Changeset 258

Timestamp:

06/13/05 16:26:30 (20 years ago)

Author:

Kris Deugau

Message:

/trunk

Add (very) limited user management to admin.cgi - add and
delete users from users table.

File:

• trunk/cgi-bin/admin.cgi (modified) (4 diffs)

trunk/cgi-bin/admin.cgi

@@ -90 +90 @@
 </form>
 <hr><a href="admin.cgi?action=showpools">List IP Pools</a> for manual tweaking and updates
-<hr><a href="admin.cgi?action=showACL">Change ACLs</a> (change internal access controls -
-note that this does NOT include IP-based limits)
+<hr><a href="admin.cgi?action=showusers">Manage users</a> (add/remove users;  change
+internal access controls - note that this does NOT include IP-based limits)
 );
 } else {
@@ -276 +276 @@
     syslog "notice", "$authuser updated pool IP $webvar{ip}";
   }
-} elsif ($webvar{action} eq 'showACL') {
+} elsif ($webvar{action} eq 'showusers') {
   print "Notes:<br>\n".
-        "<li>Users must be added to .htpasswd from the shell, for the time being.\n".
-        "<li>New accounts will be added to the ACL here every time this page is loaded.\n".
-        "<li>Old accounts will NOT be automatically deleted;  they must be removed via shell.\n".
-        "<li>Admin users automatically get all other priviledges.\n";
-# open .htpasswd, and snag the userlist.
-  $sth = $ip_dbh->prepare("select count (*) from users where username=?");
-  open HTPASS, "<../../.htpasswd" or carp "BOO! No .htpasswd file!";
-  while (<HTPASS>) {
-    my ($username,$encpwd) = split /:/;
-    $sth->execute($username);
-    my @data = $sth->fetchrow_array;
-    if ($data[0] eq '0') {
-      my $sth2 = $ip_dbh->prepare("insert into users (username,password) values ('$username','$encpwd')");
-      $sth2->execute;
-      print "$username added with read-only privs to ACL<br>\n";
-    }
-  }
+        "<li>Admin users automatically get all other priviledges.\n".
+        "<hr>Add new user:<form action=admin.cgi method=POST>\n".
+        "Username: <input name=username><br>\n".
+        "Password: <input name=password><br>\n".
+        "<input type=submit value='Add user'><input type=hidden name=action value=newuser></form>\n";
 
   print "<hr>Users with access:\n<table border=1>\n";
@@ -311 +299 @@
         "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
         "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
-        qq(></td><td><input type=submit value="Update"></td></tr></form>\n);
+        qq(></td><td><input type=submit value="Update"></td></form>\n).
+        "<form action=admin.cgi method=POST><td><input type=hidden name=action value=deluser>".
+        "<input type=hidden name=username value=$data[0]>".
+        qq(<input type=submit value="Delete user"></tr></form>\n);
 
   }
@@ -331 +322 @@
   print "OK\n" if !$sth->err;
 
-  print qq(<hr><a href="admin.cgi?action=showACL">Back</a> to ACL listing\n);
+  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
+
+} elsif ($webvar{action} eq 'newuser') {
+  print "Adding user $webvar{username}...\n";
+  my $cr_pass = crypt $webvar{password},
+        join('',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64]);
+  $sth = $ip_dbh->prepare("insert into users (username,password,acl) values ".
+        "('$webvar{username}','$cr_pass','b')");
+  $sth->execute;
+  if ($sth->err) {
+    print "<br>Error adding user: ".$sth->errstr;
+  } else {
+    print "OK\n";
+  }
+
+  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
+
+} elsif ($webvar{action} eq 'deluser') {
+  print "Deleting user $webvar{username}.<br>\n";
+  $sth = $ip_dbh->prepare("delete from users where username='$webvar{username}'");
+  $sth->execute;
+  print "OK\n" if !$sth->err;
+
+  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
 
 } elsif ($webvar{action} ne '<NULL>') {