Ignore:
Timestamp:
06/13/05 16:45:27 (20 years ago)
Author:
Kris Deugau
Message:

/branches/stable

Backport admin tool update supporting (very) basic user add/delete
from /trunk r258 and r259.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/stable/cgi-bin/admin.cgi

    r252 r260  
    9191</form>
    9292<hr><a href="admin.cgi?action=showpools">List IP Pools</a> for manual tweaking and updates
    93 <hr><a href="admin.cgi?action=showACL">Change ACLs</a> (change internal access controls -
    94 note that this does NOT include IP-based limits)
     93<hr><a href="admin.cgi?action=showusers">Manage users</a> (add/remove users;  change
     94internal access controls - note that this does NOT include IP-based limits)
    9595);
    9696} else {
     
    292292    syslog "notice", "$authuser updated pool IP $webvar{ip}";
    293293  }
    294 } elsif ($webvar{action} eq 'showACL') {
     294} elsif ($webvar{action} eq 'showusers') {
    295295  print "Notes:<br>\n".
    296         "<li>Users must be added to .htpasswd from the shell, for the time being.\n".
    297         "<li>New accounts will be added to the ACL here every time this page is loaded.\n".
    298         "<li>Old accounts will NOT be automatically deleted;  they must be removed via shell.\n".
    299         "<li>Admin users automatically get all other priviledges.\n";
    300 # open .htpasswd, and snag the userlist.
    301   $sth = $ip_dbh->prepare("select count (*) from users where username=?");
    302   open HTPASS, "<../../.htpasswd" or carp "BOO! No .htpasswd file!";
    303   while (<HTPASS>) {
    304     chomp;
    305     my ($username,$encpwd) = split /:/;
    306     $sth->execute($username);
    307     my @data = $sth->fetchrow_array;
    308     if ($data[0] eq '0') {
    309       my $sth2 = $ip_dbh->prepare("insert into users (username,password) values ('$username','$encpwd')");
    310       $sth2->execute;
    311       print "$username added with read-only privs to ACL<br>\n";
    312     }
    313   }
     296        "<li>Admin users automatically get all other priviledges.\n".
     297        "<hr>Add new user:<form action=admin.cgi method=POST>\n".
     298        "Username: <input name=username><br>\n".
     299        "Password: <input name=password> <input type=checkbox name=preenc>Password is pre-encrypted (MUST be crypt() encrypted)<br>\n".
     300        "<input type=submit value='Add user'><input type=hidden name=action value=newuser></form>\n";
    314301
    315302  print "<hr>Users with access:\n<table border=1>\n";
     
    328315        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
    329316        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
    330         qq(></td><td><input type=submit value="Update"></td></tr></form>\n);
     317        qq(></td><td><input type=submit value="Update"></td></form>\n).
     318        "<form action=admin.cgi method=POST><td><input type=hidden name=action value=deluser>".
     319        "<input type=hidden name=username value=$data[0]>".
     320        qq(<input type=submit value="Delete user"></tr></form>\n);
    331321
    332322  }
     
    348338  print "OK\n" if !$sth->err;
    349339
    350   print qq(<hr><a href="admin.cgi?action=showACL">Back</a> to ACL listing\n);
     340  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
     341
     342} elsif ($webvar{action} eq 'newuser') {
     343  print "Adding user $webvar{username}...\n";
     344  my $cr_pass = ($webvar{preenc} ? $webvar{password} :
     345        crypt $webvar{password}, join('',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64]));
     346  $sth = $ip_dbh->prepare("insert into users (username,password,acl) values ".
     347        "('$webvar{username}','$cr_pass','b')");
     348  $sth->execute;
     349  if ($sth->err) {
     350    print "<br>Error adding user: ".$sth->errstr;
     351  } else {
     352    print "OK\n";
     353  }
     354
     355  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
     356
     357} elsif ($webvar{action} eq 'deluser') {
     358  print "Deleting user $webvar{username}.<br>\n";
     359  $sth = $ip_dbh->prepare("delete from users where username='$webvar{username}'");
     360  $sth->execute;
     361  print "OK\n" if !$sth->err;
     362
     363  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
    351364
    352365} elsif ($webvar{action} ne '<NULL>') {
Note: See TracChangeset for help on using the changeset viewer.