page.ampusers.php

Revision 7741, 10.5 kB (checked in by p_lindheimer, 4 years ago)
changing from sha256 to sha1 because php4 does not support hash() function re #1380
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`

Line
1	<?php /* $Id$ */
2	//This file is part of FreePBX.
3	//
4	// FreePBX is free software: you can redistribute it and/or modify
5	// it under the terms of the GNU General Public License as published by
6	// the Free Software Foundation, either version 2 of the License, or
7	// (at your option) any later version.
8	//
9	// FreePBX is distributed in the hope that it will be useful,
10	// but WITHOUT ANY WARRANTY; without even the implied warranty of
11	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	// GNU General Public License for more details.
13	//
14	// You should have received a copy of the GNU General Public License
15	// along with FreePBX. If not, see <http://www.gnu.org/licenses/>.
16	//
17	// Copyright (C) 2004 Greg MacLellan (greg@mtechsolutions.ca)
18	// Copyright (C) 2004 Coalescent Systems Inc. (info@coalescentsystems.ca)
19	//
20
21	$userdisplay = isset($_REQUEST['userdisplay'])?$_REQUEST['userdisplay']:'';
22	$action = isset($_REQUEST['action'])?$_REQUEST['action']:'';
23	$tech = isset($_REQUEST['tech'])?$_REQUEST['tech']:'';
24
25	$tabindex = 0;
26	// populate some global variables from the request string
27	$set_globals = array("username","password","extension_high","extension_low","deptname");
28	foreach ($set_globals as $var) {
29	if (isset($_REQUEST[$var])) {
30	$$var = stripslashes( $_REQUEST[$var] );
31	}
32	}
33	$form_password_sha1 = stripslashes(isset($_REQUEST['password_sha1'])?$_REQUEST['password_sha1']:'');
34
35	//Search ALL active modules while generating admin access list
36	$active_modules = module_getinfo(false, MODULE_STATUS_ENABLED);
37
38	if(is_array($active_modules)){
39	foreach($active_modules as $key => $module) {
40	//create an array of module sections to display
41	if (isset($module['items']) && is_array($module['items'])) {
42	foreach($module['items'] as $itemKey => $item) {
43	$listKey = (!empty($item['display']) ? $item['display'] : $itemKey);
44	$item['rawname'] = $module['rawname'];
45	$module_list[ $listKey ] = $item;
46	}
47	}
48	}
49	}
50
51	// extensions vs device/users ... module_list setting
52	if (isset($amp_conf["AMPEXTENSIONS"]) && ($amp_conf["AMPEXTENSIONS"] == "deviceanduser")) {
53	unset($module_list["extensions"]);
54	} else {
55	unset($module_list["devices"]);
56	unset($module_list["users"]);
57	}
58
59	// no more adding the APPLY Changes bar to module list because array_multisort messes up integer array keys
60	// $module_list['99'] = array('category' => NULL, 'name' => _("Apply Changes Bar"));
61
62	// changed from $module_name to $admin_module_name because the former is used by framework
63	foreach ($module_list as $key => $row) {
64	$module_category[$key] = $row['category'];
65	$admin_module_name[$key] = $row['name'];
66	}
67	array_multisort($module_category, SORT_ASC, $admin_module_name, SORT_ASC, $module_list);
68
69	$sections = array();
70	if (isset($_REQUEST["sections"])) {
71	if (is_array($_REQUEST["sections"])) {
72	$sections = $_REQUEST["sections"];
73	} else {
74	//TODO do we even need this??
75	$sections = explode(";",$_REQUEST["sections"]);
76	}
77	}
78
79	//if submitting form, update database
80	switch ($action) {
81	case "addampuser":
82	core_ampusers_add($username, $password, $extension_low, $extension_high, $deptname, $sections);
83	//indicate 'need reload' link in footer.php
84	needreload();
85	redirect_standard();
86	break;
87	case "editampuser":
88	// Check to make sure the hidden var is sane, and that they haven't changed the password field
89	if (strlen($form_password_sha1)==40 && $password == "******") {
90	// Password unchanged
91	core_ampusers_del($userdisplay);
92	core_ampusers_add($username, $form_password_sha1, $extension_low, $extension_high, $deptname, $sections);
93	} elseif ($password != "******") {
94	// Password has been changed
95	core_ampusers_del($userdisplay);
96	core_ampusers_add($username, $password, $extension_low, $extension_high, $deptname, $sections);
97	}
98	//indicate 'need reload' link in footer.php
99	needreload();
100	redirect_standard('userdisplay');
101	break;
102	case "delampuser":
103	core_ampusers_del($userdisplay);
104	//indicate 'need reload' link in footer.php
105	needreload();
106	$userdisplay = ""; // go "add" screen
107	redirect_standard();
108	break;
109	}
110
111	?>
112	</div>
113
114	<div class="rnav">
115	<ul>
116	<li><a <?php echo ($userdisplay=='' ? 'class="current"':'') ?> href="config.php?display=<?php echo urlencode($display)?>"><?php echo _("Add User")?></a></li>
117	<?php
118	//get existing trunk info
119	$tresults = core_ampusers_list();
120
121	foreach ($tresults as $tresult) {
122	echo "\t<li><a ".($userdisplay==$tresult[0] ? 'class="current"':'')." href=\"config.php?display=".urlencode($display)."&userdisplay=".urlencode($tresult[0])."\">".$tresult[0]."</a></li>\n";
123	}
124	?>
125	</ul>
126	</div>
127
128	<div class="content">
129
130	<?php
131
132	if ($userdisplay) {
133	echo "<h2>"._("Edit Administrator")."</h2>";
134
135	$user = getAmpUser($userdisplay);
136
137	$username = $user["username"];
138	$password = "******";
139	$password_sha1 = $user["password_sha1"];
140	$extension_high = $user["extension_high"];
141	$extension_low = $user["extension_low"];
142	$deptname = $user["deptname"];
143	$sections = $user["sections"];
144
145	$tlabel = sprintf(_("Delete User: %s"),$userdisplay);
146	$label = '<span><img width="16" height="16" border="0" title="'.$tlabel.'" alt="" src="images/core_delete.png"/> '.$tlabel.'</span>';
147	?>
148	<p><a href="config.php?display=<?php echo urlencode($display) ?>&userdisplay=<?php echo urlencode($userdisplay) ?>&action=delampuser"><?php echo $label ?></a></p>
149	<?php
150
151	} else {
152	// set defaults
153	$username = "";
154	$password = "";
155	$deptname = "";
156
157	$extension_low = "";
158	$extension_high = "";
159
160	$sections = array("*");
161
162
163	echo "<h2>"._("Add Administrator")."</h2>";
164	}
165	?>
166
167	<form autocomplete="off" name="ampuserEdit" action="config.php" method="get">
168	<input type="hidden" name="display" value="<?php echo $display?>"/>
169	<input type="hidden" name="userdisplay" value="<?php echo $userdisplay ?>"/>
170	<input type="hidden" name="action" value=""/>
171	<input type="hidden" name="tech" value="<?php echo $tech?>"/>
172	<input type="hidden" name="password_sha1" value="<?php echo $password_sha1 ?>"/>
173	<table>
174	<tr>
175	<td colspan="2">
176	<h4><?php echo _("General Settings")?></h4>
177	</td>
178	</tr>
179	<?php if (($amp_conf["AUTHTYPE"] != "database") && ($amp_conf["AUTHTYPE"] != "webserver")) { ?>
180	<tr>
181	<td colspan="2">
182	<?php echo '<b>'._("NOTE:").'</b>'._("AUTHTYPE is not set to 'database' in /etc/amportal.conf - note that this module is not currently providing access control, and changing passwords here or adding users will have no effect unless AUTHTYPE is set to 'database'.") ?><br /><br />
183	</td>
184	</tr>
185	<?php } ?>
186	<tr>
187	<td>
188	<a href=# class="info"><?php echo _("Username<span>Create a unique username for this new user</span>")?></a>:
189	</td><td>
190	<input type="text" size="20" name="username" value="<?php echo $username;?>" tabindex="<?php echo ++$tabindex;?>"/>
191	</td>
192	</tr>
193	<tr>
194	<td>
195	<a href=# class="info"><?php echo _("Password<span>Create a password for this new user</span>")?></a>:
196	</td><td>
197	<input type="password" size="20" name="password" value="<?php echo $password; ?>" tabindex="<?php echo ++$tabindex;?>"/>
198	</td>
199	</tr>
200	<tr>
201	<td colspan="2">
202	<br>
203	<h4><?php echo _("Access Restrictions")?></h4>
204	</td>
205	</tr>
206	<tr>
207	<td>
208	<a href=# class="info"><?php echo _("Department Name<span>Restrict this user's view of Digital Receptionist menus and System Recordings to only those for this department.</span>")?></a>:
209	</td><td>
210	<input type="text" size="20" name="deptname" value="<?php echo htmlspecialchars($deptname);?>" tabindex="<?php echo ++$tabindex;?>"/>
211	</td>
212	</tr>
213	<tr>
214	<td>
215	<a href=# class="info"><?php echo _("Extension Range<span>Restrict this user's view to only Extensions, Ring Groups, and Queues within this range.</span>")?></a>:
216	</td><td>
217	<input type="text" size="5" name="extension_low" value="<?php echo htmlspecialchars($extension_low);?>" tabindex="<?php echo ++$tabindex;?>"/>
218	to
219	<input type="text" size="5" name="extension_high" value="<?php echo htmlspecialchars($extension_high);?>" tabindex="<?php echo ++$tabindex;?>"/>
220	</td>
221	</tr>
222	<tr>
223	<td valign="top">
224	<a href=# class="info"><?php echo _("Admin Access<span>Select the Admin Sections this user should have access to.</span>")?></a>:
225	</td><td>
226	<select multiple name="sections[]" tabindex="<?php echo ++$tabindex;?>">
227	<option />
228	<?php
229	$prev_category = NULL;
230	foreach ($module_list as $key => $row) {
231	if ($row['category'] != $prev_category) {
232	if ($prev_category)
233	echo "</optgroup>\n";
234	echo "<optgroup label=\""._($row['category'])."\">\n";
235	$prev_category = $row['category'];
236	}
237
238	echo "<option value=\"".$key."\"";
239	if (in_array($key, $sections)) echo " SELECTED";
240	$label = dgettext($row['rawname'],$row['name']);
241	if ($label == $row['name']) {
242	$label = _($label);
243	}
244	echo ">"._($row['name'])."</option>\n";
245	}
246	echo "</optgroup>\n";
247
248	// Apply Changes Bar
249	echo "<option value=\"99\"";
250	if (in_array("99", $sections)) echo " SELECTED";
251	echo ">"._("Apply Changes Bar")."</option>\n";
252
253	// Apply Changes Bar
254	echo "<option value=\"999\"";
255	if (in_array("999", $sections)) echo " SELECTED";
256	echo ">".(($amp_conf['AMPEXTENSIONS'] == 'deviceanduser')?_("Add Device"):_("Add Extension"))."</option>\n";
257
258	// All Sections
259	echo "<option value=\"*\"";
260	if (in_array("*", $sections)) echo " SELECTED";
261	echo ">"._("ALL SECTIONS")."</option>\n";
262	?>
263	</select>
264	</td>
265	</tr>
266
267	<tr>
268	<td colspan="2">
269	<h6><input name="Submit" type="button" value="<?php echo _("Submit Changes")?>" onclick="checkAmpUser(ampuserEdit, '<?php echo ($userdisplay ? "editampuser" : "addampuser") ?>')" tabindex="<?php echo ++$tabindex;?>"></h6>
270	</td>
271	</tr>
272	</table>
273	</form>
274
275	<script language="javascript">
276	<!--
277
278	function checkAmpUser(theForm, action) {
279	$username = theForm.username.value;
280	$deptname = theForm.deptname.value;
281
282	if ($username == "") {
283	<?php echo "alert('"._("Username must not be blank")."')"?>;
284	} else if (!$username.match('^[a-zA-Z][a-zA-Z0-9]+$')) {
285	<?php echo "alert('"._("Username cannot start with a number, and can only contain letters and numbers")."')"?>;
286	} else if ($deptname == "default") {
287	<?php echo "alert('"._("For security reasons, you cannot use the department name default")."')"?>;
288	} else if ($deptname != "" && !$deptname.match('^[a-zA-Z0-9]+$')) {
289	<?php echo "alert('"._("Department name cannot have a space")."')"?>;
290	} else {
291	theForm.action.value = action;
292	theForm.submit();
293	}
294	}
295
296	//-->
297	</script>
298
299

Note: See TracBrowser for help on using the browser.

root/modules/branches/2.8/core/page.ampusers.php

Download in other formats:

Navigation

Downloads

Screenshots

Documentation

Training

Support

Store

Community

About