1<?php
2///////////////////////////////////////////////////////////////////////////////
3//
4// NagiosQL
5//
6///////////////////////////////////////////////////////////////////////////////
7//
8// (c) 2005-2020 by Martin Willisegger
9//
10// Project   : NagiosQL
11// Component : User administration
12// Website   : https://sourceforge.net/projects/nagiosql/
13// Version   : 3.4.1
14// GIT Repo  : https://gitlab.com/wizonet/NagiosQL
15//
16///////////////////////////////////////////////////////////////////////////////
17//
18// Path settings
19// ===================
20$strPattern = '(admin/[^/]*.php)';
21$preRelPath  = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING));
22$preBasePath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'SCRIPT_FILENAME', FILTER_SANITIZE_STRING));
23//
24// Define common variables
25// =======================
26$prePageId        = 32;
27$preContent       = 'admin/user.htm.tpl';
28$preListTpl       = 'admin/datalist_common.htm.tpl';
29$preSearchSession = 'user';
30$preTableName     = 'tbl_user';
31$preKeyField      = 'username';
32$preAccess        = 1;
33$preFieldvars     = 1;
34$preNoAccessGrp   = 1;
35//
36// Include preprocessing files
37// ===========================
38require $preBasePath.'functions/prepend_adm.php';
39require $preBasePath.'functions/prepend_content.php';
40//
41// Add or modify data
42// ==================
43if ((($chkModus == 'insert') || ($chkModus == 'modify')) && ($intGlobalWriteAccess == 0)) {
44    // Check password
45    if ((($chkTfValue3 === $chkTfValue4) && (strlen($chkTfValue3) > 5)) ||
46        (($chkModus == 'modify') && ($chkTfValue3 == ''))) {
47        if ($chkTfValue3 == '') {
48            $strPasswd = '';
49        } else {
50            $strPasswd = "`password`=MD5('$chkTfValue3'),";
51        }
52        // Grant admin rights
53        if ($chkTfValue5 == 'Admin') {
54            $chkTfValue1  = 'Admin';
55            $chkActive      = '1';
56            $chkChbValue1 = '1';
57        }
58        $strSQLx = "`$preTableName` SET `$preKeyField`='$chkTfValue1', `alias`='$chkTfValue2', $strPasswd "
59                 . "`admin_enable`='$chkChbValue1', `wsauth`='$chkChbValue2', `active`='$chkActive', "
60                 . "`language`='$chkSelValue1', `domain`='$chkSelValue2', `last_modified`=NOW()";
61        if ($chkModus == 'insert') {
62            $strSQL = 'INSERT INTO ' .$strSQLx;
63        } else {
64            $strSQL = 'UPDATE ' .$strSQLx. ' WHERE `id`=' .$chkDataId;
65        }
66        if ($intWriteAccessId == 0) {
67            if (($chkTfValue1 != '') && ($chkTfValue2 != '')) {
68                $intReturn = $myDataClass->dataInsert($strSQL, $intInsertId);
69                if ($intReturn == 1) {
70                    $myVisClass->processMessage($myDataClass->strErrorMessage, $strErrorMessage);
71                } else {
72                    $myVisClass->processMessage($myDataClass->strInfoMessage, $strInfoMessage);
73                    if ($chkModus == 'insert') {
74                        $myDataClass->writeLog(translate('New user added:'). ' ' .$chkTfValue1);
75                    }
76                    if ($chkModus == 'modify') {
77                        $myDataClass->writeLog(translate('User modified:'). ' ' .$chkTfValue1);
78                    }
79                }
80            } else {
81                $myVisClass->processMessage(
82                    translate('Database entry failed! Not all necessary data filled in!'),
83                    $strErrorMessage
84                );
85            }
86        } else {
87            $myVisClass->processMessage(translate('Database entry failed! No write access!'), $strErrorMessage);
88        }
89    } else {
90        $myVisClass->processMessage(translate('Password too short or password fields do not match!'), $strErrorMessage);
91    }
92    $chkModus = 'display';
93}
94if ($chkModus != 'add') {
95    $chkModus = 'display';
96}
97//
98// Singe data form
99// ===============
100if ($chkModus == 'add') {
101    // Process domain selection field
102    if (isset($arrModifyData['domain'])) {
103        $intFieldId = $arrModifyData['domain'];
104    } else {
105        $intFieldId = 1;
106    }
107    $intReturn1 = $myVisClass->parseSelectSimple('tbl_datadomain', 'domain', 'std_domain', 0, $intFieldId, 0);
108    if ($intReturn1 != 0) {
109        $myVisClass->processMessage($myVisClass->strErrorMessage, $strErrorMessage);
110    }
111    // Process language selection field
112    if (isset($arrModifyData['language'])) {
113        $intFieldId = $arrModifyData['language'];
114    } else {
115        $intFieldId = 0;
116    }
117    if ($intFieldId == 0) {
118        $intFieldId = $myDBClass->getFieldData('SELECT `id` FROM `tbl_language` '
119                                             . "WHERE `locale`='".$_SESSION['SETS']['data']['locale']."'");
120        $intFieldId = (int)$intFieldId;
121    }
122    $intReturn2 = $myVisClass->parseSelectSimple('tbl_language', 'language', 'language_name', 0, $intFieldId);
123    if ($intReturn2 != 0) {
124        $myVisClass->processMessage($myVisClass->strErrorMessage, $strErrorMessage);
125    }
126    // Initial add/modify form definitions
127    $myContentClass->addFormInit($conttp);
128    $conttp->setVariable('TITLE', translate('User administration'));
129    $conttp->setVariable('WSAUTH_DISABLE', 'disabled');
130    $conttp->setVariable('FILL_ALLFIELDS', translate('Please fill in all fields marked with an *'));
131    $conttp->setVariable('FILL_ILLEGALCHARS', translate('The following field contains illegal characters:'));
132    $conttp->setVariable('FILL_PASSWD_NOT_EQUAL', translate('The passwords do not match!'));
133    $conttp->setVariable('FILL_PASSWORD', translate('Please fill in the password'));
134    $conttp->setVariable('FILL_PWDSHORT', translate('The password is too short - use at least 6 characters!'));
135    $conttp->setVariable('LANG_WEBSERVER_AUTH', translate('Webserver authentification'));
136    $conttp->setVariable('PASSWORD_MUST', 'class="inpmust"');
137    $conttp->setVariable('PASSWORD_MUST_STAR', '*');
138    // If webserver authetification is enabled - show option field
139    if (isset($SETS['security']['wsauth']) && ($SETS['security']['wsauth'] == 1)) {
140        $conttp->setVariable('WSAUTH_DISABLE', '');
141    }
142    // Insert data from database in "modify" mode
143    if (isset($arrModifyData) && ($chkSelModify == 'modify')) {
144        // Process data
145        $myContentClass->addInsertData($conttp, $arrModifyData, 0, '');
146        // Webserver authentification
147        $conttp->setVariable('WSAUTH_CHECKED', '');
148        if ($arrModifyData['wsauth'] == 1) {
149            $conttp->setVariable('WSAUTH_CHECKED', 'checked');
150        }
151        // Object based group administration
152        $conttp->setVariable('ADMINENABLE_CHECKED', '');
153        if ($arrModifyData['admin_enable'] == 1) {
154            $conttp->setVariable('ADMINENABLE_CHECKED', 'checked');
155        }
156        // Admin rules
157        if ($arrModifyData[$preKeyField] == 'Admin') {
158            $conttp->setVariable('NAME_DISABLE', 'disabled');
159            $conttp->setVariable('ACT_DISABLE', 'disabled');
160            $conttp->setVariable('WSAUTH_DISABLE', 'disabled');
161            $conttp->setVariable('ADMINENABLE_DISABLE', 'disabled');
162            $conttp->setVariable('ADMINENABLE_CHECKED', 'checked');
163        }
164        $conttp->setVariable('PASSWORD_MUST', '');
165        $conttp->setVariable('PASSWORD_MUST_STAR', '');
166    }
167    $conttp->parse('datainsert');
168    $conttp->show('datainsert');
169}
170//
171// Data table
172// ==========
173if ($chkModus == 'display') {
174    // Initial list view definitions
175    $myContentClass->listViewInit($mastertp);
176    $mastertp->setVariable('TITLE', translate('User administration'));
177    $mastertp->setVariable('FIELD_1', translate('Username'));
178    $mastertp->setVariable('FIELD_2', translate('Description'));
179    // Row sorting
180    $strOrderString = "ORDER BY `$preKeyField` $hidSortDir";
181    if ($hidSortBy == 2) {
182        $strOrderString = "ORDER BY `alias` $hidSortDir";
183    }
184    // Count datasets
185    $strSQL     = "SELECT count(*) AS `number` FROM `$preTableName`";
186    $booReturn1 = $myDBClass->hasSingleDataset($strSQL, $arrDataLinesCount);
187    if ($booReturn1 == false) {
188        $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
189        $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
190    } else {
191        $intLineCount = (int)$arrDataLinesCount['number'];
192        if ($intLineCount < $chkLimit) {
193            $chkLimit = 0;
194        }
195    }
196    // Get datasets
197    $strSQL     = "SELECT `id`, `$preKeyField`, `alias`, `active`, `nodelete` "
198                . "FROM `$preTableName` $strOrderString LIMIT $chkLimit,".$SETS['common']['pagelines'];
199    $booReturn2 = $myDBClass->hasDataArray($strSQL, $arrDataLines, $intDataCount);
200    if ($booReturn2 == false) {
201        $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
202        $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
203    }
204    // Process data
205    $myContentClass->listData($mastertp, $arrDataLines, $intDataCount, $intLineCount, $preKeyField, 'alias');
206}
207// Show messages
208$myContentClass->showMessages($mastertp, $strErrorMessage, $strInfoMessage, $strConsistMessage, array(), '', 1);
209//
210// Process footer
211// ==============
212$myContentClass->showFooter($maintp, $setFileVersion);
213