printTrail('role'); $misc->printTitle($lang['strcreaterole'],'pg.role.create'); $misc->printMsg($msg); echo "

{$lang['strname']}	_maxNameLen}\" name=\"formRolename\" value=\"", htmlspecialchars($_POST['formRolename']), "\" />
{$lang['strpassword']}
{$lang['strconfirm']}
{$lang['strsuper']}
{$lang['strcreatedb']}
{$lang['strcancreaterole']}
{$lang['strinheritsprivs']}
{$lang['strcanlogin']}
{$lang['strconnlimit']}
{$lang['strexpires']}
{$lang['strmemberof']}	\n"; echo "\t\t\t\n"; echo "\t\t
{$lang['strmembers']}	\n"; echo "\t\t\t\n"; echo "\t\t
{$lang['stradminmembers']}	\n"; echo "\t\t\t\n"; echo "\t\t

\n"; echo "

\n"; echo $misc->form; echo "\n"; echo "

\n"; echo "

\n"; } /** * Actually creates the new role in the database */ function doSaveCreate() { global $data, $lang; if(!isset($_POST['memberof'])) $_POST['memberof'] = array(); if(!isset($_POST['members'])) $_POST['members'] = array(); if(!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array(); // Check data if ($_POST['formRolename'] == '') doCreate($lang['strroleneedsname']); else if ($_POST['formPassword'] != $_POST['formConfirm']) doCreate($lang['strpasswordconfirm']); else { $status = $data->createRole($_POST['formRolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers']); if ($status == 0) doDefault($lang['strrolecreated']); else doCreate($lang['strrolecreatedbad']); } } /** * Function to allow alter a role */ function doAlter($msg = '') { global $data, $misc; global $lang; $misc->printTrail('role'); $misc->printTitle($lang['stralter'],'pg.role.alter'); $misc->printMsg($msg); $roledata = $data->getRole($_REQUEST['rolename']); if ($roledata->recordCount() > 0) { $server_info = $misc->getServerInfo(); $canRename = $data->hasUserRename() && ($_REQUEST['rolename'] != $server_info['username']); $roledata->fields['rolsuper'] = $data->phpBool($roledata->fields['rolsuper']); $roledata->fields['rolcreatedb'] = $data->phpBool($roledata->fields['rolcreatedb']); $roledata->fields['rolcreaterole'] = $data->phpBool($roledata->fields['rolcreaterole']); $roledata->fields['rolinherit'] = $data->phpBool($roledata->fields['rolinherit']); $roledata->fields['rolcanlogin'] = $data->phpBool($roledata->fields['rolcanlogin']); if (!isset($_POST['formExpires'])){ if ($canRename) $_POST['formNewRoleName'] = $roledata->fields['rolname']; if ($roledata->fields['rolsuper']) $_POST['formSuper'] = ''; if ($roledata->fields['rolcreatedb']) $_POST['formCreateDB'] = ''; if ($roledata->fields['rolcreaterole']) $_POST['formCreateRole'] = ''; if ($roledata->fields['rolinherit']) $_POST['formInherits'] = ''; if ($roledata->fields['rolcanlogin']) $_POST['formCanLogin'] = ''; $_POST['formConnLimit'] = $roledata->fields['rolconnlimit'] == '-1' ? '' : $roledata->fields['rolconnlimit']; $_POST['formExpires'] = $roledata->fields['rolvaliduntil'] == 'infinity' ? '' : $roledata->fields['rolvaliduntil']; $_POST['formPassword'] = ''; } echo "

\n"; echo "\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; if (!isset($_POST['memberof'])) { $memberof = $data->getMemberOf($_REQUEST['rolename']); if ($memberof->recordCount() > 0) { $i = 0; while (!$memberof->EOF) { $_POST['memberof'][$i++] = $memberof->fields['rolname']; $memberof->moveNext(); } } else $_POST['memberof'] = array(); $memberofold = implode(',', $_POST['memberof']); } if (!isset($_POST['members'])) { $members = $data->getMembers($_REQUEST['rolename']); if ($members->recordCount() > 0) { $i = 0; while (!$members->EOF) { $_POST['members'][$i++] = $members->fields['rolname']; $members->moveNext(); } } else $_POST['members'] = array(); $membersold = implode(',', $_POST['members']); } if (!isset($_POST['adminmembers'])) { $adminmembers = $data->getMembers($_REQUEST['rolename'], 't'); if ($adminmembers->recordCount() > 0) { $i = 0; while (!$adminmembers->EOF) { $_POST['adminmembers'][$i++] = $adminmembers->fields['rolname']; $adminmembers->moveNext(); } } else $_POST['adminmembers'] = array(); $adminmembersold = implode(',', $_POST['adminmembers']); } $roles = $data->getRoles($_REQUEST['rolename']); if ($roles->recordCount() > 0) { echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; $roles->moveFirst(); echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; $roles->moveFirst(); echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; } echo "

{$lang['strname']}	", ($canRename ? "_maxNameLen}\" value=\"" . htmlspecialchars($_POST['formNewRoleName']) . "\" />" : $misc->printVal($roledata->fields['rolname'])), "
{$lang['strpassword']}
{$lang['strconfirm']}
{$lang['strsuper']}
{$lang['strcreatedb']}
{$lang['strcancreaterole']}
{$lang['strinheritsprivs']}
{$lang['strcanlogin']}
{$lang['strconnlimit']}
{$lang['strexpires']}
{$lang['strmemberof']}	\n"; echo "\t\t\t\n"; echo "\t\t
{$lang['strmembers']}	\n"; echo "\t\t\t\n"; echo "\t\t
{$lang['stradminmembers']}	\n"; echo "\t\t\t\n"; echo "\t\t

\n"; echo "

\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo $misc->form; echo "\n"; echo "

\n"; echo "

\n"; } else echo "

{$lang['strnodata']}

\n"; } /** * Function to save after editing a role */ function doSaveAlter() { global $data, $lang; if(!isset($_POST['memberof'])) $_POST['memberof'] = array(); if(!isset($_POST['members'])) $_POST['members'] = array(); if(!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array(); // Check name and password if (isset($_POST['formNewRoleName']) && $_POST['formNewRoleName'] == '') doAlter($lang['strroleneedsname']); else if ($_POST['formPassword'] != $_POST['formConfirm']) doAlter($lang['strpasswordconfirm']); else { if (isset($_POST['formNewRoleName'])) $status = $data->setRenameRole($_POST['rolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers'], $_POST['memberofold'], $_POST['membersold'], $_POST['adminmembersold'], $_POST['formNewRoleName']); else $status = $data->setRole($_POST['rolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers'], $_POST['memberofold'], $_POST['membersold'], $_POST['adminmembersold']); if ($status == 0) doDefault($lang['strrolealtered']); else doAlter($lang['strrolealteredbad']); } } /** * Show confirmation of drop a role and perform actual drop */ function doDrop($confirm) { global $data, $misc; global $lang; if ($confirm) { $misc->printTrail('role'); $misc->printTitle($lang['strdroprole'],'pg.role.drop'); echo "

", sprintf($lang['strconfdroprole'], $misc->printVal($_REQUEST['rolename'])), "

\n"; echo "\n"; } else { $status = $data->dropRole($_REQUEST['rolename']); if ($status == 0) doDefault($lang['strroledropped']); else doDefault($lang['strroledroppedbad']); } } /** * Show the properties of a role */ function doProperties($msg = '') { global $data, $misc; global $lang; $misc->printTrail('role'); $misc->printTitle($lang['strproperties'],'pg.role'); $misc->printMsg($msg); $roledata = $data->getRole($_REQUEST['rolename']); if($roledata->recordCount() > 0 ) { $roledata->fields['rolsuper'] = $data->phpBool($roledata->fields['rolsuper']); $roledata->fields['rolcreatedb'] = $data->phpBool($roledata->fields['rolcreatedb']); $roledata->fields['rolcreaterole'] = $data->phpBool($roledata->fields['rolcreaterole']); $roledata->fields['rolinherit'] = $data->phpBool($roledata->fields['rolinherit']); $roledata->fields['rolcanlogin'] = $data->phpBool($roledata->fields['rolcanlogin']); echo "\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "

Description	Value
{$lang['strname']}	", htmlspecialchars($_REQUEST['rolename']), "
{$lang['strsuper']}	", (($roledata->fields['rolsuper']) ? $lang['stryes'] : $lang['strno']), "
{$lang['strcreatedb']}	", (($roledata->fields['rolcreatedb']) ? $lang['stryes'] : $lang['strno']), "
{$lang['strcancreaterole']}	", (($roledata->fields['rolcreaterole']) ? $lang['stryes'] : $lang['strno']), "
{$lang['strinheritsprivs']}	", (($roledata->fields['rolinherit']) ? $lang['stryes'] : $lang['strno']), "
{$lang['strcanlogin']}	", (($roledata->fields['rolcanlogin']) ? $lang['stryes'] : $lang['strno']), "
{$lang['strconnlimit']}	", ($roledata->fields['rolconnlimit'] == '-1' ? $lang['strnolimit'] : $misc->printVal($roledata->fields['rolconnlimit'])), "
{$lang['strexpires']}	", ($roledata->fields['rolvaliduntil'] == 'infinity' \|\| is_null($roledata->fields['rolvaliduntil']) ? $lang['strnever'] : $misc->printVal($roledata->fields['rolvaliduntil'])), "
{$lang['strsessiondefaults']}	", $misc->printVal($roledata->fields['rolconfig']), "
{$lang['strmemberof']}	"; $memberof = $data->getMemberOf($_REQUEST['rolename']); if ($memberof->recordCount() > 0) { while (!$memberof->EOF) { echo $misc->printVal($memberof->fields['rolname']), " \n"; $memberof->moveNext(); } } echo "
{$lang['strmembers']}	"; $members = $data->getMembers($_REQUEST['rolename']); if ($members->recordCount() > 0) { while (!$members->EOF) { echo $misc->printVal($members->fields['rolname']), " \n"; $members->moveNext(); } } echo "
{$lang['stradminmembers']}	"; $adminmembers = $data->getMembers($_REQUEST['rolename'], 't'); if ($adminmembers->recordCount() > 0) { while (!$adminmembers->EOF) { echo $misc->printVal($adminmembers->fields['rolname']), " \n"; $adminmembers->moveNext(); } } echo "

\n"; } else echo "

{$lang['strnodata']}

\n"; $navlinks = array ( 'showall' => array ( 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'server' => $_REQUEST['server'] ) ) ), 'content' => $lang['strshowallroles'] ), 'alter' => array ( 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'action' => 'alter', 'server' => $_REQUEST['server'], 'rolename' => $_REQUEST['rolename'] ) ) ), 'content' => $lang['stralter'] ), 'drop' => array ( 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'action' => 'confirm_drop', 'server' => $_REQUEST['server'], 'rolename' => $_REQUEST['rolename'] ) ) ), 'content' => $lang['strdrop'] ) ); $misc->printNavLinks($navlinks, 'roles-properties', get_defined_vars()); } /** * If a role is not a superuser role, then we have an 'account management' * page for change his password, etc. We don't prevent them from * messing with the URL to gain access to other role admin stuff, because * the PostgreSQL permissions will prevent them changing anything anyway. */ function doAccount($msg = '') { global $data, $misc; global $lang; $server_info = $misc->getServerInfo(); $roledata = $data->getRole($server_info['username']); $_REQUEST['rolename'] = $server_info['username']; $misc->printTrail('role'); $misc->printTabs('server','account'); $misc->printMsg($msg); if ($roledata->recordCount() > 0) { $roledata->fields['rolsuper'] = $data->phpBool($roledata->fields['rolsuper']); $roledata->fields['rolcreatedb'] = $data->phpBool($roledata->fields['rolcreatedb']); $roledata->fields['rolcreaterole'] = $data->phpBool($roledata->fields['rolcreaterole']); $roledata->fields['rolinherit'] = $data->phpBool($roledata->fields['rolinherit']); echo "\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\t\n"; echo "\t\n

{$lang['strname']}	{$lang['strsuper']}	{$lang['strcreatedb']}	{$lang['strcancreaterole']}	{$lang['strinheritsprivs']}	{$lang['strconnlimit']}	{$lang['strexpires']}	{$lang['strsessiondefaults']}
", $misc->printVal($roledata->fields['rolname']), "	", $misc->printVal($roledata->fields['rolsuper'], 'yesno'), "	", $misc->printVal($roledata->fields['rolcreatedb'], 'yesno'), "	", $misc->printVal($roledata->fields['rolcreaterole'], 'yesno'), "	", $misc->printVal($roledata->fields['rolinherit'], 'yesno'), "	", ($roledata->fields['rolconnlimit'] == '-1' ? $lang['strnolimit'] : $misc->printVal($roledata->fields['rolconnlimit'])), "	", ($roledata->fields['rolvaliduntil'] == 'infinity' \|\| is_null($roledata->fields['rolvaliduntil']) ? $lang['strnever'] : $misc->printVal($roledata->fields['rolvaliduntil'])), "	", $misc->printVal($roledata->fields['rolconfig']), "

\n"; } else echo "

{$lang['strnodata']}

\n"; $misc->printNavLinks(array ('changepassword' => array ( 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'action' => 'confchangepassword', 'server' => $_REQUEST['server'] ) ) ), 'content' => $lang['strchangepassword'] )), 'roles-account', get_defined_vars()); } /** * Show confirmation of change password and actually change password */ function doChangePassword($confirm, $msg = '') { global $data, $misc; global $lang, $conf; $server_info = $misc->getServerInfo(); if ($confirm) { $_REQUEST['rolename'] = $server_info['username']; $misc->printTrail('role'); $misc->printTitle($lang['strchangepassword'],'pg.role.alter'); $misc->printMsg($msg); if (!isset($_POST['password'])) $_POST['password'] = ''; if (!isset($_POST['confirm'])) $_POST['confirm'] = ''; echo "

\n"; echo "\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "\t\n\t\t\n"; echo "\t\t\n\t\n"; echo "

{$lang['strpassword']}
{$lang['strconfirm']}

\n"; echo "

\n"; echo $misc->form; echo "\n"; echo "\n"; echo "

\n"; } else { // Check that password is minimum length if (strlen($_POST['password']) < $conf['min_password_length']) doChangePassword(true, $lang['strpasswordshort']); // Check that password matches confirmation password elseif ($_POST['password'] != $_POST['confirm']) doChangePassword(true, $lang['strpasswordconfirm']); else { $status = $data->changePassword($server_info['username'], $_POST['password']); if ($status == 0) doAccount($lang['strpasswordchanged']); else doAccount($lang['strpasswordchangedbad']); } } } /** * Show default list of roles in the database */ function doDefault($msg = '') { global $data, $misc; global $lang; function renderRoleConnLimit($val) { global $lang; return $val == '-1' ? $lang['strnolimit'] : htmlspecialchars($val); } function renderRoleExpires($val) { global $lang; return $val == 'infinity' ? $lang['strnever'] : htmlspecialchars($val); } $misc->printTrail('server'); $misc->printTabs('server','roles'); $misc->printMsg($msg); $roles = $data->getRoles(); $columns = array( 'role' => array( 'title' => $lang['strrole'], 'field' => field('rolname'), 'url' => "redirect.php?subject=role&action=properties&{$misc->href}&", 'vars' => array('rolename' => 'rolname'), ), 'superuser' => array( 'title' => $lang['strsuper'], 'field' => field('rolsuper'), 'type' => 'yesno', ), 'createdb' => array( 'title' => $lang['strcreatedb'], 'field' => field('rolcreatedb'), 'type' => 'yesno', ), 'createrole' => array( 'title' => $lang['strcancreaterole'], 'field' => field('rolcreaterole'), 'type' => 'yesno', ), 'inherits' => array( 'title' => $lang['strinheritsprivs'], 'field' => field('rolinherit'), 'type' => 'yesno', ), 'canloging' => array( 'title' => $lang['strcanlogin'], 'field' => field('rolcanlogin'), 'type' => 'yesno', ), 'connlimit' => array( 'title' => $lang['strconnlimit'], 'field' => field('rolconnlimit'), 'type' => 'callback', 'params'=> array('function' => 'renderRoleConnLimit') ), 'expires' => array( 'title' => $lang['strexpires'], 'field' => field('rolvaliduntil'), 'type' => 'callback', 'params'=> array('function' => 'renderRoleExpires', 'null' => $lang['strnever']), ), 'actions' => array( 'title' => $lang['stractions'], ), ); $actions = array( 'alter' => array( 'content' => $lang['stralter'], 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'action' => 'alter', 'rolename' => field('rolname') ) ) ) ), 'drop' => array( 'content' => $lang['strdrop'], 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'action' => 'confirm_drop', 'rolename' => field('rolname') ) ) ) ), ); $misc->printTable($roles, $columns, $actions, 'roles-roles', $lang['strnoroles']); $navlinks = array ( 'create' => array ( 'attr'=> array ( 'href' => array ( 'url' => 'roles.php', 'urlvars' => array ( 'action' => 'create', 'server' => $_REQUEST['server'] ) ) ), 'content' => $lang['strcreaterole'] ) ); $misc->printNavLinks($navlinks, 'roles-roles', get_defined_vars()); } $misc->printHeader($lang['strroles']); $misc->printBody(); switch ($action) { case 'create': doCreate(); break; case 'save_create': if (isset($_POST['create'])) doSaveCreate(); else doDefault(); break; case 'alter': doAlter(); break; case 'save_alter': if (isset($_POST['alter'])) doSaveAlter(); else doDefault(); break; case 'confirm_drop': doDrop(true); break; case 'drop': if (isset($_POST['drop'])) doDrop(false); else doDefault(); break; case 'properties': doProperties(); break; case 'confchangepassword': doChangePassword(true); break; case 'changepassword': if (isset($_REQUEST['ok'])) doChangePassword(false); else doAccount(); break; case 'account': doAccount(); break; default: doDefault(); } $misc->printFooter(); ?>