Scripting and using auth.inc functions



  • I want to create a script that looks for expired users and deletes them automatically. I stumbled over the function is_account_expired($username) . But somehow it's not working when I try it in the php-Shell. I followed the problem back to the function getUserEntry($username) and somehow the returned array is always empty. Is the result even an array or did I completely understand something wrong?

    What am I doing wrong?

    pfSense shell: require_once("auth.inc");
    pfSense shell: $user = getUserEntry(blubtest);  <- I tried it with " or ', there is just no result 
    pfSense shell: print_r($user);
    pfSense shell: exec
    pfSense shell:
    


  • $name = "user.name";
    $user = getUserEntry($name);
    var_dump($user);
    

    This returns me an array with lots of user details when I put a valid user name string in "user.name".



  • Really strange. It's not working here, I always get result NULL even if I search for the user admin.

    I now tried a workaround that seems to be working. I took the needed functions, altered them and saved them as auth_addon.inc in /etc/inc so I later can include them in my script.

    
    function & getUserEntryByName($name) {
            global $debug, $config;
    
            $userindex_ff = index_users();
    
            if (isset($userindex_ff[$name]))
                    return $config['system']['user'][$userindex_ff[$name]];
    }
    
    function getUserExpirationDate($username) {
            $user = getUserEntryByName($username);
            if ($user['expires'])
                    return $user['expires'];
    }
    
    function isAccountExpired($username) {
            $expirydate = getUserExpirationDate($username);
            if ($expirydate) {
                    if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($expirydate))))
                            return true;
            }
    
            return false;
    }
    ?>
    
    

    Normally $userindex in the getUserEntry-function is a global variable but somehow it's not set. My PHP-Skills are not very good but as I understand, it's definitely defined in auth.inc on linenumber 196.
    So I changed that in "my" getUserEntryByName-function and now I have the features I need.

    Anyway it really would interest me what I am doing wrong on my pfSense - I also tried the commands on a nearly fresh installed pfSense with the same result - NULL. It's the 2.1 version.



  • I have finished my script for the autoremoval of expired users and it seems to work  :)
    I created the file delete_expired_users.php in /usr/local/bin and set the needed permission (chmod 755) and added a cronjob running once a day, the auth_addon.inc from above is placed in /etc/inc

    Use at your own risk!

    
    #!/usr/local/bin/php -f
    
    require_once("auth.inc");
    require_once("auth_addon.inc");
    
    // How many users are there?
    $id = count($config['system']['user']);
    
    // We must begin our search for expired users with the last useable ID
    // Else strange things happen to the config.xml :)
    $check_id = $id - 1;
    
    // Check all found users except ID 0 - it's the admin, no need to check him
    while ($check_id != 0) {
     // Get the username
     $uname = $config['system']['user'][$check_id]['name'];
    
     // Get the user's expirydate
     $uexpirydate = $config['system']['user'][$check_id]['expires'];
    
     echo "USER: ".$uname."\n";
     echo "EXPIRES: ".$uexpirydate."\n";
    
     // Check if the user is expired - function of auth_addon.inc
     if ( isAccountExpired($uname) ) {
      echo "EXPIRED: YES \n";
    
      // Delete user locally - function of auth.inc
      local_user_del($config['system']['user'][$check_id]);
    
      // Delete user in config - function of auth.inc
      unset($config['system']['user'][$check_id]);
      echo "USER DELETED! \n";
    
     } else {
      // User isn't expired or has no expirydate set
      echo "EXPIRED: NO \n";
     }
     echo "### \n";
    
     // Next ID
     $check_id = $check_id - 1;
    }
    
    // Write the new config
    write_config();
    
    ?>
    
    

Log in to reply