Ignore:
Timestamp:
06/13/05 16:26:30 (20 years ago)
Author:
Kris Deugau
Message:

/trunk

Add (very) limited user management to admin.cgi - add and
delete users from users table.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/cgi-bin/admin.cgi

    r256 r258  
    9090</form>
    9191<hr><a href="admin.cgi?action=showpools">List IP Pools</a> for manual tweaking and updates
    92 <hr><a href="admin.cgi?action=showACL">Change ACLs</a> (change internal access controls -
    93 note that this does NOT include IP-based limits)
     92<hr><a href="admin.cgi?action=showusers">Manage users</a> (add/remove users;  change
     93internal access controls - note that this does NOT include IP-based limits)
    9494);
    9595} else {
     
    276276    syslog "notice", "$authuser updated pool IP $webvar{ip}";
    277277  }
    278 } elsif ($webvar{action} eq 'showACL') {
     278} elsif ($webvar{action} eq 'showusers') {
    279279  print "Notes:<br>\n".
    280         "<li>Users must be added to .htpasswd from the shell, for the time being.\n".
    281         "<li>New accounts will be added to the ACL here every time this page is loaded.\n".
    282         "<li>Old accounts will NOT be automatically deleted;  they must be removed via shell.\n".
    283         "<li>Admin users automatically get all other priviledges.\n";
    284 # open .htpasswd, and snag the userlist.
    285   $sth = $ip_dbh->prepare("select count (*) from users where username=?");
    286   open HTPASS, "<../../.htpasswd" or carp "BOO! No .htpasswd file!";
    287   while (<HTPASS>) {
    288     my ($username,$encpwd) = split /:/;
    289     $sth->execute($username);
    290     my @data = $sth->fetchrow_array;
    291     if ($data[0] eq '0') {
    292       my $sth2 = $ip_dbh->prepare("insert into users (username,password) values ('$username','$encpwd')");
    293       $sth2->execute;
    294       print "$username added with read-only privs to ACL<br>\n";
    295     }
    296   }
     280        "<li>Admin users automatically get all other priviledges.\n".
     281        "<hr>Add new user:<form action=admin.cgi method=POST>\n".
     282        "Username: <input name=username><br>\n".
     283        "Password: <input name=password><br>\n".
     284        "<input type=submit value='Add user'><input type=hidden name=action value=newuser></form>\n";
    297285
    298286  print "<hr>Users with access:\n<table border=1>\n";
     
    311299        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
    312300        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
    313         qq(></td><td><input type=submit value="Update"></td></tr></form>\n);
     301        qq(></td><td><input type=submit value="Update"></td></form>\n).
     302        "<form action=admin.cgi method=POST><td><input type=hidden name=action value=deluser>".
     303        "<input type=hidden name=username value=$data[0]>".
     304        qq(<input type=submit value="Delete user"></tr></form>\n);
    314305
    315306  }
     
    331322  print "OK\n" if !$sth->err;
    332323
    333   print qq(<hr><a href="admin.cgi?action=showACL">Back</a> to ACL listing\n);
     324  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
     325
     326} elsif ($webvar{action} eq 'newuser') {
     327  print "Adding user $webvar{username}...\n";
     328  my $cr_pass = crypt $webvar{password},
     329        join('',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64]);
     330  $sth = $ip_dbh->prepare("insert into users (username,password,acl) values ".
     331        "('$webvar{username}','$cr_pass','b')");
     332  $sth->execute;
     333  if ($sth->err) {
     334    print "<br>Error adding user: ".$sth->errstr;
     335  } else {
     336    print "OK\n";
     337  }
     338
     339  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
     340
     341} elsif ($webvar{action} eq 'deluser') {
     342  print "Deleting user $webvar{username}.<br>\n";
     343  $sth = $ip_dbh->prepare("delete from users where username='$webvar{username}'");
     344  $sth->execute;
     345  print "OK\n" if !$sth->err;
     346
     347  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
    334348
    335349} elsif ($webvar{action} ne '<NULL>') {
Note: See TracChangeset for help on using the changeset viewer.