1df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<?php 2df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 3df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtrequire('config.php'); 4df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 5df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$db = new PDO($osu_db); 6df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$db) { 7df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die($sqliteerror); 8df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 9df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 10df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_GET["id"])) { 11df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $id = $_GET["id"]; 12df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!is_numeric($id)) 13df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $id = 0; 14df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else 15df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $id = 0; 16df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_GET["cmd"])) 17df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $cmd = $_GET["cmd"]; 18df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse 19df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $cmd = ''; 20df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 21df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'eventlog' && $id > 0) { 22df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch(); 23df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $dump = $row['dump']; 24df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($dump[0] == '<') { 25df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header("Content-type: text/xml"); 26df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<?xml version=\"1.0\"?>\n"; 27df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo $dump; 28df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 29df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header("Content-type: text/plain"); 30df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo $dump; 31df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 32df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 33df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 34df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 35df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'mo' && $id > 0) { 36df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $mo = $_GET["mo"]; 37df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!isset($mo)) 38df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 39df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps") 40df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 41df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch(); 42df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header("Content-type: text/xml"); 43df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<?xml version=\"1.0\"?>\n"; 44df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo $row[$mo]; 45df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 46df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 47df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 48df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'cert' && $id > 0) { 49df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch(); 50df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header("Content-type: text/plain"); 51df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo $row['cert_pem']; 52df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 53df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 54df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 55df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt?> 56df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 57df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<html> 58df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<head><title>HS 2.0 users</title></head> 59df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<body> 60df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 61df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<?php 62df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 63df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'subrem-clear' && $id > 0) { 64df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET remediation='' WHERE rowid=$id"); 65df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 66df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'subrem-add-user' && $id > 0) { 67df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET remediation='user' WHERE rowid=$id"); 68df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 69df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'subrem-add-machine' && $id > 0) { 70df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id"); 71df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 72df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'subrem-add-policy' && $id > 0) { 73df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id"); 74df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 75df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'subrem-add-free' && $id > 0) { 76df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET remediation='free' WHERE rowid=$id"); 77df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 78df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'fetch-pps-on' && $id > 0) { 79df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id"); 80df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 81df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'fetch-pps-off' && $id > 0) { 82df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id"); 83df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 84df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == 'reset-pw' && $id > 0) { 85df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id"); 86df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 87df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) { 88df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $policy = $_GET["policy"]; 89df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($policy == "no-policy" || 90df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt is_readable("$osu_root/spp/policy/$policy.xml")) { 91df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id"); 92df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 93df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 94df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) { 95df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $type = $_GET["type"]; 96df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($type == "shared") 97df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET shared=1 WHERE rowid=$id"); 98df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($type == "default") 99df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET shared=0 WHERE rowid=$id"); 100df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 101df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 102df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($cmd == "set-osu-cred" && $id > 0) { 103df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $osu_user = $_POST["osu_user"]; 104df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $osu_password = $_POST["osu_password"]; 105df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strlen($osu_user) == 0) 106df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $osu_password = ""; 107df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id"); 108df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 109df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 110df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$dump = 0; 111df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 112df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($id > 0) { 113df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 114df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_GET["dump"])) { 115df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $dump = $_GET["dump"]; 116df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!is_numeric($dump)) 117df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $dump = 0; 118df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else 119df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $dump = 0; 120df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 121df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "[<a href=\"users.php\">All users</a>] "; 122df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($dump == 0) 123df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] "; 124df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse 125df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] "; 126df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<br>\n"; 127df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 128df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch(); 129df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 130df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n"; 131df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 132df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "MO: "; 133df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($row['devinfo']) > 0) { 134df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n"; 135df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 136df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($row['devdetail']) > 0) { 137df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n"; 138df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 139df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($row['pps']) > 0) { 140df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n"; 141df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 142df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($row['cert_pem']) > 0) { 143df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n"; 144df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 145df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<BR>\n"; 146df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 147df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "Fetch PPS MO: "; 148df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($row['fetch_pps'] == "1") { 149df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "On next connection " . 150df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" . 151df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "do not fetch</a>]<br>\n"; 152df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else { 153df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Do not fetch " . 154df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" . 155df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "request fetch</a>]<br>\n"; 156df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 157df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 158df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$cert = $row['cert']; 159df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($cert) > 0) { 160df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Certificate fingerprint: $cert<br>\n"; 161df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 162df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 163df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "Remediation: "; 164df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$rem = $row['remediation']; 165df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($rem == "") { 166df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Not required"; 167df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo " [<a href=\"users.php?cmd=subrem-add-user&id=" . 168df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">add:user</a>]"; 169df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" . 170df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">add:machine</a>]"; 171df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" . 172df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">add:policy</a>]"; 173df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo " [<a href=\"users.php?cmd=subrem-add-free&id=" . 174df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">add:free</a>]"; 175df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else if ($rem == "user") { 176df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "User [<a href=\"users.php?cmd=subrem-clear&id=" . 177df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">clear</a>]"; 178df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else if ($rem == "policy") { 179df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" . 180df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">clear</a>]"; 181df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else if ($rem == "free") { 182df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" . 183df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">clear</a>]"; 184df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else { 185df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" . 186df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">clear</a>]"; 187df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 188df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<br>\n"; 189df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 190df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<form>Policy: <select name=\"policy\" " . 191df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "onChange=\"window.location='users.php?cmd=policy&id=" . 192df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "&policy=' + this.value;\">\n"; 193df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] . 194df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "</option>\n"; 195df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$files = scandir("$osu_root/spp/policy"); 196df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtforeach ($files as $file) { 197df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!preg_match("/.xml$/", $file)) 198df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt continue; 199df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($file == $row['policy'] . ".xml") 200df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt continue; 201df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $p = substr($file, 0, -4); 202df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<option value=\"$p\">$p</option>\n"; 203df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 204df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<option value=\"no-policy\">no policy</option>\n"; 205df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "</select></form>\n"; 206df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 207df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<form>Account type: <select name=\"type\" " . 208df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "onChange=\"window.location='users.php?cmd=account-type&id=" . 209df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "&type=' + this.value;\">\n"; 210df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($row['shared'] > 0) { 211df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $default_sel = ""; 212df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $shared_sel = " selected"; 213df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else { 214df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $default_sel = " selected"; 215df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $shared_sel = ""; 216df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 217df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<option value=\"default\"$default_sel>default</option>\n"; 218df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<option value=\"shared\"$shared_sel>shared</option>\n"; 219df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "</select></form>\n"; 220df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 221df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "Phase 2 method(s): " . $row['methods'] . "<br>\n"; 222df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 223df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<br>\n"; 224df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<a href=\"users.php?cmd=reset-pw&id=" . 225df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['rowid'] . "\">Reset AAA password</a><br>\n"; 226df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 227df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<br>\n"; 228df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] . 229df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "\" method=\"POST\">\n"; 230df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "OSU credentials (if username empty, AAA credentials are used):<br>\n"; 231df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "username: <input type=\"text\" name=\"osu_user\" value=\"" . 232df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['osu_user'] . "\">\n"; 233df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "password: <input type=\"password\" name=\"osu_password\">\n"; 234df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<input type=\"submit\" value=\"Set OSU credentials\">\n"; 235df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "</form>\n"; 236df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 237df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<hr>\n"; 238df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 239df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$user = $row['identity']; 240df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$osu_user = $row['osu_user']; 241df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$realm = $row['realm']; 242df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 243df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 244df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($id > 0 || ($id == 0 && $cmd == 'eventlog')) { 245df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 246df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($id == 0) { 247df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php\">All users</a>] "; 248df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<br>\n"; 249df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 250df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 251df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<table border=1>\n"; 252df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<tr>"; 253df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($id == 0) { 254df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<th>user<th>realm"; 255df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 256df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<th>time<th>address<th>sessionID<th>notes"; 257df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($dump > 0) 258df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<th>dump"; 259df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "\n"; 260df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_GET["limit"])) { 261df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $limit = $_GET["limit"]; 262df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!is_numeric($limit)) 263df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $limit = 20; 264df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else 265df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $limit = 20; 266df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($id == 0) 267df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit"); 268df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse if (strlen($osu_user) > 0) 269df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); 270df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse 271df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); 272df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtforeach ($res as $row) { 273df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<tr>"; 274df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($id == 0) { 275df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['user'] . "\n"; 276df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['realm'] . "\n"; 277df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 278df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['timestamp'] . "\n"; 279df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['addr'] . "\n"; 280df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['sessionid'] . "\n"; 281df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['notes'] . "\n"; 282df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $d = $row['dump']; 283df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strlen($d) > 0) { 284df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] . 285df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "\">"; 286df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($d[0] == '<') 287df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "XML"; 288df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 289df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "txt"; 290df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "</a>]\n"; 291df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($dump > 0) 292df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . htmlspecialchars($d) . "\n"; 293df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 294df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 295df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "</table>\n"; 296df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 297df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 298df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 299df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 300df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($id == 0 && $cmd != 'eventlog') { 301df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 302df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] "; 303df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<br>\n"; 304df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 305df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<table border=1>\n"; 306df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n"; 307df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 308df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$res = $db->query('SELECT rowid,* FROM users WHERE phase2=1'); 309df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtforeach ($res as $row) { 310df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " . 311df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row['identity'] . " </a>"; 312df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['realm']; 313df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $rem = $row['remediation']; 314df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>"; 315df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($rem == "") { 316df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Not required"; 317df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else if ($rem == "user") { 318df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "User"; 319df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else if ($rem == "policy") { 320df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Policy"; 321df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else if ($rem == "free") { 322df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Free"; 323df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 324df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "Machine"; 325df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 326df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['policy']; 327df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($row['shared'] > 0) 328df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>shared"; 329df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 330df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>default"; 331df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>" . $row['methods']; 332df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<td>"; 333df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $xml = xml_parser_create(); 334df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_parse_into_struct($xml, $row['devinfo'], $devinfo); 335df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt foreach($devinfo as $k) { 336df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($k['tag'] == 'DEVID') { 337df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo $k['value']; 338df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt break; 339df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 340df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 341df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "\n"; 342df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 343df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho "</table>\n"; 344df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 345df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 346df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 347df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt?> 348df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 349df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt</html> 350