Scripting and using auth.inc functions

BBQigniter · Jan 13, 2014, 1:31 PM

I want to create a script that looks for expired users and deletes them automatically. I stumbled over the function is_account_expired($username) . But somehow it's not working when I try it in the php-Shell. I followed the problem back to the function getUserEntry($username) and somehow the returned array is always empty. Is the result even an array or did I completely understand something wrong?

What am I doing wrong?

pfSense shell: require_once("auth.inc");
pfSense shell: $user = getUserEntry(blubtest);  <- I tried it with " or ', there is just no result 
pfSense shell: print_r($user);
pfSense shell: exec
pfSense shell:

phil.davis · Jan 14, 2014, 3:39 AM

$name = "user.name";
$user = getUserEntry($name);
var_dump($user);

This returns me an array with lots of user details when I put a valid user name string in "user.name".

BBQigniter · Jan 14, 2014, 7:55 AM

Really strange. It's not working here, I always get result NULL even if I search for the user admin.

I now tried a workaround that seems to be working. I took the needed functions, altered them and saved them as auth_addon.inc in /etc/inc so I later can include them in my script.


function & getUserEntryByName($name) {
        global $debug, $config;

        $userindex_ff = index_users();

        if (isset($userindex_ff[$name]))
                return $config['system']['user'][$userindex_ff[$name]];
}

function getUserExpirationDate($username) {
        $user = getUserEntryByName($username);
        if ($user['expires'])
                return $user['expires'];
}

function isAccountExpired($username) {
        $expirydate = getUserExpirationDate($username);
        if ($expirydate) {
                if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($expirydate))))
                        return true;
        }

        return false;
}
?>

Normally $userindex in the getUserEntry-function is a global variable but somehow it's not set. My PHP-Skills are not very good but as I understand, it's definitely defined in auth.inc on linenumber 196.
So I changed that in "my" getUserEntryByName-function and now I have the features I need.

Anyway it really would interest me what I am doing wrong on my pfSense - I also tried the commands on a nearly fresh installed pfSense with the same result - NULL. It's the 2.1 version.

BBQigniter · Jan 15, 2014, 8:32 AM

I have finished my script for the autoremoval of expired users and it seems to work :)
I created the file delete_expired_users.php in /usr/local/bin and set the needed permission (chmod 755) and added a cronjob running once a day, the auth_addon.inc from above is placed in /etc/inc

Use at your own risk!


#!/usr/local/bin/php -f

require_once("auth.inc");
require_once("auth_addon.inc");

// How many users are there?
$id = count($config['system']['user']);

// We must begin our search for expired users with the last useable ID
// Else strange things happen to the config.xml :)
$check_id = $id - 1;

// Check all found users except ID 0 - it's the admin, no need to check him
while ($check_id != 0) {
 // Get the username
 $uname = $config['system']['user'][$check_id]['name'];

 // Get the user's expirydate
 $uexpirydate = $config['system']['user'][$check_id]['expires'];

 echo "USER: ".$uname."\n";
 echo "EXPIRES: ".$uexpirydate."\n";

 // Check if the user is expired - function of auth_addon.inc
 if ( isAccountExpired($uname) ) {
  echo "EXPIRED: YES \n";

  // Delete user locally - function of auth.inc
  local_user_del($config['system']['user'][$check_id]);

  // Delete user in config - function of auth.inc
  unset($config['system']['user'][$check_id]);
  echo "USER DELETED! \n";

 } else {
  // User isn't expired or has no expirydate set
  echo "EXPIRED: NO \n";
 }
 echo "### \n";

 // Next ID
 $check_id = $check_id - 1;
}

// Write the new config
write_config();

?>