUEST['tel'] : ''; $email = isset($_REQUEST['email']) ? $_REQUEST['email'] : ''; $expire = isset($_REQUEST['expire']) ? $_REQUEST['expire'] : ''; $gatewayFilter = isset($_REQUEST['gatewayFilter']) ? $_REQUEST['gatewayFilter'] : ''; $domainFilter = isset($_REQUEST['domainFilter']) ? $_REQUEST['domainFilter'] : ''; $serviceFilter = isset($_REQUEST['serviceFilter']) ? $_REQUEST['serviceFilter'] : ''; $compidFilter = isset($_REQUEST['compidFilter']) ? $_REQUEST['compidFilter'] : ''; $aNumberFilter = isset($_REQUEST['aNumberFilter']) ? $_REQUEST['aNumberFilter'] : ''; $cscodeFilter = isset($_REQUEST['cscodeFilter']) ? $_REQUEST['cscodeFilter'] : ''; $afterDateFilter = isset($_REQUEST['afterDateFilter']) ? $_REQUEST['afterDateFilter'] : ''; $aclFilter = isset($_REQUEST['aclFilter']) ? $_REQUEST['aclFilter'] : ''; $impersonate = isset($_REQUEST['impersonate']) ? $_REQUEST['impersonate'] : ''; $perms = isset($_REQUEST['perms']) ? $_REQUEST['perms'] : ''; $sources = isset($_REQUEST['sources']) ? $_REQUEST['sources'] : ''; $delete = isset($_REQUEST['delete']) ? $_REQUEST['delete'] : ''; $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : ''; $uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : ''; $check = isset($_REQUEST['check']) ? $_REQUEST['check'] : ''; $mailsettings = isset($_REQUEST['mailsettings']) ? $_REQUEST['mailsettings'] : ''; $otp_yubikey = isset($_REQUEST["yubikey"]) ? $_REQUEST["yubikey"] : ''; $auth_method = isset($_REQUEST["auth_method"]) ? $_REQUEST["auth_method"] : ''; $PHP_SELF = htmlentities($_SERVER['PHP_SELF']); $db = new DB_CDRTool; $layout = new pageLayoutLocal(); $layout->showTopMenu($title); if ($action == "edit" && $id) { - - print ""; - - - $uid=$auth->auth["uid"]; + print " + + "; + + $uid = $auth->auth["uid"]; if (!$perm->have_perm("admin")) { - $id=$uid; + $id = $uid; } if ($check || $delete) { if ($err = $f->validate()) { print "
$err
"; - $perms = implode($perms,","); - $sources = implode($sources,","); + $perms = implode($perms, ","); + $sources = implode($sources, ","); showForm($id); } else { - $perms_text = implode($perms,","); - $sources_text = implode($sources,","); + $perms_text = implode($perms, ","); + $sources_text = implode($sources, ","); if ($delete && $perm->have_perm("admin")) { - $query="delete from auth_user"; + $query = "delete from auth_user"; } else { //print "

Updating user"; - $query=sprintf("update auth_user set - username = '%s', - name = '%s', - organization = '%s', - tel = '%s', - email = '%s', - yubikey = '%s', - auth_method = '%s' - ", - addslashes($username), - addslashes($name), - addslashes($organization), - addslashes($tel), - addslashes($email), - addslashes($otp_yubikey), - addslashes($auth_method) + $query = sprintf( + "update auth_user set + username = '%s', + name = '%s', + organization = '%s', + tel = '%s', + email = '%s', + yubikey = '%s', + auth_method = '%s' + ", + addslashes($username), + addslashes($name), + addslashes($organization), + addslashes($tel), + addslashes($email), + addslashes($otp_yubikey), + addslashes($auth_method) ); if (strlen($password)) { - if ($CDRTool['provider']['clear_text_passwords'] != 1 ) { - $query.=sprintf(", - password = '', - password_hashed = '%s'", - addslashes(md5($password)) + if ($CDRTool['provider']['clear_text_passwords'] != 1) { + $query .= sprintf( + ", + password = '', + password_hashed = '%s'", + addslashes(md5($password)) ); } else { - $query.=sprintf(", - password = '%s', - password_hashed = ''", - addslashes($password) + $query .= sprintf( + ", + password = '%s', + password_hashed = ''", + addslashes($password) ); } } if ($perm->have_perm("admin")) { if (strlen($impersonate)) { - if (!preg_match("/^[0-9]*\.[0-9]*$/",$impersonate)) { - printf ("

Warning! Impersonate must be formated as CustomerId.ResellerId
"); + if (!preg_match("/^[0-9]*\.[0-9]*$/", $impersonate)) { + printf("
Warning! Impersonate must be formated as CustomerId.ResellerId
"); unset($impersonate); } } - $query.= sprintf(", - perms = '%s', - sources = '%s', - expire = '%s', - gatewayFilter = '%s', - domainFilter = '%s', - serviceFilter = '%s', - compidFilter = '%s', - aNumberFilter = '%s', - cscodeFilter = '%s', - afterDateFilter = '%s', - aclFilter = '%s', - impersonate = '%s' - ", - addslashes($perms_text), - addslashes($sources_text), - addslashes($expire), - addslashes($gatewayFilter), - addslashes($domainFilter), - addslashes($serviceFilter), - addslashes($compidFilter), - addslashes($aNumberFilter), - addslashes($cscodeFilter), - addslashes($afterDateFilter), - addslashes($aclFilter), - addslashes($impersonate) + $query.= sprintf( + ", + perms = '%s', + sources = '%s', + expire = '%s', + gatewayFilter = '%s', + domainFilter = '%s', + serviceFilter = '%s', + compidFilter = '%s', + aNumberFilter = '%s', + cscodeFilter = '%s', + afterDateFilter = '%s', + aclFilter = '%s', + impersonate = '%s' + ", + addslashes($perms_text), + addslashes($sources_text), + addslashes($expire), + addslashes($gatewayFilter), + addslashes($domainFilter), + addslashes($serviceFilter), + addslashes($compidFilter), + addslashes($aNumberFilter), + addslashes($cscodeFilter), + addslashes($afterDateFilter), + addslashes($aclFilter), + addslashes($impersonate) ); } } - $query.=sprintf(" where user_id = '%s'", addslashes($id)); + $query .= sprintf(" where user_id = '%s'", addslashes($id)); // print $query; if (!$db->query($query)) { print "

Failed to update user $id"; print "The error is $db->Error"; - } else { + } else { if ($delete) { - log_accounts_action(sprintf("account %s deleted", $username)); + log_accounts_action(sprintf("account %s deleted", $username)); print "

User $name deleted"; } else { - log_accounts_action(sprintf("account %s updated", $username)); + log_accounts_action(sprintf("account %s updated", $username)); print "

User $name updated"; if ($mailsettings) { if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } - $body.=sprintf("The following login account for CDRTool has been created for you:\n\n"); - $body.=sprintf("Username: %s\n",$username); - $body.=sprintf("Password: %s\n",$password); - $body.=sprintf("URL: %s%s%s\n\n",$protocolURL,$_SERVER['HTTP_HOST'],$CDRTool['tld']); - $body.=sprintf("You may use your CDRTool account to access call detail records and \n"); - $body.=sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); + $body .= sprintf("The following login account for CDRTool has been created for you:\n\n"); + $body .= sprintf("Username: %s\n", $username); + $body .= sprintf("Password: %s\n", $password); + $body .= sprintf("URL: %s%s%s\n\n", $protocolURL, $_SERVER['HTTP_HOST'], $CDRTool['tld']); + $body .= sprintf("You may use your CDRTool account to access call detail records and \n"); + $body .= sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); - $from=sprintf("From: %s",$CDRTool['provider']['fromEmail']); - mail($email,"CDRTool login account", $body, $from); + $from = sprintf("From: %s", $CDRTool['provider']['fromEmail']); + mail($email, "CDRTool login account", $body, $from); } } accountList(); } } - } else { - $query="select * from auth_user"; + $query = "select * from auth_user"; if (!$perm->have_perm("admin")) { - $query.=sprintf(" where user_id = '%s'",addslashes($uid)); + $query .= sprintf(" where user_id = '%s'", addslashes($uid)); $id=$uid; } else { - $query.=sprintf(" where user_id = '%s'",addslashes($id)); + $query .= sprintf(" where user_id = '%s'", addslashes($id)); } dprint($query); $db->query($query); $db->next_record(); - $username = $db->f('username'); - $name = $db->f('name'); - $email = $db->f('email'); - $tel = $db->f('tel'); - $password = $db->f('password'); - $organization = $db->f('organization'); - $perms = $db->f('perms'); - $sources = $db->f('sources'); - $expire = $db->f('expire'); + $username = $db->f('username'); + $name = $db->f('name'); + $email = $db->f('email'); + $tel = $db->f('tel'); + $password = $db->f('password'); + $organization = $db->f('organization'); + $perms = $db->f('perms'); + $sources = $db->f('sources'); + $expire = $db->f('expire'); $aNumberFilter = $db->f('aNumberFilter'); $gatewayFilter = $db->f('gatewayFilter'); $domainFilter = $db->f('domainFilter'); $serviceFilter = $db->f('serviceFilter'); $compidFilter = $db->f('compidFilter'); $cscodeFilter = $db->f('cscodeFilter'); $afterDateFilter = $db->f('afterDateFilter'); $aclFilter = $db->f('aclFilter'); $impersonate = $db->f('impersonate'); $yubikey = $db->f('yubikey'); $auth_method = $db->f('auth_method'); showForm($id); } - - } elseif ($action=="insert" && $perm->have_perm("admin")) { - print "

"; - $uid=$auth->auth["uid"]; + $uid = $auth->auth["uid"]; - if (!$password) $password=random_passwd_gen(); + if (!$password) $password = random_passwd_gen(); if ($check) { - if ($perms) $perms = implode($perms,","); + if ($perms) $perms = implode($perms,","); if ($sources) $sources = implode($sources,","); if (strlen($impersonate)) { - if (!preg_match("/^[0-9]*\.[0-9]*$/",$impersonate)) { - printf ("

Warning: Impersonate must be formated as CustomerId.ResellerId"); - unset($impersonate); + if (!preg_match("/^[0-9]*\.[0-9]*$/", $impersonate)) { + printf("

Warning: Impersonate must be formated as CustomerId.ResellerId"); + unset($impersonate); } } if ($err = $f->validate()) { print "

$err

"; showForm(); } else { //print "

Adding user"; $hash_secret = "ffdsdsd__ky..."; - $user_id=md5(uniqid($hash_secret)); + $user_id = md5(uniqid($hash_secret)); if ($CDRTool['provider']['clear_text_passwords']!=1) { - $query=sprintf("insert into auth_user - (user_id, - username, - password, - password_hashed, - name, - organization, - tel, - email, - perms, - sources, - expire, - domainFilter, - aNumberFilter, - serviceFilter, - compidFilter, - cscodeFilter, - gatewayFilter, - afterDateFilter, - aclFilter, - impersonate, - yubikey, - auth_method - ) values ( - '%s', - '%s', - '', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s' - )", - addslashes($user_id), - addslashes($username), - addslashes(md5($password)), - addslashes($name), - addslashes($organization), - addslashes($tel), - addslashes($email), - addslashes($perms), - addslashes($sources), - addslashes($expire), - addslashes($domainFilter), - addslashes($aNumberFilter), - addslashes($serviceFilter), - addslashes($compidFilter), - addslashes($cscodeFilter), - addslashes($gatewayFilter), - addslashes($afterDateFilter), - addslashes($aclFilter), - addslashes($impersonate), - addslashes($yubikey), - addslashes($auth_method) + $query = sprintf( + "insert into auth_user + ( + user_id, + username, + password, + password_hashed, + name, + organization, + tel, + email, + perms, + sources, + expire, + domainFilter, + aNumberFilter, + serviceFilter, + compidFilter, + cscodeFilter, + gatewayFilter, + afterDateFilter, + aclFilter, + impersonate, + yubikey, + auth_method + ) values ( + '%s', + '%s', + '', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s' + )", + addslashes($user_id), + addslashes($username), + addslashes(md5($password)), + addslashes($name), + addslashes($organization), + addslashes($tel), + addslashes($email), + addslashes($perms), + addslashes($sources), + addslashes($expire), + addslashes($domainFilter), + addslashes($aNumberFilter), + addslashes($serviceFilter), + addslashes($compidFilter), + addslashes($cscodeFilter), + addslashes($gatewayFilter), + addslashes($afterDateFilter), + addslashes($aclFilter), + addslashes($impersonate), + addslashes($yubikey), + addslashes($auth_method) ); } else { - $query=sprintf("insert into auth_user - (user_id, - username, - password, - name, - organization, - tel, - email, - perms, - sources, - expire, - domainFilter, - aNumberFilter, - serviceFilter, - compidFilter, - cscodeFilter, - gatewayFilter, - afterDateFilter, - aclFilter, - impersonate, - yubikey, - auth_method - ) values ( - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s', - '%s' - )", - addslashes($user_id), - addslashes($username), - addslashes($password), - addslashes($name), - addslashes($organization), - addslashes($tel), - addslashes($email), - addslashes($perms), - addslashes($sources), - addslashes($expire), - addslashes($domainFilter), - addslashes($aNumberFilter), - addslashes($serviceFilter), - addslashes($compidFilter), - addslashes($cscodeFilter), - addslashes($gatewayFilter), - addslashes($afterDateFilter), - addslashes($aclFilter), - addslashes($impersonate), - addslashes($yubikey), - addslashes($auth_method) + $query = sprintf( + "insert into auth_user + ( + user_id, + username, + password, + name, + organization, + tel, + email, + perms, + sources, + expire, + domainFilter, + aNumberFilter, + serviceFilter, + compidFilter, + cscodeFilter, + gatewayFilter, + afterDateFilter, + aclFilter, + impersonate, + yubikey, + auth_method + ) values ( + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s', + '%s' + )", + addslashes($user_id), + addslashes($username), + addslashes($password), + addslashes($name), + addslashes($organization), + addslashes($tel), + addslashes($email), + addslashes($perms), + addslashes($sources), + addslashes($expire), + addslashes($domainFilter), + addslashes($aNumberFilter), + addslashes($serviceFilter), + addslashes($compidFilter), + addslashes($cscodeFilter), + addslashes($gatewayFilter), + addslashes($afterDateFilter), + addslashes($aclFilter), + addslashes($impersonate), + addslashes($yubikey), + addslashes($auth_method) ); } dprint($query); if (!$db->query($query)) { - printf("

Failed to add user: %s(%s) %s",$db->Error,$db->Errno,$query); - + printf("

Failed to add user: %s(%s) %s", $db->Error, $db->Errno, $query); } else { log_accounts_action(sprintf("account %s added", $username)); print "

User $name created"; if ($mailsettings) { if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } - $body.=sprintf("The following login account for CDRTool has been created for you:\n\n"); - $body.=sprintf("Username: %s\n",$username); - $body.=sprintf("Password: %s\n",$password); - $body.=sprintf("URL: %s%s%s\n\n",$protocolURL,$_SERVER['HTTP_HOST'],$CDRTool['tld']); - $body.=sprintf("You may use your CDRTool account to access call detail records and \n"); - $body.=sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); + $body .= sprintf("The following login account for CDRTool has been created for you:\n\n"); + $body .= sprintf("Username: %s\n", $username); + $body .= sprintf("Password: %s\n", $password); + $body .= sprintf("URL: %s%s%s\n\n", $protocolURL, $_SERVER['HTTP_HOST'], $CDRTool['tld']); + $body .= sprintf("You may use your CDRTool account to access call detail records and \n"); + $body .= sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); - $from=sprintf("From: %s",$CDRTool['provider']['fromEmail']); - mail($email,"CDRTool login account", $body, $from); + $from = sprintf("From: %s", $CDRTool['provider']['fromEmail']); + mail($email, "CDRTool login account", $body, $from); } } } - } else { showForm(); } print ""; - - } else { - print "

Account list

"; - if ($perm->have_perm("admin")) { + print "

Account list

"; + if ($perm->have_perm("admin")) { print "
Add account
"; - } - accountList(); + } + accountList(); } $layout->showFooter(); page_close(); ?>