Odyssey
UsrMaint.prg
1 <?php
2 $admVars = array();
3 $admOk = array(
4  "action" => array("filter" => FILTER_SANITIZE_STRING),
5  "tdir" => array("filter" => FILTER_SANITIZE_STRING),
6  "user" => array("filter" => FILTER_SANITIZE_STRING),
7  "pwd1" => array("filter" => FILTER_SANITIZE_STRING),
8  "pwd2" => array("filter" => FILTER_SANITIZE_STRING)
9 );
10 HCU_ImportVars($admVars, "USRMAINT", $admOk);
11 
12 $action = HCU_array_key_value("action", $admVars['USRMAINT']);
13 $action = $action !== false ? $action : "list";
14 
15 $tdirValue = HCU_array_key_value("tdir", $admVars['USRMAINT']);
16 $tdir = $tdirValue !== false ? $tdirValue : "";
17 
18 $userValue = HCU_array_key_value("user", $admVars['USRMAINT']);
19 $user = $userValue !== false ? $userValue : "";
20 
21 $pwd1Value = HCU_array_key_value("pwd1", $admVars['USRMAINT']);
22 $pwd1 = $pwd1Value !== false ? $pwd1Value : "";
23 
24 $pwd2Value = HCU_array_key_value("pwd2", $admVars['USRMAINT']);
25 $pwd2= $pwd2Value !== false ? $pwd2Value : "";
26 
27 // Here we will decide which password file is being used
28 $sel_file = "";
29 switch ($tdir) {
30  case "employees":
31  $sel_file = "employees";
32  break;
33  case "board":
34  $sel_file = "board";
35  break;
36  case "vendors":
37  $sel_file = "vendors";
38  break;
39  case "alm":
40  $sel_file = "alm";
41  break;
42  case "supervisory":
43  $sel_file = "supervisory";
44  break;
45  case "misc":
46  $sel_file = "misc";
47  break;
48  case "disaster":
49  $sel_file = "disaster";
50  break;
51  default:
52  // Somethings wrong
53  exit;
54 }
55 
56 // Password File - Depends on where it is called from
57 $pwd_file="$home_path/admin/$sel_file";
58 
59 // Print this at the top of each page
60 header("Expires: Sat 20 May 1995 03:32:38 GMT");
61 header("Pragma: no-cache");
62 header("Cache-Control: no-cache, must-revalidate");
63 
64 
65 // Validate for the action first, then if it fails I can resend it to the correct form
66 $msg_err = '';
67 $msg_suc = '';
68 switch ($action) {
69  case "save":
70  // Validate the user is entered, and validate the passwords are the same
71  if (trim($user) == '') {
72  $msg_err .= "The user ID was not entered. Please enter a user id." . chr(10) . chr(13);
73  }
74 
75  if (trim($pwd1) != trim($pwd2)) {
76  $msg_err .= "The passwords do not match. Please retype the passwords." . chr(10) . chr(13);
77  }
78 
79  // Check to see if a message was entered, if so then force the action to 2
80  if (strlen($msg_err) > 0) {
81  $action = "edit";
82  } else {
83  // Create the line of code to execute
84  $c_f = "";
85  if (!file_exists($pwd_file))
86  $c_f = "c"; // Set the create flag
87 
88 
89  $err_array = array();
90  $sys_call = escapeshellcmd("htpasswd -{$c_f}b $pwd_file $user $pwd1");
91  exec ($sys_call, $err_array, $ret_val);
92 
93  // Here I want to check for the existence of the .htaccess file in the employees/board directory
94  // if it does NOT exist then I need to create it
95  $ht_file="$home_path/public_html/$sel_file/.htaccess"; // path to htaccess
96  if (!file_exists($ht_file)) {
97  // Create the file with the options specified
98  $hp = fopen($ht_file, "w");
99 
100  fwrite ($hp, "AuthName \"" . strtoupper($chome) . " " . ucfirst($sel_file) . "\"\n");
101  fwrite ($hp, "AuthType Basic\n");
102  fwrite ($hp, "require valid-user\n");
103  fwrite ($hp, "AuthUserFile $pwd_file\n");
104 
105  fclose($hp);
106  }
107 
108  $action = "list";
109  $msg_suc = "User '$user' updated successfully!";
110  }
111 
112  break;
113  case "delete":
114  // Delete the selected user, this will need to be done by the following actions
115  // 1. Open the existing password file for reading
116  // 2. Copy the lines of the file into a user/pwd array
117  // 3. Close the file handle
118  // 4. Open the file again, but use the w+ command to open it at zero length
119  // 5. Write each piece of the array to the file skipping the user to be deleted
120  // 6. Close the file handle
121 
122  $del_failed = false;
123 
124  $usr_ary = array();
125  if (file_exists($pwd_file)) {
126  // Item 1
127  $fp = fopen($pwd_file, "r");
128  if ($fp) {
129  // Item 2
130  while (!feof ($fp)) {
131  $buffer = fgets($fp, 255);
132  if (strlen($buffer) == 0) {
133  break;
134  }
135  list($del_user, $del_pass) = explode (":", $buffer, 2);
136  if (trim($del_user) != '') {
137  $usr_ary[$del_user] = $del_pass;
138  }
139  }
140  // Item 3
141  fclose($fp);
142  }
143 
144  // Item 4
145  $fp = fopen($pwd_file, "w+");
146  if ($fp) {
147  //Item 5
148  foreach ($usr_ary as $key => $value) {
149  if (trim($key) != trim($user))
150  fwrite ($fp, $key . ":" . $value);
151  }
152  // Item 6
153  fclose($fp);
154  } else {
155  $del_failed = true;
156  }
157  }
158 
159  // Set to true, because no files were added to the array
160  if (count($usr_ary) == 0) {
161  $del_failed = true;
162  }
163 
164  if ($del_failed == true) {
165  $msg_err = "Unable to delete user '$user'. Please try again.";
166  $action = "list";
167  } else {
168  $msg_suc = "User '$user' deleted successfully";
169  $action = "list";
170  }
171  break;
172 }
173 
174 switch ($action) {
175  case "list":
176 
177  // Build breadcrumb link back to directories
178  $directoryCrumbs = "";
179  $directoryCrumbs .= "<a href=\"main.prg?ft=25\">Active Directories</a> / ";
180  $directoryCrumbs .= "<a href=\"main.prg?ft=25&ndir=$tdir&csub=\">$tdir</a> / ";
181  $directoryCrumbs .= "<span>" . ucfirst($tdir) . " Password Maintenance</span>";
182 
183  // Get USer lsit from Password file
184  $file = false;
185  if (file_exists($pwd_file)) {
186  $file = fopen($pwd_file, "r");
187  }
188 
189  $userList = array();
190  if ($file != false) {
191  // Read through the entries and pop off the username
192  // Add to list if user exists.
193  while (!feof($file)) {
194  $buffer = fgets($file, 255);
195  if (strlen($buffer) == 0) {
196  break;
197  }
198  list($read_user, $pass) = explode (":", $buffer, 2);
199 
200  if (trim($read_user) != '') {
201  $userUrl = urlencode($read_user);
202  $userList[] = array(
203  "name" => $read_user,
204  "edit" => "$self&action=edit&user=$userUrl&tdir=$tdir",
205  "delete" => "$self&action=delete&user=$userUrl&tdir=$tdir"
206  );
207  }
208  }
209 
210  fclose($file);
211  }?>
212 
213  <div class="container-fluid">
214  <h2>Private Directory Users</h2>
215  <p>
216  <a href="<?php echo $self ?>&action=edit&tdir=<?php echo $tdir ?>" class="k-button k-primary"><span class="fa fa-plus">&nbsp;</span>Add User</a>
217  </p>
218  <div id="gridUsers"></div>
219  </div>
220 
221  <script type="text/x-kendo-tmpl" id="rowTemplateUsers">
222  <tr data-uid="#: uid #">
223  <td>
224  <span class="fa fa-user"></span>&emsp;
225  <a href="#: data.edit #">#: data.name #</a>
226  </td>
227  <td class="text-right">
228  <a href="\\#" onclick="check_delete('#: data.name #')">Delete </a>
229  </td>
230  </tr>
231  </script>
232 
233  <script type="text/javascript">
234  var windowStack = [];
235  var gridUsers = null;
236  var gridData = <?php echo HCU_JsonEncode($userList); ?>;
237  var gridBreadCrumbs = <?php echo HCU_JsonEncode($directoryCrumbs); ?>;
238 
239  var msg_err = "<?php echo $msg_err; ?>";
240  var msg_suc = "<?php echo $msg_suc; ?>";
241 
242  $(document).ready(function(e) {
243  gridUsers = $("#gridUsers").kendoGrid({
244  dataSource: {
245  data: gridData
246  },
247  noRecords: {
248  template: "No users found."
249  },
250  columns: [{
251  title: "",
252  headerTemplate: gridBreadCrumbs
253  },{
254  title: ""
255  }],
256  rowTemplate: kendo.template($("#rowTemplateUsers").html())
257  }).data("kendoGrid");
258 
259  // Display Erros here, since every actions required page load
260  if (msg_err.length > 0) {
261  $.homecuValidator.homecuResetMessage = true;
262  $.homecuValidator.displayMessage(msg_err, $.homecuValidator.settings.statusError);
263  } else if (msg_suc.length > 0) {
264  $.homecuValidator.homecuResetMessage = true;
265  $.homecuValidator.displayMessage(msg_suc, $.homecuValidator.settings.statusSuccess);
266  }
267  });
268 
269  $(document).on("click", ".k-overlay", function() {
270  if (windowStack.length > 0) {
271  var openWindow = windowStack[windowStack.length - 1];
272  openWindow.close();
273  }
274  });
275 
276  function check_delete(pUser) {
277  var dialogConfirmDelete = $("<div></div>").kendoDialog({
278  title: "Delete User",
279  modal: true,
280  visible: false,
281  resizable: false,
282  minWidth: 300,
283  maxWidth: 500,
284  show: function(e) {
285  windowStack.push(this);
286  },
287  close: function(e) {
288  windowStack.pop();
289  this.destroy();
290  },
291  actions: [
292  { text: "No" },
293  {
294  text: "Yes", primary: true,
295  action: function(e) {
296  var url = "<?php echo $self; ?>";
297  url += "&action=delete";
298  url += "&tdir=" + "<?php echo $tdir; ?>";
299  url += "&user=" + pUser;
300 
301  document.location = url;
302  }
303  }
304  ],
305  content: "<div class=\"col-xs-12\"><p><strong>You are about to delete the user '" + pUser + "'.</strong></p><p>Do you wish to continue?</p></div>"
306  }).data("kendoDialog");
307 
308  dialogConfirmDelete.open().center();
309  }
310  </script>
311 <?php
312  break;
313  case "edit":
314 ?>
315  <div class="container-fluid">
316  <h2>Private Directory Users</h2>
317  <div class="well well-sm">
318  <form id="umForm" method="post">
319  <input type="hidden" name="tdir" value="<?php echo $tdir; ?>">
320  <input type="hidden" name="action" value="save">
321  <fieldset>
322  <div class="col-xs-12 col-sm-3">
323  <label>User ID:</label>
324  </div>
325 
326  <div class="col-xs-12 col-sm-4">
327  <?php if ($user !== "") { ?>
328  <label><?php echo $user ?></label>
329  <input type="hidden" name="user" id="user" value="<?php echo $user ?>">
330  <?php } else { ?>
331  <input type="text" name="user" id="user" class="k-textbox hcu-all-100" maxlength="15"
332  required
333  data-required-msg="User ID is required">
334  <?php } ?>
335  </div>
336  </fieldset>
337  <br>
338  <fieldset>
339  <div class="col-xs-12 col-sm-3">
340  <label>Password:</label>
341  </div>
342  <div class="col-xs-12 col-sm-4">
343  <input type="password" name="pwd1" id="pwd1" class="k-textbox hcu-all-100 password_match" size="10" maxlength="8"
344  required
345  data-required-msg="Password is required">
346  </div>
347  </fieldset>
348  <br>
349  <fieldset>
350  <div class="col-xs-12 col-sm-3">
351  <label>Confirm Password:</label>
352  </div>
353  <div class="col-xs-12 col-sm-4">
354  <input type="password" name="pwd2" id="pwd2" class="k-textbox hcu-all-100 password_match" size="10" maxlength="8"
355  required
356  data-required-msg="You must confirma your password"
357  homecu-equals="password_match"
358  data-homecuCustomEquals-msg="Passwords do not match">
359  </div>
360  </fieldset>
361  </form>
362  </div>
363  <div class="hcu-template">
364  <div class="hcu-edit-buttons k-state-default">
365  <a href="main.prg?ft=26&tdir=<?php echo $tdir; ?>" id="lnkCancel">Cancel</a>&emsp;
366  <a href="##" id="btnUpdate" class="k-button k-primary">
367  <i class="fa fa-check fa-lg"></i>Save
368  </a>
369  </div>
370  </div>
371  </div>
372 
373  <script type="text/javascript">
374  $(document).ready(function(e) {
375  var msg_err = "<?php echo $msg_err; ?>";
376  var msg_suc = "<?php echo $msg_suc; ?>";
377 
378  // Setup homecu validator
379  $.homecuValidator.setup({
380  formStatusField: "formStatus",
381  formValidate: "umForm"
382  });
383 
384  // Display Erros here, since every actions required page load
385  if (msg_err.length > 0) {
386  $.homecuValidator.homecuResetMessage = true;
387  $.homecuValidator.displayMessage(msg_err, $.homecuValidator.settings.statusError);
388  } else if (msg_suc.length > 0) {
389  $.homecuValidator.homecuResetMessage = true;
390  $.homecuValidator.displayMessage(msg_suc, $.homecuValidator.settings.statusSuccess);
391  }
392 
393  // Submit action
394  $("#btnUpdate").on("click", function(e) {
395  if ($.homecuValidator.validate()) {
396  $("#umForm").submit();
397  }
398  });
399  });
400  </script>
401 <?php
402  break;
403 }
404 ?>
User
Definition: User.php:7
Generated by   doxygen 1.8.15