X-Git-Url: http://git.pjr.cc/?a=blobdiff_plain;f=authserver%2Fwww%2Fadmin.php;h=7f2c8a39f3efe3a38a5242b674efc8e41d9e1cd2;hb=c3c37cd9f486175adf0351de80c19efd02892ca6;hp=fa6f6df4abab23054dc73c90dd322b9ba5d32dc2;hpb=0938694abe67f09a9a21f922a3178a6be9e59e63;p=ga4php.git

diff --git a/authserver/www/admin.php b/authserver/www/admin.php
index fa6f6df..7f2c8a3 100644
--- a/authserver/www/admin.php
+++ b/authserver/www/admin.php
@@ -11,16 +11,84 @@
  * then user admin would be less disconnected. I.e. if a user was deleted from AD, their token
  * data should disappear with them.
  */
-require_once("actions.php");
+require_once("admin_actions.php");
 
 // the logged in component
 if($loggedin) {
 ?>
 <h1>GAAS Manager</h1>
-Welcome to the Google Authenticator Authentication Server Manager Application<br>
+Welcome to the Google Authenticator Authentication Server Manager Application - <a href="?showhelp">Show Help</a><br>
+
+<?php 
+if(isset($_REQUEST["message"])) {
+	echo "<font color=\"green\">".$_REQUEST["message"]."</font>";
+} 
+if(isset($_REQUEST["error"])) {
+	echo "<font color=\"red\">".$_REQUEST["error"]."</font>";
+} 
+
+
+if(isset($_REQUEST["showhelp"])) {
+	echo "<hr>";
+	?>
+On this page, you create users and manage their tokens and passwords. A few notes,<br>
+<li> Passwords are *ONLY* for this page, if you assign a password to a user they can login here
+and edit anyone, including you
+<li> OTK/One-Time-Keys are the QRcode for provisioning a GA token, it can only be viewed once
+and once viewed is deleted. If you need a new one, you need to re-create a key.
+<li> TOTP tokens are time based tokens that change every 30 seconds, HOTP tokens are event tokens
+that change everytime they are used or generated
+<li> In the OTK, the "Get (User URL)" link is a link you can send to a user to retrieve their key
+	<?php 
+} 
+
+if(isset($_REQUEST["edituser"])) {
+	$username = $_REQUEST["edituser"];
+?>
+
+<h2>Editing user, <?php echo $username ?></h2><br>
+<form method="post" action="?action=edituser&username=<?php echo $username ?>">
+<input type="hidden" name="original_real" value="<?php echo $_REQUEST["realname"] ?>">
+<table>
+<tr><td>Real Name:</td><td><input type="text" name="realname" value="<?php echo $_REQUEST["realname"] ?>"></td></tr>
+<tr><td>Password:</td><td><input type="password" name="password"></td></tr>
+<tr><td>Confirm Password:</td><td><input type="password" name="password_conf"></td></tr>
+</table>
+<input type="submit" value="Update">
+</form>
+<?php
+if($myAC->getUserTokenType($username)=="HOTP") {
+?> 
+<form method="post" action="?action=synctoken&username=<?php echo $username?>">
+<h3>Resync Tokens</h3>
+<table>
+<tr><td>Token One</td><td><input type="text" name="tokenone"></td></tr>
+<tr><td>Token Two</td><td><input type="text" name="tokentwo"></td></tr>
+</table>
+<input type="submit" value="Sync">
+</form>
+<?php
+}
+?> 
+
+<form method="post" action="?action=customtoken&username=<?php echo $username ?>">
+<h3>Custom Tokens</h3><br>
+For assiging in a user-created or hardware tokens.<br>
+If you assign a token this way, any previous token is removed and forever gone.<br>
+Token Key (hex) <input type="text" name="tokenkey"><br>
+Token Type 
+<select name="tokentype">
+<option value="HOTP">HOTP</option>
+<option value="TOTP">TOTP</option>
+</select><br>
+<input type="submit" value="Set">
+</form>
+<?php
+} else {
+?>
 <hr><h2>Users</h2>
 <table border="1">
-<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>OTK</th><th>Update</th><th>Delete</th></tr>
+<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>One Time Key</th><th>Delete</th></tr>
 <?php
 $users = $myAC->getUsers();
 foreach($users as $user) {
@@ -29,31 +97,47 @@ foreach($users as $user) {
 	if($user["realname"] == "") $realname = "";
 	else $realname = $user["realname"];
 	
-	if($user["haspass"]) $haspass = "Yes <input type=\"password\" name=\"password\"> <a href=\"index.php?action=deletepass&username=$username\">Delete Password</a>";
-	else $haspass = "No <input type=\"password\" name=\"password\">";
-	
-	if($user["hastoken"]) $hastoken = "Yes";
-	else $hastoken = "No";
+	if($user["haspass"]) $haspass = "Yes <a href=\"?action=deletepass&username=$username\">Delete Password</a>";
+	else $haspass = "No";
 	
-	if($user["otk"]!="") $otk = "<a href=\"index.php?action=getotk&username=$username\">Get</a>";
+	if($user["otk"]=="deleted") $otk = "OTK Was Not Picked Up";
+	else if($user["otk"]!="") $otk = "<a href=\"?action=getotk&username=$username&otk=".$user["otk"]."\">Get (admin)</a> <a href=\"index.php?gettoken&username=$username&otkid=".$user["otk"]."\">Get (User URL)</a>";
 	else $otk = "Already Claimed";
 	
+	if($user["hastoken"]) $hastoken = "Yes <a href=\"?action=recreatehotptoken&username=$username\">Re-Create (HOTP)</a> <a href=\"?action=recreatetotptoken&username=$username\">Re-Create (TOTP)</a> <a href=\"?action=deletetoken&username=$username\">Delete</a>";
+	else {
+		$hastoken = "No <a href=\"?action=recreatehotptoken&username=$username\">Create (HOTP)</a> <a href=\"?action=recreatetotptoken&username=$username\">Create (TOTP)</a>";
+		if($user["otk"]!="deleted")$otk = "No Token Exists";
+	}
+	
 	$delete = "<a href=\"?action=delete&username=$username\">Delete</a>";
 	
-	echo "<form method=\"post\" action=\"?action=update&username=$username\"><tr><td>$username</td><td><input type=\"text\" name=\"realname\" value=\"$realname\"></td><td>$haspass</td>";
-	echo "<td>$hastoken</td><td>$otk</td><td><input type=\"submit\" value=\"Update\"></td><td>$delete</td><tr></form>";
-} 
+	echo "<tr>";
+	echo "<td><a href=\"?edituser=$username&realname=$realname\">$username</a></td><td>$realname</td><td>$haspass</td>";
+	echo "<td>$hastoken</td><td>$otk</td><td>$delete</td><tr></form>";
+}
 ?>
 </table><br>
-<form method="post" action="?action=createuser">Create User: <input type="text" name="username"> <input type="submit" value="Create"></form>
+<form method="post" action="?action=createuser">Create User(s) - Enter a comma seperated list of usernames: <input type="text" name="username" size="120"> <input type="submit" value="Create"></form>
 
+<?php
+
+
+if(isset($_REQUEST["action"])) if($_REQUEST["action"] == "getotk") {
+	$username = $_REQUEST["username"];
+	$otk = $_REQUEST["otk"];
+	echo "<hr>Got One Time Key for user $username, this one-time-key can only be retrieved once, after that it is deleted<br>";
+	echo "<img src=\"?action=getotkimg&username=$username&otk=$otk\" alt=\"one time key error\"><br>";
+} 
+
+?>
 <hr><h2>Radius Clients</h2>
 Not yet implemented
 
-<hr><a href="?action=logout">Logout</a>
+<hr><a href="?action=logout">Logout</a> <a href="admin.php">Home</a>
 
 <?php 
-
+} // edit users
 
 } else {
 	
@@ -71,7 +155,10 @@ Not yet implemented
 <h1>GAAS Manager Login</h1>
 <?php
 if(isset($_REQUEST["message"])) {
-	echo "<font color=\"red\">Login Failed</font>";
+	echo "<font color=\"green\">".$_REQUEST["message"]."</font>";
+} 
+if(isset($_REQUEST["error"])) {
+	echo "<font color=\"red\">".$_REQUEST["error"]."</font>";
 } 
 ?>
 <form method="post" action="?action=login">
@@ -82,5 +169,5 @@ if(isset($_REQUEST["message"])) {
 </table>
 </form>
 <?php
-}
+} //loggedin
 ?>
\ No newline at end of file

Username	RealName	Has Password?	Has Token?	OTK	Update	Delete
Username	RealName	Has Password?	Has Token?	One Time Key	Delete
$username		$haspass	$hastoken	$otk		$delete
$username	$realname	$haspass	$hastoken	$otk	$delete