mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 15:39:33 +00:00
a10d6c4f7d
The special characters were URL encoded during HTTP request and saved in URL encoded form. The login used the unencoded password instead, and this resulted in a password hash mismatch which prevented user login. Now the password hash is calculated on the unencoded password.
49 lines
1.5 KiB
Lua
49 lines
1.5 KiB
Lua
--
|
|
-- (C) 2013-17 - ntop.org
|
|
--
|
|
|
|
dirs = ntop.getDirs()
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
|
|
require "lua_utils"
|
|
|
|
sendHTTPHeader('text/html; charset=iso-8859-1')
|
|
|
|
if(haveAdminPrivileges()) then
|
|
username = _POST["username"]
|
|
full_name = _POST["full_name"]
|
|
password = _POST["password"]
|
|
confirm_password = _POST["confirm_password"]
|
|
host_role = _POST["user_role"]
|
|
networks = _POST["allowed_networks"]
|
|
allowed_interface = _POST["allowed_interface"]
|
|
host_pool_id = _POST["host_pool_id"]
|
|
limited_lifetime = _POST["lifetime_limited"]
|
|
lifetime_secs = tonumber((_POST["lifetime_secs"] or -1))
|
|
|
|
if(username == nil or full_name == nil or password == nil or confirm_password == nil or host_role == nil or networks == nil or allowed_interface == nil) then
|
|
print ("{ \"result\" : -1, \"message\" : \"Invalid parameters\" }")
|
|
return
|
|
end
|
|
|
|
if(password ~= confirm_password) then
|
|
print ("{ \"result\" : -1, \"message\" : \"Passwords do not match: typo?\" }")
|
|
return
|
|
end
|
|
|
|
local ret = false
|
|
|
|
if(ntop.addUser(username, full_name, unescapeHTML(password), host_role, networks, getInterfaceName(allowed_interface), host_pool_id)) then
|
|
ret = true
|
|
|
|
if limited_lifetime and not ntop.addUserLifetime(username, lifetime_secs) then
|
|
ret = false
|
|
end
|
|
|
|
end
|
|
|
|
if ret then
|
|
print ("{ \"result\" : 0, \"message\" : \"User added successfully\" }")
|
|
else
|
|
print ("{ \"result\" : -1, \"message\" : \"Error while adding new user\" }")
|
|
end
|
|
end
|