diff --git a/accounts.phtml b/accounts.phtml index 2fd2ac3..7fc225f 100644 --- a/accounts.phtml +++ b/accounts.phtml @@ -1,470 +1,469 @@ "CDRTool_Session", "auth" => "CDRTool_Auth", "perm" => "CDRTool_Perm") ); $title = "Login accounts"; require("login_accounts.php"); if (is_readable("/etc/cdrtool/local/header.phtml")) { include("/etc/cdrtool/local/header.phtml"); } else { include("header.phtml"); } function log_accounts_action($action){ global $auth; $location = "Unknown"; $_loc=geoip_record_by_name($_SERVER['REMOTE_ADDR']); if ($_loc['country_name']) { $location = $_loc['country_name']; } $log = sprintf( "CDRTool login username=%s, IP=%s, location=%s, action=%s, script=%s", $auth->auth["uname"], $_SERVER['REMOTE_ADDR'], $location, $action, $_SERVER['PHP_SELF'] ); syslog(LOG_NOTICE, $log); } - -$loginname=$auth->auth["uname"]; - -$action = $_REQUEST['action']; -$next = $_REQUEST['next']; -$PHP_SELF = $_SERVER['PHP_SELF']; -$search_text = $_REQUEST['search_text']; - -$username = $_REQUEST['username']; -$password = $_REQUEST['password']; -$name = $_REQUEST['name']; -$organization = $_REQUEST['organization']; -$tel = $_REQUEST['tel']; -$email = $_REQUEST['email']; -$expire = $_REQUEST['expire']; - -$gatewayFilter = $_REQUEST['gatewayFilter']; -$domainFilter = $_REQUEST['domainFilter']; -$serviceFilter = $_REQUEST['serviceFilter']; -$compidFilter = $_REQUEST['compidFilter']; -$aNumberFilter = $_REQUEST['aNumberFilter']; -$cscodeFilter = $_REQUEST['cscodeFilter']; -$afterDateFilter = $_REQUEST['afterDateFilter']; -$aclFilter = $_REQUEST['aclFilter']; -$impersonate = $_REQUEST['impersonate']; - -$perms = $_REQUEST['perms']; -$sources = $_REQUEST['sources']; -$delete = $_REQUEST['delete']; - -$id = $_REQUEST['id']; -$uid = $_REQUEST['uid']; -$check = $_REQUEST['check']; -$mailsettings = $_REQUEST['mailsettings']; - -$otp_yubikey = $_REQUEST["yubikey"]; -$auth_method = $_REQUEST["auth_method"]; + +$loginname = $auth->auth["uname"]; + +$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; +$next = isset($_REQUEST['next']) ? $_REQUEST['next'] : ''; +$search_text = isset($_REQUEST['search_text']) ? $_REQUEST['search_text'] : ''; + +$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : ''; +$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : ''; +$name = isset($_REQUEST['name']) ? $_REQUEST['name'] : ''; +$organization = isset($_REQUEST['organization']) ? $_REQUEST['organization'] : ''; +$tel = isset($_REQUEST['tel']) ? $_REQUEST['tel'] : ''; +$email = isset($_REQUEST['email']) ? $_REQUEST['email'] : ''; +$expire = isset($_REQUEST['expire']) ? $_REQUEST['expire'] : ''; + +$gatewayFilter = isset($_REQUEST['gatewayFilter']) ? $_REQUEST['gatewayFilter'] : ''; +$domainFilter = isset($_REQUEST['domainFilter']) ? $_REQUEST['domainFilter'] : ''; +$serviceFilter = isset($_REQUEST['serviceFilter']) ? $_REQUEST['serviceFilter'] : ''; +$compidFilter = isset($_REQUEST['compidFilter']) ? $_REQUEST['compidFilter'] : ''; +$aNumberFilter = isset($_REQUEST['aNumberFilter']) ? $_REQUEST['aNumberFilter'] : ''; +$cscodeFilter = isset($_REQUEST['cscodeFilter']) ? $_REQUEST['cscodeFilter'] : ''; +$afterDateFilter = isset($_REQUEST['afterDateFilter']) ? $_REQUEST['afterDateFilter'] : ''; +$aclFilter = isset($_REQUEST['aclFilter']) ? $_REQUEST['aclFilter'] : ''; +$impersonate = isset($_REQUEST['impersonate']) ? $_REQUEST['impersonate'] : ''; + +$perms = isset($_REQUEST['perms']) ? $_REQUEST['perms'] : ''; +$sources = isset($_REQUEST['sources']) ? $_REQUEST['sources'] : ''; +$delete = isset($_REQUEST['delete']) ? $_REQUEST['delete'] : ''; + +$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : ''; +$uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : ''; +$check = isset($_REQUEST['check']) ? $_REQUEST['check'] : ''; +$mailsettings = isset($_REQUEST['mailsettings']) ? $_REQUEST['mailsettings'] : ''; + +$otp_yubikey = isset($_REQUEST["yubikey"]) ? $_REQUEST["yubikey"] : ''; +$auth_method = isset($_REQUEST["auth_method"]) ? $_REQUEST["auth_method"] : ''; $PHP_SELF = htmlentities($_SERVER['PHP_SELF']); $db = new DB_CDRTool; $layout = new pageLayoutLocal(); $layout->showTopMenu($title); if ($action == "edit" && $id) { print ""; $uid=$auth->auth["uid"]; if (!$perm->have_perm("admin")) { $id=$uid; } if ($check || $delete) { if ($err = $f->validate()) { print "
$err
"; $perms = implode($perms,","); $sources = implode($sources,","); showForm($id); } else { $perms_text = implode($perms,","); $sources_text = implode($sources,","); if ($delete && $perm->have_perm("admin")) { $query="delete from auth_user"; } else { //print "

Updating user"; $query=sprintf("update auth_user set username = '%s', name = '%s', organization = '%s', tel = '%s', email = '%s', yubikey = '%s', auth_method = '%s' ", addslashes($username), addslashes($name), addslashes($organization), addslashes($tel), addslashes($email), addslashes($otp_yubikey), addslashes($auth_method) ); if (strlen($password)) { if ($CDRTool['provider']['clear_text_passwords'] != 1 ) { $query.=sprintf(", password = '', password_hashed = '%s'", addslashes(md5($password)) ); } else { $query.=sprintf(", password = '%s', password_hashed = ''", addslashes($password) ); } } if ($perm->have_perm("admin")) { if (strlen($impersonate)) { if (!preg_match("/^[0-9]*\.[0-9]*$/",$impersonate)) { printf ("

Warning! Impersonate must be formated as CustomerId.ResellerId
"); unset($impersonate); } } $query.= sprintf(", perms = '%s', sources = '%s', expire = '%s', gatewayFilter = '%s', domainFilter = '%s', serviceFilter = '%s', compidFilter = '%s', aNumberFilter = '%s', cscodeFilter = '%s', afterDateFilter = '%s', aclFilter = '%s', impersonate = '%s' ", addslashes($perms_text), addslashes($sources_text), addslashes($expire), addslashes($gatewayFilter), addslashes($domainFilter), addslashes($serviceFilter), addslashes($compidFilter), addslashes($aNumberFilter), addslashes($cscodeFilter), addslashes($afterDateFilter), addslashes($aclFilter), addslashes($impersonate) ); } } $query.=sprintf(" where user_id = '%s'", addslashes($id)); // print $query; if (!$db->query($query)) { print "

Failed to update user $id"; print "The error is $db->Error"; } else { if ($delete) { log_accounts_action(sprintf("account %s deleted", $username)); print "

User $name deleted"; } else { log_accounts_action(sprintf("account %s updated", $username)); print "

User $name updated"; if ($mailsettings) { if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } $body.=sprintf("The following login account for CDRTool has been created for you:\n\n"); $body.=sprintf("Username: %s\n",$username); $body.=sprintf("Password: %s\n",$password); $body.=sprintf("URL: %s%s%s\n\n",$protocolURL,$_SERVER['HTTP_HOST'],$CDRTool['tld']); $body.=sprintf("You may use your CDRTool account to access call detail records and \n"); $body.=sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); $from=sprintf("From: %s",$CDRTool['provider']['fromEmail']); mail($email,"CDRTool login account", $body, $from); } } accountList(); } } } else { $query="select * from auth_user"; if (!$perm->have_perm("admin")) { $query.=sprintf(" where user_id = '%s'",addslashes($uid)); $id=$uid; } else { $query.=sprintf(" where user_id = '%s'",addslashes($id)); } dprint($query); $db->query($query); $db->next_record(); $username = $db->f('username'); $name = $db->f('name'); $email = $db->f('email'); $tel = $db->f('tel'); $password = $db->f('password'); $organization = $db->f('organization'); $perms = $db->f('perms'); $sources = $db->f('sources'); $expire = $db->f('expire'); $aNumberFilter = $db->f('aNumberFilter'); $gatewayFilter = $db->f('gatewayFilter'); $domainFilter = $db->f('domainFilter'); $serviceFilter = $db->f('serviceFilter'); $compidFilter = $db->f('compidFilter'); $cscodeFilter = $db->f('cscodeFilter'); $afterDateFilter = $db->f('afterDateFilter'); $aclFilter = $db->f('aclFilter'); $impersonate = $db->f('impersonate'); $yubikey = $db->f('yubikey'); $auth_method = $db->f('auth_method'); showForm($id); } } elseif ($action=="insert" && $perm->have_perm("admin")) { print "

"; $uid=$auth->auth["uid"]; if (!$password) $password=random_passwd_gen(); if ($check) { if ($perms) $perms = implode($perms,","); if ($sources) $sources = implode($sources,","); if (strlen($impersonate)) { if (!preg_match("/^[0-9]*\.[0-9]*$/",$impersonate)) { printf ("

Warning: Impersonate must be formated as CustomerId.ResellerId"); unset($impersonate); } } if ($err = $f->validate()) { print "

$err

"; showForm(); } else { //print "

Adding user"; $hash_secret = "ffdsdsd__ky..."; $user_id=md5(uniqid($hash_secret)); if ($CDRTool['provider']['clear_text_passwords']!=1) { $query=sprintf("insert into auth_user (user_id, username, password, password_hashed, name, organization, tel, email, perms, sources, expire, domainFilter, aNumberFilter, serviceFilter, compidFilter, cscodeFilter, gatewayFilter, afterDateFilter, aclFilter, impersonate, yubikey, auth_method ) values ( '%s', '%s', '', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", addslashes($user_id), addslashes($username), addslashes(md5($password)), addslashes($name), addslashes($organization), addslashes($tel), addslashes($email), addslashes($perms), addslashes($sources), addslashes($expire), addslashes($domainFilter), addslashes($aNumberFilter), addslashes($serviceFilter), addslashes($compidFilter), addslashes($cscodeFilter), addslashes($gatewayFilter), addslashes($afterDateFilter), addslashes($aclFilter), addslashes($impersonate), addslashes($yubikey), addslashes($auth_method) ); } else { $query=sprintf("insert into auth_user (user_id, username, password, name, organization, tel, email, perms, sources, expire, domainFilter, aNumberFilter, serviceFilter, compidFilter, cscodeFilter, gatewayFilter, afterDateFilter, aclFilter, impersonate, yubikey, auth_method ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", addslashes($user_id), addslashes($username), addslashes($password), addslashes($name), addslashes($organization), addslashes($tel), addslashes($email), addslashes($perms), addslashes($sources), addslashes($expire), addslashes($domainFilter), addslashes($aNumberFilter), addslashes($serviceFilter), addslashes($compidFilter), addslashes($cscodeFilter), addslashes($gatewayFilter), addslashes($afterDateFilter), addslashes($aclFilter), addslashes($impersonate), addslashes($yubikey), addslashes($auth_method) ); } dprint($query); if (!$db->query($query)) { printf("

Failed to add user: %s(%s) %s",$db->Error,$db->Errno,$query); } else { log_accounts_action(sprintf("account %s added", $username)); print "

User $name created"; if ($mailsettings) { if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } $body.=sprintf("The following login account for CDRTool has been created for you:\n\n"); $body.=sprintf("Username: %s\n",$username); $body.=sprintf("Password: %s\n",$password); $body.=sprintf("URL: %s%s%s\n\n",$protocolURL,$_SERVER['HTTP_HOST'],$CDRTool['tld']); $body.=sprintf("You may use your CDRTool account to access call detail records and \n"); $body.=sprintf("traces from OpenSIPs, MediaProxy and Asterisk servers.\n"); $from=sprintf("From: %s",$CDRTool['provider']['fromEmail']); mail($email,"CDRTool login account", $body, $from); } } } } else { showForm(); } print ""; } else { print "

Account list

"; if ($perm->have_perm("admin")) { print "
Add account
"; } accountList(); } $layout->showFooter(); page_close(); ?>