From e07d2e84999c45f899aa37513917f7fda7484a7b Mon Sep 17 00:00:00 2001
From: arjen <arjen>
Date: Fri, 21 Feb 2003 08:44:19 +0000
Subject: [PATCH] Add a new user and make him/her a member of a group. Change
 of passwords added.

---
 src/web/users.php | 61 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 52 insertions(+), 9 deletions(-)

diff --git a/src/web/users.php b/src/web/users.php
index 300c4fb..3af9ea5 100644
--- a/src/web/users.php
+++ b/src/web/users.php
@@ -7,9 +7,9 @@
 ***************************************************************************
 ** MODULE INFORMATION *
 ***********************
-**      FILE NAME      : user.php
+**      FILE NAME      : users.php
 **      SYSTEM NAME    : Gnucomo - Gnu Computer Monitoring
-**      VERSION NUMBER : $Revision: 1.2 $
+**      VERSION NUMBER : $Revision: 1.3 $
 **
 **  DESCRIPTION      :  User Administration page.
 **                      Input parameters: action (POST) : empty, 'Create'
@@ -23,18 +23,22 @@
 ********************************
 **      ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
 **      CREATION DATE   : Dec 04, 2002
-**      LAST UPDATE     : Feb 08, 2003
+**      LAST UPDATE     : Feb 14, 2003
 **      MODIFICATIONS   : 
 **************************************************************************/
 
 /*****************************
    $Log: users.php,v $
-   Revision 1.2  2003-02-13 09:01:29  arjen
+   Revision 1.3  2003-02-21 08:44:19  arjen
+   Add a new user and make him/her a member of a group.
+   Change of passwords added.
+
+   Revision 1.2  2003/02/13 09:01:29  arjen
    All web interface pages use the page class.
 
 ******************************/
 
-// RCSID = "$Id: users.php,v 1.2 2003-02-13 09:01:29 arjen Exp $";
+// RCSID = "$Id: users.php,v 1.3 2003-02-21 08:44:19 arjen Exp $";
 
 ini_set('include_path', '.:./classes:../phpclasses');
 
@@ -74,6 +78,20 @@ function CheckRemove(f)
    return confirm(message);
 }
 
+function CheckPW(f)
+{
+   if (f.passwd.value == "")
+   {
+      alert("You must supply a password");
+      return false;
+   }
+   if (f.passwd.value != f.pwverify.value)
+   {
+      alert("Passwords don't match");
+      return false;
+   }
+   return true;
+}
 </script>
 
 <?php
@@ -88,10 +106,17 @@ class user_page extends page
 
    if (isset($_POST['action']) && $_POST['action'] == 'Create' && !empty($_POST['username']))
    {
-      pg_exec($this->database, "CREATE USER " . $_POST['username'] . " PASSWORD '"
-                      . $_POST['passwd'] . "'");
-      pg_exec($this->database, "INSERT INTO usr (username, security_level) VALUES ('"
+      $query = "CREATE USER " . $_POST['username'] . " PASSWORD '"
+                      . $_POST['passwd'] . "' IN GROUP " . $_POST['group'];
+      if (pg_exec($this->database, $query) == FALSE)
+      {
+         echo "You can not create a new user.<br>";
+      }
+      else
+      {
+         pg_exec($this->database, "INSERT INTO usr (username, security_level) VALUES ('"
                      . $_POST['username'] . "','" . $_POST['seclevel'] . "')");
+      }
    }
 
    if (isset($_POST['action']) && $_POST['action'] == 'Remove' && !empty($_POST['username']))
@@ -100,7 +125,13 @@ class user_page extends page
       pg_exec($this->database, "DROP USER " . $_POST['username']);
    }
 
-   $res = pg_exec($this->database, "SELECT username, security_level FROM usr");
+   if (isset($_POST['action']) && $_POST['action'] == 'Change Password')
+   {
+      pg_exec($this->database, "ALTER USER " . $_SESSION['username'] .
+                               " PASSWORD '" . $_POST['passwd'] . "'");
+   }
+
+   $res = pg_exec($this->database, "SELECT username, security_level FROM usr ORDER BY username");
 
    echo "<table>";
    $usr = 0;
@@ -136,6 +167,11 @@ class user_page extends page
 
 <form action='users.php' method='post' onSubmit='return CheckCreate(this)'>
 User name: <input name='username' type='text'>
+Group: <select name='group'>
+<option value='view'>View</option>
+<option value='ops'>Operator</option>
+<option value='admin'>Admin</option>
+</select>
 Security level: <select name='seclevel'>
 <option value='1'>1</option>
 <option value='2'>2</option>
@@ -151,6 +187,13 @@ Verify password: <input type='password' name='pwverify'>
 </form>
 </p>
 
+<h2>Change your password:</h2>
+<form action='users.php' method='post' onSubmit='return CheckPW(this)'>
+New Password: <input type='password' name='passwd'>
+Verify password: <input type='password' name='pwverify'>
+<br>
+<input type='submit' name='action' value='Change Password'>
+</form>
 <?php
    }
 }
-- 
2.11.0