From 636005b90d7e680893f4440c6f108c4aec58badb Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Fri, 30 Nov 2007 23:07:35 +0000
Subject: [PATCH] Better batch validation and UI

---
 useradmin/CHANGELOG      |  1 +
 useradmin/batch_exec.cgi | 17 ++++++++
 useradmin/batch_form.cgi | 92 ++++++++++++++++++++--------------------
 useradmin/lang/en        | 10 ++++-
 4 files changed, 73 insertions(+), 47 deletions(-)
diff --git a/useradmin/CHANGELOG b/useradmin/CHANGELOG
index 1b3994096..f6d7ff1bc 100644
--- a/useradmin/CHANGELOG
+++ b/useradmin/CHANGELOG
@@ -36,3 +36,4 @@ In a user batch file, # is only treated as a comment at the start of a line.
 ---- Changes since 1.380 ----
 The real base directory for homes is now respected when batch creating users.
 Improved MD5 encryption auto-detection with newer PAM config files.
+Batch user creation data is now better validated, and the batch form has been re-written to use the new Webmin UI library.
diff --git a/useradmin/batch_exec.cgi b/useradmin/batch_exec.cgi
index 40a784774..422f796cf 100755
--- a/useradmin/batch_exec.cgi
+++ b/useradmin/batch_exec.cgi
@@ -116,6 +116,13 @@ foreach $line (split(/[\r\n]+/, $data)) {
 				}
 			}
 
+		# Make sure all min/max fields are numeric
+		$err = &validate_batch_minmax(\%user, $lnum);
+		if ($err) {
+			print $err,"\n";
+			next;
+			}
+
 		# Parse common fields
 		if (!$line[1]) {
 			print &text('batch_eline', $lnum),"\n";
@@ -646,3 +653,13 @@ foreach $g (@glist) {
 return @secs;
 }
 
+sub validate_batch_minmax
+{
+local ($user, $lnum) = @_;
+foreach my $f ('min', 'max', 'warn', 'inactive', 'expire', 'change') {
+	$user->{$f} =~ /^(\-|\+|)\d*$/ ||
+		return &text('batch_e'.$f, $lnum, $user->{$f});
+	}
+return undef;
+}
+
diff --git a/useradmin/batch_form.cgi b/useradmin/batch_form.cgi
index 625d8c3f9..c7dc18b87 100755
--- a/useradmin/batch_form.cgi
+++ b/useradmin/batch_form.cgi
@@ -7,82 +7,82 @@ require './user-lib.pl';
 $access{'batch'} || &error($text{'batch_ecannot'});
 &ui_print_header(undef, $text{'batch_title'}, "");
 
+# Instructions
+print &ui_hidden_start($text{'batch_instr'}, "instr", 0, "batch_form.cgi");
 print "$text{'batch_desc'}\n";
 $pft = &passfiles_type();
 print "<p><tt>",$text{'batch_desc'.$pft},"</tt><p>\n";
 print "$text{'batch_descafter'}<br>\n";
 print "$text{'batch_descafter2'}\n";
+print &ui_hidden_end("instr");
 
-print "<form action=batch_exec.cgi method=post enctype=multipart/form-data>\n";
-print "<table>\n";
+print &ui_form_start("batch_exec.cgi", "form-data");
+print &ui_table_start($text{'batch_header'}, undef, 2);
 
-print "<tr> <td valign=top><b>$text{'batch_source'}</b></td> <td>\n";
-print "<input type=radio name=source value=0 checked> ",
-      "$text{'batch_source0'} <input type=file name=file><br>\n";
-print "<input type=radio name=source value=1> ",
-      "$text{'batch_source1'} <input name=local size=30> ",
-      &file_chooser_button("local"),"<br>\n";
-print "<input type=radio name=source value=2> ",
-      "$text{'batch_source2'}<br><textarea name=text rows=5 cols=50></textarea>",
-      "</td> </tr>\n";
+# Source file
+print &ui_table_row($text{'batch_source'},
+	&ui_radio_table("source", 0,
+	  [ [ 0, $text{'batch_source0'}, &ui_upload("file") ],
+	    [ 1, $text{'batch_source1'}, &ui_textbox("local", undef, 40)." ".
+					 &file_chooser_button("local") ],
+	    [ 2, $text{'batch_source2'}, &ui_textarea("text", undef, 5, 60) ]
+	  ]));
 
 if ($access{'cothers'} == 1 || $access{'mothers'} == 1 ||
     $access{'dothers'} == 1) {
-	print "<tr> <td><b>$text{'batch_others'}</b></td>\n";
-	printf "<td><input name=others type=radio value=1 %s> $text{'yes'}\n",
-		$config{'default_other'} ? "checked" : "";
-	printf "<input name=others type=radio value=0 %s> $text{'no'}</td> </tr>\n",
-		$config{'default_other'} ? "" : "checked";
+	# Do other modules?
+	print &ui_table_row($text{'batch_others'},
+		&ui_yesno_radio("others", int($config{'default_other'})));
 	}
 
-print "<tr> <td><b>$text{'batch_batch'}</b></td>\n";
-print "<td><input name=batch type=radio value=1> $text{'yes'}\n";
-print "<input name=batch type=radio value=0 checked> $text{'no'}</td> </tr>\n";
+# Only run post-command at end?
+print &ui_table_row($text{'batch_batch'},
+	&ui_yesno_radio("batch", 0));
 
 if ($access{'makehome'}) {
-	print "<tr> <td><b>$text{'batch_makehome'}</b></td>\n";
-	print "<td><input name=makehome type=radio value=1 checked> $text{'yes'}\n";
-	print "<input name=makehome type=radio value=0> $text{'no'}</td> </tr>\n";
+	# Create home dir
+	print &ui_table_row($text{'batch_makehome'},
+		&ui_yesno_radio("makehome", 1));
 	}
 
 if ($access{'copy'} && $config{'user_files'} =~ /\S/) {
-	print "<tr> <td><b>$text{'batch_copy'}</b></td>\n";
-	print "<td><input name=copy type=radio value=1 checked> $text{'yes'}\n";
-	print "<input name=copy type=radio value=0> $text{'no'}</td> </tr>\n";
+	# Copy files to homes
+	print &ui_table_row($text{'batch_copy'},
+		&ui_yesno_radio("copy", 1));
 	}
 
 if ($access{'movehome'}) {
-	print "<tr> <td><b>$text{'batch_movehome'}</b></td>\n";
-	print "<td><input name=movehome type=radio value=1 checked> $text{'yes'}\n";
-	print "<input name=movehome type=radio value=0> $text{'no'}</td> </tr>\n";
+	# Move home dirs
+	print &ui_table_row($text{'batch_movehome'},
+		&ui_yesno_radio("movehome", 1));
 	}
 
 if ($access{'chuid'}) {
-	print "<tr> <td><b>$text{'batch_chuid'}</b></td>\n";
-	print "<td><input type=radio name=chuid value=0> $text{'no'}\n";
-	print "<input type=radio name=chuid value=1 checked> $text{'home'}\n";
-	print "<input type=radio name=chuid value=2> ",
-	      "$text{'uedit_allfiles'}</td></tr>\n";
+	# Update UIDs on files
+	print &ui_table_row($text{'batch_chuid'},
+		&ui_radio("chuid", 1, [ [ 0, $text{'no'} ],
+					[ 1, $text{'home'} ],
+					[ 2, $text{'uedit_allfiles'} ] ]));
 	}
 
 if ($access{'chgid'}) {
-	print "<tr> <td><b>$text{'batch_chgid'}</b></td>\n";
-	print "<td><input type=radio name=chgid value=0> $text{'no'}\n";
-	print "<input type=radio name=chgid value=1 checked> $text{'home'}\n";
-	print "<input type=radio name=chgid value=2> ",
-	      "$text{'uedit_allfiles'}</td></tr>\n";
+	# Update GIDs on files
+	print &ui_table_row($text{'batch_chgid'},
+		&ui_radio("chgid", 1, [ [ 0, $text{'no'} ],
+					[ 1, $text{'home'} ],
+					[ 2, $text{'uedit_allfiles'} ] ]));
 	}
 
-print "<tr> <td><b>$text{'batch_delhome'}</b></td>\n";
-print "<td><input name=delhome type=radio value=1 checked> $text{'yes'}\n";
-print "<input name=delhome type=radio value=0> $text{'no'}</td> </tr>\n";
+# Delete home dirs
+print &ui_table_row($text{'batch_delhome'},
+	&ui_yesno_radio("delhome", 1));
 
-print "<tr> <td><b>$text{'batch_crypt'}</b></td>\n";
-print "<td><input name=crypt type=radio value=1> $text{'yes'}\n";
-print "<input name=crypt type=radio value=0 checked> $text{'no'}</td> </tr>\n";
+# Encrypt password
+print &ui_table_row($text{'batch_crypt'},
+	&ui_yesno_radio("crypt", 1));
 
-print "<tr> <td><input type=submit value=\"$text{'batch_upload'}\"></td> </tr>\n";
-print "</table></form>\n";
+print &ui_table_end();
+print &ui_form_end([ [ undef, $text{'batch_upload'} ] ]);
 
 &ui_print_footer("", $text{'index_return'});
 
diff --git a/useradmin/lang/en b/useradmin/lang/en
index 8b97f11ba..aba31848a 100644
--- a/useradmin/lang/en
+++ b/useradmin/lang/en
@@ -353,7 +353,7 @@ batch_descafter2=In <b>modify</b> lines, an empty field will be taken to mean th
 batch_source=Batch data source
 batch_source0=Upload file
 batch_source1=File on server
-batch_source2=Text in box below
+batch_source2=Text in box
 batch_others=Create, modify or delete users in other modules?
 batch_batch=Only update users file when batch is complete?
 batch_makehome=Create home directories for created users?
@@ -388,6 +388,14 @@ batch_edaccess=You are not allowed to delete the user at line $1 : $2
 batch_crypt=Passwords are already encrypted?
 batch_return=batch form
 batch_eother=But an error occurred in another module : $1
+batch_emin=Invalid minimum days on line $1 : $2
+batch_emax=Invalid maximum days on line $1 : $2
+batch_ewarn=Invalid warning days on line $1 : $2
+batch_einactive=Invalid inactive days on line $1 : $2
+batch_eexpire=Invalid expiry day on line $1 : $2
+batch_echange=Invalid password change day on line $1 : $2
+batch_instr=Instructions and batch format
+batch_header=Batch user creation, update and deletion options
 
 who_title=Logged In Users
 who_user=Unix user

$text{'batch_source'}	\n"; -print " ", - "$text{'batch_source0'} \n"; -print " ", - "$text{'batch_source1'} ", - &file_chooser_button("local")," \n"; -print " ", - "$text{'batch_source2'} ", - "
$text{'batch_others'}	$text{'yes'}\n", - $config{'default_other'} ? "checked" : ""; - printf " $text{'no'}
$text{'batch_batch'}	$text{'yes'}\n"; -print " $text{'no'}
$text{'batch_makehome'}	$text{'yes'}\n"; - print " $text{'no'}
$text{'batch_copy'}	$text{'yes'}\n"; - print " $text{'no'}
$text{'batch_movehome'}	$text{'yes'}\n"; - print " $text{'no'}
$text{'batch_chuid'}	$text{'no'}\n"; - print " $text{'home'}\n"; - print " ", - "$text{'uedit_allfiles'}
$text{'batch_chgid'}	$text{'no'}\n"; - print " $text{'home'}\n"; - print " ", - "$text{'uedit_allfiles'}
$text{'batch_delhome'}	$text{'yes'}\n"; -print " $text{'no'}
$text{'batch_crypt'}	$text{'yes'}\n"; -print " $text{'no'}