صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
rajven
/
Eye
mirrorاز https://github.com/rajven/Eye
1
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: ffc83ccbc3
شاخه‌ها تگ‌ها
Eye
/
html
/
admin
/
users
/
edituser.php

edituser.php 14 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307 
  1. <?php
    2. 

  2. require_once ($_SERVER["DOCUMENT_ROOT"]."/inc/auth.php");
    3. 

  3. require_once ($_SERVER["DOCUMENT_ROOT"]."/inc/languages/" . $language . ".php");
    4. 

  4. require_once ($_SERVER["DOCUMENT_ROOT"]."/inc/idfilter.php");
    5. 

  5. 

  6. global $default_user_ou_id;
    7. 

  7. global $default_hotspot_ou_id;
    8. 

  8. 

  9. $default_sort='ip_int';
    10. 

  10. require_once ($_SERVER['DOCUMENT_ROOT']."/inc/sortfilter.php");
    11. 

  11. 

  12. $msg_error = "";
    13. 

  13. 

  14. if (isset($_POST["edituser"])) {
    15. 

  15.     unset($new);
    16. 

  16.     $new["ou_id"] = $_POST["f_ou"] * 1;
    17. 

  17.     $new["filter_group_id"] = $_POST["f_filter"]*1;
    18. 

  18.     $new["queue_id"] = $_POST["f_queue"]*1;
    19. 

  19.     $new["login"] = trim($_POST["f_login"]);
    20. 

  20.     $new["fio"] = trim($_POST["f_fio"]);
    21. 

  21.     if ($default_user_ou_id == $new["ou_id"] or $default_hotspot_ou_id == $new["ou_id"]) {
    22. 

  22.         $new["enabled"] = 0;
    23. 

  23.         $new["blocked"] = 0;
    24. 

  24.         $new["day_quota"] = 0;
    25. 

  25.         $new["month_quota"] = 0;
    26. 

  26.         $auth["enabled"] = 0;
    27. 

  27.         $auth["blocked"] = 0;
    28. 

  28.     } else {
    29. 

  29.         $new["enabled"] = $_POST["f_enabled"] * 1;
    30. 

  30.         $new["blocked"] = $_POST["f_blocked"] * 1;
    31. 

  31.         $new["day_quota"] = trim($_POST["f_perday"]) * 1;
    32. 

  32.         $new["month_quota"] = trim($_POST["f_permonth"]) * 1;
    33. 

  33.     }
    34. 

  34.     $changes = get_diff_rec($db_link,"User_list","id='$id'", $new, 0);
    35. 

  35.     if (!empty($changes)) { LOG_WARNING($db_link,"Изменён пользователь id: $id. \r\nПрименено: $changes"); }
    36. 

  36.     update_record($db_link, "User_list", "id='$id'", $new);
    37. 

  37.     run_sql($db_link, "UPDATE User_auth SET ou_id=".$new["ou_id"]." WHERE user_id=".$id);
    38. 

  38.     run_sql($db_link, "UPDATE devices SET device_name=".$new["login"]." WHERE user_id=".$id);
    39. 

  39.     header("Location: " . $_SERVER["REQUEST_URI"]);
    40. 

  40.     exit;
    41. 

  41. }
    42. 

  42. 

  43. if (isset($_POST["addMacRule"])) {
    44. 

  44.     unset($new);
    45. 

  45.     $first_auth = get_record_sql($db_link,"SELECT mac FROM User_auth WHERE user_id=".$id." AND deleted=0 AND LENGTH(mac)>0 ORDER BY id");
    46. 

  46.     if (!empty($first_auth) and !empty($first_auth['mac'])) {
    47. 

  47.         $new['user_id']=$id;
    48. 

  48.         $new['type']=2;
    49. 

  49.         $new['rule']=$first_auth['mac'];
    50. 

  50. 	insert_record($db_link,"auth_rules",$new);
    51. 

  51. 	LOG_INFO($db_link,"Создано правило атоназначения юзеру id: ".$id." для мака ".$first_auth['mac']);
    52. 

  52. 	}
    53. 

  53.     header("Location: " . $_SERVER["REQUEST_URI"]);
    54. 

  54.     exit;
    55. 

  55. }
    56. 

  56. 

  57. if (isset($_POST["delMacRule"])) {
    58. 

  58.     run_sql($db_link,"DELETE FROM auth_rules WHERE user_id=".$id." AND type=2");
    59. 

  59.     LOG_INFO($db_link,"Удалены все правила атоназначения юзеру id: $id по маку");
    60. 

  60.     header("Location: " . $_SERVER["REQUEST_URI"]);
    61. 

  61.     exit;
    62. 

  62. }
    63. 

  63. 

  64. if (isset($_POST["showDevice"])) {
    65. 

  65.     $device = get_record_sql($db_link,"SELECT * FROM devices WHERE user_id=".$id);
    66. 

  66.     $auth = get_record_sql($db_link,"SELECT * FROM User_auth WHERE user_id=".$id);
    67. 

  67.     if (empty($device) and !empty($auth)) {
    68. 

  68. 	$sSQL = "SELECT * FROM User_list WHERE id=$id";
    69. 

  69. 	$user_info = get_record_sql($db_link, $sSQL);
    70. 

  70.         global $snmp_default_version;
    71. 

  71.         global $snmp_default_community;
    72. 

  72. 	$new['user_id']=$id;
    73. 

  73.         $new['device_name'] = $user_info['login'];
    74. 

  74.         $new['device_type'] = 5;
    75. 

  75.         $new['ip']=$auth['ip'];
    76. 

  76.         $new['community'] = $snmp_default_community;
    77. 

  77.         $new['snmp_version'] = $snmp_default_version;
    78. 

  78.         $new_id=insert_record($db_link, "devices", $new);
    79. 

  79.         unset($_POST);
    80. 

  80.         if (!empty($new_id)) {
    81. 

  81.             LOG_INFO($db_link, "Created device with id: $new_id for auth_id: $id");
    82. 

  82. 	    header("Location: /admin/devices/editdevice.php?id={$new_id}");
    83. 

  83. 	    exit;
    84. 

  84. 	    } else {
    85. 

  85. 	    header("Location: ".$_SERVER["REQUEST_URI"]);
    86. 

  86. 	    exit;
    87. 

  87. 	    }
    88. 

  88. 	}
    89. 

  89.     header("Location: /admin/devices/editdevice.php?id=".$device['id']);
    90. 

  90.     exit;
    91. 

  91. }
    92. 

  92. 

  93. if (isset($_POST["addauth"])) {
    94. 

  94.     $fip = substr(trim($_POST["newip"]), 0, 18);
    95. 

  95.     if (isset($_POST["newmac"])) { $fmac = mac_dotted(substr(trim($_POST["newmac"]), 0, 17)); }
    96. 

  96.     if ($fip) {
    97. 

  97.         if (checkValidIp($fip)) {
    98. 

  98.             $ip_aton = ip2long($fip);
    99. 

  99.             //search mac
    100. 

  100.             $mac_exists=find_mac_in_subnet($db_link,$fip,$fmac);
    101. 

  101.             if (isset($mac_exists) and $mac_exists['count']>=1 and !in_array($id,$mac_exists['users_id'])) {
    102. 

  102.                 $dup_sql = "SELECT * FROM User_list WHERE id=".$mac_exists['users_id']['0'];
    103. 

  103.                 $dup_info = get_record_sql($db_link, $dup_sql);
    104. 

  104.                 $msg_error="Mac already exists at another user in this subnet! Skip creating $fip [$fmac].<br>Old user id: ".$dup_info['id']." login: ".$dup_info['login'];
    105. 

  105.                 $_SESSION[$page_url]['msg'] = $msg_error;
    106. 

  106.                 LOG_ERROR($db_link, $msg_error);
    107. 

  107.                 header("Location: " . $_SERVER["REQUEST_URI"]);
    108. 

  108.                 exit;
    109. 

  109.                 }
    110. 

  110.             //disable dhcp for secondary ip
    111. 

  111.             $f_dhcp = 1;
    112. 

  112.             if (in_array($id,$mac_exists['users_id'])) { $f_dhcp = 0; }
    113. 

  113.             //search ip
    114. 

  114.             $dup_ip_record = get_record_sql($db_link, "SELECT * FROM User_auth WHERE `ip_int`=$ip_aton AND user_id<>".$id." AND deleted=0");
    115. 

  115.             if (!empty($dup_ip_record)) {
    116. 

  116.                 $dup_info = get_record_sql($db_link, "SELECT * FROM User_list WHERE id=".$dup_ip_record['user_id']);
    117. 

  117.                 $msg_error = "$fip already exists. Skip creating $fip [$fmac].<br>Old user id: ".$dup_info['id']." login: ".$dup_info['login'];
    118. 

  118.                 $_SESSION[$page_url]['msg'] = $msg_error;
    119. 

  119.                 LOG_ERROR($db_link, $msg_error);
    120. 

  120.                 header("Location: " . $_SERVER["REQUEST_URI"]);
    121. 

  121.                 exit;
    122. 

  122.                 }
    123. 

  123.             $fid = new_auth($db_link, $fip, $fmac, $id);
    124. 

  124.             if (!empty($fid)) {
    125. 

  125.                 $new['dhcp']=$f_dhcp;
    126. 

  126.                 update_record($db_link,"User_auth","id=".$fid,$new);
    127. 

  127.                 LOG_WARNING($db_link,"Создан новый адрес доступа: ip => $fip, mac => $fmac");
    128. 

  128.                 header("Location: /admin/users/editauth.php?id=".$fid);
    129. 

  129.                 exit;
    130. 

  130.                 }
    131. 

  131. 	    header("Location: " . $_SERVER["REQUEST_URI"]);
    132. 

  132. 	    exit;
    133. 

  133.     	    } else {
    134. 

  134.                 $msg_error = "$msg_ip_error xxx.xxx.xxx.xxx";
    135. 

  135.                 $_SESSION[$page_url]['msg'] = $msg_error;
    136. 

  136.     	    }
    137. 

  137. 	}
    138. 

  138.     header("Location: " . $_SERVER["REQUEST_URI"]);
    139. 

  139.     exit;
    140. 

  140.     }
    141. 

  141. 

  142. if (isset($_POST["removeauth"])) {
    143. 

  143.     $auth_id = $_POST["f_auth_id"];
    144. 

  144.     foreach ($auth_id as $key => $val) {
    145. 

  145.         if ($val) {
    146. 

  146.             run_sql($db_link, 'DELETE FROM connections WHERE auth_id='.$val);
    147. 

  147.             run_sql($db_link, 'DELETE FROM User_auth_alias WHERE auth_id='.$val);
    148. 

  148.             $auth["deleted"] = 1;
    149. 

  149.             $changes = get_diff_rec($db_link,"User_auth","id='$val'", '', 0);
    150. 

  150.             if (!empty($changes)) { LOG_WARNING($db_link,"Удалён адрес доступа: \r\n $changes"); }
    151. 

  151.             update_record($db_link, "User_auth", "id=" . $val, $auth);
    152. 

  152.         }
    153. 

  153.     }
    154. 

  154.     header("Location: " . $_SERVER["REQUEST_URI"]);
    155. 

  155.     exit;
    156. 

  156. }
    157. 

  157. 

  158. unset($_POST);
    159. 

  159. 

  160. $sSQL = "SELECT * FROM User_list WHERE id=$id";
    161. 

  161. $user_info = get_record_sql($db_link, $sSQL);
    162. 

  162. 

  163. require_once ($_SERVER["DOCUMENT_ROOT"]."/inc/header.php");
    164. 

  164. ?>
    165. 

  165. <div id="cont">
    166. 

  166. <?php
    167. 

  167. if (!empty($_SESSION[$page_url]['msg'])) {
    168. 

  168.     print '<div id="msg">'.$_SESSION[$page_url]['msg'].'</div>';
    169. 

  169.     unset($_SESSION[$page_url]['msg']);
    170. 

  170.     }
    171. 

  171. ?>
    172. 

  172. <form name="def" action="edituser.php?id=<?php echo $id; ?>" method="post">
    173. 

  173. <input type="hidden" name="id" value=<?php echo $id; ?>>
    174. 

  174. <table class="data">
    175. 

  175. <tr>
    176. 

  176. <td colspan=2><?php print $cell_login; ?></td>
    177. 

  177. <td colspan=2><?php print $cell_fio; ?></td>
    178. 

  178. <td colspan=2><?php print $cell_ou; ?></td>
    179. 

  179. </tr>
    180. 

  180. <tr>
    181. 

  181. <td colspan=2><input type="text" name="f_login" value="<?php print $user_info["login"]; ?>" size=25></td>
    182. 

  182. <td colspan=2><input type="text" name="f_fio" value="<?php print $user_info["fio"]; ?>" size=25></td>
    183. 

  183. <td colspan=2><?php print_ou_set($db_link, 'f_ou', $user_info["ou_id"]); ?></td>
    184. 

  184. </tr>
    185. 

  185. <tr>
    186. 

  186. <td colspan=2><?php print $cell_perday; ?></td>
    187. 

  187. <td colspan=2><?php print $cell_permonth; ?></td>
    188. 

  188. <td colspan=2><?php print $cell_blocked; ?></td>
    189. 

  189. </tr>
    190. 

  190. <tr>
    191. 

  191. <td colspan=2><input type="text" name="f_perday" value="<?php echo $user_info["day_quota"]; ?>" size=5></td>
    192. 

  192. <td colspan=2><input type="text" name="f_permonth" value="<?php echo $user_info["month_quota"]; ?>" size=5></td>
    193. 

  193. <td colspan=2><?php print_qa_select('f_blocked', $user_info["blocked"]); ?></td>
    194. 

  194. </tr>
    195. 

  195. <tr><td class=data colspan=6>Параметры для автоназначенных адресов:</td></tr>
    196. 

  196. <tr>
    197. 

  197. <td colspan=2><?php print $cell_filter; ?></td>
    198. 

  198. <td colspan=2><?php print $cell_shaper; ?></td>
    199. 

  199. <td colspan=2><?php print $cell_enabled; ?></td>
    200. 

  200. </tr>
    201. 

  201. <tr>
    202. 

  202. <td colspan=2><?php print_group_select($db_link, 'f_filter', $user_info["filter_group_id"]); ?></td>
    203. 

  203. <td colspan=2><?php print_queue_select($db_link, 'f_queue', $user_info["queue_id"]); ?></td>
    204. 

  204. <td colspan=2><?php print_qa_select('f_enabled', $user_info["enabled"]); ?></td>
    205. 

  205. </tr>
    206. 

  206. <tr>
    207. 

  207. <?php
    208. 

  208. print "<td>"; print_url("Список правил","/admin/users/edit_rules.php?id=$id"); print "</td>";
    209. 

  209. $rule_count = get_count_records($db_link,"auth_rules","user_id=".$id);
    210. 

  210. if ($rule_count>0) { print "<td > Count: ".$rule_count."</td>"; } else { print "<td></td>"; }
    211. 

  211. $first_auth = get_record_sql($db_link,"SELECT id FROM User_auth WHERE user_id=".$id." AND deleted=0 ORDER BY id");
    212. 

  212. if (!empty($first_auth)) {
    213. 

  213.     $mac_rule_count = get_count_records($db_link,"auth_rules","user_id=".$id." AND type=2");
    214. 

  214.     if (!empty($mac_rule_count)) { 
    215. 

  215. 	print "<td><input type=\"submit\" name=\"delMacRule\" value=".$btn_mac_del." ></td>";
    216. 

  216. 	} else {
    217. 

  217. 	print "<td><input type=\"submit\" name=\"addMacRule\" value=".$btn_mac_add." ></td>";
    218. 

  218. 	}
    219. 

  219.     } else { print "<td></td>"; }
    220. 

  220. ?>
    221. 

  221. <td colspan=3 align=right>Created: <?php print $user_info["timestamp"]; ?></td>
    222. 

  222. </tr>
    223. 

  223. <tr>
    224. 

  224. <?php print "<td colspan=2>"; print_url("Трафик за день","/admin/reports/userday.php?id=$id"); ?></td>
    225. 

  225. <td></td>
    226. 

  226. <td><input type="submit" name="showDevice" value=<?php print $btn_device; ?>></td>
    227. 

  227. <td></td>
    228. 

  228. <td align=right><input type="submit" name="edituser" value=<?php print $btn_save; ?>></td>
    229. 

  229. </tr>
    230. 

  230. </table>
    231. 

  231. <?php
    232. 

  232. if ($msg_error) { print "<div id='msg'><b>$msg_error</b></div><br>\n"; }
    233. 

  233. 

  234. $sort_table = 'User_auth';
    235. 

  235. $sort_url = "<a href=edituser.php?id=" . $id;
    236. 

  236. if ($id == $default_user_id or $id == $hotspot_user_id) { $default_sort = 'last_found DESC'; }
    237. 

  237. ?>
    238. 

  238. 

  239. <br><b>Список адресов доступа</b><br>
    240. 

  240. <table class="data">
    241. 

  241. <tr>
    242. 

  242. <td class="data">Новый адрес доступа IP:&nbsp<input type=text name=newip value=""></td>
    243. 

  243. <td class="data">Mac (необязательно):&nbsp<input type=text name=newmac value=""></td>
    244. 

  244. <td class="data"><input type="submit" name="addauth" value="Добавить"></td>
    245. 

  245. </tr>
    246. 

  246. </table>
    247. 

  247. 

  248. <table class="data">
    249. 

  249. <tr>
    250. 

  250. <td class="data"><input type="checkbox" onClick="checkAll(this.checked);"></td>
    251. 

  251. <td class="data"><?php print $sort_url . "&sort=ip_int&order=$new_order>" . $cell_ip . "</a>"; ?></td>
    252. 

  252. <td class="data"><?php print $sort_url . "&sort=mac&order=$new_order>" . $cell_mac . "</a>"; ?></td>
    253. 

  253. <td class="data"><?php print $cell_comment; ?></td>
    254. 

  254. <td class="data"><?php print $sort_url . "&sort=dns_name&order=$new_order>" . $cell_dns_name . "</a>"; ?></td>
    255. 

  255. <td class="data"><?php print $cell_enabled; ?></td>
    256. 

  256. <td class="data"><?php print $cell_dhcp; ?></td>
    257. 

  257. <td class="data"><?php print $cell_filter; ?></td>
    258. 

  258. <td class="data"><?php print $cell_shaper; ?></td>
    259. 

  259. <td class="data"><?php print $cell_perday."/<br>".$cell_permonth.", Mb"; ?></td>
    260. 

  260. <td class="data"><?php print $cell_connection; ?></td>
    261. 

  261. <td class="data"><?php print $sort_url . "&sort=timestamp&order=$new_order>Created</a>"; ?></td>
    262. 

  262. <td class="data">Last DHCP/ARP Event</td>
    263. 

  263. <td class="data"><?php print $sort_url . "&sort=last_found&order=$new_order>Last found</a>"; ?></td>
    264. 

  264. <td class="data"><?php print "<input type=\"submit\" onclick=\"return confirm('Применить для выделенных?')\" name=\"removeauth\" value=".$btn_remove.">"; ?></td>
    265. 

  265. </tr>
    266. 

  266. 

  267. <?php
    268. 

  268. 

  269. $flist=get_records($db_link,'User_auth',"user_id=".$id." and deleted=0 ORDER BY $sort_table.$sort_field $order");
    270. 

  270. if (!empty($flist)) {
    271. 

  271.     foreach ( $flist as $row ) {
    272. 

  272.         if ($row["dhcp_time"] == '0000-00-00 00:00:00') {
    273. 

  273.             $dhcp_str = '';
    274. 

  274.             } else {
    275. 

  275.             $dhcp_str = FormatDateStr('Y.m.d H:m',$row["dhcp_time"]) . " (" . $row["dhcp_action"] . ")";
    276. 

  276.             }
    277. 

  277.         if ($row["last_found"] == '0000-00-00 00:00:00') { $row["last_found"] = ''; }
    278. 

  278.         print "<tr align=center>\n";
    279. 

  279.         print "<td class=\"data\" style='padding:0'><input type=checkbox name=f_auth_id[] value=".$row["id"]." ></td>\n";
    280. 

  280.         print "<td class=\"data\" align=left><a href=editauth.php?id=".$row["id"].">" . $row["ip"] . "</a></td>\n";
    281. 

  281.         print "<td class=\"data\" >" . expand_mac($db_link,$row["mac"]) . "</td>\n";
    282. 

  282.         if (isset($row["dhcp_hostname"]) and strlen($row["dhcp_hostname"]) > 0) {
    283. 

  283.             print "<td class=\"data\" >".$row["comments"]." [" . $row["dhcp_hostname"] . "]</td>\n";
    284. 

  284.             } else {
    285. 

  285.             print "<td class=\"data\" >".$row["comments"]."</td>\n";
    286. 

  286.             }
    287. 

  287.         print "<td class=\"data\" >".$row["dns_name"]."</td>\n";
    288. 

  288.         $ip_status = 1;
    289. 

  289.         if ($row["blocked"] or !$row["enabled"]) { $ip_status = 0; }
    290. 

  290.         print "<td class=\"data\" >" . get_qa($ip_status). "</td>\n";
    291. 

  291.         print "<td class=\"data\" >" . get_qa($row["dhcp"]). "</td>\n";
    292. 

  292.         print "<td class=\"data\" >" . get_group($db_link, $row["filter_group_id"]) . "</td>\n";
    293. 

  293.         print "<td class=\"data\" >" . get_queue($db_link, $row["queue_id"]) . "</td>\n";
    294. 

  294.         print "<td class=\"data\" >".$row["day_quota"]."/".$row["month_quota"]."</td>\n";
    295. 

  295.         print "<td class=\"data\" >" . get_connection($db_link, $row["id"]) . "</td>\n";
    296. 

  296.         print "<td class=\"data\" >" . FormatDateStr('Y.m.d',$row["timestamp"]) . "</td>\n";
    297. 

  297.         print "<td class=\"data\" >" . $dhcp_str . "</td>\n";
    298. 

  298.         print "<td class=\"data\" >" . FormatDateStr('Y.m.d H:i',$row["last_found"]) . "</td>\n";
    299. 

  299.         print "<td class=\"data\" ></td></tr>";
    300. 

  300.         }
    301. 

  301.     }
    302. 

  302. ?>
    303. 

  303. </table>
    304. 

  304. </form>
    305. 

  305. <?php
    306. 

  306. require_once ($_SERVER["DOCUMENT_ROOT"]."/inc/footer.php");
    307. 

  307. ?>
    308.