Location: PHPKode > projects > SnortCenter 2.x > snortcenter-release/user_admin.php
<?php
    /*
    ** SnortCenter Copyright (C) 2001,2002,2003 Stefan Dens
    **
    ** Author: Stefan Dens <hide@address.com>
    **
    ** This program is free software; you can redistribute it and/or modify
    ** it under the terms of the GNU General Public License as published by
    ** the Free Software Foundation; either version 2 of the License, or
    ** (at your option) any later version.
    **
    ** This program is distributed in the hope that it will be useful,
        ** but WITHOUT ANY WARRANTY; without even the implied warranty of
    ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    ** GNU General Public License for more details.
    **
    ** You should have received a copy of the GNU General Public License
    ** along with this program; if not, write to the Free Software
    ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
    */
?>
<?php
     
    include("config.php");
    include_once("list.inc.php");
     
    $db = NewACIDDBConnection($DBlib_path, $DBtype);
    $db->acidConnect($DB_dbname, $DB_host, $DB_port, $DB_user, $DB_password);
    include('top.inc.php');
     
    if ($do == 'Deactivate') {
        #    deactivate($var,'vars',$sensor_id,$db);
    }
    if ($do == 'Activate') {
        #    activate($var,'vars',$sensor_id,$db);
    }
    if ($do == 'Delete') {
        if ($id) {
            foreach($id as $id_val) {
                if ($phpUserLogin_userinfo['id']  != $id_val) {
                    $sql_query = "DELETE FROM users WHERE id = ('$id_val')";
                    if ($db->acidExecute($sql_query)) {
                    } else {
                        $msg = "Could not delete user.\n";
                    }
                }
                elseif ($phpUserLogin_userinfo["id"] == $id_val) {
                    $msg = "You can not delete the user you have logged in with.<br>You have to login with another user to do that.";
                }
            }
        }
    }
    if ($update_user) {
        $sql_start = "UPDATE users SET ";
        $sql_end = "acl='$sensor_acl|$alert_acl', email='$email' WHERE id=$id";
        if (!empty($password)) {
            if ($password == $password2) {
                $password = md5($password);
                $sql_mid = "password='$password',";
                $sql = $sql_start.$sql_mid.$sql_end;
                if ($db->acidExecute($sql)) {
                } else {
                    $msg = "Could not update user.\n";
                }
            } else {
                $msg = "The two passwords are not the same.\n";
                $edit_user = 'edit';
            }
        } else {
            $sql = $sql_start.$sql_end;
            if ($db->acidExecute($sql)) {
            } else {
                $msg = "Could not update user.\n";
            }
        }
    }
     
    if ($create) {
        if (!empty($user) && !empty($password) && !empty($email)) {
            if ($password == $password2) {
                $password = md5($password);
                $query = "INSERT INTO users(username, password, email, acl) VALUES('$user','$password','$email', '$sensor_acl|$alert_acl')";
                if ($db->acidExecute($query)) {
                } else {
                    if (mysql_errno() == 1062) {
                        $msg = ("User does already exist.\n");
                    } else {
                        $msg = ("Could not add user.\n");
                    }
                }
            } else {
                $msg = "The two passwords was not the same, try again.\n";
            }
        } else {
            $msg = "You need to enter something in all the fields, try again.\n";
        }
    }
     
    if ($msg) {
        echo "<BR><CENTER>$msg</CENTER>";
    }
    echo '<BR>';
    display_list_start($sensor_id, 0);
    if ($edit_user) {
        if ($id) {
            $sql = "SELECT id,username,email,acl FROM users WHERE id=$id";
            $result = $db->acidExecute($sql);
            $myrow = $result->acidFetchRow();
            echo '<input type=hidden name="id" value="'.$myrow["id"].'">';
            echo '<tr><td align="right"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1">'.$lang[171].'&nbsp;</font></TD><TD><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1">&nbsp;'. $myrow["username"] .'</font></td></tr>';
        } else {
            echo '<tr><td align="right"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1">'.$lang[171].'&nbsp;</font></td><td><input type="TEXT" name="user" MaxLength=20>&nbsp;</td></TR>';
        }
    ?>
 <tr>
  <td align="right"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><?php echo $lang[172]; ?>&nbsp;</font></td>
  <td><input type="password" name="password" MaxLength=20>&nbsp;</td>
 </tr>
 <tr>
  <td align="right"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><?php echo $lang[173]; ?>&nbsp;</font></td>
  <td><input type="password" name="password2" MaxLength=20>&nbsp;</td>
 </tr>
 <tr>
  <td align="right"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><?php echo $lang[174]; ?>&nbsp;</font><BR></td>
  <td><input type="Text" name="email" value="<?php echo $myrow["email"]; ?>">&nbsp;</td>
 </tr>
<TR><TD align="right"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><?php echo $lang[240]; ?>:</TD><TD>&nbsp;</TD></TR>
  <tr>
  <td>&nbsp;</td>
  <td align="left"><input type=CHECKBOX name="sensor_acl" value="sensor" <?php if(strpos($myrow[acl], "sensor") !== false) { echo "CHECKED"; } ?> ><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><?php echo $lang[238]; ?>&nbsp;</font><BR></td>
 </tr>
  <tr>
  <td>&nbsp;</td>
<!--  <td align="left"><input type=CHECKBOX name="alert_acl" value="alert" <?php if(strpos($myrow[acl], "alert") !== false) { echo "CHECKED"; } ?> ><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="1"><?php echo $lang[239]; ?>&nbsp;</font><BR></td>
-->
 </tr>
<TR><TD>&nbsp;</TD></TR>
 <TR>
  <TD align=center colspan=2>
    <?php
        if ($id) {
            echo '<input type="Submit" name="update_user" value="Update"><input type="Submit" name="" value="Cancel">';
        } else {
             
            echo '<input type="submit" name="create" value="Create User"><input type="Submit" name="" value="Cancel">';
        }
    ?>
  </TD>
 </TR>
<input type=hidden name="sensor_id" value="<?php echo "$sensor_id"; ?>">
    <?php
        display_list_end(0);
    } else {
        $result = $db->acidExecute("SELECT id,username,email FROM users order by username ASC");
        $count = 0;
        echo '<tr><td>&nbsp;</td><td><font color="#FFFFFF" size=2><b>'.$lang[171].'</b></font></td><td><font color="#FFFFFF" size="2"><b>'.$lang[174].'</b></font></td></tr>';
        while ($myrow = $result->acidFetchRow()) {
            list($id, $username, $email) = $myrow;
            if ($color  != "white") {
                $color = "white";
            } else {
                $color = "#DDDDDD";
            }
            echo "<TR border=1 style='border : $color;' bgcolor=$color><TD width=50><INPUT style=\"background-color: $color;\" TYPE=checkbox name=id[$count] value=\"$id\">&nbsp;<A href=\"user_admin.php?id=$id&edit_user=edit&sensor_id=$sensor_id\"><img alt='Edit' border=0 height=15 src='./images/edit_button.png'></A>&nbsp;
                <td><font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"2\">$username</font></td>
                <td><font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"2\">$email</font></td>
                </tr>\n";
            $count++;
        }
        display_list_end(2);
    }
     
     
    include('bottom.inc.php');
    $db->acidClose();
     
?>
100% Free PHP Newsletter Script! Download now!
Return current item: SnortCenter 2.x