Scripting and using auth.inc functions
-
I want to create a script that looks for expired users and deletes them automatically. I stumbled over the function is_account_expired($username) . But somehow it's not working when I try it in the php-Shell. I followed the problem back to the function getUserEntry($username) and somehow the returned array is always empty. Is the result even an array or did I completely understand something wrong?
What am I doing wrong?
pfSense shell: require_once("auth.inc"); pfSense shell: $user = getUserEntry(blubtest); <- I tried it with " or ', there is just no result pfSense shell: print_r($user); pfSense shell: exec pfSense shell:
-
$name = "user.name"; $user = getUserEntry($name); var_dump($user);
This returns me an array with lots of user details when I put a valid user name string in "user.name".
-
Really strange. It's not working here, I always get result NULL even if I search for the user admin.
I now tried a workaround that seems to be working. I took the needed functions, altered them and saved them as auth_addon.inc in /etc/inc so I later can include them in my script.
function & getUserEntryByName($name) { global $debug, $config; $userindex_ff = index_users(); if (isset($userindex_ff[$name])) return $config['system']['user'][$userindex_ff[$name]]; } function getUserExpirationDate($username) { $user = getUserEntryByName($username); if ($user['expires']) return $user['expires']; } function isAccountExpired($username) { $expirydate = getUserExpirationDate($username); if ($expirydate) { if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($expirydate)))) return true; } return false; } ?>
Normally $userindex in the getUserEntry-function is a global variable but somehow it's not set. My PHP-Skills are not very good but as I understand, it's definitely defined in auth.inc on linenumber 196.
So I changed that in "my" getUserEntryByName-function and now I have the features I need.Anyway it really would interest me what I am doing wrong on my pfSense - I also tried the commands on a nearly fresh installed pfSense with the same result - NULL. It's the 2.1 version.
-
I have finished my script for the autoremoval of expired users and it seems to work :)
I created the file delete_expired_users.php in /usr/local/bin and set the needed permission (chmod 755) and added a cronjob running once a day, the auth_addon.inc from above is placed in /etc/incUse at your own risk!
#!/usr/local/bin/php -f require_once("auth.inc"); require_once("auth_addon.inc"); // How many users are there? $id = count($config['system']['user']); // We must begin our search for expired users with the last useable ID // Else strange things happen to the config.xml :) $check_id = $id - 1; // Check all found users except ID 0 - it's the admin, no need to check him while ($check_id != 0) { // Get the username $uname = $config['system']['user'][$check_id]['name']; // Get the user's expirydate $uexpirydate = $config['system']['user'][$check_id]['expires']; echo "USER: ".$uname."\n"; echo "EXPIRES: ".$uexpirydate."\n"; // Check if the user is expired - function of auth_addon.inc if ( isAccountExpired($uname) ) { echo "EXPIRED: YES \n"; // Delete user locally - function of auth.inc local_user_del($config['system']['user'][$check_id]); // Delete user in config - function of auth.inc unset($config['system']['user'][$check_id]); echo "USER DELETED! \n"; } else { // User isn't expired or has no expirydate set echo "EXPIRED: NO \n"; } echo "### \n"; // Next ID $check_id = $check_id - 1; } // Write the new config write_config(); ?>