1<?php 2/////////////////////////////////////////////////////////////////////////////// 3// 4// NagiosQL 5// 6/////////////////////////////////////////////////////////////////////////////// 7// 8// (c) 2005-2020 by Martin Willisegger 9// 10// Project : NagiosQL 11// Component : User administration 12// Website : https://sourceforge.net/projects/nagiosql/ 13// Version : 3.4.1 14// GIT Repo : https://gitlab.com/wizonet/NagiosQL 15// 16/////////////////////////////////////////////////////////////////////////////// 17// 18// Path settings 19// =================== 20$strPattern = '(admin/[^/]*.php)'; 21$preRelPath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING)); 22$preBasePath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'SCRIPT_FILENAME', FILTER_SANITIZE_STRING)); 23// 24// Define common variables 25// ======================= 26$prePageId = 32; 27$preContent = 'admin/user.htm.tpl'; 28$preListTpl = 'admin/datalist_common.htm.tpl'; 29$preSearchSession = 'user'; 30$preTableName = 'tbl_user'; 31$preKeyField = 'username'; 32$preAccess = 1; 33$preFieldvars = 1; 34$preNoAccessGrp = 1; 35// 36// Include preprocessing files 37// =========================== 38require $preBasePath.'functions/prepend_adm.php'; 39require $preBasePath.'functions/prepend_content.php'; 40// 41// Add or modify data 42// ================== 43if ((($chkModus == 'insert') || ($chkModus == 'modify')) && ($intGlobalWriteAccess == 0)) { 44 // Check password 45 if ((($chkTfValue3 === $chkTfValue4) && (strlen($chkTfValue3) > 5)) || 46 (($chkModus == 'modify') && ($chkTfValue3 == ''))) { 47 if ($chkTfValue3 == '') { 48 $strPasswd = ''; 49 } else { 50 $strPasswd = "`password`=MD5('$chkTfValue3'),"; 51 } 52 // Grant admin rights 53 if ($chkTfValue5 == 'Admin') { 54 $chkTfValue1 = 'Admin'; 55 $chkActive = '1'; 56 $chkChbValue1 = '1'; 57 } 58 $strSQLx = "`$preTableName` SET `$preKeyField`='$chkTfValue1', `alias`='$chkTfValue2', $strPasswd " 59 . "`admin_enable`='$chkChbValue1', `wsauth`='$chkChbValue2', `active`='$chkActive', " 60 . "`language`='$chkSelValue1', `domain`='$chkSelValue2', `last_modified`=NOW()"; 61 if ($chkModus == 'insert') { 62 $strSQL = 'INSERT INTO ' .$strSQLx; 63 } else { 64 $strSQL = 'UPDATE ' .$strSQLx. ' WHERE `id`=' .$chkDataId; 65 } 66 if ($intWriteAccessId == 0) { 67 if (($chkTfValue1 != '') && ($chkTfValue2 != '')) { 68 $intReturn = $myDataClass->dataInsert($strSQL, $intInsertId); 69 if ($intReturn == 1) { 70 $myVisClass->processMessage($myDataClass->strErrorMessage, $strErrorMessage); 71 } else { 72 $myVisClass->processMessage($myDataClass->strInfoMessage, $strInfoMessage); 73 if ($chkModus == 'insert') { 74 $myDataClass->writeLog(translate('New user added:'). ' ' .$chkTfValue1); 75 } 76 if ($chkModus == 'modify') { 77 $myDataClass->writeLog(translate('User modified:'). ' ' .$chkTfValue1); 78 } 79 } 80 } else { 81 $myVisClass->processMessage( 82 translate('Database entry failed! Not all necessary data filled in!'), 83 $strErrorMessage 84 ); 85 } 86 } else { 87 $myVisClass->processMessage(translate('Database entry failed! No write access!'), $strErrorMessage); 88 } 89 } else { 90 $myVisClass->processMessage(translate('Password too short or password fields do not match!'), $strErrorMessage); 91 } 92 $chkModus = 'display'; 93} 94if ($chkModus != 'add') { 95 $chkModus = 'display'; 96} 97// 98// Singe data form 99// =============== 100if ($chkModus == 'add') { 101 // Process domain selection field 102 if (isset($arrModifyData['domain'])) { 103 $intFieldId = $arrModifyData['domain']; 104 } else { 105 $intFieldId = 1; 106 } 107 $intReturn1 = $myVisClass->parseSelectSimple('tbl_datadomain', 'domain', 'std_domain', 0, $intFieldId, 0); 108 if ($intReturn1 != 0) { 109 $myVisClass->processMessage($myVisClass->strErrorMessage, $strErrorMessage); 110 } 111 // Process language selection field 112 if (isset($arrModifyData['language'])) { 113 $intFieldId = $arrModifyData['language']; 114 } else { 115 $intFieldId = 0; 116 } 117 if ($intFieldId == 0) { 118 $intFieldId = $myDBClass->getFieldData('SELECT `id` FROM `tbl_language` ' 119 . "WHERE `locale`='".$_SESSION['SETS']['data']['locale']."'"); 120 $intFieldId = (int)$intFieldId; 121 } 122 $intReturn2 = $myVisClass->parseSelectSimple('tbl_language', 'language', 'language_name', 0, $intFieldId); 123 if ($intReturn2 != 0) { 124 $myVisClass->processMessage($myVisClass->strErrorMessage, $strErrorMessage); 125 } 126 // Initial add/modify form definitions 127 $myContentClass->addFormInit($conttp); 128 $conttp->setVariable('TITLE', translate('User administration')); 129 $conttp->setVariable('WSAUTH_DISABLE', 'disabled'); 130 $conttp->setVariable('FILL_ALLFIELDS', translate('Please fill in all fields marked with an *')); 131 $conttp->setVariable('FILL_ILLEGALCHARS', translate('The following field contains illegal characters:')); 132 $conttp->setVariable('FILL_PASSWD_NOT_EQUAL', translate('The passwords do not match!')); 133 $conttp->setVariable('FILL_PASSWORD', translate('Please fill in the password')); 134 $conttp->setVariable('FILL_PWDSHORT', translate('The password is too short - use at least 6 characters!')); 135 $conttp->setVariable('LANG_WEBSERVER_AUTH', translate('Webserver authentification')); 136 $conttp->setVariable('PASSWORD_MUST', 'class="inpmust"'); 137 $conttp->setVariable('PASSWORD_MUST_STAR', '*'); 138 // If webserver authetification is enabled - show option field 139 if (isset($SETS['security']['wsauth']) && ($SETS['security']['wsauth'] == 1)) { 140 $conttp->setVariable('WSAUTH_DISABLE', ''); 141 } 142 // Insert data from database in "modify" mode 143 if (isset($arrModifyData) && ($chkSelModify == 'modify')) { 144 // Process data 145 $myContentClass->addInsertData($conttp, $arrModifyData, 0, ''); 146 // Webserver authentification 147 $conttp->setVariable('WSAUTH_CHECKED', ''); 148 if ($arrModifyData['wsauth'] == 1) { 149 $conttp->setVariable('WSAUTH_CHECKED', 'checked'); 150 } 151 // Object based group administration 152 $conttp->setVariable('ADMINENABLE_CHECKED', ''); 153 if ($arrModifyData['admin_enable'] == 1) { 154 $conttp->setVariable('ADMINENABLE_CHECKED', 'checked'); 155 } 156 // Admin rules 157 if ($arrModifyData[$preKeyField] == 'Admin') { 158 $conttp->setVariable('NAME_DISABLE', 'disabled'); 159 $conttp->setVariable('ACT_DISABLE', 'disabled'); 160 $conttp->setVariable('WSAUTH_DISABLE', 'disabled'); 161 $conttp->setVariable('ADMINENABLE_DISABLE', 'disabled'); 162 $conttp->setVariable('ADMINENABLE_CHECKED', 'checked'); 163 } 164 $conttp->setVariable('PASSWORD_MUST', ''); 165 $conttp->setVariable('PASSWORD_MUST_STAR', ''); 166 } 167 $conttp->parse('datainsert'); 168 $conttp->show('datainsert'); 169} 170// 171// Data table 172// ========== 173if ($chkModus == 'display') { 174 // Initial list view definitions 175 $myContentClass->listViewInit($mastertp); 176 $mastertp->setVariable('TITLE', translate('User administration')); 177 $mastertp->setVariable('FIELD_1', translate('Username')); 178 $mastertp->setVariable('FIELD_2', translate('Description')); 179 // Row sorting 180 $strOrderString = "ORDER BY `$preKeyField` $hidSortDir"; 181 if ($hidSortBy == 2) { 182 $strOrderString = "ORDER BY `alias` $hidSortDir"; 183 } 184 // Count datasets 185 $strSQL = "SELECT count(*) AS `number` FROM `$preTableName`"; 186 $booReturn1 = $myDBClass->hasSingleDataset($strSQL, $arrDataLinesCount); 187 if ($booReturn1 == false) { 188 $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage); 189 $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage); 190 } else { 191 $intLineCount = (int)$arrDataLinesCount['number']; 192 if ($intLineCount < $chkLimit) { 193 $chkLimit = 0; 194 } 195 } 196 // Get datasets 197 $strSQL = "SELECT `id`, `$preKeyField`, `alias`, `active`, `nodelete` " 198 . "FROM `$preTableName` $strOrderString LIMIT $chkLimit,".$SETS['common']['pagelines']; 199 $booReturn2 = $myDBClass->hasDataArray($strSQL, $arrDataLines, $intDataCount); 200 if ($booReturn2 == false) { 201 $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage); 202 $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage); 203 } 204 // Process data 205 $myContentClass->listData($mastertp, $arrDataLines, $intDataCount, $intLineCount, $preKeyField, 'alias'); 206} 207// Show messages 208$myContentClass->showMessages($mastertp, $strErrorMessage, $strInfoMessage, $strConsistMessage, array(), '', 1); 209// 210// Process footer 211// ============== 212$myContentClass->showFooter($maintp, $setFileVersion); 213